Аторизация через RADIUS

Вся активность

Ответить

ss25

Опубликовано 13 марта, 2012 · Жалоба

Настраиваю Freeradius 2 (freeradius-2.1.12_1) из портов на FreeBSD 9 с хранением пользователей в SQL БД

через radtest все ок

rad_recv: Access-Request packet from host 192.168.2.245 port 33307, id=54, length=75

User-Name = "steve"

User-Password = "testing"

NAS-IP-Address = 127.0.0.1

NAS-Port = 1

Message-Authenticator = 0xd726b5c932789a25a33bdc1c5f849b0d

# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default

+- entering group authorize {...}
   expand: %{User-Name} -> steve
[sql] sql_set_user escaped user --> 'steve'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = 'steve' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 5
[sql] User found in radcheck table
[sql] expand: SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = 'steve' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 0 , fields = 5
[sql] expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM radusergroup WHERE UserName='steve' ORDER BY priority
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 1
[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = 'dynamic' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 0 , fields = 5
[sql] User found in group dynamic
[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = 'dynamic' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 4 , fields = 5
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
User-Password in the request is correct.
expand: GOOD_PASSWORD -> GOOD_PASSWORD
Login OK: [steve/testing] (from client local port 1) GOOD_PASSWORD
# Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
[sql] expand: %{User-Name} -> steve
[sql] sql_set_user escaped user --> 'steve'
[sql] expand: %{User-Password} -> testing
[sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{%{User-Password}:-Chap-Password}', '%{reply:Packet-Type}', NOW()) -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('steve', 'testing', 'Access-Accept', NOW())
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('steve', 'testing', 'Access-Accept', NOW())
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql_postgresql: Status: PGRES_COMMAND_OK
rlm_sql_postgresql: query affected rows = 1
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
Sending Access-Accept of id 54 to 192.168.2.245 port 33307
Framed-Compression := Van-Jacobson-TCP-IP
Framed-Protocol := PPP
Service-Type := Framed-User
Acct-Interim-Interval = 60
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 1 ID 54 with timestamp +42

а при попытке подключения к wifi точке доступа c Windows XP SP3

rad_recv: Access-Request packet from host 192.168.2.253 port 2050, id=3, length=123

User-Name = "steve"

NAS-IP-Address = 192.168.2.253

Called-Station-Id = "002618c62db2"

Calling-Station-Id = "002719d11285"

NAS-Identifier = "002618c62db2"

NAS-Port = 6

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

EAP-Message = 0x0200000a017374657665

Message-Authenticator = 0x71dcb42cab0715d8c6f9b36f4da66946

# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default

+- entering group authorize {...}

[sql] expand: %{User-Name} -> steve

[sql] sql_set_user escaped user --> 'steve'

rlm_sql (sql): Reserving sql socket id: 4

[sql] expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = 'steve' ORDER BY id

rlm_sql_postgresql: Status: PGRES_TUPLES_OK

rlm_sql_postgresql: query affected rows = 1 , fields = 5

[sql] User found in radcheck table

[sql] expand: SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = 'steve' ORDER BY id

rlm_sql_postgresql: Status: PGRES_TUPLES_OK

rlm_sql_postgresql: query affected rows = 0 , fields = 5

[sql] expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM radusergroup WHERE UserName='steve' ORDER BY priority

rlm_sql_postgresql: Status: PGRES_TUPLES_OK

rlm_sql_postgresql: query affected rows = 1 , fields = 1

[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = 'dynamic' ORDER BY id

rlm_sql_postgresql: Status: PGRES_TUPLES_OK

rlm_sql_postgresql: query affected rows = 0 , fields = 5

[sql] User found in group dynamic

[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = 'dynamic' ORDER BY id

rlm_sql_postgresql: Status: PGRES_TUPLES_OK

rlm_sql_postgresql: query affected rows = 4 , fields = 5

rlm_sql (sql): Released sql socket id: 4

++[sql] returns ok

++[expiration] returns noop

++[logintime] returns noop

[color=#FF0000]WARNING: Please update your configuration, and remove 'Auth-Type = Local'

WARNING: Use the PAP or CHAP modules instead.

No User-Password or CHAP-Password attribute in the request.

Cannot perform authentication.

