Psst.. new poll here.
Psst.. new forums here.
Microsoft is blocking us again (TY IP Reputation!) so dont bother with any of their useless mail servers here and just use oauth login instead. Thank the nice Russians for causing that. :)
Paste
Pasted by registered user bmalynovytch ( 14 years ago )
FreeRADIUS Version 2.1.10, for host x86_64-unknown-linux-gnu, built on Jul 19 2011 at 10:21:08
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb//radiusd.conf
main {
user = "radiusd"
group = "radiusd"
allow_core_dumps = no
}
including dictionary file /etc/raddb//dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
libdir = "/usr/lib64/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = yes
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
client wap200 {
ipaddr = X.X.X.X
require_message_authenticator = no
secret = "..."
shortname = "wap200"
nastype = "other"
}
client dgs-1210-48 {
ipaddr = X.X.X.Y
require_message_authenticator = no
secret = "..."
shortname = "dgs-1210-48"
nastype = "other"
}
radiusd: #### Instantiating modules ####
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/raddb//radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file /etc/raddb//radiusd.conf
pap {
encryption_scheme = "auto"
auto_header = yes
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /etc/raddb//radiusd.conf
eap {
default_eap_type = "tls"
timer_expire = 300
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/etc/raddb//certs/server.key"
certificate_file = "/etc/raddb//certs/server.pem"
CA_file = "/etc/raddb//certs/ca.pem"
private_key_password = "H9shAiR03y4uekwPu5weh61iIY5U914as"
dh_file = "/etc/raddb//certs/dh"
random_file = "/etc/raddb//certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
check_cert_cn = "%{User-Name}"
cipher_list = "DEFAULT"
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file /etc/raddb//radiusd.conf
files {
usersfile = "/etc/raddb//users"
compat = "no"
}
Module: Checking authorize {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host X.X.X.X port 2050, id=13, length=153
User-Name = "BM MacBook"
NAS-IP-Address = X.X.X.X
NAS-Port = 0
Called-Station-Id = "..-..-..-..-..-.."
Calling-Station-Id = "..-..-..-..-..-.."
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0201000f01424d204d6163426f6f6b
Message-Authenticator = 0xe05f29e8f6f823e200e2a94d9736f6db
# Executing section authorize from file /etc/raddb//radiusd.conf
+- entering group authorize {...}
[files] users: Matched entry BM MacBook at line 18
++[files] returns ok
[eap] EAP packet type response id 1 length 15
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
Found Auth-Type = EAP
Warning: Found 2 auth-types on request for user 'BM MacBook'
# Executing group from file /etc/raddb//radiusd.conf
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 13 to X.X.X.X port 2050
EAP-Message = 0x010200060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe70b4038e7094dbb5c90f23d105f170c
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host X.X.X.X port 2050, id=14, length=288
User-Name = "BM MacBook"
NAS-IP-Address = X.X.X.X
NAS-Port = 0
Called-Station-Id = "..-..-..-..-..-.."
Calling-Station-Id = "..-..-..-..-..-.."
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020200840d800000007a16030100750100007103014fe338cd3e5cb654fa95797d26002b084c6efa737cc432cc5725dd8882baa8a3000036c00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a00320033003800390016001301000012000a00080006001700180019000b00020100
State = 0xe70b4038e7094dbb5c90f23d105f170c
Message-Authenticator = 0x3e5c1a6cdf5bcb162e0f17678a0ac774
# Executing section authorize from file /etc/raddb//radiusd.conf
+- entering group authorize {...}
[files] users: Matched entry BM MacBook at line 18
++[files] returns ok
[eap] EAP packet type response id 2 length 132
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[pap] returns noop
