OpenCA Certificates Problem with EAP_TLS

classic Classic list List threaded Threaded
1 message Options
| Threaded
Open this post in threaded view
|

OpenCA Certificates Problem with EAP_TLS

Pablo Navas
Hello list,
I’m sending this e-mail to ask about a problem with certificates
generated by OpenCA and used with FreeRadius. My problem is similar to
the one that Tom Tim had using EAP_TLS and the same type of CA. From
what I’ve read, the solution was to export the certificates as pcks12
and then convert them to pem with openssl. At first, I made the EAP_TLS
work using the test certificates. I had no problem doing this. However,
when I used mine, things did not go so well ?.

I have tried using the Radius Server Certificate, using two different
types: TLS WEB SERVER and VPN SERVER. Also, I have tried using that of
the client, such as TLS WEB CLIENT.

I have converted them using 2 different methods:

1. openssl pkcs12 -in cert.p12 -out cert.pem (This seems to be similar
to cert-srv.pem)

2. openssl pkcs12 -clcerts -nokeys -in cert.p12 -out usercert.pem
openssl pkcs12 -nocerts -in cert.p12 -out userkey.pem (These are similar
to the one above, except that they are separated.)


To confirm this, I looked at the certificates with openssl x509 -in
cert.pem –text, and it appears that everything is correct.

I have attached the log given by the FreeRadius. The server never sends
the Accept-Access, but it doesn’t give many clues as to what is
happening either, except: TLS_accept:error in SSLv3 read client
certificate A.

I hope that someone is able to help me out with this, I am a bit
frustrated with it and I need to get it up and running.

Best regards.

Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /etc/raddb/proxy.conf
Config:   including file: /etc/raddb/clients.conf
Config:   including file: /etc/raddb/snmp.conf
Config:   including file: /etc/raddb/eap.conf
Config:   including file: /etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/usr/local/var"
 main: logdir = "/usr/local/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir = "/usr/local/var/log/radius/radacct"
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = yes
 main: log_file = "/usr/local/var/log/radius/radius.log"
 main: log_auth = yes
 main: log_auth_badpass = yes
 main: log_auth_goodpass = no
 main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
 main: user = "(null)"
 main: group = "(null)"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/local/sbin/checkrad"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = yes
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
 exec: wait = yes
 exec: program = "(null)"
 exec: input_pairs = "request"
 exec: output_pairs = "(null)"
 exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded LDAP
 ldap: server = "localhost"
 ldap: port = 389
 ldap: net_timeout = 1
 ldap: timeout = 4
 ldap: timelimit = 3
 ldap: identity = "cn=admin,o=uah,c=es"
 ldap: tls_mode = no
 ldap: start_tls = no
 ldap: tls_cacertfile = "(null)"
 ldap: tls_cacertdir = "(null)"
 ldap: tls_certfile = "(null)"
 ldap: tls_keyfile = "(null)"
 ldap: tls_randfile = "(null)"
 ldap: tls_require_cert = "allow"
 ldap: password = "clave"
 ldap: basedn = "ou=radius,o=uah,c=es"
 ldap: filter = "(cn=%u)"
 ldap: base_filter = "(objectclass=radiusprofile)"
 ldap: default_profile = "(null)"
 ldap: profile_attribute = "(null)"
 ldap: password_header = "{clear}"
 ldap: password_attribute = "(null)"
 ldap: access_attr = "(null)"
 ldap: groupname_attribute = "cn"
 ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
 ldap: groupmembership_attribute = "(null)"
 ldap: dictionary_mapping = "/etc/raddb/ldap.attrmap"
 ldap: ldap_debug = 0
 ldap: ldap_connections_number = 5
 ldap: compare_check_items = no
 ldap: access_attr_used_for_allow = yes
 ldap: do_xlat = yes
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP userPassword mapped to RADIUS User-Password
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
conns: 0x8113370
Module: Instantiated ldap (ldap)
Module: Loaded eap
 eap: default_eap_type = "tls"
 eap: timer_expire = 60
 eap: ignore_unknown_eap_types = yes
 eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
 gtc: challenge = "Password: "
 gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
 tls: rsa_key_exchange = no
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 512
 tls: dh_key_length = 512
 tls: verify_depth = 0
 tls: CA_path = "/etc/raddb/certs/"
