Skip to content

Instantly share code, notes, and snippets.

/gist:10483144

Created April 11, 2014 16:43
Show Gist options
  • Save anonymous/10483144 to your computer and use it in GitHub Desktop.
Save anonymous/10483144 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/freeradius/freeradius.sock
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.10.1 port 50334, id=40, length=190
User-Name = "emre@domain.com"
NAS-IP-Address = 192.168.10.1
NAS-Port = 22529
Called-Station-Id = "00-10-F3-2E-36-78:Domain_Secure"
Calling-Station-Id = "8C-7B-9D-D5-E3-64"
Framed-MTU = 1250
NAS-Port-Type = Wireless-802.11
Framed-Compression = None
Connect-Info = "CONNECT 802.11g"
Chargeable-User-Identity = ""
EAP-Message = 0x0201001a01656d726523423422342342342342376974616c2e636f6d
Message-Authenticator = 0x837429b1a4eb9d5c926ef4929028a4f8
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "domain.com" for User-Name = "emre@domain.com"
[suffix] No such realm "domain.com"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 26
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[expiration] returns noop
++[logintime] returns noop
[ldap] performing user authorization for emre@domain.com
[ldap] expand: %{Stripped-User-Name} ->
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> emre@domain.com
[ldap] expand: (mail=%{%{Stripped-User-Name}:-%{User-Name}}) -> (mail=emre@domain.com)
[ldap] expand: ou=internal,ou=users,dc=security,dc=domain,dc=com -> ou=internal,ou=users,dc=security,dc=domain,dc=com
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to ldapmaster.domain.com,ldapslave.domain.com:389, authentication 0
[ldap] setting TLS Require Cert to never
[ldap] starting TLS
[ldap] bind as uid=binder,ou=services,dc=security,dc=domain,dc=com/Z234234 to ldapmaster.domain.com,ldapslave.domain.com:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] performing search in ou=internal,ou=users,dc=security,dc=domain,dc=com, with filter (mail=emre@domain.com)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap] user emre@domain.com authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 40 to 192.168.10.1 port 50334
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd9d8676cd9da7e3ab20d11cee29a3081
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.10.1 port 50334, id=41, length=334
User-Name = "emre@domain.com"
NAS-IP-Address = 192.168.10.1
NAS-Port = 22529
Called-Station-Id = "00-10-F3-2E-36-78:Domain_Secure"
Calling-Station-Id = "8C-7B-9D-D5-E3-64"
Framed-MTU = 1250
NAS-Port-Type = Wireless-802.11
Framed-Compression = None
Connect-Info = "CONNECT 802.11g"
Chargeable-User-Identity = ""
EAP-Message = 0x0202009819800000008ec8dae917c5097ac30c031e200004a00ffc023c011c012c026c025c02ac029c005c004c002c003c00fc00ec00cc00d003d003c002f000500040035000a0067006b00330039001601000012000a00080006001700180019000b00020100
State = 0xd9d8676cd9da0001cee29a3081
Message-Authenticator = 0xd4a05bf3000ee3d645
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "domain.com" for User-Name = "emre@domain.com"
[suffix] No such realm "domain.com"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 152
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 142
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0089], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 02aa], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 41 to 192.168.10.1 port 5033403039313633305a170d3234303332333039313633305a3010310e300c06035504031305636f72703230820122300d06092a864886f70d01010105000382010f003082010a0282010100a18266685b65ada088c3b4a8cc8f3ebb0b0493b44f013a2907a86cecf4e4210c6639c004ab1eb2bc6a957f