Found Auth-Type = EAP
Found Auth-Type = EAP
Warning: Found 2 auth-types on request for user 'BM MacBook'
# Executing group from file /etc/raddb//radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
TLS Length 122
[tls] Length Included
[tls] eaptls_verify returned 11
[tls] (other): before/accept initialization
[tls] TLS_accept: before/accept initialization
[tls] <<< TLS 1.0 Handshake [length 0075], ClientHello
[tls] TLS_accept: SSLv3 read client hello A
[tls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[tls] TLS_accept: SSLv3 write server hello A
[tls] >>> TLS 1.0 Handshake [length 088c], Certificate
[tls] TLS_accept: SSLv3 write certificate A
[tls] >>> TLS 1.0 Handshake [length 00ad], CertificateRequest
[tls] TLS_accept: SSLv3 write certificate request A
[tls] TLS_accept: SSLv3 flush data
[tls] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 14 to X.X.X.X port 2050
EAP-Message = 0x010304000dc000000972160301002a0200002603014fe338cd95f05120bf685caae4699cd40a390d03b49e99d6ec79076102f1cfd600002f00160301088c0b0008880008850003ba308203b63082029ea003020102020101300d06092a864886f70d010105050030819b310b3009060355040613024348310f300d0603550408130647454e455645310f300d0603550407130647454e455645311b3019060355040a1312466c6578204d756c74696d656469612053413126302406092a864886f70d01090116176e6f6340666c65782d6d756c74696d656469612e636f6d312530230603550403131c466c6578204d756c74696d65646961205341202d
EAP-Message = 0x2057696669204341301e170d3132303530313037323732305a170d3137303430353037323732305a308187310b3009060355040613024348310f300d0603550408130647454e455645311b3019060355040a1312466c6578204d756c74696d656469612053413122302006035504031319466c6578204d756c74696d65646961205341202d20576966693126302406092a864886f70d01090116176e6f6340666c65782d6d756c74696d656469612e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100aeea48482127a4354170f6d31900eab50713648bd7de8aa8f8808342731fff10117c999c744216c114b9
EAP-Message = 0x2a5b38f938ad9ee0229e55161d376dd4c7a4efe5beae1ff8515d6084f7d37747d9d49eac592c67ae2b1cd086546b8ed27283d1e16eeec0a31cac96241de5fd48709570683bb9e00c26af9caa7e9accffabaf0e0c4ceef4e15a251cd9a05303315aa0558f2c3282fdef64465ebad438b9590be374dfa00815477821a894e1a87d9adb56a8bd1457fdd9087eefb7a47d401fdbfa6ea584e3b4db247c628c0dbde6131eb3b611391365535d7c0aaee905a75bd2c1c3cf60dfa9f36b35c9d818b4c66c16f3d4e171e0a13d0e0a06a3923e5d79065d46d8530203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f7
EAP-Message = 0x2a5b38f938ad9ee0229e55161d376dd4c7a4efe5beae1ff8515d6084f7d37747d9d49eac592c67ae2b1cd086546b8ed27283d1e16eeec0a31cac96241de5fd48709570683bb9e00c26af9caa7e9accffabaf0e0c4ceef4e15a251cd9a05303315aa0558f2c3282fdef64465ebad438b9590be374dfa00815477821a894e1a87d9adb56a8bd1457fdd9087eefb7a47d401fdbfa6ea584e3b4db247c628c0dbde6131eb3b611391365535d7c0aaee905a75bd2c1c3cf60dfa9f36b35c9d818b4c66c16f3d4e171e0a13d0e0a06a3923e5d79065d46d8530203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f7
EAP-Message = 0x0d01010505000382010100aead383e5ab8804a347997779b3050e6718692070377e0e773a59f45d94fa25cce49cace1a7d13290b290a32c6f23bc2b9ab8c6f75e85a551d9c9d5fb21f93c76d04d8a0d7f5939e78710893e5b2f8df68da636490746ec98c879bde7439a912d8342c61a1184058ea7b6a81ec99d4dfeae77f80a0e8e5591d790f52cb383b7882ebd5bf01e938aa675c523efb4a2280c46cdeb4226a447ada0ea4fa9cd0541686f7e7cd2aa0d213a0f4ffec67544b8422a9523c17ee71d7db444d9fbb169f598513195fc02b8f0211cc080a6c527dcb9d7c98d730be9baf729d49ca716dd53baace83051b04886d6e164c8c32007e8ed00b
EAP-Message = 0x3f06a9779d2ebce81feb74cc
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe70b4038e6084dbb5c90f23d105f170c
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host X.X.X.X port 2050, id=15, length=162
User-Name = "BM MacBook"
NAS-IP-Address = X.X.X.X
NAS-Port = 0
Called-Station-Id = "..-..-..-..-..-.."
Calling-Station-Id = "..-..-..-..-..-.."
