Closed jouell closed 9 years ago
please provide backtrace, see panic_action in radiusd.conf if you don't know how to use gdb.
Thanks for that. Here it is:
Reading symbols from radiusd...done. Attaching to program: /usr/local/sbin/radiusd, process 2537 Reading symbols from /usr/local/lib/libfreeradius-server.so...done. Loaded symbols for /usr/local/lib/libfreeradius-server.so Reading symbols from /usr/local/lib/libfreeradius-radius.so...done. Loaded symbols for /usr/local/lib/libfreeradius-radius.so Reading symbols from /lib/i386-linux-gnu/libcrypto.so.1.0.0...(no debugging symbols found)...done. Loaded symbols for /lib/i386-linux-gnu/libcrypto.so.1.0.0 Reading symbols from /lib/i386-linux-gnu/libssl.so.1.0.0...(no debugging symbols found)...done. Loaded symbols for /lib/i386-linux-gnu/libssl.so.1.0.0 Reading symbols from /usr/lib/i386-linux-gnu/libtalloc.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/i386-linux-gnu/libtalloc.so.2 Reading symbols from /lib/i386-linux-gnu/libdl.so.2...Reading symbols from /usr/lib/debug//lib/i386-linux-gnu/libdl-2.19.so...done. done. Loaded symbols for /lib/i386-linux-gnu/libdl.so.2 Reading symbols from /lib/i386-linux-gnu/libpthread.so.0...Reading symbols from /usr/lib/debug//lib/i386-linux-gnu/libpthread-2.19.so...done. done. [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1". Loaded symbols for /lib/i386-linux-gnu/libpthread.so.0 Reading symbols from /lib/i386-linux-gnu/libcrypt.so.1...Reading symbols from /usr/lib/debug//lib/i386-linux-gnu/libcrypt-2.19.so...done. done. Loaded symbols for /lib/i386-linux-gnu/libcrypt.so.1 Reading symbols from /lib/i386-linux-gnu/libc.so.6...Reading symbols from /usr/lib/debug//lib/i386-linux-gnu/libc-2.19.so...done. done. Loaded symbols for /lib/i386-linux-gnu/libc.so.6 Reading symbols from /lib/ld-linux.so.2...Reading symbols from /usr/lib/debug//lib/i386-linux-gnu/ld-2.19.so...done. done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /usr/local/lib/rlm_preprocess.so...done. Loaded symbols for /usr/local/lib/rlm_preprocess.so Reading symbols from /usr/local/lib/rlm_pap.so...done. Loaded symbols for /usr/local/lib/rlm_pap.so Reading symbols from /usr/local/lib/rlm_exec.so...done. Loaded symbols for /usr/local/lib/rlm_exec.so Reading symbols from /usr/local/lib/rlm_eap.so...done. Loaded symbols for /usr/local/lib/rlm_eap.so Reading symbols from /usr/local/lib/libfreeradius-eap.so...done. Loaded symbols for /usr/local/lib/libfreeradius-eap.so Reading symbols from /usr/local/lib/rlm_eap_md5.so...done. Loaded symbols for /usr/local/lib/rlm_eap_md5.so Reading symbols from /usr/local/lib/rlm_eap_leap.so...done. Loaded symbols for /usr/local/lib/rlm_eap_leap.so Reading symbols from /usr/local/lib/rlm_eap_gtc.so...done. Loaded symbols for /usr/local/lib/rlm_eap_gtc.so Reading symbols from /usr/local/lib/rlm_eap_tls.so...done. Loaded symbols for /usr/local/lib/rlm_eap_tls.so Reading symbols from /usr/local/lib/rlm_eap_ttls.so...done. Loaded symbols for /usr/local/lib/rlm_eap_ttls.so Reading symbols from /usr/local/lib/rlm_eap_peap.so...done. Loaded symbols for /usr/local/lib/rlm_eap_peap.so Reading symbols from /usr/local/lib/rlm_eap_mschapv2.so...done. Loaded symbols for /usr/local/lib/rlm_eap_mschapv2.so Reading symbols from /usr/local/lib/rlm_passwd.so...done. Loaded symbols for /usr/local/lib/rlm_passwd.so Reading symbols from /usr/local/lib/rlm_radutmp.so...done. Loaded symbols for /usr/local/lib/rlm_radutmp.so Reading symbols from /usr/local/lib/rlm_expiration.so...done. Loaded symbols for /usr/local/lib/rlm_expiration.so Reading symbols from /usr/local/lib/rlm_expr.so...done. Loaded symbols for /usr/local/lib/rlm_expr.so Reading symbols from /usr/local/lib/rlm_mschap.so...done. Loaded symbols for /usr/local/lib/rlm_mschap.so Reading symbols from /usr/local/lib/rlm_digest.so...done. Loaded symbols for /usr/local/lib/rlm_digest.so Reading symbols from /usr/local/lib/rlm_chap.so...done. Loaded symbols for /usr/local/lib/rlm_chap.so Reading symbols from /usr/local/lib/rlm_detail.so...done. Loaded symbols for /usr/local/lib/rlm_detail.so Reading symbols from /usr/local/lib/rlm_dynamic_clients.so...done. Loaded symbols for /usr/local/lib/rlm_dynamic_clients.so Reading symbols from /usr/local/lib/rlm_unpack.so...done. Loaded symbols for /usr/local/lib/rlm_unpack.so Reading symbols from /usr/local/lib/rlm_realm.so...done. Loaded symbols for /usr/local/lib/rlm_realm.so Reading symbols from /usr/local/lib/rlm_always.so...done. Loaded symbols for /usr/local/lib/rlm_always.so Reading symbols from /usr/local/lib/rlm_cache.so...done. Loaded symbols for /usr/local/lib/rlm_cache.so Reading symbols from /usr/local/lib/rlm_logintime.so...done. Loaded symbols for /usr/local/lib/rlm_logintime.so Reading symbols from /usr/local/lib/rlm_dhcp.so...done. Loaded symbols for /usr/local/lib/rlm_dhcp.so Reading symbols from /usr/local/lib/rlm_replicate.so...done. Loaded symbols for /usr/local/lib/rlm_replicate.so Reading symbols from /usr/local/lib/rlm_files.so...done. Loaded symbols for /usr/local/lib/rlm_files.so Reading symbols from /usr/local/lib/rlm_soh.so...done. Loaded symbols for /usr/local/lib/rlm_soh.so Reading symbols from /usr/local/lib/rlm_attr_filter.so...done. Loaded symbols for /usr/local/lib/rlm_attr_filter.so Reading symbols from /usr/local/lib/rlm_unix.so...done. Loaded symbols for /usr/local/lib/rlm_unix.so Reading symbols from /usr/local/lib/rlm_linelog.so...done. Loaded symbols for /usr/local/lib/rlm_linelog.so Reading symbols from /usr/local/lib/rlm_utf8.so...done. Loaded symbols for /usr/local/lib/rlm_utf8.so Reading symbols from /lib/i386-linux-gnu/libnss_files.so.2...Reading symbols from /usr/lib/debug//lib/i386-linux-gnu/libnss_files-2.19.so...done. done. Loaded symbols for /lib/i386-linux-gnu/libnss_files.so.2 0xb77db416 in __kernel_vsyscall () No symbol table info available. No symbol table info available.
