EAP-TTLS-MSCHAPV2. Failed to authenticate.

classic Classic list List threaded Threaded
3 messages Options
| Threaded
Open this post in threaded view
|

EAP-TTLS-MSCHAPV2. Failed to authenticate.

Koos Beens
Hi,

I am trying to authenticate users using eap/ttls and internal mschap-v2.

Currently I haven't set any auth-type in the users, just a password. This
because auth-type := EAP (which is sugested in quite a few howto's is
appearantly wrong acccording to the list and the docs. It seems like I'm
allmost there cause I get a certificate at the supplicant. (O well, looks
like there's something working:) I've googled around but have not found a
solution, I hope someone could give me a hint in the right direction.

Thanks a lot for any help,

Kozy.

here are the last lines of freeradius' output:

  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
  modcall[authorize]: module "preprocess" returns ok for request 5
  modcall[authorize]: module "mschap" returns noop for request 5
    rlm_realm: No '@' in User-Name = "TestUser", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 5
  rlm_eap: EAP packet type response id 5 length 143
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 5
    users: Matched entry TestUser at line 206
  modcall[authorize]: module "files" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/ttls
  rlm_eap: processing type ttls
  rlm_eap_ttls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  eaptls_process returned 7
  rlm_eap_ttls: Session established.  Proceeding to decode tunneled
attributes.
  TTLS: Got tunneled request
        User-Name = "TestUser"
        MS-CHAP-Challenge = 0x6440b13c0e6ad28c3b7dd0a235d1b4ac
        MS-CHAP2-Response =
0x7d000ecb95ad6821c49c069a52d75b4791670000000000000000b49eccb3efc33e4b06047b50518e4ea66fdf6da9b98c4261
        FreeRADIUS-Proxied-To = 127.0.0.1
  TTLS: Sending tunneled request
        User-Name = "TestUser"
        MS-CHAP-Challenge = 0x6440b13c0e8ad28a3b7dd0a235d1b4ac
        MS-CHAP2-Response =
0x7d000ecb95ad6821c49c069a52d75b7791670000000000000000b49eccb3efd33e8a06047b50518e4ea66fdf6da9b98c4261
        FreeRADIUS-Proxied-To = 127.0.0.1
        NAS-IP-Address = 192.168.0.30
        Called-Station-Id = "002217d46891"
        Calling-Station-Id = "000d93ddf8f6"
        NAS-Identifier = "001227d44891"
        NAS-Port = 35
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
  modcall[authorize]: module "preprocess" returns ok for request 5
  rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = MS-CHAP'
  modcall[authorize]: module "mschap" returns ok for request 5
    rlm_realm: No '@' in User-Name = "TestUser", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 5
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 5
    users: Matched entry TestUser at line 206
  modcall[authorize]: module "files" returns ok for request 5
modcall: leaving group authorize (returns ok) for request 5
  rad_check_password:  Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
  ERROR: Unknown value specified for Auth-Type.  Cannot perform requested
action.
auth: Failed to validate the user.
  TTLS: Got tunneled reply RADIUS code 3
  TTLS: Got tunneled Access-Reject
 rlm_eap: Handler failed in EAP/ttls
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 5
modcall: leaving group authenticate (returns invalid) for request 5
auth: Failed to validate the user.
Delaying request 5 for 1 seconds
Finished request 5
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 0 to 192.168.0.4 port 1026
        EAP-Message = 0x04050004
        Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 5 ID 0 with timestamp 43026bef
Nothing to do.  Sleeping until we see a request.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: EAP-TTLS-MSCHAPV2. Failed to authenticate.

Alan DeKok
"Koos Beens" <[hidden email]> wrote:
>   rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = MS-CHAP'
...
> modcall: leaving group authorize (returns ok) for request 5
>   rad_check_password:  Found Auth-Type MS-CHAP
> auth: type "MS-CHAP"
>   ERROR: Unknown value specified for Auth-Type.  Cannot perform requested
> action.

  You deleted the "mschap" entry from the "authenticate" section.

  Don't do that.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: EAP-TTLS-MSCHAPV2. Failed to authenticate.

Koos Beens
> "Koos Beens" <[hidden email]> wrote:
>>   rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = MS-CHAP'
> ...
>> modcall: leaving group authorize (returns ok) for request 5
>>   rad_check_password:  Found Auth-Type MS-CHAP
>> auth: type "MS-CHAP"
>>   ERROR: Unknown value specified for Auth-Type.  Cannot perform
>> requested
>> action.
>
>   You deleted the "mschap" entry from the "authenticate" section.
>
>   Don't do that.
>
>   Alan DeKok.
>

It is now working fine if I set mschap on the supplicant.

