> ------------------------------
>
> Message: 3
> Date: Mon, 16 Nov 2009 10:03:22 +0000
> From: Alan Buxey <[email protected]>
> Subject: Re: Problems to do an SSID based authentication
> To: FreeRadius users mailing list
> <[email protected]>
> Message-ID: <[email protected]>
> Content-Type: text/plain; charset=us-ascii
>
> Hi,
>
> > I am trying to do an SSID based authentication per user.
> > What I mean is that i try in the users.conf file to check for which SSID
> > the users is trying to use to login and if it is wrong it shall do an
> > reject for that user.
> >
> > The problem is that i dont succeed with this so I thought it does not hurt
> > to ask the ones who knows.
> > My users.conf file looks like this:
>
> > Peter Cleartext-Password := "kaffe" , Called-Station-Id ==
> > "04-0B-6B-33-62-35:raket"
> > Jens Cleartext-Password := "kaffe" , Called-Station-Id ==
> > "02-0B-6B-33-62-35:3"
>
> so Peter can only connect from 04-0B-6B-33-62-35:raket and
> Jens can only get on from 02-0B-6B-33-62-35:3 ?
>
> okay - where is your log from 'radiusd -X' ?
>
> alan
>
>
Hi Alan!
The logs from my radius -X is following:
rad_recv: Access-Request packet from host 192.168.118.10 port 42531, id=97,
length=194
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "Jens"
Acct-Session-Id = "82200128"
Acct-Multi-Session-Id =
"02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"
Calling-Station-Id = "00-26-BB-14-50-CF"
Called-Station-Id = "02-0B-6B-33-62-35:3"
EAP-Message = 0x02020009014a656e73
Message-Authenticator = 0x12ec684d2cb511be9cf431ceeae1a5c8
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.118.10
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "Jens", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry Jens at line 92
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 97 to 192.168.118.10 port 42531
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb5e02fd1b5e336db4711a92c3e7dc829
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.118.10 port 46429, id=98,
length=316
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "Jens"
State = 0xb5e02fd1b5e336db4711a92c3e7dc829
Acct-Session-Id = "82200128"
Acct-Multi-Session-Id =
"02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"
Calling-Station-Id = "00-26-BB-14-50-CF"
Called-Station-Id = "02-0B-6B-33-62-35:3"
EAP-Message =
0x0203007119800000006716030100620100005e03014b01325d9b7522753ffde3bdcb960b88f167535ca9ec96ffa88e3f5577fc7b4c000018002f00350005000ac013c014c009c00a00320038001300040100001d0000000900070000046a656e73000a0006000400170018000b00020100
Message-Authenticator = 0xbb5e04e25bd1a69911623d1fa6fc555e
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.118.10
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "Jens", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 113
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 103
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0062], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 085e], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 98 to 192.168.118.10 port 46429
EAP-Message =
0x0104040019c00000089b160301002a0200002603014b013261232f65081c0647ecdd136d4ba6d37a900ca54c63b1b42d0f9f08ec7a00002f00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
EAP-Message =
0x301e170d3039313131313133323535335a170d3130313131313133323535335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d5187e7bc255b26ddc283d48c5dcada8d45ed681856a7f9964de908c976390f87aae337b8f13cb67c519e95fbc0236cb71ce6cf1a0053a679a2fae47334b
EAP-Message =
0xea63f5d29523c2f790377a0f7cb808d1074d9dfd6eb6edb07b4244089b2c50ffb516d69ad94a252aa72af8fa371165337209dd7a5bc0701ca910f54d0de7e8cf202bae28ebdf3b68682b2f1de412b1b59152b1b747187c9a2d97fcea02d853f59e0c311bc87629914ce11a408218ff0cf921a48bc972da546c99ebf0a566e3604700c2315631113c160eb770f7632f47ccec74feefeede6352656ad5c918b7ea13eb6f6e11fbe331be19d787a2f5e9b2a1cea1a353190c6b3736a45051e2be8bb0910203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010029d7cb5c38650e56d0
EAP-Message =
0xe1db3d87bb0b9a1a034fd23fdc928795988fae1c3b2d262a84fa06284b4a506ba315d584b6a6eed742d6e3e92f2df7194fa8b1c5f53a5d2f18f595eab97e219a024b5753a6ea48eabe8106c5c28ffb2b124c02bd19f56771f35014de4569e7f720951ded3033591943c853049bb4a245cef1270593e844e6e0a4d442023fa1cb17874b4f734963a6eece8ca51d5d253e539027eb5ef96eecb0c4d6163045767728dac1a444712e50bdba71ab058c09b35fbade6d3d30c779acfccca0e260cde86d2d15c4bffe47584863ad94965d3584805bce24d9228198b5c78b761fd3d6b89b25a2430c731ee485840ecbac95171a03f2b0d77346c40004ab308204
EAP-Message = 0xa73082038fa0030201020209
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb5e02fd1b4e436db4711a92c3e7dc829
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.118.10 port 41440, id=99,
length=209
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "Jens"
