Jump to content
Калькуляторы

Аторизация через RADIUS

Настраиваю Freeradius 2 (freeradius-2.1.12_1) из портов на FreeBSD 9 с хранением пользователей в SQL БД

через radtest все ок

rad_recv: Access-Request packet from host 192.168.2.245 port 33307, id=54, length=75

User-Name = "steve"

User-Password = "testing"

NAS-IP-Address = 127.0.0.1

NAS-Port = 1

Message-Authenticator = 0xd726b5c932789a25a33bdc1c5f849b0d

# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default

+- entering group authorize {...}

   expand: %{User-Name} -> steve

[sql] sql_set_user escaped user --> 'steve'

rlm_sql (sql): Reserving sql socket id: 1

[sql] expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = 'steve' ORDER BY id

rlm_sql_postgresql: Status: PGRES_TUPLES_OK

rlm_sql_postgresql: query affected rows = 1 , fields = 5

[sql] User found in radcheck table

[sql] expand: SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = 'steve' ORDER BY id

rlm_sql_postgresql: Status: PGRES_TUPLES_OK

rlm_sql_postgresql: query affected rows = 0 , fields = 5

[sql] expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM radusergroup WHERE UserName='steve' ORDER BY priority

rlm_sql_postgresql: Status: PGRES_TUPLES_OK

rlm_sql_postgresql: query affected rows = 1 , fields = 1

[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = 'dynamic' ORDER BY id

rlm_sql_postgresql: Status: PGRES_TUPLES_OK

rlm_sql_postgresql: query affected rows = 0 , fields = 5

[sql] User found in group dynamic

[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = 'dynamic' ORDER BY id

rlm_sql_postgresql: Status: PGRES_TUPLES_OK

rlm_sql_postgresql: query affected rows = 4 , fields = 5

rlm_sql (sql): Released sql socket id: 1

++[sql] returns ok

++[expiration] returns noop

++[logintime] returns noop

WARNING: Please update your configuration, and remove 'Auth-Type = Local'

WARNING: Use the PAP or CHAP modules instead.

User-Password in the request is correct.

expand: GOOD_PASSWORD -> GOOD_PASSWORD

Login OK: [steve/testing] (from client local port 1) GOOD_PASSWORD

# Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default

+- entering group post-auth {...}

[sql] expand: %{User-Name} -> steve

[sql] sql_set_user escaped user --> 'steve'

[sql] expand: %{User-Password} -> testing

[sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{%{User-Password}:-Chap-Password}', '%{reply:Packet-Type}', NOW()) -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('steve', 'testing', 'Access-Accept', NOW())

rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('steve', 'testing', 'Access-Accept', NOW())

rlm_sql (sql): Reserving sql socket id: 0

rlm_sql_postgresql: Status: PGRES_COMMAND_OK

rlm_sql_postgresql: query affected rows = 1

rlm_sql (sql): Released sql socket id: 0

++[sql] returns ok

Sending Access-Accept of id 54 to 192.168.2.245 port 33307

Framed-Compression := Van-Jacobson-TCP-IP

Framed-Protocol := PPP

Service-Type := Framed-User

Acct-Interim-Interval = 60

Finished request 1.

Going to the next request

Waking up in 4.9 seconds.

Cleaning up request 1 ID 54 with timestamp +42

 

 

а при попытке подключения к wifi точке доступа c Windows XP SP3

rad_recv: Access-Request packet from host 192.168.2.253 port 2050, id=3, length=123

User-Name = "steve"

NAS-IP-Address = 192.168.2.253

Called-Station-Id = "002618c62db2"

Calling-Station-Id = "002719d11285"

NAS-Identifier = "002618c62db2"

NAS-Port = 6

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

EAP-Message = 0x0200000a017374657665

Message-Authenticator = 0x71dcb42cab0715d8c6f9b36f4da66946

# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default

+- entering group authorize {...}

[sql] expand: %{User-Name} -> steve

[sql] sql_set_user escaped user --> 'steve'

rlm_sql (sql): Reserving sql socket id: 4

[sql] expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = 'steve' ORDER BY id

rlm_sql_postgresql: Status: PGRES_TUPLES_OK

rlm_sql_postgresql: query affected rows = 1 , fields = 5

[sql] User found in radcheck table

[sql] expand: SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = 'steve' ORDER BY id

