Jump to content
Калькуляторы

Настройка FreeRADIUS для Wi-Fi по MAC из файла

Подскажите, кто сталкивался.

Как быстро без MySQL настроить FreeRADIUS, чтобы в файле users прописать логин, пароль и MAC.

 

Так должно работать?

user1   Cleartext-Password := "12345678", Calling-Station-Id == "FC-E9-98-AA-BB-CC"

Или не всё так просто?

Share this post


Link to post
Share on other sites

Не работает. Что-то не так с Calling-Station-Id.

Share this post


Link to post
Share on other sites

Может мак адрес в другом формате прилетает ?

Share this post


Link to post
Share on other sites

radiusd: FreeRADIUS Version 2.2.6, for host x86_64-redhat-linux-gnu, built on Jul 18 2017 at 12:13:14

Copyright © 1999-2013 The FreeRADIUS server project and contributors.

There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE.

You may redistribute copies of FreeRADIUS under the terms of the

GNU General Public License.

For more information about these matters, see the file named COPYRIGHT.

Starting - reading configuration files ...

including configuration file /etc/raddb/radiusd.conf

including configuration file /etc/raddb/proxy.conf

including configuration file /etc/raddb/clients.conf

including files in directory /etc/raddb/modules/

including configuration file /etc/raddb/modules/sql_log

including configuration file /etc/raddb/modules/acct_unique

including configuration file /etc/raddb/modules/pam

including configuration file /etc/raddb/modules/opendirectory

including configuration file /etc/raddb/modules/radrelay

including configuration file /etc/raddb/modules/ippool

including configuration file /etc/raddb/modules/detail

including configuration file /etc/raddb/modules/smsotp

including configuration file /etc/raddb/modules/unix

including configuration file /etc/raddb/modules/always

including configuration file /etc/raddb/modules/exec

including configuration file /etc/raddb/modules/policy

including configuration file /etc/raddb/modules/perl

including configuration file /etc/raddb/modules/mac2ip

including configuration file /etc/raddb/modules/sqlcounter_expire_on_login

including configuration file /etc/raddb/modules/preprocess

including configuration file /etc/raddb/modules/digest

including configuration file /etc/raddb/modules/chap

including configuration file /etc/raddb/modules/dhcp_sqlippool

including configuration file /etc/raddb/modules/cache

including configuration file /etc/raddb/modules/logintime

including configuration file /etc/raddb/modules/smbpasswd

including configuration file /etc/raddb/modules/etc_group

including configuration file /etc/raddb/modules/rediswho

including configuration file /etc/raddb/modules/soh

including configuration file /etc/raddb/modules/realm

including configuration file /etc/raddb/modules/detail.example.com

including configuration file /etc/raddb/modules/files

including configuration file /etc/raddb/modules/checkval

including configuration file /etc/raddb/modules/detail.log

including configuration file /etc/raddb/modules/linelog

including configuration file /etc/raddb/modules/otp

including configuration file /etc/raddb/modules/ntlm_auth

including configuration file /etc/raddb/modules/pap

including configuration file /etc/raddb/modules/attr_filter

including configuration file /etc/raddb/modules/counter

including configuration file /etc/raddb/modules/passwd

including configuration file /etc/raddb/modules/mschap

including configuration file /etc/raddb/modules/attr_rewrite

including configuration file /etc/raddb/modules/radutmp

including configuration file /etc/raddb/modules/expiration

including configuration file /etc/raddb/modules/inner-eap

including configuration file /etc/raddb/modules/dynamic_clients

including configuration file /etc/raddb/modules/wimax

including configuration file /etc/raddb/modules/expr

including configuration file /etc/raddb/modules/redis

including configuration file /etc/raddb/modules/mac2vlan

including configuration file /etc/raddb/modules/echo

including configuration file /etc/raddb/modules/replicate

including configuration file /etc/raddb/modules/sradutmp

including configuration file /etc/raddb/modules/cui

including configuration file /etc/raddb/eap.conf

including configuration file /etc/raddb/policy.conf

including files in directory /etc/raddb/sites-enabled/

including configuration file /etc/raddb/sites-enabled/control-socket

including configuration file /etc/raddb/sites-enabled/inner-tunnel

including configuration file /etc/raddb/sites-enabled/default

main {

user = "radiusd"

group = "radiusd"

allow_core_dumps = no

}

including dictionary file /etc/raddb/dictionary

main {

name = "radiusd"

prefix = "/usr"

localstatedir = "/var"

sbindir = "/usr/sbin"

logdir = "/var/log/radius"

run_dir = "/var/run/radiusd"

libdir = "/usr/lib64/freeradius"

radacctdir = "/var/log/radius/radacct"

hostname_lookups = no

max_request_time = 30

cleanup_delay = 5

max_requests = 1024

pidfile = "/var/run/radiusd/radiusd.pid"

checkrad = "/usr/sbin/checkrad"

debug_level = 0

proxy_requests = yes

log {

stripped_names = no

auth = no

auth_badpass = no

auth_goodpass = no

msg_badpass = "Ooops!"

msg_goodpass = "Welcome to Internet!"