EAP-Message = 0x74d4560886f64d418bf90acacfe0a2049312453a78f65f343a4e22fb1ecffe2aadc42f071f0c40ca6642a843b35ad8ea66236e676617d055a2a38119c6901086db9542b09b260241130ac5eba767cfa488ab041e8df7230203010001300d06092a864886f70d010105050003820101001530845bfb83118f5936741ca68605
EAP-Message = 0x8e03b30b90e4e90b800836c5fa7a205382ae43f5778bd3d9dfcfbace2cf64dad949ff357dff6d600e623e1bcf2802aca3e6c854a92c263d5f6f82954bd4257690c29973d1dd631d8dbafe9157b7d082f3eecd3f3cdcbcc762b907f5ba18d75128de758a97f5316030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd9d8676cd8db7e3ab20d11cee29a3081
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.10.1 port 50334, id=42, length=520
User-Name = "emre@domain.com"
NAS-IP-Address = 192.168.10.1
NAS-Port = 22529
Called-Station-Id = "00-10-F3-2E-36-78:Domain_Secure"
Calling-Station-Id = "8C-7B-9D-D5-E3-64"
Framed-MTU = 1250
NAS-Port-Type = Wireless-802.11
Framed-Compression = None
Connect-Info = "CONNECT 802.11g"
Chargeable-User-Identity = ""
EAP-Message = 0x06a634f11b4ee4141bae384c943419d6185df7e80a389db23494ea28c45f01803e6ceb632ee6095dbea56b83235dd19bffada58f21bfb5429028980be55445b54a26cc1cb2baf45c532da747a84d1f03644e9e02a1494dfa4477afd018ec39093e0925ad820b0f37323d5ace1465edbd70771780795e5c699ecf31d0d93deb7a0eeb68511e11f94833e8fd48c150e1195d58e0c47730838b1fc8b9b00e1379f62470afb41a7f035c
EAP-Message = 0x29bb06e793ea9c94fb754c19c40939475531665fba9082ef1f
State = 0xd9d8676cd8db7e3ab20d11cee29a3081
Message-Authenticator = 0x591a770bab26a74f42b85ff61
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "domain.com" for User-Name = "emre@domain.com"
[suffix] No such realm "domain.com"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 42 to 192.168.10.1 port 50334
EAP-Message = 0x01040041190014030104d4d8603e5b264c17af9229e4197c921469f710
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd9d8676cdbdc7e4e29a3081
Finished request 2.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.10.1 port 50334, id=43, length=188
User-Name = "emre@domain.com"
NAS-IP-Address = 192.168.10.1
NAS-Port = 22529
Called-Station-Id = "00-10-F3-2E-36-78:Domain_Secure"
Calling-Station-Id = "8C-7B-9D-D5-E3-64"
Framed-MTU = 1250
NAS-Port-Type = Wireless-802.11
Framed-Compression = None
Connect-Info = "CONNECT 802.11g"
Chargeable-User-Identity = ""
EAP-Message = 0x020400061900
State = 0xd9d8676cdbdc7411cee29a3081
Message-Authenticator = 0x6cf9845e33f1a6a74f3059ef9
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "domain.com" for User-Name = "emre@domain.com"
[suffix] No such realm "domain.com"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 43 to 192.168.10.1 port 50334
EAP-Message = 0x0105002b190017030145f7dfd099d194c27c996
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd9d8676cda4e29a3081
Finished request 3.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.10.1 port 50334, id=44, length=241
User-Name = "emre@domain.com"
NAS-IP-Address = 192.168.10.1
NAS-Port = 22529
Called-Station-Id = "00-10-F3-2E-36-78:Domain_Secure"
Calling-Station-Id = "8C-7B-9D-D5-E3-64"
Framed-MTU = 1250
NAS-Port-Type = Wireless-802.11
Framed-Compression = None
Connect-Info = "CONNECT 802.11g"
Chargeable-User-Identity = ""
EAP-Message = 0x0205003b19004268fb7123f8d8651d6150a22234d6a
State = 0xd9d8676cdadd7e34a3081
Message-Authenticator = 0x6f7c7e343e5d477d4037ed7c
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "domain.com" for User-Name = "emre@domain.com"
[suffix] No such realm "domain.com"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 59
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - emre@domain.com
[peap] Got inner identity 'emre@domain.com'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message = 0x0205001a01656d72654071756269746469676974616c2e636f6d
server {
PEAP: Setting User-Name to emre@domain.com
Sending tunneled request