State = 0xb5e02fd1b4e436db4711a92c3e7dc829
Acct-Session-Id = "82200128"
Acct-Multi-Session-Id =
"02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"
Calling-Station-Id = "00-26-BB-14-50-CF"
Called-Station-Id = "02-0B-6B-33-62-35:3"
EAP-Message = 0x020400061900
Message-Authenticator = 0xc16a7984a9f721ee6d94d31f7659a249
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.118.10
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "Jens", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 99 to 192.168.118.10 port 41440
EAP-Message =
0x010503fc194000a95ceefb4e6190af300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039313131313133323535335a170d3130313131313133323535335a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504
EAP-Message =
0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100a5e320972e46e5b85513eac3a27f6505180668b395d4ffdebbe5458f615bb40d7ee9ae7c614be07ef57a43ec1127f128b45d58221b60d1838612c614bb26c99fdbb8c08c2cc4ecaae11df4f657241eb6b8e7a8d0317d7e00f45f2f5bc50ce9e835d3b61101a0fbe8c989d012bf8d7b
EAP-Message =
0x8cf31f35ca2bdc11512934f57fb4a9eb7e95b35e47b609b98a818fdeb8df415bd2574b9a907497521a446fd14969b20de542ae7abc809b56cf0e927b54b2a5519708125a38067897ffa35428799384416cb9028c0e777c6268009f696e67f2c747f9a7c09ef0cb3873ce6e22b148d43f0ad28018311d625f85820115d75358d0c7f79c534fff1552d8cde0e514b9b7554b0203010001a381fb3081f8301d0603551d0e041604148a192d95e8fb6f6ba1f6554ccf4e2bd534ff14143081c80603551d230481c03081bd80148a192d95e8fb6f6ba1f6554ccf4e2bd534ff1414a18199a48196308193310b3009060355040613024652310f300d06035504
EAP-Message =
0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900a95ceefb4e6190af300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100a3ccd6974415ace1b6b6cce8b3c02dde0d00a6aee049f97c5a5e460849a40ef10e697d8a27e1b7c4bbe6122d145c9a7202d059a831c1563e973e76edb22c927d276199b16bba81a5a8301119debfc3957d9d
EAP-Message = 0xba5e475db5bc4553
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb5e02fd1b7e536db4711a92c3e7dc829
Finished request 3.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.118.10 port 40388, id=100,
length=209
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "Jens"
State = 0xb5e02fd1b7e536db4711a92c3e7dc829
Acct-Session-Id = "82200128"
Acct-Multi-Session-Id =
"02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"
Calling-Station-Id = "00-26-BB-14-50-CF"
Called-Station-Id = "02-0B-6B-33-62-35:3"
EAP-Message = 0x020500061900
Message-Authenticator = 0xde1528468a95c4082d87b885c07692c0
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.118.10
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "Jens", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 100 to 192.168.118.10 port 40388
EAP-Message =
0x010600b519003ed1cdfb8ce78c8b13e8c9d49553950dba115cafd7a3d3b93b0811bcc48f642f85e57b50ef7e8b45884e991ed7d0c7c69974877b6a931e94e2b1c18241af3f56e898cdb6bf5694cf634aaed5728ab48884f93efe217772425cb71b9be6cf27aaea718f270d33593165e215533f99daf1e5a542c9052a6ecb35ccfcdd4a4c02d7d8d6d2baa96840f6498c506d054bd3023a6c1f719d133364e1eeea225c9724dc6dba0de411f816030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb5e02fd1b6e636db4711a92c3e7dc829
Finished request 4.
Going to the next request
Waking up in 4.4 seconds.
rad_recv: Access-Request packet from host 192.168.118.10 port 49250, id=101,
length=541
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "Jens"
State = 0xb5e02fd1b6e636db4711a92c3e7dc829
Acct-Session-Id = "82200128"
Acct-Multi-Session-Id =
"02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"
Calling-Station-Id = "00-26-BB-14-50-CF"
Called-Station-Id = "02-0B-6B-33-62-35:3"
EAP-Message =
0x02060150198000000146160301010610000102010010da40c2277f97a716be9418364b5d036b2a1a438427372a3179fcb8f45d4f59e8f81cc24e5c03785cdd6e7e33b9472c294099bb429c2c07045b19bbff7ae2743f3ed3fa2a34a011e574d64f397990cc9cb3e308d556f4120545fd635471309e8f45b67549279c41e73bb92e817d67172a6b15b0c8da5118469fa5bcd4539916582b4dd8e678da06deeddf6bcede7de238449c9601f1efce3f23e9534c68e2a897d705e32f388f7ea3412ab5b90e85c6b508d2f04eb257e22b5c39f7fafef009a921184fbf1193c173fcb3c656cc93ee6f668c60f2fedb92897e0d558f49d8d656c76acd0a28a5a9
EAP-Message =
0x7a95a196ccf65f220a7130f1a338a8509b848359491e67d11403010001011603010030c85bc66fdd1fc7aef16588704d5a25cdca879ac3585be0e73d728e1aa18bb4cb2b6a5f030a417088af50b29ab56d3fc5
Message-Authenticator = 0xc3a9938ec998ab0398c5709115ad2bdf
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.118.10
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "Jens", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 101 to 192.168.118.10 port 49250
EAP-Message =
0x0107004119001403010001011603010030f5dceab2b5b355a2312fe20092d891872280be1ba05a477e51657ccadb327d91249380718ec8a006eb278245f449ed2d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb5e02fd1b1e736db4711a92c3e7dc829
Finished request 5.
