Jump to content
Калькуляторы

Настройка FreeRADIUS для Wi-Fi по MAC из файла

Подскажите, кто сталкивался.

Как быстро без MySQL настроить FreeRADIUS, чтобы в файле users прописать логин, пароль и MAC.

 

Так должно работать?

user1   Cleartext-Password := "12345678", Calling-Station-Id == "FC-E9-98-AA-BB-CC"

Или не всё так просто?

Share this post


Link to post
Share on other sites

radiusd: FreeRADIUS Version 2.2.6, for host x86_64-redhat-linux-gnu, built on Jul 18 2017 at 12:13:14

Copyright © 1999-2013 The FreeRADIUS server project and contributors.

There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE.

You may redistribute copies of FreeRADIUS under the terms of the

GNU General Public License.

For more information about these matters, see the file named COPYRIGHT.

Starting - reading configuration files ...

including configuration file /etc/raddb/radiusd.conf

including configuration file /etc/raddb/proxy.conf

including configuration file /etc/raddb/clients.conf

including files in directory /etc/raddb/modules/

including configuration file /etc/raddb/modules/sql_log

including configuration file /etc/raddb/modules/acct_unique

including configuration file /etc/raddb/modules/pam

including configuration file /etc/raddb/modules/opendirectory

including configuration file /etc/raddb/modules/radrelay

including configuration file /etc/raddb/modules/ippool

including configuration file /etc/raddb/modules/detail

including configuration file /etc/raddb/modules/smsotp

including configuration file /etc/raddb/modules/unix

including configuration file /etc/raddb/modules/always

including configuration file /etc/raddb/modules/exec

including configuration file /etc/raddb/modules/policy

including configuration file /etc/raddb/modules/perl

including configuration file /etc/raddb/modules/mac2ip

including configuration file /etc/raddb/modules/sqlcounter_expire_on_login

including configuration file /etc/raddb/modules/preprocess

including configuration file /etc/raddb/modules/digest

including configuration file /etc/raddb/modules/chap

including configuration file /etc/raddb/modules/dhcp_sqlippool

including configuration file /etc/raddb/modules/cache

including configuration file /etc/raddb/modules/logintime

including configuration file /etc/raddb/modules/smbpasswd

including configuration file /etc/raddb/modules/etc_group

including configuration file /etc/raddb/modules/rediswho

including configuration file /etc/raddb/modules/soh

including configuration file /etc/raddb/modules/realm

including configuration file /etc/raddb/modules/detail.example.com

including configuration file /etc/raddb/modules/files

including configuration file /etc/raddb/modules/checkval

including configuration file /etc/raddb/modules/detail.log

including configuration file /etc/raddb/modules/linelog

including configuration file /etc/raddb/modules/otp

including configuration file /etc/raddb/modules/ntlm_auth

including configuration file /etc/raddb/modules/pap

including configuration file /etc/raddb/modules/attr_filter

including configuration file /etc/raddb/modules/counter

including configuration file /etc/raddb/modules/passwd

including configuration file /etc/raddb/modules/mschap

including configuration file /etc/raddb/modules/attr_rewrite

including configuration file /etc/raddb/modules/radutmp

including configuration file /etc/raddb/modules/expiration

including configuration file /etc/raddb/modules/inner-eap

including configuration file /etc/raddb/modules/dynamic_clients

including configuration file /etc/raddb/modules/wimax

including configuration file /etc/raddb/modules/expr

including configuration file /etc/raddb/modules/redis

including configuration file /etc/raddb/modules/mac2vlan

including configuration file /etc/raddb/modules/echo

including configuration file /etc/raddb/modules/replicate

including configuration file /etc/raddb/modules/sradutmp

including configuration file /etc/raddb/modules/cui

including configuration file /etc/raddb/eap.conf

including configuration file /etc/raddb/policy.conf

including files in directory /etc/raddb/sites-enabled/

including configuration file /etc/raddb/sites-enabled/control-socket

including configuration file /etc/raddb/sites-enabled/inner-tunnel

including configuration file /etc/raddb/sites-enabled/default

main {

user = "radiusd"

group = "radiusd"

allow_core_dumps = no

}

including dictionary file /etc/raddb/dictionary

main {

name = "radiusd"

prefix = "/usr"

localstatedir = "/var"

sbindir = "/usr/sbin"

logdir = "/var/log/radius"

run_dir = "/var/run/radiusd"

libdir = "/usr/lib64/freeradius"

radacctdir = "/var/log/radius/radacct"

hostname_lookups = no

max_request_time = 30

cleanup_delay = 5

max_requests = 1024

pidfile = "/var/run/radiusd/radiusd.pid"

checkrad = "/usr/sbin/checkrad"

debug_level = 0

proxy_requests = yes

log {

stripped_names = no

auth = no

auth_badpass = no

auth_goodpass = no

msg_badpass = "Ooops!"

msg_goodpass = "Welcome to Internet!"