Thread 1 (Thread 0xb735e700 (LWP 2537)):
No symbol table info available.
No locals.
line=line@entry=0xbf8f6ab8 "gdb -silent -x /usr/local/etc/raddb/panic.gdb radiusd 2537 2>&1 | tee /usr/local/var/log/radius/gdb-radiusd-2537.log") at ../sysdeps/posix/system.c:148
__result = <optimized out>
_buffer = {__routine = 0xb73a0010 <cancel_handler>, __arg = 0xbf8f6910, __canceltype = 0, __prev = 0x0}
_avail = 1
status = -1216456790
save = <optimized out>
pid = 2539
sa = {__sigaction_handler = {sa_handler = 0x1, sa_sigaction = 0x1}, sa_mask = {__val = {65536, 0 <repeats 31 times>}}, sa_flags = 0,
sa_restorer = 0x1a4}
omask = {__val = {1024, 0, 3075739176, 1, 0, 1, 3078036264, 3213846968, 3078609556, 0, 3075737864, 1, 0, 1, 0, 3213847076, 3213846936,
3213846928, 3075752967, 3078036264, 0, 3073934544, 0, 4294967295, 3213846968, 3073795464, 3075736264, 3078466504, 0, 4294967295, 0,
4294967295}}
line=line@entry=0xbf8f6ab8 "gdb -silent -x /usr/local/etc/raddb/panic.gdb radiusd 2537 2>&1 | tee /usr/local/var/log/radius/gdb-radiusd-2537.log") at ../sysdeps/posix/system.c:184
No locals.
line=line@entry=0xbf8f6ab8 "gdb -silent -x /usr/local/etc/raddb/panic.gdb radiusd 2537 2>&1 | tee /usr/local/var/log/radius/gdb-radiusd-2537.log") at pt-system.c:28
No locals.
disable = false
cmd = "gdb -silent -x /usr/local/etc/raddb/panic.gdb radiusd 2537 2>&1 | tee /usr/local/var/log/radius/gdb-radiusd-2537.log", '\000' <repeats 415 times>
out = 0xbf8f6b28 ".log"
left = 420
ret = <optimized out>
p = 0xb77b068c <panic_action+108> ".log"
q = 0x0
code = <optimized out>
No symbol table info available.
at src/modules/rlm_eap/types/rlm_eap_peap/peap.c:1141
tunnel = <optimized out>
t = <optimized out>
fake = <optimized out>
vp = <optimized out>
rcode = <optimized out>
data = <optimized out>
data_len = <optimized out>
p = <optimized out>
request = <optimized out>
eap_ds = <optimized out>
rcode = <optimized out>
status = FR_TLS_OK
inst = 0x8794298
tls_session = 0x87cc950
peap = 0x87cb928
request = 0x87cb668
rcode = 1
request = 0x87cb668
caller = 0x878e280 "eap"
type = 0x87edaec
request = 0x87cb668
next = PW_EAP_MD5
vp = <optimized out>
inst = 0x878eb40
handler = 0x87cb7b8
eap_packet = 0x0
status = <optimized out>
rcode = <optimized out>
blocked = <optimized out>
indent = 4
at src/main/modcall.c:578
if_taken = false
was_if = false
c = 0x87b6868
priority = -1
result = RLM_MODULE_UNKNOWN
at src/main/modcall.c:414
next = 0xbf8f7740
entry=entry@entry=0xbf8f7730) at src/main/modcall.c:783
if_taken = false
was_if = false
c = 0x87b67d8
priority = -1
result = RLM_MODULE_UNKNOWN
stack = {{result = RLM_MODULE_REJECT, priority = 0, unwind = 0, c = 0x87b67d8}, {result = RLM_MODULE_REJECT, priority = 0, unwind = 0,
c = 0x87b6868}, {result = RLM_MODULE_NOTFOUND, priority = 0, unwind = 0, c = 0x0}, {result = 3074052660, priority = -1221204224,
unwind = 0, c = 0xa}, {result = 3075228789, priority = -1221204224, unwind = 0, c = 0xb}, {result = 3075737256, priority = -1219738496,
unwind = -1081115448, c = 0xb755e37c <_dlerror_run+124>}, {result = 3075857456, priority = 2, unwind = 134534344, c = 0x30303431}, {
result = 775435776, priority = 3223089, unwind = -1219224484, c = 0x7}, {result = 3075737256, priority = -1216457436,
unwind = -1216894144, c = 0x2}, {result = 3075737256, priority = -1216457436, unwind = -1219230040, c = 0xb}, {result = 3213850624,
priority = 65977685, unwind = 2111285930, c = 0xb7541ed4}, {result = 3075746516, priority = -1216457436, unwind = 8896754,
c = 0xb777ab7c}, {result = 3078080236, priority = 1, unwind = -1219230040, c = 0xb}, {result = RLM_MODULE_REJECT, priority = 0,
unwind = 1, c = 0xc0}, {result = 3075737336, priority = -1216931032, unwind = 134534442, c = 0xb75434b4}, {result = 134518472,
priority = 1, unwind = -1216886452, c = 0xb777c7dc}, {result = RLM_MODULE_REJECT, priority = -1216360448, unwind = -1081116348,
c = 0xb77fdaf0}, {result = 3213850880, priority = -1216456790, unwind = -1081116496, c = 0x80496c8}, {result = 3213850808,
priority = -1216357740, unwind = 0, c = 0xb75406f8}, {result = RLM_MODULE_FAIL, priority = 0, unwind = 1, c = 0xb77fd938}, {
result = 3213850928, priority = -1216456790, unwind = -1081116448, c = 0x8048988}, {result = 3213850856, priority = -1216357740,
unwind = 0, c = 0xb778219e <fr_assert_cond+14>}, {result = 3213850948, priority = -1081116488, unwind = -1081116496, c = 0x804d52a}, {
result = 3078609208, priority = 0, unwind = -1216675840, c = 0xb7780f3c <fr_cursor_next+76>}, {result = 3078220448, priority = 155,
unwind = -1216746864, c = 0x1}, {result = 3213850996, priority = -1216675840, unwind = -1081116420, c = 0xb7782bce <dict_hashname+14>},
{result = 3213850876, priority = -1081116368, unwind = -1216727276, c = 0xb7797980 <rbtree_find+16>}, {result = 4294967295, priority = 1,
unwind = -1216887972, c = 0x521bce00}, {result = 3213850980, priority = 142305104, unwind = -1081116296, c = 0x80a4000}, {
result = 142390888, priority = 0, unwind = 134886688, c = 0xb77bfd4a <radlog_request+58>}, {result = 16, priority = 1,
unwind = 142390888, c = 0x808d3bc}, {result = 3213850960, priority = -1081116316, unwind = -1081116324, c = 0xb778c5b1 <pairfind+17>}}
rcode = <optimized out>
list = <optimized out>
server = <optimized out>
No locals.