Going to the next request
Waking up in 4.3 seconds.
rad_recv: Access-Request packet from host 192.168.118.10 port 41427, id=102,
length=209
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "Jens"
State = 0xb5e02fd1b1e736db4711a92c3e7dc829
Acct-Session-Id = "82200128"
Acct-Multi-Session-Id =
"02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"
Calling-Station-Id = "00-26-BB-14-50-CF"
Called-Station-Id = "02-0B-6B-33-62-35:3"
EAP-Message = 0x020700061900
Message-Authenticator = 0x77f82d817673e2f1d72bdf70771fe83d
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.118.10
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "Jens", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 102 to 192.168.118.10 port 41427
EAP-Message =
0x0108002b1900170301002006e1b5d62349a17609d76b94114fff9f2c956820f402a63434ebe33c0ab23254
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb5e02fd1b0e836db4711a92c3e7dc829
Finished request 6.
Going to the next request
Waking up in 4.2 seconds.
rad_recv: Access-Request packet from host 192.168.118.10 port 46562, id=103,
length=246
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "Jens"
State = 0xb5e02fd1b0e836db4711a92c3e7dc829
Acct-Session-Id = "82200128"
Acct-Multi-Session-Id =
"02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"
Calling-Station-Id = "00-26-BB-14-50-CF"
Called-Station-Id = "02-0B-6B-33-62-35:3"
EAP-Message =
0x0208002b19001703010020cbfe496129842adde6abe7771cdf82d089fab1b8692359688c355d1abd7fe18d
Message-Authenticator = 0x51bd0d083ea0991de4ba0666c3bf3f7d
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.118.10
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "Jens", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - Jens
[peap] Got tunneled request
EAP-Message = 0x02080009014a656e73
server {
PEAP: Got tunneled identity of Jens
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to Jens
Sending tunneled request
EAP-Message = 0x02080009014a656e73
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "Jens"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "Jens", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 222
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = Reject
Auth-Type = Reject, rejecting user
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
[peap] Got tunneled reply RADIUS code 3
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 103 to 192.168.118.10 port 46562
EAP-Message =
0x0109002b19001703010020f22961f4b8fc8ef302e9d02a6ff60318dc7009c8c6b95edda5d0b74179b60ba9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb5e02fd1b3e936db4711a92c3e7dc829
Finished request 7.
Going to the next request
Waking up in 4.1 seconds.
rad_recv: Access-Request packet from host 192.168.118.10 port 41030, id=104,
length=246
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "Jens"
State = 0xb5e02fd1b3e936db4711a92c3e7dc829
Acct-Session-Id = "82200128"
Acct-Multi-Session-Id =
"02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"
Calling-Station-Id = "00-26-BB-14-50-CF"
Called-Station-Id = "02-0B-6B-33-62-35:3"
EAP-Message =
0x0209002b1900170301002049d78ce8e977e9c3a54ef1cb5206e2f30a857981ca29de1d574ae788718f8397
Message-Authenticator = 0x10d7ce191f17a6482ce049589e279cd0
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.118.10
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "Jens", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> Jens
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 8 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.118.10 port 41030, id=104,
length=246
Waiting to send Access-Reject to client 192.168.118.0/24 port 41030 - ID: 104
Waking up in 0.6 seconds.
rad_recv: Access-Request packet from host 192.168.118.10 port 41030, id=104,
length=246
Waiting to send Access-Reject to client 192.168.118.0/24 port 41030 - ID: 104
Waking up in 0.3 seconds.
Sending delayed reject for request 8
Sending Access-Reject of id 104 to 192.168.118.10 port 41030
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.0 seconds.
Cleaning up request 1 ID 97 with timestamp +46
Cleaning up request 2 ID 98 with timestamp +46
Waking up in 0.1 seconds.
Cleaning up request 3 ID 99 with timestamp +46
Waking up in 0.2 seconds.
Cleaning up request 4 ID 100 with timestamp +47
Waking up in 0.1 seconds.
Cleaning up request 5 ID 101 with timestamp +47
Waking up in 0.1 seconds.
Cleaning up request 6 ID 102 with timestamp +47
Cleaning up request 7 ID 103 with timestamp +47
Waking up in 1.0 seconds.
To be able to get the log from start I had to stop the radius server while the
windows machine tried to do to a authorization a second time since it does it
three times before it accepts the fact it can't authorize.
Best regards/ Peter
> ------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
> End of Freeradius-Users Digest, Vol 55, Issue 68
> ************************************************
_________________________________________________________________
Windows Live: Keep your friends up to date with what you do online.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
