ss25

Подключился. Проблема была в клиенте.

Не разобрался я снес все к чертям и по новой с нуля. NAS wifi router ASUS RT-N10 Сейчас без SQL все в файлах. Через raddtest авторизирует через PAP, а с WIndows XP SP3 нет. лог авторизацииниже. FreeRADIUS Version 2.1.12, for host i386-portbld-freebsd9.0, built on Mar 11 2012 at 17:03:30 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/modules/cui including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/detail.example.com including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/dynamic_clients including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/expr including configuration file /usr/local/etc/raddb/modules/files including configuration file /usr/local/etc/raddb/modules/inner-eap including configuration file /usr/local/etc/raddb/modules/ippool including configuration file /usr/local/etc/raddb/modules/krb5 including configuration file /usr/local/etc/raddb/modules/ldap including configuration file /usr/local/etc/raddb/modules/linelog including configuration file /usr/local/etc/raddb/modules/logintime including configuration file /usr/local/etc/raddb/modules/otp including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/mschap including configuration file /usr/local/etc/raddb/modules/mac2vlan including configuration file /usr/local/etc/raddb/modules/ntlm_auth including configuration file /usr/local/etc/raddb/modules/opendirectory including configuration file /usr/local/etc/raddb/modules/pam including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/passwd including configuration file /usr/local/etc/raddb/modules/perl including configuration file /usr/local/etc/raddb/modules/policy including configuration file /usr/local/etc/raddb/modules/preprocess including configuration file /usr/local/etc/raddb/modules/radutmp including configuration file /usr/local/etc/raddb/modules/realm including configuration file /usr/local/etc/raddb/modules/redis including configuration file /usr/local/etc/raddb/modules/rediswho including configuration file /usr/local/etc/raddb/modules/replicate including configuration file /usr/local/etc/raddb/modules/smbpasswd including configuration file /usr/local/etc/raddb/modules/smsotp including configuration file /usr/local/etc/raddb/modules/soh including configuration file /usr/local/etc/raddb/modules/sql_log including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login including configuration file /usr/local/etc/raddb/modules/sradutmp including configuration file /usr/local/etc/raddb/modules/unix including configuration file /usr/local/etc/raddb/modules/acct_unique including configuration file /usr/local/etc/raddb/eap.conf including configuration file /usr/local/etc/raddb/policy.conf including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/default including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel including configuration file /usr/local/etc/raddb/sites-enabled/control-socket main { user = "freeradius" group = "freeradius" allow_core_dumps = yes } Core dumps are enabled. including dictionary file /usr/local/etc/raddb/dictionary main { name = "radiusd" prefix = "/usr/local" localstatedir = "/var" sbindir = "/usr/local/sbin" logdir = "/var/log" run_dir = "/var/run/radiusd" libdir = "/usr/local/lib/freeradius-2.1.12" radacctdir = "/var/log/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/local/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = yes auth = yes auth_badpass = no auth_goodpass = no msg_badpass = "BAD_PASS" msg_goodpass = "GOOD_PASS" } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } client 192.168.0.0/16 { require_message_authenticator = no secret = "secret" shortname = "ASUS" nastype = "other" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /usr/local/etc/raddb/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /usr/local/etc/raddb/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /usr/local/etc/raddb/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /usr/local/etc/raddb/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file /usr/local/etc/raddb/radiusd.conf modules { Module: Creating Auth-Type = digest Module: Creating Post-Auth-Type = REJECT Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /usr/local/etc/raddb/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /usr/local/etc/raddb/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /usr/local/etc/raddb/modules/mschap mschap { use_mppe = yes require_encryption = yes require_strong = yes