cursor = {first = 0x87cb678, found = 0x87eb210, last = 0x0, current = 0x0, next = 0x0}
auth_type_pair = <optimized out>
auth_type = 6
auth_type_count = <optimized out>
result = <optimized out>
check_item = <optimized out>
module_msg = <optimized out>
tmp = <optimized out>
result = <optimized out>
autz_retry = <optimized out>
autz_type = <optimized out>
action = 1
request = 0x87cb668
at src/main/process.c:1083
No locals.
fun=fun@entry=0x80540d0 <rad_authenticate>) at src/main/process.c:1805
count = <optimized out>
packet_p = <optimized out>
request = <optimized out>
now = {tv_sec = 1418531867, tv_usec = 470092}
sock = <optimized out>
rcode = <optimized out>
code = 1
src_port = 32768
packet = 0x87dce10
fun = 0x80540d0 <rad_authenticate>
client = 0x875e980
src_ipaddr = {af = 2, ipaddr = {ip4addr = {s_addr = 16885952}, ip6addr = {__in6_u = {
__u6_addr8 = "\300\250\001\001", '\000' <repeats 11 times>, __u6_addr16 = {43200, 257, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {16885952,
0, 0, 0}}}}, prefix = 32 ' ', scope = 0}
listener = <optimized out>
ef = 0x875f8b0
i = 1
rcode = 1
when = {tv_sec = 1418531867, tv_usec = 767926}
wake = <optimized out>
maxfd = 12
read_fds = {fds_bits = {128, 0 <repeats 31 times>}}
master_fds = {fds_bits = {8096, 0 <repeats 31 times>}}
No locals.
rcode = 0
status = <optimized out>
argval = <optimized out>
spawn_flag = false
write_pid = <optimized out>
display_version = false
flag = 0
from_child = {-1, -1}
autofree = 0x85e6038
A debugging session is active.
Inferior 1 [process 2537] will be detached.
Quit anyway? (y or n) [answered Y; input not from terminal]
Thanks. This issue has already been resolved. Please try v3.0.x HEAD.
I see. Thanks. I didn't find many reference to it so I figured I'd post. Thank you.
Best to check the change log first.
https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/doc/ChangeLog#L28
Yeap. I think that's where I went wrong. I didn't realize this site was here. Was looking only at 3.0.5. Thanks
Running Ubuntu-14.04-server, FreeRadius 3.0.5 from compiled Source.
-X output:
Listening on auth address * port 1812 as server default Listening on acct address * port 1813 as server default Listening on auth address :: port 1812 as server default Listening on acct address :: port 1813 as server default Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel Opening new proxy socket 'proxy address * port 0' Listening on proxy address * port 43824 Ready to process requests (0) Received Access-Request Id 0 from 192.168.1.1:32768 to 192.168.1.10:1812 length 125 (0) User-Name = 'mytestuser' (0) NAS-IP-Address = 192.168.1.1 (0) Called-Station-Id = '04a15132e548' (0) Calling-Station-Id = '984b4ae97b84' (0) NAS-Identifier = '04a15132e548' (0) NAS-Port = 22 (0) Framed-MTU = 1400 (0) NAS-Port-Type = Wireless-802.11 (0) EAP-Message = 0x0202000b016a6f75656c6c (0) Message-Authenticator = 0x54e6aba148a859c3e160b8e975601bab (0) session-state: No State attribute (0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (0) authorize { (0) policy filterusername { (0) if (!&User-Name) { (0) if (!&User-Name) -> FALSE (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@.@/ ) { (0) if (&User-Name =~ /@._@/ ) -> FALSE (0) if (&User-Name =~ /../ ) { (0) if (&User-Name =~ /../ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) -> FALSE (0) if (&User-Name =~ /.$/) { (0) if (&User-Name =~ /.$/) -> FALSE (0) if (&User-Name =~ /@./) { (0) if (&User-Name =~ /@./) -> FALSE (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "mytestuser", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) eap: Peer sent code Response (2) ID 2 length 11 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = EAP (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (0) authenticate { (0) eap: Peer sent method Identity (1) (0) eap: Calling eap_md5 to process EAP data (0) eap_md5: Issuing MD5 Challenge (0) eap: New EAP session, adding 'State' attribute to reply 0x6ab64e0a6ab54a56 (0) [eap] = handled (0) } # authenticate = handled (0) session-state: Nothing to cache (0) Sent Access-Challenge Id 0 from 192.168.1.10:1812 to 192.168.1.1:32768 length 80 (0) EAP-Message = 0x0103001604104839427028f232475b1bc23455e2b650 (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0x6ab64e0a6ab54a56ae7dd72e88ad3314 (0) Finished request Waking up in 0.3 seconds. (0): Cleaning up request packet ID 0 with timestamp +42
(1) Received Access-Request Id 0 from 192.168.1.1:32768 to 192.168.1.10:1812 length 138
(1) User-Name = 'mytestuser'
(1) NAS-IP-Address = 192.168.1.1
(1) Called-Station-Id = '04a15132e548'
(1) Calling-Station-Id = '984b4ae97b84'
(1) NAS-Identifier = '04a15132e548'
(1) NAS-Port = 22
(1) Framed-MTU = 1400
(1) State = 0x6ab64e0a6ab54a56ae7dd72e88ad3314
(1) NAS-Port-Type = Wireless-802.11
(1) EAP-Message = 0x020300060319
(1) Message-Authenticator = 0x48b449d1bf89f2b237e6bbe883eaf663
(1) session-state: No cached attributes
(1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(1) authorize {
(1) policy filterusername {
(1) if (!&User-Name) {
(1) if (!&User-Name) -> FALSE
(1) if (&User-Name =~ / /) {
(1) if (&User-Name =~ / /) -> FALSE
(1) if (&User-Name =~ /@.@/ ) {
(1) if (&User-Name =~ /@._@/ ) -> FALSE
(1) if (&User-Name =~ /../ ) {
(1) if (&User-Name =~ /../ ) -> FALSE
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) {
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) -> FALSE
(1) if (&User-Name =~ /.$/) {
(1) if (&User-Name =~ /.$/) -> FALSE
(1) if (&User-Name =~ /@./) {
(1) if (&User-Name =~ /@./) -> FALSE
(1) } # policy filter_username = notfound
(1) [preprocess] = ok
(1) [chap] = noop
(1) [mschap] = noop
(1) [digest] = noop
(1) suffix: Checking for suffix after "@"
(1) suffix: No '@' in User-Name = "mytestuser", looking up realm NULL
(1) suffix: No such realm "NULL"
(1) [suffix] = noop
(1) eap: Peer sent code Response (2) ID 3 length 6
(1) eap: No EAP Start, assuming it's an on-going EAP conversation
(1) [eap] = updated
(1) files: users: Matched entry mytestuser at line 75
(1) [files] = ok
(1) [expiration] = noop
(1) [logintime] = noop
(1) pap: WARNING: Auth-Type already set. Not setting to PAP
(1) [pap] = noop
(1) } # authorize = updated
(1) Found Auth-Type = EAP
(1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(1) authenticate {
(1) eap: Expiring EAP session with state 0x6ab64e0a6ab54a56
(1) eap: Finished EAP session with state 0x6ab64e0a6ab54a56
(1) eap: Previous EAP request found for state 0x6ab64e0a6ab54a56, released from the list
(1) eap: Peer sent method NAK (3)
(1) eap: Found mutually acceptable type PEAP (25)
(1) eap: Calling eap_peap to process EAP data
(1) eap_peap: Flushing SSL sessions (of #0)
(1) eap_peap: Initiate
(1) eap_peap: Start returned 1
(1) eap: New EAP session, adding 'State' attribute to reply 0x6ab64e0a6bb25756
(1) [eap] = handled
(1) } # authenticate = handled
(1) session-state: Nothing to cache
(1) Sent Access-Challenge Id 0 from 192.168.1.10:1812 to 192.168.1.1:32768 length 64
(1) EAP-Message = 0x010400061920
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0x6ab64e0a6bb25756ae7dd72e88ad3314
(1) Finished request
Waking up in 0.2 seconds.
