FreeRADIUS Version 2.1.10, for host x86_64-unknown-linux-gnu, built on Jul 19 2011 at 10:21:08
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb//radiusd.conf
main {
user = "radiusd"
group = "radiusd"
allow_core_dumps = no
}
including dictionary file /etc/raddb//dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
libdir = "/usr/lib64/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = yes
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
client wap200 {
ipaddr = X.X.X.X
require_message_authenticator = no
secret = "..."
shortname = "wap200"
nastype = "other"
}
client dgs-1210-48 {
ipaddr = X.X.X.Y
require_message_authenticator = no
secret = "..."
shortname = "dgs-1210-48"
nastype = "other"
}
radiusd: #### Instantiating modules ####
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/raddb//radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file /etc/raddb//radiusd.conf
pap {
encryption_scheme = "auto"
auto_header = yes
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /etc/raddb//radiusd.conf
eap {
default_eap_type = "tls"
timer_expire = 300
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/etc/raddb//certs/server.key"
certificate_file = "/etc/raddb//certs/server.pem"
CA_file = "/etc/raddb//certs/ca.pem"
private_key_password = "H9shAiR03y4uekwPu5weh61iIY5U914as"
dh_file = "/etc/raddb//certs/dh"
random_file = "/etc/raddb//certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
check_cert_cn = "%{User-Name}"
cipher_list = "DEFAULT"
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file /etc/raddb//radiusd.conf
files {
usersfile = "/etc/raddb//users"
compat = "no"
}
Module: Checking authorize {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host X.X.X.X port 2050, id=13, length=153
User-Name = "BM MacBook"
NAS-IP-Address = X.X.X.X
NAS-Port = 0
Called-Station-Id = "..-..-..-..-..-.."
Calling-Station-Id = "..-..-..-..-..-.."
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0201000f01424d204d6163426f6f6b
Message-Authenticator = 0xe05f29e8f6f823e200e2a94d9736f6db
# Executing section authorize from file /etc/raddb//radiusd.conf
+- entering group authorize {...}
[files] users: Matched entry BM MacBook at line 18
++[files] returns ok
[eap] EAP packet type response id 1 length 15
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
Found Auth-Type = EAP
Warning: Found 2 auth-types on request for user 'BM MacBook'
# Executing group from file /etc/raddb//radiusd.conf
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 13 to X.X.X.X port 2050
EAP-Message = 0x010200060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe70b4038e7094dbb5c90f23d105f170c
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host X.X.X.X port 2050, id=14, length=288
User-Name = "BM MacBook"
NAS-IP-Address = X.X.X.X
NAS-Port = 0
Called-Station-Id = "..-..-..-..-..-.."
Calling-Station-Id = "..-..-..-..-..-.."
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020200840d800000007a16030100750100007103014fe338cd3e5cb654fa95797d26002b084c6efa737cc432cc5725dd8882baa8a3000036c00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a00320033003800390016001301000012000a00080006001700180019000b00020100
State = 0xe70b4038e7094dbb5c90f23d105f170c
Message-Authenticator = 0x3e5c1a6cdf5bcb162e0f17678a0ac774
# Executing section authorize from file /etc/raddb//radiusd.conf
+- entering group authorize {...}
[files] users: Matched entry BM MacBook at line 18
++[files] returns ok
[eap] EAP packet type response id 2 length 132
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[pap] returns noop
Found Auth-Type = EAP
Found Auth-Type = EAP
Warning: Found 2 auth-types on request for user 'BM MacBook'
