Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 588899 Details for
Bug 827858
Segfault during EAP
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
Output of radiusd -X
debug-output-1 (text/plain), 57.36 KB, created by
Thomas Jansen
on 2012-06-03 17:22:20 UTC
(
hide
)
Description:
Output of radiusd -X
Filename:
MIME Type:
Creator:
Thomas Jansen
Created:
2012-06-03 17:22:20 UTC
Size:
57.36 KB
patch
obsolete
>FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on Feb 7 2012 at 21:06:46 >Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. >There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A >PARTICULAR PURPOSE. >You may redistribute copies of FreeRADIUS under the terms of the >GNU General Public License v2. >Starting - reading configuration files ... >including configuration file /etc/raddb/radiusd.conf >including configuration file /etc/raddb/proxy.conf >including configuration file /etc/raddb/clients.conf >including files in directory /etc/raddb/modules/ >including configuration file /etc/raddb/modules/radutmp >including configuration file /etc/raddb/modules/mac2ip >including configuration file /etc/raddb/modules/detail.example.com >including configuration file /etc/raddb/modules/passwd >including configuration file /etc/raddb/modules/opendirectory >including configuration file /etc/raddb/modules/ntlm_auth >including configuration file /etc/raddb/modules/digest >including configuration file /etc/raddb/modules/attr_filter >including configuration file /etc/raddb/modules/mac2vlan >including configuration file /etc/raddb/modules/ldap >including configuration file /etc/raddb/modules/detail >including configuration file /etc/raddb/modules/smsotp >including configuration file /etc/raddb/modules/dynamic_clients >including configuration file /etc/raddb/modules/perl >including configuration file /etc/raddb/modules/ippool >including configuration file /etc/raddb/modules/sradutmp >including configuration file /etc/raddb/modules/pap >including configuration file /etc/raddb/modules/counter >including configuration file /etc/raddb/modules/unix >including configuration file /etc/raddb/modules/replicate >including configuration file /etc/raddb/modules/echo >including configuration file /etc/raddb/modules/rediswho >including configuration file /etc/raddb/modules/inner-eap >including configuration file /etc/raddb/modules/attr_rewrite >including configuration file /etc/raddb/modules/chap >including configuration file /etc/raddb/modules/checkval >including configuration file /etc/raddb/modules/realm >including configuration file /etc/raddb/modules/detail.log >including configuration file /etc/raddb/modules/etc_group >including configuration file /etc/raddb/modules/smbpasswd >including configuration file /etc/raddb/modules/files >including configuration file /etc/raddb/modules/cui >including configuration file /etc/raddb/modules/acct_unique >including configuration file /etc/raddb/modules/soh >including configuration file /etc/raddb/modules/preprocess >including configuration file /etc/raddb/modules/always >including configuration file /etc/raddb/modules/wimax >including configuration file /etc/raddb/modules/sqlcounter_expire_on_login >including configuration file /etc/raddb/modules/sql_log >including configuration file /etc/raddb/modules/logintime >including configuration file /etc/raddb/modules/linelog >including configuration file /etc/raddb/modules/redis >including configuration file /etc/raddb/modules/expiration >including configuration file /etc/raddb/modules/pam >including configuration file /etc/raddb/modules/expr >including configuration file /etc/raddb/modules/otp >including configuration file /etc/raddb/modules/exec >including configuration file /etc/raddb/modules/mschap >including configuration file /etc/raddb/modules/policy >including configuration file /etc/raddb/eap.conf >including configuration file /etc/raddb/policy.conf >including files in directory /etc/raddb/sites-enabled/ >including configuration file /etc/raddb/sites-enabled/inner-tunnel >including configuration file /etc/raddb/sites-enabled/default >including configuration file /etc/raddb/sites-enabled/control-socket >main { > user = "radiusd" > group = "radiusd" > allow_core_dumps = no >} >including dictionary file /etc/raddb/dictionary >main { > name = "radiusd" > prefix = "/usr" > localstatedir = "/var" > sbindir = "/usr/sbin" > logdir = "/var/log/radius" > run_dir = "/var/run/radiusd" > libdir = "/usr/lib64/freeradius" > radacctdir = "/var/log/radius/radacct" > hostname_lookups = no > max_request_time = 30 > cleanup_delay = 5 > max_requests = 1024 > pidfile = "/var/run/radiusd/radiusd.pid" > checkrad = "/usr/sbin/checkrad" > debug_level = 0 > proxy_requests = yes > log { > stripped_names = no > auth = no > auth_badpass = no > auth_goodpass = no > } > security { > max_attributes = 200 > reject_delay = 1 > status_server = yes > } >} >radiusd: #### Loading Realms and Home Servers #### > proxy server { > retry_delay = 5 > retry_count = 3 > default_fallback = no > dead_time = 120 > wake_all_if_all_dead = no > } > home_server localhost { > ipaddr = 127.0.0.1 > port = 1812 > type = "auth" > secret = "XXX" > response_window = 20 > max_outstanding = 65536 > require_message_authenticator = yes > zombie_period = 40 > status_check = "status-server" > ping_interval = 30 > check_interval = 30 > num_answers_to_alive = 3 > num_pings_to_alive = 3 > revive_interval = 120 > status_check_timeout = 4 > coa { > irt = 2 > mrt = 16 > mrc = 5 > mrd = 30 > } > } > home_server_pool my_auth_failover { > type = fail-over > home_server = localhost > } > realm example.com { > auth_pool = my_auth_failover > } > realm LOCAL { > } >radiusd: #### Loading Clients #### > client localhost { > ipaddr = 127.0.0.1 > require_message_authenticator = no > secret = "XXX" > nastype = "other" > } > client hugin { > ipaddr = 10.2.20.1 > require_message_authenticator = no > secret = "XXX" > } > client munin { > ipaddr = 10.2.20.2 > require_message_authenticator = no > secret = "XXX" > } >radiusd: #### Instantiating modules #### > instantiate { > Module: Linked to module rlm_exec > Module: Instantiating module "exec" from file /etc/raddb/modules/exec > exec { > wait = no > input_pairs = "request" > shell_escape = yes > } > Module: Linked to module rlm_expr > Module: Instantiating module "expr" from file /etc/raddb/modules/expr > Module: Linked to module rlm_expiration > Module: Instantiating module "expiration" from file /etc/raddb/modules/expiration > expiration { > reply-message = "Password Has Expired " > } > Module: Linked to module rlm_logintime > Module: Instantiating module "logintime" from file /etc/raddb/modules/logintime > logintime { > reply-message = "You are calling outside your allowed timespan " > minimum-timeout = 60 > } > } >radiusd: #### Loading Virtual Servers #### >server { # from file /etc/raddb/radiusd.conf > modules { > Module: Creating Auth-Type = digest > Module: Creating Auth-Type = LDAP > Module: Creating Post-Auth-Type = REJECT > Module: Checking authenticate {...