}

security {

max_attributes = 200

reject_delay = 1

status_server = yes

}

}

radiusd: #### Loading Realms and Home Servers ####

proxy server {

retry_delay = 5

retry_count = 3

default_fallback = no

dead_time = 120

wake_all_if_all_dead = no

}

home_server localhost {

ipaddr = 127.0.0.1

port = 1812

type = "auth"

secret = "testing123"

response_window = 20.000000

response_timeouts = 1

max_outstanding = 65536

require_message_authenticator = yes

zombie_period = 40

status_check = "status-server"

ping_interval = 30

check_interval = 30

num_answers_to_alive = 3

num_pings_to_alive = 3

revive_interval = 120

status_check_timeout = 4

coa {

irt = 2

mrt = 16

mrc = 5

mrd = 30

}

}

home_server_pool my_auth_failover {

type = fail-over

home_server = localhost

}

realm example.com {

auth_pool = my_auth_failover

}

realm LOCAL {

}

radiusd: #### Loading Clients ####

client localhost {

ipaddr = 127.0.0.1

require_message_authenticator = no

secret = "testing123"

nastype = "other"

}

client 10.0.0.9 {

require_message_authenticator = no

secret = "7IZ3j0861t2J"

shortname = "dlink"

}

radiusd: #### Instantiating modules ####

instantiate {

Module: Linked to module rlm_exec

Module: Instantiating module "exec" from file /etc/raddb/modules/exec

exec {

wait = no

input_pairs = "request"

shell_escape = yes

timeout = 10

}

Module: Linked to module rlm_expr

Module: Instantiating module "expr" from file /etc/raddb/modules/expr

Module: Linked to module rlm_expiration

Module: Instantiating module "expiration" from file /etc/raddb/modules/expiration

expiration {

reply-message = "Password Has Expired "

}

Module: Linked to module rlm_logintime

Module: Instantiating module "logintime" from file /etc/raddb/modules/logintime

logintime {

reply-message = "You are calling outside your allowed timespan "

minimum-timeout = 60

}

}

radiusd: #### Loading Virtual Servers ####

server { # from file

modules {

Module: Creating Auth-Type = digest

Module: Creating Post-Auth-Type = REJECT

Module: Checking authenticate {...} for more modules to load

Module: Linked to module rlm_pap

Module: Instantiating module "pap" from file /etc/raddb/modules/pap

pap {

encryption_scheme = "auto"

auto_header = no

}

Module: Linked to module rlm_chap

Module: Instantiating module "chap" from file /etc/raddb/modules/chap

Module: Linked to module rlm_mschap

Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap

mschap {

use_mppe = yes

require_encryption = no

require_strong = no

with_ntdomain_hack = no

allow_retry = yes

}

Module: Linked to module rlm_digest

Module: Instantiating module "digest" from file /etc/raddb/modules/digest

Module: Linked to module rlm_unix

Module: Instantiating module "unix" from file /etc/raddb/modules/unix

unix {

radwtmp = "/var/log/radius/radwtmp"

}

Module: Linked to module rlm_eap

Module: Instantiating module "eap" from file /etc/raddb/eap.conf

eap {

default_eap_type = "md5"

timer_expire = 60

ignore_unknown_eap_types = no

cisco_accounting_username_bug = no

max_sessions = 1024

}

Module: Linked to sub-module rlm_eap_md5

Module: Instantiating eap-md5

Module: Linked to sub-module rlm_eap_leap

Module: Instantiating eap-leap

Module: Linked to sub-module rlm_eap_gtc

Module: Instantiating eap-gtc

gtc {

challenge = "Password: "

auth_type = "PAP"

}

Module: Linked to sub-module rlm_eap_tls

Module: Instantiating eap-tls

tls {

rsa_key_exchange = no

dh_key_exchange = yes

rsa_key_length = 512

dh_key_length = 512

verify_depth = 0

CA_path = "/etc/raddb/certs"

pem_file_type = yes

private_key_file = "/etc/raddb/certs/server.pem"

certificate_file = "/etc/raddb/certs/server.pem"

CA_file = "/etc/raddb/certs/ca.pem"

private_key_password = "whatever"

dh_file = "/etc/raddb/certs/dh"

fragment_size = 1024

include_length = yes

check_crl = no

cipher_list = "DEFAULT"

ecdh_curve = "prime256v1"

cache {

enable = no

lifetime = 24

max_entries = 255

}

verify {

}

ocsp {

enable = no

override_cert_url = yes

url = "http://127.0.0.1/ocsp/"

use_nonce = yes

timeout = 0

softfail = no

}

}

Module: Linked to sub-module rlm_eap_ttls

Module: Instantiating eap-ttls

ttls {

default_eap_type = "md5"

copy_request_to_tunnel = no

use_tunneled_reply = no

virtual_server = "inner-tunnel"

include_length = yes

}

Module: Linked to sub-module rlm_eap_peap

Module: Instantiating eap-peap

peap {

default_eap_type = "mschapv2"

copy_request_to_tunnel = no

use_tunneled_reply = no

proxy_tunneled_request_as_eap = yes

virtual_server = "inner-tunnel"

soh = no

}

Module: Linked to sub-module rlm_eap_mschapv2

Module: Instantiating eap-mschapv2

mschapv2 {

with_ntdomain_hack = no

send_error = no

}

Module: Checking authorize {...} for more modules to load

Module: Linked to module rlm_preprocess

Module: Instantiating module "preprocess" from file /etc/raddb/modules/preprocess

preprocess {

huntgroups = "/etc/raddb/huntgroups"

hints = "/etc/raddb/hints"

with_ascend_hack = no

ascend_channels_per_line = 23

with_ntdomain_hack = no

with_specialix_jetstream_hack = no

with_cisco_vsa_hack = no

with_alvarion_vsa_hack = no

}

reading pairlist file /etc/raddb/huntgroups

reading pairlist file /etc/raddb/hints

Module: Linked to module rlm_realm

Module: Instantiating module "suffix" from file /etc/raddb/modules/realm

realm suffix {

format = "suffix"

delimiter = "@"

ignore_default = no

ignore_null = no

}

Module: Linked to module rlm_files

Module: Instantiating module "files" from file /etc/raddb/modules/files

files {

usersfile = "/etc/raddb/users"

acctusersfile = "/etc/raddb/acct_users"

preproxy_usersfile = "/etc/raddb/preproxy_users"

compat = "no"