}

security {

max_attributes = 200

reject_delay = 1

status_server = yes

}

}

radiusd: #### Loading Realms and Home Servers ####

proxy server {

retry_delay = 5

retry_count = 3

default_fallback = no

dead_time = 120

wake_all_if_all_dead = no

}

home_server localhost {

ipaddr = 127.0.0.1

port = 1812

type = "auth"

secret = "testing123"

response_window = 20.000000

response_timeouts = 1

max_outstanding = 65536

require_message_authenticator = yes

zombie_period = 40

status_check = "status-server"

ping_interval = 30

check_interval = 30

num_answers_to_alive = 3

num_pings_to_alive = 3

revive_interval = 120

status_check_timeout = 4

coa {

irt = 2

mrt = 16

mrc = 5

mrd = 30

}

}

home_server_pool my_auth_failover {

type = fail-over

home_server = localhost

}

realm example.com {

auth_pool = my_auth_failover

}

realm LOCAL {

}

radiusd: #### Loading Clients ####

client localhost {

ipaddr = 127.0.0.1

require_message_authenticator = no

secret = "testing123"

nastype = "other"

}

client 10.0.0.9 {

require_message_authenticator = no

secret = "7IZ3j0861t2J"

shortname = "dlink"

}

radiusd: #### Instantiating modules ####

instantiate {

Module: Linked to module rlm_exec

Module: Instantiating module "exec" from file /etc/raddb/modules/exec

exec {

wait = no

input_pairs = "request"

shell_escape = yes

timeout = 10

}

Module: Linked to module rlm_expr

Module: Instantiating module "expr" from file /etc/raddb/modules/expr

Module: Linked to module rlm_expiration

Module: Instantiating module "expiration" from file /etc/raddb/modules/expiration

expiration {

reply-message = "Password Has Expired "

}

Module: Linked to module rlm_logintime

Module: Instantiating module "logintime" from file /etc/raddb/modules/logintime

logintime {

reply-message = "You are calling outside your allowed timespan "

minimum-timeout = 60

}

}

radiusd: #### Loading Virtual Servers ####

server { # from file

modules {

Module: Creating Auth-Type = digest

Module: Creating Post-Auth-Type = REJECT

Module: Checking authenticate {...} for more modules to load

Module: Linked to module rlm_pap

Module: Instantiating module "pap" from file /etc/raddb/modules/pap

pap {

encryption_scheme = "auto"

auto_header = no

}

Module: Linked to module rlm_chap

Module: Instantiating module "chap" from file /etc/raddb/modules/chap

Module: Linked to module rlm_mschap

Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap

mschap {

use_mppe = yes

require_encryption = no

require_strong = no

with_ntdomain_hack = no

allow_retry = yes

}

Module: Linked to module rlm_digest

Module: Instantiating module "digest" from file /etc/raddb/modules/digest

Module: Linked to module rlm_unix

Module: Instantiating module "unix" from file /etc/raddb/modules/unix

unix {

radwtmp = "/var/log/radius/radwtmp"

}

Module: Linked to module rlm_eap

Module: Instantiating module "eap" from file /etc/raddb/eap.conf

eap {

default_eap_type = "md5"

timer_expire = 60

ignore_unknown_eap_types = no

cisco_accounting_username_bug = no

max_sessions = 1024

}

Module: Linked to sub-module rlm_eap_md5

Module: Instantiating eap-md5

Module: Linked to sub-module rlm_eap_leap

Module: Instantiating eap-leap

Module: Linked to sub-module rlm_eap_gtc

Module: Instantiating eap-gtc

gtc {

challenge = "Password: "

auth_type = "PAP"

}

Module: Linked to sub-module rlm_eap_tls

Module: Instantiating eap-tls

tls {

rsa_key_exchange = no

dh_key_exchange = yes

rsa_key_length = 512

dh_key_length = 512

verify_depth = 0

CA_path = "/etc/raddb/certs"

pem_file_type = yes

private_key_file = "/etc/raddb/certs/server.pem"

certificate_file = "/etc/raddb/certs/server.pem"

CA_file = "/etc/raddb/certs/ca.pem"

private_key_password = "whatever"

dh_file = "/etc/raddb/certs/dh"

fragment_size = 1024

include_length = yes

check_crl = no

cipher_list = "DEFAULT"

ecdh_curve = "prime256v1"

cache {

enable = no

lifetime = 24

max_entries = 255

}

verify {

}

ocsp {

enable = no

override_cert_url = yes

url = "http://127.0.0.1/ocsp/"

use_nonce = yes

timeout = 0

softfail = no

}

}

Module: Linked to sub-module rlm_eap_ttls

Module: Instantiating eap-ttls

ttls {

default_eap_type = "md5"

copy_request_to_tunnel = no

use_tunneled_reply = no

virtual_server = "inner-tunnel"

include_length = yes

}

Module: Linked to sub-module rlm_eap_peap

Module: Instantiating eap-peap

peap {

default_eap_type = "mschapv2"

copy_request_to_tunnel = no

use_tunneled_reply = no

proxy_tunneled_request_as_eap = yes

virtual_server = "inner-tunnel"

soh = no

}

Module: Linked to sub-module rlm_eap_mschapv2

Module: Instantiating eap-mschapv2

mschapv2 {

with_ntdomain_hack = no

send_error = no

}

Module: Checking authorize {...} for more modules to load

Module: Linked to module rlm_preprocess

Module: Instantiating module "preprocess" from file /etc/raddb/modules/preprocess

preprocess {

huntgroups = "/etc/raddb/huntgroups"

