Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: lists.debian.org > debian-user > 07 > 0910065.html (Request Expert lists.debian.org Support)

OT: Problems with radiusd and EAP-PEAP

From: Sergio Belkin <sebelk(at)gmail.com>
Date: Sun Sep 30 2007 - 22:40:35 EDT


Hi community (sorry for the OT)
I keep trying in order to radius authenticate and authorize users from XP. I have a very simple configuration, only a "plain user". Please bear in mind that I've just read
http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#PEAP_or_EAP-TLS_Doesn.27t_Work_with_a_Windows_machine. I've put xpextensions file in the same directory that openssl.cnf. I've imported cacert.pem both Windows XP and Linux too. (Linux is an Ubuntu 7.04)

I feel like a fool because I can't solve this problem being and server so easy to configure it... I've even read some RFC, but I couldn't find the problem

The Access Point es a Linksys WAP54G.

Please could you help me?

##########
radtest output:

Starting - reading configuration files ... reread_config: reading radiusd.conf 

Config:   including file: /usr/local/etc/raddb/proxy.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/eap.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/usr/local/var"
 main: logdir = "/usr/local/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir = "/usr/local/var/log/radius/radacct"
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/usr/local/var/log/radius/radius.log"
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
 main: user = "radiusd"
 main: group = "radiusd"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"

 main: checkrad = "/usr/local/sbin/checkrad"  main: proxy_requests = yes 
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = no
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200

 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib Module: Loaded exec 
 exec: wait = yes
 exec: program = "(null)"
 exec: input_pairs = "request"
 exec: output_pairs = "(null)"
 exec: packet_type = "(null)"

rlm_exec: Wait=yes but no output defined. Did you mean output=none? 
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP

 pap: encryption_scheme = "crypt"
 pap: auto_header = yes 
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
 mschap: use_mppe = yes
 mschap: require_encryption = no
 mschap: require_strong = no
 mschap: with_ntdomain_hack = no

 mschap: passwd = "(null)"
 mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System 
 unix: cache = no

Do you need help?X

 unix: passwd = "(null)"
 unix: shadow = "(null)"
 unix: group = "(null)"
 unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
 unix: usegroup = no
 unix: cache_reload = 600

Module: Instantiated unix (unix)
Module: Loaded eap 
 eap: default_eap_type = "peap"
 eap: timer_expire = 2147483647
 eap: ignore_unknown_eap_types = no
 eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap  gtc: challenge = "Password: "
 gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc 
 tls: rsa_key_exchange = no
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 512
 tls: dh_key_length = 512
 tls: verify_depth = 0
 tls: CA_path = "(null)"
 tls: pem_file_type = yes
 tls: private_key_file = "/usr/local/etc/raddb/certs/privandpubradius.pem"
 tls: certificate_file = "/usr/local/etc/raddb/certs/privandpubradius.pem"
 tls: CA_file = "/usr/local/etc/raddb/certs/CA/cacert.pem"
 tls: private_key_password = "pepito"
 tls: dh_file = "/usr/local/etc/raddb/certs/dh"
 tls: random_file = "/usr/local/etc/raddb/certs/random"
 tls: fragment_size = 1024
 tls: include_length = yes
 tls: check_crl = no
 tls: check_cert_cn = "(null)"
 tls: cipher_list = "(null)"
 tls: check_cert_issuer = "(null)"

rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls 
 peap: default_eap_type = "mschapv2"
 peap: copy_request_to_tunnel = no
 peap: use_tunneled_reply = no
 peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap  mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap)
Module: Loaded preprocess 
 preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
 preprocess: hints = "/usr/local/etc/raddb/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
 preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
 realm: format = "suffix"
 realm: delimiter = "@"
 realm: ignore_default = no
 realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
 files: usersfile = "/usr/local/etc/raddb/users"

Do you need more help?X

 files: acctusersfile = "/usr/local/etc/raddb/acct_users"
 files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
 files: compat = "no"

Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
 acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique) Module: Loaded detail
 detail: detailfile
= "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" 
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no

Module: Instantiated detail (detail)
Module: Loaded radutmp 
 radutmp: filename = "/usr/local/var/log/radius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: case_sensitive = yes
 radutmp: check_with_nas = yes
 radutmp: perm = 384
 radutmp: callerid = yes

Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 10.30.1.151:32836, id=114, length=58 
        User-Name = "esaure"
        User-Password = "ric54aur"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0

  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "esaure", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0   rlm_eap: No EAP-Message, not doing EAP   modcall[authorize]: module "eap" returns noop for request 0     users: Matched entry DEFAULT at line 154   modcall[authorize]: module "files" returns ok for request 0 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns ok) for request 0   rad_check_password: Found Auth-Type System auth: type "System"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0   modcall[authenticate]: module "unix" returns notfound for request 0 modcall: leaving group authenticate (returns notfound) for request 0 auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---

Waking up in 1 seconds...
--- Walking the entire request list ---

Waking up in 1 seconds...
--- Walking the entire request list ---

Sending Access-Reject of id 114 to 10.30.1.151 port 32836 Waking up in 4 seconds...
--- Walking the entire request list ---

Cleaning up request 0 ID 114 with timestamp 46fab901 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.30.1.151:32836, id=118, length=56 
        User-Name = "test"
        User-Password = "testing"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0