 tls: pem_file_type = yes
 tls: private_key_file = "/etc/raddb/certs/vpn.crusa.com.pem"
 tls: certificate_file = "/etc/raddb/certs/vpn.crusa.com.pem"
 tls: CA_file = "/etc/raddb/certs/ca.pem"
 tls: private_key_password = "claveclave"
 tls: dh_file = "/etc/raddb/certs/dh"
 tls: random_file = "/etc/raddb/certs/random"
 tls: fragment_size = 1024
 tls: include_length = yes
 tls: check_crl = no
 tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
 ttls: default_eap_type = "md5"
 ttls: copy_request_to_tunnel = no
 ttls: use_tunneled_reply = no
rlm_eap: Loaded and initialized type ttls
 peap: default_eap_type = "mschapv2"
 peap: copy_request_to_tunnel = no
 peap: use_tunneled_reply = no
 peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
 mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
 preprocess: huntgroups = "/etc/raddb/huntgroups"
 preprocess: hints = "/etc/raddb/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
 mschap: use_mppe = yes
 mschap: require_encryption = no
 mschap: require_strong = no
 mschap: with_ntdomain_hack = no
 mschap: passwd = "(null)"
 mschap: authtype = "MS-CHAP"
 mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded realm
 realm: format = "suffix"
 realm: delimiter = "@"
 realm: ignore_default = no
 realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
 files: usersfile = "/etc/raddb/users"
 files: acctusersfile = "/etc/raddb/acct_users"
 files: preproxy_usersfile = "/etc/raddb/preproxy_users"
 files: compat = "no"
Module: Instantiated files (files)
Module: Loaded SQL
 sql: driver = "rlm_sql_mysql"
 sql: server = "localhost"
 sql: port = ""
 sql: login = "radius_user"
 sql: password = "radiuspass"
 sql: radius_db = "radius"
 sql: acct_table = "radacct"
 sql: acct_table2 = "radacct"
 sql: authcheck_table = "radcheck"
 sql: authreply_table = "radreply"
 sql: groupcheck_table = "radgroupcheck"
 sql: groupreply_table = "radgroupreply"
 sql: usergroup_table = "usergroup"
 sql: nas_table = "nas"
 sql: dict_table = "dictionary"
 sql: sqltrace = no
 sql: sqltracefile = "/usr/local/var/log/radius/sqltrace.sql"
 sql: readclients = no
 sql: deletestalesessions = yes
 sql: num_sql_socks = 5
 sql: sql_user_name = "%{User-Name}"
 sql: default_user_profile = ""
 sql: query_on_not_found = no
 sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id"
 sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id"
 sql: authorize_group_check_query = "SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id"
 sql: authorize_group_reply_query = "SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id"
 sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'"
 sql: accounting_update_query = "UPDATE radacct ? SET FramedIPAddress = '%{Framed-IP-Address}', ? AcctSessionTime = '%{Acct-Session-Time}', ? AcctInputOctets = '%{Acct-Input-Octets}', ? AcctOutputOctets = '%{Acct-Output-Octets}' ? WHERE AcctSessionId = '%{Acct-Session-Id}' ? AND UserName = '%{SQL-User-Name}' ? AND NASIPAddress= '%{NAS-IP-Address}'"
 sql: accounting_update_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')"
 sql: accounting_start_query = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')"
 sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'"
 sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'"
 sql: accounting_stop_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}')"
 sql: group_membership_query = "SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}'"
 sql: connect_failure_retry_delay = 60
 sql: simul_count_query = ""
 sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
 sql: postauth_table = "radpostauth"
 sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW())"
 sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to radius_user@localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Instantiated sql (sql)
Module: Loaded Acct-Unique-Session-Id
 acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
 detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
 radutmp: filename = "/usr/local/var/log/radius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: case_sensitive = yes
 radutmp: check_with_nas = yes
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.0.0.11:1812, id=138, length=84
        User-Name = "mobile"
        NAS-IP-Address = 10.0.0.11
        Calling-Station-Id = "00-0E-35-5D-B5-25"
        EAP-Message = 0x023e000b016d6f62696c65
        Message-Authenticator = 0x362fa760e942a62b4137dd87c2050deb