(1) : Cleaning up request packet ID 0 with timestamp +42
(2) Received Access-Request Id 0 from 192.168.1.1:32768 to 192.168.1.10:1812 length 332
(2) User-Name = 'mytestuser'
(2) NAS-IP-Address = 192.168.1.1
(2) Called-Station-Id = '04a15132e548'
(2) Calling-Station-Id = '984b4ae97b84'
(2) NAS-Identifier = '04a15132e548'
(2) NAS-Port = 22
(2) Framed-MTU = 1400
(2) State = 0x6ab64e0a6bb25756ae7dd72e88ad3314
(2) NAS-Port-Type = Wireless-802.11
(2) EAP-Message = 0x020400c81980000000be16030100b9010000b50301548d0e72cc8ac8859ecb30eb9439d909dcbb629926160a9b094044d80cad7aaa000048c014c00a00390038c00fc0050035c012c00800160013c00dc003000ac013c00900330032c00ec004002fc011c007c00cc00200050004001500120009001400
(2) Message-Authenticator = 0x25408ffb2abe5c394b785742d1a46d53
(2) session-state: No cached attributes
(2) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(2) authorize {
(2) policy filterusername {
(2) if (!&User-Name) {
(2) if (!&User-Name) -> FALSE
(2) if (&User-Name =~ / /) {
(2) if (&User-Name =~ / /) -> FALSE
(2) if (&User-Name =~ /@.@/ ) {
(2) if (&User-Name =~ /@._@/ ) -> FALSE
(2) if (&User-Name =~ /../ ) {
(2) if (&User-Name =~ /../ ) -> FALSE
(2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) {
(2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) -> FALSE
(2) if (&User-Name =~ /.$/) {
(2) if (&User-Name =~ /.$/) -> FALSE
(2) if (&User-Name =~ /@./) {
(2) if (&User-Name =~ /@./) -> FALSE
(2) } # policy filter_username = notfound
(2) [preprocess] = ok
(2) [chap] = noop
(2) [mschap] = noop
(2) [digest] = noop
(2) suffix: Checking for suffix after "@"
(2) suffix: No '@' in User-Name = "mytestuser", looking up realm NULL
(2) suffix: No such realm "NULL"
(2) [suffix] = noop
(2) eap: Peer sent code Response (2) ID 4 length 200
(2) eap: Continuing tunnel setup
(2) [eap] = ok
(2) } # authorize = ok
(2) Found Auth-Type = EAP
(2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(2) authenticate {
(2) eap: Expiring EAP session with state 0x6ab64e0a6bb25756
(2) eap: Finished EAP session with state 0x6ab64e0a6bb25756
(2) eap: Previous EAP request found for state 0x6ab64e0a6bb25756, released from the list
(2) eap: Peer sent method PEAP (25)
(2) eap: EAP PEAP (25)
(2) eap: Calling eap_peap to process EAP data
(2) eap_peap: processing EAP-TLS
(2) eap_peap: TLS Length 190
(2) eap_peap: Length Included
(2) eap_peap: eaptls_verify returned 11
(2) eap_peap: (other): before/accept initialization
(2) eap_peap: TLS_accept: before/accept initialization
(2) eap_peap: <<< TLS 1.0 Handshake [length 00b9], ClientHello
(2) eap_peap: TLS_accept: SSLv3 read client hello A
(2) eap_peap: >>> TLS 1.0 Handshake [length 0059], ServerHello
(2) eap_peap: TLS_accept: SSLv3 write server hello A
(2) eap_peap: >>> TLS 1.0 Handshake [length 08d0], Certificate
(2) eap_peap: TLS_accept: SSLv3 write certificate A
(2) eap_peap: >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
(2) eap_peap: TLS_accept: SSLv3 write key exchange A
(2) eap_peap: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
(2) eap_peap: TLS_accept: SSLv3 write server done A
(2) eap_peap: TLS_accept: SSLv3 flush data
(2) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A
(2) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
(2) eap_peap: eaptls_process returned 13
(2) eap_peap: FR_TLS_HANDLED
(2) eap: New EAP session, adding 'State' attribute to reply 0x6ab64e0a68b35756
(2) [eap] = handled
(2) } # authenticate = handled
(2) session-state: Nothing to cache
(2) Sent Access-Challenge Id 0 from 192.168.1.10:1812 to 192.168.1.1:32768 length 1068
(2) EAP-Message = 0x010503ec19c000000a8c1603010059020000550301c1155706a62fe5a9974bf6c15aa7e79900e273d35a1c94327f36d3933a3e54b320ac583f381aa56b774ee5f76ab028b50988adf979676e113bd7a743543b0c74eec01400000dff01000100000b00040300010216030108d00b0008cc0008c90003de
(2) Message-Authenticator = 0x00000000000000000000000000000000
(2) State = 0x6ab64e0a68b35756ae7dd72e88ad3314
(2) Finished request
Waking up in 0.2 seconds.