  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1   rlm_eap: No EAP-Message, not doing EAP   modcall[authorize]: module "eap" returns noop for request 1     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 1   modcall[authorize]: module "pap" returns updated for request 1 modcall: leaving group authorize (returns updated) for request 1   rad_check_password: Found Auth-Type pap auth: type "PAP"
  Processing the authenticate section of radiusd.conf 
modcall: entering group PAP for request 1
rlm_pap: login attempt with password testing
rlm_pap: Using clear text password "testing".
rlm_pap: User authenticated successfully
  modcall[authenticate]: module "pap" returns ok for request 1 modcall: leaving group PAP (returns ok) for request 1 Sending Access-Accept of id 118 to 10.30.1.151 port 32836 Finished request 1
Going to the next request
--- Walking the entire request list ---

Waking up in 6 seconds...
--- Walking the entire request list ---

Cleaning up request 1 ID 118 with timestamp 46fab90b Nothing to do. Sleeping until we see a request.

###############
Using Windows XP this the output:
# Starting - reading configuration files ... reread_config: reading radiusd.conf 

Config:   including file: /usr/local/etc/raddb/proxy.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/eap.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/usr/local/var"
 main: logdir = "/usr/local/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir = "/usr/local/var/log/radius/radacct"
 main: hostname_lookups = no
 main: max_request_time = 30

Can we help you?X

 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/usr/local/var/log/radius/radius.log"
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
 main: user = "radiusd"
 main: group = "radiusd"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"

 main: checkrad = "/usr/local/sbin/checkrad"  main: proxy_requests = yes 
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = no
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200

 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib Module: Loaded exec 
 exec: wait = yes
 exec: program = "(null)"
 exec: input_pairs = "request"
 exec: output_pairs = "(null)"
 exec: packet_type = "(null)"

rlm_exec: Wait=yes but no output defined. Did you mean output=none? 
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP

 pap: encryption_scheme = "crypt"
 pap: auto_header = yes 
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
 mschap: use_mppe = no
 mschap: require_encryption = yes
 mschap: require_strong = no
 mschap: with_ntdomain_hack = no

 mschap: passwd = "(null)"
 mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System 
 unix: cache = no
 unix: passwd = "(null)"
 unix: shadow = "(null)"
 unix: group = "(null)"
 unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
 unix: usegroup = no
 unix: cache_reload = 600

Module: Instantiated unix (unix)
Module: Loaded eap 
 eap: default_eap_type = "peap"
 eap: timer_expire = 2147483647
 eap: ignore_unknown_eap_types = no
 eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap  gtc: challenge = "Password: "
 gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc 
 tls: rsa_key_exchange = no
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 512
 tls: dh_key_length = 512
 tls: verify_depth = 0
 tls: CA_path = "(null)"
 tls: pem_file_type = yes
 tls: private_key_file = "/usr/local/etc/raddb/certs/privandpubradius.pem"

Can't find what you're looking for?X

 tls: certificate_file = "/usr/local/etc/raddb/certs/privandpubradius.pem"
 tls: CA_file = "/usr/local/etc/raddb/certs/CA/cacert.pem"
 tls: private_key_password = "pepito"
 tls: dh_file = "/usr/local/etc/raddb/certs/dh"
 tls: random_file = "/usr/local/etc/raddb/certs/random"
 tls: fragment_size = 1024
 tls: include_length = yes
 tls: check_crl = no
 tls: check_cert_cn = "(null)"
 tls: cipher_list = "(null)"
 tls: check_cert_issuer = "(null)"

rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls 
 peap: default_eap_type = "mschapv2"
 peap: copy_request_to_tunnel = no
 peap: use_tunneled_reply = no
 peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap  mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap)
Module: Loaded preprocess 
 preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
 preprocess: hints = "/usr/local/etc/raddb/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
 preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
 realm: format = "suffix"
 realm: delimiter = "@"
 realm: ignore_default = no
 realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
 files: usersfile = "/usr/local/etc/raddb/users"
 files: acctusersfile = "/usr/local/etc/raddb/acct_users"
 files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
 files: compat = "no"

Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
 acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique) Module: Loaded detail
 detail: detailfile
= "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" 
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no

Module: Instantiated detail (detail)
Module: Loaded radutmp 
 radutmp: filename = "/usr/local/var/log/radius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: case_sensitive = yes
 radutmp: check_with_nas = yes
 radutmp: perm = 384
 radutmp: callerid = yes

Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 10.30.1.151:1030, id=49, length=98 
        User-Name = "test"
        Calling-Station-Id = "00-0e-35-bf-51-18"
        EAP-Message = 0x020100090174657374

Don't know where to look next?X

        Framed-MTU = 1287
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        NAS-Port-Type = Wireless-802.11
        Message-Authenticator = 0x783938e0109f4432b84399bad878bd2b
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0   rlm_eap: EAP packet type response id 1 length 9   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 0     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 0 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns updated) for request 0   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1

  modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 49 to 10.30.1.151 port 1030 
        EAP-Message = 0x010200061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x84a491220515c511552ab706171613e1
Finished request 0
Going to the next request
--- Walking the entire request list ---

Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1030, id=50, length=187 
        User-Name = "test"
        Calling-Station-Id = "00-0e-35-bf-51-18"
        EAP-Message = 
0x0202005019800000004616030100410100003d030146fac439ea8581ba21eabf553c7e2bede79d8a8b5e8050ec49018ce88e0d365e00001600040005000a000900640062000300060013001200630100
        Framed-MTU = 1287
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        NAS-Port-Type = Wireless-802.11
        State = 0x84a491220515c511552ab706171613e1
        Message-Authenticator = 0xf94bf86181675508eb38163c3ccdb58a
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1   rlm_eap: EAP packet type response id 2 length 80   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 1     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 1 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 1 modcall: leaving group authorize (returns updated) for request 1   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS

rlm_eap_tls: Length Included
  eaptls_verify returned 11
    (other): before/accept initialization     TLS_accept: before/accept initialization   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello     TLS_accept: SSLv3 read client hello A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello     TLS_accept: SSLv3 write server hello A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0323], Certificate     TLS_accept: SSLv3 write certificate A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 50 to 10.30.1.151 port 1030

        EAP-Message =
0x010303861900160301004a02000046030146fac4f81d7c08476b0948611ad7e1d430ac48de3ece9df4a2657b53903d14a420be0aa5ecc0d3b39cfa23ccc8fdf0e89ab2d8bede855333a1a1b3d9206783405100040016030103230b00031f00031c000319308203153082027ea003020102020101300d06092a864886f70d01010405003081c3310b3009060355040613024152311530130603550408130c4275656e6f73204169726573312b302906035504070c2243697564616420417574c383c2b36e6f6d61206465204275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f3111300f06

Confused? Frustrated?X

        EAP-Message =
0x0355040b1308496e7465726e657431193017060355040313106c616c612e70616c65726d6f2e6564753121301f06092a864886f70d01090116127362656c6b694070616c65726d6f2e656475301e170d3037303932363139333435395a170d3038303932353139333435395a3081c3310b3009060355040613024152311530130603550408130c4275656e6f73204169726573312b302906035504070c2243697564616420417574c383c2b36e6f6d61206465204275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f3111300f060355040b1308496e7465726e6574311930170603550403

        EAP-Message =
0x13106c616c612e70616c65726d6f2e6564753121301f06092a864886f70d01090116127362656c6b694070616c65726d6f2e65647530819f300d06092a864886f70d010101050003818d0030818902818100eae88c4ee5755bcff546c3a68bab7b736e6f65d8606c1aadecf6992e59f340adddb323e7a3400a65e50cc80d7dd9ad58d86e50755c9e7e16640cd216ce68ce368aa37792817f1fc9aa30a016a3ee11ef5ab0b70d75543ec1aa8786d84caa7e6fe65bd4d9717cbf419d04f08181a24aa3591b1254bd78c4493f7424ccce2c1f150203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104

        EAP-Message =
0x050003818100b0496218dcda605d85723a61b574fe1254e2d9a02fcc7c635099f663609b0e5c4507497ed3ee2b15082bdc3ad578060c015ed439a6072eb1e6f418a7a0394442afbf6465258a1afd677343c6a71f9a4cf79d34f28d1c074053e2f7a9de236dbe7d7ea9a2150b26643b95e33f83172a0e36805e9ee185e5d2f8a914843a8647f516030100040e000000 

        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xf67d20ce350871f2a01558b626942ec1

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365X
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1030, id=51, length=113 
        User-Name = "test"
        Calling-Station-Id = "00-0e-35-bf-51-18"
        EAP-Message = 0x020300061900
        Framed-MTU = 1287
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        NAS-Port-Type = Wireless-802.11
        State = 0xf67d20ce350871f2a01558b626942ec1
        Message-Authenticator = 0xff8212d6d6cf53f90aa029b7e1750412
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 
  modcall[authorize]: module "preprocess" returns ok for request 2
  modcall[authorize]: module "chap" returns noop for request 2
  modcall[authorize]: module "mschap" returns noop for request 2
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 2   rlm_eap: EAP packet type response id 3 length 6   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 2     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 2 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 2 modcall: leaving group authorize (returns updated) for request 2   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS

rlm_eap_tls: Received EAP-TLS ACK message   rlm_eap_tls: ack handshake fragment handler   eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 51 to 10.30.1.151 port 1030 
        EAP-Message = 0x010400061900
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x6718a187125536104c34d39a67d872ae
Finished request 2
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---

Cleaning up request 0 ID 49 with timestamp 46fac4f8 Cleaning up request 1 ID 50 with timestamp 46fac4f8 Cleaning up request 2 ID 51 with timestamp 46fac4f8 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.30.1.151:1030, id=52, length=98 
        User-Name = "test"
        Calling-Station-Id = "00-0e-35-bf-51-18"
        EAP-Message = 0x020100090174657374
        Framed-MTU = 1287
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        NAS-Port-Type = Wireless-802.11
        Message-Authenticator = 0xa50d51122cbcbca9b42f183e87bcf2ff
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 
  modcall[authorize]: module "preprocess" returns ok for request 3
  modcall[authorize]: module "chap" returns noop for request 3
  modcall[authorize]: module "mschap" returns noop for request 3
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 3   rlm_eap: EAP packet type response id 1 length 9   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 3     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 3 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 3 modcall: leaving group authorize (returns updated) for request 3   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1

  modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 52 to 10.30.1.151 port 1030 
        EAP-Message = 0x010200061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xf2f11f2363c9058735a8cf115c21579b
Finished request 3
Going to the next request
--- Walking the entire request list ---

Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1030, id=53, length=187 
        User-Name = "test"
        Calling-Station-Id = "00-0e-35-bf-51-18"
        EAP-Message = 
0x0202005019800000004616030100410100003d030146fac440ecd88b50f115a021416ea93ede6ca1ae6530c8aeee1359ebe421693700001600040005000a000900640062000300060013001200630100

Do you need help?X

        Framed-MTU = 1287
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        NAS-Port-Type = Wireless-802.11
        State = 0xf2f11f2363c9058735a8cf115c21579b
        Message-Authenticator = 0x6a66b60b4c1c090bd1fefdb7af34f958
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 
  modcall[authorize]: module "preprocess" returns ok for request 4
  modcall[authorize]: module "chap" returns noop for request 4
  modcall[authorize]: module "mschap" returns noop for request 4
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 4   rlm_eap: EAP packet type response id 2 length 80   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 4     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 4 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 4 modcall: leaving group authorize (returns updated) for request 4   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS

rlm_eap_tls: Length Included
  eaptls_verify returned 11
    (other): before/accept initialization     TLS_accept: before/accept initialization   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello     TLS_accept: SSLv3 read client hello A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello     TLS_accept: SSLv3 write server hello A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0323], Certificate     TLS_accept: SSLv3 write certificate A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 53 to 10.30.1.151 port 1030

        EAP-Message =
0x010303861900160301004a02000046030146fac4feae310afd57f4d452d3ca2c1b9ade58df6c5ef678849403348d9434a920d2ca33e32297851bbec15b48031db583cad63e4e78827d50403ff35a801aa36200040016030103230b00031f00031c000319308203153082027ea003020102020101300d06092a864886f70d01010405003081c3310b3009060355040613024152311530130603550408130c4275656e6f73204169726573312b302906035504070c2243697564616420417574c383c2b36e6f6d61206465204275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f3111300f06

        EAP-Message =
0x0355040b1308496e7465726e657431193017060355040313106c616c612e70616c65726d6f2e6564753121301f06092a864886f70d01090116127362656c6b694070616c65726d6f2e656475301e170d3037303932363139333435395a170d3038303932353139333435395a3081c3310b3009060355040613024152311530130603550408130c4275656e6f73204169726573312b302906035504070c2243697564616420417574c383c2b36e6f6d61206465204275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f3111300f060355040b1308496e7465726e6574311930170603550403

        EAP-Message =
0x13106c616c612e70616c65726d6f2e6564753121301f06092a864886f70d01090116127362656c6b694070616c65726d6f2e65647530819f300d06092a864886f70d010101050003818d0030818902818100eae88c4ee5755bcff546c3a68bab7b736e6f65d8606c1aadecf6992e59f340adddb323e7a3400a65e50cc80d7dd9ad58d86e50755c9e7e16640cd216ce68ce368aa37792817f1fc9aa30a016a3ee11ef5ab0b70d75543ec1aa8786d84caa7e6fe65bd4d9717cbf419d04f08181a24aa3591b1254bd78c4493f7424ccce2c1f150203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104

        EAP-Message =
0x050003818100b0496218dcda605d85723a61b574fe1254e2d9a02fcc7c635099f663609b0e5c4507497ed3ee2b15082bdc3ad578060c015ed439a6072eb1e6f418a7a0394442afbf6465258a1afd677343c6a71f9a4cf79d34f28d1c074053e2f7a9de236dbe7d7ea9a2150b26643b95e33f83172a0e36805e9ee185e5d2f8a914843a8647f516030100040e000000 

        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x686966e2c087d527da96cedec3d51618
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1030, id=54, length=113 
        User-Name = "test"
        Calling-Station-Id = "00-0e-35-bf-51-18"
        EAP-Message = 0x020300061900
        Framed-MTU = 1287
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        NAS-Port-Type = Wireless-802.11
        State = 0x686966e2c087d527da96cedec3d51618
        Message-Authenticator = 0xefee4d42ec5b5f3d2df4736ac0549665
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 
  modcall[authorize]: module "preprocess" returns ok for request 5
  modcall[authorize]: module "chap" returns noop for request 5
  modcall[authorize]: module "mschap" returns noop for request 5
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 5   rlm_eap: EAP packet type response id 3 length 6   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 5     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 5 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 5 modcall: leaving group authorize (returns updated) for request 5   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS

rlm_eap_tls: Received EAP-TLS ACK message   rlm_eap_tls: ack handshake fragment handler   eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 54 to 10.30.1.151 port 1030 
        EAP-Message = 0x010400061900
        Message-Authenticator = 0x00000000000000000000000000000000

Do you need more help?X

        State = 0xbbcbe3c8e9f43cc41e8360e599a5e6fa
Finished request 5
Going to the next request
--- Walking the entire request list ---

Waking up in 5 seconds...
--- Walking the entire request list ---

Cleaning up request 3 ID 52 with timestamp 46fac4fe Cleaning up request 4 ID 53 with timestamp 46fac4fe Waking up in 1 seconds...
--- Walking the entire request list ---