} for more modules to load > Module: Linked to module rlm_pap > Module: Instantiating module "pap" from file /etc/raddb/modules/pap > pap { > encryption_scheme = "auto" > auto_header = no > } > Module: Linked to module rlm_chap > Module: Instantiating module "chap" from file /etc/raddb/modules/chap > Module: Linked to module rlm_mschap > Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap > mschap { > use_mppe = yes > require_encryption = no > require_strong = no > with_ntdomain_hack = no > allow_retry = yes > } > Module: Linked to module rlm_digest > Module: Instantiating module "digest" from file /etc/raddb/modules/digest > Module: Linked to module rlm_unix > Module: Instantiating module "unix" from file /etc/raddb/modules/unix > unix { > radwtmp = "/var/log/radius/radwtmp" > } > Module: Linked to module rlm_ldap > Module: Instantiating module "ldap" from file /etc/raddb/modules/ldap > ldap { > server = "localhost" > port = 389 > password = "" > identity = "" > net_timeout = 1 > timeout = 4 > timelimit = 3 > tls_mode = no > start_tls = no > tls_require_cert = "allow" > tls { > start_tls = no > require_cert = "allow" > } > basedn = "dc=thomas,dc=lan" > filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" > base_filter = "(objectclass=radiusprofile)" > auto_header = no > access_attr_used_for_allow = yes > groupname_attribute = "cn" > groupmembership_filter = "(&(objectClass=posixGroup)(memberuid=%{Stripped-User-Name:-%{User-Name}}))" > groupmembership_attribute = "radiusGroupName" > dictionary_mapping = "/etc/raddb/ldap.attrmap" > ldap_debug = 0 > ldap_connections_number = 5 > compare_check_items = no > do_xlat = yes > set_auth_type = yes > keepalive { > idle = 60 > probes = 3 > interval = 3 > } > } >rlm_ldap: Registering ldap_groupcmp for Ldap-Group >rlm_ldap: Registering ldap_xlat with xlat_name ldap >rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap >rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ >rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ >rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type >rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use >rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id >rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id >rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password >rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password >rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password >rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password >rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password >rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header >rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT >rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration >rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address >rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type >rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol >rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address >rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask >rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route >rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing >rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id >rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU >rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression >rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host >rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service >rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port >rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number >rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id >rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network >rlm_ldap: LDAP radiusClass mapped to RADIUS Class >rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout >rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout >rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action >rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service >rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node >rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group >rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link >rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network >rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone >rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit >rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port >rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message >rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type >rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type >rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id >conns: 0x7fd4967d7c20 > Module: Linked to module rlm_eap > Module: Instantiating module "eap" from file /etc/raddb/eap.conf > eap { > default_eap_type = "md5" > timer_expire = 60 > ignore_unknown_eap_types = no > cisco_accounting_username_bug = no > max_sessions = 4096 > } > Module: Linked to sub-module rlm_eap_md5 > Module: Instantiating eap-md5 > Module: Linked to sub-module rlm_eap_leap > Module: Instantiating eap-leap > Module: Linked to sub-module rlm_eap_gtc > Module: Instantiating eap-gtc > gtc { > challenge = "Password: " > auth_type = "PAP" > } > Module: Linked to sub-module rlm_eap_tls > Module: Instantiating eap-tls > tls { > rsa_key_exchange = no > dh_key_exchange = yes > rsa_key_length = 512 > dh_key_length = 512 > verify_depth = 0 > CA_path = "/etc/raddb/certs" > pem_file_type = yes > private_key_file = "/etc/raddb/certs/server.pem" > certificate_file = "/etc/raddb/certs/server.pem" > CA_file = "/etc/raddb/certs/ca.pem" > private_key_password = "whatever" > dh_file = "/etc/raddb/certs/dh" > random_file = "/etc/raddb/certs/random" > fragment_size = 1024 > include_length = yes > check_crl = no > cipher_list = "DEFAULT" > cache { > enable = no > lifetime = 24 > max_entries = 255 > } > verify { > } > ocsp { > enable = no > override_cert_url = yes > url = "http://127.0.0.1/ocsp/" > } > } > Module: Linked to sub-module rlm_eap_ttls > Module: Instantiating eap-ttls > ttls { > default_eap_type = "md5" > copy_request_to_tunnel = no > use_tunneled_reply = no > virtual_server = "inner-tunnel" > include_length = yes > } > Module: Linked to sub-module rlm_eap_peap > Module: Instantiating eap-peap > peap { > default_eap_type = "mschapv2" > copy_request_to_tunnel = no > use_tunneled_reply = no > proxy_tunneled_request_as_eap = yes > virtual_server = "inner-tunnel" > soh = no > } > Module: Linked to sub-module rlm_eap_mschapv2 > Module: Instantiating eap-mschapv2 > mschapv2 { > with_ntdomain_hack = no > send_error = no > } > Module: Checking authorize {...} for more modules to load > Module: Linked to module rlm_preprocess > Module: Instantiating module "preprocess" from file /etc/raddb/modules/preprocess > preprocess { > huntgroups = "/etc/raddb/huntgroups" > hints = "/etc/raddb/hints" > with_ascend_hack = no > ascend_channels_per_line = 23 > with_ntdomain_hack = no > with_specialix_jetstream_hack = no > with_cisco_vsa_hack = no > with_alvarion_vsa_hack = no > } > Module: Linked to module rlm_realm > Module: Instantiating module "suffix" from file /etc/raddb/modules/realm > realm suffix { > format = "suffix" > delimiter = "@" > ignore_default = no > ignore_null = no > } > Module: Linked to module rlm_files > Module: Instantiating module "files" from file /etc/raddb/modules/files > files { > usersfile = "/etc/raddb/users" > acctusersfile = "/etc/raddb/acct_users" > preproxy_usersfile = "/etc/raddb/preproxy_users" > compat = "no" > } > Module: Checking preacct {...