(2) : Cleaning up request packet ID 0 with timestamp +42
(3) Received Access-Request Id 0 from 192.168.1.1:32768 to 192.168.1.10:1812 length 138
(3) User-Name = 'mytestuser'
(3) NAS-IP-Address = 192.168.1.1
(3) Called-Station-Id = '04a15132e548'
(3) Calling-Station-Id = '984b4ae97b84'
(3) NAS-Identifier = '04a15132e548'
(3) NAS-Port = 22
(3) Framed-MTU = 1400
(3) State = 0x6ab64e0a68b35756ae7dd72e88ad3314
(3) NAS-Port-Type = Wireless-802.11
(3) EAP-Message = 0x020500061900
(3) Message-Authenticator = 0xcb80f29573435c8063174a4674ee9615
(3) session-state: No cached attributes
(3) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(3) authorize {
(3) policy filterusername {
(3) if (!&User-Name) {
(3) if (!&User-Name) -> FALSE
(3) if (&User-Name =~ / /) {
(3) if (&User-Name =~ / /) -> FALSE
(3) if (&User-Name =~ /@.@/ ) {
(3) if (&User-Name =~ /@._@/ ) -> FALSE
(3) if (&User-Name =~ /../ ) {
(3) if (&User-Name =~ /../ ) -> FALSE
(3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) {
(3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) -> FALSE
(3) if (&User-Name =~ /.$/) {
(3) if (&User-Name =~ /.$/) -> FALSE
(3) if (&User-Name =~ /@./) {
(3) if (&User-Name =~ /@./) -> FALSE
(3) } # policy filter_username = notfound
(3) [preprocess] = ok
(3) [chap] = noop
(3) [mschap] = noop
(3) [digest] = noop
(3) suffix: Checking for suffix after "@"
(3) suffix: No '@' in User-Name = "mytestuser", looking up realm NULL
(3) suffix: No such realm "NULL"
(3) [suffix] = noop
(3) eap: Peer sent code Response (2) ID 5 length 6
(3) eap: Continuing tunnel setup
(3) [eap] = ok
(3) } # authorize = ok
(3) Found Auth-Type = EAP
(3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(3) authenticate {
(3) eap: Expiring EAP session with state 0x6ab64e0a68b35756
(3) eap: Finished EAP session with state 0x6ab64e0a68b35756
(3) eap: Previous EAP request found for state 0x6ab64e0a68b35756, released from the list
(3) eap: Peer sent method PEAP (25)
(3) eap: EAP PEAP (25)
(3) eap: Calling eap_peap to process EAP data
(3) eap_peap: processing EAP-TLS
(3) eap_peap: Received TLS ACK
(3) eap_peap: Received TLS ACK
(3) eap_peap: ACK handshake fragment handler
(3) eap_peap: eaptls_verify returned 1
(3) eap_peap: eaptls_process returned 13
(3) eap_peap: FR_TLS_HANDLED
(3) eap: New EAP session, adding 'State' attribute to reply 0x6ab64e0a69b05756
(3) [eap] = handled
(3) } # authenticate = handled
(3) session-state: Nothing to cache
(3) Sent Access-Challenge Id 0 from 192.168.1.10:1812 to 192.168.1.1:32768 length 1064
(3) EAP-Message = 0x010603e81940fbe1c9fef72583ea7393c20234cb180f3903f65f94c6abc2f72663cfe0eaed6a818c0986e4c55d7cfc5138d125b9c0a94d8f6cae795b86e8b72ebfb2755a333ec68e1225fee5aab8dde4d5f51c719cceb56507c13ed15495bdc4292559f351473d3ab2a8a975aca4f60004e5308204e130
(3) Message-Authenticator = 0x00000000000000000000000000000000
(3) State = 0x6ab64e0a69b05756ae7dd72e88ad3314
(3) Finished request
Waking up in 0.3 seconds.
(3) : Cleaning up request packet ID 0 with timestamp +42
(4) Received Access-Request Id 0 from 192.168.1.1:32768 to 192.168.1.10:1812 length 138
(4) User-Name = 'mytestuser'
(4) NAS-IP-Address = 192.168.1.1
(4) Called-Station-Id = '04a15132e548'
(4) Calling-Station-Id = '984b4ae97b84'
(4) NAS-Identifier = '04a15132e548'
(4) NAS-Port = 22
(4) Framed-MTU = 1400
(4) State = 0x6ab64e0a69b05756ae7dd72e88ad3314
(4) NAS-Port-Type = Wireless-802.11
(4) EAP-Message = 0x020600061900
(4) Message-Authenticator = 0x263e71f088ec04dfbbb59983393b39f0
(4) session-state: No cached attributes
(4) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(4) authorize {
(4) policy filterusername {
(4) if (!&User-Name) {
(4) if (!&User-Name) -> FALSE
(4) if (&User-Name =~ / /) {
(4) if (&User-Name =~ / /) -> FALSE
(4) if (&User-Name =~ /@.@/ ) {
(4) if (&User-Name =~ /@._@/ ) -> FALSE
(4) if (&User-Name =~ /../ ) {
(4) if (&User-Name =~ /../ ) -> FALSE
(4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) {
(4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) -> FALSE
(4) if (&User-Name =~ /.$/) {
(4) if (&User-Name =~ /.$/) -> FALSE
(4) if (&User-Name =~ /@./) {
(4) if (&User-Name =~ /@./) -> FALSE
(4) } # policy filter_username = notfound
(4) [preprocess] = ok
(4) [chap] = noop
(4) [mschap] = noop
(4) [digest] = noop
(4) suffix: Checking for suffix after "@"
(4) suffix: No '@' in User-Name = "mytestuser", looking up realm NULL
(4) suffix: No such realm "NULL"
(4) [suffix] = noop
(4) eap: Peer sent code Response (2) ID 6 length 6
(4) eap: Continuing tunnel setup
(4) [eap] = ok
(4) } # authorize = ok
(4) Found Auth-Type = EAP
(4) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(4) authenticate {
(4) eap: Expiring EAP session with state 0x6ab64e0a69b05756
(4) eap: Finished EAP session with state 0x6ab64e0a69b05756
(4) eap: Previous EAP request found for state 0x6ab64e0a69b05756, released from the list
(4) eap: Peer sent method PEAP (25)
(4) eap: EAP PEAP (25)
(4) eap: Calling eap_peap to process EAP data
(4) eap_peap: processing EAP-TLS
(4) eap_peap: Received TLS ACK
(4) eap_peap: Received TLS ACK
(4) eap_peap: ACK handshake fragment handler
(4) eap_peap: eaptls_verify returned 1
(4) eap_peap: eaptls_process returned 13
(4) eap_peap: FR_TLS_HANDLED
(4) eap: New EAP session, adding 'State' attribute to reply 0x6ab64e0a6eb15756
(4) [eap] = handled
(4) } # authenticate = handled
(4) session-state: Nothing to cache
(4) Sent Access-Challenge Id 0 from 192.168.1.10:1812 to 192.168.1.1:32768 length 780
(4) EAP-Message = 0x010702ce190020417574686f72697479820900b84aec6d199549f4300c0603551d13040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101001604
(4) Message-Authenticator = 0x00000000000000000000000000000000
(4) State = 0x6ab64e0a6eb15756ae7dd72e88ad3314
(4) Finished request
Waking up in 0.3 seconds.