Cleaning up request 5 ID 54 with timestamp 46fac4ff Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.30.1.151:1030, id=55, length=98 
        User-Name = "test"
        Calling-Station-Id = "00-0e-35-bf-51-18"
        EAP-Message = 0x020100090174657374
        Framed-MTU = 1287
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        NAS-Port-Type = Wireless-802.11
        Message-Authenticator = 0x9917ffe1cd380b71e40ed91da13f7fc1
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 
  modcall[authorize]: module "preprocess" returns ok for request 6
  modcall[authorize]: module "chap" returns noop for request 6
  modcall[authorize]: module "mschap" returns noop for request 6
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 6   rlm_eap: EAP packet type response id 1 length 9   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 6     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 6 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 6 modcall: leaving group authorize (returns updated) for request 6   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1

  modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 55 to 10.30.1.151 port 1030 
        EAP-Message = 0x010200061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x0335900dbfb1bdd2b0c17674b7db419b
Finished request 6
Going to the next request
--- Walking the entire request list ---

Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1030, id=56, length=187 
        User-Name = "test"
        Calling-Station-Id = "00-0e-35-bf-51-18"
        EAP-Message = 
0x0202005019800000004616030100410100003d030146fac4468988f6080cf3248a01b110b6d0700b5487d62a114569b3a3dbf139eb00001600040005000a000900640062000300060013001200630100
        Framed-MTU = 1287
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        NAS-Port-Type = Wireless-802.11
        State = 0x0335900dbfb1bdd2b0c17674b7db419b
        Message-Authenticator = 0xd856025ba1d1a5bddc8181150745851a
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 
  modcall[authorize]: module "preprocess" returns ok for request 7
  modcall[authorize]: module "chap" returns noop for request 7
  modcall[authorize]: module "mschap" returns noop for request 7
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 7   rlm_eap: EAP packet type response id 2 length 80   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 7     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 7 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 7 modcall: leaving group authorize (returns updated) for request 7   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS

rlm_eap_tls: Length Included
  eaptls_verify returned 11
    (other): before/accept initialization     TLS_accept: before/accept initialization   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello     TLS_accept: SSLv3 read client hello A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello     TLS_accept: SSLv3 write server hello A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0323], Certificate     TLS_accept: SSLv3 write certificate A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data

Can we help you?X

    TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 7 modcall: leaving group authenticate (returns handled) for request 7 Sending Access-Challenge of id 56 to 10.30.1.151 port 1030

        EAP-Message =
0x010303861900160301004a02000046030146fac50534eb4850570c0325e3c7f6246748938e0249450ac708cd04fe50d068206336c683e84a2a2eaaaaebafdc7416f0891727fae17795cdc92267e5035a75e200040016030103230b00031f00031c000319308203153082027ea003020102020101300d06092a864886f70d01010405003081c3310b3009060355040613024152311530130603550408130c4275656e6f73204169726573312b302906035504070c2243697564616420417574c383c2b36e6f6d61206465204275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f3111300f06

Can't find what you're looking for?X

        EAP-Message =
0x0355040b1308496e7465726e657431193017060355040313106c616c612e70616c65726d6f2e6564753121301f06092a864886f70d01090116127362656c6b694070616c65726d6f2e656475301e170d3037303932363139333435395a170d3038303932353139333435395a3081c3310b3009060355040613024152311530130603550408130c4275656e6f73204169726573312b302906035504070c2243697564616420417574c383c2b36e6f6d61206465204275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f3111300f060355040b1308496e7465726e6574311930170603550403

        EAP-Message =
0x13106c616c612e70616c65726d6f2e6564753121301f06092a864886f70d01090116127362656c6b694070616c65726d6f2e65647530819f300d06092a864886f70d010101050003818d0030818902818100eae88c4ee5755bcff546c3a68bab7b736e6f65d8606c1aadecf6992e59f340adddb323e7a3400a65e50cc80d7dd9ad58d86e50755c9e7e16640cd216ce68ce368aa37792817f1fc9aa30a016a3ee11ef5ab0b70d75543ec1aa8786d84caa7e6fe65bd4d9717cbf419d04f08181a24aa3591b1254bd78c4493f7424ccce2c1f150203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104

        EAP-Message =
0x050003818100b0496218dcda605d85723a61b574fe1254e2d9a02fcc7c635099f663609b0e5c4507497ed3ee2b15082bdc3ad578060c015ed439a6072eb1e6f418a7a0394442afbf6465258a1afd677343c6a71f9a4cf79d34f28d1c074053e2f7a9de236dbe7d7ea9a2150b26643b95e33f83172a0e36805e9ee185e5d2f8a914843a8647f516030100040e000000 

        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xb877e283342bd8b279df59890c6bf865
Finished request 7
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1030, id=57, length=113 
        User-Name = "test"
        Calling-Station-Id = "00-0e-35-bf-51-18"
        EAP-Message = 0x020300061900
        Framed-MTU = 1287
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        NAS-Port-Type = Wireless-802.11
        State = 0xb877e283342bd8b279df59890c6bf865
        Message-Authenticator = 0xbf5b398977c45e8cf03ee239066a4c22
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 
  modcall[authorize]: module "preprocess" returns ok for request 8
  modcall[authorize]: module "chap" returns noop for request 8
  modcall[authorize]: module "mschap" returns noop for request 8
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 8   rlm_eap: EAP packet type response id 3 length 6   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 8     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 8 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 8 modcall: leaving group authorize (returns updated) for request 8   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS

rlm_eap_tls: Received EAP-TLS ACK message   rlm_eap_tls: ack handshake fragment handler   eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 8 modcall: leaving group authenticate (returns handled) for request 8 Sending Access-Challenge of id 57 to 10.30.1.151 port 1030 
        EAP-Message = 0x010400061900
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x869911e557010be04e131fecf32148c2
Finished request 8
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---

Cleaning up request 6 ID 55 with timestamp 46fac505 Cleaning up request 7 ID 56 with timestamp 46fac505 Cleaning up request 8 ID 57 with timestamp 46fac505 Nothing to do. Sleeping until we see a request.

