Closed toanalien closed 1 year ago
Log is too long so I split 2 parts
docker-openwisp-freeradius-1 | (55) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1 | (55) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1 | (55) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1 | (55) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1 | (55) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1 | (55) # Executing section authorize from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1 | (55) authorize {
docker-openwisp-freeradius-1 | (55) eap-org_a: Peer sent EAP Response (code 2) ID 8 length 136
docker-openwisp-freeradius-1 | (55) eap-org_a: Continuing tunnel setup
docker-openwisp-freeradius-1 | (55) [eap-org_a] = ok
docker-openwisp-freeradius-1 | (55) } # authorize = ok
docker-openwisp-freeradius-1 | (55) Found Auth-Type = eap-org_a
docker-openwisp-freeradius-1 | (55) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1 | (55) Auth-Type eap-org_a {
docker-openwisp-freeradius-1 | (55) eap-org_a: Expiring EAP session with state 0x9163d5c4976bcc82
docker-openwisp-freeradius-1 | (55) eap-org_a: Finished EAP session with state 0x9163d5c4976bcc82
docker-openwisp-freeradius-1 | (55) eap-org_a: Previous EAP request found for state 0x9163d5c4976bcc82, released from the list
docker-openwisp-freeradius-1 | (55) eap-org_a: Peer sent packet with method EAP PEAP (25)
docker-openwisp-freeradius-1 | (55) eap-org_a: Calling submodule eap_peap to process data
docker-openwisp-freeradius-1 | (55) eap_peap: (TLS) EAP Peer says that the final record size will be 126 bytes
docker-openwisp-freeradius-1 | (55) eap_peap: (TLS) EAP Got all data (126 bytes)
docker-openwisp-freeradius-1 | (55) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write server done
docker-openwisp-freeradius-1 | (55) eap_peap: (TLS) recv TLS 1.2 Handshake, ClientKeyExchange
docker-openwisp-freeradius-1 | (55) eap_peap: (TLS) Handshake state - Server SSLv3/TLS read client key exchange
docker-openwisp-freeradius-1 | (55) eap_peap: (TLS) Handshake state - Server SSLv3/TLS read change cipher spec
docker-openwisp-freeradius-1 | (55) eap_peap: (TLS) recv TLS 1.2 Handshake, Finished
docker-openwisp-freeradius-1 | (55) eap_peap: (TLS) Handshake state - Server SSLv3/TLS read finished
docker-openwisp-freeradius-1 | (55) eap_peap: (TLS) send TLS 1.2 ChangeCipherSpec
docker-openwisp-freeradius-1 | (55) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write change cipher spec
docker-openwisp-freeradius-1 | (55) eap_peap: (TLS) send TLS 1.2 Handshake, Finished
docker-openwisp-freeradius-1 | (55) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write finished
docker-openwisp-freeradius-1 | (55) eap_peap: (TLS) Handshake state - SSL negotiation finished successfully
docker-openwisp-freeradius-1 | (55) eap_peap: (TLS) Connection Established
docker-openwisp-freeradius-1 | (55) eap_peap: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
docker-openwisp-freeradius-1 | (55) eap_peap: TLS-Session-Version = "TLS 1.2"
docker-openwisp-freeradius-1 | (55) eap-org_a: Sending EAP Request (code 1) ID 9 length 57
docker-openwisp-freeradius-1 | (55) eap-org_a: EAP session adding &reply:State = 0x9163d5c4966acc82
docker-openwisp-freeradius-1 | (55) [eap-org_a] = handled
docker-openwisp-freeradius-1 | (55) } # Auth-Type eap-org_a = handled
docker-openwisp-freeradius-1 | (55) Using Post-Auth-Type Challenge
docker-openwisp-freeradius-1 | (55) Post-Auth-Type sub-section not found. Ignoring.