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
    users: Matched entry DEFAULT at line 185
    users: Matched entry mobile at line 227
  modcall[authorize]: module "files" returns ok for request 0
  rlm_eap: EAP packet type response id 62 length 11
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
radius_xlat:  'mobile'
rlm_sql (sql): sql_set_user escaped user --> 'mobile'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): User mobile not found in radcheck
radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for mobile
radius_xlat:  '(cn=mobile)'
radius_xlat:  'ou=radius,o=uah,c=es'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=admin,o=uah,c=es/clave to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns notfound for request 0
modcall: group authorize returns updated for request 0
  rad_check_password:  Found Auth-Type EAP
  rad_check_password:  Found Auth-Type EAP
Warning:  Found 2 auth-types on request for user 'mobile'
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
 rlm_eap_tls: Requiring client certificate
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 138 to 10.0.0.11:1812
        EAP-Message = 0x013f00060d20
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x468de1ca8a58a4399a5f6a4d5b4e06fd
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.11:1812, id=139, length=197
        User-Name = "mobile"
        NAS-IP-Address = 10.0.0.11
        Calling-Station-Id = "00-0E-35-5D-B5-25"
        State = 0x468de1ca8a58a4399a5f6a4d5b4e06fd
        EAP-Message = 0x023f006a0d8000000060160301005b01000057030142ca471887c23c7bfa361947c335437e2f9064b45923ead412ecbdbdf714facc00003000390038003500160013000a00330032002f0066000500040065006400630062006000150012000900140011000800030100
        Message-Authenticator = 0xb84784150e58662d6a5ba31ee84b2c38
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
    users: Matched entry DEFAULT at line 185
    users: Matched entry mobile at line 227
  modcall[authorize]: module "files" returns ok for request 1
  rlm_eap: EAP packet type response id 63 length 106
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 1
radius_xlat:  'mobile'
rlm_sql (sql): sql_set_user escaped user --> 'mobile'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): User mobile not found in radcheck
radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 3
  modcall[authorize]: module "sql" returns ok for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for mobile
radius_xlat:  '(cn=mobile)'
radius_xlat:  'ou=radius,o=uah,c=es'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns notfound for request 1
modcall: group authorize returns updated for request 1
  rad_check_password:  Found Auth-Type EAP
  rad_check_password:  Found Auth-Type EAP
Warning:  Found 2 auth-types on request for user 'mobile'
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 005b], ClientHello  
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello  
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0f5d], Certificate  
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 028d], ServerKeyExchange  
    TLS_accept: SSLv3 write key exchange A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 008b], CertificateRequest  
    TLS_accept: SSLv3 write certificate request A
    TLS_accept: SSLv3 flush data
    TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode  
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 139 to 10.0.0.11:1812
        EAP-Message = 0x0140040a0dc0000012d3160301004a02000046030142ca47103b6ec22bb85f823c2dbe1a1fcb34a1f90fd18d67f0600d3c6dd27604205eaeb780b5d405762f45033c0bfc225df3ca49fad8f0970e6d04933680e09f230039001603010f5d0b000f59000f560007b5308207b130820599a003020102020108300d06092a864886f70d01010505003078310b3009060355040613026573310c300a060355040a1303756168310c300a060355040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561
        EAP-Message = 0x682e6573301e170d3035303730353037333233315a170d3039303632343037333233315a3053310b3009060355040613026573310c300a060355040a130375616831123010060355040b1309536572766963696f73311630140603550403130d76706e2e63727573612e636f6d310a3008060355040513013830820222300d06092a864886f70d01010105000382020f003082020a0282020100d927d5b772acfac528068527ab36f4d2928efcf0c67c25db1deb04811215603b1abcef6e09ce8715a4672b40826fa8b0b634315ef9750c6a2d3b1192edf9553a0e0b814d8bbb94fda431346aa559a4fbd70983a93c4977ed821dcd904d00bc20383085