hints = "/etc/raddb/hints"

with_ascend_hack = no

ascend_channels_per_line = 23

with_ntdomain_hack = no

with_specialix_jetstream_hack = no

with_cisco_vsa_hack = no

with_alvarion_vsa_hack = no

}

reading pairlist file /etc/raddb/huntgroups

reading pairlist file /etc/raddb/hints

Module: Linked to module rlm_realm

Module: Instantiating module "suffix" from file /etc/raddb/modules/realm

realm suffix {

format = "suffix"

delimiter = "@"

ignore_default = no

ignore_null = no

}

Module: Linked to module rlm_files

Module: Instantiating module "files" from file /etc/raddb/modules/files

files {

usersfile = "/etc/raddb/users"

acctusersfile = "/etc/raddb/acct_users"

preproxy_usersfile = "/etc/raddb/preproxy_users"

compat = "no"

}

reading pairlist file /etc/raddb/users

reading pairlist file /etc/raddb/acct_users

reading pairlist file /etc/raddb/preproxy_users

Module: Checking preacct {...} for more modules to load

Module: Linked to module rlm_acct_unique

Module: Instantiating module "acct_unique" from file /etc/raddb/modules/acct_unique

acct_unique {

key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"

}

Module: Checking accounting {...} for more modules to load

Module: Linked to module rlm_detail

Module: Instantiating module "detail" from file /etc/raddb/modules/detail

detail {

detailfile = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"

header = "%t"

detailperm = 384

dirperm = 493

locking = no

log_packet_header = no

}

Module: Linked to module rlm_attr_filter

Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb/modules/attr_filter

attr_filter attr_filter.accounting_response {

attrsfile = "/etc/raddb/attrs.accounting_response"

key = "%{User-Name}"

relaxed = no

}

reading pairlist file /etc/raddb/attrs.accounting_response

Module: Checking session {...} for more modules to load

Module: Linked to module rlm_radutmp

Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp

radutmp {

filename = "/var/log/radius/radutmp"

username = "%{User-Name}"

case_sensitive = yes

check_with_nas = yes

perm = 384

callerid = yes

}

Module: Checking post-proxy {...} for more modules to load

Module: Checking post-auth {...} for more modules to load

Module: Instantiating module "attr_filter.access_reject" from file /etc/raddb/modules/attr_filter

attr_filter attr_filter.access_reject {

attrsfile = "/etc/raddb/attrs.access_reject"

key = "%{User-Name}"

relaxed = no

}

reading pairlist file /etc/raddb/attrs.access_reject

} # modules

} # server

server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel

modules {

Module: Checking authenticate {...} for more modules to load

Module: Checking authorize {...} for more modules to load

Module: Checking session {...} for more modules to load

Module: Checking post-proxy {...} for more modules to load

Module: Checking post-auth {...} for more modules to load

} # modules

} # server

radiusd: #### Opening IP addresses and Ports ####

listen {

type = "auth"

ipaddr = *

port = 0

}

listen {

type = "acct"

ipaddr = *

port = 0

}

listen {

type = "control"

listen {

socket = "/var/run/radiusd/radiusd.sock"

}

}

listen {

type = "auth"

ipaddr = 127.0.0.1

port = 18120

}

... adding new socket proxy address * port 59124

Listening on authentication address * port 1812

Listening on accounting address * port 1813

Listening on command file /var/run/radiusd/radiusd.sock

Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel

Listening on proxy address * port 1814

Ready to process requests.

rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=192, length=145

User-Name = "sergey"

NAS-Port = 0

Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet"

Calling-Station-Id = "80-C5-E6-16-7F-01"

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

Connect-Info = "CONNECT 0Mbps 802.11"

EAP-Message = 0x0201000b01736572676579

Message-Authenticator = 0x1324500679f9c8a29571bbf7b5ff1ffd

# Executing section authorize from file /etc/raddb/sites-enabled/default

+group authorize {

++[preprocess] = ok

++[chap] = noop

++[mschap] = noop

++[digest] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

[eap] EAP packet type response id 1 length 11

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] = updated

[files] users: Matched entry sergey at line 50

++[files] = ok

++[expiration] = noop

++[logintime] = noop

[pap] WARNING: Auth-Type already set. Not setting to PAP

++[pap] = noop

+} # group authorize = updated

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/default

+group authenticate {

[eap] EAP Identity

[eap] processing type md5

rlm_eap_md5: Issuing Challenge

++[eap] = handled

+} # group authenticate = handled

Sending Access-Challenge of id 192 to 10.0.0.9 port 39043

EAP-Message = 0x010200160410880ee0eaad9e8cec94766c50d705005e

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xdc94e110dc96e57ccdd61660f7c49ce7

Finished request 0.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=193, length=159

User-Name = "sergey"

NAS-Port = 0

Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet"

Calling-Station-Id = "80-C5-E6-16-7F-01"

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

Connect-Info = "CONNECT 0Mbps 802.11"