EAP-Message = 0x0205001a01656d72654071756269746469676974616c2e636f6d
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "emre@domain.com"
server inner-tunnel {
No such virtual server "inner-tunnel"
} # server inner-tunnel
[peap] Got tunneled reply code 3
[peap] Got tunneled reply RADIUS code 3
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 44 to 192.168.10.1 port 50334
EAP-Message = 0x0106002b190017030100201bf64f8e51cb380b82c4200676515738
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd9d8676cddde7e3ab20d11cee29a3081
Finished request 4.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.10.1 port 50334, id=45, length=225
User-Name = "emre@domain.com"
NAS-IP-Address = 192.168.10.1
NAS-Port = 22529
Called-Station-Id = "00-10-F3-2E-36-78:Domain_Secure"
Calling-Station-Id = "8C-7B-9D-D5-E3-64"
Framed-MTU = 1250
NAS-Port-Type = Wireless-802.11
Framed-Compression = None
Connect-Info = "CONNECT 802.11g"
Chargeable-User-Identity = ""
EAP-Message = 0x0206002b190017030100202c47710633e655fb532686b8ffb7aaddb78be
State = 0xd9d8676cddde7e3ab20d11cee29a3081
Message-Authenticator = 0x2d143068e9cb51937316edb0aaa2b120
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "domain.com" for User-Name = "emre@domain.com"
[suffix] No such realm "domain.com"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv failure
[peap] Received EAP-TLV response.
[peap] The users session was previously rejected: returning reject (again.)
[peap] *** This means you need to read the PREVIOUS messages in the debug output
[peap] *** to find out the reason why the user was rejected.
[peap] *** Look for "reject" or "fail". Those earlier messages will tell you.
[peap] *** what went wrong, and how to fix the problem.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Delaying reject of request 5 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 5
Sending Access-Reject of id 45 to 192.168.10.1 port 50334
EAP-Message = 0x04060004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.8 seconds.
Cleaning up request 0 ID 40 with timestamp +23
Cleaning up request 1 ID 41 with timestamp +23
Cleaning up request 2 ID 42 with timestamp +23
Cleaning up request 3 ID 43 with timestamp +23
Cleaning up request 4 ID 44 with timestamp +23
Waking up in 1.0 seconds.
Cleaning up request 5 ID 45 with timestamp +23
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.10.1 port 50334, id=49, length=190
User-Name = "emre@domain.com"
NAS-IP-Address = 192.168.10.1
NAS-Port = 22529
Called-Station-Id = "00-10-F3-2E-36-78:Domain_Secure"
Calling-Station-Id = "8C-7B-9D-D5-E3-64"
Framed-MTU = 1250
NAS-Port-Type = Wireless-802.11
Framed-Compression = None
Connect-Info = "CONNECT 802.11a"
Chargeable-User-Identity = ""
EAP-Message = 0x0201001a01656d72654071476974616c2e636f6d
Message-Authenticator = 0x15102c2d8644c839a0ec8a216
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "domain.com" for User-Name = "emre@domain.com"
[suffix] No such realm "domain.com"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 26
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[expiration] returns noop
++[logintime] returns noop
[ldap] performing user authorization for emre@domain.com
[ldap] expand: %{Stripped-User-Name} ->
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> emre@domain.com
[ldap] expand: (mail=%{%{Stripped-User-Name}:-%{User-Name}}) -> (mail=emre@domain.com)
[ldap] expand: ou=internal,ou=users,dc=security,dc=domain,dc=com -> ou=internal,ou=users,dc=security,dc=domain,dc=com
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in ou=internal,ou=users,dc=security,dc=domain,dc=com, with filter (mail=emre@domain.com)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap] user emre@domain.com authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 49 to 192.168.10.1 port 50334