        EAP-Message = 0x5fdbc51fa9c91cba73888d82df7cdbfefcec916d49f7d5f430298f9795f1fc835e6688d5ef4d7f5c22b987f83b42b5ddb99a8fed95b695d7acefd0a79ef21d62a7b211f28004c0d4e767e0d8dd807decc526753c2455c26f85d8250756e3ef2fb644362ff368931886a43d1bd14b7586815c18ced78dfef63726e2e132069ca3fb875cd1fbe0303cbc4f49da841c942b01b78ad0274e1f47c68003fd73a54c954e80e5a87916e17d79feb2060cabf50c26fd001e69c9f442e5c17fc23ea63ed1bef65e85a3edac10ec046e571224eda51252e577430f6742597891861e8dc498b0c84a0e462b824222c3550daeb7e122c5d87e1bc18abef75e508f1c22
        EAP-Message = 0xa4b8598a59470934d8e874b0fe4fdb043515d7443d1e3194856eb3d344b164b8615a448c632c0c5cc4ad2d2cb3eddc4fa459cd0b278d70990d3d63f91094aae5ec1da53207dc6e23111203d7e17e4f6e2e9276927949e6c1b884068408c9ba19dc2ccd6162e66540464d883684369698d6d5cd0568eb87a4cb28fb4aef09fd968fcc62b729f1e27dde5bdd8b7f67e084bbd8409eee64cd7f2b852198fb0607350203010001a38202693082026530090603551d1304023000305c0603551d2004553053300706052a0303ce0a300606042a030305300606042a030306300606042a030307303006042a0303083028302606082b06010505070201161a68
        EAP-Message = 0x7474703a2f2f796f64612e6175742e7561682e65732f
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x87945d41551fdf29b9808e0bf93b1364
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.11:1812, id=140, length=97
        User-Name = "mobile"
        NAS-IP-Address = 10.0.0.11
        Calling-Station-Id = "00-0E-35-5D-B5-25"
        State = 0x87945d41551fdf29b9808e0bf93b1364
        EAP-Message = 0x024000060d00
        Message-Authenticator = 0x12b77eb84f2a1926f8492d0219f6a117
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
  modcall[authorize]: module "preprocess" returns ok for request 2
  modcall[authorize]: module "chap" returns noop for request 2
  modcall[authorize]: module "mschap" returns noop for request 2
    rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 2
    users: Matched entry DEFAULT at line 185
    users: Matched entry mobile at line 227
  modcall[authorize]: module "files" returns ok for request 2
  rlm_eap: EAP packet type response id 64 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 2
radius_xlat:  'mobile'
rlm_sql (sql): sql_set_user escaped user --> 'mobile'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): User mobile not found in radcheck
radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 2
  modcall[authorize]: module "sql" returns ok for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for mobile
radius_xlat:  '(cn=mobile)'
radius_xlat:  'ou=radius,o=uah,c=es'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns notfound for request 2
modcall: group authorize returns updated for request 2
  rad_check_password:  Found Auth-Type EAP
  rad_check_password:  Found Auth-Type EAP
Warning:  Found 2 auth-types on request for user 'mobile'
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 140 to 10.0.0.11:1812
        EAP-Message = 0x0141040a0dc0000012d3637073301106096086480186f8420101040403020640300b0603551d0f0404030205e0302006096086480186f842010d0413161156504e20536572766572206f6620756168301d0603551d0e041604142756c50196c3a0f1208f8327c67a89e6ec92d7cf3081aa0603551d230481a230819f801438870a2b2e63a58a8044a745ecb8a036446add56a17ca47a3078310b3009060355040613026573310c300a060355040a1303756168310c300a060355040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d
        EAP-Message = 0x010901160e706b69406175742e7561682e6573820900ae7948d122becdf5301e0603551d1104173015811376706e2d61646d696e4063727573612e636f6d30190603551d1204123010810e706b69406175742e7561682e6573303906096086480186f8420104042c162a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c303906096086480186f8420103042c162a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c303b0603551d1f043430323030a02ea02c862a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075
        EAP-Message = 0x622f63726c2f636163726c2e63726c300d06092a864886f70d010105050003820201000fd7e8dc029bbaf321ce6c6bba6d8315107f9e045cc6d8f82c3dbd32e8cdddcfa0d7123c13031c9e53ef74edd6f5f6a94beb3ae1bd20c96eafd1c069ad45a16375006fa3bdfe1fc39c7ef97defb2c7ea56e08dcc59bc0f40d69d6bea1ed19a8d144fbd14a7c0572b05e54c72c52b439df6e4c0e911eccb8c0c8cb7afc3b9c8bdd6d1d7041813215ac33ac9d45e73b368032fd4c192978ca63a1c3aa1cd344a04d4129e0d10cd7d9c018f929ff7ce212a93935342d6e2569dff805432a09e3831e08e7442b6d4235b982a4f8356935e343ff2f62e98fcb3cd25b8