rlm_sql_postgresql: Status: PGRES_TUPLES_OK

rlm_sql_postgresql: query affected rows = 0 , fields = 5

[sql] expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM radusergroup WHERE UserName='steve' ORDER BY priority

rlm_sql_postgresql: Status: PGRES_TUPLES_OK

rlm_sql_postgresql: query affected rows = 1 , fields = 1

[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = 'dynamic' ORDER BY id

rlm_sql_postgresql: Status: PGRES_TUPLES_OK

rlm_sql_postgresql: query affected rows = 0 , fields = 5

[sql] User found in group dynamic

[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = 'dynamic' ORDER BY id

rlm_sql_postgresql: Status: PGRES_TUPLES_OK

rlm_sql_postgresql: query affected rows = 4 , fields = 5

rlm_sql (sql): Released sql socket id: 4

++[sql] returns ok

++[expiration] returns noop

++[logintime] returns noop

[color=#FF0000]WARNING: Please update your configuration, and remove 'Auth-Type = Local'

WARNING: Use the PAP or CHAP modules instead.

No User-Password or CHAP-Password attribute in the request.

Cannot perform authentication.

Failed to authenticate the user.

expand: BAD_PASSWORD -> BAD_PASSWORD

Login incorrect: [steve/<no User-Password attribute>] (from client ASUS port 6 cli 002719d11285) BAD_PASSWORD

Using Post-Auth-Type Reject[/color]

# Executing group from file /usr/local/etc/raddb/sites-enabled/default

+- entering group REJECT {...}

[sql] expand: %{User-Name} -> steve

[sql] sql_set_user escaped user --> 'steve'

[sql] expand: %{User-Password} ->

[sql] ... expanding second conditional

[sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{%{User-Password}:-Chap-Password}', '%{reply:Packet-Type}', NOW()) -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('steve', 'Chap-Password', 'Access-Reject', NOW())

rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('steve', 'Chap-Password', 'Access-Reject', NOW())

rlm_sql (sql): Reserving sql socket id: 3

rlm_sql_postgresql: Status: PGRES_COMMAND_OK

rlm_sql_postgresql: query affected rows = 1

rlm_sql (sql): Released sql socket id: 3

++[sql] returns ok

[attr_filter.access_reject] expand: %{User-Name} -> steve

attr_filter: Matched entry DEFAULT at line 11

++[attr_filter.access_reject] returns updated

Delaying reject of request 2 for 1 seconds

Going to the next request

Waking up in 0.9 seconds.

Sending delayed reject for request 2

Sending Access-Reject of id 3 to 192.168.2.253 port 2050

Waking up in 4.9 seconds.

Cleaning up request 2 ID 3 with timestamp +248

Ready to process requests.

 

Понятно что чтото не так с типами аутентификации только вот не могу понять где поправить их.

Share this post


Link to post
Share on other sites

Если сразу не поняли, повторю:

WARNING: Please update your configuration, and remove 'Auth-Type = Local'

WARNING: Use the PAP or CHAP modules instead.

Share this post


Link to post
Share on other sites

Не разобрался я снес все к чертям и по новой с нуля. NAS wifi router ASUS RT-N10

Сейчас без SQL все в файлах.

Через raddtest авторизирует через PAP, а с WIndows XP SP3 нет. лог авторизацииниже.

