Hi experts,
I'm getting really frustrated on this... I had the server rebuilt with
REHL 5 and FreeRadius2.1.7. It was running REHL 4 with FreeRadius2.1.6.
It looks like the server will send the last "challenge" and the client
won't reply anymore... The ntlm_auth part should be working right
because when I do "radtest 'gtcorp\\dzhao' <password> localhost 0
test123" it works fine...
Sending Access-Request of id 119 to 127.0.0.1 port 1812
User-Name = "gtcorp\\dzhao"
User-Password = "<password>"
NAS-IP-Address = 10.26.105.105
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=119,
length=41
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "3"
Tunnel-Preference:0 = 0
However it's not working when I have a laptop plugged in doing
PEAP/802.1x with the same user account... The debug output is attached.
Please help!! Thanks!!!
Difan Zhao, M.Eng
Network Engineer
Guest-Tek Interactive Entertainment Inc.
Email: [email protected]
Office: +1 (403) 509 1010 ext 3048
Cell: +1 (403) 689 7514
www.guest-tek.com
INTERNET | MEDIA | VOICE
The contents of this email are confidential and intended for the
recipient only. If you have received this email in error, please notify
us, and destroy all copies.
<<image001.jpg>>
<<image002.jpg>>
rad_recv: Access-Request packet from host 207.230.255.43 port 1645, id=125,
length=158
User-Name = "GTCORP\\dzhao"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "EC-30-91-AD-28-82"
Calling-Station-Id = "00-11-43-FE-80-19"
EAP-Message = 0x02010011014754434f52505c647a68616f
Message-Authenticator = 0x2ed3d2e16385e7d5226183633663f17c
NAS-Port-Type = Ethernet
NAS-Port = 50002
NAS-Port-Id = "FastEthernet0/2"
NAS-IP-Address = 172.17.254.60
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "GTCORP\dzhao", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 17
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
[sql] expand: %{User-Name} -> GTCORP\dzhao
[sql] sql_set_user escaped user --> 'GTCORP\dzhao'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id ->
SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'GTCORP=5Cdzhao' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id ->
SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'GTCORP=5Cdzhao' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname
FROM radusergroup WHERE username = 'GTCORP=5Cdzhao'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may
fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 125 to 207.230.255.43 port 1645
Tunnel-Type:0 := VLAN
Tunnel-Medium-Type:0 := IEEE-802
Tunnel-Private-Group-Id:0 := "3"
Tunnel-Preference:0 := 0
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc5d7c069c5d5d925bfc9a54021651b76
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 207.230.255.43 port 1645, id=126,
length=246
User-Name = "GTCORP\\dzhao"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "EC-30-91-AD-28-82"
Calling-Station-Id = "00-11-43-FE-80-19"
EAP-Message =
0x0202005719800000004d16030100480100004403014c8aa8c3bb5003761e89606041e23e7cdc1ae7d698dcd04f60a27241ada1d2c500001600040005000a0009006400620003000600130012006301000005ff01000100
Message-Authenticator = 0xdbc118e3fce352d35a250a534014091f
NAS-Port-Type = Ethernet
NAS-Port = 50002
NAS-Port-Id = "FastEthernet0/2"
State = 0xc5d7c069c5d5d925bfc9a54021651b76
NAS-IP-Address = 172.17.254.60
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "GTCORP\dzhao", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 87
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 77
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0048], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 05a9], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 126 to 207.230.255.43 port 1645
EAP-Message =
0x0103040019c0000005ed16030100310200002d03014c8aa855ae3332d0a28bb3e910957f6916cafb4a70a9ff4248529167a74688b4000004000005ff0100010016030105a90b0005a50005a200028730820283308201eca003020102020101300d06092a864886f70d010105050030818f310b30090603550406130243413110300e06035504081307416c626572746131123010060355040a130947756573742d74656b311c301a060355040b0c134e6574776f726b5f456e67696e656572696e673113301106035504030c0a47544b5f5261646975733127302506092a864886f70d0109011618646966616e2e7a68616f4067756573742d74656b2e
EAP-Message =
0x636f6d301e170d3130303930393139313231335a170d3131303930393139313231335a3066310b30090603550406130243413110300e06035504081307416c626572746131123010060355040a130947756573742d74656b311c301a060355040b0c134e6574776f726b5f456e67696e656572696e673113301106035504030c0a47544b5f52616469757330819f300d06092a864886f70d010101050003818d0030818902818100d9ec68a5e9fdb9db51d7a95cf388e397f5fd47df8f81e81d746da7022861d3e9a154f79317c0a0850786e369845b0c9bfa145c7cdff1f517736df18902ded7bb26631be053469c93bb38c90ae424db49a5ef2cb7f4
EAP-Message =
0x222727d0e171f050f800770841aa59b75e03ad7b6347c68f12ebe8c30aaff53b56545a5f4e8a115944cf5d0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010505000381810007ec54937b7de53cc833c748c542980d02b511b69d4672715125d48f8678ced5bd0b00f6f987b5776b3aa28132c73073e9d80426ca282f346a026dbcd2b48a94bed0965a5e42d95f90ae17a137cd7eb7b4d01dd0b089692045e46d8741804c412a417525bb5a04bd61f890399f4c8edeb928b28bd8e13d43fd1312cb3eb2deea000315308203113082027aa003020102020100300d06092a864886f70d01010505
EAP-Message =
0x0030818f310b30090603550406130243413110300e06035504081307416c626572746131123010060355040a130947756573742d74656b311c301a060355040b0c134e6574776f726b5f456e67696e656572696e673113301106035504030c0a47544b5f5261646975733127302506092a864886f70d0109011618646966616e2e7a68616f4067756573742d74656b2e636f6d301e170d3130303930393138353531335a170d3133303930383138353531335a30818f310b30090603550406130243413110300e06035504081307416c626572746131123010060355040a130947756573742d74656b311c301a060355040b0c134e6574776f726b5f45
EAP-Message = 0x6e67696e656572696e673113
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc5d7c069c4d4d925bfc9a54021651b76
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 207.230.255.43 port 1645, id=127,
length=165
User-Name = "GTCORP\\dzhao"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "EC-30-91-AD-28-82"
Calling-Station-Id = "00-11-43-FE-80-19"
EAP-Message = 0x020300061900
Message-Authenticator = 0xe86cf0a14287e82d9afc1fccc6353ca0
NAS-Port-Type = Ethernet
NAS-Port = 50002
NAS-Port-Id = "FastEthernet0/2"
State = 0xc5d7c069c4d4d925bfc9a54021651b76
NAS-IP-Address = 172.17.254.60
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "GTCORP\dzhao", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 127 to 207.230.255.43 port 1645
EAP-Message =
0x010401fd1900301106035504030c0a47544b5f5261646975733127302506092a864886f70d0109011618646966616e2e7a68616f4067756573742d74656b2e636f6d30819f300d06092a864886f70d010101050003818d00308189028181009f1ea17757b157a64e940ce6dea649e05cccda683d39dbe72c431a8a956b4643e934f3485a2181ef8e039c26f6588efb493e18386b766a1509a24d1763f769fe62ebcab959aca1be099e4a9fe2630dd1c00368aacbb6108ccf85ceda5d0312c4a7c2668cbd9aa7a76d7d5ca6045030d668998f522393cca1ff83ebe64a97764d0203010001a37b307930090603551d1304023000302c06096086480186f8
EAP-Message =
0x42010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e04160414a635b43f0bc0dc2d60e8fcd2d741acaa48cf9d46301f0603551d23041830168014a635b43f0bc0dc2d60e8fcd2d741acaa48cf9d46300d06092a864886f70d0101050500038181002cab32daa8379f6fa6bb750ff2cd371a621f73e4a83c123d72794a3b824f0ee2245ae88c28c8382ef9688801b13cd606412d9ee084776a9107d4ba990b121ee83f1280face592649e495303f9c0f5acde8e6ff02c7a27777eb1de9e24f9ae2a30126a5c65ddd9904c121f052e61214a2cb06ef6e36a9cd044afef1761414165b16030100040e
EAP-Message = 0x000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc5d7c069c7d3d925bfc9a54021651b76
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 207.230.255.43 port 1645, id=128,
length=351
User-Name = "GTCORP\\dzhao"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "EC-30-91-AD-28-82"
Calling-Station-Id = "00-11-43-FE-80-19"
EAP-Message =
0x020400c01980000000b61603010086100000820080acbf3ab25cd4405e58768e0bfb7d042e5d6fc9504dc65951240bd19c10944c2b0467c1c291cb82ecdf9482df400538c635058ec2dbd95963c7eb4245aba9a8b7030c29d72c4b7bf0c5dfc897bd56c619735cc2c56507fbe8e83e57ef2b56b258bf0def62ec85ede347ab76fd3e0f37cea70d0ac6a76cbaa53c9ec89dcc7bc9a7140301000101160301002063175e5c13d4c070784e7b6971343277835c2eeeb13d792dbd963c2971b01c1a
Message-Authenticator = 0x0c2a127af5f39dfdf12067f6a29c54b8
NAS-Port-Type = Ethernet
NAS-Port = 50002
NAS-Port-Id = "FastEthernet0/2"
State = 0xc5d7c069c7d3d925bfc9a54021651b76
NAS-IP-Address = 172.17.254.60
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "GTCORP\dzhao", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 192
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 182
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 128 to 207.230.255.43 port 1645
EAP-Message =
0x0105003119001403010001011603010020ed08b451d33b062eaa0f4138c46b4184bcf861918920c3ff9dbd52becf855eab
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc5d7c069c6d2d925bfc9a54021651b76
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 207.230.255.43 port 1645, id=129,
length=165
User-Name = "GTCORP\\dzhao"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "EC-30-91-AD-28-82"
Calling-Station-Id = "00-11-43-FE-80-19"
EAP-Message = 0x020500061900
Message-Authenticator = 0x8af3df1074ea7222fcc8ca154e6149e7
NAS-Port-Type = Ethernet
NAS-Port = 50002
NAS-Port-Id = "FastEthernet0/2"
State = 0xc5d7c069c6d2d925bfc9a54021651b76
NAS-IP-Address = 172.17.254.60
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "GTCORP\dzhao", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 129 to 207.230.255.43 port 1645
EAP-Message =
0x010600201900170301001586151898fc619e37133fa5524113f315b9909231f3
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc5d7c069c1d1d925bfc9a54021651b76
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 207.230.255.43 port 1645, id=130,
length=199
User-Name = "GTCORP\\dzhao"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "EC-30-91-AD-28-82"
Calling-Station-Id = "00-11-43-FE-80-19"
EAP-Message =
0x020600281900170301001dd82409d045e32890644aa130af428082c229291c73b6dc7ebbc4979c56
Message-Authenticator = 0x0a3a374b89550d7e263b455d3a83dadc
NAS-Port-Type = Ethernet
NAS-Port = 50002
NAS-Port-Id = "FastEthernet0/2"
State = 0xc5d7c069c1d1d925bfc9a54021651b76
NAS-IP-Address = 172.17.254.60
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "GTCORP\dzhao", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 40
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - GTCORP\dzhao
[peap] Got tunneled request
EAP-Message = 0x02060011014754434f52505c647a68616f
server {
PEAP: Got tunneled identity of GTCORP\dzhao
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to GTCORP\dzhao
Sending tunneled request
EAP-Message = 0x02060011014754434f52505c647a68616f
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "GTCORP\\dzhao"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "GTCORP\dzhao", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 6 length 17
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} -> GTCORP\dzhao
[sql] sql_set_user escaped user --> 'GTCORP\dzhao'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id ->
SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'GTCORP=5Cdzhao' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id ->
SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'GTCORP=5Cdzhao' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname
FROM radusergroup WHERE username = 'GTCORP=5Cdzhao'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
Tunnel-Type:0 := VLAN
Tunnel-Medium-Type:0 := IEEE-802
Tunnel-Private-Group-Id:0 := "3"
Tunnel-Preference:0 := 0
EAP-Message =
0x010700261a0107002110259601ce9c1b153e5746871afe79ded94754434f52505c647a68616f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x983c80d5983b9aa7da9c1891755af34d
[peap] Got tunneled reply RADIUS code 11
Tunnel-Type:0 := VLAN
Tunnel-Medium-Type:0 := IEEE-802
Tunnel-Private-Group-Id:0 := "3"
Tunnel-Preference:0 := 0
EAP-Message =
0x010700261a0107002110259601ce9c1b153e5746871afe79ded94754434f52505c647a68616f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x983c80d5983b9aa7da9c1891755af34d
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 130 to 207.230.255.43 port 1645
EAP-Message =
0x0107003d190017030100324d7490ba5edc60d0484f4fbd74796615cdb64c1da05fa54d00f6e5ce5fc06a84e8a63158c1623f6bcaa5179d9cf203c213b4
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc5d7c069c0d0d925bfc9a54021651b76
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 207.230.255.43 port 1645, id=131,
length=253
User-Name = "GTCORP\\dzhao"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "EC-30-91-AD-28-82"
Calling-Station-Id = "00-11-43-FE-80-19"
EAP-Message =
0x0207005e19001703010053f3ff1815950256ebc46baae1f37834aabcb5e283ce933a84a1f3a020b4a6a0db3e6e175f971544d6be83ca3319ef6a63831cb1e188cfc151c68ff329c312de316a5fec33dffb937ecc3f4939d2a558bbb8253f
Message-Authenticator = 0xf4013e56d196f77ec1b34a86b46086d4
NAS-Port-Type = Ethernet
NAS-Port = 50002
NAS-Port-Id = "FastEthernet0/2"
State = 0xc5d7c069c0d0d925bfc9a54021651b76
NAS-IP-Address = 172.17.254.60
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "GTCORP\dzhao", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 94
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x020700471a020700423127e39126e0fcfcdd6a6a6407712ec0d70000000000000000670633ecd838186ac41ed9b2d1ab0892367adc9ff6138ae6004754434f52505c647a68616f
server {
PEAP: Setting User-Name to GTCORP\dzhao
Sending tunneled request
EAP-Message =
0x020700471a020700423127e39126e0fcfcdd6a6a6407712ec0d70000000000000000670633ecd838186ac41ed9b2d1ab0892367adc9ff6138ae6004754434f52505c647a68616f
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "GTCORP\\dzhao"
State = 0x983c80d5983b9aa7da9c1891755af34d
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "GTCORP\dzhao", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 7 length 71
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} -> GTCORP\dzhao
[sql] sql_set_user escaped user --> 'GTCORP\dzhao'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id ->
SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'GTCORP=5Cdzhao' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id ->
SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'GTCORP=5Cdzhao' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname
FROM radusergroup WHERE username = 'GTCORP=5Cdzhao'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for dzhao with NT-Password
[mschap] expand: --domain=%{mschap:NT-Domain} -> --domain=GTCORP
[mschap] expand: --username=%{mschap:User-Name} -> --username=dzhao
[mschap] mschap2: 25
[mschap] expand: --challenge=%{mschap:Challenge:-00} ->
--challenge=dbbf328ee17a89cd
[mschap] expand: --nt-response=%{mschap:NT-Response:-00} ->
--nt-response=670633ecd838186ac41ed9b2d1ab0892367adc9ff6138ae6
Exec-Program output: NT_KEY: 02B2BD96DDD6E534622928F2A97A80FA
Exec-Program-Wait: plaintext: NT_KEY: 02B2BD96DDD6E534622928F2A97A80FA
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
Tunnel-Type:0 := VLAN
Tunnel-Medium-Type:0 := IEEE-802
Tunnel-Private-Group-Id:0 := "3"
Tunnel-Preference:0 := 0
EAP-Message =
0x010800331a0307002e533d46433739423541424130363446453135384430453633463232444545413946394341334637383534
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x983c80d599349aa7da9c1891755af34d
[peap] Got tunneled reply RADIUS code 11
Tunnel-Type:0 := VLAN
Tunnel-Medium-Type:0 := IEEE-802
Tunnel-Private-Group-Id:0 := "3"
Tunnel-Preference:0 := 0
EAP-Message =
0x010800331a0307002e533d46433739423541424130363446453135384430453633463232444545413946394341334637383534
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x983c80d599349aa7da9c1891755af34d
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 131 to 207.230.255.43 port 1645
EAP-Message =
0x0108004a1900170301003f571ba5ed89409188fc534651414fad4f14b96fedecf1b633412f8c2311905c53130db2aefe1dd1751559546fb46e31010550f256dc87a90dde3346c925147d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc5d7c069c3dfd925bfc9a54021651b76
Finished request 6.
Going to the next request
Waking up in 4.8 seconds.
Cleaning up request 0 ID 125 with timestamp +13
Cleaning up request 1 ID 126 with timestamp +13
Cleaning up request 2 ID 127 with timestamp +13
Cleaning up request 3 ID 128 with timestamp +13
Cleaning up request 4 ID 129 with timestamp +13
Cleaning up request 5 ID 130 with timestamp +13
Cleaning up request 6 ID 131 with timestamp +13
Ready to process requests.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
