Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: lists.debian.org > debian-user-digest > 07 > 090638.html (Request Expert lists.debian.org Support)

debian-user-digest Digest V2007 #2523

From: <debian-user-digest-request(at)lists.debian.org>
Date: Sun Sep 30 2007 - 22:57:08 EDT


Content-Type: text/plain

debian-user-digest Digest Volume 2007 : Issue 2523

Today's Topics:
  OT: Problems with radiusd and EAP-PE [ Sergio Belkin <sebelk@gmail.com> ]

Date: Sun, 30 Sep 2007 23:40:35 -0300
From: Sergio Belkin <sebelk@gmail.com>
To: debian-user@lists.debian.org
Subject: OT: Problems with radiusd and EAP-PEAP 

Message-Id: <200709302340.35433.sebelk@gmail.com>
Content-Disposition: inline
Content-Type: text/plain;

  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi community (sorry for the OT)
I keep trying in order to radius authenticate and authorize users from XP. = I=20
have a very simple configuration, only a "plain user". Please bear in mind=
=20

that I've just read =20
http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#PEAP_or_EAP-TLS_Do= esn.27t_Work_with_a_Windows_machine.
I've put xpextensions file in the same directory that openssl.cnf. I've imported cacert.pem both Windows XP and Linux too. (Linux is an Ubuntu=
=20

7.04)=20

I feel like a fool because I can't solve this problem being and server so e= asy=20
to configure it... I've even read some RFC, but I couldn't find the problem

The Access Point es a Linksys WAP54G.

Do you need help?X

Please could you help me?

##########
radtest output:

Starting - reading configuration files ... reread_config: reading radiusd.conf 

Config:   including file: /usr/local/etc/raddb/proxy.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/eap.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix =3D "/usr/local"
 main: localstatedir =3D "/usr/local/var"
 main: logdir =3D "/usr/local/var/log/radius"
 main: libdir =3D "/usr/local/lib"
 main: radacctdir =3D "/usr/local/var/log/radius/radacct"
 main: hostname_lookups =3D no
 main: max_request_time =3D 30
 main: cleanup_delay =3D 5
 main: max_requests =3D 1024
 main: delete_blocked_requests =3D 0
 main: port =3D 0
 main: allow_core_dumps =3D no
 main: log_stripped_names =3D no
 main: log_file =3D "/usr/local/var/log/radius/radius.log"
 main: log_auth =3D no
 main: log_auth_badpass =3D no
 main: log_auth_goodpass =3D no
 main: pidfile =3D "/usr/local/var/run/radiusd/radiusd.pid"
 main: user =3D "radiusd"
 main: group =3D "radiusd"
 main: usercollide =3D no
 main: lower_user =3D "no"
 main: lower_pass =3D "no"
 main: nospace_user =3D "no"
 main: nospace_pass =3D "no"

 main: checkrad =3D "/usr/local/sbin/checkrad"  main: proxy_requests =3D yes 
 proxy: retry_delay =3D 5
 proxy: retry_count =3D 3
 proxy: synchronous =3D no
 proxy: default_fallback =3D yes
 proxy: dead_time =3D 120
 proxy: post_proxy_authorize =3D no
 proxy: wake_all_if_all_dead =3D no
 security: max_attributes =3D 200

 security: reject_delay =3D 1
 security: status_server =3D no
 main: debug_level =3D 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib Module: Loaded exec 
 exec: wait =3D yes
 exec: program =3D "(null)"
 exec: input_pairs =3D "request"
 exec: output_pairs =3D "(null)"
 exec: packet_type =3D "(null)"

rlm_exec: Wait=3Dyes but no output defined. Did you mean output=3Dnone? 
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP

 pap: encryption_scheme =3D "crypt"
 pap: auto_header =3D yes 
Module: Instantiated pap (pap)
Module: Loaded CHAP

Do you need more help?X

Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
 mschap: use_mppe =3D yes
 mschap: require_encryption =3D no
 mschap: require_strong =3D no
 mschap: with_ntdomain_hack =3D no

 mschap: passwd =3D "(null)"
 mschap: ntlm_auth =3D "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System 
 unix: cache =3D no
 unix: passwd =3D "(null)"
 unix: shadow =3D "(null)"
 unix: group =3D "(null)"
 unix: radwtmp =3D "/usr/local/var/log/radius/radwtmp"
 unix: usegroup =3D no
 unix: cache_reload =3D 600

Module: Instantiated unix (unix)
Module: Loaded eap 
 eap: default_eap_type =3D "peap"
 eap: timer_expire =3D 2147483647
 eap: ignore_unknown_eap_types =3D no
 eap: cisco_accounting_username_bug =3D no
rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap  gtc: challenge =3D "Password: "
 gtc: auth_type =3D "PAP"
rlm_eap: Loaded and initialized type gtc 
 tls: rsa_key_exchange =3D no
 tls: dh_key_exchange =3D yes
 tls: rsa_key_length =3D 512
 tls: dh_key_length =3D 512
 tls: verify_depth =3D 0
 tls: CA_path =3D "(null)"
 tls: pem_file_type =3D yes
 tls: private_key_file =3D "/usr/local/etc/raddb/certs/privandpubradius.pem"
 tls: certificate_file =3D "/usr/local/etc/raddb/certs/privandpubradius.pem"
 tls: CA_file =3D "/usr/local/etc/raddb/certs/CA/cacert.pem"
 tls: private_key_password =3D "pepito"
 tls: dh_file =3D "/usr/local/etc/raddb/certs/dh"
 tls: random_file =3D "/usr/local/etc/raddb/certs/random"
 tls: fragment_size =3D 1024
 tls: include_length =3D yes
 tls: check_crl =3D no
 tls: check_cert_cn =3D "(null)"
 tls: cipher_list =3D "(null)"
 tls: check_cert_issuer =3D "(null)"

rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls 
 peap: default_eap_type =3D "mschapv2"
 peap: copy_request_to_tunnel =3D no
 peap: use_tunneled_reply =3D no
 peap: proxy_tunneled_request_as_eap =3D yes
rlm_eap: Loaded and initialized type peap  mschapv2: with_ntdomain_hack =3D no
rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap)
Module: Loaded preprocess 
 preprocess: huntgroups =3D "/usr/local/etc/raddb/huntgroups"
 preprocess: hints =3D "/usr/local/etc/raddb/hints"
 preprocess: with_ascend_hack =3D no
 preprocess: ascend_channels_per_line =3D 23
 preprocess: with_ntdomain_hack =3D no
 preprocess: with_specialix_jetstream_hack =3D no
 preprocess: with_cisco_vsa_hack =3D no