FreeRADIUS Version 2.1.12, for host i386-portbld-freebsd9.0, built on Mar 11 2012 at 17:03:30
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/clients.conf
including files in directory /usr/local/etc/raddb/modules/
including configuration file /usr/local/etc/raddb/modules/wimax
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/modules/cui
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file /usr/local/etc/raddb/modules/detail.example.com
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/dynamic_clients
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/modules/inner-eap
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/krb5
including configuration file /usr/local/etc/raddb/modules/ldap
including configuration file /usr/local/etc/raddb/modules/linelog
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/otp
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/ntlm_auth
including configuration file /usr/local/etc/raddb/modules/opendirectory
including configuration file /usr/local/etc/raddb/modules/pam
including configuration file /usr/local/etc/raddb/modules/pap
including configuration file /usr/local/etc/raddb/modules/passwd
including configuration file /usr/local/etc/raddb/modules/perl
including configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/redis
including configuration file /usr/local/etc/raddb/modules/rediswho
including configuration file /usr/local/etc/raddb/modules/replicate
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/smsotp
including configuration file /usr/local/etc/raddb/modules/soh
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/unix
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
including configuration file /usr/local/etc/raddb/sites-enabled/control-socket
main {
       user = "freeradius"
       group = "freeradius"
       allow_core_dumps = yes
}
Core dumps are enabled.
including dictionary file /usr/local/etc/raddb/dictionary
main {
       name = "radiusd"
       prefix = "/usr/local"
       localstatedir = "/var"
       sbindir = "/usr/local/sbin"
       logdir = "/var/log"
       run_dir = "/var/run/radiusd"
       libdir = "/usr/local/lib/freeradius-2.1.12"
       radacctdir = "/var/log/radacct"
       hostname_lookups = no
       max_request_time = 30
       cleanup_delay = 5
       max_requests = 1024
       pidfile = "/var/run/radiusd/radiusd.pid"
       checkrad = "/usr/local/sbin/checkrad"
       debug_level = 0
       proxy_requests = yes
log {
       stripped_names = yes
       auth = yes
       auth_badpass = no
       auth_goodpass = no
       msg_badpass = "BAD_PASS"
       msg_goodpass = "GOOD_PASS"
}
security {
       max_attributes = 200
       reject_delay = 1
       status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
client localhost {
       ipaddr = 127.0.0.1
       require_message_authenticator = no
       secret = "testing123"
       nastype = "other"
}
client 192.168.0.0/16 {
       require_message_authenticator = no
       secret = "secret"
       shortname = "ASUS"
       nastype = "other"
}
radiusd: #### Instantiating modules ####
instantiate {
 Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file /usr/local/etc/raddb/modules/exec
 exec {
       wait = no
       input_pairs = "request"
       shell_escape = yes
 }
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file /usr/local/etc/raddb/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file /usr/local/etc/raddb/modules/expiration
 expiration {
       reply-message = "Password Has Expired  "
 }
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file /usr/local/etc/raddb/modules/logintime
 logintime {
       reply-message = "You are calling outside your allowed timespan  "
       minimum-timeout = 60
 }
}
radiusd: #### Loading Virtual Servers ####
server { # from file /usr/local/etc/raddb/radiusd.conf
modules {
 Module: Creating Auth-Type = digest
 Module: Creating Post-Auth-Type = REJECT
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file /usr/local/etc/raddb/modules/pap
 pap {
       encryption_scheme = "auto"
       auto_header = no
 }
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file /usr/local/etc/raddb/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file /usr/local/etc/raddb/modules/mschap
 mschap {
       use_mppe = yes
       require_encryption = yes
       require_strong = yes
       with_ntdomain_hack = yes
       allow_retry = yes
 }
Module: Linked to module rlm_digest
Module: Instantiating module "digest" from file /usr/local/etc/raddb/modules/digest
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file /usr/local/etc/raddb/modules/unix
 unix {
       radwtmp = "/var/log/radwtmp"
 }
