Hi, I am currently running into an issue using FreeRadius with a client doing EAP/peap and a LDAP backend, and hoping someone may be able to help me. I am using FreeRadius 1.0.4, OpenSSL 0.9.7g, and SunOne Directory 5.2 as the LDAP (With passwords stored in clear text.)
Thanks for your time, Steven O'Reilly The last few lines of my radius out put are (With the whole output at the end of the file): Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.101.250:2048, id=190, length=171 NAS-IP-Address = 192.168.101.250 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0x1a5f7c6946f75f67fede6eea4c31cd67 NAS-Port = 2 Framed-MTU = 1490 User-Name = "WH-NAPDOM\\Administrator" Calling-Station-Id = "00-04-AC-5D-19-F6" State = 0x9764183b6394f9c7eea9391ab09ef362 EAP-Message = 0x020b00261900170301001bca06a5f4ff78c2954ca5b40d3d078c5c70e8c203e6a8ec2f8c8f25 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: Looking up realm "WH-NAPDOM" for User-Name = "WH-NAPDOM \Administrator" rlm_realm: Found realm "WH-NAPDOM" rlm_realm: Adding Stripped-User-Name = "Administrator" rlm_realm: Proxying request from user Administrator to realm WH-NAPDOM rlm_realm: Adding Realm = "WH-NAPDOM" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "WH-NAPDOM" returns noop for request 7 rlm_ldap: - authorize rlm_ldap: performing user authorization for Administrator radius_xlat: '(uid=Administrator)' radius_xlat: 'dc=nwtel,dc=ca' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=nwtel,dc=ca, with filter (uid=Administrator) rlm_ldap: Added password supp0rt in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user Administrator authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 7 rlm_eap: EAP packet type response id 11 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 modcall: group authorize returns updated for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 7 modcall: group authenticate returns invalid for request 7 auth: Failed to validate the user. Delaying request 7 for 1 seconds Finished request 7 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.101.250:2048, id=190, length=171 Sending Access-Reject of id 190 to 192.168.101.250:2048 EAP-Message = 0x040b0004 Message-Authenticator = 0x00000000000000000000000000000000 --- Walking the entire request list --- Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 6 ID 189 with timestamp 43191e2f Cleaning up request 7 ID 190 with timestamp 43191e2f Nothing to do. Sleeping until we see a request. My eap.conf is as follows (with the comments removed): eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no tls { private_key_password = whatever private_key_file = ${raddbdir}/certs/cert-srv.pem certificate_file = ${raddbdir}/certs/cert-srv.pem CA_file = ${raddbdir}/certs/demoCA/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random fragment_size = 1024 include_length = yes check_crl = yes } peap { default_eap_type = mschapv2 } mschapv2 { } } My radiusd.conf is as follows (Comments removed): prefix = /usr/local exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = ${prefix}/var sbindir = ${exec_prefix}/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd log_file = ${logdir}/radius.log libdir = ${exec_prefix}/lib pidfile = ${run_dir}/radiusd.pid max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 0 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = no log_auth = no log_auth_badpass = no log_auth_goodpass = no usercollide = no lower_user = yes lower_pass = yes nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = no } proxy_requests = yes $INCLUDE ${confdir}/proxy.conf $INCLUDE ${confdir}/clients.conf snmp = no $INCLUDE ${confdir}/snmp.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { pap { encryption_scheme = crypt } chap { authtype = CHAP } pam { pam_auth = radiusd } unix { cache = no cache_reload = 600 radwtmp = ${logdir}/radwtmp } $INCLUDE ${confdir}/eap.conf mschap { authtype = MS-CHAP use_mppe = no require_encryption = yes require_strong = yes with_ntdomain_hack = no } ldap { server = "localhost" identity = "cn=Directory Manager" password = <removed> basedn = "dc=nwtel,dc=ca" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" start_tls = no dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 password_attribute = userpassword timeout = 4 timelimit = 3 net_timeout = 1 } realm IPASS { format = prefix delimiter = "/" ignore_default = no ignore_null = no } realm suffix { format = suffix delimiter = "@" ignore_default = no ignore_null = no } realm realmpercent { format = suffix delimiter = "%" ignore_default = no ignore_null = no } realm WH-NAPDOM { format = prefix delimiter = "\\" ignore_default = no ignore_null = no } realm default { format = prefix delimiter = "\\" ignore_default = no ignore_null = no } checkval { item-name = Calling-Station-Id check-name = Calling-Station-Id data-type = string } preprocess { huntgroups = ${confdir}/huntgroups hints = ${confdir}/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users compat = no } detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 } acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } $INCLUDE ${confdir}/sql.conf radutmp { filename = ${logdir}/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = yes perm = 0600 callerid = "yes" } radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = "no" } attr_filter { attrsfile = ${confdir}/attrs } counter daily { filename = ${raddbdir}/db.daily key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 } always fail { rcode = fail } always reject { rcode = reject } always ok { rcode = ok simulcount = 0 mpp = no } digest { } exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = request output_pairs = reply } ippool main_pool { range-start = 192.168.1.1 range-stop = 192.168.3.254 netmask = 255.255.255.0 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no maximum-timeout = 0 } } instantiate { } authorize { preprocess chap mschap WH-NAPDOM ldap eap } authenticate { Auth-Type LDAP { ldap } eap } preacct { preprocess acct_unique suffix files } accounting { detail radutmp } session { radutmp } post-auth { } pre-proxy { } post-proxy { eap } Full radius output: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "yes" main: lower_pass = "yes" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded LDAP ldap: server = "localhost" ldap: port = 389 ldap: net_timeout = 1 ldap: timeout = 4 ldap: timelimit = 3 ldap: identity = "cn=Directory Manager" ldap: tls_mode = no ldap: start_tls = no ldap: tls_cacertfile = "(null)" ldap: tls_cacertdir = "(null)" ldap: tls_certfile = "(null)" ldap: tls_keyfile = "(null)" ldap: tls_randfile = "(null)" ldap: tls_require_cert = "allow" ldap: password = "directory" ldap: basedn = "dc=nwtel,dc=ca" ldap: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" ldap: base_filter = "(objectclass=radiusprofile)" ldap: default_profile = "(null)" ldap: profile_attribute = "(null)" ldap: password_header = "(null)" ldap: password_attribute = "userpassword" ldap: access_attr = "(null)" ldap: groupname_attribute = "cn" ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" ldap: groupmembership_attribute = "(null)" ldap: dictionary_mapping = "/usr/local/etc/raddb/ldap.attrmap" ldap: ldap_debug = 0 ldap: ldap_connections_number = 5 ldap: compare_check_items = no ldap: access_attr_used_for_allow = yes ldap: do_xlat = yes rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap rlm_ldap: reading ldap<->radius mappings from file /usr/local/etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id conns: 41fe8 Module: Instantiated ldap (ldap) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem" tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem" tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem" tls: private_key_password = "whatever" tls: dh_file = "/usr/local/etc/raddb/certs/dh" tls: random_file = "/usr/local/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = yes tls: check_cert_cn = "(null)" rlm_eap: Loaded and initialized type tls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = no mschap: require_encryption = yes mschap: require_strong = yes mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded realm realm: format = "prefix" realm: delimiter = "\" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (WH-NAPDOM) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/usr/local/etc/raddb/users" files: acctusersfile = "/usr/local/etc/raddb/acct_users" files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/usr/local/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Listening on proxy *:1814 Ready to process requests. rad_recv: Access-Request packet from host 192.168.101.250:2048, id=183, length=143 NAS-IP-Address = 192.168.101.250 