Config Files:

######
radiusd.conf
#######

prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
user = radiusd
group = radiusd
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no 

regular_expressions	= yes
extended_expressions	= yes
log_stripped_names = no
log_auth = no

log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
security { 
	max_attributes = 200
	reject_delay = 1
	status_server = no

}
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
snmp = no
$INCLUDE ${confdir}/snmp.conf
thread pool { 
	start_servers = 5
	max_servers = 32
	min_spare_servers = 3
	max_spare_servers = 10
	max_requests_per_server = 0

}
modules { 
	pap {
		auto_header = yes
	}
	chap {
		authtype = CHAP
	}
	pam {
		pam_auth = radiusd
	}
	unix {
		cache = no
		cache_reload = 600
		radwtmp = ${logdir}/radwtmp
	}
$INCLUDE ${confdir}/eap.conf
	mschap {
		use_mppe = no
		require_encryption = yes
	}
	ldap {
		server = "ldap.your.domain"
		basedn = "o=My Org,c=UA"
		filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
		start_tls = no
		access_attr = "dialupAccess"
		dictionary_mapping = ${raddbdir}/ldap.attrmap

Don't know where to look next?X

		ldap_connections_number = 5
		edir_account_policy_check=no
		timeout = 4
		timelimit = 3
		net_timeout = 1
	}
	realm IPASS {
		format = prefix
		delimiter = "/"
		ignore_default = no
		ignore_null = no
	}
	realm suffix {
		format = suffix
		delimiter = "@"
		ignore_default = no
		ignore_null = no
	}
	realm realmpercent {
		format = suffix
		delimiter = "%"
		ignore_default = no
		ignore_null = no
	}
	realm ntdomain {
		format = prefix
		delimiter = "\\"
		ignore_default = no
		ignore_null = no
	}	
	checkval {
		item-name = Calling-Station-Id
		check-name = Calling-Station-Id
		data-type = string
	}
	
	preprocess {
		huntgroups = ${confdir}/huntgroups
		hints = ${confdir}/hints
		with_ascend_hack = no
		ascend_channels_per_line = 23
		with_ntdomain_hack = no
		with_specialix_jetstream_hack = no
		with_cisco_vsa_hack = no
	}
	files {
		usersfile = ${confdir}/users
		acctusersfile = ${confdir}/acct_users
		preproxy_usersfile = ${confdir}/preproxy_users
		compat = no
	}
	detail {
		detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
		detailperm = 0600
	}
	acct_unique {
		key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, 
NAS-Port"
	}
	$INCLUDE  ${confdir}/sql.conf
	
	radutmp {
		filename = ${logdir}/radutmp
		username = %{User-Name}
		case_sensitive = yes
		check_with_nas = yes		
		perm = 0600
		callerid = "yes"
	}
	radutmp sradutmp {
		filename = ${logdir}/sradutmp
		perm = 0644
		callerid = "no"
	}
	attr_filter {
		attrsfile = ${confdir}/attrs
	}
	counter daily {
		filename = ${raddbdir}/db.daily
		key = User-Name
		count-attribute = Acct-Session-Time
		reset = daily
		counter-name = Daily-Session-Time
		check-name = Max-Daily-Session
		allowed-servicetype = Framed-User
		cache-size = 5000
	}
	sqlcounter dailycounter {
		counter-name = Daily-Session-Time

Confused? Frustrated?X

		check-name = Max-Daily-Session
		reply-name = Session-Timeout
		sqlmod-inst = sql
		key = User-Name
		reset = daily
		query = "SELECT SUM(AcctSessionTime - \
                 GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
                 FROM radacct WHERE UserName='%{%k}' AND \
                 UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
	}
	sqlcounter monthlycounter {
		counter-name = Monthly-Session-Time
		check-name = Max-Monthly-Session
		reply-name = Session-Timeout
		sqlmod-inst = sql
		key = User-Name
		reset = monthly
		query = "SELECT SUM(AcctSessionTime - \
                 GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
                 FROM radacct WHERE UserName='%{%k}' AND \
                 UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
	}
	always fail {
		rcode = fail
	}
	always reject {
		rcode = reject
	}
	always ok {
		rcode = ok
		simulcount = 0
		mpp = no
	}
	expr {
	}
	digest {
	}
	exec {
		wait = yes
		input_pairs = request
	}
	exec echo {
		wait = yes
		program = "/bin/echo %{User-Name}"
		input_pairs = request
		output_pairs = reply
	}
	ippool main_pool {
		range-start = 192.168.1.1
		range-stop = 192.168.3.254
		netmask = 255.255.255.0
		cache-size = 800
		session-db = ${raddbdir}/db.ippool
		ip-index = ${raddbdir}/db.ipindex
		override = no
		maximum-timeout = 0
	}