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /usr/local/etc/raddb/eap.conf
 eap {
       default_eap_type = "tls"
       timer_expire = 60
       ignore_unknown_eap_types = no
       cisco_accounting_username_bug = no
       max_sessions = 4096
 }
 Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
  gtc {
       challenge = "Password: "
       auth_type = "PAP"
  }
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
  tls {
       rsa_key_exchange = no
       dh_key_exchange = yes
       rsa_key_length = 512
       dh_key_length = 512
       verify_depth = 0
       CA_path = "/usr/local/etc/raddb/certs"
       pem_file_type = yes
       private_key_file = "/usr/local/etc/raddb/certs/server.pem"
       certificate_file = "/usr/local/etc/raddb/certs/server.pem"
       CA_file = "/usr/local/etc/raddb/certs/ca.pem"
       private_key_password = "whatever"
       dh_file = "/usr/local/etc/raddb/certs/dh"
       random_file = "/usr/local/etc/raddb/certs/random"
       fragment_size = 1024
       include_length = yes
       check_crl = no
       cipher_list = "DEFAULT"
       make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
       ecdh_curve = "prime256v1"
   cache {
       enable = no
       lifetime = 24
       max_entries = 255
   }
   verify {
   }
   ocsp {
       enable = no
       override_cert_url = yes
       url = "http://127.0.0.1/ocsp/"
   }
  }
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
  ttls {
       default_eap_type = "md5"
       copy_request_to_tunnel = no
       use_tunneled_reply = no
       virtual_server = "inner-tunnel"
       include_length = yes
  }
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
  peap {
       default_eap_type = "mschapv2"
       copy_request_to_tunnel = no
       use_tunneled_reply = no
        proxy_tunneled_request_as_eap = yes
       soh = no
  }
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
  mschapv2 {
       with_ntdomain_hack = no
       send_error = no
  }
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file /usr/local/etc/raddb/modules/preprocess
 preprocess {
       huntgroups = "/usr/local/etc/raddb/huntgroups"
       hints = "/usr/local/etc/raddb/hints"
       with_ascend_hack = no
       ascend_channels_per_line = 23
       with_ntdomain_hack = no
       with_specialix_jetstream_hack = no
       with_cisco_vsa_hack = no
       with_alvarion_vsa_hack = no
 }
Module: Linked to module rlm_realm
Module: Instantiating module "ntdomain" from file /usr/local/etc/raddb/modules/realm
 realm ntdomain {
       format = "prefix"
       delimiter = "\"
       ignore_default = no
       ignore_null = no
 }
Module: Linked to module rlm_files
Module: Instantiating module "files" from file /usr/local/etc/raddb/modules/files
 files {
       usersfile = "/usr/local/etc/raddb/users"
       acctusersfile = "/usr/local/etc/raddb/acct_users"
       preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
       compat = "no"
 }
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file /usr/local/etc/raddb/modules/acct_unique
 acct_unique {
       key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
 }
Module: Instantiating module "suffix" from file /usr/local/etc/raddb/modules/realm
 realm suffix {
       format = "suffix"
       delimiter = "@"
       ignore_default = no
       ignore_null = no
 }
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "detail" from file /usr/local/etc/raddb/modules/detail
 detail {
       detailfile = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
       header = "%t"
       detailperm = 384
       dirperm = 493
       locking = no
        log_packet_header = no
 }
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file /usr/local/etc/raddb/modules/radutmp
 radutmp {
       filename = "/var/log/radutmp"
       username = "%{User-Name}"
       case_sensitive = yes
       check_with_nas = yes
       perm = 384
       callerid = yes
 }
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/modules/attr_filter
 attr_filter attr_filter.accounting_response {
       attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
       key = "%{User-Name}"
       relaxed = no
 }
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/modules/attr_filter
 attr_filter attr_filter.access_reject {
       attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
       key = "%{User-Name}"
       relaxed = no
 }
} # modules
} # server
server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
       type = "auth"
       ipaddr = 192.168.2.245
       port = 0
}
listen {
       type = "acct"
       ipaddr = 192.168.2.245
       port = 0
}
listen {
       type = "control"
listen {
       socket = "/var/run/radiusd/radiusd.sock"
}
}
listen {