Failed to authenticate the user.

expand: BAD_PASSWORD -> BAD_PASSWORD

Login incorrect: [steve/<no User-Password attribute>] (from client ASUS port 6 cli 002719d11285) BAD_PASSWORD

Using Post-Auth-Type Reject[/color]

# Executing group from file /usr/local/etc/raddb/sites-enabled/default

+- entering group REJECT {...}

[sql] expand: %{User-Name} -> steve

[sql] sql_set_user escaped user --> 'steve'

[sql] expand: %{User-Password} ->

[sql] ... expanding second conditional

[sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{%{User-Password}:-Chap-Password}', '%{reply:Packet-Type}', NOW()) -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('steve', 'Chap-Password', 'Access-Reject', NOW())

rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('steve', 'Chap-Password', 'Access-Reject', NOW())

rlm_sql (sql): Reserving sql socket id: 3

rlm_sql_postgresql: Status: PGRES_COMMAND_OK

rlm_sql_postgresql: query affected rows = 1

rlm_sql (sql): Released sql socket id: 3

++[sql] returns ok

[attr_filter.access_reject] expand: %{User-Name} -> steve

attr_filter: Matched entry DEFAULT at line 11

++[attr_filter.access_reject] returns updated

Delaying reject of request 2 for 1 seconds

Going to the next request

Waking up in 0.9 seconds.

Sending delayed reject for request 2

Sending Access-Reject of id 3 to 192.168.2.253 port 2050

Waking up in 4.9 seconds.

Cleaning up request 2 ID 3 with timestamp +248

Ready to process requests.

Понятно что чтото не так с типами аутентификации только вот не могу понять где поправить их.

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

terrible

Опубликовано 13 марта, 2012 · Жалоба

Если сразу не поняли, повторю:

WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

ss25

Опубликовано 14 марта, 2012 · Жалоба

Не разобрался я снес все к чертям и по новой с нуля. NAS wifi router ASUS RT-N10

Сейчас без SQL все в файлах.

Через raddtest авторизирует через PAP, а с WIndows XP SP3 нет. лог авторизацииниже.