with_ntdomain_hack = yes allow_retry = yes } Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /usr/local/etc/raddb/modules/digest Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /usr/local/etc/raddb/modules/unix unix { radwtmp = "/var/log/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /usr/local/etc/raddb/eap.conf eap { default_eap_type = "tls" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/usr/local/etc/raddb/certs" pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/server.pem" certificate_file = "/usr/local/etc/raddb/certs/server.pem" CA_file = "/usr/local/etc/raddb/certs/ca.pem" private_key_password = "whatever" dh_file = "/usr/local/etc/raddb/certs/dh" random_file = "/usr/local/etc/raddb/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/usr/local/etc/raddb/certs/bootstrap" ecdh_curve = "prime256v1" cache { enable = no lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /usr/local/etc/raddb/modules/preprocess preprocess { huntgroups = "/usr/local/etc/raddb/huntgroups" hints = "/usr/local/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Linked to module rlm_realm Module: Instantiating module "ntdomain" from file /usr/local/etc/raddb/modules/realm realm ntdomain { format = "prefix" delimiter = "\" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /usr/local/etc/raddb/modules/files files { usersfile = "/usr/local/etc/raddb/users" acctusersfile = "/usr/local/etc/raddb/acct_users" preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" compat = "no" } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /usr/local/etc/raddb/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module: Instantiating module "suffix" from file /usr/local/etc/raddb/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "detail" from file /usr/local/etc/raddb/modules/detail detail { detailfile = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /usr/local/etc/raddb/modules/radutmp radutmp { filename = "/var/log/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/usr/local/etc/raddb/attrs.accounting_response" key = "%{User-Name}" relaxed = no } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/usr/local/etc/raddb/attrs.access_reject" key = "%{User-Name}" relaxed = no } } # modules } # server server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = 192.168.2.245 port = 0 } listen { type = "acct" ipaddr = 192.168.2.245 port = 0 } listen { type = "control" listen { socket = "/var/run/radiusd/radiusd.sock" } } listen { type = "auth" ipaddr = 192.168.2.245 port = 18120 } Listening on authentication address 192.168.2.245 port 1812 Listening on accounting address 192.168.2.245 port 1813 Listening on command file /var/run/radiusd/radiusd.sock Listening on authentication address 192.168.2.245 port 18120 as server inner-tunnel Listening on proxy address 192.168.2.245 port 1814 Ready to process requests. rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=123 User-Name = "steve" NAS-IP-Address = 192.168.2.253 Called-Station-Id = "002618c62db2" Calling-Station-Id = "002719d11285" NAS-Identifier = "002618c62db2" NAS-Port = 6 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200000a017374657665 Message-Authenticator = 0x2cc24b38a39c7f33b8630410c148361c # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [ntdomain] No '\' in User-Name = "steve", looking up realm NULL [ntdomain] No such realm "NULL" ++[ntdomain] returns noop [eap] EAP packet type response id 0 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry steve at line 76 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Requiring client certificate [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.2.253 port 2048 EAP-Message = 0x010100060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe3a65930e3a754bd95dc8a11fd6c7282 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=137 Cleaning up request 0 ID 0 with timestamp +164 User-Name = "steve" NAS-IP-Address = 192.168.2.253 Called-Station-Id = "002618c62db2" Calling-Station-Id = "002719d11285" NAS-Identifier = "002618c62db2" NAS-Port = 6 Framed-MTU = 1400 State = 0xe3a65930e3a754bd95dc8a11fd6c7282 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020100060319 Message-Authenticator = 0x5511bcf5821ff207e0d23f7a79dbb500 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [ntdomain] No '\' in User-Name = "steve", looking up realm NULL [ntdomain] No such realm "NULL" ++[ntdomain] returns noop [eap] EAP packet type response id 1 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry steve at line 76 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.2.253 port 2048 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe3a65930e2a440bd95dc8a11fd6c7282 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=218 Cleaning up request 1 ID 0 with timestamp +164 User-Name = "steve" NAS-IP-Address = 192.168.2.253 Called-Station-Id = "002618c62db2" Calling-Station-Id = "002719d11285" NAS-Identifier = "002618c62db2" NAS-Port = 6 Framed-MTU = 1400 State = 0xe3a65930e2a440bd95dc8a11fd6c7282 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0202005719800000004d16030100480100004403014f604ab2fe778a1d99197fc2e5dd4ce9ad66f8587da8db28dd766c813cfde2f400001600040005000a0009006400620003000600130012006301000005ff01000100 Message-Authenticator = 0xe94214aea1d080fedeb4f1cd545bac30 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [ntdomain] No '\' in User-Name = "steve", looking up realm NULL [ntdomain] No such realm "NULL" ++[ntdomain] returns noop [eap] EAP packet type response id 2 length 87 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 77 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0048], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0031], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 085e], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.2.253 port 2048 EAP-Message = 0x0103040019c0000008a216030100310200002d03014f604ab25cc50d72bb3bf57639d223c31eb4ef66309313d5a8f321a10018e98b000004000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175 EAP-Message = 0x74686f72697479301e170d3132303331343036343233365a170d3133303331343036343233365a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c266dace08a0b1992c76ca2d59ec5089c0fda34ad667f5efe4513d2816b51284ce65b2f04093370630199c522e1b418e6d3550bb7bd2bf EAP-Message = 0xf75f10840d7a0d948ebfc72ffab19edfcef18a2d48034f3f9967d12de18e8fe6a15446c71ca726630c1f8043c1bf018455635dc98a630f3885a5a9f4dfaa68d399707b8b3598bc50d8d80c58b7bdbeb68dba2a41f21338c07aefb7ef010f6f4e59aa720e99df7c1cec7c0cadf4c2f26b70882acb79901189ca4f556c50ff2c5441134f1c2597db880d68f499d928705e2a251dadfdc7030a40c43c1b7c98a752beb3347e4c79f7f82a4b1553046bfe2a438aab956e8a0bd07e9b63247fe0dc750829c2ec44b6113d670203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100c5e4 EAP-Message = 0xd668059e52e9cbc967f776228bbcec1c870f1f2c425404a4b3fa637e7b0b2eb59696271ff3756eb64ec2907a6bd97737ab27a41c350fc74104f48d226e37c0bc418202de320d737f3e4bde1dca17ad28d5702f4ebd1dbae522055a254b6128d50b2bf35ec72309479b9b6af8a2e0b64d7e87c0f2771464e95c521c17c0cb57aa71981aa76659971b5704cb113fc60d1a8860c4818d8ca3c595a69c9a33279ee0e8c42a263fe8e8773957887c3959743252ea845118a797492df94b55c0ee49337b8471c1bc0b282bb30dc0df78c8c0572c51309d3993efc58465dc5d61499e1da4a82ceb35aafa164e9b34f45f05061639c8545f14b2a8505db5237c3d EAP-Message = 0xbe0004ab308204a73082038f Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe3a65930e1a540bd95dc8a11fd6c7282 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=137 Cleaning up request 2 ID 0 with timestamp +164 User-Name = "steve" NAS-IP-Address = 192.168.2.253 Called-Station-Id = "002618c62db2" Calling-Station-Id = "002719d11285" NAS-Identifier = "002618c62db2" NAS-Port = 6 Framed-MTU = 1400 State = 0xe3a65930e1a540bd95dc8a11fd6c7282 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020300061900 Message-Authenticator = 0x63740a27da5c5e4de5bedfef3ce299a8 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [ntdomain] No '\' in User-Name = "steve", looking up realm NULL [ntdomain] No such realm "NULL" ++[ntdomain] returns noop [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.2.253 port 2048 EAP-Message = 0x010403fc1940a003020102020900f7093c2b72ccb9f3300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3132303331343036343233365a170d3133303331343036343233365a308193310b3009060355040613024652310f300d0603550408130652616469757331 EAP-Message = 0x12301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100e17d2d9766d10ab1014a54d4f26469e64fc7731cae131e293079f6d1b97e7758fb3b8fb6d45b8eae9e19c4c80e627a4dcd04814493e21adf91c4ad00ea7258ef019c69140e3ca902605c7a1c806e239712b2d559775f9948524d9e66343172ca2dc853a0375e5223 EAP-Message = 0x7bfc764902853b8e32bdf3697128bc1b3a2eaeb059950d745ccc3674e9195a80af9b337d64447a5ec8d3ff672893fd802490777db52d26d9fba34e3aaea3c2aee77b55d078b10b2b971a6d1bf1caaf12bd87aebc5c07291fee40b36e2f05e49cf457f54bfaba378e71a459f0760596b7ed1bdfac6acc1734c0acf237ff203ab39af4454880296a9b6cabf6005052ad71f39302030524c31d0203010001a381fb3081f8301d0603551d0e04160414a8ceabfeb5b9e76a8ef5fab964c7ee1eccde2c873081c80603551d230481c03081bd8014a8ceabfeb5b9e76a8ef5fab964c7ee1eccde2c87a18199a48196308193310b300906035504061302465231 