EAP-Message = 0x02020007031915

State = 0xdc94e110dc96e57ccdd61660f7c49ce7

Message-Authenticator = 0x9062a348d0f29a0b9391b22a887e33e8

# Executing section authorize from file /etc/raddb/sites-enabled/default

+group authorize {

++[preprocess] = ok

++[chap] = noop

++[mschap] = noop

++[digest] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

[eap] EAP packet type response id 2 length 7

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] = updated

[files] users: Matched entry sergey at line 50

++[files] = ok

++[expiration] = noop

++[logintime] = noop

[pap] WARNING: Auth-Type already set. Not setting to PAP

++[pap] = noop

+} # group authorize = updated

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/default

+group authenticate {

[eap] Request found, released from the list

[eap] EAP NAK

[eap] EAP-NAK asked for EAP-Type/peap

[eap] processing type tls

[tls] Initiate

[tls] Start returned 1

++[eap] = handled

+} # group authenticate = handled

Sending Access-Challenge of id 193 to 10.0.0.9 port 39043

EAP-Message = 0x010300061920

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xdc94e110dd97f87ccdd61660f7c49ce7

Finished request 1.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=194, length=322

User-Name = "sergey"

NAS-Port = 0

Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet"

Calling-Station-Id = "80-C5-E6-16-7F-01"

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

Connect-Info = "CONNECT 0Mbps 802.11"

EAP-Message = 0x020300aa1980000000a0160303009b01000097030359774b3b10fe48f3babfb419c9506303b0900cd8d73c4a4dc94325bdf22b4db700002ec02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c013009d009c003d003c0035002f000a0005000401000040000500050100000000000a00080006001d00170018000b00020100000d001400120401050102010403050302030202060106030023000000170000ff01000100

State = 0xdc94e110dd97f87ccdd61660f7c49ce7

Message-Authenticator = 0x68fd00aaa47a5cdb004bd91a4d4babed

# Executing section authorize from file /etc/raddb/sites-enabled/default

+group authorize {

++[preprocess] = ok

++[chap] = noop

++[mschap] = noop

++[digest] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

[eap] EAP packet type response id 3 length 170

[eap] Continuing tunnel setup.

++[eap] = ok

+} # group authorize = ok

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/default

+group authenticate {

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

TLS Length 160

[peap] Length Included

[peap] eaptls_verify returned 11

[peap] (other): before/accept initialization

[peap] TLS_accept: before/accept initialization

[peap] <<< Unknown TLS version [length 009b]

[peap] TLS_accept: SSLv3 read client hello A

[peap] >>> Unknown TLS version [length 0039]

[peap] TLS_accept: SSLv3 write server hello A

[peap] >>> Unknown TLS version [length 08d0]

[peap] TLS_accept: SSLv3 write certificate A

[peap] >>> Unknown TLS version [length 014d]

[peap] TLS_accept: SSLv3 write key exchange A

[peap] >>> Unknown TLS version [length 0004]

[peap] TLS_accept: SSLv3 write server done A

[peap] TLS_accept: SSLv3 flush data

[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A

[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A

In SSL Handshake Phase

In SSL Accept mode

[peap] eaptls_process returned 13

[peap] EAPTLS_HANDLED

++[eap] = handled

+} # group authenticate = handled

Sending Access-Challenge of id 194 to 10.0.0.9 port 39043

EAP-Message = 0x0104040019c000000a6e160303003902000035030359774b08f21e4bd58fdf1667f32cdba0368741ac00903e7e63da226862936e7800c03000000dff01000100000b00040300010216030308d00b0008cc0008c90003de308203da308202c2a003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966

EAP-Message = 0x696361746520417574686f72697479301e170d3137303732353132303233335a170d3137303932333132303233335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a02820101009d103afebc867e0690c285ac9fcb62229ad73af0d58ae7242b3274caadb1fc1eab95f66f11771f0a236b6b1da02ddd

EAP-Message = 0x968a369cb4e0ad4cb9e4998edf78e0f0f35d2fc66ec1f7d4041b1c5f9e2ef34955bffa7ad3a9257c517a6b450cb84962a8484d497e70ef9c90c48635fbaeddcfab279e560696f6584d4924ed2db957b5c6417782e076b57da49371ed0f3d9c3a63c14c956a96d0a618fb4af8e1d5eb7bbbdbdbf9deb8ffc0680079daea15a90134c3aeddd0c022b62f01998351ba04d870120abfab131a3174ce8dd0c141eb70de084d83ba4174cf3cf12f7f922af1efca824d87789f4c90d36be58cab918ea62851a67d317c0db1e672592ccbd54e93470203010001a34f304d30130603551d25040c300a06082b0601050507030130360603551d1f042f302d302ba0

EAP-Message = 0x29a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101005be3ed89af0f601ec5b7f0d69a02d5dfa15c8db6e1c4e6f01a9161da27692a7b9d4c653f4f97c78810c3628aeda1d272eb33348d00904551b1242dbbca111d342fc85056b797c584fe73bd81252b70c56bc0ae05c0a7c413465181ac151855e1a893a2927f7253224ca173582dcb9b57960ac8ba4b7e302874043dc1c35b6bcbd6eba315061ef95b10656dcc537ae386903ca6bfdc9511945ee01997f6b9eaea73fef79b157ae14f9c1091f286272848b7f410ec01cacf635fa74fc9137c63

EAP-Message = 0x05bb3ad19d3b3737076123ee

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xdc94e110de90f87ccdd61660f7c49ce7

Finished request 2.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=195, length=158

User-Name = "sergey"

NAS-Port = 0

Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet"

Calling-Station-Id = "80-C5-E6-16-7F-01"

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

Connect-Info = "CONNECT 0Mbps 802.11"

EAP-Message = 0x020400061900

State = 0xdc94e110de90f87ccdd61660f7c49ce7

Message-Authenticator = 0xb6a64c6f172f51623dec5edebfc8bca0

# Executing section authorize from file /etc/raddb/sites-enabled/default

+group authorize {

++[preprocess] = ok

++[chap] = noop

++[mschap] = noop

++[digest] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

[eap] EAP packet type response id 4 length 6

[eap] Continuing tunnel setup.