# Executing group from file /etc/raddb//radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
TLS Length 122
[tls] Length Included
[tls] eaptls_verify returned 11
[tls] (other): before/accept initialization
[tls] TLS_accept: before/accept initialization
[tls] <<< TLS 1.0 Handshake [length 0075], ClientHello
[tls] TLS_accept: SSLv3 read client hello A
[tls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[tls] TLS_accept: SSLv3 write server hello A
[tls] >>> TLS 1.0 Handshake [length 088c], Certificate
[tls] TLS_accept: SSLv3 write certificate A
[tls] >>> TLS 1.0 Handshake [length 00ad], CertificateRequest
[tls] TLS_accept: SSLv3 write certificate request A
[tls] TLS_accept: SSLv3 flush data
[tls] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 14 to X.X.X.X port 2050
EAP-Message = 0x010304000dc000000972160301002a0200002603014fe338cd95f05120bf685caae4699cd40a390d03b49e99d6ec79076102f1cfd600002f00160301088c0b0008880008850003ba308203b63082029ea003020102020101300d06092a864886f70d010105050030819b310b3009060355040613024348310f300d0603550408130647454e455645310f300d0603550407130647454e455645311b3019060355040a1312466c6578204d756c74696d656469612053413126302406092a864886f70d01090116176e6f6340666c65782d6d756c74696d656469612e636f6d312530230603550403131c466c6578204d756c74696d65646961205341202d
EAP-Message = 0x2057696669204341301e170d3132303530313037323732305a170d3137303430353037323732305a308187310b3009060355040613024348310f300d0603550408130647454e455645311b3019060355040a1312466c6578204d756c74696d656469612053413122302006035504031319466c6578204d756c74696d65646961205341202d20576966693126302406092a864886f70d01090116176e6f6340666c65782d6d756c74696d656469612e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100aeea48482127a4354170f6d31900eab50713648bd7de8aa8f8808342731fff10117c999c744216c114b9
EAP-Message = 0x2a5b38f938ad9ee0229e55161d376dd4c7a4efe5beae1ff8515d6084f7d37747d9d49eac592c67ae2b1cd086546b8ed27283d1e16eeec0a31cac96241de5fd48709570683bb9e00c26af9caa7e9accffabaf0e0c4ceef4e15a251cd9a05303315aa0558f2c3282fdef64465ebad438b9590be374dfa00815477821a894e1a87d9adb56a8bd1457fdd9087eefb7a47d401fdbfa6ea584e3b4db247c628c0dbde6131eb3b611391365535d7c0aaee905a75bd2c1c3cf60dfa9f36b35c9d818b4c66c16f3d4e171e0a13d0e0a06a3923e5d79065d46d8530203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f7
EAP-Message = 0x2a5b38f938ad9ee0229e55161d376dd4c7a4efe5beae1ff8515d6084f7d37747d9d49eac592c67ae2b1cd086546b8ed27283d1e16eeec0a31cac96241de5fd48709570683bb9e00c26af9caa7e9accffabaf0e0c4ceef4e15a251cd9a05303315aa0558f2c3282fdef64465ebad438b9590be374dfa00815477821a894e1a87d9adb56a8bd1457fdd9087eefb7a47d401fdbfa6ea584e3b4db247c628c0dbde6131eb3b611391365535d7c0aaee905a75bd2c1c3cf60dfa9f36b35c9d818b4c66c16f3d4e171e0a13d0e0a06a3923e5d79065d46d8530203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f7
EAP-Message = 0x0d01010505000382010100aead383e5ab8804a347997779b3050e6718692070377e0e773a59f45d94fa25cce49cace1a7d13290b290a32c6f23bc2b9ab8c6f75e85a551d9c9d5fb21f93c76d04d8a0d7f5939e78710893e5b2f8df68da636490746ec98c879bde7439a912d8342c61a1184058ea7b6a81ec99d4dfeae77f80a0e8e5591d790f52cb383b7882ebd5bf01e938aa675c523efb4a2280c46cdeb4226a447ada0ea4fa9cd0541686f7e7cd2aa0d213a0f4ffec67544b8422a9523c17ee71d7db444d9fbb169f598513195fc02b8f0211cc080a6c527dcb9d7c98d730be9baf729d49ca716dd53baace83051b04886d6e164c8c32007e8ed00b
EAP-Message = 0x3f06a9779d2ebce81feb74cc
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe70b4038e6084dbb5c90f23d105f170c
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host X.X.X.X port 2050, id=15, length=162
User-Name = "BM MacBook"
NAS-IP-Address = X.X.X.X
NAS-Port = 0
Called-Station-Id = "..-..-..-..-..-.."
Calling-Station-Id = "..-..-..-..-..-.."