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0x1a666892897ba0cf98cc1bce477d3ec5 NAS-Port = 2 Framed-MTU = 1490 User-Name = "WH-NAPDOM\\Administrator" Calling-Station-Id = "00-04-AC-5D-19-F6" EAP-Message = 0x0204001c0157482d4e4150444f4d5c41646d696e6973747261746f72 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: Looking up realm "WH-NAPDOM" for User-Name = "WH-NAPDOM\Administrator" rlm_realm: Found realm "WH-NAPDOM" rlm_realm: Adding Stripped-User-Name = "Administrator" rlm_realm: Proxying request from user Administrator to realm WH-NAPDOM rlm_realm: Adding Realm = "WH-NAPDOM" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "WH-NAPDOM" returns noop for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for Administrator radius_xlat: '(uid=Administrator)' radius_xlat: 'dc=nwtel,dc=ca' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as cn=Directory Manager/directory to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=nwtel,dc=ca, with filter (uid=Administrator) rlm_ldap: Added password password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user Administrator authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 rlm_eap: EAP packet type response id 4 length 28 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: group authenticate returns handled for request 0 Sending Access-Challenge of id 183 to 192.168.101.250:2048 EAP-Message = 0x010500061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6b1f35003563be72723112935854df49 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.101.250:2048, id=184, length=213 NAS-IP-Address = 192.168.101.250 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0x62b3cfcf67c478d77d46464791ec2685 NAS-Port = 2 Framed-MTU = 1490 User-Name = "WH-NAPDOM\\Administrator" Calling-Station-Id = "00-04-AC-5D-19-F6" State = 0x6b1f35003563be72723112935854df49 EAP-Message = 0x0205005019800000004616030100410100003d030143191f93898c2441686a4745cd95f80682a75cf9294d29d34ad531fb4e3fc60c00001600040005000a000900640062000300060013001200630100 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: Looking up realm "WH-NAPDOM" for User-Name = "WH-NAPDOM\Administrator" rlm_realm: Found realm "WH-NAPDOM" rlm_realm: Adding Stripped-User-Name = "Administrator" rlm_realm: Proxying request from user Administrator to realm WH-NAPDOM rlm_realm: Adding Realm = "WH-NAPDOM" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "WH-NAPDOM" returns noop for request 1 rlm_ldap: - authorize rlm_ldap: performing user authorization for Administrator radius_xlat: '(uid=Administrator)' radius_xlat: 'dc=nwtel,dc=ca' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=nwtel,dc=ca, with filter (uid=Administrator) rlm_ldap: Added password password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user Administrator authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 1 rlm_eap: EAP packet type response id 5 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: group authenticate returns handled for request 1 Sending Access-Challenge of id 184 to 192.168.101.250:2048 EAP-Message = 0x0106040a19c0000006f1160301004a02000046030143191e102583319fb3baf835a350f1b454a8ae120a63904d6ae2dc4c45314b092080fac3e87756ef8ab9bf75274bae8016d331382b5835613fd5bf182e5f4e019100040016030106940b00069000068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365 EAP-Message = 0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003 EAP-Message = 0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09 EAP-Message = 0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x64ba85b38a22b7f68c4e48a0ddbfbc09 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.101.250:2048, id=185, length=139 NAS-IP-Address = 192.168.101.250 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0x77294043bb599c907b21b5b8d3b661a1 NAS-Port = 2 Framed-MTU = 1490 User-Name = "WH-NAPDOM\\Administrator" Calling-Station-Id = "00-04-AC-5D-19-F6" State = 0x64ba85b38a22b7f68c4e48a0ddbfbc09 EAP-Message = 0x020600061900 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: Looking up realm "WH-NAPDOM" for User-Name = "WH-NAPDOM\Administrator" rlm_realm: Found realm "WH-NAPDOM" rlm_realm: Adding Stripped-User-Name = "Administrator" rlm_realm: Proxying request from user Administrator to realm WH-NAPDOM rlm_realm: Adding Realm = "WH-NAPDOM" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "WH-NAPDOM" returns