++[eap] = ok

+} # group authorize = ok

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/default

+group authenticate {

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] Received TLS ACK

[peap] ACK handshake fragment handler

[peap] eaptls_verify returned 1

[peap] eaptls_process returned 13

[peap] EAPTLS_HANDLED

++[eap] = handled

+} # group authenticate = handled

Sending Access-Challenge of id 195 to 10.0.0.9 port 39043

EAP-Message = 0x010503fc194066e3c1a837cc32747026ec2e947a987046702fa48cd678ae3a6d96127719d7a3a809b9bd003dc706e546a61d3daa93b61619de275a0004e5308204e1308203c9a003020102020900ed3b7e265fca1585300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e

EAP-Message = 0x170d3137303732353132303233335a170d3137303932333132303233335a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a02820101009e46dc8c640c0508302c4c1278ea822243d1f482bce84bec45da7407239108448e1eb6f295d37e12

EAP-Message = 0x875cf0c23c59a10e225879290bd50ac8b49896baf01ffeb8010850854164404f19ee2b4bea0d0bea6946a60851d7cc8d554c71197e94b4f7118c4387ed7259c2221aa0dc23aa2666e38ae252c384ee21ef999e5bb4aac97531e3994e7f8f15b221008d08e21d6db1c4a7f4e8d2e2b4acb9656e90f1f7b1ae82d41c60e3e09fd1600a00c00ccdb67514b01121e3b3682c6d4c2c54fc10189c74a0a2c86fadcfe58db136aa566a27740f1030de0004ef426c156922369d5af74fdacd2391a424108519a79d6cd668366878966c51ea68a190880bd13ddfc4250203010001a382013430820130301d0603551d0e04160414d876e90224ce3f9ca6dfc0a5e1

EAP-Message = 0xe62290910182673081c80603551d230481c03081bd8014d876e90224ce3f9ca6dfc0a5e1e6229091018267a18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900ed3b7e265fca1585300c0603551d13040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f777777

EAP-Message = 0x2e6578616d706c65

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xdc94e110df91f87ccdd61660f7c49ce7

Finished request 3.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=196, length=158

User-Name = "sergey"

NAS-Port = 0

Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet"

Calling-Station-Id = "80-C5-E6-16-7F-01"

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

Connect-Info = "CONNECT 0Mbps 802.11"

EAP-Message = 0x020500061900

State = 0xdc94e110df91f87ccdd61660f7c49ce7

Message-Authenticator = 0xacd7dd0944ed4f3233c84cfaa6b14230

# Executing section authorize from file /etc/raddb/sites-enabled/default

+group authorize {

++[preprocess] = ok

++[chap] = noop

++[mschap] = noop

++[digest] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

[eap] EAP packet type response id 5 length 6

[eap] Continuing tunnel setup.

++[eap] = ok

+} # group authorize = ok

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/default

+group authenticate {

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] Received TLS ACK

[peap] ACK handshake fragment handler

[peap] eaptls_verify returned 1

[peap] eaptls_process returned 13

[peap] EAPTLS_HANDLED

++[eap] = handled

+} # group authenticate = handled

Sending Access-Challenge of id 196 to 10.0.0.9 port 39043

EAP-Message = 0x0106028819002e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d0101050500038201010016a489b41baaed951be0ce640028fe8519b67a930815f0d79473e31c59135e2cea0bc55779f11af28d2dea9a940a3f84e66057789dac29cccc861b3a9340b458b541335ae774f911e160e03c4cd8d6380411b1cab8abad4d52d59b9c3fd024c539cdef238a7b5984a1d5c50efc0362eb1a05e9f3da3ac7196c1743b635763983875d3ec7cf75661d48500c69cfb3eed1fbf2fce7aff5dba3c81d8a62b5dadb61f6999333e37df27979bf76372eb4a07f1ccea558c646b2e308baea72658f00a99d3409be417dc804cd7374ad17f17174

EAP-Message = 0x28416bdbc3f316b4e4b1ce4342c64aaf7219f725251c992960b6842713b303edad67f3d00253db73cfc2931dd5105449160303014d0c0001490300174104e9d6414bc28e4a597656ac71de6d1ac55a02f8dfc8a023c96ce2233d0fb6c70b369dd4bd496ff5dfe55611ca20a88a9935779cb76b06fac841468035ead2f4ef040101009c7c0cb45732a16b07f34631cae6bd9966087dd9f881011995878f7946373404f387ae2e1ebec6182233deee6390efa98441a1d13c185cd3f25ad146f475002101b4a386edaa35f4fcdb0e415474b1fa9f89b711325a9ffba5eb0fec2ff88b52e2e045257a13dcb1b7eeafb950bc1307b2e7cb7bcdab6c9c11f7df