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020300060d00
State = 0xe70b4038e6084dbb5c90f23d105f170c
Message-Authenticator = 0x3ef8fb190d3c6a7e50a91e66a795242e
# Executing section authorize from file /etc/raddb//radiusd.conf
+- entering group authorize {...}
[files] users: Matched entry BM MacBook at line 18
++[files] returns ok
[eap] EAP packet type response id 3 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[pap] returns noop
Found Auth-Type = EAP
Found Auth-Type = EAP
Warning: Found 2 auth-types on request for user 'BM MacBook'
# Executing group from file /etc/raddb//radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 15 to X.X.X.X port 2050
EAP-Message = 0x010404000dc00000097255920004c5308204c1308203a9a003020102020900b6c914e75a7f193f300d06092a864886f70d010105050030819b310b3009060355040613024348310f300d0603550408130647454e455645310f300d0603550407130647454e455645311b3019060355040a1312466c6578204d756c74696d656469612053413126302406092a864886f70d01090116176e6f6340666c65782d6d756c74696d656469612e636f6d312530230603550403131c466c6578204d756c74696d65646961205341202d2057696669204341301e170d3132303530313037323732305a170d3137303430353037323732305a30819b310b30090603
EAP-Message = 0x55040613024348310f300d0603550408130647454e455645310f300d0603550407130647454e455645311b3019060355040a1312466c6578204d756c74696d656469612053413126302406092a864886f70d01090116176e6f6340666c65782d6d756c74696d656469612e636f6d312530230603550403131c466c6578204d756c74696d65646961205341202d205769666920434130820122300d06092a864886f70d01010105000382010f003082010a0282010100cb12e7e4de778e1727535c10031abf4955bfa7aab13883299d12c727f79f392134ce11f819bc76f993db68b0d6b2fe71cdfffacd33896ee846b27ea4056b36ea44a83b81839945
EAP-Message = 0x7c2e44f15047428abe065217a39592cd230bfb8cdc004875b54d344caf61504a2e762d142863a71de52aa5868d021f7b8e163356923e21d796cce1e425fd174d0a8f4475b1cb0fd8fc9f76fc23062d8b9a3f717fd5a313ecbff707f0b72f5fed2ef07c6d447cc9539ce2a5b411ba50197ca01046a81b4e1faa9b3db79ac152d8949bda108fcc99ef10b48d810422c8e68a169fa07c5672dfcd3fa1a776104ce3abc305eb99779359a284a9e9a8ca2b8916a6d56c40cbf44d2b0203010001a382010430820100301d0603551d0e0416041452d061f43beb2cccb20805f91363b8138ec8bf033081d00603551d230481c83081c5801452d061f43beb2ccc
EAP-Message = 0xb20805f91363b8138ec8bf03a181a1a4819e30819b310b3009060355040613024348310f300d0603550408130647454e455645310f300d0603550407130647454e455645311b3019060355040a1312466c6578204d756c74696d656469612053413126302406092a864886f70d01090116176e6f6340666c65782d6d756c74696d656469612e636f6d312530230603550403131c466c6578204d756c74696d65646961205341202d2057696669204341820900b6c914e75a7f193f300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100ad0b25ef0b9a847643cbe812a0975c7e2328ccba8a99949e54bcdad1a574d348
EAP-Message = 0x7f89b8a782bd75fa7a242faf
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe70b4038e50f4dbb5c90f23d105f170c
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host X.X.X.X port 2050, id=16, length=162
User-Name = "BM MacBook"
NAS-IP-Address = X.X.X.X
NAS-Port = 0
Called-Station-Id = "..-..-..-..-..-.."
Calling-Station-Id = "..-..-..-..-..-.."
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020400060d00
State = 0xe70b4038e50f4dbb5c90f23d105f170c
Message-Authenticator = 0xe3efb43889be10940ad1a30580a37a92
# Executing section authorize from file /etc/raddb//radiusd.conf
+- entering group authorize {...}
[files] users: Matched entry BM MacBook at line 18
++[files] returns ok
[eap] EAP packet type response id 4 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[pap] returns noop
Found Auth-Type = EAP
Found Auth-Type = EAP
Warning: Found 2 auth-types on request for user 'BM MacBook'
# Executing group from file /etc/raddb//radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 16 to X.X.X.X port 2050
EAP-Message = 0x010501900d8000000972abb72f1ce08eeb4a0822d2ff8e27069846445fae4a75d1d867fd8879e6a4678ddbe0d4be0ebd17b01cb9834b3d3d920e383818061f8666f0626f54f131adc1197f058359bacf336bc52febb193e89909ceb44508e62dbf7bdea3d5090b9daed807a84744bf0a480394727f8a79e910be296b570bde660d51098771622f5fd77a3f7a55066dfeea3bfaf864eca1afececda76124b91ed9f5a5efa79cc569e571071391fc29da7476625b12df1d5a1ad6896aedaef226a16b0866cda25a19cc651007768eb197128d2bd3f3a5d08bcdfcd1d69877616030100ad0d0000a502010200a0009e30819b310b30090603550406130243
EAP-Message = 0x48310f300d0603550408130647454e455645310f300d0603550407130647454e455645311b3019060355040a1312466c6578204d756c74696d656469612053413126302406092a864886f70d01090116176e6f6340666c65782d6d756c74696d656469612e636f6d312530230603550403131c466c6578204d756c74696d65646961205341202d20576966692043410e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe70b4038e40e4dbb5c90f23d105f170c
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 13 with timestamp +6
Cleaning up request 1 ID 14 with timestamp +6
Cleaning up request 2 ID 15 with timestamp +6
Cleaning up request 3 ID 16 with timestamp +6
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0xe70b4038e40e4dbb did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ready to process requests.
Add a code snippet to your website: www.paste.org