        EAP-Message = 0x9e439b062cbd79a6c9b8f99e8fc59a64224ad24ddf354b88604d296c54d13836ecc9a06e34d69b34298c0d334b682f8254e0c12ec9baff810ccac69e3427a50fdd8ec695aa960f8d60fcc55eaa5caed8e5ce34b25c0de26afec723977b3c6553057b66c5f6a35a279bc674b084aa7997aad22bc9c67e75ecce529c3ffd5a1be5fdb6a271d84df05a170c2de1a2e30fe505aec06a8fcf0e49811539c8e4f72325bc46d6fb89903fa5416a38668d04c71ed79c40e2f8c75b3f026fb1e7366449a1fe183ce7e34e5916b080a72a29bad7a67c8e9389ea01a70ddb4f3e2cf1d103b3d29d8993c91f0ae8dc9b690733ba153bba5248dfb72aec4aa21adfcf81
        EAP-Message = 0x80725ad754035e7b3fcac22ee583c19032270f922f2e
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x8de1f909e4a87c97855957e5253bae2c
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.11:1812, id=141, length=97
        User-Name = "mobile"
        NAS-IP-Address = 10.0.0.11
        Calling-Station-Id = "00-0E-35-5D-B5-25"
        State = 0x8de1f909e4a87c97855957e5253bae2c
        EAP-Message = 0x024100060d00
        Message-Authenticator = 0x840fbc4d13b0a07288c5d1659371118d
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
  modcall[authorize]: module "preprocess" returns ok for request 3
  modcall[authorize]: module "chap" returns noop for request 3
  modcall[authorize]: module "mschap" returns noop for request 3
    rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 3
    users: Matched entry DEFAULT at line 185
    users: Matched entry mobile at line 227
  modcall[authorize]: module "files" returns ok for request 3
  rlm_eap: EAP packet type response id 65 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 3
radius_xlat:  'mobile'
rlm_sql (sql): sql_set_user escaped user --> 'mobile'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): User mobile not found in radcheck
radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 1
  modcall[authorize]: module "sql" returns ok for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for mobile
radius_xlat:  '(cn=mobile)'
radius_xlat:  'ou=radius,o=uah,c=es'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns notfound for request 3
modcall: group authorize returns updated for request 3
  rad_check_password:  Found Auth-Type EAP
  rad_check_password:  Found Auth-Type EAP
Warning:  Found 2 auth-types on request for user 'mobile'
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 141 to 10.0.0.11:1812
        EAP-Message = 0x0142040a0dc0000012d38995578e1bbdef93336eea9b3086ea58767c4800079b308207973082057fa003020102020900ae7948d122becdf5300d06092a864886f70d01010505003078310b3009060355040613026573310c300a060355040a1303756168310c300a060355040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e6573301e170d3035303633303037353330335a170d3039303632393037353330335a3078310b3009060355040613026573310c300a060355040a13037561
        EAP-Message = 0x68310c300a060355040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e657330820222300d06092a864886f70d01010105000382020f003082020a0282020100ccbe20115cdf3ea4f05c53e08ee11409c425f851e287b73f501d5809e9040059dbd95d83c316b9642820eb61e7804e0c76b5a7534d64e732be24bfe872b5e4a8b3991c18c61deb9e58e5dd43937812028a2d721e6311c9228cd977f71ab77979f3785c784adb8630b1559e3bb9f4dbf66f7cd3da2b32da2bc13ea816a3e3
        EAP-Message = 0xa31c4b10b0457bc21780f4881c5dc30f49bf6aba7280412e6d45945de61837ef0de9af80f4778593f92d1e8c29440b8444f77dd57cbc907c393832f4e23e5855d83e63d459deaca7e154a09aa3654c945ec5648e07d67612aaddd5f777b1e6d02e9f467a29d9938f5acd34f120e6d0730b921e2f42e27f87a63589fa3120273e4388d69189ddf4995d1f0be2868eb92e981cc75f44b526317671e633875e40182a7c592a9ad55a00a4c08d591419942e5a590d896e1c351afd3515a5200be219f3e854521b8d5c10f5cfe633975c1e38cf590d7cdf325d53239b88cd483764556dbda3bcb1e8280d01cd782ca228d925e5bec5e25065d7c62fed532145
        EAP-Message = 0x87a49a051ad92f251a131324e4c646461c7b780b7e322403708a758df8d5711d3c609efa5b62f47bc1c4e42f7b38970d944198545cff44fccd58787fc6edbbbd243c0d876c1fe3db89a6fd76f1276faa7a4fddbb7ab54078d69ea6c11289fb032b6d0b58f293e2133dafc7565b9c54d68bcc78d8a2733af103969ba0a0f7b08d40030214f70203010001a38202223082021e300f0603551d130101ff040530030101ff301d0603551d0e0416041438870a2b2e63a58a8044a745ecb8a036446add563081aa0603551d230481a230819f801438870a2b2e63a58a8044a745ecb8a036446add56a17ca47a3078310b3009060355040613026573310c300a
        EAP-Message = 0x060355040a1303756168310c300a060355040b130350
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x78ebcb20e451da232658604c0f20cec0
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.11:1812, id=142, length=97
        User-Name = "mobile"
        NAS-IP-Address = 10.0.0.11