Can we help you?X

 preprocess: with_alvarion_vsa_hack =3D no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
 realm: format =3D "suffix"
 realm: delimiter =3D "@"
 realm: ignore_default =3D no
 realm: ignore_null =3D no
Module: Instantiated realm (suffix)
Module: Loaded files
 files: usersfile =3D "/usr/local/etc/raddb/users"
 files: acctusersfile =3D "/usr/local/etc/raddb/acct_users"
 files: preproxy_usersfile =3D "/usr/local/etc/raddb/preproxy_users"
 files: compat =3D "no"

Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
 acct_unique: key =3D "User-Name, Acct-Session-Id, NAS-IP-Address,=20 Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique) Module: Loaded detail
 detail: detailfile=20
=3D "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
 detail: detailperm =3D 384
 detail: dirperm =3D 493
 detail: locking =3D no

Module: Instantiated detail (detail)
Module: Loaded radutmp 
 radutmp: filename =3D "/usr/local/var/log/radius/radutmp"
 radutmp: username =3D "%{User-Name}"
 radutmp: case_sensitive =3D yes
 radutmp: check_with_nas =3D yes
 radutmp: perm =3D 384
 radutmp: callerid =3D yes

Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 10.30.1.151:32836, id=3D114, leng= th=3D58 
        User-Name =3D "esaure"
        User-Password =3D "ric54aur"
        NAS-IP-Address =3D 255.255.255.255
        NAS-Port =3D 0

  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name =3D "esaure", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0   rlm_eap: No EAP-Message, not doing EAP   modcall[authorize]: module "eap" returns noop for request 0     users: Matched entry DEFAULT at line 154   modcall[authorize]: module "files" returns ok for request 0 rlm_pap: WARNING! No "known good" password found for the user. Authenticat= ion=20
may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns ok) for request 0   rad_check_password: Found Auth-Type System auth: type "System"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0   modcall[authenticate]: module "unix" returns notfound for request 0 modcall: leaving group authenticate (returns notfound) for request 0 auth: Failed to validate the user.
Delaying request 0 for 1 seconds
=46inished request 0

Going to the next request
=2D-- Walking the entire request list ---
Waking up in 1 seconds...
=2D-- Walking the entire request list ---
Waking up in 1 seconds...
=2D-- Walking the entire request list ---
Sending Access-Reject of id 114 to 10.30.1.151 port 32836 Waking up in 4 seconds...
=2D-- Walking the entire request list ---
Cleaning up request 0 ID 114 with timestamp 46fab901 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.30.1.151:32836, id=3D118, leng= th=3D56 
        User-Name =3D "test"
        User-Password =3D "testing"
        NAS-IP-Address =3D 255.255.255.255
        NAS-Port =3D 0

  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name =3D "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1   rlm_eap: No EAP-Message, not doing EAP   modcall[authorize]: module "eap" returns noop for request 1     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 1   modcall[authorize]: module "pap" returns updated for request 1 modcall: leaving group authorize (returns updated) for request 1   rad_check_password: Found Auth-Type pap auth: type "PAP"
  Processing the authenticate section of radiusd.conf 
modcall: entering group PAP for request 1
rlm_pap: login attempt with password testing
rlm_pap: Using clear text password "testing".
rlm_pap: User authenticated successfully
  modcall[authenticate]: module "pap" returns ok for request 1 modcall: leaving group PAP (returns ok) for request 1 Sending Access-Accept of id 118 to 10.30.1.151 port 32836
=46inished request 1

Going to the next request
=2D-- Walking the entire request list ---
Waking up in 6 seconds...
=2D-- Walking the entire request list ---
Cleaning up request 1 ID 118 with timestamp 46fab90b Nothing to do. Sleeping until we see a request.

###############
Using Windows XP this the output:
# Starting - reading configuration files ... reread_config: reading radiusd.conf 

Config:   including file: /usr/local/etc/raddb/proxy.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf

Can't find what you're looking for?X

Config:   including file: /usr/local/etc/raddb/eap.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix =3D "/usr/local"
 main: localstatedir =3D "/usr/local/var"
 main: logdir =3D "/usr/local/var/log/radius"
 main: libdir =3D "/usr/local/lib"
 main: radacctdir =3D "/usr/local/var/log/radius/radacct"
 main: hostname_lookups =3D no
 main: max_request_time =3D 30
 main: cleanup_delay =3D 5
 main: max_requests =3D 1024
 main: delete_blocked_requests =3D 0
 main: port =3D 0
 main: allow_core_dumps =3D no
 main: log_stripped_names =3D no
 main: log_file =3D "/usr/local/var/log/radius/radius.log"
 main: log_auth =3D no
 main: log_auth_badpass =3D no
 main: log_auth_goodpass =3D no
 main: pidfile =3D "/usr/local/var/run/radiusd/radiusd.pid"
 main: user =3D "radiusd"
 main: group =3D "radiusd"
 main: usercollide =3D no
 main: lower_user =3D "no"
 main: lower_pass =3D "no"
 main: nospace_user =3D "no"
 main: nospace_pass =3D "no"

 main: checkrad =3D "/usr/local/sbin/checkrad"  main: proxy_requests =3D yes 
 proxy: retry_delay =3D 5
 proxy: retry_count =3D 3
 proxy: synchronous =3D no
 proxy: default_fallback =3D yes
 proxy: dead_time =3D 120
 proxy: post_proxy_authorize =3D no
 proxy: wake_all_if_all_dead =3D no
 security: max_attributes =3D 200

 security: reject_delay =3D 1
 security: status_server =3D no
 main: debug_level =3D 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib Module: Loaded exec 
 exec: wait =3D yes
 exec: program =3D "(null)"
 exec: input_pairs =3D "request"
 exec: output_pairs =3D "(null)"
 exec: packet_type =3D "(null)"

rlm_exec: Wait=3Dyes but no output defined. Did you mean output=3Dnone? 
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP

 pap: encryption_scheme =3D "crypt"
 pap: auto_header =3D yes 
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
 mschap: use_mppe =3D no
 mschap: require_encryption =3D yes
 mschap: require_strong =3D no
 mschap: with_ntdomain_hack =3D no

 mschap: passwd =3D "(null)"
 mschap: ntlm_auth =3D "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System 
 unix: cache =3D no
 unix: passwd =3D "(null)"
 unix: shadow =3D "(null)"
 unix: group =3D "(null)"