}

reading pairlist file /etc/raddb/users

reading pairlist file /etc/raddb/acct_users

reading pairlist file /etc/raddb/preproxy_users

Module: Checking preacct {...} for more modules to load

Module: Linked to module rlm_acct_unique

Module: Instantiating module "acct_unique" from file /etc/raddb/modules/acct_unique

acct_unique {

key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"

}

Module: Checking accounting {...} for more modules to load

Module: Linked to module rlm_detail

Module: Instantiating module "detail" from file /etc/raddb/modules/detail

detail {

detailfile = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"

header = "%t"

detailperm = 384

dirperm = 493

locking = no

log_packet_header = no

}

Module: Linked to module rlm_attr_filter

Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb/modules/attr_filter

attr_filter attr_filter.accounting_response {

attrsfile = "/etc/raddb/attrs.accounting_response"

key = "%{User-Name}"

relaxed = no

}

reading pairlist file /etc/raddb/attrs.accounting_response

Module: Checking session {...} for more modules to load

Module: Linked to module rlm_radutmp

Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp

radutmp {

filename = "/var/log/radius/radutmp"

username = "%{User-Name}"

case_sensitive = yes

check_with_nas = yes

perm = 384

callerid = yes

}

Module: Checking post-proxy {...} for more modules to load

Module: Checking post-auth {...} for more modules to load

Module: Instantiating module "attr_filter.access_reject" from file /etc/raddb/modules/attr_filter

attr_filter attr_filter.access_reject {

attrsfile = "/etc/raddb/attrs.access_reject"

key = "%{User-Name}"

relaxed = no

}

reading pairlist file /etc/raddb/attrs.access_reject

} # modules

} # server

server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel

modules {

Module: Checking authenticate {...} for more modules to load

Module: Checking authorize {...} for more modules to load

Module: Checking session {...} for more modules to load

Module: Checking post-proxy {...} for more modules to load

Module: Checking post-auth {...} for more modules to load

} # modules

} # server

radiusd: #### Opening IP addresses and Ports ####

listen {

type = "auth"

ipaddr = *

port = 0

}

listen {

type = "acct"

ipaddr = *

port = 0

}

listen {

type = "control"

listen {

socket = "/var/run/radiusd/radiusd.sock"

}

}

listen {

type = "auth"

ipaddr = 127.0.0.1

port = 18120

}

... adding new socket proxy address * port 59124

Listening on authentication address * port 1812

Listening on accounting address * port 1813

Listening on command file /var/run/radiusd/radiusd.sock

Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel

Listening on proxy address * port 1814

Ready to process requests.

rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=192, length=145

User-Name = "sergey"

NAS-Port = 0

Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet"

Calling-Station-Id = "80-C5-E6-16-7F-01"

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

Connect-Info = "CONNECT 0Mbps 802.11"

EAP-Message = 0x0201000b01736572676579

Message-Authenticator = 0x1324500679f9c8a29571bbf7b5ff1ffd

# Executing section authorize from file /etc/raddb/sites-enabled/default

+group authorize {

++[preprocess] = ok

++[chap] = noop

++[mschap] = noop

++[digest] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

[eap] EAP packet type response id 1 length 11

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] = updated

[files] users: Matched entry sergey at line 50

++[files] = ok

++[expiration] = noop

++[logintime] = noop

[pap] WARNING: Auth-Type already set. Not setting to PAP

++[pap] = noop

+} # group authorize = updated

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/default

+group authenticate {

[eap] EAP Identity

[eap] processing type md5

rlm_eap_md5: Issuing Challenge

++[eap] = handled

+} # group authenticate = handled

Sending Access-Challenge of id 192 to 10.0.0.9 port 39043

EAP-Message = 0x010200160410880ee0eaad9e8cec94766c50d705005e

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xdc94e110dc96e57ccdd61660f7c49ce7

Finished request 0.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=193, length=159

User-Name = "sergey"

NAS-Port = 0

Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet"

Calling-Station-Id = "80-C5-E6-16-7F-01"

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

Connect-Info = "CONNECT 0Mbps 802.11"

EAP-Message = 0x02020007031915

State = 0xdc94e110dc96e57ccdd61660f7c49ce7

Message-Authenticator = 0x9062a348d0f29a0b9391b22a887e33e8

# Executing section authorize from file /etc/raddb/sites-enabled/default

+group authorize {

++[preprocess] = ok

++[chap] = noop

++[mschap] = noop

++[digest] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

[eap] EAP packet type response id 2 length 7

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] = updated

[files] users: Matched entry sergey at line 50

++[files] = ok

++[expiration] = noop

++[logintime] = noop

[pap] WARNING: Auth-Type already set. Not setting to PAP

++[pap] = noop

+} # group authorize = updated

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/default

+group authenticate {

[eap] Request found, released from the list

[eap] EAP NAK

[eap] EAP-NAK asked for EAP-Type/peap

[eap] processing type tls

[tls] Initiate

[tls] Start returned 1

++[eap] = handled

+} # group authenticate = handled

Sending Access-Challenge of id 193 to 10.0.0.9 port 39043

EAP-Message = 0x010300061920

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xdc94e110dd97f87ccdd61660f7c49ce7