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc54f846ac54d9d07a73bbd47218b35ee
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.10.1 port 50334, id=50, length=334
User-Name = "emre@domain.com"
NAS-IP-Address = 192.168.10.1
NAS-Port = 22529
Called-Station-Id = "00-10-F3-2E-36-78:Domain_Secure"
Calling-Station-Id = "8C-7B-9D-D5-E3-64"
Framed-MTU = 1250
NAS-Port-Type = Wireless-802.11
Framed-Compression = None
Connect-Info = "CONNECT 802.11a"
Chargeable-User-Identity = ""
EAP-Message = 0x02020098198000412c026c025c02ac029c005c004c002c003c00fc00ec00cc00d003d003c002f000500040035000a0067006b00330039001601000012000a00080006001700180019000b00020100
State = 0xc54f846ac54d9d07a73bbd47218b35ee
Message-Authenticator = 0xecd5f0c8a26db5e57cb13eb4e899fd89
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "domain.com" for User-Name = "emre@domain.com"
[suffix] No such realm "domain.com"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 152
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 142
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0089], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 02aa], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 50 to 192.168.10.1 port 50334
EAP-Message = 0x010302f41900160301003102004600002f000005ff0100010016030102aa0b0002a60002a30002a03082029c308201840209008a629189e678214b300d06092a864886f70d01010505003010310e300c06035504031305636f727032301e170d3134303332363039313633305a170d3234303332333039313633305a3010310e300c06035504031305636f72703230820122300d06092a864886f70d01010105000382010f003082010a0282010100a18266685b65ada088c3b4a8cc8f3ebb0b0493b44f013a2907a86cecf4e4210c6639c004ab1eb2bc6a957f
EAP-Message = 0x74d456264ddd98c2dab6c31b2baa0edb7b6176a31d9387236fa6eecdd2f4b530310b59c04af01bde105ae2315a0b1885ededd4988d0f886f6a590ee146240678d628e55de32b3b392afa3c2e387809e58650b21e8d70483a8799d418bf90acacfe0a2049312453a78f65f343a4e22fb1ecffe2aadc42f071f0c40ca6642a843b35ad8ea66236e676617d055a2a38119c6901086db9542b09b260241130ac5eba767cfa488ab041e8df7230203010001300d06092a864886f70d010105050003820101001530845bfb83118f5936741ca68605
EAP-Message = 0x8e03b30b99a04e2e8b376dea96da09f5435710584fafceb4ba8701c46bc5a1664ad0052e3a9111905816492e4e90b804e3e14e03656b668bd7b104ce4d9ea52142894d9ef5f956f6f8a0282ee9190f5ddfb1c4ae80b836c5fa7a205382aec3a18f2c939f2f27f6464a3a3af969aebedc60eab86365b03f5778bd3d9dfcfbace2cf64dad949ff357dff6d600e623e1bcf2802aca3e6c854a92c263d5f6f82954bd4257690c29973d1dd631d8dbafe9157b7d082f3eecd3f3cdcbcc762b907f5ba18d75128de758a97f5316030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc54f846ac44c9d07a73bbd47218b35ee
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.10.1 port 50334, id=51, length=520
User-Name = "emre@domain.com"
NAS-IP-Address = 192.168.10.1
NAS-Port = 22529
Called-Station-Id = "00-10-F3-2E-36-78:Domain_Secure"
Calling-Station-Id = "8C-7B-9D-D5-E3-64"
Framed-MTU = 1250
NAS-Port-Type = Wireless-802.11
Framed-Compression = None
Connect-Info = "CONNECT 802.11a"
Chargeable-User-Identity = ""
EAP-Message = 0x02030150198000000146148391739ea743b15d1ba5d1d445aa1379d375ade55318977ea4119eeb9545e3c5c30ac7c95c186c27d857c5c4b71017159b6fe4a3aec8313b007d260885aacf6734b092dfef0683ccd72b919a5288bbe8c778fd18d08a43b08d9a68d4a896d7d16cbc8795f6d7c20c9562ef7af33ac291d35d6c2bd891800d5ad9bb4884da8ac2d7dc5a17bdc79073fe86adf37c45c56551bc6b58c57ded42b67099f9db0ae65a4cc92cac0f908c15f51059f5e2aec7e37d9eec9a1e874fd0130eafc46752b8b13ba715b9de26c40a3bb482da7205604745
EAP-Message = 0xfc90f05f0cecd7e4317a5522c81f54955a245dc9b772e6f6ba04b6b0841bb4285345670a45c22252b71274acd6
State = 0xc54f84447218b35ee