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020300060d00
State = 0xe70b4038e6084dbb5c90f23d105f170c
Message-Authenticator = 0x3ef8fb190d3c6a7e50a91e66a795242e
# Executing section authorize from file /etc/raddb//radiusd.conf
+- entering group authorize {...}
[files] users: Matched entry BM MacBook at line 18
++[files] returns ok
[eap] EAP packet type response id 3 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[pap] returns noop
Found Auth-Type = EAP
Found Auth-Type = EAP
Warning: Found 2 auth-types on request for user 'BM MacBook'
# Executing group from file /etc/raddb//radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 15 to X.X.X.X port 2050
EAP-Message = 0x010404000dc00000097255920004c5308204c1308203a9a003020102020900b6c914e75a7f193f300d06092a864886f70d010105050030819b310b3009060355040613024348310f300d0603550408130647454e455645310f300d0603550407130647454e455645311b3019060355040a1312466c6578204d756c74696d656469612053413126302406092a864886f70d01090116176e6f6340666c65782d6d756c74696d656469612e636f6d312530230603550403131c466c6578204d756c74696d65646961205341202d2057696669204341301e170d3132303530313037323732305a170d3137303430353037323732305a30819b310b30090603
EAP-Message = 0x55040613024348310f300d0603550408130647454e455645310f300d0603550407130647454e455645311b3019060355040a1312466c6578204d756c74696d656469612053413126302406092a864886f70d01090116176e6f6340666c65782d6d756c74696d656469612e636f6d312530230603550403131c466c6578204d756c74696d65646961205341202d205769666920434130820122300d06092a864886f70d01010105000382010f003082010a0282010100cb12e7e4de778e1727535c10031abf4955bfa7aab13883299d12c727f79f392134ce11f819bc76f993db68b0d6b2fe71cdfffacd33896ee846b27ea4056b36ea44a83b81839945
EAP-Message = 0x7c2e44f15047428abe065217a39592cd230bfb8cdc004875b54d344caf61504a2e762d142863a71de52aa5868d021f7b8e163356923e21d796cce1e425fd174d0a8f4475b1cb0fd8fc9f76fc23062d8b9a3f717fd5a313ecbff707f0b72f5fed2ef07c6d447cc9539ce2a5b411ba50197ca01046a81b4e1faa9b3db79ac152d8949bda108fcc99ef10b48d810422c8e68a169fa07c5672dfcd3fa1a776104ce3abc305eb99779359a284a9e9a8ca2b8916a6d56c40cbf44d2b0203010001a382010430820100301d0603551d0e0416041452d061f43beb2cccb20805f91363b8138ec8bf033081d00603551d230481c83081c5801452d061f43beb2ccc
EAP-Message = 0xb20805f91363b8138ec8bf03a181a1a4819e30819b310b3009060355040613024348310f300d0603550408130647454e455645310f300d0603550407130647454e455645311b3019060355040a1312466c6578204d756c74696d656469612053413126302406092a864886f70d01090116176e6f6340666c65782d6d756c74696d656469612e636f6d312530230603550403131c466c6578204d756c74696d65646961205341202d2057696669204341820900b6c914e75a7f193f300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100ad0b25ef0b9a847643cbe812a0975c7e2328ccba8a99949e54bcdad1a574d348
EAP-Message = 0x7f89b8a782bd75fa7a242faf
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe70b4038e50f4dbb5c90f23d105f170c
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host X.X.X.X port 2050, id=16, length=162
User-Name = "BM MacBook"
NAS-IP-Address = X.X.X.X
NAS-Port = 0
Called-Station-Id = "..-..-..-..-..-.."
Calling-Station-Id = "..-..-..-..-..-.."
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020400060d00
State = 0xe70b4038e50f4dbb5c90f23d105f170c
Message-Authenticator = 0xe3efb43889be10940ad1a30580a37a92
# Executing section authorize from file /etc/raddb//radiusd.conf
+- entering group authorize {...}
[files] users: Matched entry BM MacBook at line 18
++[files] returns ok
[eap] EAP packet type response id 4 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[pap] returns noop
Found Auth-Type = EAP
Found Auth-Type = EAP
Warning: Found 2 auth-types on request for user 'BM MacBook'
# Executing group from file /etc/raddb//radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 16 to X.X.X.X port 2050
EAP-Message = 0x010501900d8000000972abb72f1ce08eeb4a0822d2ff8e27069846445fae4a75d1d867fd8879e6a4678ddbe0d4be0ebd17b01cb9834b3d3d920e383818061f8666f0626f54f131adc1197f058359bacf336bc52febb193e89909ceb44508e62dbf7bdea3d5090b9daed807a84744bf0a480394727f8a79e910be296b570bde660d51098771622f5fd77a3f7a55066dfeea3bfaf864eca1afececda76124b91ed9f5a5efa79cc569e571071391fc29da7476625b12df1d5a1ad6896aedaef226a16b0866cda25a19cc651007768eb197128d2bd3f3a5d08bcdfcd1d69877616030100ad0d0000a502010200a0009e30819b310b30090603550406130243
EAP-Message = 0x48310f300d0603550408130647454e455645310f300d0603550407130647454e455645311b3019060355040a1312466c6578204d756c74696d656469612053413126302406092a864886f70d01090116176e6f6340666c65782d6d756c74696d656469612e636f6d312530230603550403131c466c6578204d756c74696d65646961205341202d20576966692043410e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe70b4038e40e4dbb5c90f23d105f170c
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 13 with timestamp +6
Cleaning up request 1 ID 14 with timestamp +6
Cleaning up request 2 ID 15 with timestamp +6
Cleaning up request 3 ID 16 with timestamp +6
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0xe70b4038e40e4dbb did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ready to process requests.
Revise this Paste
Parent: 50825