noop for request 2 rlm_ldap: - authorize rlm_ldap: performing user authorization for Administrator radius_xlat: '(uid=Administrator)' radius_xlat: 'dc=nwtel,dc=ca' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=nwtel,dc=ca, with filter (uid=Administrator) rlm_ldap: Added password password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user Administrator authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 2 rlm_eap: EAP packet type response id 6 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 modcall: group authorize returns updated for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: group authenticate returns handled for request 2 Sending Access-Challenge of id 185 to 192.168.101.250:2048 EAP-Message = 0x010702f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8 EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010 EAP-Message = 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf1ce0f34ed39f8771721b79c08e55cfa Finished request 2 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.101.250:2048, id=186, length=325 NAS-IP-Address = 192.168.101.250 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0xdc9a16cb80388150d1c5f77ff50ee8b2 NAS-Port = 2 Framed-MTU = 1490 User-Name = "WH-NAPDOM\\Administrator" Calling-Station-Id = "00-04-AC-5D-19-F6" State = 0xf1ce0f34ed39f8771721b79c08e55cfa EAP-Message = 0x020700c01980000000b61603010086100000820080bfdbb106a2811ab59439639a87a42a2eeca5b07bbc4d5a11769ac32db520414df100a819362dec4d2a8e9b191b7acc1d89146af126a404c19f5d8d022af1f3f4c21bfdd2f9c915303c66153f96de7137abbbc472b3c8d87c94d15eec00754913bc084092a2ebd3b3d3ea62697c9f3739037a56bebdb3f21fc220e2a4d59d4ae61403010001011603010020ce8ac3187b6df1b5c656c9ef9645b0161668683bdc22ca2483c5e52623cf0be9 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: Looking up realm "WH-NAPDOM" for User-Name = "WH-NAPDOM\Administrator" rlm_realm: Found realm "WH-NAPDOM" rlm_realm: Adding Stripped-User-Name = "Administrator" rlm_realm: Proxying request from user Administrator to realm WH-NAPDOM rlm_realm: Adding Realm = "WH-NAPDOM" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "WH-NAPDOM" returns noop for request 3 rlm_ldap: - authorize rlm_ldap: performing user authorization for Administrator radius_xlat: '(uid=Administrator)' radius_xlat: 'dc=nwtel,dc=ca' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=nwtel,dc=ca, with filter (uid=Administrator) rlm_ldap: Added password password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user Administrator authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 3 rlm_eap: EAP packet type response id 7 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 modcall: group authorize returns updated for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 186 to 192.168.101.250:2048 EAP-Message = 0x0108003119001403010001011603010020a9403766c44c8e40583524e9973f7843197385a2198b6ec26c079b5f83445357 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5d990deb70612c8a90e3cec27ce1c43f Finished request 3 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.101.250:2048, id=187, length=139 NAS-IP-Address = 192.168.101.250 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0x7ad9b7af853c27463d2a954e9634172e NAS-Port = 2 Framed-MTU = 1490 User-Name = "WH-NAPDOM\\Administrator" Calling-Station-Id = "00-04-AC-5D-19-F6" State = 0x5d990deb70612c8a90e3cec27ce1c43f EAP-Message = 0x020800061900 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: Looking up realm "WH-NAPDOM" for User-Name = "WH-NAPDOM\Administrator" rlm_realm: Found realm "WH-NAPDOM" rlm_realm: Adding Stripped-User-Name = "Administrator" rlm_realm: Proxying request from user Administrator to realm WH-NAPDOM rlm_realm: Adding Realm = "WH-NAPDOM" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "WH-NAPDOM" returns noop for request 4 rlm_ldap: - authorize rlm_ldap: performing user authorization for Administrator radius_xlat: '(uid=Administrator)' radius_xlat: 'dc=nwtel,dc=ca' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=nwtel,dc=ca, with filter (uid=Administrator) rlm_ldap: Added password password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user Administrator authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 4 rlm_eap: EAP packet type response id 8 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 4 modcall: group authenticate returns