Don't know where to look next?X

 unix: radwtmp =3D "/usr/local/var/log/radius/radwtmp"
 unix: usegroup =3D no
 unix: cache_reload =3D 600

Module: Instantiated unix (unix)
Module: Loaded eap 
 eap: default_eap_type =3D "peap"
 eap: timer_expire =3D 2147483647
 eap: ignore_unknown_eap_types =3D no
 eap: cisco_accounting_username_bug =3D no
rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap  gtc: challenge =3D "Password: "
 gtc: auth_type =3D "PAP"
rlm_eap: Loaded and initialized type gtc 
 tls: rsa_key_exchange =3D no
 tls: dh_key_exchange =3D yes
 tls: rsa_key_length =3D 512
 tls: dh_key_length =3D 512
 tls: verify_depth =3D 0
 tls: CA_path =3D "(null)"
 tls: pem_file_type =3D yes
 tls: private_key_file =3D "/usr/local/etc/raddb/certs/privandpubradius.pem"
 tls: certificate_file =3D "/usr/local/etc/raddb/certs/privandpubradius.pem"
 tls: CA_file =3D "/usr/local/etc/raddb/certs/CA/cacert.pem"
 tls: private_key_password =3D "pepito"
 tls: dh_file =3D "/usr/local/etc/raddb/certs/dh"
 tls: random_file =3D "/usr/local/etc/raddb/certs/random"
 tls: fragment_size =3D 1024
 tls: include_length =3D yes
 tls: check_crl =3D no
 tls: check_cert_cn =3D "(null)"
 tls: cipher_list =3D "(null)"
 tls: check_cert_issuer =3D "(null)"

rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls 
 peap: default_eap_type =3D "mschapv2"
 peap: copy_request_to_tunnel =3D no
 peap: use_tunneled_reply =3D no
 peap: proxy_tunneled_request_as_eap =3D yes
rlm_eap: Loaded and initialized type peap  mschapv2: with_ntdomain_hack =3D no
rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap)
Module: Loaded preprocess 
 preprocess: huntgroups =3D "/usr/local/etc/raddb/huntgroups"
 preprocess: hints =3D "/usr/local/etc/raddb/hints"
 preprocess: with_ascend_hack =3D no
 preprocess: ascend_channels_per_line =3D 23
 preprocess: with_ntdomain_hack =3D no
 preprocess: with_specialix_jetstream_hack =3D no
 preprocess: with_cisco_vsa_hack =3D no
 preprocess: with_alvarion_vsa_hack =3D no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
 realm: format =3D "suffix"
 realm: delimiter =3D "@"
 realm: ignore_default =3D no
 realm: ignore_null =3D no
Module: Instantiated realm (suffix)
Module: Loaded files

Confused? Frustrated?X

 files: usersfile =3D "/usr/local/etc/raddb/users"
 files: acctusersfile =3D "/usr/local/etc/raddb/acct_users"
 files: preproxy_usersfile =3D "/usr/local/etc/raddb/preproxy_users"
 files: compat =3D "no"

Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
 acct_unique: key =3D "User-Name, Acct-Session-Id, NAS-IP-Address,=20 Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique) Module: Loaded detail
 detail: detailfile=20
=3D "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
 detail: detailperm =3D 384
 detail: dirperm =3D 493
 detail: locking =3D no

Module: Instantiated detail (detail)
Module: Loaded radutmp 
 radutmp: filename =3D "/usr/local/var/log/radius/radutmp"
 radutmp: username =3D "%{User-Name}"
 radutmp: case_sensitive =3D yes
 radutmp: check_with_nas =3D yes
 radutmp: perm =3D 384
 radutmp: callerid =3D yes

Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 10.30.1.151:1030, id=3D49, length=
=3D98
        User-Name =3D "test"
        Calling-Station-Id =3D "00-0e-35-bf-51-18"
        EAP-Message =3D 0x020100090174657374
        Framed-MTU =3D 1287
        NAS-IP-Address =3D 192.168.1.1
        NAS-Port =3D 0
        NAS-Port-Type =3D Wireless-802.11
        Message-Authenticator =3D 0x783938e0109f4432b84399bad878bd2b
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name =3D "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0   rlm_eap: EAP packet type response id 1 length 9   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 0     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 0 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns updated) for request 0   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1

  modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 49 to 10.30.1.151 port 1030 
        EAP-Message =3D 0x010200061920
        Message-Authenticator =3D 0x00000000000000000000000000000000
        State =3D 0x84a491220515c511552ab706171613e1

=46inished request 0

Going to the next request
=2D-- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1030, id=3D50, length=
=3D187
        User-Name =3D "test"
        Calling-Station-Id =3D "00-0e-35-bf-51-18"
        EAP-Message =3D=20

0x0202005019800000004616030100410100003d030146fac439ea8581ba21eabf553c7e2be= de79d8a8b5e8050ec49018ce88e0d365e00001600040005000a000900640062000300060013= 001200630100 
        Framed-MTU =3D 1287
        NAS-IP-Address =3D 192.168.1.1
        NAS-Port =3D 0
        NAS-Port-Type =3D Wireless-802.11
        State =3D 0x84a491220515c511552ab706171613e1
        Message-Authenticator =3D 0xf94bf86181675508eb38163c3ccdb58a
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365X

  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name =3D "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1   rlm_eap: EAP packet type response id 2 length 80   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 1     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 1 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 1 modcall: leaving group authorize (returns updated) for request 1   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS

rlm_eap_tls: Length Included
  eaptls_verify returned 11
    (other): before/accept initialization     TLS_accept: before/accept initialization   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello     TLS_accept: SSLv3 read client hello A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello     TLS_accept: SSLv3 write server hello A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0323], Certificate     TLS_accept: SSLv3 write certificate A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 50 to 10.30.1.151 port 1030