(4) : Cleaning up request packet ID 0 with timestamp +42
(5) Received Access-Request Id 0 from 192.168.1.1:32768 to 192.168.1.10:1812 length 276
(5) User-Name = 'mytestuser'
(5) NAS-IP-Address = 192.168.1.1
(5) Called-Station-Id = '04a15132e548'
(5) Calling-Station-Id = '984b4ae97b84'
(5) NAS-Identifier = '04a15132e548'
(5) NAS-Port = 22
(5) Framed-MTU = 1400
(5) State = 0x6ab64e0a6eb15756ae7dd72e88ad3314
(5) NAS-Port-Type = Wireless-802.11
(5) EAP-Message = 0x0207009019800000008616030100461000004241041710e9b3b4167b5eee3dc7548b5f791179f12a97667811aedcf7cab2d44dccf8067abe5fcb855fc6a849a543b7283af02ec86069c9020b2bb0503632121c9e011403010001011603010030748f06cfc698c769c4f4ca9d17c901f2b1715bbe1c210e
(5) Message-Authenticator = 0xf93442ff75a6e8e9e6ea4f0e703e5f14
(5) session-state: No cached attributes
(5) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(5) authorize {
(5) policy filterusername {
(5) if (!&User-Name) {
(5) if (!&User-Name) -> FALSE
(5) if (&User-Name =~ / /) {
(5) if (&User-Name =~ / /) -> FALSE
(5) if (&User-Name =~ /@.@/ ) {
(5) if (&User-Name =~ /@._@/ ) -> FALSE
(5) if (&User-Name =~ /../ ) {
(5) if (&User-Name =~ /../ ) -> FALSE
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) {
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) -> FALSE
(5) if (&User-Name =~ /.$/) {
(5) if (&User-Name =~ /.$/) -> FALSE
(5) if (&User-Name =~ /@./) {
(5) if (&User-Name =~ /@./) -> FALSE
(5) } # policy filter_username = notfound
(5) [preprocess] = ok
(5) [chap] = noop
(5) [mschap] = noop
(5) [digest] = noop
(5) suffix: Checking for suffix after "@"
(5) suffix: No '@' in User-Name = "mytestuser", looking up realm NULL
(5) suffix: No such realm "NULL"
(5) [suffix] = noop
(5) eap: Peer sent code Response (2) ID 7 length 144
(5) eap: Continuing tunnel setup
(5) [eap] = ok
(5) } # authorize = ok
(5) Found Auth-Type = EAP
(5) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(5) authenticate {
(5) eap: Expiring EAP session with state 0x6ab64e0a6eb15756
(5) eap: Finished EAP session with state 0x6ab64e0a6eb15756
(5) eap: Previous EAP request found for state 0x6ab64e0a6eb15756, released from the list
(5) eap: Peer sent method PEAP (25)
(5) eap: EAP PEAP (25)
(5) eap: Calling eap_peap to process EAP data
(5) eap_peap: processing EAP-TLS
(5) eap_peap: TLS Length 134
(5) eap_peap: Length Included
(5) eap_peap: eaptls_verify returned 11
(5) eap_peap: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
(5) eap_peap: TLS_accept: SSLv3 read client key exchange A
(5) eap_peap: <<< TLS 1.0 ChangeCipherSpec length 0001 eap_peap: <<< TLS 1.0 Handshake [length 0010], Finished
(5) eap_peap: TLS_accept: SSLv3 read finished A
(5) eap_peap: >>> TLS 1.0 ChangeCipherSpec length 0001 eap_peap: TLS_accept: SSLv3 write change cipher spec A
(5) eap_peap: >>> TLS 1.0 Handshake [length 0010], Finished
(5) eap_peap: TLS_accept: SSLv3 write finished A
(5) eap_peap: TLS_accept: SSLv3 flush data
SSL: adding session ac583f381aa56b774ee5f76ab028b50988adf979676e113bd7a743543b0c74ee to cache
(5) eap_peap: (other): SSL negotiation finished successfully
SSL Connection Established
(5) eap_peap: eaptls_process returned 13
(5) eap_peap: FR_TLS_HANDLED
(5) eap: New EAP session, adding 'State' attribute to reply 0x6ab64e0a6fbe5756
(5) [eap] = handled
(5) } # authenticate = handled
(5) session-state: Nothing to cache
(5) Sent Access-Challenge Id 0 from 192.168.1.10:1812 to 192.168.1.1:32768 length 123
(5) EAP-Message = 0x010800411900140301000101160301003069ad5032730b870b7bb46812d4bcabdac4b3f9440acf477069ed482c5184ff110176a578e8cc31a3a44acb1fbdf1db68
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0x6ab64e0a6fbe5756ae7dd72e88ad3314
(5) Finished request
Waking up in 0.2 seconds.
(5) : Cleaning up request packet ID 0 with timestamp +42
(6) Received Access-Request Id 0 from 192.168.1.1:32768 to 192.168.1.10:1812 length 138
(6) User-Name = 'mytestuser'
(6) NAS-IP-Address = 192.168.1.1
(6) Called-Station-Id = '04a15132e548'
(6) Calling-Station-Id = '984b4ae97b84'
(6) NAS-Identifier = '04a15132e548'
(6) NAS-Port = 22
(6) Framed-MTU = 1400
(6) State = 0x6ab64e0a6fbe5756ae7dd72e88ad3314
(6) NAS-Port-Type = Wireless-802.11
(6) EAP-Message = 0x020800061900
(6) Message-Authenticator = 0x64c1f5259a898cbdbbe5b9e628d8f2dd
(6) session-state: No cached attributes
(6) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(6) authorize {
(6) policy filterusername {
(6) if (!&User-Name) {
(6) if (!&User-Name) -> FALSE
(6) if (&User-Name =~ / /) {
(6) if (&User-Name =~ / /) -> FALSE
(6) if (&User-Name =~ /@.@/ ) {
(6) if (&User-Name =~ /@._@/ ) -> FALSE
(6) if (&User-Name =~ /../ ) {
(6) if (&User-Name =~ /../ ) -> FALSE
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) {
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) -> FALSE
(6) if (&User-Name =~ /.$/) {
(6) if (&User-Name =~ /.$/) -> FALSE
(6) if (&User-Name =~ /@./) {
(6) if (&User-Name =~ /@./) -> FALSE
(6) } # policy filter_username = notfound
(6) [preprocess] = ok
(6) [chap] = noop
(6) [mschap] = noop
(6) [digest] = noop
(6) suffix: Checking for suffix after "@"
(6) suffix: No '@' in User-Name = "mytestuser", looking up realm NULL
(6) suffix: No such realm "NULL"
(6) [suffix] = noop
(6) eap: Peer sent code Response (2) ID 8 length 6
(6) eap: Continuing tunnel setup
(6) [eap] = ok
(6) } # authorize = ok
(6) Found Auth-Type = EAP
(6) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(6) authenticate {
(6) eap: Expiring EAP session with state 0x6ab64e0a6fbe5756
(6) eap: Finished EAP session with state 0x6ab64e0a6fbe5756
(6) eap: Previous EAP request found for state 0x6ab64e0a6fbe5756, released from the list
(6) eap: Peer sent method PEAP (25)
(6) eap: EAP PEAP (25)
(6) eap: Calling eap_peap to process EAP data
(6) eap_peap: processing EAP-TLS
(6) eap_peap: Received TLS ACK
(6) eap_peap: Received TLS ACK
(6) eap_peap: ACK handshake is finished
(6) eap_peap: eaptls_verify returned 3
(6) eap_peap: eaptls_process returned 3
(6) eap_peap: FR_TLS_SUCCESS
(6) eap_peap: Session established. Decoding tunneled attributes
(6) eap_peap: PEAP state TUNNEL ESTABLISHED
(6) eap: New EAP session, adding 'State' attribute to reply 0x6ab64e0a6cbf5756
(6) [eap] = handled
(6) } # authenticate = handled
(6) session-state: Nothing to cache
(6) Sent Access-Challenge Id 0 from 192.168.1.10:1812 to 192.168.1.1:32768 length 101
(6) EAP-Message = 0x0109002b19001703010020818360a4ba050fbb0b3a52b92690ef8bba12fefc094a61fc7930ee053a730b0a
(6) Message-Authenticator = 0x00000000000000000000000000000000
(6) State = 0x6ab64e0a6cbf5756ae7dd72e88ad3314
(6) Finished request
Waking up in 0.3 seconds.