        Calling-Station-Id = "00-0E-35-5D-B5-25"
        State = 0x78ebcb20e451da232658604c0f20cec0
        EAP-Message = 0x024200060d00
        Message-Authenticator = 0x56e8c1640961c51340628c5e4113336e
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
  modcall[authorize]: module "preprocess" returns ok for request 4
  modcall[authorize]: module "chap" returns noop for request 4
  modcall[authorize]: module "mschap" returns noop for request 4
    rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 4
    users: Matched entry DEFAULT at line 185
    users: Matched entry mobile at line 227
  modcall[authorize]: module "files" returns ok for request 4
  rlm_eap: EAP packet type response id 66 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 4
radius_xlat:  'mobile'
rlm_sql (sql): sql_set_user escaped user --> 'mobile'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql (sql): User mobile not found in radcheck
radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 0
  modcall[authorize]: module "sql" returns ok for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for mobile
radius_xlat:  '(cn=mobile)'
radius_xlat:  'ou=radius,o=uah,c=es'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns notfound for request 4
modcall: group authorize returns updated for request 4
  rad_check_password:  Found Auth-Type EAP
  rad_check_password:  Found Auth-Type EAP
Warning:  Found 2 auth-types on request for user 'mobile'
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 142 to 10.0.0.11:1812
        EAP-Message = 0x0143040a0dc0000012d34b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e6573820900ae7948d122becdf5300b0603551d0f04040302010630190603551d1104123010810e706b69406175742e7561682e657330190603551d1204123010810e706b69406175742e7561682e6573301106096086480186f8420101040403020007303606096086480186f842010d042916277561682043657274696669636174696f6e20417574686f72697479204365727469666963617465303b0603551d1f0434
        EAP-Message = 0x30323030a02ea02c862a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c303906096086480186f8420104042c162a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c303906096086480186f8420103042c162a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c300d06092a864886f70d0101050500038202010042a0f8e04afcd107bbdd4e4d2f9765c612f5ec16f9f8d6a4b73b57c3fb718de633de0862e2bf869300ab2adb72595fd31ff1409f9d565699885cf00ee820c9
        EAP-Message = 0xa1e64c6b67ace010c40df18456750a07b145d67ef13512ae0dbf3fde758be09c2c3e53fb24890868c7f22ad030a5d0f3df0bd634d9e8e8351d51964ca5df26e24aa3f4a74d830f4645e16ad411b156739767522b7244160969a904cf63891afc5ac9459d4cad8db8b64ca656ea782dd67d0ba6397c850b4ab544e0c24a0e066e3f266495e3e89b6eeef4bd7fe4fe1f9b05472a08a09b0588096467cd7a35d1fbfef138d32b11d5c368bcf55e19a951ef6296e9c965534778e5d7356ca2c53536dd81a7f468be9f3323f5fc04ab2573de0c558d6db2257dac688bd6328956f068b6aba10649848a3a26d5181c13404a392ae7029b3c9c2261fde9afdd99
        EAP-Message = 0x07c79b8642e3c764fbb2585ebf009dbd9be1692ef28dfd564376b324d016cf56a726eae44bd2b55be01e8f4add1fcaca0af88f9f576d5099ae6f523a5090ad8e7890d41f50af3095126131bdcb16a5e803d66089a37635de14d5ec6f7c2da2e6c752a6b978fa84413f164ff43218a5a3cf03f94a712d31ee6fafec5ff5e168a08439faec58cab29c97d9f07b96b7cf2e47d55cfc3760f345ef0b0ea0fd9431cc96b9296ef90d4c375e3803485a5422300962a633a366278a1f7dae29c96a23d9e318e935160301028d0c0002890040eece0892a7684945d9c84b5e574665b987779aecd4cc5150e36eeed34818ffeacfac3c8b1e217cf21bec2fcae928
        EAP-Message = 0x8c2cb604ad76c80fe5cfd0458b9b13b4f4b700010500
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x83a2b0b7088b72dae082b1c920aeb31a
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.11:1812, id=143, length=97
        User-Name = "mobile"
        NAS-IP-Address = 10.0.0.11
        Calling-Station-Id = "00-0E-35-5D-B5-25"
        State = 0x83a2b0b7088b72dae082b1c920aeb31a
        EAP-Message = 0x024300060d00
        Message-Authenticator = 0x9da3b46acde71c0446afcb85102c4734
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
  modcall[authorize]: module "preprocess" returns ok for request 5
  modcall[authorize]: module "chap" returns noop for request 5
  modcall[authorize]: module "mschap" returns noop for request 5
    rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 5
    users: Matched entry DEFAULT at line 185
    users: Matched entry mobile at line 227
  modcall[authorize]: module "files" returns ok for request 5