Message-Authenticator = 0x09c69bab2a9402f92e
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "domain.com" for User-Name = "emre@domain.com"
[suffix] No such realm "domain.com"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 51 to 192.168.10.1 port 50334
EAP-Message = 0x0104004119001403435b867cacc975739cc9cf8d9419681492fc
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc54f846ac74b9d07a73bbd47218b35ee
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.10.1 port 50334, id=52, length=188
User-Name = "emre@domain.com"
NAS-IP-Address = 192.168.10.1
NAS-Port = 22529
Called-Station-Id = "00-10-F3-2E-36-78:Domain_Secure"
Calling-Station-Id = "8C-7B-9D-D5-E3-64"
Framed-MTU = 1250
NAS-Port-Type = Wireless-802.11
Framed-Compression = None
Connect-Info = "CONNECT 802.11a"
Chargeable-User-Identity = ""
EAP-Message = 0x020400061900
State = 0xc54f846ac74b9d0447218b35ee
Message-Authenticator = 0x5b9abc159da02f44223bd50b
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "domain.com" for User-Name = "emre@domain.com"
[suffix] No such realm "domain.com"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 52 to 192.168.10.1 port 50334
EAP-Message = 0x0105002b19001744377da8e56999ae
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc54f846ac64a9d07a73bbd47218b35ee
Finished request 9.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.10.1 port 50334, id=53, length=241
User-Name = "emre@domain.com"
NAS-IP-Address = 192.168.10.1
NAS-Port = 22529
Called-Station-Id = "00-10-F3-2E-36-78:Domain_Secure"
Calling-Station-Id = "8C-7B-9D-D5-E3-64"
Framed-MTU = 1250
NAS-Port-Type = Wireless-802.11
Framed-Compression = None
Connect-Info = "CONNECT 802.11a"
Chargeable-User-Identity = ""
EAP-Message = 0x0205003b19001703010030746eb2b4a266d7392cd328facf
State = 0xc54f846ac64a9d07a73bbd47218b35ee
Message-Authenticator = 0xe77ee261585899e9f41063d88efdf82d
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "domain.com" for User-Name = "emre@domain.com"
[suffix] No such realm "domain.com"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 59
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - emre@domain.com
[peap] Got inner identity 'emre@domain.com'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message = 0x0205001a01656d72654071756269746469676974616c2e636f6d
server {
PEAP: Setting User-Name to emre@domain.com
Sending tunneled request
EAP-Message = 0x0205001a01656d72654071756269746469676974616c2e636f6d
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "emre@domain.com"
server inner-tunnel {
No such virtual server "inner-tunnel"
} # server inner-tunnel
[peap] Got tunneled reply code 3
[peap] Got tunneled reply RADIUS code 3
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 53 to 192.168.10.1 port 50334
EAP-Message = 0x0106002b19001703010020eee482248dfcd91b4d4eda4bb344292
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc54f846ac1499d07a73bbd47218b35ee
Finished request 10.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.10.1 port 50334, id=54, length=225
User-Name = "emre@domain.com"
NAS-IP-Address = 192.168.10.1
NAS-Port = 22529
Called-Station-Id = "00-10-F3-2E-36-78:Domain_Secure"
Calling-Station-Id = "8C-7B-9D-D5-E3-64"
Framed-MTU = 1250
NAS-Port-Type = Wireless-802.11
Framed-Compression = None
Connect-Info = "CONNECT 802.11a"
Chargeable-User-Identity = ""
EAP-Message = 0x0206002b19001703010020db24b58d3075c6b8c383e28a4b2daf
State = 0xc54f846ac1499d07a73bbd47218b35ee
Message-Authenticator = 0x21d6bad4b6f96eaf2924762d8f824ae9
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "domain.com" for User-Name = "emre@domain.com"
[suffix] No such realm "domain.com"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv failure
[peap] Received EAP-TLV response.