       type = "auth"
       ipaddr = 192.168.2.245
       port = 18120
}
Listening on authentication address 192.168.2.245 port 1812
Listening on accounting address 192.168.2.245 port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on authentication address 192.168.2.245 port 18120 as server inner-tunnel
Listening on proxy address 192.168.2.245 port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=123
       User-Name = "steve"
       NAS-IP-Address = 192.168.2.253
       Called-Station-Id = "002618c62db2"
       Calling-Station-Id = "002719d11285"
       NAS-Identifier = "002618c62db2"
       NAS-Port = 6
       Framed-MTU = 1400
       NAS-Port-Type = Wireless-802.11
       EAP-Message = 0x0200000a017374657665
       Message-Authenticator = 0x2cc24b38a39c7f33b8630410c148361c
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 0 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry steve at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.253 port 2048
       EAP-Message = 0x010100060d20
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0xe3a65930e3a754bd95dc8a11fd6c7282
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=137
Cleaning up request 0 ID 0 with timestamp +164
       User-Name = "steve"
       NAS-IP-Address = 192.168.2.253
       Called-Station-Id = "002618c62db2"
       Calling-Station-Id = "002719d11285"
       NAS-Identifier = "002618c62db2"
       NAS-Port = 6
        Framed-MTU = 1400
       State = 0xe3a65930e3a754bd95dc8a11fd6c7282
       NAS-Port-Type = Wireless-802.11
       EAP-Message = 0x020100060319
       Message-Authenticator = 0x5511bcf5821ff207e0d23f7a79dbb500
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry steve at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.253 port 2048
       EAP-Message = 0x010200061920
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0xe3a65930e2a440bd95dc8a11fd6c7282
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=218
Cleaning up request 1 ID 0 with timestamp +164
       User-Name = "steve"
       NAS-IP-Address = 192.168.2.253
       Called-Station-Id = "002618c62db2"
       Calling-Station-Id = "002719d11285"
       NAS-Identifier = "002618c62db2"
       NAS-Port = 6
       Framed-MTU = 1400
       State = 0xe3a65930e2a440bd95dc8a11fd6c7282
       NAS-Port-Type = Wireless-802.11
       EAP-Message = 0x0202005719800000004d16030100480100004403014f604ab2fe778a1d99197fc2e5dd4ce9ad66f8587da8db28dd766c813cfde2f400001600040005000a0009006400620003000600130012006301000005ff01000100
       Message-Authenticator = 0xe94214aea1d080fedeb4f1cd545bac30
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 2 length 87
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
 TLS Length 77
[peap] Length Included
[peap] eaptls_verify returned 11
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0048], ClientHello
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 085e], Certificate
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.253 port 2048
       EAP-Message = 0x0103040019c0000008a216030100310200002d03014f604ab25cc50d72bb3bf57639d223c31eb4ef66309313d5a8f321a10018e98b000004000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175
       EAP-Message = 0x74686f72697479301e170d3132303331343036343233365a170d3133303331343036343233365a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c266dace08a0b1992c76ca2d59ec5089c0fda34ad667f5efe4513d2816b51284ce65b2f04093370630199c522e1b418e6d3550bb7bd2bf
       EAP-Message = 0xf75f10840d7a0d948ebfc72ffab19edfcef18a2d48034f3f9967d12de18e8fe6a15446c71ca726630c1f8043c1bf018455635dc98a630f3885a5a9f4dfaa68d399707b8b3598bc50d8d80c58b7bdbeb68dba2a41f21338c07aefb7ef010f6f4e59aa720e99df7c1cec7c0cadf4c2f26b70882acb79901189ca4f556c50ff2c5441134f1c2597db880d68f499d928705e2a251dadfdc7030a40c43c1b7c98a752beb3347e4c79f7f82a4b1553046bfe2a438aab956e8a0bd07e9b63247fe0dc750829c2ec44b6113d670203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100c5e4
       EAP-Message = 0xd668059e52e9cbc967f776228bbcec1c870f1f2c425404a4b3fa637e7b0b2eb59696271ff3756eb64ec2907a6bd97737ab27a41c350fc74104f48d226e37c0bc418202de320d737f3e4bde1dca17ad28d5702f4ebd1dbae522055a254b6128d50b2bf35ec72309479b9b6af8a2e0b64d7e87c0f2771464e95c521c17c0cb57aa71981aa76659971b5704cb113fc60d1a8860c4818d8ca3c595a69c9a33279ee0e8c42a263fe8e8773957887c3959743252ea845118a797492df94b55c0ee49337b8471c1bc0b282bb30dc0df78c8c0572c51309d3993efc58465dc5d61499e1da4a82ceb35aafa164e9b34f45f05061639c8545f14b2a8505db5237c3d
       EAP-Message = 0xbe0004ab308204a73082038f
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0xe3a65930e1a540bd95dc8a11fd6c7282
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=137
Cleaning up request 2 ID 0 with timestamp +164