        EAP-Message =3D=20 

0x010303861900160301004a02000046030146fac4f81d7c08476b0948611ad7e1d430ac48d=
e3ece9df4a2657b53903d14a420be0aa5ecc0d3b39cfa23ccc8fdf0e89ab2d8bede855333a1=
a1b3d9206783405100040016030103230b00031f00031c000319308203153082027ea003020=
102020101300d06092a864886f70d01010405003081c3310b30090603550406130241523115=
30130603550408130c4275656e6f73204169726573312b302906035504070c2243697564616=
420417574c383c2b36e6f6d61206465204275656e6f73204169726573311f301d060355040a=
1316556e6976657273696461642064652050616c65726d6f3111300f06
        EAP-Message =3D=20
0x0355040b1308496e7465726e657431193017060355040313106c616c612e70616c65726d6=
f2e6564753121301f06092a864886f70d01090116127362656c6b694070616c65726d6f2e65=
6475301e170d3037303932363139333435395a170d3038303932353139333435395a3081c33=
10b3009060355040613024152311530130603550408130c4275656e6f73204169726573312b=
302906035504070c2243697564616420417574c383c2b36e6f6d61206465204275656e6f732= 04169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d= 6f3111300f060355040b1308496e7465726e6574311930170603550403

        EAP-Message =3D=20 

0x13106c616c612e70616c65726d6f2e6564753121301f06092a864886f70d0109011612736=
2656c6b694070616c65726d6f2e65647530819f300d06092a864886f70d010101050003818d=
0030818902818100eae88c4ee5755bcff546c3a68bab7b736e6f65d8606c1aadecf6992e59f=
340adddb323e7a3400a65e50cc80d7dd9ad58d86e50755c9e7e16640cd216ce68ce368aa377=
92817f1fc9aa30a016a3ee11ef5ab0b70d75543ec1aa8786d84caa7e6fe65bd4d9717cbf419=
d04f08181a24aa3591b1254bd78c4493f7424ccce2c1f150203010001a31730153013060355=
1d25040c300a06082b06010505070301300d06092a864886f70d010104

Do you need help?X

        EAP-Message =3D=20
0x050003818100b0496218dcda605d85723a61b574fe1254e2d9a02fcc7c635099f663609b0=
e5c4507497ed3ee2b15082bdc3ad578060c015ed439a6072eb1e6f418a7a0394442afbf6465= 258a1afd677343c6a71f9a4cf79d34f28d1c074053e2f7a9de236dbe7d7ea9a2150b26643b9= 5e33f83172a0e36805e9ee185e5d2f8a914843a8647f516030100040e000000 
        Message-Authenticator =3D 0x00000000000000000000000000000000
        State =3D 0xf67d20ce350871f2a01558b626942ec1

=46inished request 1

Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1030, id=3D51, length=
=3D113
        User-Name =3D "test"
        Calling-Station-Id =3D "00-0e-35-bf-51-18"
        EAP-Message =3D 0x020300061900
        Framed-MTU =3D 1287
        NAS-IP-Address =3D 192.168.1.1
        NAS-Port =3D 0
        NAS-Port-Type =3D Wireless-802.11
        State =3D 0xf67d20ce350871f2a01558b626942ec1
        Message-Authenticator =3D 0xff8212d6d6cf53f90aa029b7e1750412
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 
  modcall[authorize]: module "preprocess" returns ok for request 2
  modcall[authorize]: module "chap" returns noop for request 2
  modcall[authorize]: module "mschap" returns noop for request 2
    rlm_realm: No '@' in User-Name =3D "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 2   rlm_eap: EAP packet type response id 3 length 6   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 2     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 2 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 2 modcall: leaving group authorize (returns updated) for request 2   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS

rlm_eap_tls: Received EAP-TLS ACK message   rlm_eap_tls: ack handshake fragment handler   eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 51 to 10.30.1.151 port 1030 
        EAP-Message =3D 0x010400061900
        Message-Authenticator =3D 0x00000000000000000000000000000000
        State =3D 0x6718a187125536104c34d39a67d872ae

=46inished request 2

Going to the next request
Waking up in 6 seconds...
=2D-- Walking the entire request list ---
Cleaning up request 0 ID 49 with timestamp 46fac4f8 Cleaning up request 1 ID 50 with timestamp 46fac4f8 Cleaning up request 2 ID 51 with timestamp 46fac4f8 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.30.1.151:1030, id=3D52, length=
=3D98
        User-Name =3D "test"
        Calling-Station-Id =3D "00-0e-35-bf-51-18"
        EAP-Message =3D 0x020100090174657374
        Framed-MTU =3D 1287
        NAS-IP-Address =3D 192.168.1.1
        NAS-Port =3D 0
        NAS-Port-Type =3D Wireless-802.11
        Message-Authenticator =3D 0xa50d51122cbcbca9b42f183e87bcf2ff
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 
  modcall[authorize]: module "preprocess" returns ok for request 3
  modcall[authorize]: module "chap" returns noop for request 3
  modcall[authorize]: module "mschap" returns noop for request 3
    rlm_realm: No '@' in User-Name =3D "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 3   rlm_eap: EAP packet type response id 1 length 9   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 3     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 3 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 3 modcall: leaving group authorize (returns updated) for request 3   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1

Do you need more help?X

  modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 52 to 10.30.1.151 port 1030 
        EAP-Message =3D 0x010200061920
        Message-Authenticator =3D 0x00000000000000000000000000000000
        State =3D 0xf2f11f2363c9058735a8cf115c21579b

=46inished request 3

Going to the next request
=2D-- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1030, id=3D53, length=
=3D187
        User-Name =3D "test"
        Calling-Station-Id =3D "00-0e-35-bf-51-18"
        EAP-Message =3D=20

0x0202005019800000004616030100410100003d030146fac440ecd88b50f115a021416ea93= ede6ca1ae6530c8aeee1359ebe421693700001600040005000a000900640062000300060013= 001200630100 
        Framed-MTU =3D 1287
        NAS-IP-Address =3D 192.168.1.1
        NAS-Port =3D 0
        NAS-Port-Type =3D Wireless-802.11
        State =3D 0xf2f11f2363c9058735a8cf115c21579b
        Message-Authenticator =3D 0x6a66b60b4c1c090bd1fefdb7af34f958
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 
  modcall[authorize]: module "preprocess" returns ok for request 4
  modcall[authorize]: module "chap" returns noop for request 4
  modcall[authorize]: module "mschap" returns noop for request 4
    rlm_realm: No '@' in User-Name =3D "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 4   rlm_eap: EAP packet type response id 2 length 80   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 4     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 4 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 4 modcall: leaving group authorize (returns updated) for request 4   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS

rlm_eap_tls: Length Included
  eaptls_verify returned 11
    (other): before/accept initialization     TLS_accept: before/accept initialization   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello     TLS_accept: SSLv3 read client hello A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello     TLS_accept: SSLv3 write server hello A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0323], Certificate     TLS_accept: SSLv3 write certificate A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 53 to 10.30.1.151 port 1030