[peap] The users session was previously rejected: returning reject (again.)
[peap] *** This means you need to read the PREVIOUS messages in the debug output
[peap] *** to find out the reason why the user was rejected.
[peap] *** Look for "reject" or "fail". Those earlier messages will tell you.
[peap] *** what went wrong, and how to fix the problem.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Delaying reject of request 11 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 11
Sending Access-Reject of id 54 to 192.168.10.1 port 50334
EAP-Message = 0x04060004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.8 seconds.
Cleaning up request 6 ID 49 with timestamp +55
Cleaning up request 7 ID 50 with timestamp +56
Cleaning up request 8 ID 51 with timestamp +56
Cleaning up request 9 ID 52 with timestamp +56
Cleaning up request 10 ID 53 with timestamp +56
Waking up in 1.0 seconds.
Cleaning up request 11 ID 54 with timestamp +56
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.10.1 port 50334, id=55, length=190
User-Name = "emre@domain.com"
NAS-IP-Address = 192.168.10.1
NAS-Port = 22529
Called-Station-Id = "00-10-F3-2E-36-78:Domain_Secure"
Calling-Station-Id = "8C-7B-9D-D5-E3-64"
Framed-MTU = 1250
NAS-Port-Type = Wireless-802.11
Framed-Compression = None
Connect-Info = "CONNECT 802.11g"
Chargeable-User-Identity = ""
EAP-Message = 0x0201001a01656d72649676974616c2e636f6d
Message-Authenticator = 0x7aca3c167b0e8ffdfa0f1e71590a925d
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "domain.com" for User-Name = "emre@domain.com"
[suffix] No such realm "domain.com"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 26
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[expiration] returns noop
++[logintime] returns noop
[ldap] performing user authorization for emre@domain.com
[ldap] expand: %{Stripped-User-Name} ->
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> emre@domain.com
[ldap] expand: (mail=%{%{Stripped-User-Name}:-%{User-Name}}) -> (mail=emre@domain.com)
[ldap] expand: ou=internal,ou=users,dc=security,dc=domain,dc=com -> ou=internal,ou=users,dc=security,dc=domain,dc=com
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in ou=internal,ou=users,dc=security,dc=domain,dc=com, with filter (mail=emre@domain.com)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap] user emre@domain.com authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 55 to 192.168.10.1 port 50334
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa7fdbb34a7ffa2263f1f9779a421e6b4
Finished request 12.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.10.1 port 50334, id=56, length=334
User-Name = "emre@domain.com"
NAS-IP-Address = 192.168.10.1
NAS-Port = 22529
Called-Station-Id = "00-10-F3-2E-36-78:Domain_Secure"
Calling-Station-Id = "8C-7B-9D-D5-E3-64"
Framed-MTU = 1250
NAS-Port-Type = Wireless-802.11
Framed-Compression = None
Connect-Info = "CONNECT 802.11g"
Chargeable-User-Identity = ""
EAP-Message = 0x020200981980000004402ac029c005c004c002c003c00fc00ec00cc00d003d003c002f000500040035000a0067006b00330039001601000012000a00080006001700180019000b00020100
State = 0xa7fdbb34a7ffa2263f1f9779a421e6b4
Message-Authenticator = 0x90b1f21bb0c9269c9c23bb779db3901d
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "domain.com" for User-Name = "emre@domain.com"
[suffix] No such realm "domain.com"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 152
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 142
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0089], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 02aa], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 56 to 192.168.10.1 port 50334