Finished request 1.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=194, length=322

User-Name = "sergey"

NAS-Port = 0

Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet"

Calling-Station-Id = "80-C5-E6-16-7F-01"

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

Connect-Info = "CONNECT 0Mbps 802.11"

EAP-Message = 0x020300aa1980000000a0160303009b01000097030359774b3b10fe48f3babfb419c9506303b0900cd8d73c4a4dc94325bdf22b4db700002ec02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c013009d009c003d003c0035002f000a0005000401000040000500050100000000000a00080006001d00170018000b00020100000d001400120401050102010403050302030202060106030023000000170000ff01000100

State = 0xdc94e110dd97f87ccdd61660f7c49ce7

Message-Authenticator = 0x68fd00aaa47a5cdb004bd91a4d4babed

# Executing section authorize from file /etc/raddb/sites-enabled/default

+group authorize {

++[preprocess] = ok

++[chap] = noop

++[mschap] = noop

++[digest] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

[eap] EAP packet type response id 3 length 170

[eap] Continuing tunnel setup.

++[eap] = ok

+} # group authorize = ok

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/default

+group authenticate {

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

TLS Length 160

[peap] Length Included

[peap] eaptls_verify returned 11

[peap] (other): before/accept initialization

[peap] TLS_accept: before/accept initialization

[peap] <<< Unknown TLS version [length 009b]

[peap] TLS_accept: SSLv3 read client hello A

[peap] >>> Unknown TLS version [length 0039]

[peap] TLS_accept: SSLv3 write server hello A

[peap] >>> Unknown TLS version [length 08d0]

[peap] TLS_accept: SSLv3 write certificate A

[peap] >>> Unknown TLS version [length 014d]

[peap] TLS_accept: SSLv3 write key exchange A

[peap] >>> Unknown TLS version [length 0004]

[peap] TLS_accept: SSLv3 write server done A

[peap] TLS_accept: SSLv3 flush data

[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A

[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A

In SSL Handshake Phase

In SSL Accept mode

[peap] eaptls_process returned 13

[peap] EAPTLS_HANDLED

++[eap] = handled

+} # group authenticate = handled

Sending Access-Challenge of id 194 to 10.0.0.9 port 39043

EAP-Message = 0x0104040019c000000a6e160303003902000035030359774b08f21e4bd58fdf1667f32cdba0368741ac00903e7e63da226862936e7800c03000000dff01000100000b00040300010216030308d00b0008cc0008c90003de308203da308202c2a003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966

EAP-Message = 0x696361746520417574686f72697479301e170d3137303732353132303233335a170d3137303932333132303233335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a02820101009d103afebc867e0690c285ac9fcb62229ad73af0d58ae7242b3274caadb1fc1eab95f66f11771f0a236b6b1da02ddd

EAP-Message = 0x968a369cb4e0ad4cb9e4998edf78e0f0f35d2fc66ec1f7d4041b1c5f9e2ef34955bffa7ad3a9257c517a6b450cb84962a8484d497e70ef9c90c48635fbaeddcfab279e560696f6584d4924ed2db957b5c6417782e076b57da49371ed0f3d9c3a63c14c956a96d0a618fb4af8e1d5eb7bbbdbdbf9deb8ffc0680079daea15a90134c3aeddd0c022b62f01998351ba04d870120abfab131a3174ce8dd0c141eb70de084d83ba4174cf3cf12f7f922af1efca824d87789f4c90d36be58cab918ea62851a67d317c0db1e672592ccbd54e93470203010001a34f304d30130603551d25040c300a06082b0601050507030130360603551d1f042f302d302ba0

EAP-Message = 0x29a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101005be3ed89af0f601ec5b7f0d69a02d5dfa15c8db6e1c4e6f01a9161da27692a7b9d4c653f4f97c78810c3628aeda1d272eb33348d00904551b1242dbbca111d342fc85056b797c584fe73bd81252b70c56bc0ae05c0a7c413465181ac151855e1a893a2927f7253224ca173582dcb9b57960ac8ba4b7e302874043dc1c35b6bcbd6eba315061ef95b10656dcc537ae386903ca6bfdc9511945ee01997f6b9eaea73fef79b157ae14f9c1091f286272848b7f410ec01cacf635fa74fc9137c63

EAP-Message = 0x05bb3ad19d3b3737076123ee

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xdc94e110de90f87ccdd61660f7c49ce7

Finished request 2.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=195, length=158

User-Name = "sergey"

NAS-Port = 0

Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet"

Calling-Station-Id = "80-C5-E6-16-7F-01"

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

Connect-Info = "CONNECT 0Mbps 802.11"

EAP-Message = 0x020400061900

State = 0xdc94e110de90f87ccdd61660f7c49ce7

Message-Authenticator = 0xb6a64c6f172f51623dec5edebfc8bca0

# Executing section authorize from file /etc/raddb/sites-enabled/default

+group authorize {

++[preprocess] = ok

++[chap] = noop

++[mschap] = noop

++[digest] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

[eap] EAP packet type response id 4 length 6

[eap] Continuing tunnel setup.