(6) : Cleaning up request packet ID 0 with timestamp +42
(7) Received Access-Request Id 0 from 192.168.1.1:32768 to 192.168.1.10:1812 length 212
(7) User-Name = 'mytestuser'
(7) NAS-IP-Address = 192.168.1.1
(7) Called-Station-Id = '04a15132e548'
(7) Calling-Station-Id = '984b4ae97b84'
(7) NAS-Identifier = '04a15132e548'
(7) NAS-Port = 22
(7) Framed-MTU = 1400
(7) State = 0x6ab64e0a6cbf5756ae7dd72e88ad3314
(7) NAS-Port-Type = Wireless-802.11
(7) EAP-Message = 0x020900501900170301002050e6dd5df54103cbe12d6999f74884321c320f61d639e79d2ad8aa76c3d1fc39170301002019687ff3879a447e745cec08e0edd14126b596a8c3d719276184be7e24e23bda
(7) Message-Authenticator = 0xe9525a79f87d78f516a49bf8ad49ef9b
(7) session-state: No cached attributes
(7) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(7) authorize {
(7) policy filterusername {
(7) if (!&User-Name) {
(7) if (!&User-Name) -> FALSE
(7) if (&User-Name =~ / /) {
(7) if (&User-Name =~ / /) -> FALSE
(7) if (&User-Name =~ /@.@/ ) {
(7) if (&User-Name =~ /@._@/ ) -> FALSE
(7) if (&User-Name =~ /../ ) {
(7) if (&User-Name =~ /../ ) -> FALSE
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) {
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) -> FALSE
(7) if (&User-Name =~ /.$/) {
(7) if (&User-Name =~ /.$/) -> FALSE
(7) if (&User-Name =~ /@./) {
(7) if (&User-Name =~ /@./) -> FALSE
(7) } # policy filter_username = notfound
(7) [preprocess] = ok
(7) [chap] = noop
(7) [mschap] = noop
(7) [digest] = noop
(7) suffix: Checking for suffix after "@"
(7) suffix: No '@' in User-Name = "mytestuser", looking up realm NULL
(7) suffix: No such realm "NULL"
(7) [suffix] = noop
(7) eap: Peer sent code Response (2) ID 9 length 80
(7) eap: Continuing tunnel setup
(7) [eap] = ok
(7) } # authorize = ok
(7) Found Auth-Type = EAP
(7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(7) authenticate {
(7) eap: Expiring EAP session with state 0x6ab64e0a6cbf5756
(7) eap: Finished EAP session with state 0x6ab64e0a6cbf5756
(7) eap: Previous EAP request found for state 0x6ab64e0a6cbf5756, released from the list
(7) eap: Peer sent method PEAP (25)
(7) eap: EAP PEAP (25)
(7) eap: Calling eap_peap to process EAP data
(7) eap_peap: processing EAP-TLS
(7) eap_peap: eaptls_verify returned 7
(7) eap_peap: Done initial handshake
(7) eap_peap: eaptls_process returned 7
(7) eap_peap: FR_TLS_OK
(7) eap_peap: Session established. Decoding tunneled attributes
(7) eap_peap: PEAP state WAITING FOR INNER IDENTITY
(7) eap_peap: Identity - mytestuser
(7) eap_peap: Got inner identity 'mytestuser'
(7) eap_peap: Setting default EAP type for tunneled EAP session
(7) eap_peap: Got tunneled request
(7) eap_peap: EAP-Message = 0x0209000b016a6f75656c6c
(7) eap_peap: Setting User-Name to mytestuser
(7) eap_peap: Sending tunneled request to inner-tunnel
(7) eap_peap: EAP-Message = 0x0209000b016a6f75656c6c
(7) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(7) eap_peap: User-Name = 'mytestuser'
(7) Virtual server received request
(7) EAP-Message = 0x0209000b016a6f75656c6c
(7) FreeRADIUS-Proxied-To = 127.0.0.1
(7) User-Name = 'mytestuser'
(7) server inner-tunnel {
(7) session-state: No State attribute
(7) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(7) authorize {
(7) [chap] = noop
(7) [mschap] = noop
(7) suffix: Checking for suffix after "@"
(7) suffix: No '@' in User-Name = "mytestuser", looking up realm NULL
(7) suffix: No such realm "NULL"
(7) [suffix] = noop
(7) update control {
(7) &Proxy-To-Realm := 'LOCAL'
(7) } # update control = noop
(7) eap: Peer sent code Response (2) ID 9 length 11
(7) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(7) [eap] = ok
(7) } # authorize = ok
(7) Found Auth-Type = EAP
(7) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(7) authenticate {
(7) eap: Peer sent method Identity (1)
(7) eap: Calling eap_mschapv2 to process EAP data
(7) eap_mschapv2: Issuing Challenge
(7) eap: New EAP session, adding 'State' attribute to reply 0x7b5ef09d7b54ea98
(7) [eap] = handled
(7) } # authenticate = handled
(7) session-state: Nothing to cache
(7) } # server inner-tunnel
(7) Virtual server sending reply
(7) EAP-Message = 0x010a00201a010a001b107691fa3af48a3644ae82383cc4afecc06a6f75656c6c
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) State = 0x7b5ef09d7b54ea98ed2b49edda518d61
(7) eap_peap: Got tunneled reply code 11
(7) eap_peap: EAP-Message = 0x010a00201a010a001b107691fa3af48a3644ae82383cc4afecc06a6f75656c6c
(7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(7) eap_peap: State = 0x7b5ef09d7b54ea98ed2b49edda518d61
(7) eap_peap: Got tunneled reply RADIUS code 11
(7) eap_peap: EAP-Message = 0x010a00201a010a001b107691fa3af48a3644ae82383cc4afecc06a6f75656c6c
(7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(7) eap_peap: State = 0x7b5ef09d7b54ea98ed2b49edda518d61
(7) eap_peap: Got tunneled Access-Challenge
(7) eap: New EAP session, adding 'State' attribute to reply 0x6ab64e0a6dbc5756
(7) [eap] = handled
(7) } # authenticate = handled
(7) session-state: Nothing to cache
(7) Sent Access-Challenge Id 0 from 192.168.1.10:1812 to 192.168.1.1:32768 length 133
(7) EAP-Message = 0x010a004b1900170301004080239ea94126d531a0e4c0eb074d629406ab7d967cd438af5b744e3257491a1584eb92347df643dae2bb4448ae2e4439e7296a9858aebc16d8e1720b67ff1ed6
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) State = 0x6ab64e0a6dbc5756ae7dd72e88ad3314
(7) Finished request
Waking up in 0.2 seconds.
