FreeRADIUS Version 2.1.9, for host amd64-portbld-freebsd8.1, built on Aug 30 2010 at 17:42:01 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/modules/cui including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/detail.example.com including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/expr including configuration file /usr/local/etc/raddb/modules/files including configuration file /usr/local/etc/raddb/modules/inner-eap including configuration file /usr/local/etc/raddb/modules/ippool including configuration file /usr/local/etc/raddb/modules/krb5 including configuration file /usr/local/etc/raddb/modules/ldap including configuration file /usr/local/etc/raddb/modules/linelog including configuration file /usr/local/etc/raddb/modules/logintime including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/mac2vlan including configuration file /usr/local/etc/raddb/modules/mschap including configuration file /usr/local/etc/raddb/modules/ntlm_auth including configuration file /usr/local/etc/raddb/modules/otp including configuration file /usr/local/etc/raddb/modules/pam including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/passwd including configuration file /usr/local/etc/raddb/modules/perl including configuration file /usr/local/etc/raddb/modules/policy including configuration file /usr/local/etc/raddb/modules/preprocess including configuration file /usr/local/etc/raddb/modules/radutmp including configuration file /usr/local/etc/raddb/modules/realm including configuration file /usr/local/etc/raddb/modules/smbpasswd including configuration file /usr/local/etc/raddb/modules/smsotp including configuration file /usr/local/etc/raddb/modules/sql_log including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login including configuration file /usr/local/etc/raddb/modules/sradutmp including configuration file /usr/local/etc/raddb/modules/unix including configuration file /usr/local/etc/raddb/modules/acct_unique including configuration file /usr/local/etc/raddb/eap.conf including configuration file /usr/local/etc/raddb/policy.conf including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/default including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel including configuration file /usr/local/etc/raddb/sites-enabled/control-socket main { user = "freeradius" group = "freeradius" allow_core_dumps = no } including dictionary file /usr/local/etc/raddb/dictionary main { prefix = "/usr/local" localstatedir = "/var" logdir = "/var/log" libdir = "/usr/local/lib/freeradius-2.1.9" radacctdir = "/var/log/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/local/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = yes auth_badpass = yes auth_goodpass = yes } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 require_message_authenticator = no zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 irt = 2 mrt = 16 mrc = 5 mrd = 30 } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } client 192.168.100.120 { require_message_authenticator = no secret = "nejakeheslo" shortname = "nova_2960" nastype = "cisco" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating expr Module: Linked to module rlm_expiration Module: Instantiating expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server inner-tunnel { modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating chap Module: Linked to module rlm_mschap Module: Instantiating mschap mschap { use_mppe = yes require_encryption = yes require_strong = yes with_ntdomain_hack = no } Module: Linked to module rlm_unix Module: Instantiating unix unix { radwtmp = "/var/log/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating eap eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = yes cisco_accounting_username_bug = yes max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/server.pem" certificate_file = "/usr/local/etc/raddb/certs/server.pem" CA_file = "/usr/local/etc/raddb/certs/ca.pem" private_key_password = "whatever" dh_file = "/usr/local/etc/raddb/certs/dh" random_file = "/usr/local/etc/raddb/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/usr/local/etc/raddb/certs/bootstrap" cache { enable = no lifetime = 24 max_entries = 255 } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_realm Module: Instantiating suffix realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating files files { usersfile = "/usr/local/etc/raddb/users" acctusersfile = "/usr/local/etc/raddb/acct_users" preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" compat = "no" } Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating radutmp radutmp { filename = "/var/log/radacct/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 420 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_attr_filter Module: Instantiating attr_filter.access_reject attr_filter attr_filter.access_reject { attrsfile = "/usr/local/etc/raddb/attrs.access_reject" key = "%{User-Name}" } } # modules } # server server { modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating preprocess preprocess { huntgroups = "/usr/local/etc/raddb/huntgroups" hints = "/usr/local/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Linked to module rlm_detail Module: Instantiating auth_log detail auth_log { detailfile = "/var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Instantiating detail detail { detailfile = "/var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating attr_filter.accounting_response attr_filter attr_filter.accounting_response { attrsfile = "/usr/local/etc/raddb/attrs.accounting_response" key = "%{User-Name}" } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating reply_log detail reply_log { detailfile = "/var/log/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "control" listen { socket = "/var/run/radiusd/radiusd.sock" } } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radiusd.sock Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 192.168.100.120 port 1645, id=227, length=189 User-Name = "pepa" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "1C-17-D3-44-BC-81" Calling-Station-Id = "00-24-7E-DE-94-D9" EAP-Message = 0x020200090170657061 Message-Authenticator = 0x7e88b26d467afe45ec41c06e5c5a8ae7 Cisco-AVPair = "audit-session-id=C0A864780000002C014BCDFE" NAS-Port-Type = Ethernet NAS-Port = 50001 NAS-Port-Id = "FastEthernet0/1" NAS-IP-Address = 192.168.100.120 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radacct/192.168.100.120/auth-detail-20100830 [auth_log] /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/192.168.100.120/auth-detail-20100830 [auth_log] expand: %t -> Mon Aug 30 18:22:10 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "pepa", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 9 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 205 [files] users: Matched entry pepa at line 209 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 227 to 192.168.100.120 port 1645 EAP-Message = 0x010300160410e3faa49af281b866734f401ec698b01e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f4da6c74f4ea2368e0da8caf87d483d Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.100.120 port 1645, id=228, length=204 User-Name = "pepa" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "1C-17-D3-44-BC-81" Calling-Station-Id = "00-24-7E-DE-94-D9" EAP-Message = 0x020300060319 Message-Authenticator = 0xf7af99f9c2e3268f2f89a098d900fce0 Cisco-AVPair = "audit-session-id=C0A864780000002C014BCDFE" NAS-Port-Type = Ethernet NAS-Port = 50001 NAS-Port-Id = "FastEthernet0/1" State = 0x4f4da6c74f4ea2368e0da8caf87d483d NAS-IP-Address = 192.168.100.120 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radacct/192.168.100.120/auth-detail-20100830 [auth_log] /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/192.168.100.120/auth-detail-20100830 [auth_log] expand: %t -> Mon Aug 30 18:22:10 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "pepa", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 205 [files] users: Matched entry pepa at line 209 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 228 to 192.168.100.120 port 1645 EAP-Message = 0x010400061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f4da6c74e49bf368e0da8caf87d483d Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.100.120 port 1645, id=229, length=301 User-Name = "pepa" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "1C-17-D3-44-BC-81" Calling-Station-Id = "00-24-7E-DE-94-D9" EAP-Message = 0x0204006719800000005d16030100580100005403014c7bdab2f8f6a34c3a98813c9275f62aaad542a453d2e6ed5b145dcc6a3e06bb00002600390038003500160013000a00330032002f0005000400150012000900140011000800060003020100000400230000 Message-Authenticator = 0x9cf424631d27b6882e9b51c9988fdf6f Cisco-AVPair = "audit-session-id=C0A864780000002C014BCDFE" NAS-Port-Type = Ethernet NAS-Port = 50001 NAS-Port-Id = "FastEthernet0/1" State = 0x4f4da6c74e49bf368e0da8caf87d483d NAS-IP-Address = 192.168.100.120 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radacct/192.168.100.120/auth-detail-20100830 [auth_log] /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/192.168.100.120/auth-detail-20100830 [auth_log] expand: %t -> Mon Aug 30 18:22:10 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "pepa", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 103 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 93 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0058], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0030], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 085e], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 229 to 192.168.100.120 port 1645 EAP-Message = 0x0105040019c000000ab316030100300200002c03014c7bdab213f25aa7c01664100baac8603e6ec33a870bd403e81c58a3a5058a1e00003900000400230000160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574 EAP-Message = 0x686f72697479301e170d3130303330383039333930335a170d3131303330383039333930335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100bc900ba5e43383d9ea4bab001d174e0c2c2948f5fb8d176fa8afce9bc0588fceb57f60d1f42f3818cff2a36f34e2f9096dd49cbbcafa7302 EAP-Message = 0x39c31b86dbc1e931e09813f309fb4ff8b16df4dc7fa1fd39bacc3963744affc139ee5b1ce598e8235d771ea6c24e406c55a372d6886752098acb9ab8864905b186f054fa8fa47fecb4f295247b2f73fbd78253bd327bc42dbfefff0ec88423529a5d5435c9b16dcb9ff0d6d4f0a349de9795f20071f5a62c03ac0b0e793edbdbdb536e937abd81b2690d0e5fb0b17662902b5041e8c9bfb17be4a2496e62b099da60f0312087eb6e1b94d6c346785868ffa2cbee7d18e1920ede4b23f9c79742feaeeee6a775e34f0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101007e5af6 EAP-Message = 0xb7820b8c6fb98bbc9a4c75e5ab8cf4ac7c145a595bdc5c29bceac91fbd07e78da01ff412bfce3fbf8c418d97ccf058f1f5070dd0ce7848fc38a8c0c8dd63a4c89ccf6ba136ab756c9d4ef98cf315511d144ff71b66fdf7f8b0246e5bab46a67060263faa942f4bcf368b0f9a6b442fc22eb4aea7368dd43bcf7b20b5774da2b81a975f75862fd9beac1b3ab92ac98bb289139b74109fb673055e1931ce7376813abb6f7550a42535d684bf78ef5faaf3183b892732f1734b64326abb66b29b654a960cd3d8283dbeacb2e2832a2ac8fc48093dd231269f389306bb7c245742da8a5eb0724dc8820c93196a144ca2ecf51db4f22fee5f9c001e8633401f EAP-Message = 0x0004ab308204a73082038fa0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f4da6c74d48bf368e0da8caf87d483d Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.100.120 port 1645, id=230, length=204 User-Name = "pepa" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "1C-17-D3-44-BC-81" Calling-Station-Id = "00-24-7E-DE-94-D9" EAP-Message = 0x020500061900 Message-Authenticator = 0xb0c5d73bc0549cfb4236a0c01055583d Cisco-AVPair = "audit-session-id=C0A864780000002C014BCDFE" NAS-Port-Type = Ethernet NAS-Port = 50001 NAS-Port-Id = "FastEthernet0/1" State = 0x4f4da6c74d48bf368e0da8caf87d483d NAS-IP-Address = 192.168.100.120 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radacct/192.168.100.120/auth-detail-20100830 [auth_log] /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/192.168.100.120/auth-detail-20100830 [auth_log] expand: %t -> Mon Aug 30 18:22:10 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "pepa", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 230 to 192.168.100.120 port 1645 EAP-Message = 0x010603fc194003020102020900d4e504fc382fb72e300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3130303330383039333930335a170d3131303330383039333930335a308193310b3009060355040613024652310f300d060355040813065261646975733112 EAP-Message = 0x301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a028201010096696c9e36282fd3c21f0761c70fef8a3159bb3c9bf97ae60c8ea2ad90c332b7a51f3db99c6e1c8e40f7afd1bcbef431c57d70bc575bc19c9270e3b4e03a4f499d044b97a78bd75b6ee1e28bc4ffca3bab7bfe246bac300ec57c45a19b569e9f5bde9857bfdbedecad