docker-openwisp-freeradius-1 | (55) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1 | (55) session-state: Saving cached attributes
docker-openwisp-freeradius-1 | (55) Framed-MTU = 1004
docker-openwisp-freeradius-1 | (55) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1 | (55) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1 | (55) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1 | (55) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1 | (55) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1 | (55) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange"
docker-openwisp-freeradius-1 | (55) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1 | (55) TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec"
docker-openwisp-freeradius-1 | (55) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1 | (55) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
docker-openwisp-freeradius-1 | (55) TLS-Session-Version = "TLS 1.2"
docker-openwisp-freeradius-1 | (55) Sent Access-Challenge Id 168 from 172.18.0.13:1812 to 125.235.213.130:55823 length 115
docker-openwisp-freeradius-1 | (55) EAP-Message = 0x01090039190014030300010116030300288e2f8e6218f7b3c8af6eb1c8800d3d336627d9291e235295acebb712e8999cafea42a60b3b457a46
docker-openwisp-freeradius-1 | (55) Message-Authenticator = 0x00000000000000000000000000000000
docker-openwisp-freeradius-1 | (55) State = 0x9163d5c4966acc8246ef01f5c3c072fb
docker-openwisp-freeradius-1 | (55) Finished request
docker-openwisp-freeradius-1 | Waking up in 4.0 seconds.
docker-openwisp-freeradius-1 | (56) Received Access-Request Id 169 from 125.235.213.130:55823 to 172.18.0.13:1812 length 219
docker-openwisp-freeradius-1 | (56) User-Name = "admin"
docker-openwisp-freeradius-1 | (56) NAS-IP-Address = 192.168.1.100
docker-openwisp-freeradius-1 | (56) NAS-Port = 0
docker-openwisp-freeradius-1 | (56) NAS-Identifier = "192.168.1.100"
docker-openwisp-freeradius-1 | (56) NAS-Port-Type = Wireless-802.11
docker-openwisp-freeradius-1 | (56) Calling-Station-Id = "dadb914a5923"
docker-openwisp-freeradius-1 | (56) Called-Station-Id = "04bd88c95ff0"
docker-openwisp-freeradius-1 | (56) Service-Type = Login-User
docker-openwisp-freeradius-1 | (56) Framed-MTU = 1100
docker-openwisp-freeradius-1 | (56) EAP-Message = 0x020900061900
docker-openwisp-freeradius-1 | (56) State = 0x9163d5c4966acc8246ef01f5c3c072fb
docker-openwisp-freeradius-1 | (56) Aruba-Essid-Name = "radius"
docker-openwisp-freeradius-1 | (56) Aruba-Location-Id = "04:bd:88:c9:5f:f0"
docker-openwisp-freeradius-1 | (56) Aruba-AP-Group = "SetMeUp-C9:5F:F0"
docker-openwisp-freeradius-1 | (56) Aruba-Device-Type = "NOFP"
docker-openwisp-freeradius-1 | (56) Message-Authenticator = 0xbad8b8055384c7fdc0352450c3e1cc27
docker-openwisp-freeradius-1 | (56) Restoring &session-state
docker-openwisp-freeradius-1 | (56) &session-state:Framed-MTU = 1004
docker-openwisp-freeradius-1 | (56) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1 | (56) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1 | (56) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1 | (56) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1 | (56) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1 | (56) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange"
docker-openwisp-freeradius-1 | (56) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1 | (56) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec"
docker-openwisp-freeradius-1 | (56) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1 | (56) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
docker-openwisp-freeradius-1 | (56) &session-state:TLS-Session-Version = "TLS 1.2"
docker-openwisp-freeradius-1 | (56) # Executing section authorize from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1 | (56) authorize {
docker-openwisp-freeradius-1 | (56) eap-org_a: Peer sent EAP Response (code 2) ID 9 length 6