        EAP-Message =3D=20 

0x010303861900160301004a02000046030146fac4feae310afd57f4d452d3ca2c1b9ade58d=
f6c5ef678849403348d9434a920d2ca33e32297851bbec15b48031db583cad63e4e78827d50=
403ff35a801aa36200040016030103230b00031f00031c000319308203153082027ea003020=
102020101300d06092a864886f70d01010405003081c3310b30090603550406130241523115=
30130603550408130c4275656e6f73204169726573312b302906035504070c2243697564616=
420417574c383c2b36e6f6d61206465204275656e6f73204169726573311f301d060355040a=
1316556e6976657273696461642064652050616c65726d6f3111300f06
        EAP-Message =3D=20
0x0355040b1308496e7465726e657431193017060355040313106c616c612e70616c65726d6=
f2e6564753121301f06092a864886f70d01090116127362656c6b694070616c65726d6f2e65=
6475301e170d3037303932363139333435395a170d3038303932353139333435395a3081c33=

Can we help you?X

10b3009060355040613024152311530130603550408130c4275656e6f73204169726573312b=
302906035504070c2243697564616420417574c383c2b36e6f6d61206465204275656e6f732= 04169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d= 6f3111300f060355040b1308496e7465726e6574311930170603550403

        EAP-Message =3D=20 

0x13106c616c612e70616c65726d6f2e6564753121301f06092a864886f70d0109011612736=
2656c6b694070616c65726d6f2e65647530819f300d06092a864886f70d010101050003818d=
0030818902818100eae88c4ee5755bcff546c3a68bab7b736e6f65d8606c1aadecf6992e59f=
340adddb323e7a3400a65e50cc80d7dd9ad58d86e50755c9e7e16640cd216ce68ce368aa377=
92817f1fc9aa30a016a3ee11ef5ab0b70d75543ec1aa8786d84caa7e6fe65bd4d9717cbf419=
d04f08181a24aa3591b1254bd78c4493f7424ccce2c1f150203010001a31730153013060355=
1d25040c300a06082b06010505070301300d06092a864886f70d010104
        EAP-Message =3D=20
0x050003818100b0496218dcda605d85723a61b574fe1254e2d9a02fcc7c635099f663609b0=
e5c4507497ed3ee2b15082bdc3ad578060c015ed439a6072eb1e6f418a7a0394442afbf6465= 258a1afd677343c6a71f9a4cf79d34f28d1c074053e2f7a9de236dbe7d7ea9a2150b26643b9= 5e33f83172a0e36805e9ee185e5d2f8a914843a8647f516030100040e000000 
        Message-Authenticator =3D 0x00000000000000000000000000000000
        State =3D 0x686966e2c087d527da96cedec3d51618

=46inished request 4

Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1030, id=3D54, length=
=3D113
        User-Name =3D "test"
        Calling-Station-Id =3D "00-0e-35-bf-51-18"
        EAP-Message =3D 0x020300061900
        Framed-MTU =3D 1287
        NAS-IP-Address =3D 192.168.1.1
        NAS-Port =3D 0
        NAS-Port-Type =3D Wireless-802.11
        State =3D 0x686966e2c087d527da96cedec3d51618
        Message-Authenticator =3D 0xefee4d42ec5b5f3d2df4736ac0549665
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 
  modcall[authorize]: module "preprocess" returns ok for request 5
  modcall[authorize]: module "chap" returns noop for request 5
  modcall[authorize]: module "mschap" returns noop for request 5
    rlm_realm: No '@' in User-Name =3D "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 5   rlm_eap: EAP packet type response id 3 length 6   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 5     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 5 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 5 modcall: leaving group authorize (returns updated) for request 5   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS

rlm_eap_tls: Received EAP-TLS ACK message   rlm_eap_tls: ack handshake fragment handler   eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 54 to 10.30.1.151 port 1030 
        EAP-Message =3D 0x010400061900
        Message-Authenticator =3D 0x00000000000000000000000000000000
        State =3D 0xbbcbe3c8e9f43cc41e8360e599a5e6fa

Don't know where to look next?X

=46inished request 5

Going to the next request
=2D-- Walking the entire request list ---
Waking up in 5 seconds...
=2D-- Walking the entire request list ---
Cleaning up request 3 ID 52 with timestamp 46fac4fe Cleaning up request 4 ID 53 with timestamp 46fac4fe Waking up in 1 seconds...
=2D-- Walking the entire request list ---
Cleaning up request 5 ID 54 with timestamp 46fac4ff Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.30.1.151:1030, id=3D55, length=
=3D98
        User-Name =3D "test"
        Calling-Station-Id =3D "00-0e-35-bf-51-18"
        EAP-Message =3D 0x020100090174657374
        Framed-MTU =3D 1287
        NAS-IP-Address =3D 192.168.1.1
        NAS-Port =3D 0
        NAS-Port-Type =3D Wireless-802.11
        Message-Authenticator =3D 0x9917ffe1cd380b71e40ed91da13f7fc1
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 
  modcall[authorize]: module "preprocess" returns ok for request 6
  modcall[authorize]: module "chap" returns noop for request 6
  modcall[authorize]: module "mschap" returns noop for request 6
    rlm_realm: No '@' in User-Name =3D "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 6   rlm_eap: EAP packet type response id 1 length 9   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 6     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 6 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 6 modcall: leaving group authorize (returns updated) for request 6   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1

  modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 55 to 10.30.1.151 port 1030 
        EAP-Message =3D 0x010200061920
        Message-Authenticator =3D 0x00000000000000000000000000000000
        State =3D 0x0335900dbfb1bdd2b0c17674b7db419b

=46inished request 6

Going to the next request
=2D-- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1030, id=3D56, length=
=3D187
        User-Name =3D "test"
        Calling-Station-Id =3D "00-0e-35-bf-51-18"
        EAP-Message =3D=20