} for more modules to load > Module: Linked to module rlm_acct_unique > Module: Instantiating module "acct_unique" from file /etc/raddb/modules/acct_unique > acct_unique { > key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" > } > Module: Checking accounting {...} for more modules to load > Module: Linked to module rlm_detail > Module: Instantiating module "detail" from file /etc/raddb/modules/detail > detail { > detailfile = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" > header = "%t" > detailperm = 384 > dirperm = 493 > locking = no > log_packet_header = no > } > Module: Linked to module rlm_radutmp > Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp > radutmp { > filename = "/var/log/radius/radutmp" > username = "%{User-Name}" > case_sensitive = yes > check_with_nas = yes > perm = 384 > callerid = yes > } > Module: Linked to module rlm_attr_filter > Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb/modules/attr_filter > attr_filter attr_filter.accounting_response { > attrsfile = "/etc/raddb/attrs.accounting_response" > key = "%{User-Name}" > relaxed = no > } > Module: Checking session {...} for more modules to load > Module: Checking post-proxy {...} for more modules to load > Module: Checking post-auth {...} for more modules to load > Module: Instantiating module "attr_filter.access_reject" from file /etc/raddb/modules/attr_filter > attr_filter attr_filter.access_reject { > attrsfile = "/etc/raddb/attrs.access_reject" > key = "%{User-Name}" > relaxed = no > } > } # modules >} # server >server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel > modules { > Module: Checking authenticate {...} for more modules to load > Module: Checking authorize {...} for more modules to load > Module: Checking session {...} for more modules to load > Module: Checking post-proxy {...} for more modules to load > Module: Checking post-auth {...} for more modules to load > } # modules >} # server >radiusd: #### Opening IP addresses and Ports #### >listen { > type = "auth" > ipaddr = * > port = 0 >} >listen { > type = "acct" > ipaddr = * > port = 0 >} >listen { > type = "control" > listen { > socket = "/var/run/radiusd/radiusd.sock" > } >} >listen { > type = "auth" > ipaddr = 127.0.0.1 > port = 18120 >} > ... adding new socket proxy address * port 45677 >Listening on authentication address * port 1812 >Listening on accounting address * port 1813 >Listening on command file /var/run/radiusd/radiusd.sock >Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel >Listening on proxy address * port 1814 >Ready to process requests. >rad_recv: Access-Request packet from host 10.2.20.1 port 3072, id=161, length=171 > User-Name = "mithi" > Service-Type = Framed-User > NAS-IP-Address = 10.2.20.1 > NAS-Port = 1 > NAS-Port-Id = "1" > Called-Station-Id = "00-A0-57-19-4E-79:Niflheim" > Calling-Station-Id = "7C-C5-37-6C-38-0A" > Connect-Info = "CONNECT 65 Mbps 802.11g/n" > NAS-Identifier = "hugin" > NAS-Port-Type = Wireless-802.11 > Framed-MTU = 1500 > EAP-Message = 0x0201000a016d69746869 > Message-Authenticator = 0xac5b68c0cd2adf76b799bc397170f35c ># Executing section authorize from file /etc/raddb/sites-enabled/default >+- entering group authorize {...} >++[preprocess] returns ok >++[chap] returns noop >++[mschap] returns noop >++[digest] returns noop >[suffix] No '@' in User-Name = "mithi", looking up realm NULL >[suffix] No such realm "NULL" >++[suffix] returns noop >[eap] EAP packet type response id 1 length 10 >[eap] No EAP Start, assuming it's an on-going EAP conversation >++[eap] returns updated > [ldap] Entering ldap_groupcmp() >[files] expand: dc=thomas,dc=lan -> dc=thomas,dc=lan >[files] expand: %{Stripped-User-Name} -> >[files] ... expanding second conditional >[files] expand: %{User-Name} -> mithi >[files] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=mithi) > [ldap] ldap_get_conn: Checking Id: 0 > [ldap] ldap_get_conn: Got Id: 0 > [ldap] attempting LDAP reconnection > [ldap] (re)connect to localhost:389, authentication 0 > [ldap] bind as / to localhost:389 > [ldap] waiting for bind result ... > [ldap] Bind was successful > [ldap] performing search in dc=thomas,dc=lan, with filter (uid=mithi) > [ldap] ldap_release_conn: Release Id: 0 >[files] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details >[files] ... expanding second conditional >[files] expand: %{User-Name} -> mithi >[files] expand: (&(objectClass=posixGroup)(memberuid=%{Stripped-User-Name:-%{User-Name}})) -> (&(objectClass=posixGroup)(memberuid=mithi)) > [ldap] ldap_get_conn: Checking Id: 0 > [ldap] ldap_get_conn: Got Id: 0 > [ldap] performing search in dc=thomas,dc=lan, with filter (&(cn=radius)(&(objectClass=posixGroup)(memberuid=mithi))) >rlm_ldap::ldap_groupcmp: User found in group radius > [ldap] ldap_release_conn: Release Id: 0 >++[files] returns noop >[ldap] performing user authorization for mithi >[ldap] expand: %{Stripped-User-Name} -> >[ldap] ... expanding second conditional >[ldap] expand: %{User-Name} -> mithi >[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=mithi) >[ldap] expand: dc=thomas,dc=lan -> dc=thomas,dc=lan > [ldap] ldap_get_conn: Checking Id: 0 > [ldap] ldap_get_conn: Got Id: 0 > [ldap] performing search in dc=thomas,dc=lan, with filter (uid=mithi) >[ldap] looking for check items in directory... > [ldap] userPassword -> Password-With-Header == "{CRYPT}6BbyOFay/8ypI" > [ldap] sambaNtPassword -> NT-Password == 0x3543304631323846314144433739313736313046463435414130363234413034 >[ldap] looking for reply items in directory... >[ldap] user mithi authorized to use remote access > [ldap] ldap_release_conn: Release Id: 0 >++[ldap] returns ok >++[expiration] returns noop >++[logintime] returns noop >[pap] Normalizing NT-Password from hex encoding >[pap] WARNING: Auth-Type already set. Not setting to PAP >++[pap] returns noop >Found Auth-Type = EAP ># Executing group from file /etc/raddb/sites-enabled/default >+- entering group authenticate {...} >[eap] EAP Identity >[eap] processing type md5 >rlm_eap_md5: Issuing Challenge >++[eap] returns handled >Sending Access-Challenge of id 161 to 10.2.20.1 port 3072 > EAP-Message = 0x01020016041007ed969713f1555b8c97c54dccfb5d08 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x071c467c071e4206f2dabc29caaaa316 >Finished request 0. >Going to the next request >Waking up in 4.9 seconds. >rad_recv: Access-Request packet from host 10.2.20.1 port 3072, id=195, length=185 > User-Name = "mithi" > Service-Type = Framed-User > NAS-IP-Address = 10.2.20.1 > NAS-Port = 1 > NAS-Port-Id = "1" > State = 0x071c467c071e4206f2dabc29caaaa316 > Called-Station-Id = "00-A0-57-19-4E-79:Niflheim" > Calling-Station-Id = "7C-C5-37-6C-38-0A" > Connect-Info = "CONNECT 65 Mbps 802.11g/n" > NAS-Identifier = "hugin" > NAS-Port-Type = Wireless-802.11 > Framed-MTU = 1500 > EAP-Message = 0x020200060319 > Message-Authenticator = 0x2d194bfe82dc1b043f8a9f8a64fa6a6e ># Executing section authorize from file /etc/raddb/sites-enabled/default >+- entering group authorize {...