If I set mschap-v2 however it waits forever while authenticating while
radius is keeping repeating the last few messages. What can I do to solve
it?

Here's the output:

Sending Access-Accept of id 0 to 192.168.0.4 port 1026
        MS-MPPE-Recv-Key = 0xfe00eb1b1e74d1f1f7ca6bc49108
        MS-MPPE-Send-Key = 0x29eb1ee202d656d7c014d936017c
        MS-MPPE-Encryption-Policy = 0x00000001
        MS-MPPE-Encryption-Types = 0x00000006
        MS-MPPE-Recv-Key =
0x60fe9859f1b3f94569a45616b65ab8d6f7f23ad0efb5aafd8e8746070bc7bc
        MS-MPPE-Send-Key =
0x6328e25652da39b0ff5eb16f2e6d314843201e1206c12b73539e5e733fbb08
        EAP-Message = 0x03050004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "TestUser"
Finished request 5
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 5 ID 0 with timestamp 43038d5b
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 192.168.0.4 port 1026, id=0,
length=129
        User-Name = "TestUser"
        NAS-IP-Address = 192.168.0.4
        Called-Station-Id = "001217d45891"
        Calling-Station-Id = "000d93edf8f6"
        NAS-Identifier = "001217d45891"
        NAS-Port = 35
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x0201000d0154657374557572
        Message-Authenticator = 0x0d19505516fa507c6b8f913938de43
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
  modcall[authorize]: module "preprocess" returns ok for request 6
  modcall[authorize]: module "mschap" returns noop for request 6
    rlm_realm: No '@' in User-Name = "TestUser", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 6
  rlm_eap: EAP packet type response id 1 length 13
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 6
    users: Matched entry TestUser at line 206
  modcall[authorize]: module "files" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
 rlm_eap_tls: Requiring client certificate
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 0 to 192.168.0.4 port 1026
        EAP-Message = 0x010200060d20
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xbd4781d526084e898aba9280a52ab572
Finished request 6
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.0.4 port 1026, id=0,
length=140
        User-Name = "TestUser"
        NAS-IP-Address = 192.168.0.4
        Called-Station-Id = "001217d45891"
        Calling-Station-Id = "000d93edf8f6"
        NAS-Identifier = "001217d45891"
        NAS-Port = 35
        Framed-MTU = 1400
        State = 0xbd4781d526084e898aba9280a52ab572
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x020200060315
        Message-Authenticator = 0x8d40293482bea86e457103007aa6609e
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
  modcall[authorize]: module "preprocess" returns ok for request 7
  modcall[authorize]: module "mschap" returns noop for request 7
    rlm_realm: No '@' in User-Name = "TestUser", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 7
  rlm_eap: EAP packet type response id 2 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 7
    users: Matched entry TestUser at line 206
  modcall[authorize]: module "files" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
  rlm_eap: Request found, released from the list
  rlm_eap: EAP NAK
 rlm_eap: EAP-NAK asked for EAP-Type/ttls
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 7
modcall: leaving group authenticate (returns handled) for request 7
Sending Access-Challene of id 0 to 192.168.0.4 port 1026
        EAP-Message = 0x01300061520
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x2cd35d70b11751775357b0de8ce89a
Finished request 7
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.0.4 port 1026, id=0,
length=268
        User-Name = "TestUser"
        NAS-IP-Address = 192.168.0.4
        Called-Station-Id = "007d45891"
        Calling-Station-Id = "0003edf8f6"
        NAS-Identifier = "0012d45891"
        NAS-Port = 35
        Framed-MTU = 1400
        State = 0x2cd37013b11751775357b0de8ce89a
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x0203008615800000007c160301007701000073030143038d78cba4d41f41d6beccd967b9bccb98b0f657ddb82a9918735529a02b203c4b9b037b5db06da2407a6f5a4284e62fd5c59d69631df387a9f74ce87796002c00050004000aff830009ff82000300080006ff8000010016001500140013001200110018001b001a001700190100
        Message-Authenticator = 0x001ca8ac3f9a4e2b992151ad3749a1c9
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
  modcall[authorize]: module "preprocess" returns ok for request 8
  modcall[authorize]: module "mschap" returns noop for request 8