FreeRADIUS Version 2.1.12, for host i386-portbld-freebsd9.0, built on Mar 11 2012 at 17:03:30
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/clients.conf
including files in directory /usr/local/etc/raddb/modules/
including configuration file /usr/local/etc/raddb/modules/wimax
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/modules/cui
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file /usr/local/etc/raddb/modules/detail.example.com
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/dynamic_clients
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/modules/inner-eap
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/krb5
including configuration file /usr/local/etc/raddb/modules/ldap
including configuration file /usr/local/etc/raddb/modules/linelog
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/otp
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/ntlm_auth
including configuration file /usr/local/etc/raddb/modules/opendirectory
including configuration file /usr/local/etc/raddb/modules/pam
including configuration file /usr/local/etc/raddb/modules/pap
including configuration file /usr/local/etc/raddb/modules/passwd
including configuration file /usr/local/etc/raddb/modules/perl
including configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/redis
including configuration file /usr/local/etc/raddb/modules/rediswho
including configuration file /usr/local/etc/raddb/modules/replicate
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/smsotp
including configuration file /usr/local/etc/raddb/modules/soh
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/unix
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
including configuration file /usr/local/etc/raddb/sites-enabled/control-socket
main {
       user = "freeradius"
       group = "freeradius"
       allow_core_dumps = yes
}
Core dumps are enabled.
including dictionary file /usr/local/etc/raddb/dictionary
main {
       name = "radiusd"
       prefix = "/usr/local"
       localstatedir = "/var"
       sbindir = "/usr/local/sbin"
       logdir = "/var/log"
       run_dir = "/var/run/radiusd"
       libdir = "/usr/local/lib/freeradius-2.1.12"
       radacctdir = "/var/log/radacct"
       hostname_lookups = no
       max_request_time = 30
       cleanup_delay = 5
       max_requests = 1024
       pidfile = "/var/run/radiusd/radiusd.pid"
       checkrad = "/usr/local/sbin/checkrad"
       debug_level = 0
       proxy_requests = yes
log {
       stripped_names = yes
       auth = yes
       auth_badpass = no
       auth_goodpass = no
       msg_badpass = "BAD_PASS"
       msg_goodpass = "GOOD_PASS"
}
security {
       max_attributes = 200
       reject_delay = 1
       status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
client localhost {
       ipaddr = 127.0.0.1
       require_message_authenticator = no
       secret = "testing123"
       nastype = "other"
}
client 192.168.0.0/16 {
       require_message_authenticator = no
       secret = "secret"
       shortname = "ASUS"
       nastype = "other"
}
radiusd: #### Instantiating modules ####
instantiate {
 Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file /usr/local/etc/raddb/modules/exec
 exec {
       wait = no
       input_pairs = "request"
       shell_escape = yes
 }
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file /usr/local/etc/raddb/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file /usr/local/etc/raddb/modules/expiration
 expiration {
       reply-message = "Password Has Expired  "
 }
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file /usr/local/etc/raddb/modules/logintime
 logintime {
       reply-message = "You are calling outside your allowed timespan  "
       minimum-timeout = 60
 }
}
radiusd: #### Loading Virtual Servers ####
server { # from file /usr/local/etc/raddb/radiusd.conf
modules {
 Module: Creating Auth-Type = digest
 Module: Creating Post-Auth-Type = REJECT
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file /usr/local/etc/raddb/modules/pap
 pap {
       encryption_scheme = "auto"
       auto_header = no
 }
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file /usr/local/etc/raddb/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file /usr/local/etc/raddb/modules/mschap
 mschap {
       use_mppe = yes
       require_encryption = yes
       require_strong = yes
       with_ntdomain_hack = yes
       allow_retry = yes
 }
Module: Linked to module rlm_digest
Module: Instantiating module "digest" from file /usr/local/etc/raddb/modules/digest
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file /usr/local/etc/raddb/modules/unix
 unix {
       radwtmp = "/var/log/radwtmp"
 }
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /usr/local/etc/raddb/eap.conf
 eap {
       default_eap_type = "tls"
       timer_expire = 60