EAP-Message = 0x5ce3af5b5d068c7b71c07a80a8be5c4493cc92989f08da3418d4145023a8197a7a18917a927dd00d28f0cbe8681eb75365a2f2ae83d56656e3283413b046bdad3522ea8450722fc9a73dfb56761f2bcb3d4598610fb8e68c3c83de8180d2504c448ec255fd216421514bd40b9445d47939b6b38fab1555a87169a120e575da3d36ab55bc02c34a9cc8c980b8ebc19c6bb79fa2e8e92f7d0203010001a381fb3081f8301d0603551d0e04160414d0210258f97b4021fa360e04106db65c15d4fa463081c80603551d230481c03081bd8014d0210258f97b4021fa360e04106db65c15d4fa46a18199a48196308193310b3009060355040613024652310f EAP-Message = 0x300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900d4e504fc382fb72e300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010074bfae0d1cb1545a1b23719cefc6cd8651738c970e8cfd120c20026648cf790619a475019abd66a119a0064b1e6d57dcad86e35e49c01163b11ad233c0cd71e3065b3a2525f8fbbe86207f82 EAP-Message = 0x079882c0ee57cf2a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f4da6c74c4bbf368e0da8caf87d483d Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.100.120 port 1645, id=231, length=204 User-Name = "pepa" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "1C-17-D3-44-BC-81" Calling-Station-Id = "00-24-7E-DE-94-D9" EAP-Message = 0x020600061900 Message-Authenticator = 0x86ce3009092714909811365f6d310569 Cisco-AVPair = "audit-session-id=C0A864780000002C014BCDFE" NAS-Port-Type = Ethernet NAS-Port = 50001 NAS-Port-Id = "FastEthernet0/1" State = 0x4f4da6c74c4bbf368e0da8caf87d483d NAS-IP-Address = 192.168.100.120 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radacct/192.168.100.120/auth-detail-20100830 [auth_log] /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/192.168.100.120/auth-detail-20100830 [auth_log] expand: %t -> Mon Aug 30 18:22:10 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "pepa", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 231 to 192.168.100.120 port 1645 EAP-Message = 0x010702cd1900ce151071c23e58f240fea7c10ab4913dc9b52e1e2fac905633ccc2a06266f0de1ac1736b7b9c74292d2cc7851a16ec62b6cecbc96618629f5553a76f1e829dc922968b97e1eea00bc153e37eaa288a81e74b2301d75a6a5069540b3e958b3463d34da24a2740cf0564444816f550619248bb6093d2976200cfba522c6f7fbdd09367289d431506e4f95fea89b59f21d733e23f06ec4f9c87c56c30e2929236a152cef47d6865c4cad910bff5160301020d0c0002090080a2d70b13ecabafd750c286e5c61f9d606bd070f371d0d041861458aed6ac7d782898b64d6e70ce7012a2f8b50ea7f3771b70e9fca6882c76b2088598d80b63bc EAP-Message = 0x443426e4480725e8c2fe4a0f9765212d2fcf5446493805648a269799c164d52555c2ba1ab096a3cdd5fcfef627b80a136a9ce03790db6525a17a5eb14ff93003000102008025c12091f14bba528599c2dfb5041c488003b0ce166f9b30edb1dc1ef0a738371923109fa49a3b14da1643a8eb66ceebddc09b034adb9a29e5a6c3c584a27b458f1f1654e9a49fd1cceed31cddff853ae86db27d904a46fd548a96daef42f53865dc353328f422d6ce755e1dd8f308647e2fe1794bafd945c3d6dcf56fa1d794010075067cc78ec73605fdb0972b84ce4d438403b0f762509506bf6b04d644c74cf719b40631ce73f2b7b27c77d9909ab3a98a3a604cce05 EAP-Message = 0x0f744e9e4a02a1359a03d411155591702d20b8f6d3e8c7016ca6987a9d6f98ff69848908ff407a5779ebf5f2805ffd381ac890ef32d4fc38d57b364f9d761ef6bf6f44ba09f64f93659b14ca1a72d214f2c7646763523a262bb8a4a31ab688db1f61dc36b391ebc0bfefb84a789a809f8776b1b1982a6d42fa04e9e3d492739ed8d8c5ccb0d5e9212dfe73054572bef91c5f2e4633fd22c3a5d0db70976e270eccfbc55cab098ae3280ab8212d6abf89956e70ca83e3a13e7f3a2bec989559be481f245d825e354e706916030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f4da6c74b4abf368e0da8caf87d483d Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.100.120 port 1645, id=232, length=406 User-Name = "pepa" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "1C-17-D3-44-BC-81" Calling-Station-Id = "00-24-7E-DE-94-D9" EAP-Message = 0x020700d01980000000c61603010086100000820080484a05aa8aae02841d82d024b6a62b562a95e650ecf9eac6af7b4cec9df235359a406002956f6d7d8ea63fe788301193acd6cd40a7a2021efa0b9837195b32501e3edeb2452d01c239b84cc85efee4eb7212e8ae333eac7ccb14280e8064acd3f47fa262227e6fc46d5d3835be65fef64874a2168de588d367c6c09a273ec5ef1403010001011603010030ef3a045b91c08fba3b9e44301a6bf7035207fd8ebdf3982d07ccb77fd275e82f7af2f17fff71f474217a6376a28d2095 Message-Authenticator = 0xb421ad953aa0c336ada4596ed024ed82 Cisco-AVPair = "audit-session-id=C0A864780000002C014BCDFE" NAS-Port-Type = Ethernet NAS-Port = 50001 NAS-Port-Id = "FastEthernet0/1" State = 0x4f4da6c74b4abf368e0da8caf87d483d NAS-IP-Address = 192.168.100.120 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radacct/192.168.100.120/auth-detail-20100830 [auth_log] /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/192.168.100.120/auth-detail-20100830 [auth_log] expand: %t -> Mon Aug 30 18:22:10 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "pepa", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 208 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 198 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 Handshake [length 00aa]??? [peap] TLS_accept: SSLv3 write session ticket A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 232 to 192.168.100.120 port 1645 EAP-Message = 0x010800f0190016030100aa040000a60000000000a000963e4c918475f99920866ce7cee44f64fb19d0c63d9bab8fc4581ee9731dcb7ec195fb786290f9748a7130f66cc68a3831c270f48e30477f43a42cd8c5b545db89601e21f3447c6f82a0cf1c32276fac8f75f3bf6c07973a498aaf28e34b3c3556092aa3229c6ee301ecd699707c4d2b3ebbac9e5724eee42261f2668de2f9c403765cbdf138e2998a7b4f6d9ef56b3b4df96e2b73bd8f8fde9390d9ad37be140301000101160301003077218a44d487d4e5e2f9aebcce9ca49fb27365a6a96f8250d0c9337c95169312b389c7f79d7fa19a1f45bc0a77babbe9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f4da6c74a45bf368e0da8caf87d483d Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.100.120 port 1645, id=233, length=204 User-Name = "pepa" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "1C-17-D3-44-BC-81" Calling-Station-Id = "00-24-7E-DE-94-D9" EAP-Message = 0x020800061900 Message-Authenticator = 0x906ae35c1fd72636c2cfef819ce784cf Cisco-AVPair = "audit-session-id=C0A864780000002C014BCDFE" NAS-Port-Type = Ethernet NAS-Port = 50001 NAS-Port-Id = "FastEthernet0/1" State = 0x4f4da6c74a45bf368e0da8caf87d483d NAS-IP-Address = 192.168.100.120 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radacct/192.168.100.120/auth-detail-20100830 [auth_log] /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/192.168.100.120/auth-detail-20100830 [auth_log] expand: %t -> Mon Aug 30 18:22:10 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "pepa", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 233 to 192.168.100.120 port 1645 EAP-Message = 0x0109002b19001703010020bab0a97064a261c18b55e2dd5e8d7e3bede19d77f584240651ac6d4d59d379c7 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f4da6c74944bf368e0da8caf87d483d Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.100.120 port 1645, id=234, length=278 User-Name = "pepa" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "1C-17-D3-44-BC-81" Calling-Station-Id = "00-24-7E-DE-94-D9" EAP-Message = 0x02090050190017030100201ce63b267e93248c316cc2b3569a8f41660822e9bdaa127e48c1f46722a7c99f1703010020e8d3f70a8272dccd3cc91f549ca94db7e8640d8f05d058000d70a3f989db4fd8 Message-Authenticator = 0x9589288c67d16ae7d650540e2a2bd4d7 Cisco-AVPair = "audit-session-id=C0A864780000002C014BCDFE" NAS-Port-Type = Ethernet NAS-Port = 50001 NAS-Port-Id = "FastEthernet0/1" State = 0x4f4da6c74944bf368e0da8caf87d483d NAS-IP-Address = 192.168.100.120 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radacct/192.168.100.120/auth-detail-20100830 [auth_log] /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/192.168.100.120/auth-detail-20100830 [auth_log] expand: %t -> Mon Aug 30 18:22:10 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "pepa", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - pepa [peap] Got tunneled request EAP-Message = 0x020900090170657061 server { PEAP: Got tunneled identity of pepa PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to pepa Sending tunneled request EAP-Message = 0x020900090170657061 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "pepa" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "pepa", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 9 length 9 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 205 [files] users: Matched entry pepa at line 209 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010a001e1a010a001910a8048dd2e5debccc0da82240d8460ac670657061 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6e1366006e197c192eadc9ed81eaf547 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010a001e1a010a001910a8048dd2e5debccc0da82240d8460ac670657061 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6e1366006e197c192eadc9ed81eaf547 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 234 to 192.168.100.120 port 1645 EAP-Message = 0x010a003b190017030100301b3e18cd1b86c598ed6d6055ac0b95efda1dcafe390496b48384a9c6f775c78c88e9d6c4b14cc459b0b0b48de75ed0eb Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f4da6c74847bf368e0da8caf87d483d Finished request 7. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.100.120 port 1645, id=235, length=326 User-Name = "pepa" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "1C-17-D3-44-BC-81" Calling-Station-Id = "00-24-7E-DE-94-D9" EAP-Message = 0x020a008019001703010020f2f7003b8db3de112cbb218598324036c17a6ab6984be3758cb3c8768970483c17030100505a841042fded4dc0b980cfb58c61dec3677f00d02fc0e877fde9b92d719160cf00557a5c35420a148eb8b05fefc8c2e15eab2370ee56cddea91e561781bd1c5220d6f46cb3e67df0b0a002b333425b1c Message-Authenticator = 0x74aed1aa1735126bcb41273405aab6d2 Cisco-AVPair = "audit-session-id=C0A864780000002C014BCDFE" NAS-Port-Type = Ethernet NAS-Port = 50001 NAS-Port-Id = "FastEthernet0/1" State = 0x4f4da6c74847bf368e0da8caf87d483d NAS-IP-Address = 192.168.100.120 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radacct/192.168.100.120/auth-detail-20100830 [auth_log] /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/192.168.100.120/auth-detail-20100830 [auth_log] expand: %t -> Mon Aug 30 18:22:10 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "pepa", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 10 length 128 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020a003f1a020a003a315ef9b8b9cb90c178744d2398028351f40000000000000000112e8b80cf04499f0760f7af1f4fbc9601bb4c17d0b4a7270070657061 server { PEAP: Setting User-Name to pepa Sending tunneled request EAP-Message = 0x020a003f1a020a003a315ef9b8b9cb90c178744d2398028351f40000000000000000112e8b80cf04499f0760f7af1f4fbc9601bb4c17d0b4a7270070657061 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "pepa" State = 0x6e1366006e197c192eadc9ed81eaf547 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "pepa", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 10 length 63 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 205 [files] users: Matched entry pepa at line 209 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] Told to do MS-CHAPv2 for pepa with NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010b00331a030a002e533d32324341413734363645463137313130314445423243323746413330344445353435333630323631 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6e1366006f187c192eadc9ed81eaf547 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010b00331a030a002e533d32324341413734363645463137313130314445423243323746413330344445353435333630323631 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6e1366006f187c192eadc9ed81eaf547 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 235 to 192.168.100.120 port 1645 EAP-Message = 0x010b005b1900170301005069248253493071c2931b87b3db4edd0eac85e8773e10fa7378be90526800090733c95d6634476fe5f630532492887fbb53316d6306dd282c2fd478ed60e58afbfb5f7086c0299a322e393c84bc715107 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f4da6c74746bf368e0da8caf87d483d Finished request 8. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.100.120 port 1645, id=236, length=278 User-Name = "pepa" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "1C-17-D3-44-BC-81" Calling-Station-Id = "00-24-7E-DE-94-D9" EAP-Message = 0x020b0050190017030100202bfe495018bce176341a92dbd3d73329cf5c06b093f1da6693ddeddba48397d0170301002016b314584a5d70c027baa87213359785f99df4633e21edd815c8da386a0bd4d6 Message-Authenticator = 0x72beeac65415f42498307ae4f74cefc0 Cisco-AVPair = "audit-session-id=C0A864780000002C014BCDFE" NAS-Port-Type = Ethernet NAS-Port = 50001 NAS-Port-Id = "FastEthernet0/1" State = 0x4f4da6c74746bf368e0da8caf87d483d NAS-IP-Address = 192.168.100.120 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radacct/192.168.100.120/auth-detail-20100830 [auth_log] /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/192.168.100.120/auth-detail-20100830 [auth_log] expand: %t -> Mon Aug 30 18:22:10 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "pepa", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 11 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020b00061a03 server { PEAP: Setting User-Name to pepa Sending tunneled request EAP-Message = 0x020b00061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "pepa" State = 0x6e1366006f187c192eadc9ed81eaf547 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "pepa", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 11 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 205 [files] users: Matched entry pepa at line 209 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Freeing handler ++[eap] returns ok +- entering group session {...} [radutmp] expand: /var/log/radacct/radutmp -> /var/log/radacct/radutmp ++[radutmp] returns ok Login OK: [pepa/] (from client nova_2960 port 0 via TLS tunnel) WARNING: Empty post-auth section. Using default return values. } # server inner-tunnel [peap] Got tunneled reply code 2 EAP-Message = 0x030b0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "pepa" [peap] Got tunneled reply RADIUS code 2 EAP-Message = 0x030b0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "pepa" [peap] Tunneled authentication was successful. [peap] SUCCESS ++[eap] returns handled Sending Access-Challenge of id 236 to 192.168.100.120 port 1645 EAP-Message = 0x010c002b1900170301002058384c09367692afa9ab0eaa2cd433835cf1231ac14351458fde52f907c4da9d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f4da6c74641bf368e0da8caf87d483d Finished request 9. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.100.120 port 1645, id=237, length=278 User-Name = "pepa" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "1C-17-D3-44-BC-81" Calling-Station-Id = "00-24-7E-DE-94-D9" EAP-Message = 0x020c0050190017030100200723c42ba5eb278ffabb6f503d782c9f66f9a36488c61aea216f53b38297d7e11703010020b7c4ff8d7e3f42749e8f51bf686bc2b83479844d5c960fb4786567e57cee0484 Message-Authenticator = 0xaec3cabc3f50e764fd0337a3d021ae3e Cisco-AVPair = "audit-session-id=C0A864780000002C014BCDFE" NAS-Port-Type = Ethernet NAS-Port = 50001 NAS-Port-Id = "FastEthernet0/1" State = 0x4f4da6c74641bf368e0da8caf87d483d NAS-IP-Address = 192.168.100.120 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radacct/192.168.100.120/auth-detail-20100830 [auth_log] /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/192.168.100.120/auth-detail-20100830 [auth_log] expand: %t -> Mon Aug 30 18:22:10 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "pepa", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 12 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Success [eap] Freeing handler ++[eap] returns ok Login OK: [pepa/] (from client nova_2960 port 50001 cli 00-24-7E-DE-94-D9) +- entering group post-auth {...} [reply_log] expand: /var/log/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /var/log/radacct/192.168.100.120/reply-detail-20100830 [reply_log] /var/log/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/radacct/192.168.100.120/reply-detail-20100830 [reply_log] expand: %t -> Mon Aug 30 18:22:10 2010 ++[reply_log] returns ok ++[exec] returns noop Sending Access-Accept of id 237 to 192.168.100.120 port 1645 MS-MPPE-Recv-Key = 0x773637a8c02698f47a8c623ffd60ff91b95088f55eb6f85b584935d717ec6588 MS-MPPE-Send-Key = 0xb8aea25650e364937ee13c452dd0ba17c3ca99a2a4244f77396dfdc472d30a7b EAP-Message = 0x030c0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "pepa" Finished request 10. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 227 with timestamp +38 Cleaning up request 1 ID 228 with timestamp +38 Cleaning up request 2 ID 229 with timestamp +38 Cleaning up request 3 ID 230 with timestamp +38 Cleaning up request 4 ID 231 with timestamp +38 Cleaning up request 5 ID 232 with timestamp +38 Cleaning up request 6 ID 233 with timestamp +38 Cleaning up request 7 ID 234 with timestamp +38 Cleaning up request 8 ID 235 with timestamp +38 Cleaning up request 9 ID 236 with timestamp +38 Cleaning up request 10 ID 237 with timestamp +38 Ready to process requests.