    rlm_realm: No '@' in User-Name = "TestUser", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 8
  rlm_eap: EAP packet type response id 3 length 134
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 8
    users: Matched entry TestUser at line 206
  modcall[authorize]: module "files" returns ok for request 8
modcall: leaving group authorize (returns updated) for request 8
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/ttls
  rlm_eap: processing type ttls
  rlm_eap_ttls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0077], ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0706], Certificate
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 8
modcall: leaving group authenticate (returns handled) for request 8
Sending Access-Challenge of id 0 to 192.168.0.4 port 1026
        EAP-Message =
0x0104040a15c000000763160301004a02000046030143038d774f89f8702941bc28ad5fab196df1da88dc10e3ae10485a46e4c5df8e20bd630b7e75af93485db9bb31b92bf615d8c690b4bb03ed5a5b4a3bcfbf79982c00050016030107060b0007020006ff0002fd308202f930820262a003020102020900c0cd65a00c598f300d06092a864886f70d01010405003081af310b3009060355040613024e4c311230100603550408130947726f6e696e67656e311230100603550407130947726f6e696e67656e31443042060355040a133b566572612047726f6e696e67656e202d20436c756220666f722074686520696e7465726e6174696f6e616c
        EAP-Message =
0x20506f7020756e64657267726f756e64310b30090603550403130253453125302306092a864886f70d01090116166b6f6f7340766572612d67726f6e696e67656e2e6e6c301e170d3035303830333138323933325a170d3036303830333138323933325a3081b3310b3009060355040613024e4c311230100603550408130947726f6e696e67656e311230100603550407130947726f6e696e67656e314430420605040a133b566572612047726f6e696e67656e202d20436c756220666f722074686520696e7465726e6174696f6e616c20506f7020756e64657267726f756e64310f300d0603550403130677632d3233383125302306092a864886
        EAP-Message =
0xf70d01090116166b6f6f7340766572612d67726f6e696e67656e2e6e6c30819f300d06092a864886f70d010101050003818d003081890281810096a0f8a0df1bbc4bbe569236e51cb3b31b1470736b82ea9a6f15784eaf4ec8b07ae508c07719c2676a8fd7c7a78de69115b47dda69d3f9d52b8653f9b86fd569a75f0b3fdf8980a90da4cb06500e205dea10da1942b1e68453d4bdad99f0f5c9b3c5c1f2191a884c94a872b42fd723cb445d3d187b395992fea2d3b649d350203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181000a4f3d2dc962563c00bf60e9f760b672daf2
        EAP-Message =
0x85559f62c03c4f00a32ac06e605f5c640ca67f7acbbec964ecbef0edd335fdbec000dd143a021834ef83b9b00ffeef47696ad4eabe4adfaed2bf8fa2ae19be256c5c5be23d044c1d0c53a29f965686a224a9a2ccf9bfc5cf757e4cf24e69cf5bbb0b8535d9e0ed21dab2c28d12f70003fc308203f830820361a003020102020900c0cd6500c2a598e300d06092a864886f70d01010405003081af310b3009060355040613024e4c311230100603550408130947726f6e696e67656e311230100603550407130947726f6e696e67656e314442060355040a133b566572612047726f6e696e67656e202d20436c756220666f722074686520696e7465
        EAP-Message = 0x726e61696f6e616c20506f7020756e64657267726f
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x19c612cc675ed1faba24af4d9b51f8
Finished request 8
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.0.4 port 1026, id=0,
length=140
        User-Name = "TestUser"
        NAS-IP-Address = 192.168.100.4
        Called-Station-Id = "00121d45891"
        Calling-Station-Id = "000d9edf8f6"
        NAS-Identifier = "001217d4591"
        NAS-Port = 35
        Framed-MTU = 1400
        State = 0x19c612cc675ed1fae2ba24af4d9b5f
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x020400061500
        Message-Authenticator = 0x710acdf8f2e6d3338f9f2de5836af0
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
  modcall[authorize]: module "preprocess" returns ok for request 9
  modcall[authorize]: module "mschap" returns noop for request 9
    rlm_realm: No '@' in User-Name = "TestUser", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 9
  rlm_eap: EAP packet type response id 4 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 9
    users: Matched entry TestUser at line 206
  modcall[authorize]: module "files" returns ok for request 9
modcall: leaving group authorize (returns updated) for request 9
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/ttls
  rlm_eap: processing type ttls
  rlm_eap_ttls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 9
modcall: leaving group authenticate (returns handled) for request 9
Sending Access-Challenge of id 0 to 192.168.0.4 port 1026
        EAP-Message =