} >++[preprocess] returns ok >++[chap] returns noop >++[mschap] returns noop >++[digest] returns noop >[suffix] No '@' in User-Name = "mithi", looking up realm NULL >[suffix] No such realm "NULL" >++[suffix] returns noop >[eap] EAP packet type response id 2 length 6 >[eap] No EAP Start, assuming it's an on-going EAP conversation >++[eap] returns updated > [ldap] Entering ldap_groupcmp() >[files] expand: dc=thomas,dc=lan -> dc=thomas,dc=lan >[files] expand: %{Stripped-User-Name} -> >[files] ... expanding second conditional >[files] expand: %{User-Name} -> mithi >[files] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=mithi) > [ldap] ldap_get_conn: Checking Id: 0 > [ldap] ldap_get_conn: Got Id: 0 > [ldap] performing search in dc=thomas,dc=lan, with filter (uid=mithi) > [ldap] ldap_release_conn: Release Id: 0 >[files] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details >[files] ... expanding second conditional >[files] expand: %{User-Name} -> mithi >[files] expand: (&(objectClass=posixGroup)(memberuid=%{Stripped-User-Name:-%{User-Name}})) -> (&(objectClass=posixGroup)(memberuid=mithi)) > [ldap] ldap_get_conn: Checking Id: 0 > [ldap] ldap_get_conn: Got Id: 0 > [ldap] performing search in dc=thomas,dc=lan, with filter (&(cn=radius)(&(objectClass=posixGroup)(memberuid=mithi))) >rlm_ldap::ldap_groupcmp: User found in group radius > [ldap] ldap_release_conn: Release Id: 0 >++[files] returns noop >[ldap] performing user authorization for mithi >[ldap] expand: %{Stripped-User-Name} -> >[ldap] ... expanding second conditional >[ldap] expand: %{User-Name} -> mithi >[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=mithi) >[ldap] expand: dc=thomas,dc=lan -> dc=thomas,dc=lan > [ldap] ldap_get_conn: Checking Id: 0 > [ldap] ldap_get_conn: Got Id: 0 > [ldap] performing search in dc=thomas,dc=lan, with filter (uid=mithi) >[ldap] looking for check items in directory... > [ldap] userPassword -> Password-With-Header == "{CRYPT}6BbyOFay/8ypI" > [ldap] sambaNtPassword -> NT-Password == 0x3543304631323846314144433739313736313046463435414130363234413034 >[ldap] looking for reply items in directory... >[ldap] user mithi authorized to use remote access > [ldap] ldap_release_conn: Release Id: 0 >++[ldap] returns ok >++[expiration] returns noop >++[logintime] returns noop >[pap] Normalizing NT-Password from hex encoding >[pap] WARNING: Auth-Type already set. Not setting to PAP >++[pap] returns noop >Found Auth-Type = EAP ># Executing group from file /etc/raddb/sites-enabled/default >+- entering group authenticate {...} >[eap] Request found, released from the list >[eap] EAP NAK >[eap] EAP-NAK asked for EAP-Type/peap >[eap] processing type tls >[tls] Initiate >[tls] Start returned 1 >++[eap] returns handled >Sending Access-Challenge of id 195 to 10.2.20.1 port 3072 > EAP-Message = 0x010300061920 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x071c467c061f5f06f2dabc29caaaa316 >Finished request 1. >Going to the next request >Waking up in 4.9 seconds. >rad_recv: Access-Request packet from host 10.2.20.1 port 3072, id=55, length=307 > User-Name = "mithi" > Service-Type = Framed-User > NAS-IP-Address = 10.2.20.1 > NAS-Port = 1 > NAS-Port-Id = "1" > State = 0x071c467c061f5f06f2dabc29caaaa316 > Called-Station-Id = "00-A0-57-19-4E-79:Niflheim" > Calling-Station-Id = "7C-C5-37-6C-38-0A" > Connect-Info = "CONNECT 65 Mbps 802.11g/n" > NAS-Identifier = "hugin" > NAS-Port-Type = Wireless-802.11 > Framed-MTU = 1500 > EAP-Message = 0x0203008019800000007616030100710100006d03014fcb988b6cdf147c6d542830d20e2dcad1e2909ed85689a10c2a01e123d4323a00003200ffc00ac009c007c008c014c013c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a00330039001601000012000a00080006001700180019000b00020100 > Message-Authenticator = 0xccd46c2047eeae239dc0718a71b3373a ># Executing section authorize from file /etc/raddb/sites-enabled/default >+- entering group authorize {...} >++[preprocess] returns ok >++[chap] returns noop >++[mschap] returns noop >++[digest] returns noop >[suffix] No '@' in User-Name = "mithi", looking up realm NULL >[suffix] No such realm "NULL" >++[suffix] returns noop >[eap] EAP packet type response id 3 length 128 >[eap] Continuing tunnel setup. >++[eap] returns ok >Found Auth-Type = EAP ># Executing group from file /etc/raddb/sites-enabled/default >+- entering group authenticate {...} >[eap] Request found, released from the list >[eap] EAP/peap >[eap] processing type peap >[peap] processing EAP-TLS > TLS Length 118 >[peap] Length Included >[peap] eaptls_verify returned 11 >[peap] (other): before/accept initialization >[peap] TLS_accept: before/accept initialization >[peap] <<< TLS 1.0 Handshake [length 0071], ClientHello >[peap] TLS_accept: SSLv3 read client hello A >[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello >[peap] TLS_accept: SSLv3 write server hello A >[peap] >>> TLS 1.0 Handshake [length 085e], Certificate >[peap] TLS_accept: SSLv3 write certificate A >[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone >[peap] TLS_accept: SSLv3 write server done A >[peap] TLS_accept: SSLv3 flush data >[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A >In SSL Handshake Phase >In SSL Accept mode >[peap] eaptls_process returned 13 >[peap] EAPTLS_HANDLED >++[eap] returns handled >Sending Access-Challenge of id 55 to 10.2.20.1 port 3072 > EAP-Message = 0x0104040019c0000008a216030100310200002d03014fcb989293990da90f89242da416eb06d777f0e65d169a40b7159e757284421f00002f000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175 > EAP-Message = 0x74686f72697479301e170d3132303332393139323833385a170d3132303532383139323833385a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100dcf839e423f301d582dd11b91057f5540407ade0e54455d95ce52d76b1a1dd32081ab5ce17f68fa078c6ee8d21b9388fcbc3472e94700b > EAP-Message = 0x6092269571819ecdb73f900a97882cd1d474ca096bf5b6dd92504ac5b7d0a5c1edb98f64600677742a665e84824a9f2b488e9664c9012c12d53200323891110dc38f18ba796093124ee833e9a2f13f3c846464975df7e2d1b209d9dd660670d3d284e47bc3922faf9d8569b688a6f7530a1705a25882908ed94a46cef81b2e8c8ed66b9e5cf374dedb4592a7f698a7e10130845cae9c09d1d80c56ae61d8b8846fb1c6f95f32a7ef00f10e7572cd2deef509ab50894395630677d48e96c03329ac011041bd0d9a24230203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003820101008403 > EAP-Message = 0x22fb50d4715ad8d835386b3c29f30eb2a6e1a57de029f50ef298f583ccdfd96dba6f600c7e764f52b954afb2014c39be57689d4d4e3f3a8905e42ee3c011d6b54f3127c84ed34840bd835a96f9b236cb10b2af258e0558b756ede1ab02460322043437f2fd81119c69caa3969f96a1d44699c7b524d71bfab2cc5b2749c336b1df7efb87acfd376de3c0245036ab097b6aede33f90c061325d22c1f05437ad1a3bc55e7e2d3f47e8ac6c571de884cbd93993b85295ade72854013671450707b68e47cb35b206a181f7e1cc2728ac91cf07fd016fb608513613e514b182862ef9b51bdf011b0239b04ddef39dfc65c8ec0a643e4fde25d701632beddaf7 > EAP-Message = 0xfa0004ab308204a73082038f > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x071c467c05185f06f2dabc29caaaa316 >Finished request 2. >Going to the next request >Waking up in 4.9 seconds. >rad_recv: Access-Request packet from host 10.2.20.1 port 3072, id=41, length=185 > User-Name = "mithi" > Service-Type = Framed-User > NAS-IP-Address = 10.2.20.1 > NAS-Port = 1 > NAS-Port-Id = "1" > State = 0x071c467c05185f06f2dabc29caaaa316 > Called-Station-Id = "00-A0-57-19-4E-79:Niflheim" > Calling-Station-Id = "7C-C5-37-6C-38-0A" > Connect-Info = "CONNECT 65 Mbps 802.11g/n" > NAS-Identifier = "hugin" > NAS-Port-Type = Wireless-802.11 > Framed-MTU = 1500 > EAP-Message = 0x020400061900 > Message-Authenticator = 0x6b2aaad3e331727fa06422bcee65415b ># Executing section authorize from file /etc/raddb/sites-enabled/default >+- entering group authorize {...