EAP-Message = 0x51e613f67d93b600f6e4fcd0d37b47d2ba6be62acd9170bdf7f8f8f05ee09acb3aef2aa6598580961cdcc2e637c8dd312764b620212b99c5b2fe4a3238cd2e9247a5b95a21aed8e9fbbf3e35039ceeda393549edb3ebac2964b50f76eea51db07c64416dd06c1e8ed09cf66cd1be02734c23d551acfe6e9a3d5111c0a96ce930c0e3dfe3ea16030300040e000000

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xdc94e110d892f87ccdd61660f7c49ce7

Finished request 4.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=197, length=288

User-Name = "sergey"

NAS-Port = 0

Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet"

Calling-Station-Id = "80-C5-E6-16-7F-01"

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

Connect-Info = "CONNECT 0Mbps 802.11"

EAP-Message = 0x0206008819800000007e1603030046100000424104c936b6abbd29e1a3868ce2ea3e4d920bc3f22a22b69bc3b0e5e76122e03628108103fa2cc5e305c1ad867b83a8f0d870baf23206cd9c0e6f714f19a1fd71259614030300010116030300280000000000000000133a596454b9c668c3e2065f3c1997924246bb847d1b8248d3dcf501f7edd681

State = 0xdc94e110d892f87ccdd61660f7c49ce7

Message-Authenticator = 0x5741e4c5f7343dc4891c13d246744af5

# Executing section authorize from file /etc/raddb/sites-enabled/default

+group authorize {

++[preprocess] = ok

++[chap] = noop

++[mschap] = noop

++[digest] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

[eap] EAP packet type response id 6 length 136

[eap] Continuing tunnel setup.

++[eap] = ok

+} # group authorize = ok

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/default

+group authenticate {

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

TLS Length 126

[peap] Length Included

[peap] eaptls_verify returned 11

[peap] <<< Unknown TLS version [length 0046]

[peap] TLS_accept: SSLv3 read client key exchange A

[peap] <<< Unknown TLS version [length 0001]

[peap] <<< Unknown TLS version [length 0010]

[peap] TLS_accept: SSLv3 read finished A

[peap] >>> Unknown TLS version [length 0001]

[peap] TLS_accept: SSLv3 write change cipher spec A

[peap] >>> Unknown TLS version [length 0010]

[peap] TLS_accept: SSLv3 write finished A

[peap] TLS_accept: SSLv3 flush data

[peap] (other): SSL negotiation finished successfully

SSL Connection Established

[peap] eaptls_process returned 13

[peap] EAPTLS_HANDLED

++[eap] = handled

+} # group authenticate = handled

Sending Access-Challenge of id 197 to 10.0.0.9 port 39043

EAP-Message = 0x01070039190014030300010116030300284e350557832a50da638773a7573130edabcad7cfe1fe9ce4dab0fe6008c7d0b770236d7646d332ce

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xdc94e110d993f87ccdd61660f7c49ce7

Finished request 5.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=198, length=158

User-Name = "sergey"

NAS-Port = 0

Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet"

Calling-Station-Id = "80-C5-E6-16-7F-01"

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

Connect-Info = "CONNECT 0Mbps 802.11"

EAP-Message = 0x020700061900

State = 0xdc94e110d993f87ccdd61660f7c49ce7

Message-Authenticator = 0xcbf38e9aeb926a08a74443f03d4370de

# Executing section authorize from file /etc/raddb/sites-enabled/default

+group authorize {

++[preprocess] = ok

++[chap] = noop

++[mschap] = noop

++[digest] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

[eap] EAP packet type response id 7 length 6

[eap] Continuing tunnel setup.

++[eap] = ok

+} # group authorize = ok

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/default

+group authenticate {

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] Received TLS ACK

[peap] ACK handshake is finished

[peap] eaptls_verify returned 3

[peap] eaptls_process returned 3

[peap] EAPTLS_SUCCESS

[peap] Session established. Decoding tunneled attributes.

[peap] Peap state TUNNEL ESTABLISHED

++[eap] = handled

+} # group authenticate = handled

Sending Access-Challenge of id 198 to 10.0.0.9 port 39043

EAP-Message = 0x010800281900170303001d4e350557832a50dbee01fc37e8185803b797dcfe8fafc08e54f61defc1

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xdc94e110da9cf87ccdd61660f7c49ce7

Finished request 6.

Going to the next request

Waking up in 3.2 seconds.

rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=199, length=194

User-Name = "sergey"

NAS-Port = 0

Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet"

Calling-Station-Id = "80-C5-E6-16-7F-01"

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

Connect-Info = "CONNECT 0Mbps 802.11"

EAP-Message = 0x0208002a1900170303001f000000000000000112e600f8eed256d0c55c18c43d1128afa6ee7484223780

State = 0xdc94e110da9cf87ccdd61660f7c49ce7

Message-Authenticator = 0xd9e471034250cd2b71e613465bb605ab

# Executing section authorize from file /etc/raddb/sites-enabled/default

+group authorize {

++[preprocess] = ok

++[chap] = noop

++[mschap] = noop

++[digest] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

[eap] EAP packet type response id 8 length 42

[eap] Continuing tunnel setup.

++[eap] = ok

+} # group authorize = ok

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/default

+group authenticate {

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] eaptls_verify returned 7

[peap] Done initial handshake

[peap] eaptls_process returned 7

[peap] EAPTLS_OK

[peap] Session established. Decoding tunneled attributes.