       User-Name = "steve"
       NAS-IP-Address = 192.168.2.253
        Called-Station-Id = "002618c62db2"
       Calling-Station-Id = "002719d11285"
       NAS-Identifier = "002618c62db2"
       NAS-Port = 6
       Framed-MTU = 1400
       State = 0xe3a65930e1a540bd95dc8a11fd6c7282
       NAS-Port-Type = Wireless-802.11
       EAP-Message = 0x020300061900
       Message-Authenticator = 0x63740a27da5c5e4de5bedfef3ce299a8
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.253 port 2048
       EAP-Message = 0x010403fc1940a003020102020900f7093c2b72ccb9f3300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3132303331343036343233365a170d3133303331343036343233365a308193310b3009060355040613024652310f300d0603550408130652616469757331
       EAP-Message = 0x12301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100e17d2d9766d10ab1014a54d4f26469e64fc7731cae131e293079f6d1b97e7758fb3b8fb6d45b8eae9e19c4c80e627a4dcd04814493e21adf91c4ad00ea7258ef019c69140e3ca902605c7a1c806e239712b2d559775f9948524d9e66343172ca2dc853a0375e5223
       EAP-Message = 0x7bfc764902853b8e32bdf3697128bc1b3a2eaeb059950d745ccc3674e9195a80af9b337d64447a5ec8d3ff672893fd802490777db52d26d9fba34e3aaea3c2aee77b55d078b10b2b971a6d1bf1caaf12bd87aebc5c07291fee40b36e2f05e49cf457f54bfaba378e71a459f0760596b7ed1bdfac6acc1734c0acf237ff203ab39af4454880296a9b6cabf6005052ad71f39302030524c31d0203010001a381fb3081f8301d0603551d0e04160414a8ceabfeb5b9e76a8ef5fab964c7ee1eccde2c873081c80603551d230481c03081bd8014a8ceabfeb5b9e76a8ef5fab964c7ee1eccde2c87a18199a48196308193310b300906035504061302465231
       EAP-Message = 0x0f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900f7093c2b72ccb9f3300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100d63dedc60f1dcfcbf3eff5ecd36fb3aa2c3f35824183d7093fc9c0c2c263ddca7941825729e5833695a3f0a484b3f4a92711be470f4ea81097634e9be2b58189b5fe12f8f692c5eec224b5
       EAP-Message = 0x1897177930eb3c5d
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0xe3a65930e0a240bd95dc8a11fd6c7282
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=137
Cleaning up request 3 ID 0 with timestamp +164
       User-Name = "steve"
        NAS-IP-Address = 192.168.2.253
       Called-Station-Id = "002618c62db2"
       Calling-Station-Id = "002719d11285"
       NAS-Identifier = "002618c62db2"
       NAS-Port = 6
       Framed-MTU = 1400
       State = 0xe3a65930e0a240bd95dc8a11fd6c7282
       NAS-Port-Type = Wireless-802.11
       EAP-Message = 0x020400061900
       Message-Authenticator = 0xd9ccb288e553c82c44c6789d597f8e6f
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.253 port 2048
       EAP-Message = 0x010500bc190000c7ae07b055c8da4ceb9cf01799aba64d3b3296408314d4bcd8d266503d2b77641f0e63408e80ec6373bc60fadfc0a10898bb8af3b7fccde8ba6ffed3135aa70ef667bc307564bc13595c865828f3cd0551edd95eb06b82981c2527758cb1fe6111c339a47e510214425468ae27ae63a881fbfc1739fe2c93ea51209721fe619eb938ad3b6b7096fc3f193ef774cabfc6d175cc65737d71c08ae6a4d2b3ea33f1301e3b145bf665b33458b48516030100040e000000
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0xe3a65930e7a340bd95dc8a11fd6c7282
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=453
Cleaning up request 4 ID 0 with timestamp +164
       User-Name = "steve"
       NAS-IP-Address = 192.168.2.253
       Called-Station-Id = "002618c62db2"
       Calling-Station-Id = "002719d11285"
       NAS-Identifier = "002618c62db2"
       NAS-Port = 6
       Framed-MTU = 1400
       State = 0xe3a65930e7a340bd95dc8a11fd6c7282
       NAS-Port-Type = Wireless-802.11
       EAP-Message = 0x020501401980000001361603010106100001020100393957bc526750f53f27a49d79f0d9123bf86c33423791430d8acc20118a35848f53d243f8aaa103a1418e5b7ecffb27f643b43fd01baa18a29842f4b0a616d7efab71dd96debf6962e27bd3a65dd399667fd615ffe9f7f421572ac559c7fc1ab0e85083f1ed82acfbd67a2fed2e5ec49705eba623beb705ab9b2cf956b07fb58f820b251e66aee9973db31a81e715c55b167362664b1773ca7fcd00a461f9cae0cc797ac15df7bbd309251fb73aa822e95bf1833097fb0bdbac4b0da589e8c9d5cef03ffdcbda952a4b152da482ce2ed49a5e6b80e40b3e8afa853c39ca8941142cf0cba54dc029
       EAP-Message = 0x8f32364717c9da251f046a641463ab9589af0fe6500bab5314030100010116030100207c0352873e8ceae0fc265a007f69df79f7a1e7b99166be4efb06656453554f73
       Message-Authenticator = 0x8282c63944155238f1c8506f745df723
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 5 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
 TLS Length 310
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap]     TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap]     TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 write finished A
[peap]     TLS_accept: SSLv3 flush data
[peap]     (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.253 port 2048