0x0105036d158000000763756e64310b30090603550403130253453125302306092a864886f70d01090116166b6f6f7340766572612d67726f6e696e67656e2e6e6c301e170d303530383033318313430315a170d3035303930323138313430315a3081af310b3009060355040613024e4c311230100603550408130947726f6e696e67656e311230100603550407130947726f6e696e67656e3443042060355040a133b566572612047726f6e696e67656e202d20436c756220666f72207468620696e7465726e6174696f6e616c20506f7020756e64657267726f756e64310b30090603550403130253453125302306092a864886f70d0109011616
        EAP-Message =
0x6b6f6f7340766572612d67726f6e696e67656e2e6e6c30819f300d06092a864886f70d0101010500818d0030818902818100c06bb7a492f9bd8270a9756026bc6c8b84f2aa9622e476c1304ae458133cab3fcdc25bd417751550f0509a0521a5ec23f90a4453f399b51418090704180b05846f0a2b2cc305ff1f8f4627094382d8c581c78510c91cf154a6376fdd13d9072966bb2d62bd281539babb2f27bb41f1f5e41ef8bd74f0fd9972164e5af2b450203010001a382011830820114301d0603551d0e0416041483ee2641b14809e14ecf14e8df86e588dbe956283081e40603551d230481dc3081d9801483ee2641b14809e14ecf14e8df86
        EAP-Message =
0xe588dbe95628a181b5a481b23081af310b3009060355040613024e4c311230100603550408130947726f6e696e67656e311230100603550407130947726f6e696e67656e31443042060355040a133b562612047726f6e696e67656e202d20436c756220666f722074686520696e7465726e6174696f6e616c20506f7020756e64657267726f756e64310b30090603550403130253453125302306092a864886f70d01090116166b6f6f7340766572612d67726f6e696e67656e2e6e6c820900c0cd65a00c598e300c0603551d13040530030101ff300d06092a864886f70d010104050003818100768fe8b56f4b2db1a231034bff4e2fababad51
        EAP-Message =
0xd7e0bb7c7cd294dfeb5bd2c80896124350be56c18c1d370333aba0a2df2dae9354f1f07695be21138fbbd907b1a8a12ea8738a58d5df80f59349ff12c64eb22855e914faf48d1e09b30ead1eb60f33b31b520b6c4e3feb0cadf2fd69c83d0c7832125335963736cf2a961bbb16030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc63024dae978abe26ad08471f1575567
Finished request 9
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.0.4 port 1026, id=0,
length=330
        User-Name = "TestUser"
        NAS-IP-Address = 192.168.0.4
        Called-Station-Id = "0012175891"
        Calling-Station-Id = "0003edf8f6"
        NAS-Identifier = "0012d45891"
        NAS-Port = 35
        Framed-MTU = 1400
        State = 0xc63024da78abe26ad08471f1575567
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x020500c41580000ba16030100861000008200802189076c137e46b7afe24adde8afc91153edd5ee01b07906a756b0d006c76f7e78f25e0841b07822ebb278ce25d85f2746b14c400e5a70c777953ffb1552e906848f38595c449dfe328c4ebe0e28f2d5189a54354db48da6ff5402e97c1e7c2ca8e5b9a355b8c6ddafddc17b00748b876575678122ce6443363f5eae5a3cb14030100010116030100240cec26f1a320287a78dbaef380e96ecff129ec81b63cbd0a881d6f6d24ec0c19643713ed
        Message-Authenticator = 0x87c1ac4912f50886b42dd93841fe1fd3
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 10
  modcall[authorize]: module "preprocess" returns ok for request 10
  modcall[authorize]: module "mschap" returns noop for request 10
    rlm_realm: No '@' in User-Name = "TestUser", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 10
  rlm_eap: EAP packet type response id 5 length 196
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 10
    users: Matched entry TestUser at line 206
  modcall[authorize]: module "files" returns ok for request 10
modcall: leaving group authorize (returns updated) for request 10
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 10
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/ttls
  rlm_eap: processing type ttls
  rlm_eap_ttls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
    TLS_accept: SSLv3 read client key exchange A
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 read finished A
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
    TLS_accept: SSLv3 write change cipher spec A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 write finished A
    TLS_accept: SSLv3 flush data
    (other): SSL negotiation finished successfully
SSL Connection Established
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 10
modcall: leaving group authenticate (returns handled) for request 10
Sending Access-Challenge of id 0 to 192.168.0.4 port 1026
        EAP-Message =
0x010600391580000002f140301000101160301002452b652ba709c7190e13871ac45647b05cc66804ad143e6cf07d34e9cdb7ab1e98b229d3
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xe064087eb0bc5d11666273925e1a01c9
Finished request 10
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.0.4 port 1026, id=0,
length=277
        User-Name = "TestUser"
        NAS-IP-Address = 192.168.0.4
        Called-Station-Id = "0017d45891"