       ignore_unknown_eap_types = no
       cisco_accounting_username_bug = no
       max_sessions = 4096
 }
 Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
  gtc {
       challenge = "Password: "
       auth_type = "PAP"
  }
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
  tls {
       rsa_key_exchange = no
       dh_key_exchange = yes
       rsa_key_length = 512
       dh_key_length = 512
       verify_depth = 0
       CA_path = "/usr/local/etc/raddb/certs"
       pem_file_type = yes
       private_key_file = "/usr/local/etc/raddb/certs/server.pem"
       certificate_file = "/usr/local/etc/raddb/certs/server.pem"
       CA_file = "/usr/local/etc/raddb/certs/ca.pem"
       private_key_password = "whatever"
       dh_file = "/usr/local/etc/raddb/certs/dh"
       random_file = "/usr/local/etc/raddb/certs/random"
       fragment_size = 1024
       include_length = yes
       check_crl = no
       cipher_list = "DEFAULT"
       make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
       ecdh_curve = "prime256v1"
   cache {
       enable = no
       lifetime = 24
       max_entries = 255
   }
   verify {
   }
   ocsp {
       enable = no
       override_cert_url = yes
       url = "http://127.0.0.1/ocsp/"
   }
  }
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
  ttls {
       default_eap_type = "md5"
       copy_request_to_tunnel = no
       use_tunneled_reply = no
       virtual_server = "inner-tunnel"
       include_length = yes
  }
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
  peap {
       default_eap_type = "mschapv2"
       copy_request_to_tunnel = no
       use_tunneled_reply = no
        proxy_tunneled_request_as_eap = yes
       soh = no
  }
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
  mschapv2 {
       with_ntdomain_hack = no
       send_error = no
  }
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file /usr/local/etc/raddb/modules/preprocess
 preprocess {
       huntgroups = "/usr/local/etc/raddb/huntgroups"
       hints = "/usr/local/etc/raddb/hints"
       with_ascend_hack = no
       ascend_channels_per_line = 23
       with_ntdomain_hack = no
       with_specialix_jetstream_hack = no
       with_cisco_vsa_hack = no
       with_alvarion_vsa_hack = no
 }
Module: Linked to module rlm_realm
Module: Instantiating module "ntdomain" from file /usr/local/etc/raddb/modules/realm
 realm ntdomain {
       format = "prefix"
       delimiter = "\"
       ignore_default = no
       ignore_null = no
 }
Module: Linked to module rlm_files
Module: Instantiating module "files" from file /usr/local/etc/raddb/modules/files
 files {
       usersfile = "/usr/local/etc/raddb/users"
       acctusersfile = "/usr/local/etc/raddb/acct_users"
       preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
       compat = "no"
 }
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file /usr/local/etc/raddb/modules/acct_unique
 acct_unique {
       key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
 }
Module: Instantiating module "suffix" from file /usr/local/etc/raddb/modules/realm
 realm suffix {
       format = "suffix"
       delimiter = "@"
       ignore_default = no
       ignore_null = no
 }
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "detail" from file /usr/local/etc/raddb/modules/detail
 detail {
       detailfile = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
       header = "%t"
       detailperm = 384
       dirperm = 493
       locking = no
        log_packet_header = no
 }
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file /usr/local/etc/raddb/modules/radutmp
 radutmp {
       filename = "/var/log/radutmp"
       username = "%{User-Name}"
       case_sensitive = yes
       check_with_nas = yes
       perm = 384
       callerid = yes
 }
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/modules/attr_filter
 attr_filter attr_filter.accounting_response {
       attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
       key = "%{User-Name}"
       relaxed = no
 }
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/modules/attr_filter
 attr_filter attr_filter.access_reject {
       attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
       key = "%{User-Name}"
       relaxed = no
 }
} # modules
} # server
server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
       type = "auth"
       ipaddr = 192.168.2.245
       port = 0
}
listen {
       type = "acct"
       ipaddr = 192.168.2.245
       port = 0
}
listen {
       type = "control"
listen {
       socket = "/var/run/radiusd/radiusd.sock"
}
}
listen {
       type = "auth"
       ipaddr = 192.168.2.245
       port = 18120
}
Listening on authentication address 192.168.2.245 port 1812
Listening on accounting address 192.168.2.245 port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on authentication address 192.168.2.245 port 18120 as server inner-tunnel