} >++[preprocess] returns ok >++[chap] returns noop >++[mschap] returns noop >++[digest] returns noop >[suffix] No '@' in User-Name = "mithi", looking up realm NULL >[suffix] No such realm "NULL" >++[suffix] returns noop >[eap] EAP packet type response id 4 length 6 >[eap] Continuing tunnel setup. >++[eap] returns ok >Found Auth-Type = EAP ># Executing group from file /etc/raddb/sites-enabled/default >+- entering group authenticate {...} >[eap] Request found, released from the list >[eap] EAP/peap >[eap] processing type peap >[peap] processing EAP-TLS >[peap] Received TLS ACK >[peap] ACK handshake fragment handler >[peap] eaptls_verify returned 1 >[peap] eaptls_process returned 13 >[peap] EAPTLS_HANDLED >++[eap] returns handled >Sending Access-Challenge of id 41 to 10.2.20.1 port 3072 > EAP-Message = 0x010503fc1940a003020102020900adef3d7128270d2d300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3132303332393139323833385a170d3132303532383139323833385a308193310b3009060355040613024652310f300d0603550408130652616469757331 > EAP-Message = 0x12301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c43996091c9b7f16bdd083ad24cbe534703989663bf118310e97d8e6075895faa558b36723b8fd561901202ad371ab259477684c53006b240743b1c84ac1cc0993473ed1f6d274bdcc499fb222262db2df5c8611757750a39cd164680803e777609d2fa1ec19c09b > EAP-Message = 0x223be029a049c275b1c7b0c6504e44bb51a760061424793eb1d1b24bd77f5127804a7bc93e5f216031229e602370ba0a13bcf50645ff1ac81e70e2c3144f180cab1bb148ff11e92ba3d5d7bf0942466f71c9fd0d904cf47b0286f1694b38423ea38eb33cdb1b6c5de2fe1fb89571f008939d1370cb918cfa82471dc757995c71fbc1640a90b1ac6b675aa638f56e3d646036e92092e7db7f0203010001a381fb3081f8301d0603551d0e041604143e9e740aa6bd34ad1993b4ed1700b1d07201b7123081c80603551d230481c03081bd80143e9e740aa6bd34ad1993b4ed1700b1d07201b712a18199a48196308193310b300906035504061302465231 > EAP-Message = 0x0f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900adef3d7128270d2d300c0603551d13040530030101ff300d06092a864886f70d010105050003820101001f9ec1e007f8a884c55684f4995e50eafcb4795d2e1276313263702120a5e6c955e5cdec6cd1047e02dbac649063463cb381877c4458437102792472bfe427d4ce2b155f64b7f7c79d95ab > EAP-Message = 0x41225a7b61e10093 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x071c467c04195f06f2dabc29caaaa316 >Finished request 3. >Going to the next request >Waking up in 4.9 seconds. >rad_recv: Access-Request packet from host 10.2.20.1 port 3072, id=202, length=185 > User-Name = "mithi" > Service-Type = Framed-User > NAS-IP-Address = 10.2.20.1 > NAS-Port = 1 > NAS-Port-Id = "1" > State = 0x071c467c04195f06f2dabc29caaaa316 > Called-Station-Id = "00-A0-57-19-4E-79:Niflheim" > Calling-Station-Id = "7C-C5-37-6C-38-0A" > Connect-Info = "CONNECT 65 Mbps 802.11g/n" > NAS-Identifier = "hugin" > NAS-Port-Type = Wireless-802.11 > Framed-MTU = 1500 > EAP-Message = 0x020500061900 > Message-Authenticator = 0xac981c15fb2170cec5f5ae3098e384bb ># Executing section authorize from file /etc/raddb/sites-enabled/default >+- entering group authorize {...} >++[preprocess] returns ok >++[chap] returns noop >++[mschap] returns noop >++[digest] returns noop >[suffix] No '@' in User-Name = "mithi", looking up realm NULL >[suffix] No such realm "NULL" >++[suffix] returns noop >[eap] EAP packet type response id 5 length 6 >[eap] Continuing tunnel setup. >++[eap] returns ok >Found Auth-Type = EAP ># Executing group from file /etc/raddb/sites-enabled/default >+- entering group authenticate {...} >[eap] Request found, released from the list >[eap] EAP/peap >[eap] processing type peap >[peap] processing EAP-TLS >[peap] Received TLS ACK >[peap] ACK handshake fragment handler >[peap] eaptls_verify returned 1 >[peap] eaptls_process returned 13 >[peap] EAPTLS_HANDLED >++[eap] returns handled >Sending Access-Challenge of id 202 to 10.2.20.1 port 3072 > EAP-Message = 0x010600bc19008e451e4f7744d5fa987493024d214ef496fc475cb6e122a62ce34b7bc2498c37882e85c9d119533d04aa2827945943bb3fce78aa55b7508e3d0a28701602ecc7450d23c51e55d01c51de07884966f56ed174d9e53f8dec9b8aea02a4a81c9db993e60327e5c25224b425de3948f5f14b8f5877b548382a66eed4236da900c0c85524020588d02e79a343251c039bf83ad2811356db2a2b747ba219a55d0f8b3676b32cbb4fff0db5ea6caf3a6316030100040e000000 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x071c467c031a5f06f2dabc29caaaa316 >Finished request 4. >Going to the next request >Waking up in 4.9 seconds. >rad_recv: Access-Request packet from host 10.2.20.1 port 3072, id=254, length=517 > User-Name = "mithi" > Service-Type = Framed-User > NAS-IP-Address = 10.2.20.1 > NAS-Port = 1 > NAS-Port-Id = "1" > State = 0x071c467c031a5f06f2dabc29caaaa316 > Called-Station-Id = "00-A0-57-19-4E-79:Niflheim" > Calling-Station-Id = "7C-C5-37-6C-38-0A" > Connect-Info = "CONNECT 65 Mbps 802.11g/n" > NAS-Identifier = "hugin" > NAS-Port-Type = Wireless-802.11 > Framed-MTU = 1500 > EAP-Message = 0x0206015019800000014616030101061000010201007fa0caab9feed2c542df2f17c58dec39033df448a17ee54a83a4724d6658551c159fc187913727f770fc67a3545e172adbe4601cb24d2e373a0b5b97ca1d45ee04fa4251928f0fa9f74cf4ff06cacbe42210c433a24528bc5b33f69546c0de963d3aa974556daf0078c4c8dc601461e2b811ece50f15c959f755b1b409fb54c553f14fe59f6578c26d9c6f3258335d138ef984c134a56f48ad76eefc085910bd7cbf46672c3dd29e2d3e7cd67e6004463ff398f3149aae6b2f3e199b14d67bf9285bf554f870658ff18a9c04257465c99724fc571d6290426838d14e1a36d2c924d96ce1b91ad2e0 > EAP-Message = 0x02ff83fce0873da2227aecf4427c1f39cf2f893b48e6f416140301000101160301003003063821356774fdeffa0b8ed7b88c5fe10ff934479657b138724513c5cc164c894ed5d26b45c62a6d819b0ef37a30c6 > Message-Authenticator = 0x978280995520371a2e79681baa54f25a ># Executing section authorize from file /etc/raddb/sites-enabled/default >+- entering group authorize {...} >++[preprocess] returns ok >++[chap] returns noop >++[mschap] returns noop >++[digest] returns noop >[suffix] No '@' in User-Name = "mithi", looking up realm NULL >[suffix] No such realm "NULL" >++[suffix] returns noop >[eap] EAP packet type response id 6 length 253 >[eap] Continuing tunnel setup. >++[eap] returns ok >Found Auth-Type = EAP ># Executing group from file /etc/raddb/sites-enabled/default >+- entering group authenticate {...