++[eap] = ok

+} # group authorize = ok

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/default

+group authenticate {

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] Received TLS ACK

[peap] ACK handshake fragment handler

[peap] eaptls_verify returned 1

[peap] eaptls_process returned 13

[peap] EAPTLS_HANDLED

++[eap] = handled

+} # group authenticate = handled

Sending Access-Challenge of id 195 to 10.0.0.9 port 39043

EAP-Message = 0x010503fc194066e3c1a837cc32747026ec2e947a987046702fa48cd678ae3a6d96127719d7a3a809b9bd003dc706e546a61d3daa93b61619de275a0004e5308204e1308203c9a003020102020900ed3b7e265fca1585300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e

EAP-Message = 0x170d3137303732353132303233335a170d3137303932333132303233335a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a02820101009e46dc8c640c0508302c4c1278ea822243d1f482bce84bec45da7407239108448e1eb6f295d37e12

EAP-Message = 0x875cf0c23c59a10e225879290bd50ac8b49896baf01ffeb8010850854164404f19ee2b4bea0d0bea6946a60851d7cc8d554c71197e94b4f7118c4387ed7259c2221aa0dc23aa2666e38ae252c384ee21ef999e5bb4aac97531e3994e7f8f15b221008d08e21d6db1c4a7f4e8d2e2b4acb9656e90f1f7b1ae82d41c60e3e09fd1600a00c00ccdb67514b01121e3b3682c6d4c2c54fc10189c74a0a2c86fadcfe58db136aa566a27740f1030de0004ef426c156922369d5af74fdacd2391a424108519a79d6cd668366878966c51ea68a190880bd13ddfc4250203010001a382013430820130301d0603551d0e04160414d876e90224ce3f9ca6dfc0a5e1

EAP-Message = 0xe62290910182673081c80603551d230481c03081bd8014d876e90224ce3f9ca6dfc0a5e1e6229091018267a18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900ed3b7e265fca1585300c0603551d13040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f777777

EAP-Message = 0x2e6578616d706c65

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xdc94e110df91f87ccdd61660f7c49ce7

Finished request 3.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=196, length=158

User-Name = "sergey"

NAS-Port = 0

Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet"

Calling-Station-Id = "80-C5-E6-16-7F-01"

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

Connect-Info = "CONNECT 0Mbps 802.11"

EAP-Message = 0x020500061900

State = 0xdc94e110df91f87ccdd61660f7c49ce7

Message-Authenticator = 0xacd7dd0944ed4f3233c84cfaa6b14230

# Executing section authorize from file /etc/raddb/sites-enabled/default

+group authorize {

++[preprocess] = ok

++[chap] = noop

++[mschap] = noop

++[digest] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

[eap] EAP packet type response id 5 length 6

[eap] Continuing tunnel setup.

++[eap] = ok

+} # group authorize = ok

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/default

+group authenticate {

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] Received TLS ACK

[peap] ACK handshake fragment handler

[peap] eaptls_verify returned 1

[peap] eaptls_process returned 13

[peap] EAPTLS_HANDLED

++[eap] = handled

+} # group authenticate = handled

Sending Access-Challenge of id 196 to 10.0.0.9 port 39043

EAP-Message = 0x0106028819002e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d0101050500038201010016a489b41baaed951be0ce640028fe8519b67a930815f0d79473e31c59135e2cea0bc55779f11af28d2dea9a940a3f84e66057789dac29cccc861b3a9340b458b541335ae774f911e160e03c4cd8d6380411b1cab8abad4d52d59b9c3fd024c539cdef238a7b5984a1d5c50efc0362eb1a05e9f3da3ac7196c1743b635763983875d3ec7cf75661d48500c69cfb3eed1fbf2fce7aff5dba3c81d8a62b5dadb61f6999333e37df27979bf76372eb4a07f1ccea558c646b2e308baea72658f00a99d3409be417dc804cd7374ad17f17174

EAP-Message = 0x28416bdbc3f316b4e4b1ce4342c64aaf7219f725251c992960b6842713b303edad67f3d00253db73cfc2931dd5105449160303014d0c0001490300174104e9d6414bc28e4a597656ac71de6d1ac55a02f8dfc8a023c96ce2233d0fb6c70b369dd4bd496ff5dfe55611ca20a88a9935779cb76b06fac841468035ead2f4ef040101009c7c0cb45732a16b07f34631cae6bd9966087dd9f881011995878f7946373404f387ae2e1ebec6182233deee6390efa98441a1d13c185cd3f25ad146f475002101b4a386edaa35f4fcdb0e415474b1fa9f89b711325a9ffba5eb0fec2ff88b52e2e045257a13dcb1b7eeafb950bc1307b2e7cb7bcdab6c9c11f7df

EAP-Message = 0x51e613f67d93b600f6e4fcd0d37b47d2ba6be62acd9170bdf7f8f8f05ee09acb3aef2aa6598580961cdcc2e637c8dd312764b620212b99c5b2fe4a3238cd2e9247a5b95a21aed8e9fbbf3e35039ceeda393549edb3ebac2964b50f76eea51db07c64416dd06c1e8ed09cf66cd1be02734c23d551acfe6e9a3d5111c0a96ce930c0e3dfe3ea16030300040e000000