Listening on proxy address 192.168.2.245 port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=123
       User-Name = "steve"
       NAS-IP-Address = 192.168.2.253
       Called-Station-Id = "002618c62db2"
       Calling-Station-Id = "002719d11285"
       NAS-Identifier = "002618c62db2"
       NAS-Port = 6
       Framed-MTU = 1400
       NAS-Port-Type = Wireless-802.11
       EAP-Message = 0x0200000a017374657665
       Message-Authenticator = 0x2cc24b38a39c7f33b8630410c148361c
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 0 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry steve at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.253 port 2048
       EAP-Message = 0x010100060d20
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0xe3a65930e3a754bd95dc8a11fd6c7282
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=137
Cleaning up request 0 ID 0 with timestamp +164
       User-Name = "steve"
       NAS-IP-Address = 192.168.2.253
       Called-Station-Id = "002618c62db2"
       Calling-Station-Id = "002719d11285"
       NAS-Identifier = "002618c62db2"
       NAS-Port = 6
        Framed-MTU = 1400
       State = 0xe3a65930e3a754bd95dc8a11fd6c7282
       NAS-Port-Type = Wireless-802.11
       EAP-Message = 0x020100060319
       Message-Authenticator = 0x5511bcf5821ff207e0d23f7a79dbb500
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry steve at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.253 port 2048
       EAP-Message = 0x010200061920
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0xe3a65930e2a440bd95dc8a11fd6c7282
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=218
Cleaning up request 1 ID 0 with timestamp +164
       User-Name = "steve"
       NAS-IP-Address = 192.168.2.253
       Called-Station-Id = "002618c62db2"
       Calling-Station-Id = "002719d11285"
       NAS-Identifier = "002618c62db2"
       NAS-Port = 6
       Framed-MTU = 1400
       State = 0xe3a65930e2a440bd95dc8a11fd6c7282
       NAS-Port-Type = Wireless-802.11
       EAP-Message = 0x0202005719800000004d16030100480100004403014f604ab2fe778a1d99197fc2e5dd4ce9ad66f8587da8db28dd766c813cfde2f400001600040005000a0009006400620003000600130012006301000005ff01000100
       Message-Authenticator = 0xe94214aea1d080fedeb4f1cd545bac30
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 2 length 87
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
 TLS Length 77
[peap] Length Included
[peap] eaptls_verify returned 11
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0048], ClientHello
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 085e], Certificate
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.253 port 2048
       EAP-Message = 0x0103040019c0000008a216030100310200002d03014f604ab25cc50d72bb3bf57639d223c31eb4ef66309313d5a8f321a10018e98b000004000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175
       EAP-Message = 0x74686f72697479301e170d3132303331343036343233365a170d3133303331343036343233365a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c266dace08a0b1992c76ca2d59ec5089c0fda34ad667f5efe4513d2816b51284ce65b2f04093370630199c522e1b418e6d3550bb7bd2bf
       EAP-Message = 0xf75f10840d7a0d948ebfc72ffab19edfcef18a2d48034f3f9967d12de18e8fe6a15446c71ca726630c1f8043c1bf018455635dc98a630f3885a5a9f4dfaa68d399707b8b3598bc50d8d80c58b7bdbeb68dba2a41f21338c07aefb7ef010f6f4e59aa720e99df7c1cec7c0cadf4c2f26b70882acb79901189ca4f556c50ff2c5441134f1c2597db880d68f499d928705e2a251dadfdc7030a40c43c1b7c98a752beb3347e4c79f7f82a4b1553046bfe2a438aab956e8a0bd07e9b63247fe0dc750829c2ec44b6113d670203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100c5e4
       EAP-Message = 0xd668059e52e9cbc967f776228bbcec1c870f1f2c425404a4b3fa637e7b0b2eb59696271ff3756eb64ec2907a6bd97737ab27a41c350fc74104f48d226e37c0bc418202de320d737f3e4bde1dca17ad28d5702f4ebd1dbae522055a254b6128d50b2bf35ec72309479b9b6af8a2e0b64d7e87c0f2771464e95c521c17c0cb57aa71981aa76659971b5704cb113fc60d1a8860c4818d8ca3c595a69c9a33279ee0e8c42a263fe8e8773957887c3959743252ea845118a797492df94b55c0ee49337b8471c1bc0b282bb30dc0df78c8c0572c51309d3993efc58465dc5d61499e1da4a82ceb35aafa164e9b34f45f05061639c8545f14b2a8505db5237c3d
       EAP-Message = 0xbe0004ab308204a73082038f
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0xe3a65930e1a540bd95dc8a11fd6c7282
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=137
Cleaning up request 2 ID 0 with timestamp +164
       User-Name = "steve"
       NAS-IP-Address = 192.168.2.253
        Called-Station-Id = "002618c62db2"
       Calling-Station-Id = "002719d11285"
       NAS-Identifier = "002618c62db2"
       NAS-Port = 6
       Framed-MTU = 1400
       State = 0xe3a65930e1a540bd95dc8a11fd6c7282
       NAS-Port-Type = Wireless-802.11
       EAP-Message = 0x020300061900