}
instantiate { 
	exec
	expr

}
authorize {

        preprocess          

	chap
	mschap
	suffix
	eap
	files
	pap

}
authenticate { 
	Auth-Type PAP {
		pap
	}
	Auth-Type CHAP {
		chap
	}
	Auth-Type MS-CHAP {
		mschap
	}
	unix
	eap

}
preacct { 
	preprocess
	acct_unique
	suffix
	files

}
accounting { 
	detail
	unix
	radutmp

}
session {

        radutmp
}
post-auth {
}
pre-proxy {
}
post-proxy {

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365X

        eap
}
#######
eap.conf
####### 

test	Cleartext-Password := "testing"
DEFAULT	Auth-Type = System
	Fall-Through = 1
DEFAULT	Service-Type == Framed-User
	Framed-IP-Address = 255.255.255.254,
	Framed-MTU = 576,
	Service-Type = Framed-User,
	Fall-Through = Yes
DEFAULT	Framed-Protocol == PPP

Do you need help?X

	Framed-Protocol = PPP,
	Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT	Hint == "CSLIP"
	Framed-Protocol = SLIP,
	Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT	Hint == "SLIP"
	Framed-Protocol = SLIP

#########
eap.conf
######### 

	eap {
		default_eap_type = peap
		timer_expire     = 6000000000
		ignore_unknown_eap_types = no
		cisco_accounting_username_bug = no
		md5 {
		}
		leap {
		}
		gtc {
			auth_type = PAP
		}
		tls {
			private_key_password = pepito
			private_key_file = ${raddbdir}/certs/privandpubradius.pem
			certificate_file = ${raddbdir}/certs/privandpubradius.pem
			CA_file = ${raddbdir}/certs/CA/cacert.pem
			dh_file = ${raddbdir}/certs/dh
			random_file = ${raddbdir}/certs/random
		}
		 peap {
			default_eap_type = mschapv2
		}
		mschapv2 {
		}
	}

#########
 Output when using Linux supplicant: 

################                                                        
rad_recv: Access-Request packet from host 10.30.1.151:1030, id=58, length=98
        User-Name = "test"
        Calling-Station-Id = "00-0e-35-bf-51-18"
        EAP-Message = 0x020100090174657374
        Framed-MTU = 1287
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        NAS-Port-Type = Wireless-802.11
        Message-Authenticator = 0x1fb2a16573be8af3a6d5ac9c59ef92db
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 
  modcall[authorize]: module "preprocess" returns ok for request 9
  modcall[authorize]: module "chap" returns noop for request 9
  modcall[authorize]: module "mschap" returns noop for request 9
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 9   rlm_eap: EAP packet type response id 1 length 9   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 9     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 9 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 9 modcall: leaving group authorize (returns updated) for request 9   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1

  modcall[authenticate]: module "eap" returns handled for request 9 modcall: leaving group authenticate (returns handled) for request 9 Sending Access-Challenge of id 58 to 10.30.1.151 port 1030 
        EAP-Message = 0x010200061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x1a1d3ba592915afdf20265d5bb6c7465
Finished request 9
Going to the next request
--- Walking the entire request list ---

Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1030, id=59, length=200 
        User-Name = "test"
        Calling-Station-Id = "00-0e-35-bf-51-18"

Do you need more help?X

        EAP-Message = 
0x0202005d190016030100520100004e030146fac7de8347c7d2fceb438f22f51dcde2c61953096e9a37753b9d4a649e0cee00002600390038003500160013000a00330032002f0005000400150012000900140011000800060003020100
        Framed-MTU = 1287
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        NAS-Port-Type = Wireless-802.11
        State = 0x1a1d3ba592915afdf20265d5bb6c7465
        Message-Authenticator = 0x903c36b969609a7633037b48094f00b9
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 10 
  modcall[authorize]: module "preprocess" returns ok for request 10
  modcall[authorize]: module "chap" returns noop for request 10
  modcall[authorize]: module "mschap" returns noop for request 10
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 10   rlm_eap: EAP packet type response id 2 length 93   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 10     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 10 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 10 modcall: leaving group authorize (returns updated) for request 10   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 10 
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS

  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
    (other): before/accept initialization     TLS_accept: before/accept initialization   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0052], ClientHello     TLS_accept: SSLv3 read client hello A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello     TLS_accept: SSLv3 write server hello A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0323], Certificate     TLS_accept: SSLv3 write certificate A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 010d], ServerKeyExchange     TLS_accept: SSLv3 write key exchange A   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 10 modcall: leaving group authenticate (returns handled) for request 10 Sending Access-Challenge of id 59 to 10.30.1.151 port 1030

        EAP-Message =
0x0103040a19c000000492160301004a02000046030146fac8811f6b21a7e9d3f8a681c0f24e10745b0ad3b21d531b991ea628630eed20b2e785e58cd451052eae3eb8af543ca4b7a6c94ef0d0e2bfe98933776153425900390016030103230b00031f00031c000319308203153082027ea003020102020101300d06092a864886f70d01010405003081c3310b3009060355040613024152311530130603550408130c4275656e6f73204169726573312b302906035504070c2243697564616420417574c383c2b36e6f6d61206465204275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f31