EAP-Message = 0x010302f419001603040e405b00002f000005ff0100010016030102aa0b0002a60002a30002a03082029c308201840209008a629189e678214b300d06092a864886f70d01010505003010310e300c06035504031305636f727032301e170d3134303332363039313633305a170d3234303332333039313633305a3010310e300c06035504031305636f72703230820122300d06092a864886f70d01010105000382010f003082010a0282010100a18266685b65ada088c3b4a8cc8f3ebb0b0493b44f013a2907a86cecf4e4210c6639c004ab1eb2bc6a957f
EAP-Message = 0x74d4562664c4e9dddd98c2dab6c31b2baa0edb7b6176a31d9387236fa6eecdd2f4b530310b59c04af01bde105ae2315a0b1885ededd4988d0f886f6a590ee146240678d628e55de32b3b392afa3c2e387809e58650b21e8d70483a8799d418bf90acacfe0a2049312453a78f65f343a4e22fb1ecffe2aadc42f071f0c40ca6642a843b35ad8ea66236e676617d055a2a38119c6901086db9542b09b260241130ac5eba767cfa488ab041e8df7230203010001300d06092a864886f70d010105050003820101001530845bfb83118f5936741ca68605
EAP-Message = 0x8e03b30b994e2e8b376dea96da09f5435710584fafceb4ba8701c46bc5a1664ad0052e3a9111905816492e4e90b804e3e14e03656b668bd7b104ce4d9ea52142894d9ef5f956f6f8a0282ee9190f5ddfb1c4ae80b836c5fa7a205382aec3a18f2c939f2f27f6464a3a3af969aebedc60eab86365b03f5778bd3d9dfcfbace2cf64dad949ff357dff6d600e623e1bcf2802aca3e6c854a92c263d5f6f82954bd4257690c29973d1dd631d8dbafe9157b7d082f3eecd3f3cdcbcc762b907f5ba18d75128de758a97f5316030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa7fdbb34a6fea2263f1f9779a421e6b4
Finished request 13.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.10.1 port 50334, id=57, length=520
User-Name = "emre@domain.com"
NAS-IP-Address = 192.168.10.1
NAS-Port = 22529
Called-Station-Id = "00-10-F3-2E-36-78:Domain_Secure"
Calling-Station-Id = "8C-7B-9D-D5-E3-64"
Framed-MTU = 1250
NAS-Port-Type = Wireless-802.11
Framed-Compression = None
Connect-Info = "CONNECT 802.11g"
Chargeable-User-Identity = ""
EAP-Message = 0x0203015019468161f533a3082f49a14a30570fc99bcb362683211608a19f9b37f8f7ef2831b373df1a85e16d8eb2d0926b6f6dfed41f687baa22d03a51f38d83efb8a26fc8876769edbe8709a1765a6933bc057e9868d7158647c69055ef718973eb311dcbd52a76ecf38a1f0c6db45433fe08fccb66b338d58bbdaf100242a6fb074ae40dfa04a95df3e7f23d56f937a0530c4b19934ae62dbbd3b0b7f1a8e929adc1b5aed96e811ff1ff2d3cec3242de0fd1cc43b8cfa3806ec71b39e853d6c261b58e3ee1c09dc1ca190cd67080f988d93c0425825f2
EAP-Message = 0x06db812cbb8d0ea5fa014a5e7f7fbf47085e972b19cee7791914b392ad44bcb99066b049062fd81c3b8c0b2977fc8f054288
State = 0xa7fdbb34a6fea2263f1f9779a421e6b4
Message-Authenticator = 0x5ea6708d686637d428259f739f967e92
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "domain.com" for User-Name = "emre@domain.com"
[suffix] No such realm "domain.com"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 57 to 192.168.10.1 port 50334
EAP-Message = 0x01040041190014030100014e4dde17ecf51586ac66f5bf0024ba6c685f8e38072d3
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa7fdbb34a5f9a2263f1f9779a421e6b4
Finished request 14.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.10.1 port 50334, id=58, length=188
User-Name = "emre@domain.com"
NAS-IP-Address = 192.168.10.1
NAS-Port = 22529
Called-Station-Id = "00-10-F3-2E-36-78:Domain_Secure"
Calling-Station-Id = "8C-7B-9D-D5-E3-64"
Framed-MTU = 1250
NAS-Port-Type = Wireless-802.11
Framed-Compression = None
Connect-Info = "CONNECT 802.11g"
Chargeable-User-Identity = ""
EAP-Message = 0x020400061900
State = 0xa7fdbb34a5f94421e6b4
Message-Authenticator = 0x9a22410745d4aacd6c09797
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "domain.com" for User-Name = "emre@domain.com"
[suffix] No such realm "domain.com"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 58 to 192.168.10.1 port 50334