EAP-Message = 0x0f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900f7093c2b72ccb9f3300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100d63dedc60f1dcfcbf3eff5ecd36fb3aa2c3f35824183d7093fc9c0c2c263ddca7941825729e5833695a3f0a484b3f4a92711be470f4ea81097634e9be2b58189b5fe12f8f692c5eec224b5 EAP-Message = 0x1897177930eb3c5d Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe3a65930e0a240bd95dc8a11fd6c7282 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=137 Cleaning up request 3 ID 0 with timestamp +164 User-Name = "steve" NAS-IP-Address = 192.168.2.253 Called-Station-Id = "002618c62db2" Calling-Station-Id = "002719d11285" NAS-Identifier = "002618c62db2" NAS-Port = 6 Framed-MTU = 1400 State = 0xe3a65930e0a240bd95dc8a11fd6c7282 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020400061900 Message-Authenticator = 0xd9ccb288e553c82c44c6789d597f8e6f # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [ntdomain] No '\' in User-Name = "steve", looking up realm NULL [ntdomain] No such realm "NULL" ++[ntdomain] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.2.253 port 2048 EAP-Message = 0x010500bc190000c7ae07b055c8da4ceb9cf01799aba64d3b3296408314d4bcd8d266503d2b77641f0e63408e80ec6373bc60fadfc0a10898bb8af3b7fccde8ba6ffed3135aa70ef667bc307564bc13595c865828f3cd0551edd95eb06b82981c2527758cb1fe6111c339a47e510214425468ae27ae63a881fbfc1739fe2c93ea51209721fe619eb938ad3b6b7096fc3f193ef774cabfc6d175cc65737d71c08ae6a4d2b3ea33f1301e3b145bf665b33458b48516030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe3a65930e7a340bd95dc8a11fd6c7282 Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=453 Cleaning up request 4 ID 0 with timestamp +164 User-Name = "steve" NAS-IP-Address = 192.168.2.253 Called-Station-Id = "002618c62db2" Calling-Station-Id = "002719d11285" NAS-Identifier = "002618c62db2" NAS-Port = 6 Framed-MTU = 1400 State = 0xe3a65930e7a340bd95dc8a11fd6c7282 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020501401980000001361603010106100001020100393957bc526750f53f27a49d79f0d9123bf86c33423791430d8acc20118a35848f53d243f8aaa103a1418e5b7ecffb27f643b43fd01baa18a29842f4b0a616d7efab71dd96debf6962e27bd3a65dd399667fd615ffe9f7f421572ac559c7fc1ab0e85083f1ed82acfbd67a2fed2e5ec49705eba623beb705ab9b2cf956b07fb58f820b251e66aee9973db31a81e715c55b167362664b1773ca7fcd00a461f9cae0cc797ac15df7bbd309251fb73aa822e95bf1833097fb0bdbac4b0da589e8c9d5cef03ffdcbda952a4b152da482ce2ed49a5e6b80e40b3e8afa853c39ca8941142cf0cba54dc029 EAP-Message = 0x8f32364717c9da251f046a641463ab9589af0fe6500bab5314030100010116030100207c0352873e8ceae0fc265a007f69df79f7a1e7b99166be4efb06656453554f73 Message-Authenticator = 0x8282c63944155238f1c8506f745df723 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [ntdomain] No '\' in User-Name = "steve", looking up realm NULL [ntdomain] No such realm "NULL" ++[ntdomain] returns noop [eap] EAP packet type response id 5 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 310 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.2.253 port 2048 EAP-Message = 0x010600311900140301000101160301002065bdffdb88759955a2d8693d859f01e353a87438d311cea2d7f834e304bb66fc Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe3a65930e6a040bd95dc8a11fd6c7282 Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=137 Cleaning up request 5 ID 0 with timestamp +164 User-Name = "steve" NAS-IP-Address = 192.168.2.253 Called-Station-Id = "002618c62db2" Calling-Station-Id = "002719d11285" NAS-Identifier = "002618c62db2" NAS-Port = 6 Framed-MTU = 1400 State = 0xe3a65930e6a040bd95dc8a11fd6c7282 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020600061900 Message-Authenticator = 0x9ba8b8ef89924d4fd492224f5abd95d7 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [ntdomain] No '\' in User-Name = "steve", looking up realm NULL [ntdomain] No such realm "NULL" ++[ntdomain] returns noop [eap] EAP packet type response id 6 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.2.253 port 2048 EAP-Message = 0x0107002019001703010015c5085b2e70217b305357da92cf71460a2a302da537 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe3a65930e5a140bd95dc8a11fd6c7282 Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=164 Cleaning up request 6 ID 0 with timestamp +165 User-Name = "steve" NAS-IP-Address = 192.168.2.253 Called-Station-Id = "002618c62db2" Calling-Station-Id = "002719d11285" NAS-Identifier = "002618c62db2" NAS-Port = 6 Framed-MTU = 1400 State = 0xe3a65930e5a140bd95dc8a11fd6c7282 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0207002119001703010016a1c17bc1189cc09392e8a74afdac26e3885c8d00b180 Message-Authenticator = 0xd40705ea3c82b46a3b1c12a222800afd # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [ntdomain] No '\' in User-Name = "steve", looking up realm NULL [ntdomain] No such realm "NULL" ++[ntdomain] returns noop [eap] EAP packet type response id 7 length 33 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - steve [peap] Got inner identity 'steve' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x0207000a017374657665 server { [peap] Setting User-Name to steve Sending tunneled request EAP-Message = 0x0207000a017374657665 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "steve" server { # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [ntdomain] No '\' in User-Name = "steve", looking up realm NULL [ntdomain] No such realm "NULL" ++[ntdomain] returns noop [eap] EAP packet type response id 7 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry steve at line 76 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server [peap] Got tunneled reply code 11 EAP-Message = 0x0108001f1a0108001a10187c13503f2462800f63fef507c3f9be7374657665 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x30e9061530e11cef70a53dfab9a25c91 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x0108001f1a0108001a10187c13503f2462800f63fef507c3f9be7374657665 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x30e9061530e11cef70a53dfab9a25c91 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.2.253 port 2048 EAP-Message = 0x010800361900170301002ba1e89db9ee15e118ae72586c08eed3e7e97cf135527fcd8f735d658e8b8102196784d5c7faea576195da59 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe3a65930e4ae40bd95dc8a11fd6c7282 Finished request 7. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=218 Cleaning up request 7 ID 0 with timestamp +165 User-Name = "steve" NAS-IP-Address = 192.168.2.253 Called-Station-Id = "002618c62db2" Calling-Station-Id = "002719d11285" NAS-Identifier = "002618c62db2" NAS-Port = 6 Framed-MTU = 1400 State = 0xe3a65930e4ae40bd95dc8a11fd6c7282 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020800571900170301004c47afb2f313d5ba3ce251bafd823a82bb9b99ef5c5128a781ca63fad11316da2516eb4d9ddfe8ba8537b651bb9cb97781d37e09225d96e0a3f2ddc412e21c61e1994afce430f44f0c0587db54 Message-Authenticator = 0xe1c119bff30772791d42b4f69c7a25b4 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [ntdomain] No '\' in User-Name = "steve", looking up realm NULL [ntdomain] No such realm "NULL" ++[ntdomain] returns noop [eap] EAP packet type response id 8 length 87 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020800401a0208003b31517bca5148535698662815c8919bc1480000000000000000963c8df9a52237602f33314d74fc4b61ea7da7100e41bd78007374657665 server { [peap] Setting User-Name to steve Sending tunneled request EAP-Message = 0x020800401a0208003b31517bca5148535698662815c8919bc1480000000000000000963c8df9a52237602f33314d74fc4b61ea7da7100e41bd78007374657665 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "steve" State = 0x30e9061530e11cef70a53dfab9a25c91 server { # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [ntdomain] No '\' in User-Name = "steve", looking up realm NULL [ntdomain] No such realm "NULL" ++[ntdomain] returns noop [eap] EAP packet type response id 8 length 64 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry steve at line 76 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /usr/local/etc/raddb/sites-enabled/default [mschapv2] +- entering group MS-CHAP {...} [mschap] Creating challenge hash with username: steve [mschap] Told to do MS-CHAPv2 for steve with NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server [peap] Got tunneled reply code 11 EAP-Message = 0x010900331a0308002e533d35453830344536464246304332453934334644423546313345454538454545413835313131363835 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x30e9061531e01cef70a53dfab9a25c91 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010900331a0308002e533d35453830344536464246304332453934334644423546313345454538454545413835313131363835 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x30e9061531e01cef70a53dfab9a25c91 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.2.253 port 2048 EAP-Message = 0x0109004a1900170301003f3f44be1d754dd1d3a87ebc6920f839410b7b8860c04b067d0df559535a007a33865ec916f7d075c212464c11e28886727e76a5ecb5d9a30f2195376089dd51 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe3a65930ebaf40bd95dc8a11fd6c7282 Finished request 8. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=160 Cleaning up request 8 ID 0 with timestamp +165 User-Name = "steve" NAS-IP-Address = 192.168.2.253 Called-Station-Id = "002618c62db2" Calling-Station-Id = "002719d11285" NAS-Identifier = "002618c62db2" NAS-Port = 6 Framed-MTU = 1400 State = 0xe3a65930ebaf40bd95dc8a11fd6c7282 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0209001d190017030100126138dde670ccb5020b154e6338f3d6a7ddbc Message-Authenticator = 0xd64c457c1c90f16c4985f6fa64222ac3 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [ntdomain] No '\' in User-Name = "steve", looking up realm NULL [ntdomain] No such realm "NULL" ++[ntdomain] returns noop [eap] EAP packet type response id 9 length 29 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020900061a03 server { [peap] Setting User-Name to steve Sending tunneled request EAP-Message = 0x020900061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "steve" State = 0x30e9061531e01cef70a53dfab9a25c91 server { # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [ntdomain] No '\' in User-Name = "steve", looking up realm NULL [ntdomain] No such realm "NULL" ++[ntdomain] returns noop [eap] EAP packet type response id 9 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry steve at line 76 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] Freeing handler ++[eap] returns ok expand: GOOD_PASS -> GOOD_PASS Login OK: [steve] (from client ASUS port 0 via TLS tunnel) GOOD_PASS # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default +- entering group post-auth {...} ++[exec] returns noop } # server [peap] Got tunneled reply code 2 MS-MPPE-Encryption-Policy = 0x00000002 MS-MPPE-Encryption-Types = 0x00000004 MS-MPPE-Send-Key = 0x4fc7fd4f645e75bd636a2fa76a2122ba MS-MPPE-Recv-Key = 0x5069d992b6a4cbe65cc354a2f6bfd956 EAP-Message = 0x03090004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "steve" [peap] Got tunneled reply RADIUS code 2 MS-MPPE-Encryption-Policy = 0x00000002 MS-MPPE-Encryption-Types = 0x00000004 MS-MPPE-Send-Key = 0x4fc7fd4f645e75bd636a2fa76a2122ba MS-MPPE-Recv-Key = 0x5069d992b6a4cbe65cc354a2f6bfd956 EAP-Message = 0x03090004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "steve" [peap] Tunneled authentication was successful. [peap] SUCCESS ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.2.253 port 2048 EAP-Message = 0x010a00261900170301001b11a77e7f2585fb2025fbf06f768401b13a4cb397322a718d4ce994 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe3a65930eaac40bd95dc8a11fd6c7282 Finished request 9. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=169 Cleaning up request 9 ID 0 with timestamp +166 User-Name = "steve" NAS-IP-Address = 192.168.2.253 Called-Station-Id = "002618c62db2" Calling-Station-Id = "002719d11285" NAS-Identifier = "002618c62db2" NAS-Port = 6 Framed-MTU = 1400 State = 0xe3a65930eaac40bd95dc8a11fd6c7282 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020a00261900170301001bf2f611e6e71b966a21ab303fc67299f44f2f800c0554cb0b10e6f5 Message-Authenticator = 0xd4a3271261dc03f86cf1b84a6f90832a # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [ntdomain] No '\' in User-Name = "steve", looking up realm NULL [ntdomain] No such realm "NULL" ++[ntdomain] returns noop [eap] EAP packet type response id 10 length 38 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv success [peap] Received EAP-TLV response. [peap] Client rejected our response. The password is probably incorrect. [peap] We sent a success, but received something weird in return. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. expand: BAD_PASS -> BAD_PASS Login incorrect: [steve] (from client ASUS port 6 cli 002719d11285) BAD_PASS Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> steve attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 10 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 10 Sending Access-Reject of id 0 to 192.168.2.253 port 2048 EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4.9 seconds. Cleaning up request 10 ID 0 with timestamp +166 Ready to process requests.

Настраиваю Freeradius 2 (freeradius-2.1.12_1) из портов на FreeBSD 9 с хранением пользователей в SQL БД через radtest все ок Понятно что чтото не так с типами аутентификации только вот не могу понять где поправить их.