       Message-Authenticator = 0x63740a27da5c5e4de5bedfef3ce299a8
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.253 port 2048
       EAP-Message = 0x010403fc1940a003020102020900f7093c2b72ccb9f3300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3132303331343036343233365a170d3133303331343036343233365a308193310b3009060355040613024652310f300d0603550408130652616469757331
       EAP-Message = 0x12301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100e17d2d9766d10ab1014a54d4f26469e64fc7731cae131e293079f6d1b97e7758fb3b8fb6d45b8eae9e19c4c80e627a4dcd04814493e21adf91c4ad00ea7258ef019c69140e3ca902605c7a1c806e239712b2d559775f9948524d9e66343172ca2dc853a0375e5223
       EAP-Message = 0x7bfc764902853b8e32bdf3697128bc1b3a2eaeb059950d745ccc3674e9195a80af9b337d64447a5ec8d3ff672893fd802490777db52d26d9fba34e3aaea3c2aee77b55d078b10b2b971a6d1bf1caaf12bd87aebc5c07291fee40b36e2f05e49cf457f54bfaba378e71a459f0760596b7ed1bdfac6acc1734c0acf237ff203ab39af4454880296a9b6cabf6005052ad71f39302030524c31d0203010001a381fb3081f8301d0603551d0e04160414a8ceabfeb5b9e76a8ef5fab964c7ee1eccde2c873081c80603551d230481c03081bd8014a8ceabfeb5b9e76a8ef5fab964c7ee1eccde2c87a18199a48196308193310b300906035504061302465231
       EAP-Message = 0x0f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900f7093c2b72ccb9f3300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100d63dedc60f1dcfcbf3eff5ecd36fb3aa2c3f35824183d7093fc9c0c2c263ddca7941825729e5833695a3f0a484b3f4a92711be470f4ea81097634e9be2b58189b5fe12f8f692c5eec224b5
       EAP-Message = 0x1897177930eb3c5d
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0xe3a65930e0a240bd95dc8a11fd6c7282
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=137
Cleaning up request 3 ID 0 with timestamp +164
       User-Name = "steve"
        NAS-IP-Address = 192.168.2.253
       Called-Station-Id = "002618c62db2"
       Calling-Station-Id = "002719d11285"
       NAS-Identifier = "002618c62db2"
       NAS-Port = 6
       Framed-MTU = 1400
       State = 0xe3a65930e0a240bd95dc8a11fd6c7282
       NAS-Port-Type = Wireless-802.11
       EAP-Message = 0x020400061900
       Message-Authenticator = 0xd9ccb288e553c82c44c6789d597f8e6f
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.253 port 2048
       EAP-Message = 0x010500bc190000c7ae07b055c8da4ceb9cf01799aba64d3b3296408314d4bcd8d266503d2b77641f0e63408e80ec6373bc60fadfc0a10898bb8af3b7fccde8ba6ffed3135aa70ef667bc307564bc13595c865828f3cd0551edd95eb06b82981c2527758cb1fe6111c339a47e510214425468ae27ae63a881fbfc1739fe2c93ea51209721fe619eb938ad3b6b7096fc3f193ef774cabfc6d175cc65737d71c08ae6a4d2b3ea33f1301e3b145bf665b33458b48516030100040e000000
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0xe3a65930e7a340bd95dc8a11fd6c7282
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=453
Cleaning up request 4 ID 0 with timestamp +164
       User-Name = "steve"
       NAS-IP-Address = 192.168.2.253
       Called-Station-Id = "002618c62db2"
       Calling-Station-Id = "002719d11285"
       NAS-Identifier = "002618c62db2"
       NAS-Port = 6
       Framed-MTU = 1400
       State = 0xe3a65930e7a340bd95dc8a11fd6c7282
       NAS-Port-Type = Wireless-802.11
       EAP-Message = 0x020501401980000001361603010106100001020100393957bc526750f53f27a49d79f0d9123bf86c33423791430d8acc20118a35848f53d243f8aaa103a1418e5b7ecffb27f643b43fd01baa18a29842f4b0a616d7efab71dd96debf6962e27bd3a65dd399667fd615ffe9f7f421572ac559c7fc1ab0e85083f1ed82acfbd67a2fed2e5ec49705eba623beb705ab9b2cf956b07fb58f820b251e66aee9973db31a81e715c55b167362664b1773ca7fcd00a461f9cae0cc797ac15df7bbd309251fb73aa822e95bf1833097fb0bdbac4b0da589e8c9d5cef03ffdcbda952a4b152da482ce2ed49a5e6b80e40b3e8afa853c39ca8941142cf0cba54dc029
       EAP-Message = 0x8f32364717c9da251f046a641463ab9589af0fe6500bab5314030100010116030100207c0352873e8ceae0fc265a007f69df79f7a1e7b99166be4efb06656453554f73
       Message-Authenticator = 0x8282c63944155238f1c8506f745df723
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 5 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
 TLS Length 310
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap]     TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap]     TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 write finished A
[peap]     TLS_accept: SSLv3 flush data
[peap]     (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.253 port 2048
       EAP-Message = 0x010600311900140301000101160301002065bdffdb88759955a2d8693d859f01e353a87438d311cea2d7f834e304bb66fc
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0xe3a65930e6a040bd95dc8a11fd6c7282
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=137
Cleaning up request 5 ID 0 with timestamp +164
       User-Name = "steve"
       NAS-IP-Address = 192.168.2.253
       Called-Station-Id = "002618c62db2"
       Calling-Station-Id = "002719d11285"
       NAS-Identifier = "002618c62db2"