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xdc94e110d892f87ccdd61660f7c49ce7

Finished request 4.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=197, length=288

User-Name = "sergey"

NAS-Port = 0

Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet"

Calling-Station-Id = "80-C5-E6-16-7F-01"

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

Connect-Info = "CONNECT 0Mbps 802.11"

EAP-Message = 0x0206008819800000007e1603030046100000424104c936b6abbd29e1a3868ce2ea3e4d920bc3f22a22b69bc3b0e5e76122e03628108103fa2cc5e305c1ad867b83a8f0d870baf23206cd9c0e6f714f19a1fd71259614030300010116030300280000000000000000133a596454b9c668c3e2065f3c1997924246bb847d1b8248d3dcf501f7edd681

State = 0xdc94e110d892f87ccdd61660f7c49ce7

Message-Authenticator = 0x5741e4c5f7343dc4891c13d246744af5

# Executing section authorize from file /etc/raddb/sites-enabled/default

+group authorize {

++[preprocess] = ok

++[chap] = noop

++[mschap] = noop

++[digest] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

[eap] EAP packet type response id 6 length 136

[eap] Continuing tunnel setup.

++[eap] = ok

+} # group authorize = ok

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/default

+group authenticate {

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

TLS Length 126

[peap] Length Included

[peap] eaptls_verify returned 11

[peap] <<< Unknown TLS version [length 0046]

[peap] TLS_accept: SSLv3 read client key exchange A

[peap] <<< Unknown TLS version [length 0001]

[peap] <<< Unknown TLS version [length 0010]

[peap] TLS_accept: SSLv3 read finished A

[peap] >>> Unknown TLS version [length 0001]

[peap] TLS_accept: SSLv3 write change cipher spec A

[peap] >>> Unknown TLS version [length 0010]

[peap] TLS_accept: SSLv3 write finished A

[peap] TLS_accept: SSLv3 flush data

[peap] (other): SSL negotiation finished successfully

SSL Connection Established

[peap] eaptls_process returned 13

[peap] EAPTLS_HANDLED

++[eap] = handled

+} # group authenticate = handled

Sending Access-Challenge of id 197 to 10.0.0.9 port 39043

EAP-Message = 0x01070039190014030300010116030300284e350557832a50da638773a7573130edabcad7cfe1fe9ce4dab0fe6008c7d0b770236d7646d332ce

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xdc94e110d993f87ccdd61660f7c49ce7

Finished request 5.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=198, length=158

User-Name = "sergey"

NAS-Port = 0

Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet"

Calling-Station-Id = "80-C5-E6-16-7F-01"

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

Connect-Info = "CONNECT 0Mbps 802.11"

EAP-Message = 0x020700061900

State = 0xdc94e110d993f87ccdd61660f7c49ce7

Message-Authenticator = 0xcbf38e9aeb926a08a74443f03d4370de

# Executing section authorize from file /etc/raddb/sites-enabled/default

+group authorize {

++[preprocess] = ok

++[chap] = noop

++[mschap] = noop

++[digest] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

[eap] EAP packet type response id 7 length 6

[eap] Continuing tunnel setup.

++[eap] = ok

+} # group authorize = ok

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/default

+group authenticate {

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] Received TLS ACK

[peap] ACK handshake is finished

[peap] eaptls_verify returned 3

[peap] eaptls_process returned 3

[peap] EAPTLS_SUCCESS

[peap] Session established. Decoding tunneled attributes.

[peap] Peap state TUNNEL ESTABLISHED

++[eap] = handled

+} # group authenticate = handled

Sending Access-Challenge of id 198 to 10.0.0.9 port 39043

EAP-Message = 0x010800281900170303001d4e350557832a50dbee01fc37e8185803b797dcfe8fafc08e54f61defc1

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xdc94e110da9cf87ccdd61660f7c49ce7

Finished request 6.

Going to the next request

Waking up in 3.2 seconds.

rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=199, length=194

User-Name = "sergey"

NAS-Port = 0

Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet"

Calling-Station-Id = "80-C5-E6-16-7F-01"

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

Connect-Info = "CONNECT 0Mbps 802.11"

EAP-Message = 0x0208002a1900170303001f000000000000000112e600f8eed256d0c55c18c43d1128afa6ee7484223780

State = 0xdc94e110da9cf87ccdd61660f7c49ce7

Message-Authenticator = 0xd9e471034250cd2b71e613465bb605ab

# Executing section authorize from file /etc/raddb/sites-enabled/default

+group authorize {

++[preprocess] = ok

++[chap] = noop

++[mschap] = noop

++[digest] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

[eap] EAP packet type response id 8 length 42

[eap] Continuing tunnel setup.

++[eap] = ok

+} # group authorize = ok

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/default

+group authenticate {

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] eaptls_verify returned 7

[peap] Done initial handshake

[peap] eaptls_process returned 7

[peap] EAPTLS_OK

[peap] Session established. Decoding tunneled attributes.

[peap] Peap state WAITING FOR INNER IDENTITY

[peap] Identity - sergey

[peap] Got inner identity 'sergey'

[peap] Setting default EAP type for tunneled EAP session.

[peap] Got tunneled request

EAP-Message = 0x0208000b01736572676579

server {

[peap] Setting User-Name to sergey

Sending tunneled request

EAP-Message = 0x0208000b01736572676579

FreeRADIUS-Proxied-To = 127.0.0.1

User-Name = "sergey"

server inner-tunnel {

# Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel

+group authorize {

++[chap] = noop

++[mschap] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

++update control {

++} # update control = noop

[eap] EAP packet type response id 8 length 11

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] = updated

++[files] = noop

++[expiration] = noop

++[logintime] = noop

++[pap] = noop

+} # group authorize = updated

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/inner-tunnel

+group authenticate {

[eap] EAP Identity

[eap] processing type mschapv2

rlm_eap_mschapv2: Issuing Challenge

++[eap] = handled

+} # group authenticate = handled

} # server inner-tunnel

[peap] Got tunneled reply code 11

EAP-Message = 0x010900201a0109001b108e56a77828f7f1c7c8e392aad6998bea736572676579

Message-Authenticator = 0x00000000000000000000000000000000

State = 0x48abb49a48a2aef167353ef9cd131a85

[peap] Got tunneled reply RADIUS code Access-Challenge

EAP-Message = 0x010900201a0109001b108e56a77828f7f1c7c8e392aad6998bea736572676579

Message-Authenticator = 0x00000000000000000000000000000000

State = 0x48abb49a48a2aef167353ef9cd131a85

[peap] Got tunneled Access-Challenge

++[eap] = handled

+} # group authenticate = handled

Sending Access-Challenge of id 199 to 10.0.0.9 port 39043

EAP-Message = 0x0109003f190017030300344e350557832a50dc83ebdcf8515e08f114dbff74a7136e312fb7a9f21476869fe51a9217fd2897115e39cb027f75247e04cbfb53

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xdc94e110db9df87ccdd61660f7c49ce7

Finished request 7.

Going to the next request

Waking up in 3.2 seconds.

rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=200, length=248

User-Name = "sergey"

NAS-Port = 0

Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet"

Calling-Station-Id = "80-C5-E6-16-7F-01"

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

Connect-Info = "CONNECT 0Mbps 802.11"

EAP-Message = 0x02090060190017030300550000000000000002ab679e70d76e5a500ab38a8c0e6ccfbb46c47c71bdfa8e7c6e0b015d75ca9d826d4a7165d02868c6483882f883d63ebbce90895aaa5999e484fd80dfc844bc618d97a6eb46b75e8f10090b5718

State = 0xdc94e110db9df87ccdd61660f7c49ce7

Message-Authenticator = 0x5c226c80df12f87c3fb2453508656306

# Executing section authorize from file /etc/raddb/sites-enabled/default

+group authorize {

++[preprocess] = ok

++[chap] = noop

++[mschap] = noop

++[digest] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

[eap] EAP packet type response id 9 length 96

[eap] Continuing tunnel setup.

++[eap] = ok

+} # group authorize = ok

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/default

+group authenticate {

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] eaptls_verify returned 7

[peap] Done initial handshake

[peap] eaptls_process returned 7

[peap] EAPTLS_OK

[peap] Session established. Decoding tunneled attributes.

[peap] Peap state phase2

[peap] EAP type mschapv2

[peap] Got tunneled request

EAP-Message = 0x020900411a0209003c31df8fe254eefa77199a0dac62aea23e3700000000000000009846e8ebe183eda84a3fc1beb39192d9a4dfb9cf41895d6f00736572676579

server {

[peap] Setting User-Name to sergey

Sending tunneled request

EAP-Message = 0x020900411a0209003c31df8fe254eefa77199a0dac62aea23e3700000000000000009846e8ebe183eda84a3fc1beb39192d9a4dfb9cf41895d6f00736572676579

FreeRADIUS-Proxied-To = 127.0.0.1

User-Name = "sergey"

State = 0x48abb49a48a2aef167353ef9cd131a85

server inner-tunnel {

# Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel

+group authorize {

++[chap] = noop

++[mschap] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

++update control {

++} # update control = noop

[eap] EAP packet type response id 9 length 65

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] = updated

++[files] = noop

++[expiration] = noop

++[logintime] = noop

++[pap] = noop

+} # group authorize = updated

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/inner-tunnel

+group authenticate {

[eap] Request found, released from the list

[eap] EAP/mschapv2

[eap] processing type mschapv2

[mschapv2] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel

[mschapv2] +group MS-CHAP {

[mschap] No Cleartext-Password configured. Cannot create LM-Password.

[mschap] No Cleartext-Password configured. Cannot create NT-Password.

[mschap] Creating challenge hash with username: sergey

[mschap] Client is using MS-CHAPv2 for sergey, we need NT-Password

[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.

[mschap] FAILED: MS-CHAP2-Response is incorrect

++[mschap] = reject

+} # group MS-CHAP = reject

[eap] Freeing handler

++[eap] = reject

+} # group authenticate = reject

Failed to authenticate the user.

Using Post-Auth-Type REJECT

# Executing group from file /etc/raddb/sites-enabled/inner-tunnel

+group REJECT {

[attr_filter.access_reject] expand: %{User-Name} -> sergey

attr_filter: Matched entry DEFAULT at line 11

++[attr_filter.access_reject] = updated

+} # group REJECT = updated

} # server inner-tunnel

[peap] Got tunneled reply code 3

MS-CHAP-Error = "\tE=691 R=1"

EAP-Message = 0x04090004

Message-Authenticator = 0x00000000000000000000000000000000

[peap] Got tunneled reply RADIUS code Access-Reject

MS-CHAP-Error = "\tE=691 R=1"

EAP-Message = 0x04090004

Message-Authenticator = 0x00000000000000000000000000000000

[peap] Tunneled authentication was rejected.