} >[eap] Request found, released from the list >[eap] EAP/peap >[eap] processing type peap >[peap] processing EAP-TLS > TLS Length 326 >[peap] Length Included >[peap] eaptls_verify returned 11 >[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange >[peap] TLS_accept: SSLv3 read client key exchange A >[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] >[peap] <<< TLS 1.0 Handshake [length 0010], Finished >[peap] TLS_accept: SSLv3 read finished A >[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] >[peap] TLS_accept: SSLv3 write change cipher spec A >[peap] >>> TLS 1.0 Handshake [length 0010], Finished >[peap] TLS_accept: SSLv3 write finished A >[peap] TLS_accept: SSLv3 flush data >[peap] (other): SSL negotiation finished successfully >SSL Connection Established >[peap] eaptls_process returned 13 >[peap] EAPTLS_HANDLED >++[eap] returns handled >Sending Access-Challenge of id 254 to 10.2.20.1 port 3072 > EAP-Message = 0x01070041190014030100010116030100308ff36acbd528761fddde8560d9eed6eb98ae7c2871f9d1be563290b9f1729efd94f07e7b5256de7907a3c5830b36e7e0 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x071c467c021b5f06f2dabc29caaaa316 >Finished request 5. >Going to the next request >Waking up in 4.9 seconds. >rad_recv: Access-Request packet from host 10.2.20.1 port 3072, id=213, length=185 > User-Name = "mithi" > Service-Type = Framed-User > NAS-IP-Address = 10.2.20.1 > NAS-Port = 1 > NAS-Port-Id = "1" > State = 0x071c467c021b5f06f2dabc29caaaa316 > Called-Station-Id = "00-A0-57-19-4E-79:Niflheim" > Calling-Station-Id = "7C-C5-37-6C-38-0A" > Connect-Info = "CONNECT 65 Mbps 802.11g/n" > NAS-Identifier = "hugin" > NAS-Port-Type = Wireless-802.11 > Framed-MTU = 1500 > EAP-Message = 0x020700061900 > Message-Authenticator = 0x60f39cd7e934968665d0438c921adf2b ># Executing section authorize from file /etc/raddb/sites-enabled/default >+- entering group authorize {...} >++[preprocess] returns ok >++[chap] returns noop >++[mschap] returns noop >++[digest] returns noop >[suffix] No '@' in User-Name = "mithi", looking up realm NULL >[suffix] No such realm "NULL" >++[suffix] returns noop >[eap] EAP packet type response id 7 length 6 >[eap] Continuing tunnel setup. >++[eap] returns ok >Found Auth-Type = EAP ># Executing group from file /etc/raddb/sites-enabled/default >+- entering group authenticate {...} >[eap] Request found, released from the list >[eap] EAP/peap >[eap] processing type peap >[peap] processing EAP-TLS >[peap] Received TLS ACK >[peap] ACK handshake is finished >[peap] eaptls_verify returned 3 >[peap] eaptls_process returned 3 >[peap] EAPTLS_SUCCESS >[peap] Session established. Decoding tunneled attributes. >[peap] Peap state TUNNEL ESTABLISHED >++[eap] returns handled >Sending Access-Challenge of id 213 to 10.2.20.1 port 3072 > EAP-Message = 0x0108002b19001703010020f610918d8d6c27fedf4bfa8a0709827d68fb7dbda1b03461f1f186391350efc0 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x071c467c01145f06f2dabc29caaaa316 >Finished request 6. >Going to the next request >Waking up in 4.8 seconds. >rad_recv: Access-Request packet from host 10.2.20.1 port 3072, id=31, length=222 > User-Name = "mithi" > Service-Type = Framed-User > NAS-IP-Address = 10.2.20.1 > NAS-Port = 1 > NAS-Port-Id = "1" > State = 0x071c467c01145f06f2dabc29caaaa316 > Called-Station-Id = "00-A0-57-19-4E-79:Niflheim" > Calling-Station-Id = "7C-C5-37-6C-38-0A" > Connect-Info = "CONNECT 65 Mbps 802.11g/n" > NAS-Identifier = "hugin" > NAS-Port-Type = Wireless-802.11 > Framed-MTU = 1500 > EAP-Message = 0x0208002b190017030100202015d6f02e8b9b6c7abaf7870f81d44fde6f9ab12dacf3301376d14e823547c1 > Message-Authenticator = 0xc41c3874a0a1de555e2f4f21b72d9d91 ># Executing section authorize from file /etc/raddb/sites-enabled/default >+- entering group authorize {...} >++[preprocess] returns ok >++[chap] returns noop >++[mschap] returns noop >++[digest] returns noop >[suffix] No '@' in User-Name = "mithi", looking up realm NULL >[suffix] No such realm "NULL" >++[suffix] returns noop >[eap] EAP packet type response id 8 length 43 >[eap] Continuing tunnel setup. >++[eap] returns ok >Found Auth-Type = EAP ># Executing group from file /etc/raddb/sites-enabled/default >+- entering group authenticate {...} >[eap] Request found, released from the list >[eap] EAP/peap >[eap] processing type peap >[peap] processing EAP-TLS >[peap] eaptls_verify returned 7 >[peap] Done initial handshake >[peap] eaptls_process returned 7 >[peap] EAPTLS_OK >[peap] Session established. Decoding tunneled attributes. >[peap] Peap state WAITING FOR INNER IDENTITY >[peap] Identity - mithi >[peap] Got inner identity 'mithi' >[peap] Setting default EAP type for tunneled EAP session. >[peap] Got tunneled request > EAP-Message = 0x0208000a016d69746869 >server { >[peap] Setting User-Name to mithi >Sending tunneled request > EAP-Message = 0x0208000a016d69746869 > FreeRADIUS-Proxied-To = 127.0.0.1 > User-Name = "mithi" >server inner-tunnel { ># Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel >+- entering group authorize {...} >++[chap] returns noop >++[mschap] returns noop >[suffix] No '@' in User-Name = "mithi", looking up realm NULL >[suffix] No such realm "NULL" >++[suffix] returns noop >++[control] returns noop >[eap] EAP packet type response id 8 length 10 >[eap] No EAP Start, assuming it's an on-going EAP conversation >++[eap] returns updated > [ldap] Entering ldap_groupcmp() >[files] expand: dc=thomas,dc=lan -> dc=thomas,dc=lan >[files] expand: %{Stripped-User-Name} -> >[files] ... expanding second conditional >[files] expand: %{User-Name} -> mithi >[files] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=mithi) > [ldap] ldap_get_conn: Checking Id: 0 > [ldap] ldap_get_conn: Got Id: 0 > [ldap] performing search in dc=thomas,dc=lan, with filter (uid=mithi) > [ldap] ldap_release_conn: Release Id: 0 >[files] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details >[files] ... expanding second conditional >[files] expand: %{User-Name} -> mithi >[files] expand: (&(objectClass=posixGroup)(memberuid=%{Stripped-User-Name:-%{User-Name}})) -> (&(objectClass=posixGroup)(memberuid=mithi)) > [ldap] ldap_get_conn: Checking Id: 0 > [ldap] ldap_get_conn: Got Id: 0 > [ldap] performing search in dc=thomas,dc=lan, with filter (&(cn=radius)(&(objectClass=posixGroup)(memberuid=mithi))) >rlm_ldap::ldap_groupcmp: User found in group radius > [ldap] ldap_release_conn: Release Id: 0 >++[files] returns noop >[ldap] performing user authorization for mithi >[ldap] expand: %{Stripped-User-Name} -> >[ldap] ... expanding second conditional >[ldap] expand: %{User-Name} -> mithi >[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=mithi) >[ldap] expand: dc=thomas,dc=lan -> dc=thomas,dc=lan > [ldap] ldap_get_conn: Checking Id: 0 > [ldap] ldap_get_conn: Got Id: 0 > [ldap] performing search in dc=thomas,dc=lan, with filter (uid=mithi) >[ldap] looking for check items in directory... > [ldap] userPassword -> Password-With-Header == "{CRYPT}6BbyOFay/8ypI" > [ldap] sambaNtPassword -> NT-Password == 0x3543304631323846314144433739313736313046463435414130363234413034 >[ldap] looking for reply items in directory... >[ldap] user mithi authorized to use remote access > [ldap] ldap_release_conn: Release Id: 0 >++[ldap] returns ok >++[expiration] returns noop >++[logintime] returns noop >[pap] Normalizing NT-Password from hex encoding >[pap] WARNING: Auth-Type already set. Not setting to PAP >++[pap] returns noop >Found Auth-Type = EAP ># Executing group from file /etc/raddb/sites-enabled/inner-tunnel >+- entering group authenticate {...