EAP-Message = 0x0105002b19001740063bb376dc43fa7308
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa7fdbb34a4f8a2263f1f9779a421e6b4
Finished request 15.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.10.1 port 50334, id=59, length=241
User-Name = "emre@domain.com"
NAS-IP-Address = 192.168.10.1
NAS-Port = 22529
Called-Station-Id = "00-10-F3-2E-36-78:Domain_Secure"
Calling-Station-Id = "8C-7B-9D-D5-E3-64"
Framed-MTU = 1250
NAS-Port-Type = Wireless-802.11
Framed-Compression = None
Connect-Info = "CONNECT 802.11g"
Chargeable-User-Identity = ""
EAP-Message = 0x0205003b19001703010034d6912c9ae12759e4cd10371fa05c
State = 0xa7fdbb34a4f8a2263f1f9779a421e6b4
Message-Authenticator = 0xeb8c83bb18a960ce5b1d2bb7150473e6
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "domain.com" for User-Name = "emre@domain.com"
[suffix] No such realm "domain.com"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 59
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - emre@domain.com
[peap] Got inner identity 'emre@domain.com'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message = 0x0205001a01656d74746469676974616c2e636f6d
server {
PEAP: Setting User-Name to emre@domain.com
Sending tunneled request
EAP-Message = 0x0205001a01656d726540749676974616c2e636f6d
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "emre@domain.com"
server inner-tunnel {
No such virtual server "inner-tunnel"
} # server inner-tunnel
[peap] Got tunneled reply code 3
[peap] Got tunneled reply RADIUS code 3
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 59 to 192.168.10.1 port 50334
EAP-Message = 0x0106002b19001703010024aa39de1d284c385c5ba6bd623
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa7fdbb34a3fba2263f1f9779a421e6b4
Finished request 16.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.10.1 port 50334, id=60, length=225
User-Name = "emre@domain.com"
NAS-IP-Address = 192.168.10.1
NAS-Port = 22529
Called-Station-Id = "00-10-F3-2E-36-78:Domain_Secure"
Calling-Station-Id = "8C-7B-9D-D5-E3-64"
Framed-MTU = 1250
NAS-Port-Type = Wireless-802.11
Framed-Compression = None
Connect-Info = "CONNECT 802.11g"
Chargeable-User-Identity = ""
EAP-Message = 0x0206002b19001747d1b1fe544ced77b7e5ca242fca74467f96e683d8b392a9c89d264b1c4ab
State = 0xa7fdbb34a3fba2263f49779a421e6b4
Message-Authenticator = 0x375d098da54914b6b8c66a48f77e
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "domain.com" for User-Name = "emre@domain.com"
[suffix] No such realm "domain.com"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv failure
[peap] Received EAP-TLV response.
[peap] The users session was previously rejected: returning reject (again.)
[peap] *** This means you need to read the PREVIOUS messages in the debug output
[peap] *** to find out the reason why the user was rejected.
[peap] *** Look for "reject" or "fail". Those earlier messages will tell you.
[peap] *** what went wrong, and how to fix the problem.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Delaying reject of request 17 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 17
Sending Access-Reject of id 60 to 192.168.10.1 port 50334
EAP-Message = 0x04060004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.7 seconds.
Cleaning up request 12 ID 55 with timestamp +76
Cleaning up request 13 ID 56 with timestamp +76
Cleaning up request 14 ID 57 with timestamp +76
Cleaning up request 15 ID 58 with timestamp +76
Cleaning up request 16 ID 59 with timestamp +76
Waking up in 1.0 seconds.
Cleaning up request 17 ID 60 with timestamp +76
Ready to process requests.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment