Hi all,
I need your help to fix a problem in an AD configuration with Freeradius
My platform : Freeradius + samba + AD ( windows 2003).
The PB : unable to authenticate AD users
This the debug of the authentication of an AD user on the server
Regards.
Yao Thierry Konou
AMR SERVICES
11 Rue du Petit Châtelier CS90346
44303 NANTES CEDEX 3
Tel : 02 28 44 19 80 - Fax : 02 28 44 53 88
Site: http://www.amr-services.fr<http://www.amr-services.fr/>
Mon Apr 11 14:24:39 2011 : Debug: (Loaded rlm_realm, checking if it's valid)
Mon Apr 11 14:24:39 2011 : Debug: Module: Linked to module rlm_realm
Mon Apr 11 14:24:39 2011 : Debug: Module: Instantiating suffix
Mon Apr 11 14:24:39 2011 : Debug: realm suffix {
Mon Apr 11 14:24:39 2011 : Debug: format = "suffix"
Mon Apr 11 14:24:39 2011 : Debug: delimiter = "@"
Mon Apr 11 14:24:39 2011 : Debug: ignore_default = no
Mon Apr 11 14:24:39 2011 : Debug: ignore_null = no
Mon Apr 11 14:24:39 2011 : Debug: }
Mon Apr 11 14:24:39 2011 : Debug: (Loaded rlm_files, checking if it's valid)
Mon Apr 11 14:24:39 2011 : Debug: Module: Linked to module rlm_files
Mon Apr 11 14:24:39 2011 : Debug: Module: Instantiating files
Mon Apr 11 14:24:39 2011 : Debug: files {
Mon Apr 11 14:24:39 2011 : Debug: usersfile = "/etc/freeradius/users"
Mon Apr 11 14:24:39 2011 : Debug: acctusersfile =
"/etc/freeradius/acct_users"
Mon Apr 11 14:24:39 2011 : Debug: preproxy_usersfile =
"/etc/freeradius/preproxy_users"
Mon Apr 11 14:24:39 2011 : Debug: compat = "no"
Mon Apr 11 14:24:39 2011 : Debug: }
Mon Apr 11 14:24:39 2011 : Debug: [/etc/freeradius/users]:103 WARNING! Changing
'Tunnel-Medium-Type =' to 'Tunnel-Medium-Type ==' for comparing RADIUS
attribute in check item list for user DEFAULT
Mon Apr 11 14:24:39 2011 : Debug: Module: Checking session {...} for more
modules to load
Mon Apr 11 14:24:39 2011 : Debug: (Loaded rlm_radutmp, checking if it's
valid)
Mon Apr 11 14:24:39 2011 : Debug: Module: Linked to module rlm_radutmp
Mon Apr 11 14:24:39 2011 : Debug: Module: Instantiating radutmp
Mon Apr 11 14:24:39 2011 : Debug: radutmp {
Mon Apr 11 14:24:39 2011 : Debug: filename = "/var/log/freeradius/radutmp"
Mon Apr 11 14:24:39 2011 : Debug: username = "%{User-Name}"
Mon Apr 11 14:24:39 2011 : Debug: case_sensitive = yes
Mon Apr 11 14:24:39 2011 : Debug: check_with_nas = yes
Mon Apr 11 14:24:39 2011 : Debug: perm = 384
Mon Apr 11 14:24:39 2011 : Debug: callerid = yes
Mon Apr 11 14:24:39 2011 : Debug: }
Mon Apr 11 14:24:39 2011 : Debug: Module: Checking post-proxy {...} for more
modules to load
Mon Apr 11 14:24:39 2011 : Debug: Module: Checking post-auth {...} for more
modules to load
Mon Apr 11 14:24:39 2011 : Debug: (Loaded rlm_attr_filter, checking if it's
valid)
Mon Apr 11 14:24:39 2011 : Debug: Module: Linked to module rlm_attr_filter
Mon Apr 11 14:24:39 2011 : Debug: Module: Instantiating
attr_filter.access_reject
Mon Apr 11 14:24:39 2011 : Debug: attr_filter attr_filter.access_reject {
Mon Apr 11 14:24:39 2011 : Debug: attrsfile =
"/etc/freeradius/attrs.access_reject"
Mon Apr 11 14:24:39 2011 : Debug: key = "%{User-Name}"
Mon Apr 11 14:24:39 2011 : Debug: }
Mon Apr 11 14:24:39 2011 : Debug: } # modules
Mon Apr 11 14:24:39 2011 : Debug: } # server
Mon Apr 11 14:24:39 2011 : Debug: server {
Mon Apr 11 14:24:39 2011 : Debug: modules {
Mon Apr 11 14:24:39 2011 : Debug: Module: Checking authenticate {...} for more
modules to load
Mon Apr 11 14:24:39 2011 : Debug: Module: Checking authorize {...} for more
modules to load
Mon Apr 11 14:24:39 2011 : Debug: (Loaded rlm_preprocess, checking if it's
valid)
Mon Apr 11 14:24:39 2011 : Debug: Module: Linked to module rlm_preprocess
Mon Apr 11 14:24:39 2011 : Debug: Module: Instantiating preprocess
Mon Apr 11 14:24:39 2011 : Debug: preprocess {
Mon Apr 11 14:24:39 2011 : Debug: huntgroups =
"/etc/freeradius/huntgroups"
Mon Apr 11 14:24:39 2011 : Debug: hints = "/etc/freeradius/hints"
Mon Apr 11 14:24:39 2011 : Debug: with_ascend_hack = no
Mon Apr 11 14:24:39 2011 : Debug: ascend_channels_per_line = 23
Mon Apr 11 14:24:39 2011 : Debug: with_ntdomain_hack = no
Mon Apr 11 14:24:39 2011 : Debug: with_specialix_jetstream_hack = no
Mon Apr 11 14:24:39 2011 : Debug: with_cisco_vsa_hack = no
Mon Apr 11 14:24:39 2011 : Debug: with_alvarion_vsa_hack = no
Mon Apr 11 14:24:39 2011 : Debug: }
Mon Apr 11 14:24:39 2011 : Debug: Module: Checking preacct {...} for more
modules to load
Mon Apr 11 14:24:39 2011 : Debug: (Loaded rlm_acct_unique, checking if it's
valid)
Mon Apr 11 14:24:39 2011 : Debug: Module: Linked to module rlm_acct_unique
Mon Apr 11 14:24:39 2011 : Debug: Module: Instantiating acct_unique
Mon Apr 11 14:24:39 2011 : Debug: acct_unique {
Mon Apr 11 14:24:39 2011 : Debug: key = "User-Name, Acct-Session-Id,
NAS-IP-Address, Client-IP-Address, NAS-Port"
Mon Apr 11 14:24:39 2011 : Debug: }
Mon Apr 11 14:24:39 2011 : Debug: Module: Checking accounting {...} for more
modules to load
Mon Apr 11 14:24:39 2011 : Debug: (Loaded rlm_detail, checking if it's
valid)
Mon Apr 11 14:24:39 2011 : Debug: Module: Linked to module rlm_detail
Mon Apr 11 14:24:39 2011 : Debug: Module: Instantiating detail
Mon Apr 11 14:24:39 2011 : Debug: detail {
Mon Apr 11 14:24:39 2011 : Debug: detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
Mon Apr 11 14:24:39 2011 : Debug: header = "%t"
Mon Apr 11 14:24:39 2011 : Debug: detailperm = 384
Mon Apr 11 14:24:39 2011 : Debug: dirperm = 493
Mon Apr 11 14:24:39 2011 : Debug: locking = no
Mon Apr 11 14:24:39 2011 : Debug: log_packet_header = no
Mon Apr 11 14:24:39 2011 : Debug: }
Mon Apr 11 14:24:39 2011 : Debug: Module: Instantiating
attr_filter.accounting_response
Mon Apr 11 14:24:39 2011 : Debug: attr_filter attr_filter.accounting_response
{
Mon Apr 11 14:24:39 2011 : Debug: attrsfile =
"/etc/freeradius/attrs.accounting_response"
Mon Apr 11 14:24:39 2011 : Debug: key = "%{User-Name}"
Mon Apr 11 14:24:39 2011 : Debug: }
Mon Apr 11 14:24:39 2011 : Debug: Module: Checking session {...} for more
modules to load
Mon Apr 11 14:24:39 2011 : Debug: Module: Checking post-proxy {...} for more
modules to load
Mon Apr 11 14:24:39 2011 : Debug: Module: Checking post-auth {...} for more
modules to load
Mon Apr 11 14:24:39 2011 : Debug: } # modules
Mon Apr 11 14:24:39 2011 : Debug: } # server
Mon Apr 11 14:24:39 2011 : Debug: radiusd: #### Opening IP addresses and Ports
####
Mon Apr 11 14:24:39 2011 : Debug: listen {
Mon Apr 11 14:24:39 2011 : Debug: type = "auth"
Mon Apr 11 14:24:39 2011 : Debug: ipaddr = *
Mon Apr 11 14:24:39 2011 : Debug: port = 0
Mon Apr 11 14:24:39 2011 : Debug: }
Mon Apr 11 14:24:39 2011 : Debug: listen {
Mon Apr 11 14:24:39 2011 : Debug: type = "acct"
Mon Apr 11 14:24:39 2011 : Debug: ipaddr = *
Mon Apr 11 14:24:39 2011 : Debug: port = 0
Mon Apr 11 14:24:39 2011 : Debug: }
Mon Apr 11 14:24:39 2011 : Debug: Listening on authentication address * port
1812
Mon Apr 11 14:24:39 2011 : Debug: Listening on accounting address * port 1813
Mon Apr 11 14:24:39 2011 : Debug: Listening on proxy address * port 1814
Mon Apr 11 14:24:39 2011 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.101 port 5001, id=238,
length=203
User-Name = "host/PC7.DEMO.LOCAL"
EAP-Message = 0x0202001801686f73742f5043372e44454d4f2e4c4f43414c
Message-Authenticator = 0xbb5094bb865c7ab43e623684de1233ac
NAS-IP-Address = 192.168.1.101
NAS-Identifier = "4001c6af0ec2"
NAS-Port = 16797699
NAS-Port-Id = "unit=1;subslot=0;port=5;vlanid=3"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-fc57-63b2"
3Com-Connect_Id = 35
3Com-Product-ID = "4500"
3Com-NAS-Startup-Timestamp = 954633315
Mon Apr 11 14:24:54 2011 : Info: +- entering group authorize {...}
Mon Apr 11 14:24:54 2011 : Info: ++[preprocess] returns ok
Mon Apr 11 14:24:54 2011 : Info: ++[chap] returns noop
Mon Apr 11 14:24:54 2011 : Info: ++[mschap] returns noop
Mon Apr 11 14:24:54 2011 : Info: [suffix] No '@' in User-Name =
"host/PC7.DEMO.LOCAL", looking up realm NULL
Mon Apr 11 14:24:54 2011 : Info: [suffix] No such realm "NULL"
Mon Apr 11 14:24:54 2011 : Info: ++[suffix] returns noop
Mon Apr 11 14:24:54 2011 : Info: [eap] EAP packet type response id 2 length 24
Mon Apr 11 14:24:54 2011 : Info: [eap] No EAP Start, assuming it's an on-going
EAP conversation
Mon Apr 11 14:24:54 2011 : Info: ++[eap] returns updated
Mon Apr 11 14:24:54 2011 : Info: ++[unix] returns notfound
Mon Apr 11 14:24:54 2011 : Info: [files] users: Matched entry DEFAULT at line 2
Mon Apr 11 14:24:54 2011 : Info: ++[files] returns ok
Mon Apr 11 14:24:54 2011 : Info: ++[expiration] returns noop
Mon Apr 11 14:24:54 2011 : Info: ++[logintime] returns noop
Mon Apr 11 14:24:54 2011 : Info: [pap] WARNING! No "known good" password found
for the user. Authentication may fail because of this.
Mon Apr 11 14:24:54 2011 : Info: ++[pap] returns noop
Mon Apr 11 14:24:54 2011 : Info: Found Auth-Type = EAP
Mon Apr 11 14:24:54 2011 : Info: +- entering group authenticate {...}
Mon Apr 11 14:24:54 2011 : Info: [eap] EAP Identity
Mon Apr 11 14:24:54 2011 : Info: [eap] processing type tls
Mon Apr 11 14:24:54 2011 : Info: [tls] Initiate
Mon Apr 11 14:24:54 2011 : Info: [tls] Start returned 1
Mon Apr 11 14:24:54 2011 : Info: ++[eap] returns handled
Sending Access-Challenge of id 238 to 192.168.1.101 port 5001
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9190512591934825dba584550909dd03
Mon Apr 11 14:24:54 2011 : Info: Finished request 0.
Mon Apr 11 14:24:54 2011 : Debug: Going to the next request
Mon Apr 11 14:24:54 2011 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.101 port 5001, id=239,
length=277
User-Name = "host/PC7.DEMO.LOCAL"
EAP-Message =
0x0203005019800000004616030100410100003d03014da2f30f1ffc334a0407da79ec53c227a591aaed1ea7d9bd37da4f4fc7dd9f8a00001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x060172dc94fe2ea0d8c980b2d910a6a1
NAS-IP-Address = 192.168.1.101
NAS-Identifier = "4001c6af0ec2"
NAS-Port = 16797699
NAS-Port-Id = "unit=1;subslot=0;port=5;vlanid=3"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-fc57-63b2"
State = 0x9190512591934825dba584550909dd03
3Com-Connect_Id = 35
3Com-Product-ID = "4500"
3Com-NAS-Startup-Timestamp = 954633315
Mon Apr 11 14:24:54 2011 : Info: +- entering group authorize {...}
Mon Apr 11 14:24:54 2011 : Info: ++[preprocess] returns ok
Mon Apr 11 14:24:54 2011 : Info: ++[chap] returns noop
Mon Apr 11 14:24:54 2011 : Info: ++[mschap] returns noop
Mon Apr 11 14:24:54 2011 : Info: [suffix] No '@' in User-Name =
"host/PC7.DEMO.LOCAL", looking up realm NULL
Mon Apr 11 14:24:54 2011 : Info: [suffix] No such realm "NULL"
Mon Apr 11 14:24:54 2011 : Info: ++[suffix] returns noop
Mon Apr 11 14:24:54 2011 : Info: [eap] EAP packet type response id 3 length 80
Mon Apr 11 14:24:54 2011 : Info: [eap] Continuing tunnel setup.
Mon Apr 11 14:24:54 2011 : Info: ++[eap] returns ok
Mon Apr 11 14:24:54 2011 : Info: Found Auth-Type = EAP
Mon Apr 11 14:24:54 2011 : Info: +- entering group authenticate {...}
Mon Apr 11 14:24:54 2011 : Info: [eap] Request found, released from the list
Mon Apr 11 14:24:54 2011 : Info: [eap] EAP/peap
Mon Apr 11 14:24:54 2011 : Info: [eap] processing type peap
Mon Apr 11 14:24:54 2011 : Info: [peap] processing EAP-TLS
Mon Apr 11 14:24:54 2011 : Debug: TLS Length 70
Mon Apr 11 14:24:54 2011 : Info: [peap] Length Included
Mon Apr 11 14:24:54 2011 : Info: [peap] eaptls_verify returned 11
Mon Apr 11 14:24:54 2011 : Info: [peap] (other): before/accept
initialization
Mon Apr 11 14:24:54 2011 : Info: [peap] TLS_accept: before/accept
initialization
Mon Apr 11 14:24:54 2011 : Info: [peap] <<< TLS 1.0 Handshake [length 0041],
ClientHello
Mon Apr 11 14:24:54 2011 : Info: [peap] TLS_accept: SSLv3 read client hello
A
Mon Apr 11 14:24:54 2011 : Info: [peap] >>> TLS 1.0 Handshake [length 002a],
ServerHello
Mon Apr 11 14:24:54 2011 : Info: [peap] TLS_accept: SSLv3 write server
hello A
Mon Apr 11 14:24:54 2011 : Info: [peap] >>> TLS 1.0 Handshake [length 0828],
Certificate
Mon Apr 11 14:24:54 2011 : Info: [peap] TLS_accept: SSLv3 write certificate
A
Mon Apr 11 14:24:54 2011 : Info: [peap] >>> TLS 1.0 Handshake [length 0004],
ServerHelloDone
Mon Apr 11 14:24:54 2011 : Info: [peap] TLS_accept: SSLv3 write server done
A
Mon Apr 11 14:24:54 2011 : Info: [peap] TLS_accept: SSLv3 flush data
Mon Apr 11 14:24:54 2011 : Info: [peap] TLS_accept: Need to read more data:
SSLv3 read client certificate A
Mon Apr 11 14:24:54 2011 : Debug: In SSL Handshake Phase
Mon Apr 11 14:24:54 2011 : Debug: In SSL Accept mode
Mon Apr 11 14:24:54 2011 : Info: [peap] eaptls_process returned 13
Mon Apr 11 14:24:54 2011 : Info: [peap] EAPTLS_HANDLED
Mon Apr 11 14:24:54 2011 : Info: ++[eap] returns handled
Sending Access-Challenge of id 239 to 192.168.1.101 port 5001
EAP-Message =
0x0104040019c000000865160301002a0200002603014da2f316487b0f767139123eca838684337428183dab66ebee89df4da8f804940000040016030108280b0008240008210003913082038d30820275a003020102020101300d06092a864886f70d0101040500308188310b3009060355040613024652310f300d060355040813064652414e4345310f300d060355040713064e414e54455331153013060355040a130c414d522d53455256494345533127302506092a864886f70d0109011618636f6e7461637440616d722d73657276696365732e636f6d311730150603550403130e736572766575722d726164697573301e170d31313033303131
EAP-Message =
0x30313833335a170d3132303232393130313833335a3072310b3009060355040613024652310f300d060355040813064652414e434531153013060355040a130c414d522d5345525649434553311630140603550403130d7365727665722d7261646975733123302106092a864886f70d0109011614636f6e7461637440616d722d736572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100ab90f6a3bbb644813d9b37ebf522eb45c85f53eb08eceead038f0962075f3040b1c2f62f4082d4ce7534be12a91e853867db5571589511755fa2f4b735c592d1c1198eb8b8c963a9138853f874bf1cfc8a796a
EAP-Message =
0x1aefcf7d52d448e28a00878f017090b9975955622e7be0239d4047a6aa4bb11b0ce26233880972b6440845ed2f63d336a8f7b5f6cf6ffc103206a3b028dd9b2a876bfddf6c9e1041253f261d0896c0e3f105def412626989430f9a15e0445ceee53434829f4774c77a48cb9a4bc75f216fbda95b351d193e2901869e03589880d262280000b16838b6901f462a163641d0643224bd1d6adbd7e559c28933a56f44736bd611155e6b86a5e279070203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100191f8cac85b78b28ab67b96c4c3eda06d2fe538d6d53299778ae548a83ab
EAP-Message =
0xda832cd14996f613a6cf20b28a2f3c9a0f3711cb6af0ac384c47fbceb72429bd2d5fe58fc9b3e9b1b31fc0240ba639cd725baa4025a19278af6f01c67274c88a355c404a5b71097d7a3da7f8060842f0b09999856423e557d6b3696941aec2911449b162c71dcfd52531c9646d44472a5b7cd3b93989b582ceeae0170a555ecdbc9b2cd043147897724ae84234eca9e433a4ac1d64ff6a79ba0ee07337cfc45c591ce398036762859462f547bdc99a7f39624764c33672dbb4b55550c302c55f70a23d1de2c159853f7889cc3f5df243fe4827b5dd6cb7b2e284fb0282c97226224700048a308204863082036ea003020102020900e94407b684a3d10a
EAP-Message = 0x300d06092a864886f70d0101
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9190512590944825dba584550909dd03
Mon Apr 11 14:24:54 2011 : Info: Finished request 1.
Mon Apr 11 14:24:54 2011 : Debug: Going to the next request
Mon Apr 11 14:24:54 2011 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.101 port 5001, id=240,
length=203
User-Name = "host/PC7.DEMO.LOCAL"
EAP-Message = 0x020400061900
Message-Authenticator = 0x91352e2a33106690a08ea995bacef487
NAS-IP-Address = 192.168.1.101
NAS-Identifier = "4001c6af0ec2"
NAS-Port = 16797699
NAS-Port-Id = "unit=1;subslot=0;port=5;vlanid=3"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-fc57-63b2"
State = 0x9190512590944825dba584550909dd03
3Com-Connect_Id = 35
3Com-Product-ID = "4500"
3Com-NAS-Startup-Timestamp = 954633315
Mon Apr 11 14:24:54 2011 : Info: +- entering group authorize {...}
Mon Apr 11 14:24:54 2011 : Info: ++[preprocess] returns ok
Mon Apr 11 14:24:54 2011 : Info: ++[chap] returns noop
Mon Apr 11 14:24:54 2011 : Info: ++[mschap] returns noop
Mon Apr 11 14:24:54 2011 : Info: [suffix] No '@' in User-Name =
"host/PC7.DEMO.LOCAL", looking up realm NULL
Mon Apr 11 14:24:54 2011 : Info: [suffix] No such realm "NULL"
Mon Apr 11 14:24:54 2011 : Info: ++[suffix] returns noop
Mon Apr 11 14:24:54 2011 : Info: [eap] EAP packet type response id 4 length 6
Mon Apr 11 14:24:54 2011 : Info: [eap] Continuing tunnel setup.
Mon Apr 11 14:24:54 2011 : Info: ++[eap] returns ok
Mon Apr 11 14:24:54 2011 : Info: Found Auth-Type = EAP
Mon Apr 11 14:24:54 2011 : Info: +- entering group authenticate {...}
Mon Apr 11 14:24:54 2011 : Info: [eap] Request found, released from the list
Mon Apr 11 14:24:54 2011 : Info: [eap] EAP/peap
Mon Apr 11 14:24:54 2011 : Info: [eap] processing type peap
Mon Apr 11 14:24:54 2011 : Info: [peap] processing EAP-TLS
Mon Apr 11 14:24:54 2011 : Info: [peap] Received TLS ACK
Mon Apr 11 14:24:54 2011 : Info: [peap] ACK handshake fragment handler
Mon Apr 11 14:24:54 2011 : Info: [peap] eaptls_verify returned 1
Mon Apr 11 14:24:54 2011 : Info: [peap] eaptls_process returned 13
Mon Apr 11 14:24:54 2011 : Info: [peap] EAPTLS_HANDLED
Mon Apr 11 14:24:54 2011 : Info: ++[eap] returns handled
Sending Access-Challenge of id 240 to 192.168.1.101 port 5001
EAP-Message =
0x010503fc1940050500308188310b3009060355040613024652310f300d060355040813064652414e4345310f300d060355040713064e414e54455331153013060355040a130c414d522d53455256494345533127302506092a864886f70d0109011618636f6e7461637440616d722d73657276696365732e636f6d311730150603550403130e736572766575722d726164697573301e170d3131303330313130313833335a170d3132303232393130313833335a308188310b3009060355040613024652310f300d060355040813064652414e4345310f300d060355040713064e414e54455331153013060355040a130c414d522d5345525649434553
EAP-Message =
0x3127302506092a864886f70d0109011618636f6e7461637440616d722d73657276696365732e636f6d311730150603550403130e736572766575722d72616469757330820122300d06092a864886f70d01010105000382010f003082010a0282010100e892d1efbe33bcf06d51446878cc329fe937e39cc0927bb2e71d57a62be0070131f1effe4655e1b2b7c71fb57dcab9e95aec51bd8faee194679b024be450a119037fc56afe2d351a33fdd2941de9a59a5cca6e140fecd41d47e1d67a3e73fddedae6261f4b0d3b9b0ed529889a236d7a1d7a3c2af73f743e615a83903af915a923d14513d660e7037b640075d818ee7c8257b269a88fa76cbf78
EAP-Message =
0xe86d4c5cf8236e9ae1f50acd8c9dd0daf78ca24bcdd6d10778fb682fcda7e9bae84612cdc292bb82655966caffc9bc0ee0d9364640423f58338bf1f3e9b29e14d3c87e101126a4ad3a6b6d3f992e722a49c2cc91252116a9407287ca9ba61429aff7f618b0a50203010001a381f03081ed301d0603551d0e0416041423cd74e4020c1e997dd89fe48bb801472896a8693081bd0603551d230481b53081b2801423cd74e4020c1e997dd89fe48bb801472896a869a1818ea4818b308188310b3009060355040613024652310f300d060355040813064652414e4345310f300d060355040713064e414e54455331153013060355040a130c414d522d5345
EAP-Message =
0x5256494345533127302506092a864886f70d0109011618636f6e7461637440616d722d73657276696365732e636f6d311730150603550403130e736572766575722d726164697573820900e94407b684a3d10a300c0603551d13040530030101ff300d06092a864886f70d010105050003820101007e6723b84aa4587b821ac4d381a50106b6d7f232397dd11629c43b9a7724d5d21d95947b07c380f6a0678a0ce66bf354caf2fe4ee037ab828b5fc57295b267854ff66d1579927df383c4723c40fd0fc724943c933a64c209cd40a58917b0fdd1999def46faf61aca9b9e0cf7d7087912bfbbbcabb3b545ae9811b3523661584f5ef702ec8222e8a1
EAP-Message = 0x0e8a9a3fc992a629
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9190512593954825dba584550909dd03
Mon Apr 11 14:24:54 2011 : Info: Finished request 2.
Mon Apr 11 14:24:54 2011 : Debug: Going to the next request
Mon Apr 11 14:24:54 2011 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.101 port 5001, id=241,
length=203
User-Name = "host/PC7.DEMO.LOCAL"
EAP-Message = 0x020500061900
Message-Authenticator = 0x149794343db76fe7c640e93b03479a3a
NAS-IP-Address = 192.168.1.101
NAS-Identifier = "4001c6af0ec2"
NAS-Port = 16797699
NAS-Port-Id = "unit=1;subslot=0;port=5;vlanid=3"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-fc57-63b2"
State = 0x9190512593954825dba584550909dd03
3Com-Connect_Id = 35
3Com-Product-ID = "4500"
3Com-NAS-Startup-Timestamp = 954633315
Mon Apr 11 14:24:54 2011 : Info: +- entering group authorize {...}
Mon Apr 11 14:24:54 2011 : Info: ++[preprocess] returns ok
Mon Apr 11 14:24:54 2011 : Info: ++[chap] returns noop
Mon Apr 11 14:24:54 2011 : Info: ++[mschap] returns noop
Mon Apr 11 14:24:54 2011 : Info: [suffix] No '@' in User-Name =
"host/PC7.DEMO.LOCAL", looking up realm NULL
Mon Apr 11 14:24:54 2011 : Info: [suffix] No such realm "NULL"
Mon Apr 11 14:24:54 2011 : Info: ++[suffix] returns noop
Mon Apr 11 14:24:54 2011 : Info: [eap] EAP packet type response id 5 length 6
Mon Apr 11 14:24:54 2011 : Info: [eap] Continuing tunnel setup.
Mon Apr 11 14:24:54 2011 : Info: ++[eap] returns ok
Mon Apr 11 14:24:54 2011 : Info: Found Auth-Type = EAP
Mon Apr 11 14:24:54 2011 : Info: +- entering group authenticate {...}
Mon Apr 11 14:24:54 2011 : Info: [eap] Request found, released from the list
Mon Apr 11 14:24:54 2011 : Info: [eap] EAP/peap
Mon Apr 11 14:24:54 2011 : Info: [eap] processing type peap
Mon Apr 11 14:24:54 2011 : Info: [peap] processing EAP-TLS
Mon Apr 11 14:24:54 2011 : Info: [peap] Received TLS ACK
Mon Apr 11 14:24:54 2011 : Info: [peap] ACK handshake fragment handler
Mon Apr 11 14:24:54 2011 : Info: [peap] eaptls_verify returned 1
Mon Apr 11 14:24:54 2011 : Info: [peap] eaptls_process returned 13
Mon Apr 11 14:24:54 2011 : Info: [peap] EAPTLS_HANDLED
Mon Apr 11 14:24:54 2011 : Info: ++[eap] returns handled
Sending Access-Challenge of id 241 to 192.168.1.101 port 5001
EAP-Message =
0x0106007f19006fdb7660a7fbd066c1f535cf464115f2d2c8dc1702d0eec45ce51a368bbee27ed2e7f6ae6bdb51f50f9b90225eaf3e57317d69b709928f7c12045587ba1debf77717f71314f200ce0c91a8971e04f3fbe4a75e1bfe3d27f03500db77566f93534c8bf2e0bb4f63a1eb5237c574a1340316030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9190512592964825dba584550909dd03
Mon Apr 11 14:24:54 2011 : Info: Finished request 3.
Mon Apr 11 14:24:54 2011 : Debug: Going to the next request
Mon Apr 11 14:24:54 2011 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.101 port 5001, id=242,
length=203
User-Name = "host/PC7.DEMO.LOCAL"
EAP-Message = 0x020600061900
Message-Authenticator = 0x59d40524183803f05a1d7bafe349397f
NAS-IP-Address = 192.168.1.101
NAS-Identifier = "4001c6af0ec2"
NAS-Port = 16797699
NAS-Port-Id = "unit=1;subslot=0;port=5;vlanid=3"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-fc57-63b2"
State = 0x9190512592964825dba584550909dd03
3Com-Connect_Id = 35
3Com-Product-ID = "4500"
3Com-NAS-Startup-Timestamp = 954633315
Mon Apr 11 14:24:54 2011 : Info: +- entering group authorize {...}
Mon Apr 11 14:24:54 2011 : Info: ++[preprocess] returns ok
Mon Apr 11 14:24:54 2011 : Info: ++[chap] returns noop
Mon Apr 11 14:24:54 2011 : Info: ++[mschap] returns noop
Mon Apr 11 14:24:54 2011 : Info: [suffix] No '@' in User-Name =
"host/PC7.DEMO.LOCAL", looking up realm NULL
Mon Apr 11 14:24:54 2011 : Info: [suffix] No such realm "NULL"
Mon Apr 11 14:24:54 2011 : Info: ++[suffix] returns noop
Mon Apr 11 14:24:54 2011 : Info: [eap] EAP packet type response id 6 length 6
Mon Apr 11 14:24:54 2011 : Info: [eap] Continuing tunnel setup.
Mon Apr 11 14:24:54 2011 : Info: ++[eap] returns ok
Mon Apr 11 14:24:54 2011 : Info: Found Auth-Type = EAP
Mon Apr 11 14:24:54 2011 : Info: +- entering group authenticate {...}
Mon Apr 11 14:24:54 2011 : Info: [eap] Request found, released from the list
Mon Apr 11 14:24:54 2011 : Info: [eap] EAP/peap
Mon Apr 11 14:24:54 2011 : Info: [eap] processing type peap
Mon Apr 11 14:24:54 2011 : Info: [peap] processing EAP-TLS
Mon Apr 11 14:24:54 2011 : Info: [peap] Received TLS ACK
Mon Apr 11 14:24:54 2011 : Info: [peap] ACK handshake fragment handler
Mon Apr 11 14:24:54 2011 : Info: [peap] eaptls_verify returned 1
Mon Apr 11 14:24:54 2011 : Info: [peap] eaptls_process returned 13
Mon Apr 11 14:24:54 2011 : Info: [peap] EAPTLS_HANDLED
Mon Apr 11 14:24:54 2011 : Info: ++[eap] returns handled
Sending Access-Challenge of id 242 to 192.168.1.101 port 5001
EAP-Message = 0x010700061900
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9190512595974825dba584550909dd03
Mon Apr 11 14:24:54 2011 : Info: Finished request 4.
Mon Apr 11 14:24:54 2011 : Debug: Going to the next request
Mon Apr 11 14:24:54 2011 : Debug: Waking up in 4.8 seconds.
Mon Apr 11 14:24:59 2011 : Info: Cleaning up request 0 ID 238 with timestamp +15
Mon Apr 11 14:24:59 2011 : Info: Cleaning up request 1 ID 239 with timestamp +15
Mon Apr 11 14:24:59 2011 : Info: Cleaning up request 2 ID 240 with timestamp +15
Mon Apr 11 14:24:59 2011 : Info: Cleaning up request 3 ID 241 with timestamp +15
Mon Apr 11 14:24:59 2011 : Info: Cleaning up request 4 ID 242 with timestamp +15
Mon Apr 11 14:24:59 2011 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.101 port 5001, id=243,
length=203
User-Name = "host/PC7.DEMO.LOCAL"
EAP-Message = 0x020700061900
Message-Authenticator = 0x897e1e2fb90d9aa18babda299ab2426d
NAS-IP-Address = 192.168.1.101
NAS-Identifier = "4001c6af0ec2"
NAS-Port = 16797699
NAS-Port-Id = "unit=1;subslot=0;port=5;vlanid=3"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-fc57-63b2"
State = 0x9190512595974825dba584550909dd03
3Com-Connect_Id = 35
3Com-Product-ID = "4500"
3Com-NAS-Startup-Timestamp = 954633315
Mon Apr 11 14:25:23 2011 : Info: +- entering group authorize {...}
Mon Apr 11 14:25:23 2011 : Info: ++[preprocess] returns ok
Mon Apr 11 14:25:23 2011 : Info: ++[chap] returns noop
Mon Apr 11 14:25:23 2011 : Info: ++[mschap] returns noop
Mon Apr 11 14:25:23 2011 : Info: [suffix] No '@' in User-Name =
"host/PC7.DEMO.LOCAL", looking up realm NULL
Mon Apr 11 14:25:23 2011 : Info: [suffix] No such realm "NULL"
Mon Apr 11 14:25:23 2011 : Info: ++[suffix] returns noop
Mon Apr 11 14:25:23 2011 : Info: [eap] EAP packet type response id 7 length 6
Mon Apr 11 14:25:23 2011 : Info: [eap] Continuing tunnel setup.
Mon Apr 11 14:25:23 2011 : Info: ++[eap] returns ok
Mon Apr 11 14:25:23 2011 : Info: Found Auth-Type = EAP
Mon Apr 11 14:25:23 2011 : Info: +- entering group authenticate {...}
Mon Apr 11 14:25:23 2011 : Info: [eap] Request found, released from the list
Mon Apr 11 14:25:23 2011 : Info: [eap] EAP/peap
Mon Apr 11 14:25:23 2011 : Info: [eap] processing type peap
Mon Apr 11 14:25:23 2011 : Info: [peap] processing EAP-TLS
Mon Apr 11 14:25:23 2011 : Info: [peap] Received TLS ACK
Mon Apr 11 14:25:23 2011 : Info: [peap] ACK handshake fragment handler
Mon Apr 11 14:25:23 2011 : Info: [peap] eaptls_verify returned 1
Mon Apr 11 14:25:23 2011 : Info: [peap] eaptls_process returned 13
Mon Apr 11 14:25:23 2011 : Info: [peap] EAPTLS_HANDLED
Mon Apr 11 14:25:23 2011 : Info: ++[eap] returns handled
Sending Access-Challenge of id 243 to 192.168.1.101 port 5001
EAP-Message = 0x010800061900
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9190512594984825dba584550909dd03
Mon Apr 11 14:25:23 2011 : Info: Finished request 5.
Mon Apr 11 14:25:23 2011 : Debug: Going to the next request
Mon Apr 11 14:25:23 2011 : Debug: Waking up in 4.9 seconds.
Mon Apr 11 14:25:28 2011 : Info: Cleaning up request 5 ID 243 with timestamp +44
Mon Apr 11 14:25:28 2011 : Info: Ready to process requests.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