0x0202005019800000004616030100410100003d030146fac4468988f6080cf3248a01b110b= 6d0700b5487d62a114569b3a3dbf139eb00001600040005000a000900640062000300060013= 001200630100 
        Framed-MTU =3D 1287
        NAS-IP-Address =3D 192.168.1.1
        NAS-Port =3D 0
        NAS-Port-Type =3D Wireless-802.11
        State =3D 0x0335900dbfb1bdd2b0c17674b7db419b
        Message-Authenticator =3D 0xd856025ba1d1a5bddc8181150745851a
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 
  modcall[authorize]: module "preprocess" returns ok for request 7
  modcall[authorize]: module "chap" returns noop for request 7
  modcall[authorize]: module "mschap" returns noop for request 7
    rlm_realm: No '@' in User-Name =3D "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 7   rlm_eap: EAP packet type response id 2 length 80   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 7     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 7 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 7 modcall: leaving group authorize (returns updated) for request 7   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS

rlm_eap_tls: Length Included
  eaptls_verify returned 11
    (other): before/accept initialization     TLS_accept: before/accept initialization   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello     TLS_accept: SSLv3 read client hello A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello     TLS_accept: SSLv3 write server hello A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0323], Certificate     TLS_accept: SSLv3 write certificate A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 7 modcall: leaving group authenticate (returns handled) for request 7 Sending Access-Challenge of id 56 to 10.30.1.151 port 1030
Can't find what you're looking for?X

        EAP-Message =3D=20 

0x010303861900160301004a02000046030146fac50534eb4850570c0325e3c7f6246748938=

Confused? Frustrated?X

e0249450ac708cd04fe50d068206336c683e84a2a2eaaaaebafdc7416f0891727fae17795cd=
c92267e5035a75e200040016030103230b00031f00031c000319308203153082027ea003020=
102020101300d06092a864886f70d01010405003081c3310b30090603550406130241523115=
30130603550408130c4275656e6f73204169726573312b302906035504070c2243697564616=
420417574c383c2b36e6f6d61206465204275656e6f73204169726573311f301d060355040a=
1316556e6976657273696461642064652050616c65726d6f3111300f06
        EAP-Message =3D=20
0x0355040b1308496e7465726e657431193017060355040313106c616c612e70616c65726d6=
f2e6564753121301f06092a864886f70d01090116127362656c6b694070616c65726d6f2e65=
6475301e170d3037303932363139333435395a170d3038303932353139333435395a3081c33=
10b3009060355040613024152311530130603550408130c4275656e6f73204169726573312b=
302906035504070c2243697564616420417574c383c2b36e6f6d61206465204275656e6f732= 04169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d= 6f3111300f060355040b1308496e7465726e6574311930170603550403

        EAP-Message =3D=20 

0x13106c616c612e70616c65726d6f2e6564753121301f06092a864886f70d0109011612736=
2656c6b694070616c65726d6f2e65647530819f300d06092a864886f70d010101050003818d=
0030818902818100eae88c4ee5755bcff546c3a68bab7b736e6f65d8606c1aadecf6992e59f=
340adddb323e7a3400a65e50cc80d7dd9ad58d86e50755c9e7e16640cd216ce68ce368aa377=
92817f1fc9aa30a016a3ee11ef5ab0b70d75543ec1aa8786d84caa7e6fe65bd4d9717cbf419=
d04f08181a24aa3591b1254bd78c4493f7424ccce2c1f150203010001a31730153013060355=
1d25040c300a06082b06010505070301300d06092a864886f70d010104
        EAP-Message =3D=20
0x050003818100b0496218dcda605d85723a61b574fe1254e2d9a02fcc7c635099f663609b0=
e5c4507497ed3ee2b15082bdc3ad578060c015ed439a6072eb1e6f418a7a0394442afbf6465= 258a1afd677343c6a71f9a4cf79d34f28d1c074053e2f7a9de236dbe7d7ea9a2150b26643b9= 5e33f83172a0e36805e9ee185e5d2f8a914843a8647f516030100040e000000 
        Message-Authenticator =3D 0x00000000000000000000000000000000
        State =3D 0xb877e283342bd8b279df59890c6bf865

=46inished request 7

Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1030, id=3D57, length=
=3D113
        User-Name =3D "test"
        Calling-Station-Id =3D "00-0e-35-bf-51-18"
        EAP-Message =3D 0x020300061900
        Framed-MTU =3D 1287
        NAS-IP-Address =3D 192.168.1.1
        NAS-Port =3D 0

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365X

        NAS-Port-Type =3D Wireless-802.11
        State =3D 0xb877e283342bd8b279df59890c6bf865
        Message-Authenticator =3D 0xbf5b398977c45e8cf03ee239066a4c22
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 
  modcall[authorize]: module "preprocess" returns ok for request 8
  modcall[authorize]: module "chap" returns noop for request 8
  modcall[authorize]: module "mschap" returns noop for request 8
    rlm_realm: No '@' in User-Name =3D "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 8   rlm_eap: EAP packet type response id 3 length 6   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 8     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 8 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 8 modcall: leaving group authorize (returns updated) for request 8   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS

rlm_eap_tls: Received EAP-TLS ACK message   rlm_eap_tls: ack handshake fragment handler   eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 8 modcall: leaving group authenticate (returns handled) for request 8 Sending Access-Challenge of id 57 to 10.30.1.151 port 1030 
        EAP-Message =3D 0x010400061900
        Message-Authenticator =3D 0x00000000000000000000000000000000
        State =3D 0x869911e557010be04e131fecf32148c2

=46inished request 8

Going to the next request
Waking up in 6 seconds...
=2D-- Walking the entire request list ---
Cleaning up request 6 ID 55 with timestamp 46fac505 Cleaning up request 7 ID 56 with timestamp 46fac505 Cleaning up request 8 ID 57 with timestamp 46fac505 Nothing to do. Sleeping until we see a request.