handled for request 4 Sending Access-Challenge of id 187 to 192.168.101.250:2048 EAP-Message = 0x0109002019001703010015851f902b1d46f6e1fca410781f3498d853c35018f8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2aad7d893568391f2a63d56f863b85b1 Finished request 4 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.101.250:2048, id=188, length=184 NAS-IP-Address = 192.168.101.250 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0x47f37c1d8f7337d57936df3e017bdcfc NAS-Port = 2 Framed-MTU = 1490 User-Name = "WH-NAPDOM\\Administrator" Calling-Station-Id = "00-04-AC-5D-19-F6" State = 0x2aad7d893568391f2a63d56f863b85b1 EAP-Message = 0x0209003319001703010028a76b6b181ab38f047fc9f16fbc3e26bfafc7c2ac6f76fab9b0e04a96b097dabf0e93c7998b512f8e Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: Looking up realm "WH-NAPDOM" for User-Name = "WH-NAPDOM\Administrator" rlm_realm: Found realm "WH-NAPDOM" rlm_realm: Adding Stripped-User-Name = "Administrator" rlm_realm: Proxying request from user Administrator to realm WH-NAPDOM rlm_realm: Adding Realm = "WH-NAPDOM" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "WH-NAPDOM" returns noop for request 5 rlm_ldap: - authorize rlm_ldap: performing user authorization for Administrator radius_xlat: '(uid=Administrator)' radius_xlat: 'dc=nwtel,dc=ca' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=nwtel,dc=ca, with filter (uid=Administrator) rlm_ldap: Added password password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user Administrator authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 5 rlm_eap: EAP packet type response id 9 length 51 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - WH-NAPDOM\Administrator rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of WH-NAPDOM\Administrator PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to WH-NAPDOM\Administrator Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: Looking up realm "WH-NAPDOM" for User-Name = "WH-NAPDOM\Administrator" rlm_realm: Found realm "WH-NAPDOM" rlm_realm: Adding Stripped-User-Name = "Administrator" rlm_realm: Proxying request from user Administrator to realm WH-NAPDOM rlm_realm: Adding Realm = "WH-NAPDOM" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "WH-NAPDOM" returns noop for request 5 rlm_ldap: - authorize rlm_ldap: performing user authorization for Administrator radius_xlat: '(uid=Administrator)' radius_xlat: 'dc=nwtel,dc=ca' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=nwtel,dc=ca, with filter (uid=Administrator) rlm_ldap: Added password password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user Administrator authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 5 rlm_eap: EAP packet type response id 9 length 28 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: group authenticate returns handled for request 5 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: group authenticate returns handled for request 5 Sending Access-Challenge of id 188 to 192.168.101.250:2048 EAP-Message = 0x010a00481900170301003dbb59d54e0550b693880303685feb347de0db1f9d1a679ca68e2a0f1cf3ab09dcd4b0dec06df9dbc3f9a1695e2acfb0afd1aead92f43f87e8973bcdfc54 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x524736a44cbab0c3fb187d738a94ccac Finished request 5 Going to the next request Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 183 with timestamp 43191e10 Cleaning up request 1 ID 184 with timestamp 43191e10 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 2 ID 185 with timestamp 43191e11 Cleaning up request 3 ID 186 with timestamp 43191e11 Cleaning up request 4 ID 187 with timestamp 43191e11 Cleaning up request 5 ID 188 with timestamp 43191e11 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 192.168.101.250:2048, id=189, length=228 NAS-IP-Address = 192.168.101.250 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0xc7b37ad96e283e990d4806356e2cc875 NAS-Port = 2 Framed-MTU = 1490 User-Name = "WH-NAPDOM\\Administrator" Calling-Station-Id = "00-04-AC-5D-19-F6" State = 0x524736a44cbab0c3fb187d738a94ccac EAP-Message = 0x020a005f1900170301005412a18e20937d7ab2b6d807437f36fd15cc8e33ac011d902e61510ccad067e0b2cb19bcf39b50e53bceabeddfcfe581535b9e5e603cf4c8a409968dcd38dc13806ac383c5317e551e0b76b21e7e50f5c553458d1b Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: Looking up realm "WH-NAPDOM" for User-Name = "WH-NAPDOM\Administrator" rlm_realm: Found realm "WH-NAPDOM" rlm_realm: Adding Stripped-User-Name = "Administrator" rlm_realm: Proxying request from user Administrator to realm WH-NAPDOM rlm_realm: Adding Realm = "WH-NAPDOM" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "WH-NAPDOM" returns noop for request 6 rlm_ldap: - authorize rlm_ldap: performing user authorization for Administrator radius_xlat: '(uid=Administrator)' radius_xlat: 'dc=nwtel,dc=ca' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=nwtel,dc=ca, with filter (uid=Administrator) rlm_ldap: Added password password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user Administrator authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 6 rlm_eap: EAP packet type response id 10 length 95 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to WH-NAPDOM\Administrator PEAP: Adding old state with c2 19 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: Looking up realm "WH-NAPDOM" for User-Name = "WH-NAPDOM\Administrator" rlm_realm: Found realm "WH-NAPDOM" rlm_realm: Adding Stripped-User-Name = "Administrator" rlm_realm: Proxying request from user Administrator to realm WH-NAPDOM rlm_realm: Adding Realm = "WH-NAPDOM" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "WH-NAPDOM" returns noop for request 6 rlm_ldap: - authorize rlm_ldap: performing user authorization for Administrator radius_xlat: '(uid=Administrator)' radius_xlat: 'dc=nwtel,dc=ca' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=nwtel,dc=ca, with filter (uid=Administrator) rlm_ldap: Added password password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user Administrator authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 6 rlm_eap: EAP packet type response id 10 length 72 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 6 modcall: group authenticate returns reject for request 6 auth: Failed to validate the user. PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 6 modcall: group authenticate returns handled for request 6 Sending Access-Challenge of id 189 to 192.168.101.250:2048 EAP-Message = 0x010b00261900170301001bdb1b489686611e04644aa40ee1532bca2bce245433e1c6c489ded8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9764183b6394f9c7eea9391ab09ef362 Finished request 6 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.101.250:2048, id=190, length=171 NAS-IP-Address = 192.168.101.250 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0x1a5f7c6946f75f67fede6eea4c31cd67 NAS-Port = 2 Framed-MTU = 1490 User-Name = "WH-NAPDOM\\Administrator" Calling-Station-Id = "00-04-AC-5D-19-F6" State = 0x9764183b6394f9c7eea9391ab09ef362 EAP-Message = 0x020b00261900170301001bca06a5f4ff78c2954ca5b40d3d078c5c70e8c203e6a8ec2f8c8f25 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: Looking up realm "WH-NAPDOM" for User-Name = "WH-NAPDOM\Administrator" rlm_realm: Found realm "WH-NAPDOM" rlm_realm: Adding Stripped-User-Name = "Administrator" rlm_realm: Proxying request from user Administrator to realm WH-NAPDOM rlm_realm: Adding Realm = "WH-NAPDOM" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "WH-NAPDOM" returns noop for request 7 rlm_ldap: - authorize rlm_ldap: performing user authorization for Administrator radius_xlat: '(uid=Administrator)' radius_xlat: 'dc=nwtel,dc=ca' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=nwtel,dc=ca, with filter (uid=Administrator) rlm_ldap: Added password password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user Administrator authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 7 rlm_eap: EAP packet type response id 11 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 modcall: group authorize returns updated for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 7 modcall: group authenticate returns invalid for request 7 auth: Failed to validate the user. Delaying request 7 for 1 seconds Finished request 7 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.101.250:2048, id=190, length=171 Sending Access-Reject of id 190 to 192.168.101.250:2048 EAP-Message = 0x040b0004 Message-Authenticator = 0x00000000000000000000000000000000 --- Walking the entire request list --- Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 6 ID 189 with timestamp 43191e2f Cleaning up request 7 ID 190 with timestamp 43191e2f Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html