[peap] Peap state WAITING FOR INNER IDENTITY

[peap] Identity - sergey

[peap] Got inner identity 'sergey'

[peap] Setting default EAP type for tunneled EAP session.

[peap] Got tunneled request

EAP-Message = 0x0208000b01736572676579

server {

[peap] Setting User-Name to sergey

Sending tunneled request

EAP-Message = 0x0208000b01736572676579

FreeRADIUS-Proxied-To = 127.0.0.1

User-Name = "sergey"

server inner-tunnel {

# Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel

+group authorize {

++[chap] = noop

++[mschap] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

++update control {

++} # update control = noop

[eap] EAP packet type response id 8 length 11

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] = updated

++[files] = noop

++[expiration] = noop

++[logintime] = noop

++[pap] = noop

+} # group authorize = updated

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/inner-tunnel

+group authenticate {

[eap] EAP Identity

[eap] processing type mschapv2

rlm_eap_mschapv2: Issuing Challenge

++[eap] = handled

+} # group authenticate = handled

} # server inner-tunnel

[peap] Got tunneled reply code 11

EAP-Message = 0x010900201a0109001b108e56a77828f7f1c7c8e392aad6998bea736572676579

Message-Authenticator = 0x00000000000000000000000000000000

State = 0x48abb49a48a2aef167353ef9cd131a85

[peap] Got tunneled reply RADIUS code Access-Challenge

EAP-Message = 0x010900201a0109001b108e56a77828f7f1c7c8e392aad6998bea736572676579

Message-Authenticator = 0x00000000000000000000000000000000

State = 0x48abb49a48a2aef167353ef9cd131a85

[peap] Got tunneled Access-Challenge

++[eap] = handled

+} # group authenticate = handled

Sending Access-Challenge of id 199 to 10.0.0.9 port 39043

EAP-Message = 0x0109003f190017030300344e350557832a50dc83ebdcf8515e08f114dbff74a7136e312fb7a9f21476869fe51a9217fd2897115e39cb027f75247e04cbfb53

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xdc94e110db9df87ccdd61660f7c49ce7

Finished request 7.

Going to the next request

Waking up in 3.2 seconds.

rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=200, length=248

User-Name = "sergey"

NAS-Port = 0

Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet"

Calling-Station-Id = "80-C5-E6-16-7F-01"

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

Connect-Info = "CONNECT 0Mbps 802.11"

EAP-Message = 0x02090060190017030300550000000000000002ab679e70d76e5a500ab38a8c0e6ccfbb46c47c71bdfa8e7c6e0b015d75ca9d826d4a7165d02868c6483882f883d63ebbce90895aaa5999e484fd80dfc844bc618d97a6eb46b75e8f10090b5718

State = 0xdc94e110db9df87ccdd61660f7c49ce7

Message-Authenticator = 0x5c226c80df12f87c3fb2453508656306

# Executing section authorize from file /etc/raddb/sites-enabled/default

+group authorize {

++[preprocess] = ok

++[chap] = noop

++[mschap] = noop

++[digest] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

[eap] EAP packet type response id 9 length 96

[eap] Continuing tunnel setup.

++[eap] = ok

+} # group authorize = ok

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/default

+group authenticate {

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] eaptls_verify returned 7

[peap] Done initial handshake

[peap] eaptls_process returned 7

[peap] EAPTLS_OK

[peap] Session established. Decoding tunneled attributes.

[peap] Peap state phase2

[peap] EAP type mschapv2

[peap] Got tunneled request

EAP-Message = 0x020900411a0209003c31df8fe254eefa77199a0dac62aea23e3700000000000000009846e8ebe183eda84a3fc1beb39192d9a4dfb9cf41895d6f00736572676579

server {

[peap] Setting User-Name to sergey

Sending tunneled request

EAP-Message = 0x020900411a0209003c31df8fe254eefa77199a0dac62aea23e3700000000000000009846e8ebe183eda84a3fc1beb39192d9a4dfb9cf41895d6f00736572676579

FreeRADIUS-Proxied-To = 127.0.0.1

User-Name = "sergey"

State = 0x48abb49a48a2aef167353ef9cd131a85

server inner-tunnel {

# Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel

+group authorize {

++[chap] = noop

++[mschap] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

++update control {

++} # update control = noop

[eap] EAP packet type response id 9 length 65

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] = updated

++[files] = noop

++[expiration] = noop

++[logintime] = noop

++[pap] = noop

+} # group authorize = updated

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/inner-tunnel

+group authenticate {

[eap] Request found, released from the list

[eap] EAP/mschapv2

[eap] processing type mschapv2

[mschapv2] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel

[mschapv2] +group MS-CHAP {

[mschap] No Cleartext-Password configured. Cannot create LM-Password.

[mschap] No Cleartext-Password configured. Cannot create NT-Password.

[mschap] Creating challenge hash with username: sergey

[mschap] Client is using MS-CHAPv2 for sergey, we need NT-Password

[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.

[mschap] FAILED: MS-CHAP2-Response is incorrect

++[mschap] = reject

+} # group MS-CHAP = reject

[eap] Freeing handler

++[eap] = reject

+} # group authenticate = reject

Failed to authenticate the user.