       EAP-Message = 0x010600311900140301000101160301002065bdffdb88759955a2d8693d859f01e353a87438d311cea2d7f834e304bb66fc
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0xe3a65930e6a040bd95dc8a11fd6c7282
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=137
Cleaning up request 5 ID 0 with timestamp +164
       User-Name = "steve"
       NAS-IP-Address = 192.168.2.253
       Called-Station-Id = "002618c62db2"
       Calling-Station-Id = "002719d11285"
       NAS-Identifier = "002618c62db2"
       NAS-Port = 6
       Framed-MTU = 1400
       State = 0xe3a65930e6a040bd95dc8a11fd6c7282
       NAS-Port-Type = Wireless-802.11
       EAP-Message = 0x020600061900
       Message-Authenticator = 0x9ba8b8ef89924d4fd492224f5abd95d7
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.253 port 2048
       EAP-Message = 0x0107002019001703010015c5085b2e70217b305357da92cf71460a2a302da537
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0xe3a65930e5a140bd95dc8a11fd6c7282
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=164
Cleaning up request 6 ID 0 with timestamp +165
       User-Name = "steve"
       NAS-IP-Address = 192.168.2.253
       Called-Station-Id = "002618c62db2"
       Calling-Station-Id = "002719d11285"
       NAS-Identifier = "002618c62db2"
       NAS-Port = 6
       Framed-MTU = 1400
       State = 0xe3a65930e5a140bd95dc8a11fd6c7282
       NAS-Port-Type = Wireless-802.11
       EAP-Message = 0x0207002119001703010016a1c17bc1189cc09392e8a74afdac26e3885c8d00b180
       Message-Authenticator = 0xd40705ea3c82b46a3b1c12a222800afd
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 7 length 33
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - steve
[peap] Got inner identity 'steve'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
       EAP-Message = 0x0207000a017374657665
server  {
[peap] Setting User-Name to steve
Sending tunneled request
       EAP-Message = 0x0207000a017374657665
       FreeRADIUS-Proxied-To = 127.0.0.1
       User-Name = "steve"
server  {
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 7 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry steve at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server
[peap] Got tunneled reply code 11
       EAP-Message = 0x0108001f1a0108001a10187c13503f2462800f63fef507c3f9be7374657665
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0x30e9061530e11cef70a53dfab9a25c91
[peap] Got tunneled reply RADIUS code 11
       EAP-Message = 0x0108001f1a0108001a10187c13503f2462800f63fef507c3f9be7374657665
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0x30e9061530e11cef70a53dfab9a25c91
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.253 port 2048
       EAP-Message = 0x010800361900170301002ba1e89db9ee15e118ae72586c08eed3e7e97cf135527fcd8f735d658e8b8102196784d5c7faea576195da59
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0xe3a65930e4ae40bd95dc8a11fd6c7282
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=218
Cleaning up request 7 ID 0 with timestamp +165
       User-Name = "steve"
       NAS-IP-Address = 192.168.2.253
       Called-Station-Id = "002618c62db2"
       Calling-Station-Id = "002719d11285"
       NAS-Identifier = "002618c62db2"
       NAS-Port = 6
       Framed-MTU = 1400
       State = 0xe3a65930e4ae40bd95dc8a11fd6c7282
       NAS-Port-Type = Wireless-802.11
       EAP-Message = 0x020800571900170301004c47afb2f313d5ba3ce251bafd823a82bb9b99ef5c5128a781ca63fad11316da2516eb4d9ddfe8ba8537b651bb9cb97781d37e09225d96e0a3f2ddc412e21c61e1994afce430f44f0c0587db54
       Message-Authenticator = 0xe1c119bff30772791d42b4f69c7a25b4
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 8 length 87
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
       EAP-Message = 0x020800401a0208003b31517bca5148535698662815c8919bc1480000000000000000963c8df9a52237602f33314d74fc4b61ea7da7100e41bd78007374657665
server  {
[peap] Setting User-Name to steve
Sending tunneled request
       EAP-Message = 0x020800401a0208003b31517bca5148535698662815c8919bc1480000000000000000963c8df9a52237602f33314d74fc4b61ea7da7100e41bd78007374657665
       FreeRADIUS-Proxied-To = 127.0.0.1
       User-Name = "steve"
       State = 0x30e9061530e11cef70a53dfab9a25c91
server  {
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 8 length 64
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry steve at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /usr/local/etc/raddb/sites-enabled/default
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username: steve
[mschap] Told to do MS-CHAPv2 for steve with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server
[peap] Got tunneled reply code 11