(7) : Cleaning up request packet ID 0 with timestamp +42
(8) Received Access-Request Id 0 from 192.168.1.1:32768 to 192.168.1.10:1812 length 276
(8) User-Name = 'mytestuser'
(8) NAS-IP-Address = 192.168.1.1
(8) Called-Station-Id = '04a15132e548'
(8) Calling-Station-Id = '984b4ae97b84'
(8) NAS-Identifier = '04a15132e548'
(8) NAS-Port = 22
(8) Framed-MTU = 1400
(8) State = 0x6ab64e0a6dbc5756ae7dd72e88ad3314
(8) NAS-Port-Type = Wireless-802.11
(8) EAP-Message = 0x020a0090190017030100204782385fa85398e899f170afad7131e01d51b3f90f1fabe1d8d8149c2a4e362a1703010060f0c04705326f621c07c77fa9f272f918d1042531cb845686235222be5d2567c8346a4ccfcb4316b86426d17dc2e855e777a4434f0d049b2339387b4464b8185d802d91facae365
(8) Message-Authenticator = 0xde88530f13669d6234217dcd74c12727
(8) session-state: No cached attributes
(8) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(8) authorize {
(8) policy filterusername {
(8) if (!&User-Name) {
(8) if (!&User-Name) -> FALSE
(8) if (&User-Name =~ / /) {
(8) if (&User-Name =~ / /) -> FALSE
(8) if (&User-Name =~ /@.@/ ) {
(8) if (&User-Name =~ /@._@/ ) -> FALSE
(8) if (&User-Name =~ /../ ) {
(8) if (&User-Name =~ /../ ) -> FALSE
(8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) {
(8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) -> FALSE
(8) if (&User-Name =~ /.$/) {
(8) if (&User-Name =~ /.$/) -> FALSE
(8) if (&User-Name =~ /@./) {
(8) if (&User-Name =~ /@./) -> FALSE
(8) } # policy filter_username = notfound
(8) [preprocess] = ok
(8) [chap] = noop
(8) [mschap] = noop
(8) [digest] = noop
(8) suffix: Checking for suffix after "@"
(8) suffix: No '@' in User-Name = "mytestuser", looking up realm NULL
(8) suffix: No such realm "NULL"
(8) [suffix] = noop
(8) eap: Peer sent code Response (2) ID 10 length 144
(8) eap: Continuing tunnel setup
(8) [eap] = ok
(8) } # authorize = ok
(8) Found Auth-Type = EAP
(8) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(8) authenticate {
(8) eap: Expiring EAP session with state 0x7b5ef09d7b54ea98
(8) eap: Finished EAP session with state 0x6ab64e0a6dbc5756
(8) eap: Previous EAP request found for state 0x6ab64e0a6dbc5756, released from the list
(8) eap: Peer sent method PEAP (25)
(8) eap: EAP PEAP (25)
(8) eap: Calling eap_peap to process EAP data
(8) eap_peap: processing EAP-TLS
(8) eap_peap: eaptls_verify returned 7
(8) eap_peap: Done initial handshake
(8) eap_peap: eaptls_process returned 7
(8) eap_peap: FR_TLS_OK
(8) eap_peap: Session established. Decoding tunneled attributes
(8) eap_peap: PEAP state phase2
(8) eap_peap: EAP type MSCHAPv2 (26)
(8) eap_peap: Got tunneled request
(8) eap_peap: EAP-Message = 0x020a00411a020a003c31f6e78c190cf43276cccc57f252def23e0000000000000000d7c7a6640032f7eef08a7b51d07925bfa18f5a64ae2b8cf4006a6f75656c6c
(8) eap_peap: Setting User-Name to mytestuser
(8) eap_peap: Sending tunneled request to inner-tunnel
(8) eap_peap: EAP-Message = 0x020a00411a020a003c31f6e78c190cf43276cccc57f252def23e0000000000000000d7c7a6640032f7eef08a7b51d07925bfa18f5a64ae2b8cf4006a6f75656c6c
(8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(8) eap_peap: User-Name = 'mytestuser'
(8) eap_peap: State = 0x7b5ef09d7b54ea98ed2b49edda518d61
(8) Virtual server received request
(8) EAP-Message = 0x020a00411a020a003c31f6e78c190cf43276cccc57f252def23e0000000000000000d7c7a6640032f7eef08a7b51d07925bfa18f5a64ae2b8cf4006a6f75656c6c
(8) FreeRADIUS-Proxied-To = 127.0.0.1
(8) User-Name = 'mytestuser'
(8) State = 0x7b5ef09d7b54ea98ed2b49edda518d61
(8) server inner-tunnel {
(8) session-state: No cached attributes
(8) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(8) authorize {
(8) [chap] = noop
(8) [mschap] = noop
(8) suffix: Checking for suffix after "@"
(8) suffix: No '@' in User-Name = "mytestuser", looking up realm NULL
(8) suffix: No such realm "NULL"
(8) [suffix] = noop
(8) update control {
(8) &Proxy-To-Realm := 'LOCAL'
(8) } # update control = noop
(8) eap: Peer sent code Response (2) ID 10 length 65
(8) eap: No EAP Start, assuming it's an on-going EAP conversation
(8) [eap] = updated
(8) files: users: Matched entry mytestuser at line 75
(8) [files] = ok
(8) [expiration] = noop
(8) [logintime] = noop
(8) pap: WARNING: Auth-Type already set. Not setting to PAP
(8) [pap] = noop
(8) } # authorize = updated
(8) Found Auth-Type = EAP
(8) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(8) authenticate {
(8) eap: Expiring EAP session with state 0x7b5ef09d7b54ea98
(8) eap: Finished EAP session with state 0x7b5ef09d7b54ea98
(8) eap: Previous EAP request found for state 0x7b5ef09d7b54ea98, released from the list
(8) eap: Peer sent method MSCHAPv2 (26)
(8) eap: EAP MSCHAPv2 (26)
(8) eap: Calling eap_mschapv2 to process EAP data
(8) eap_mschapv2: cancelling authentication and letting it be proxied
(8) eap: No EAP proxy set. Not composing EAP
(8) [eap] = handled
(8) } # authenticate = handled
(8) } # server inner-tunnel
(8) Virtual server sending reply
(8) eap_peap: Got tunneled reply code 0
(8) eap_peap: Tunnelled authentication will be proxied to LOCAL
Segmentation fault (core dumped)
$grep -v '#' /usr/local/etc/raddb/users
mytestuser Cleartext-Password := "password"
DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "CSLIP" Framed-Protocol = SLIP, Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP" Framed-Protocol = SLIP
grep -v '#' /usr/local/etc/raddb/clients.conf
client localhost { ipaddr = 127.0.0.1 proto = * secret = testing123 require_message_authenticator = no
}
client localhost_ipv6 { ipv6addr = ::1 secret = testing123 }
client 192.168.1.1 { ipaddr = 192.168.1.1 secret = ddwrt }
That's it. Android Droid X2 ==> NetGear Router (Firmware: DD-WRT v24-sp2 (04/10/12)) ==>Ubuntu I select PEAP as the EAP method in the droid and put in my un/pass. I am a novice Radius user, but I am thinking a SegFault is not good.