} >[eap] EAP Identity >[eap] processing type mschapv2 >rlm_eap_mschapv2: Issuing Challenge >++[eap] returns handled >} # server inner-tunnel >[peap] Got tunneled reply code 11 > EAP-Message = 0x0109001f1a0109001a10ef842b1d7f5c99b0d7ca881f7e629cec6d69746869 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x6a517e7e6a5864b5a1f0df3dfa1c60bb >[peap] Got tunneled reply RADIUS code 11 > EAP-Message = 0x0109001f1a0109001a10ef842b1d7f5c99b0d7ca881f7e629cec6d69746869 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x6a517e7e6a5864b5a1f0df3dfa1c60bb >[peap] Got tunneled Access-Challenge >++[eap] returns handled >Sending Access-Challenge of id 31 to 10.2.20.1 port 3072 > EAP-Message = 0x0109003b1900170301003064073c43912610686c7d1c57f8c6aa3140bafa7e9c0e63f0dd5d4f93592b5cad4ad547f9f28b7872da1cdd3c7ccb963f > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x071c467c00155f06f2dabc29caaaa316 >Finished request 7. >Going to the next request >Waking up in 4.8 seconds. >rad_recv: Access-Request packet from host 10.2.20.1 port 3072, id=14, length=286 > User-Name = "mithi" > Service-Type = Framed-User > NAS-IP-Address = 10.2.20.1 > NAS-Port = 1 > NAS-Port-Id = "1" > State = 0x071c467c00155f06f2dabc29caaaa316 > Called-Station-Id = "00-A0-57-19-4E-79:Niflheim" > Calling-Station-Id = "7C-C5-37-6C-38-0A" > Connect-Info = "CONNECT 65 Mbps 802.11g/n" > NAS-Identifier = "hugin" > NAS-Port-Type = Wireless-802.11 > Framed-MTU = 1500 > EAP-Message = 0x0209006b190017030100604b35e58278951a961cccfb53ac857547e276a651b41a5e3f51234abb18e7abae612d1967382148040a5553b7b9853af4987a53a77e974b9ed7f6c0c64737e33aed4cf518c2cd572d3ddd441d6871c796506f2100f80caa735ad11da62e7de1ad > Message-Authenticator = 0xa6112dbd7a208da87943120e29d4e575 ># Executing section authorize from file /etc/raddb/sites-enabled/default >+- entering group authorize {...} >++[preprocess] returns ok >++[chap] returns noop >++[mschap] returns noop >++[digest] returns noop >[suffix] No '@' in User-Name = "mithi", looking up realm NULL >[suffix] No such realm "NULL" >++[suffix] returns noop >[eap] EAP packet type response id 9 length 107 >[eap] Continuing tunnel setup. >++[eap] returns ok >Found Auth-Type = EAP ># Executing group from file /etc/raddb/sites-enabled/default >+- entering group authenticate {...} >[eap] Request found, released from the list >[eap] EAP/peap >[eap] processing type peap >[peap] processing EAP-TLS >[peap] eaptls_verify returned 7 >[peap] Done initial handshake >[peap] eaptls_process returned 7 >[peap] EAPTLS_OK >[peap] Session established. Decoding tunneled attributes. >[peap] Peap state phase2 >[peap] EAP type mschapv2 >[peap] Got tunneled request > EAP-Message = 0x020900401a0209003b317eec8ba5767ef7a6cccd67e7aa1d720c00000000000000000206bdf9df18294ba4c82a10f5223d4b336c37d1f78a8ae4006d69746869 >server { >[peap] Setting User-Name to mithi >Sending tunneled request > EAP-Message = 0x020900401a0209003b317eec8ba5767ef7a6cccd67e7aa1d720c00000000000000000206bdf9df18294ba4c82a10f5223d4b336c37d1f78a8ae4006d69746869 > FreeRADIUS-Proxied-To = 127.0.0.1 > User-Name = "mithi" > State = 0x6a517e7e6a5864b5a1f0df3dfa1c60bb >server inner-tunnel { ># Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel >+- entering group authorize {...} >++[chap] returns noop >++[mschap] returns noop >[suffix] No '@' in User-Name = "mithi", looking up realm NULL >[suffix] No such realm "NULL" >++[suffix] returns noop >++[control] returns noop >[eap] EAP packet type response id 9 length 64 >[eap] No EAP Start, assuming it's an on-going EAP conversation >++[eap] returns updated > [ldap] Entering ldap_groupcmp() >[files] expand: dc=thomas,dc=lan -> dc=thomas,dc=lan >[files] expand: %{Stripped-User-Name} -> >[files] ... expanding second conditional >[files] expand: %{User-Name} -> mithi >[files] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=mithi) > [ldap] ldap_get_conn: Checking Id: 0 > [ldap] ldap_get_conn: Got Id: 0 > [ldap] performing search in dc=thomas,dc=lan, with filter (uid=mithi) > [ldap] ldap_release_conn: Release Id: 0 >[files] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details >[files] ... expanding second conditional >[files] expand: %{User-Name} -> mithi >[files] expand: (&(objectClass=posixGroup)(memberuid=%{Stripped-User-Name:-%{User-Name}})) -> (&(objectClass=posixGroup)(memberuid=mithi)) > [ldap] ldap_get_conn: Checking Id: 0 > [ldap] ldap_get_conn: Got Id: 0 > [ldap] performing search in dc=thomas,dc=lan, with filter (&(cn=radius)(&(objectClass=posixGroup)(memberuid=mithi))) >rlm_ldap::ldap_groupcmp: User found in group radius > [ldap] ldap_release_conn: Release Id: 0 >++[files] returns noop >[ldap] performing user authorization for mithi >[ldap] expand: %{Stripped-User-Name} -> >[ldap] ... expanding second conditional >[ldap] expand: %{User-Name} -> mithi >[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=mithi) >[ldap] expand: dc=thomas,dc=lan -> dc=thomas,dc=lan > [ldap] ldap_get_conn: Checking Id: 0 > [ldap] ldap_get_conn: Got Id: 0 > [ldap] performing search in dc=thomas,dc=lan, with filter (uid=mithi) >[ldap] looking for check items in directory... > [ldap] userPassword -> Password-With-Header == "{CRYPT}6BbyOFay/8ypI" > [ldap] sambaNtPassword -> NT-Password == 0x3543304631323846314144433739313736313046463435414130363234413034 >[ldap] looking for reply items in directory... >[ldap] user mithi authorized to use remote access > [ldap] ldap_release_conn: Release Id: 0 >++[ldap] returns ok >++[expiration] returns noop >++[logintime] returns noop >[pap] Normalizing NT-Password from hex encoding >[pap] WARNING: Auth-Type already set. Not setting to PAP >++[pap] returns noop >Found Auth-Type = EAP ># Executing group from file /etc/raddb/sites-enabled/inner-tunnel >+- entering group authenticate {...} >[eap] Request found, released from the list >[eap] EAP/mschapv2 >[eap] processing type mschapv2 >[mschapv2] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel >[mschapv2] +- entering group MS-CHAP {...} >[mschap] No Cleartext-Password configured. Cannot create LM-Password. >[mschap] Found NT-Password >[mschap] Creating challenge hash with username: mithi >[mschap] Told to do MS-CHAPv2 for mithi with NT-Password >[mschap] adding MS-CHAPv2 MPPE keys >++[mschap] returns ok >MSCHAP Success >++[eap] returns handled >} # server inner-tunnel >[peap] Got tunneled reply code 11 > EAP-Message = 0x010a00331a0309002e533d37323630343242343030373539383435464432433239434534423944453945363737434439423143 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x6a517e7e6b5b64b5a1f0df3dfa1c60bb >[peap] Got tunneled reply RADIUS code 11 > EAP-Message = 0x010a00331a0309002e533d37323630343242343030373539383435464432433239434534423944453945363737434439423143 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x6a517e7e6b5b64b5a1f0df3dfa1c60bb >[peap] Got tunneled Access-Challenge >++[eap] returns handled >Sending Access-Challenge of id 14 to 10.2.20.1 port 3072 > EAP-Message = 0x010a005b190017030100506dbea554fc086050999af3286ca52aedd7e93fdaa4efc5641bbb2ce1fdb3a3c6e13636a3ce6dd13b7c9093e88b60d9e2777ceab3e01731841147ce66d9e5af64227fcef707b846deeb99839692cb485f > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x071c467c0f165f06f2dabc29caaaa316 >Finished request 8. >Going to the next request >Waking up in 4.8 seconds. >rad_recv: Access-Request packet from host 10.2.20.1 port 3072, id=252, length=222 > User-Name = "mithi" > Service-Type = Framed-User > NAS-IP-Address = 10.2.20.1 > NAS-Port = 1 > NAS-Port-Id = "1" > State = 0x071c467c0f165f06f2dabc29caaaa316 > Called-Station-Id = "00-A0-57-19-4E-79:Niflheim" > Calling-Station-Id = "7C-C5-37-6C-38-0A" > Connect-Info = "CONNECT 65 Mbps 802.11g/n" > NAS-Identifier = "hugin" > NAS-Port-Type = Wireless-802.11 > Framed-MTU = 1500 > EAP-Message = 0x020a002b19001703010020e6e31adefbd71870c216072c5f57a68fb87fbc19f734e25ee8c7f7c4cd74047b > Message-Authenticator = 0x15c0d6d8e76ab21ba5783b2de27c0975 ># Executing section authorize from file /etc/raddb/sites-enabled/default >+- entering group authorize {...