Config Files:

######
radiusd.conf
#######

prefix =3D /usr/local
exec_prefix =3D ${prefix}
sysconfdir =3D ${prefix}/etc
localstatedir =3D ${prefix}/var
sbindir =3D ${exec_prefix}/sbin
logdir =3D ${localstatedir}/log/radius
raddbdir =3D ${sysconfdir}/raddb
radacctdir =3D ${logdir}/radacct
confdir =3D ${raddbdir}
run_dir =3D ${localstatedir}/run/radiusd log_file =3D ${logdir}/radius.log
libdir =3D ${exec_prefix}/lib
pidfile =3D ${run_dir}/radiusd.pid
user =3D radiusd
group =3D radiusd
max_request_time =3D 30
delete_blocked_requests =3D no
cleanup_delay =3D 5
max_requests =3D 1024
bind_address =3D *
port =3D 0
hostname_lookups =3D no
allow_core_dumps =3D no 

regular_expressions	=3D yes
extended_expressions	=3D yes
log_stripped_names =3D no
log_auth =3D no

log_auth_badpass =3D no
log_auth_goodpass =3D no
usercollide =3D no
lower_user =3D no
lower_pass =3D no
nospace_user =3D no
nospace_pass =3D no
checkrad =3D ${sbindir}/checkrad
security { 
	max_attributes =3D 200
	reject_delay =3D 1
	status_server =3D no

}
proxy_requests =3D yes
$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
snmp =3D no
$INCLUDE ${confdir}/snmp.conf
thread pool { 
	start_servers =3D 5
	max_servers =3D 32
	min_spare_servers =3D 3
	max_spare_servers =3D 10
	max_requests_per_server =3D 0

}
modules { 
	pap {
		auto_header =3D yes
	}
	chap {
		authtype =3D CHAP
	}
	pam {
		pam_auth =3D radiusd
	}
	unix {
		cache =3D no
		cache_reload =3D 600
		radwtmp =3D ${logdir}/radwtmp
	}
$INCLUDE ${confdir}/eap.conf
	mschap {
		use_mppe =3D no
		require_encryption =3D yes
	}
	ldap {
		server =3D "ldap.your.domain"
		basedn =3D "o=3DMy Org,c=3DUA"
		filter =3D "(uid=3D%{Stripped-User-Name:-%{User-Name}})"
		start_tls =3D no
		access_attr =3D "dialupAccess"
		dictionary_mapping =3D ${raddbdir}/ldap.attrmap
		ldap_connections_number =3D 5
		edir_account_policy_check=3Dno
		timeout =3D 4
		timelimit =3D 3
		net_timeout =3D 1
	}
	realm IPASS {
		format =3D prefix
		delimiter =3D "/"
		ignore_default =3D no
		ignore_null =3D no
	}
	realm suffix {
		format =3D suffix
		delimiter =3D "@"
		ignore_default =3D no

Do you need help?X

		ignore_null =3D no
	}
	realm realmpercent {
		format =3D suffix
		delimiter =3D "%"
		ignore_default =3D no
		ignore_null =3D no
	}
	realm ntdomain {
		format =3D prefix
		delimiter =3D "\\"
		ignore_default =3D no
		ignore_null =3D no
	}=09
	checkval {
		item-name =3D Calling-Station-Id
		check-name =3D Calling-Station-Id
		data-type =3D string
	}

=09

	preprocess {
		huntgroups =3D ${confdir}/huntgroups
		hints =3D ${confdir}/hints
		with_ascend_hack =3D no
		ascend_channels_per_line =3D 23
		with_ntdomain_hack =3D no
		with_specialix_jetstream_hack =3D no
		with_cisco_vsa_hack =3D no
	}
	files {
		usersfile =3D ${confdir}/users
		acctusersfile =3D ${confdir}/acct_users
		preproxy_usersfile =3D ${confdir}/preproxy_users
		compat =3D no
	}
	detail {
		detailfile =3D ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
		detailperm =3D 0600
	}
	acct_unique {
		key =3D "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,=20
NAS-Port"
	}
	$INCLUDE  ${confdir}/sql.conf

=09

	radutmp {
		filename =3D ${logdir}/radutmp
		username =3D %{User-Name}
		case_sensitive =3D yes
		check_with_nas =3D yes	=09
		perm =3D 0600
		callerid =3D "yes"
	}
	radutmp sradutmp {
		filename =3D ${logdir}/sradutmp
		perm =3D 0644
		callerid =3D "no"
	}
	attr_filter {
		attrsfile =3D ${confdir}/attrs
	}
	counter daily {
		filename =3D ${raddbdir}/db.daily
		key =3D User-Name
		count-attribute =3D Acct-Session-Time
		reset =3D daily
		counter-name =3D Daily-Session-Time
		check-name =3D Max-Daily-Session
		allowed-servicetype =3D Framed-User
		cache-size =3D 5000
	}
	sqlcounter dailycounter {
		counter-name =3D Daily-Session-Time
		check-name =3D Max-Daily-Session
		reply-name =3D Session-Timeout
		sqlmod-inst =3D sql
		key =3D User-Name
		reset =3D daily
		query =3D "SELECT SUM(AcctSessionTime - \

Do you need more help?X

                 GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
                 FROM radacct WHERE UserName=3D'%{%k}' AND \
                 UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
	}
	sqlcounter monthlycounter {
		counter-name =3D Monthly-Session-Time
		check-name =3D Max-Monthly-Session
		reply-name =3D Session-Timeout
		sqlmod-inst =3D sql
		key =3D User-Name
		reset =3D monthly
		query =3D "SELECT SUM(AcctSessionTime - \
                 GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
                 FROM radacct WHERE UserName=3D'%{%k}' AND \
                 UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
	}
	always fail {
		rcode =3D fail
	}
	always reject {
		rcode =3D reject
	}
	always ok {
		rcode =3D ok
		simulcount =3D 0
		mpp =3D no
	}
	expr {
	}
	digest {
	}
	exec {
		wait =3D yes
		input_pairs =3D request
	}
	exec echo {
		wait =3D yes
		program =3D "/bin/echo %{User-Name}"
		input_pairs =3D request
		output_pairs =3D reply
	}
	ippool main_pool {
		range-start =3D 192.168.1.1
		range-stop =3D 192.168.3.254
		netmask =3D 255.255.255.0
		cache-size =3D 800
		session-db =3D ${raddbdir}/db.ippool
		ip-index =3D ${raddbdir}/db.ipindex
		override =3D no
		maximum-timeout =3D 0
	}

}
instantiate { 
	exec
	expr

}
authorize {

        preprocess
=09

	chap
	mschap
	suffix
	eap
	files
	pap

}
authenticate { 
	Auth-Type PAP {
		pap
	}
	Auth-Type CHAP {
		chap
	}
	Auth-Type MS-CHAP {
		mschap
	}
	unix
	eap