       NAS-Port = 6
       Framed-MTU = 1400
       State = 0xe3a65930e6a040bd95dc8a11fd6c7282
       NAS-Port-Type = Wireless-802.11
       EAP-Message = 0x020600061900
       Message-Authenticator = 0x9ba8b8ef89924d4fd492224f5abd95d7
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.253 port 2048
       EAP-Message = 0x0107002019001703010015c5085b2e70217b305357da92cf71460a2a302da537
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0xe3a65930e5a140bd95dc8a11fd6c7282
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=164
Cleaning up request 6 ID 0 with timestamp +165
       User-Name = "steve"
       NAS-IP-Address = 192.168.2.253
       Called-Station-Id = "002618c62db2"
       Calling-Station-Id = "002719d11285"
       NAS-Identifier = "002618c62db2"
       NAS-Port = 6
       Framed-MTU = 1400
       State = 0xe3a65930e5a140bd95dc8a11fd6c7282
       NAS-Port-Type = Wireless-802.11
       EAP-Message = 0x0207002119001703010016a1c17bc1189cc09392e8a74afdac26e3885c8d00b180
       Message-Authenticator = 0xd40705ea3c82b46a3b1c12a222800afd
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 7 length 33
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - steve
[peap] Got inner identity 'steve'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
       EAP-Message = 0x0207000a017374657665
server  {
[peap] Setting User-Name to steve
Sending tunneled request
       EAP-Message = 0x0207000a017374657665
       FreeRADIUS-Proxied-To = 127.0.0.1
       User-Name = "steve"
server  {
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 7 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry steve at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server
[peap] Got tunneled reply code 11
       EAP-Message = 0x0108001f1a0108001a10187c13503f2462800f63fef507c3f9be7374657665
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0x30e9061530e11cef70a53dfab9a25c91
[peap] Got tunneled reply RADIUS code 11
       EAP-Message = 0x0108001f1a0108001a10187c13503f2462800f63fef507c3f9be7374657665
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0x30e9061530e11cef70a53dfab9a25c91
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.253 port 2048
       EAP-Message = 0x010800361900170301002ba1e89db9ee15e118ae72586c08eed3e7e97cf135527fcd8f735d658e8b8102196784d5c7faea576195da59
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0xe3a65930e4ae40bd95dc8a11fd6c7282
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=218
Cleaning up request 7 ID 0 with timestamp +165
       User-Name = "steve"
       NAS-IP-Address = 192.168.2.253
       Called-Station-Id = "002618c62db2"
       Calling-Station-Id = "002719d11285"
       NAS-Identifier = "002618c62db2"
       NAS-Port = 6
       Framed-MTU = 1400
       State = 0xe3a65930e4ae40bd95dc8a11fd6c7282
       NAS-Port-Type = Wireless-802.11
       EAP-Message = 0x020800571900170301004c47afb2f313d5ba3ce251bafd823a82bb9b99ef5c5128a781ca63fad11316da2516eb4d9ddfe8ba8537b651bb9cb97781d37e09225d96e0a3f2ddc412e21c61e1994afce430f44f0c0587db54
       Message-Authenticator = 0xe1c119bff30772791d42b4f69c7a25b4
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 8 length 87
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
       EAP-Message = 0x020800401a0208003b31517bca5148535698662815c8919bc1480000000000000000963c8df9a52237602f33314d74fc4b61ea7da7100e41bd78007374657665
server  {
[peap] Setting User-Name to steve
Sending tunneled request
       EAP-Message = 0x020800401a0208003b31517bca5148535698662815c8919bc1480000000000000000963c8df9a52237602f33314d74fc4b61ea7da7100e41bd78007374657665
       FreeRADIUS-Proxied-To = 127.0.0.1
       User-Name = "steve"
       State = 0x30e9061530e11cef70a53dfab9a25c91
server  {
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 8 length 64
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry steve at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /usr/local/etc/raddb/sites-enabled/default
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username: steve
[mschap] Told to do MS-CHAPv2 for steve with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server
[peap] Got tunneled reply code 11
       EAP-Message = 0x010900331a0308002e533d35453830344536464246304332453934334644423546313345454538454545413835313131363835
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0x30e9061531e01cef70a53dfab9a25c91
[peap] Got tunneled reply RADIUS code 11
       EAP-Message = 0x010900331a0308002e533d35453830344536464246304332453934334644423546313345454538454545413835313131363835
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0x30e9061531e01cef70a53dfab9a25c91
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.253 port 2048
       EAP-Message = 0x0109004a1900170301003f3f44be1d754dd1d3a87ebc6920f839410b7b8860c04b067d0df559535a007a33865ec916f7d075c212464c11e28886727e76a5ecb5d9a30f2195376089dd51