  rlm_eap: EAP packet type response id 67 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 5
radius_xlat:  'mobile'
rlm_sql (sql): sql_set_user escaped user --> 'mobile'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): User mobile not found in radcheck
radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns ok for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for mobile
radius_xlat:  '(cn=mobile)'
radius_xlat:  'ou=radius,o=uah,c=es'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns notfound for request 5
modcall: group authorize returns updated for request 5
  rad_check_password:  Found Auth-Type EAP
  rad_check_password:  Found Auth-Type EAP
Warning:  Found 2 auth-types on request for user 'mobile'
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 143 to 10.0.0.11:1812
        EAP-Message = 0x014402dd0d80000012d340b1872e42d5a34d28c71b1c5337514cabe48acfa781c1c3873e59590ba955cdb7ba278287c65e2a4f4dc06d7078c49c46dfa7ee92c48a94239096c330a5d2156a02004f20b4549575d48c8e4a388268cec8adbfc2828d20ceead9bdf7d06761896253534000448fbe3449c5333bf0b66540034c76fb0b8d6450122c9366b6fa5e86ee04726c33201290324dd27f0a533681c56e747b69db64a27e90fb993f98b0095903a9ac329cc211351fa23d20583db9e2121fb51d756a0767b941bfa647f949734c95ac726843df743b6d0b541b4926102dc83e710f9994e27e1e1b2ec76b3cd854b1525128213c8e97b0a285666588ee
        EAP-Message = 0x392d91c72f546414996077fe904052d7dfbc8205575df979c53e6aedc56495baf548606c3a84cfade407959b832fe43222b432395eddd4990a3446df727de2fcd6ad433e5347f4419b13364399597f9e30948e118e43f55785a250d9e59c9786518a20ba2ca4bc3b6561a5556e4b71a867ab32946f93eeb6f85177ff0fd3fe6d962784c026457896a438c95dd702d85d2f981a2fdb726f048d71c3c1c901b658a94cf4c0bb5706e0a1e9c49606d7e39d107e39705e5736475fc1b5491a85913a883932d755b1ed27e244819c363c13d083efe45242ec2454dce61104a862ff1f411a9e4cc35b8428a8fb8ead440b34d5a29a897e87efa82f5ad91b9472
        EAP-Message = 0x34ac50a8eede1098634f56cb0b73cad65e4e1b76efe23d5db1a2b1278a7a70501e5d8ba32564f9324de034ac8ffc23e0fd7b37b482244517c7453c08291b0609d89e9d7c92611dbf2e857025bd98896bb72e15160301008b0d0000830403040102007c007a3078310b3009060355040613026573310c300a060355040a1303756168310c300a060355040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e65730e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x8114badf17473ee2b9c1d2ac7940e28d
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.11:1812, id=144, length=1597
        User-Name = "mobile"
        NAS-IP-Address = 10.0.0.11
        Calling-Station-Id = "00-0E-35-5D-B5-25"
        State = 0x8114badf17473ee2b9c1d2ac7940e28d
        EAP-Message = 0x024405d80dc000000efe1603010de80b000de4000de10006403082063c30820424a003020102020104300d06092a864886f70d01010505003078310b3009060355040613026573310c300a060355040a1303756168310c300a060355040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e6573301e170d3035303633303131333833345a170d3039303632383131333833345a304b310b3009060355040613026573310c300a060355040a13037561683110300e060355040b1307416c75
        EAP-Message = 0x6d6e6f733110300e06035504031307436c69656e7465310a3008060355040513013430819f300d06092a864886f70d010101050003818d00308189028181009d475e9547b81afa9cfa087cef13d6e90dfaa1eef56fdef756fabdf8685ae8293f01f3c105e6c6ca1c14ac6cb4f92322deb00352b2842068d879c3683562883efa5eadddd275c269593afa9a5d8920b43d413118127213b8674a8837f97730d883f0c79fa54c06f67baf2a39a200106544fd498c58344b8bc20a9940ed10386d0203010001a38202803082027c30090603551d130402300030430603551d20043c303a300606042a030304303006042a0303053028302606082b06010505
        EAP-Message = 0x070201161a687474703a2f2f796f64612e6175742e7561682e65732f637073301106096086480186f84201010404030205a0300b0603551d0f0404030205e030290603551d250422302006082b0601050507030206082b06010505070304060a2b060104018237140202302606096086480186f842010d0419161755736572204365727469666963617465206f6620756168301d0603551d0e0416041425c42b01ac77b1cd69ecb8fd105abdb37893f4c63081aa0603551d230481a230819f801438870a2b2e63a58a8044a745ecb8a036446add56a17ca47a3078310b3009060355040613026573310c300a060355040a1303756168310c300a060355
        EAP-Message = 0x040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e6573820900ae7948d122becdf5301d0603551d11041630148112636c69656e7465407072756562612e636f6d30190603551d1204123010810e706b69406175742e7561682e6573303906096086480186f8420104042c162a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c303906096086480186f8420103042c162a687474703a2f2f6f626977616e2e6175742e7561682e