}
preacct { 
	preprocess
	acct_unique
	suffix
	files

}
accounting { 
	detail
	unix
	radutmp

}
session {

        radutmp
}
post-auth {
}
pre-proxy {
}
post-proxy {

        eap
}
#######
eap.conf
####### 

test	Cleartext-Password :=3D "testing"
DEFAULT	Auth-Type =3D System
	Fall-Through =3D 1
DEFAULT	Service-Type =3D=3D Framed-User
	Framed-IP-Address =3D 255.255.255.254,
	Framed-MTU =3D 576,
	Service-Type =3D Framed-User,
	Fall-Through =3D Yes
DEFAULT	Framed-Protocol =3D=3D PPP
	Framed-Protocol =3D PPP,
	Framed-Compression =3D Van-Jacobson-TCP-IP

Can't find what you're looking for?X

DEFAULT	Hint =3D=3D "CSLIP"
	Framed-Protocol =3D SLIP,
	Framed-Compression =3D Van-Jacobson-TCP-IP
DEFAULT	Hint =3D=3D "SLIP"
	Framed-Protocol =3D SLIP
Can we help you?X

#########
eap.conf
######### 

	eap {
		default_eap_type =3D peap
		timer_expire     =3D 6000000000
		ignore_unknown_eap_types =3D no
		cisco_accounting_username_bug =3D no
		md5 {
		}
		leap {
		}
		gtc {
			auth_type =3D PAP
		}
		tls {
			private_key_password =3D pepito
			private_key_file =3D ${raddbdir}/certs/privandpubradius.pem
			certificate_file =3D ${raddbdir}/certs/privandpubradius.pem
			CA_file =3D ${raddbdir}/certs/CA/cacert.pem
			dh_file =3D ${raddbdir}/certs/dh
			random_file =3D ${raddbdir}/certs/random
		}
		 peap {
			default_eap_type =3D mschapv2
		}
		mschapv2 {
		}
	}

#########
 Output when using Linux supplicant: 

################                                                       =20
rad_recv: Access-Request packet from host 10.30.1.151:1030, id=3D58, length=
=3D98
        User-Name =3D "test"
        Calling-Station-Id =3D "00-0e-35-bf-51-18"
        EAP-Message =3D 0x020100090174657374
        Framed-MTU =3D 1287
        NAS-IP-Address =3D 192.168.1.1
        NAS-Port =3D 0
        NAS-Port-Type =3D Wireless-802.11
        Message-Authenticator =3D 0x1fb2a16573be8af3a6d5ac9c59ef92db
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 
  modcall[authorize]: module "preprocess" returns ok for request 9
  modcall[authorize]: module "chap" returns noop for request 9
  modcall[authorize]: module "mschap" returns noop for request 9
    rlm_realm: No '@' in User-Name =3D "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 9   rlm_eap: EAP packet type response id 1 length 9   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 9     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 9 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 9 modcall: leaving group authorize (returns updated) for request 9   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1

  modcall[authenticate]: module "eap" returns handled for request 9 modcall: leaving group authenticate (returns handled) for request 9 Sending Access-Challenge of id 58 to 10.30.1.151 port 1030 
        EAP-Message =3D 0x010200061920
        Message-Authenticator =3D 0x00000000000000000000000000000000
        State =3D 0x1a1d3ba592915afdf20265d5bb6c7465

=46inished request 9

Going to the next request
=2D-- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1030, id=3D59, length=
=3D200
        User-Name =3D "test"
        Calling-Station-Id =3D "00-0e-35-bf-51-18"
        EAP-Message =3D=20

0x0202005d190016030100520100004e030146fac7de8347c7d2fceb438f22f51dcde2c6195= 3096e9a37753b9d4a649e0cee00002600390038003500160013000a00330032002f00050004= 00150012000900140011000800060003020100 
        Framed-MTU =3D 1287
        NAS-IP-Address =3D 192.168.1.1

Don't know where to look next?X

        NAS-Port =3D 0
        NAS-Port-Type =3D Wireless-802.11
        State =3D 0x1a1d3ba592915afdf20265d5bb6c7465
        Message-Authenticator =3D 0x903c36b969609a7633037b48094f00b9
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 10 
  modcall[authorize]: module "preprocess" returns ok for request 10
  modcall[authorize]: module "chap" returns noop for request 10
  modcall[authorize]: module "mschap" returns noop for request 10
    rlm_realm: No '@' in User-Name =3D "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 10   rlm_eap: EAP packet type response id 2 length 93   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 10     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 10 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 10 modcall: leaving group authorize (returns updated) for request 10   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 10 
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS

  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
    (other): before/accept initialization     TLS_accept: before/accept initialization   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0052], ClientHello     TLS_accept: SSLv3 read client hello A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello     TLS_accept: SSLv3 write server hello A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0323], Certificate     TLS_accept: SSLv3 write certificate A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 010d], ServerKeyExchange     TLS_accept: SSLv3 write key exchange A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 10 modcall: leaving group authenticate (returns handled) for request 10 Sending Access-Challenge of id 59 to 10.30.1.151 port 1030

        EAP-Message =3D=20 

0x0103040a19c000000492160301004a02000046030146fac8811f6b21a7e9d3f8a681c0f24=
e10745b0ad3b21d531b991ea628630eed20b2e785e58cd451052eae3eb8af543ca4b7a6c94e=
f0d0e2bfe98933776153425900390016030103230b00031f00031c000319308203153082027=
ea003020102020101300d06092a864886f70d01010405003081c3310b300906035504061302=
4152311530130603550408130c4275656e6f73204169726573312b302906035504070c22436=
97564616420417574c383c2b36e6f6d61206465204275656e6f73204169726573311f301d06=
0355040a1316556e6976657273696461642064652050616c65726d6f31
        EAP-Message =3D=20
0x11300f060355040b1308496e7465726e657431193017060355040313106c616c612e70616=
c65726d6f2e6564753121301f06092a864886f70d01090116127362656c6b694070616c6572=
6d6f2e656475301e170d3037303932363139333435395a170d3038303932353139333435395=
a3081c3310b3009060355040613024152311530130603550408130c4275656e6f7320416972=
6573312b302906035504070c224369