} >++[preprocess] returns ok >++[chap] returns noop >++[mschap] returns noop >++[digest] returns noop >[suffix] No '@' in User-Name = "mithi", looking up realm NULL >[suffix] No such realm "NULL" >++[suffix] returns noop >[eap] EAP packet type response id 10 length 43 >[eap] Continuing tunnel setup. >++[eap] returns ok >Found Auth-Type = EAP ># Executing group from file /etc/raddb/sites-enabled/default >+- entering group authenticate {...} >[eap] Request found, released from the list >[eap] EAP/peap >[eap] processing type peap >[peap] processing EAP-TLS >[peap] eaptls_verify returned 7 >[peap] Done initial handshake >[peap] eaptls_process returned 7 >[peap] EAPTLS_OK >[peap] Session established. Decoding tunneled attributes. >[peap] Peap state phase2 >[peap] EAP type mschapv2 >[peap] Got tunneled request > EAP-Message = 0x020a00061a03 >server { >[peap] Setting User-Name to mithi >Sending tunneled request > EAP-Message = 0x020a00061a03 > FreeRADIUS-Proxied-To = 127.0.0.1 > User-Name = "mithi" > State = 0x6a517e7e6b5b64b5a1f0df3dfa1c60bb >server inner-tunnel { ># Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel >+- entering group authorize {...} >++[chap] returns noop >++[mschap] returns noop >[suffix] No '@' in User-Name = "mithi", looking up realm NULL >[suffix] No such realm "NULL" >++[suffix] returns noop >++[control] returns noop >[eap] EAP packet type response id 10 length 6 >[eap] No EAP Start, assuming it's an on-going EAP conversation >++[eap] returns updated > [ldap] Entering ldap_groupcmp() >[files] expand: dc=thomas,dc=lan -> dc=thomas,dc=lan >[files] expand: %{Stripped-User-Name} -> >[files] ... expanding second conditional >[files] expand: %{User-Name} -> mithi >[files] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=mithi) > [ldap] ldap_get_conn: Checking Id: 0 > [ldap] ldap_get_conn: Got Id: 0 > [ldap] performing search in dc=thomas,dc=lan, with filter (uid=mithi) > [ldap] ldap_release_conn: Release Id: 0 >[files] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details >[files] ... expanding second conditional >[files] expand: %{User-Name} -> mithi >[files] expand: (&(objectClass=posixGroup)(memberuid=%{Stripped-User-Name:-%{User-Name}})) -> (&(objectClass=posixGroup)(memberuid=mithi)) > [ldap] ldap_get_conn: Checking Id: 0 > [ldap] ldap_get_conn: Got Id: 0 > [ldap] performing search in dc=thomas,dc=lan, with filter (&(cn=radius)(&(objectClass=posixGroup)(memberuid=mithi))) >rlm_ldap::ldap_groupcmp: User found in group radius > [ldap] ldap_release_conn: Release Id: 0 >++[files] returns noop >[ldap] performing user authorization for mithi >[ldap] expand: %{Stripped-User-Name} -> >[ldap] ... expanding second conditional >[ldap] expand: %{User-Name} -> mithi >[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=mithi) >[ldap] expand: dc=thomas,dc=lan -> dc=thomas,dc=lan > [ldap] ldap_get_conn: Checking Id: 0 > [ldap] ldap_get_conn: Got Id: 0 > [ldap] performing search in dc=thomas,dc=lan, with filter (uid=mithi) >[ldap] looking for check items in directory... > [ldap] userPassword -> Password-With-Header == "{CRYPT}6BbyOFay/8ypI" > [ldap] sambaNtPassword -> NT-Password == 0x3543304631323846314144433739313736313046463435414130363234413034 >[ldap] looking for reply items in directory... >[ldap] user mithi authorized to use remote access > [ldap] ldap_release_conn: Release Id: 0 >++[ldap] returns ok >++[expiration] returns noop >++[logintime] returns noop >[pap] Normalizing NT-Password from hex encoding >[pap] WARNING: Auth-Type already set. Not setting to PAP >++[pap] returns noop >Found Auth-Type = EAP ># Executing group from file /etc/raddb/sites-enabled/inner-tunnel >+- entering group authenticate {...} >[eap] Request found, released from the list >[eap] EAP/mschapv2 >[eap] processing type mschapv2 >[eap] Freeing handler >++[eap] returns ok > WARNING: Empty post-auth section. Using default return values. ># Executing section post-auth from file /etc/raddb/sites-enabled/inner-tunnel >} # server inner-tunnel >[peap] Got tunneled reply code 2 > MS-MPPE-Encryption-Policy = 0x00000001 > MS-MPPE-Encryption-Types = 0x00000006 > MS-MPPE-Send-Key = 0xcb7fea651632dae51e98ddf76e9fdf21 > MS-MPPE-Recv-Key = 0xa45d71246397c2d96e9c24569851721c > EAP-Message = 0x030a0004 > Message-Authenticator = 0x00000000000000000000000000000000 > User-Name = "mithi" >[peap] Got tunneled reply RADIUS code 2 > MS-MPPE-Encryption-Policy = 0x00000001 > MS-MPPE-Encryption-Types = 0x00000006 > MS-MPPE-Send-Key = 0xcb7fea651632dae51e98ddf76e9fdf21 > MS-MPPE-Recv-Key = 0xa45d71246397c2d96e9c24569851721c > EAP-Message = 0x030a0004 > Message-Authenticator = 0x00000000000000000000000000000000 > User-Name = "mithi" >[peap] Tunneled authentication was successful. >[peap] SUCCESS >++[eap] returns handled >Sending Access-Challenge of id 252 to 10.2.20.1 port 3072 > EAP-Message = 0x010b002b190017030100204d277ef85e36e7b52fb45ee33f73c08ff70fbe100e4fc00bfd4eb7f0852f05fc > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x071c467c0e175f06f2dabc29caaaa316 >Finished request 9. >Going to the next request >Waking up in 4.8 seconds. >rad_recv: Access-Request packet from host 10.2.20.1 port 3072, id=253, length=222 > User-Name = "mithi" > Service-Type = Framed-User > NAS-IP-Address = 10.2.20.1 > NAS-Port = 1 > NAS-Port-Id = "1" > State = 0x071c467c0e175f06f2dabc29caaaa316 > Called-Station-Id = "00-A0-57-19-4E-79:Niflheim" > Calling-Station-Id = "7C-C5-37-6C-38-0A" > Connect-Info = "CONNECT 65 Mbps 802.11g/n" > NAS-Identifier = "hugin" > NAS-Port-Type = Wireless-802.11 > Framed-MTU = 1500 > EAP-Message = 0x020b002b190017030100202aa6d78e1f5a77e48dcc37b43ae13e1965412068cccff85e6ee3d01c75ed676c > Message-Authenticator = 0x60b602bbe333f646b8fddf42d723da9d ># Executing section authorize from file /etc/raddb/sites-enabled/default >+- entering group authorize {...} >++[preprocess] returns ok >++[chap] returns noop >++[mschap] returns noop >++[digest] returns noop >[suffix] No '@' in User-Name = "mithi", looking up realm NULL >[suffix] No such realm "NULL" >++[suffix] returns noop >[eap] EAP packet type response id 11 length 43 >[eap] Continuing tunnel setup. >++[eap] returns ok >Found Auth-Type = EAP ># Executing group from file /etc/raddb/sites-enabled/default >+- entering group authenticate {...} >[eap] Request found, released from the list >[eap] EAP/peap >[eap] processing type peap >[peap] processing EAP-TLS >[peap] eaptls_verify returned 7 >[peap] Done initial handshake >[peap] eaptls_process returned 7 >[peap] EAPTLS_OK >[peap] Session established. Decoding tunneled attributes. >[peap] Peap state send tlv success >[peap] Received EAP-TLV response. >[peap] Success
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=588899">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 827858
: 588899