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0xe3a65930ebaf40bd95dc8a11fd6c7282
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=160
Cleaning up request 8 ID 0 with timestamp +165
       User-Name = "steve"
       NAS-IP-Address = 192.168.2.253
       Called-Station-Id = "002618c62db2"
       Calling-Station-Id = "002719d11285"
       NAS-Identifier = "002618c62db2"
       NAS-Port = 6
       Framed-MTU = 1400
       State = 0xe3a65930ebaf40bd95dc8a11fd6c7282
       NAS-Port-Type = Wireless-802.11
       EAP-Message = 0x0209001d190017030100126138dde670ccb5020b154e6338f3d6a7ddbc
        Message-Authenticator = 0xd64c457c1c90f16c4985f6fa64222ac3
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 9 length 29
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
       EAP-Message = 0x020900061a03
server  {
[peap] Setting User-Name to steve
Sending tunneled request
       EAP-Message = 0x020900061a03
       FreeRADIUS-Proxied-To = 127.0.0.1
       User-Name = "steve"
       State = 0x30e9061531e01cef70a53dfab9a25c91
server  {
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 9 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry steve at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] Freeing handler
++[eap] returns ok
       expand: GOOD_PASS -> GOOD_PASS
Login OK: [steve] (from client ASUS port 0 via TLS tunnel) GOOD_PASS
# Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
} # server
[peap] Got tunneled reply code 2
       MS-MPPE-Encryption-Policy = 0x00000002
       MS-MPPE-Encryption-Types = 0x00000004
       MS-MPPE-Send-Key = 0x4fc7fd4f645e75bd636a2fa76a2122ba
       MS-MPPE-Recv-Key = 0x5069d992b6a4cbe65cc354a2f6bfd956
       EAP-Message = 0x03090004
       Message-Authenticator = 0x00000000000000000000000000000000
       User-Name = "steve"
[peap] Got tunneled reply RADIUS code 2
       MS-MPPE-Encryption-Policy = 0x00000002
       MS-MPPE-Encryption-Types = 0x00000004
       MS-MPPE-Send-Key = 0x4fc7fd4f645e75bd636a2fa76a2122ba
       MS-MPPE-Recv-Key = 0x5069d992b6a4cbe65cc354a2f6bfd956
       EAP-Message = 0x03090004
       Message-Authenticator = 0x00000000000000000000000000000000
       User-Name = "steve"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.253 port 2048
       EAP-Message = 0x010a00261900170301001b11a77e7f2585fb2025fbf06f768401b13a4cb397322a718d4ce994
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0xe3a65930eaac40bd95dc8a11fd6c7282
Finished request 9.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.253 port 2048, id=0, length=169
Cleaning up request 9 ID 0 with timestamp +166
       User-Name = "steve"
       NAS-IP-Address = 192.168.2.253
       Called-Station-Id = "002618c62db2"
       Calling-Station-Id = "002719d11285"
       NAS-Identifier = "002618c62db2"
       NAS-Port = 6
       Framed-MTU = 1400
       State = 0xe3a65930eaac40bd95dc8a11fd6c7282
       NAS-Port-Type = Wireless-802.11
       EAP-Message = 0x020a00261900170301001bf2f611e6e71b966a21ab303fc67299f44f2f800c0554cb0b10e6f5
       Message-Authenticator = 0xd4a3271261dc03f86cf1b84a6f90832a
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[ntdomain] No '\' in User-Name = "steve", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 10 length 38
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Client rejected our response.  The password is probably incorrect.
[peap] We sent a success, but received something weird in return.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
       expand: BAD_PASS -> BAD_PASS
Login incorrect: [steve] (from client ASUS port 6 cli 002719d11285) BAD_PASS
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> steve
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 10 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 10
Sending Access-Reject of id 0 to 192.168.2.253 port 2048
       EAP-Message = 0x040a0004
       Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4.9 seconds.
Cleaning up request 10 ID 0 with timestamp +166
Ready to process requests.

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

ss25

Опубликовано 14 марта, 2012 · Жалоба

Подключился. Проблема была в клиенте.

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Ответить в тему...

× Вставлено в виде отформатированного текста. Вставить в виде обычного текста

Разрешено не более 75 смайлов.

× Ваша ссылка была автоматически встроена. Отобразить как ссылку

× Ваш предыдущий контент был восстановлен. Очистить редактор

× Вы не можете вставить изображения напрямую. Загрузите или вставьте изображения по ссылке.

Изображение по ссылке

Подписчики 0

Перейти к списку тем Программное обеспечение, биллинг и *unix системы

Войти

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

Поделиться сообщением

Ссылка на сообщение

Поделиться на других сайтах

Join the conversation