[peap] FAILURE

++[eap] = handled

+} # group authenticate = handled

Sending Access-Challenge of id 200 to 10.0.0.9 port 39043

EAP-Message = 0x010a002e190017030300234e350557832a50dd3df1acf4bf6e347765e347a6eefc330214922730617e3e7a8b22a0

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xdc94e110d49ef87ccdd61660f7c49ce7

Finished request 8.

Going to the next request

Waking up in 3.2 seconds.

rad_recv: Access-Request packet from host 10.0.0.9 port 39043, id=201, length=198

User-Name = "sergey"

NAS-Port = 0

Called-Station-Id = "C4-A8-1D-05-12-AF:sunnet"

Calling-Station-Id = "80-C5-E6-16-7F-01"

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

Connect-Info = "CONNECT 0Mbps 802.11"

EAP-Message = 0x020a002e190017030300230000000000000003d076e29f0013dc2e17e971482034019bb3af7da8f9fcf38b39c670

State = 0xdc94e110d49ef87ccdd61660f7c49ce7

Message-Authenticator = 0x26dbd6b19372ef66f116645e43254c64

# Executing section authorize from file /etc/raddb/sites-enabled/default

+group authorize {

++[preprocess] = ok

++[chap] = noop

++[mschap] = noop

++[digest] = noop

[suffix] No '@' in User-Name = "sergey", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] = noop

[eap] EAP packet type response id 10 length 46

[eap] Continuing tunnel setup.

++[eap] = ok

+} # group authorize = ok

Found Auth-Type = EAP

# Executing group from file /etc/raddb/sites-enabled/default

+group authenticate {

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] eaptls_verify returned 7

[peap] Done initial handshake

[peap] eaptls_process returned 7

[peap] EAPTLS_OK

[peap] Session established. Decoding tunneled attributes.

[peap] Peap state send tlv failure

[peap] Received EAP-TLV response.

[peap] The users session was previously rejected: returning reject (again.)

[peap] *** This means you need to read the PREVIOUS messages in the debug output

[peap] *** to find out the reason why the user was rejected.

[peap] *** Look for "reject" or "fail". Those earlier messages will tell you.

[peap] *** what went wrong, and how to fix the problem.

[eap] Handler failed in EAP/peap

[eap] Failed in EAP select

++[eap] = invalid

+} # group authenticate = invalid

Failed to authenticate the user.

Using Post-Auth-Type REJECT

# Executing group from file /etc/raddb/sites-enabled/default

+group REJECT {

[attr_filter.access_reject] expand: %{User-Name} -> sergey

attr_filter: Matched entry DEFAULT at line 11

++[attr_filter.access_reject] = updated

+} # group REJECT = updated

Delaying reject of request 9 for 1 seconds

Going to the next request

Waking up in 0.9 seconds.

Sending delayed reject for request 9

Sending Access-Reject of id 201 to 10.0.0.9 port 39043

EAP-Message = 0x040a0004

Message-Authenticator = 0x00000000000000000000000000000000

Waking up in 2.2 seconds.

Cleaning up request 0 ID 192 with timestamp +21

Cleaning up request 1 ID 193 with timestamp +21

Cleaning up request 2 ID 194 with timestamp +21

Cleaning up request 3 ID 195 with timestamp +21

Cleaning up request 4 ID 196 with timestamp +21

Cleaning up request 5 ID 197 with timestamp +21

Waking up in 1.6 seconds.

Cleaning up request 6 ID 198 with timestamp +22

Cleaning up request 7 ID 199 with timestamp +22

Cleaning up request 8 ID 200 with timestamp +22

Waking up in 1.0 seconds.

Cleaning up request 9 ID 201 with timestamp +22

Ready to process requests.

 

Оригинальные MAC и название сети изменены по понятным причинам.

Share this post


Link to post
Share on other sites

[peap] processing EAP-TLS

[peap] eaptls_verify returned 7

[peap] Done initial handshake

[peap] eaptls_process returned 7

[peap] EAPTLS_OK

[peap] Session established. Decoding tunneled attributes.

[peap] Peap state send tlv failure

[peap] Received EAP-TLV response.

[peap] The users session was previously rejected: returning reject (again.)

[peap] *** This means you need to read the PREVIOUS messages in the debug output

[peap] *** to find out the reason why the user was rejected.

[peap] *** Look for "reject" or "fail". Those earlier messages will tell you.

[peap] *** what went wrong, and how to fix the problem.

[eap] Handler failed in EAP/peap

[eap] Failed in EAP select

 

Могу ошибаться , но насколько я понимаю у вас проблема с eap аутентификацией. Дело не в мак адресе

Share this post


Link to post
Share on other sites

Решило проблему:

eap{
peap{
 copy_request_to_tunnel = yes
}
}

 

А помогло:

https://serverfault.com/questions/567130/how-to-use-calling-station-id-on-a-per-user-basis-in-freeradius

 

Благодарю за поддержку!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.