Using Post-Auth-Type REJECT

# Executing group from file /etc/raddb/sites-enabled/inner-tunnel

+group REJECT {

[attr_filter.access_reject] expand: %{User-Name} -> sergey

attr_filter: Matched entry DEFAULT at line 11

++[attr_filter.access_reject] = updated

+} # group REJECT = updated

} # server inner-tunnel

[peap] Got tunneled reply code 3

MS-CHAP-Error = "\tE=691 R=1"

EAP-Message = 0x04090004

Message-Authenticator = 0x00000000000000000000000000000000

[peap] Got tunneled reply RADIUS code Access-Reject

MS-CHAP-Error = "\tE=691 R=1"

EAP-Message = 0x04090004

Message-Authenticator = 0x00000000000000000000000000000000

[peap] Tunneled authentication was rejected.

[peap] FAILURE

++[eap] = handled

+} # group authenticate = handled

Sending Access-Challenge of id 200 to 10.0.0.9 port 39043

EAP-Message = 0x010a002e190017030300234e350557832a50dd3df1acf4bf6e347765e347a6eefc330214922730617e3e7a8b22a0

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xdc94e110d49ef87ccdd61660f7c49ce7

Finished request 8.

Going to the next request

Waking up in 3.2 seconds.

rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=201, length=198

User-Name = "sergey"

NAS-Port = 0

Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet"

Calling-Station-Id = "80-C5-E6-16-7F-01"

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

Connect-Info = "CONNECT 0Mbps 802.11"

EAP-Message = 0x020a002e190017030300230000000000000003d076e29f0013dc2e17e971482034019bb3af7da8f9fcf38b39c670

State = 0xdc94e110d49ef87ccdd61660f7c49ce7

Message-Authenticator = 0x26dbd6b19372ef66f116645e43254c64

# Executing section authorize from file /etc/raddb/sites-enabled/default

+group authorize {

++[preprocess] = ok

++[chap] = noop

++[mschap] = noop

++[digest] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

[eap] EAP packet type response id 10 length 46

[eap] Continuing tunnel setup.

++[eap] = ok

+} # group authorize = ok

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/default

+group authenticate {

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] eaptls_verify returned 7

[peap] Done initial handshake

[peap] eaptls_process returned 7

[peap] EAPTLS_OK

[peap] Session established. Decoding tunneled attributes.

[peap] Peap state send tlv failure

[peap] Received EAP-TLV response.

[peap] The users session was previously rejected: returning reject (again.)

[peap] *** This means you need to read the PREVIOUS messages in the debug output

[peap] *** to find out the reason why the user was rejected.

[peap] *** Look for "reject" or "fail". Those earlier messages will tell you.

[peap] *** what went wrong, and how to fix the problem.

[eap] Handler failed in EAP/peap

[eap] Failed in EAP select

++[eap] = invalid

+} # group authenticate = invalid

Failed to authenticate the user.

Using Post-Auth-Type REJECT

# Executing group from file /etc/raddb/sites-enabled/default

+group REJECT {

[attr_filter.access_reject] expand: %{User-Name} -> sergey

attr_filter: Matched entry DEFAULT at line 11

++[attr_filter.access_reject] = updated

+} # group REJECT = updated

Delaying reject of request 9 for 1 seconds

Going to the next request

Waking up in 0.9 seconds.

Sending delayed reject for request 9

Sending Access-Reject of id 201 to 10.0.0.9 port 39043

EAP-Message = 0x040a0004

Message-Authenticator = 0x00000000000000000000000000000000

Waking up in 2.2 seconds.

Cleaning up request 0 ID 192 with timestamp +21

Cleaning up request 1 ID 193 with timestamp +21

Cleaning up request 2 ID 194 with timestamp +21

Cleaning up request 3 ID 195 with timestamp +21

Cleaning up request 4 ID 196 with timestamp +21

Cleaning up request 5 ID 197 with timestamp +21

Waking up in 1.6 seconds.

Cleaning up request 6 ID 198 with timestamp +22

Cleaning up request 7 ID 199 with timestamp +22

Cleaning up request 8 ID 200 with timestamp +22

Waking up in 1.0 seconds.

Cleaning up request 9 ID 201 with timestamp +22

Ready to process requests.

 

Оригинальные MAC и название сети изменены по понятным причинам.

Share this post


Link to post
Share on other sites

[peap] processing EAP-TLS

[peap] eaptls_verify returned 7

[peap] Done initial handshake

[peap] eaptls_process returned 7

[peap] EAPTLS_OK

[peap] Session established. Decoding tunneled attributes.

[peap] Peap state send tlv failure

[peap] Received EAP-TLV response.

[peap] The users session was previously rejected: returning reject (again.)

[peap] *** This means you need to read the PREVIOUS messages in the debug output

[peap] *** to find out the reason why the user was rejected.

[peap] *** Look for "reject" or "fail". Those earlier messages will tell you.

[peap] *** what went wrong, and how to fix the problem.

[eap] Handler failed in EAP/peap

[eap] Failed in EAP select

 

Могу ошибаться , но насколько я понимаю у вас проблема с eap аутентификацией. Дело не в мак адресе

Share this post


Link to post
Share on other sites

Решило проблему:

eap{
peap{
 copy_request_to_tunnel = yes
}
}

 

А помогло:

https://serverfault.com/questions/567130/how-to-use-calling-station-id-on-a-per-user-basis-in-freeradius

 

Благодарю за поддержку!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this