        EAP-Message =
0x11300f060355040b1308496e7465726e657431193017060355040313106c616c612e70616c65726d6f2e6564753121301f06092a864886f70d01090116127362656c6b694070616c65726d6f2e656475301e170d3037303932363139333435395a170d3038303932353139333435395a3081c3310b3009060355040613024152311530130603550408130c4275656e6f73204169726573312b302906035504070c2243697564616420417574c383c2b36e6f6d61206465204275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f3111300f060355040b1308496e7465726e65743119301706

        EAP-Message =
0x0355040313106c616c612e70616c65726d6f2e6564753121301f06092a864886f70d01090116127362656c6b694070616c65726d6f2e65647530819f300d06092a864886f70d010101050003818d0030818902818100eae88c4ee5755bcff546c3a68bab7b736e6f65d8606c1aadecf6992e59f340adddb323e7a3400a65e50cc80d7dd9ad58d86e50755c9e7e16640cd216ce68ce368aa37792817f1fc9aa30a016a3ee11ef5ab0b70d75543ec1aa8786d84caa7e6fe65bd4d9717cbf419d04f08181a24aa3591b1254bd78c4493f7424ccce2c1f150203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f7

        EAP-Message =
0x0d010104050003818100b0496218dcda605d85723a61b574fe1254e2d9a02fcc7c635099f663609b0e5c4507497ed3ee2b15082bdc3ad578060c015ed439a6072eb1e6f418a7a0394442afbf6465258a1afd677343c6a71f9a4cf79d34f28d1c074053e2f7a9de236dbe7d7ea9a2150b26643b95e33f83172a0e36805e9ee185e5d2f8a914843a8647f5160301010d0c0001090040e0fd054064941dc533d1652a3e0d1e3585141db612f40f4c306445ebe1cac307043f8709844b12fef4e2a21f5d3b68e0feaf805fde6518baf5d7de0c7b8b2f0300010500405f5c7bc6cfe5e7532afca872913d35c8b5731a43add51cea771459b606333662e7dc93 

        EAP-Message = 0x8950ea09d12b2097543f9d5b2f099ed5f4f312a357ab
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc29cc4fd6a04b0ef2cbb64df46562bdb
Finished request 10
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1030, id=60, length=113 
        User-Name = "test"
        Calling-Station-Id = "00-0e-35-bf-51-18"
        EAP-Message = 0x020300061900
        Framed-MTU = 1287
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        NAS-Port-Type = Wireless-802.11
        State = 0xc29cc4fd6a04b0ef2cbb64df46562bdb
        Message-Authenticator = 0x322fdf179efffc12c59e9ec874899e8e
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 11 
  modcall[authorize]: module "preprocess" returns ok for request 11
  modcall[authorize]: module "chap" returns noop for request 11
  modcall[authorize]: module "mschap" returns noop for request 11
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 11   rlm_eap: EAP packet type response id 3 length 6   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 11     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 11 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 11 modcall: leaving group authorize (returns updated) for request 11   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 11 
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap

Can we help you?X

  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS

rlm_eap_tls: Received EAP-TLS ACK message   rlm_eap_tls: ack handshake fragment handler   eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 11 modcall: leaving group authenticate (returns handled) for request 11 Sending Access-Challenge of id 60 to 10.30.1.151 port 1030

        EAP-Message =
0x010400981900fabe1a17cb2a1300809cbc50d12dbb35266732bf1e5fe7b842781cd34d0ebebad76df36c0bca11ce22b5fa5b24a9dab4832393079f61565ba8f848096f3c60f27ffabad67deee72ffd2e7ebdc2b053a923f250cdfa2d2e9aa6eeba4ae77e53558c29fd53b8821552746f698cfb830f277f0a10de5f98c0201a6a566798cccfa3035b2eeba716ce6c9f16030100040e000000 

        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x0acf35717843bc3dd822134a8499127d
Finished request 11
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1030, id=61, length=120 
        User-Name = "test"
        Calling-Station-Id = "00-0e-35-bf-51-18"
        EAP-Message = 0x0204000d190015030100020230
        Framed-MTU = 1287
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        NAS-Port-Type = Wireless-802.11
        State = 0x0acf35717843bc3dd822134a8499127d
        Message-Authenticator = 0x5a0d79c56e88c6b6f0bdc193f1a6c701
  Processing the authorize section of radiusd.conf modcall: entering group authorize for request 12 
  modcall[authorize]: module "preprocess" returns ok for request 12
  modcall[authorize]: module "chap" returns noop for request 12
  modcall[authorize]: module "mschap" returns noop for request 12
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL     rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 12   rlm_eap: EAP packet type response id 4 length 13   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation   modcall[authorize]: module "eap" returns updated for request 12     users: Matched entry test at line 79   modcall[authorize]: module "files" returns ok for request 12 rlm_pap: Found existing Auth-Type, not changing it.   modcall[authorize]: module "pap" returns noop for request 12 modcall: leaving group authorize (returns updated) for request 12   rad_check_password: Found Auth-Type EAP auth: type "EAP"
  Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 12 
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS

  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert read:fatal:unknown CA
Can't find what you're looking for?X