        Calling-Station-Id = "0003edf8f6"
        NAS-Identifier = "0017d45891"
        NAS-Port = 35
        Framed-MTU = 1400
        State = 0xe06408b0bc5d666273925e1a01c9
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x0206008f158000000085170301008066b70b12659cce7d136c04500a2063ee5e20a3f8055564e453415eff7208b80cba62fed70b22636f8e211ec41bba271aab8010ad89aecc510634659d10826f7c6c6d162547e9b739c9ef8f2738d0d74a160cc5a63c73a44e3d1bee2384322303b9de92f98d6b9e0e601408ba01d88c4e2352ab7bffd4d67d4545c520320c0c
        Message-Authenticator = 0xef4b6103b1653738a0cba32b34fbbd3b
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 11
  modcall[authorize]: module "preprocess" returns ok for request 11
  modcall[authorize]: module "mschap" returns noop for request 11
    rlm_realm: No '@' in User-Name = "TestUser", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 11
  rlm_eap: EAP packet type response id 6 length 143
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 11
    users: Matched entry TestUser at line 206
  modcall[authorize]: module "files" returns ok for request 11
modcall: leaving group authorize (returns updated) for request 11
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 11
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/ttls
  rlm_eap: processing type ttls
  rlm_eap_ttls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  eaptls_process returned 7
  rlm_eap_ttls: Session established.  Proceeding to decode tunneled
attributes.
  TTLS: Got tunneled request
        User-Name = "TestUser"
        MS-CHAP-Challenge = 0xc0eb97214c04f72f045cf383a6b87aec
        MS-CHAP2-Response =
0x6600793724d64b5f6bd466c5a43112f62300000000000000009347d3b8744557799d0d4d323a0b931f103e78918172d080
        FreeRADIUS-Proxied-To = 127.0.0.1
  TTLS: Sending tunneled request
        User-Name = "TestUser"
        MS-CHAP-Challenge = 0xcb9721c04f72f045cf383a6b87aec
        MS-CHAP2-Response =
0x6600793724d64b5f6bd466c4c53112f62300000000000000009347d3b8744557799d0d4d323a0b931f103e78918172d080
        FreeRADIUS-Proxied-To = 127.0.0.1
        NAS-IP-Address = 192.168.100.4
        Called-Station-Id = "00121d45891"
        Calling-Station-Id = "000d9edf8f6"
        NAS-Identifier = "001217d4591"
        NAS-Port = 35
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 11
  modcall[authorize]: module "preprocess" returns ok for request 11
  rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = MS-CHAP'
  modcall[authorize]: module "mschap" returns ok for request 11
    rlm_realm: No '@' in User-Name = "TestUser", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 11
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 11
    users: Matched entry TestUser at line 206
  modcall[authorize]: module "files" returns ok for request 11
modcall: leaving group authorize (returns ok) for request 11
  rad_check_password:  Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 11
  rlm_mschap: Told to do MS-CHAPv2 for TestUser with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
  modcall[authenticate]: module "mschap" returns ok for request 11
modcall: leaving group MS-CHAP (returns ok) for request 11
  TTLS: Got tunneled reply RADIUS code 2
        MS-CHAP2-Success =
0x66533d636336336534326435336563346166636239636333333438636230633664653566643765336364
        MS-MPPE-Recv-Key = 0xdb42b2fda5c99138697af7c0416ffac
        MS-MPPE-Send-Key = 0x4febcc146921dc46949345c68e58d04
        MS-MPPE-Encryption-Policy = 0x00000001
        MS-MPPE-Encryption-Types = 0x00000006
  TTLS: Got tunneled Access-Accept
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns ok for request 11
modcall: leaving group authenticate (returns ok) for request 11
Sending Access-Accept of id 0 to 192.168.0.4 port 1026
        MS-MPPE-Recv-Key = 0xdb42b2fda5c99e8697af7c0416ffac
        MS-MPPE-Send-Key = 0x4febcc1469213dc449345c68e58d04
        MS-MPPE-Encryption-Policy = 0x00000001
        MS-MPPE-Encryption-Types = 0x00000006
        MS-MPPE-Recv-Key =
0x1d865bdcd18b29fa3b24c5e040a94a6691015658fcef7d6c335967349ef3d5
        MS-MPPE-Send-Key =
0x86b2b619fd8b39a5f7a7f6f7a87bcf304a694996dc02a42283d0e49c6468cdf
        EAP-Message = 0x03060004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "TestUser"
Finished request 11
Going to the next request
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 11 ID 0 with timestamp 43038d77
Nothing to do.  Sleeping until we see a request.




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html