       EAP-Message = 0x010900331a0308002e533d35453830344536464246304332453934334644423546313345454538454545413835313131363835
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0x30e9061531e01cef70a53dfab9a25c91
[peap] Got tunneled reply RADIUS code 11
       EAP-Message = 0x010900331a0308002e533d35453830344536464246304332453934334644423546313345454538454545413835313131363835
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0x30e9061531e01cef70a53dfab9a25c91
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.253 port 2048
       EAP-Message = 0x0109004a1900170301003f3f44be1d754dd1d3a87ebc6920f839410b7b8860c04b067d0df559535a007a33865ec916f7d075c212464c11e28886727e76a5ecb5d9a30f2195376089dd51
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0xe3a65930ebaf40bd95dc8a11fd6c7282
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=160
Cleaning up request 8 ID 0 with timestamp +165
       User-Name = "steve"
       NAS-IP-Address = 192.168.2.253
       Called-Station-Id = "002618c62db2"
       Calling-Station-Id = "002719d11285"
       NAS-Identifier = "002618c62db2"
       NAS-Port = 6
       Framed-MTU = 1400
       State = 0xe3a65930ebaf40bd95dc8a11fd6c7282
       NAS-Port-Type = Wireless-802.11
       EAP-Message = 0x0209001d190017030100126138dde670ccb5020b154e6338f3d6a7ddbc
        Message-Authenticator = 0xd64c457c1c90f16c4985f6fa64222ac3
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 9 length 29
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
       EAP-Message = 0x020900061a03
server  {
[peap] Setting User-Name to steve
Sending tunneled request
       EAP-Message = 0x020900061a03
       FreeRADIUS-Proxied-To = 127.0.0.1
       User-Name = "steve"
       State = 0x30e9061531e01cef70a53dfab9a25c91
server  {
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 9 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry steve at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] Freeing handler
++[eap] returns ok
       expand: GOOD_PASS -> GOOD_PASS
Login OK: [steve] (from client ASUS port 0 via TLS tunnel) GOOD_PASS
# Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
} # server
[peap] Got tunneled reply code 2
       MS-MPPE-Encryption-Policy = 0x00000002
       MS-MPPE-Encryption-Types = 0x00000004
       MS-MPPE-Send-Key = 0x4fc7fd4f645e75bd636a2fa76a2122ba
       MS-MPPE-Recv-Key = 0x5069d992b6a4cbe65cc354a2f6bfd956
       EAP-Message = 0x03090004
       Message-Authenticator = 0x00000000000000000000000000000000
       User-Name = "steve"
[peap] Got tunneled reply RADIUS code 2
       MS-MPPE-Encryption-Policy = 0x00000002
       MS-MPPE-Encryption-Types = 0x00000004
       MS-MPPE-Send-Key = 0x4fc7fd4f645e75bd636a2fa76a2122ba
       MS-MPPE-Recv-Key = 0x5069d992b6a4cbe65cc354a2f6bfd956
       EAP-Message = 0x03090004
       Message-Authenticator = 0x00000000000000000000000000000000
       User-Name = "steve"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.253 port 2048
       EAP-Message = 0x010a00261900170301001b11a77e7f2585fb2025fbf06f768401b13a4cb397322a718d4ce994
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0xe3a65930eaac40bd95dc8a11fd6c7282
Finished request 9.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=169
Cleaning up request 9 ID 0 with timestamp +166
       User-Name = "steve"
       NAS-IP-Address = 192.168.2.253
       Called-Station-Id = "002618c62db2"
       Calling-Station-Id = "002719d11285"
       NAS-Identifier = "002618c62db2"
       NAS-Port = 6
       Framed-MTU = 1400
       State = 0xe3a65930eaac40bd95dc8a11fd6c7282
       NAS-Port-Type = Wireless-802.11
       EAP-Message = 0x020a00261900170301001bf2f611e6e71b966a21ab303fc67299f44f2f800c0554cb0b10e6f5
       Message-Authenticator = 0xd4a3271261dc03f86cf1b84a6f90832a
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 10 length 38
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Client rejected our response.  The password is probably incorrect.
[peap] We sent a success, but received something weird in return.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
       expand: BAD_PASS -> BAD_PASS
Login incorrect: [steve] (from client ASUS port 6 cli 002719d11285) BAD_PASS
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> steve
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 10 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 10
Sending Access-Reject of id 0 to 192.168.2.253 port 2048
       EAP-Message = 0x040a0004
       Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4.9 seconds.
Cleaning up request 10 ID 0 with timestamp +166
Ready to process requests.


Share this post


Link to post
Share on other sites

Подключился. Проблема была в клиенте.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this