Citation :
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message = 0x020600090177696669
server {
PEAP: Setting User-Name to wifi
Sending tunneled request
EAP-Message = 0x020600090177696669
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "wifi"
Framed-MTU = 1400
Called-Station-Id = "xxxx.xxxx.xxxx"
Calling-Station-Id = "xxxx.xxxx.xxxx"
Service-Type = Login-User
NAS-Port-Type = Wireless-802.11
NAS-Port = 411
NAS-Port-Id = "411"
NAS-IP-Address = 10.20.1.1
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "wifi", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 6 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message = 0x0107001e1a01070019103d53d013874e16128593421437ca55b577696669
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xfa7eb8c5fa79a2253c39a41379f09bf7
[peap] Got tunneled reply RADIUS code 11
EAP-Message = 0x0107001e1a01070019103d53d013874e16128593421437ca55b577696669
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xfa7eb8c5fa79a2253c39a41379f09bf7
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 105 to 10.20.1.1 port 1645
EAP-Message = 0x0107003b190017030100302ff926dd272d0439bc9854a91db4396ae45a300af9a12b52dd42f84df75911421b562b350fdb330b77d7a75aea20f59b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x70381020743f09956cd9c7d5119e1cbb
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.20.1.1 port 1645, id=106, length=222
User-Name = "wifi"
Framed-MTU = 1400
Called-Station-Id = "xxxx.xxxx.xxxx"
Calling-Station-Id = "xxxx.xxxx.xxxx"
Service-Type = Login-User
Message-Authenticator = 0x4a4b807a81bdeca3d9410439db02ded0
EAP-Message = 0x0207005b190017030100508b606e27fcd080bc542fd901e3ca91b5b0797ef8a0dd05326c436ab1273cfd83eb13b1070799f1783f61c3c0cd0c67481c9d0433d386633595128870b7363a6e549dbc43487082e9a999e3ed13f9f363
NAS-Port-Type = Wireless-802.11
NAS-Port = 411
NAS-Port-Id = "411"
State = 0x70381020743f09956cd9c7d5119e1cbb
NAS-IP-Address = 10.20.1.1
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "wifi", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 91
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x0207003f1a0207003a31620b46bf5770cc5afb72b993d3d2e2ab00000000000000001985f8e3ee6ef20a384c4108116d476c5f0c63c7482650680077696669
server {
PEAP: Setting User-Name to wifi
Sending tunneled request
EAP-Message = 0x0207003f1a0207003a31620b46bf5770cc5afb72b993d3d2e2ab00000000000000001985f8e3ee6ef20a384c4108116d476c5f0c63c7482650680077696669
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "wifi"
State = 0xfa7eb8c5fa79a2253c39a41379f09bf7
Framed-MTU = 1400
Called-Station-Id = "xxxx.xxxx.xxxx"
Calling-Station-Id = "xxxx.xxxx.xxxx"
Service-Type = Login-User
NAS-Port-Type = Wireless-802.11
NAS-Port = 411
NAS-Port-Id = "411"
NAS-IP-Address = 10.20.1.1
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "wifi", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 7 length 63
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] WARNING: Unknown value specified for Auth-Type. Cannot perform requested action.
[mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
Login incorrect: [wifi/<via Auth-Type = EAP>] (from client AP_INFO port 411 cli xxxx.xxxx.xxxx via TLS tunnel)
} # server inner-tunnel
[peap] Got tunneled reply code 3
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 106 to 10.20.1.1 port 1645
EAP-Message = 0x0108002b19001703010020cfb698ff279c60d723a606f60114338a08c4e93dc2ef2801fc738f67f3c06cfe
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x70381020753009956cd9c7d5119e1cbb
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.20.1.1 port 1645, id=107, length=174
User-Name = "wifi"
Framed-MTU = 1400
Called-Station-Id = "xxxx.xxxx.xxxx"
Calling-Station-Id = "xxxx.xxxx.xxxx"
Service-Type = Login-User
Message-Authenticator = 0xbefa783943f178b2ce2a8b3cb4bae610
EAP-Message = 0x0208002b190017030100202d6ca98e22870344576d7751f513cb75cf7f39659188ae782e287566df1dc1ea
NAS-Port-Type = Wireless-802.11
NAS-Port = 411
NAS-Port-Id = "411"
State = 0x70381020753009956cd9c7d5119e1cbb
NAS-IP-Address = 10.20.1.1
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "wifi", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv failure
[peap] Received EAP-TLV response.
[peap] The users session was previously rejected: returning reject (again.)
[peap] *** This means you need to read the PREVIOUS messages in the debug output
[peap] *** to find out the reason why the user was rejected.
[peap] *** Look for "reject" or "fail". Those earlier messages will tell you.
[peap] *** what went wrong, and how to fix the problem.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect: [wifi/<via Auth-Type = EAP>] (from client AP_INFO port 411 cli xxxx.xxxx.xxxx)
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> wifi
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 6 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 6
Sending Access-Reject of id 107 to 10.20.1.1 port 1645
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.9 seconds.
Cleaning up request 0 ID 101 with timestamp +12
Cleaning up request 1 ID 102 with timestamp +12
Cleaning up request 2 ID 103 with timestamp +12
Cleaning up request 3 ID 104 with timestamp +12
Cleaning up request 4 ID 105 with timestamp +12
Cleaning up request 5 ID 106 with timestamp +12
Waking up in 1.0 seconds.
Cleaning up request 6 ID 107 with timestamp +12
|