        EAP-Message = 0x65732f7075622f63726c2f636163726c2e63726c303b0603551d1f043430323030a02ea02c862a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c300d06092a864886f70d010105050003820201005a416f2ab9d2911a2717c378f30c075c81b3aa7335897bea9dcf11aa23729c830263556297d9fbf4e36af0f230cd59df0e412530556a4c0bc3f9c608bbcb96785eef7aba9373654643be7661302978a43d3bb9e3a8235b23c121bb11dca9c0d866cea49f4adfe3d7f6dace21a3c88fee754d18db8c8123dac907f3d87fc47434a63d7ba9661f45f2088efdd1dbe420ed7c14c41f7af006dd
        EAP-Message = 0xd799d71a479e34d17ea091468dbe0f560e7a44ce6d74368bc9dcca4257935e03bb9d755e3a4e178875ca51a32e7019d207268191a812745e2e5cb4b91224776f9aef9f6397ac485da2cd24a0d1c25e02d1f2828a21cbc47c762f86aeb4b44a5af71f013ded4d3a54cba5a49851218577af1c2b90cd27f3b5065a409f3e2644a7425ed3dc17d15a630f860fcc216813bdb0acb2b507f5c8479b280a110eecb858f0ef077a76f14107742ea064e02045789ded712b3eb8aadd9c1209e10757f25e14b900e4e8a111616e66697366586bf57a6f5fa79845021bde33efec2dddc95f3529b3a04ea2b8
        Message-Authenticator = 0x8b8598358880bd370a2468c64421fec9
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
  modcall[authorize]: module "preprocess" returns ok for request 6
  modcall[authorize]: module "chap" returns noop for request 6
  modcall[authorize]: module "mschap" returns noop for request 6
    rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 6
    users: Matched entry DEFAULT at line 185
    users: Matched entry mobile at line 227
  modcall[authorize]: module "files" returns ok for request 6
  rlm_eap: EAP packet type response id 68 length 253
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 6
radius_xlat:  'mobile'
rlm_sql (sql): sql_set_user escaped user --> 'mobile'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): User mobile not found in radcheck
radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 3
  modcall[authorize]: module "sql" returns ok for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for mobile
radius_xlat:  '(cn=mobile)'
radius_xlat:  'ou=radius,o=uah,c=es'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns notfound for request 6
modcall: group authorize returns updated for request 6
  rad_check_password:  Found Auth-Type EAP
  rad_check_password:  Found Auth-Type EAP
Warning:  Found 2 auth-types on request for user 'mobile'
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Received EAP-TLS First Fragment of the message
  eaptls_verify returned 9
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 144 to 10.0.0.11:1812
        EAP-Message = 0x014500060d00
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x15011ed049f30b857ce6683156d2b2b9
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.11:1812, id=145, length=1597
        User-Name = "mobile"
        NAS-IP-Address = 10.0.0.11
        Calling-Station-Id = "00-0E-35-5D-B5-25"
        State = 0x15011ed049f30b857ce6683156d2b2b9
        EAP-Message = 0x024505d80d40ab681293018df1f9594ec6cd73460d2eaa9ee53294dbc1ccc979aa7fa3ee1ade3de6ec5669814f25957e487620ab054f159c7fc7c9bff2f5f55bdb5a59950157d334d520a8764f9f39f5c97915552cd1f7c4721e62aafb240780478ef5ad4ea9b073ff39a6d0551d4e4b9a43421c763d8437403f645f05fa92c00ef13a4f99fdbd00079b308207973082057fa003020102020900ae7948d122becdf5300d06092a864886f70d01010505003078310b3009060355040613026573310c300a060355040a1303756168310c300a060355040b1303504b49312e302c060355040313254175746f726964616420646520436572746966696361
        EAP-Message = 0x63696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e6573301e170d3035303633303037353330335a170d3039303632393037353330335a3078310b3009060355040613026573310c300a060355040a1303756168310c300a060355040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e657330820222300d06092a864886f70d01010105000382020f003082020a0282020100ccbe20115cdf3ea4f05c53e08ee11409c425f851
        EAP-Message = 0xe287b73f501d5809e9040059dbd95d83c316b9642820eb61e7804e0c76b5a7534d64e732be24bfe872b5e4a8b3991c18c61deb9e58e5dd43937812028a2d721e6311c9228cd977f71ab77979f3785c784adb8630b1559e3bb9f4dbf66f7cd3da2b32da2bc13ea816a3e3a31c4b10b0457bc21780f4881c5dc30f49bf6aba7280412e6d45945de61837ef0de9af80f4778593f92d1e8c29440b8444f77dd57cbc907c393832f4e23e5855d83e63d459deaca7e154a09aa3654c945ec5648e07d67612aaddd5f777b1e6d02e9f467a29d9938f5acd34f120e6d0730b921e2f42e27f87a63589fa3120273e4388d69189ddf4995d1f0be2868eb92e981cc7
        EAP-Message = 0x5f44b526317671e633875e40182a7c592a9ad55a00a4c08d591419942e5a590