docker-openwisp-freeradius-1 | (56) eap-org_a: Continuing tunnel setup
docker-openwisp-freeradius-1 | (56) [eap-org_a] = ok
docker-openwisp-freeradius-1 | (56) } # authorize = ok
docker-openwisp-freeradius-1 | (56) Found Auth-Type = eap-org_a
docker-openwisp-freeradius-1 | (56) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1 | (56) Auth-Type eap-org_a {
docker-openwisp-freeradius-1 | (56) eap-org_a: Expiring EAP session with state 0x9163d5c4966acc82
docker-openwisp-freeradius-1 | (56) eap-org_a: Finished EAP session with state 0x9163d5c4966acc82
docker-openwisp-freeradius-1 | (56) eap-org_a: Previous EAP request found for state 0x9163d5c4966acc82, released from the list
docker-openwisp-freeradius-1 | (56) eap-org_a: Peer sent packet with method EAP PEAP (25)
docker-openwisp-freeradius-1 | (56) eap-org_a: Calling submodule eap_peap to process data
docker-openwisp-freeradius-1 | (56) eap_peap: (TLS) Peer ACKed our handshake fragment. handshake is finished
docker-openwisp-freeradius-1 | (56) eap_peap: Session established. Decoding tunneled attributes
docker-openwisp-freeradius-1 | (56) eap_peap: PEAP state TUNNEL ESTABLISHED
docker-openwisp-freeradius-1 | (56) eap-org_a: Sending EAP Request (code 1) ID 10 length 40
docker-openwisp-freeradius-1 | (56) eap-org_a: EAP session adding &reply:State = 0x9163d5c49969cc82
docker-openwisp-freeradius-1 | (56) [eap-org_a] = handled
docker-openwisp-freeradius-1 | (56) } # Auth-Type eap-org_a = handled
docker-openwisp-freeradius-1 | (56) Using Post-Auth-Type Challenge
docker-openwisp-freeradius-1 | (56) Post-Auth-Type sub-section not found. Ignoring.
docker-openwisp-freeradius-1 | (56) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1 | (56) session-state: Saving cached attributes
docker-openwisp-freeradius-1 | (56) Framed-MTU = 1004
docker-openwisp-freeradius-1 | (56) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1 | (56) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1 | (56) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1 | (56) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1 | (56) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1 | (56) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange"
docker-openwisp-freeradius-1 | (56) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1 | (56) TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec"
docker-openwisp-freeradius-1 | (56) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1 | (56) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
docker-openwisp-freeradius-1 | (56) TLS-Session-Version = "TLS 1.2"
docker-openwisp-freeradius-1 | (56) Sent Access-Challenge Id 169 from 172.18.0.13:1812 to 125.235.213.130:55823 length 98
docker-openwisp-freeradius-1 | (56) EAP-Message = 0x010a00281900170303001d8e2f8e6218f7b3c9052745b9f232bb35a07eff5c474c5709a0e72f2454
docker-openwisp-freeradius-1 | (56) Message-Authenticator = 0x00000000000000000000000000000000
docker-openwisp-freeradius-1 | (56) State = 0x9163d5c49969cc8246ef01f5c3c072fb
docker-openwisp-freeradius-1 | (56) Finished request
docker-openwisp-freeradius-1 | Waking up in 3.9 seconds.
docker-openwisp-freeradius-1 | (57) Received Access-Request Id 170 from 125.235.213.130:55823 to 172.18.0.13:1812 length 254
docker-openwisp-freeradius-1 | (57) User-Name = "admin"
docker-openwisp-freeradius-1 | (57) NAS-IP-Address = 192.168.1.100
docker-openwisp-freeradius-1 | (57) NAS-Port = 0
docker-openwisp-freeradius-1 | (57) NAS-Identifier = "192.168.1.100"
docker-openwisp-freeradius-1 | (57) NAS-Port-Type = Wireless-802.11
docker-openwisp-freeradius-1 | (57) Calling-Station-Id = "dadb914a5923"
docker-openwisp-freeradius-1 | (57) Called-Station-Id = "04bd88c95ff0"
docker-openwisp-freeradius-1 | (57) Service-Type = Login-User
docker-openwisp-freeradius-1 | (57) Framed-MTU = 1100
docker-openwisp-freeradius-1 | (57) EAP-Message = 0x020a00291900170303001e6061d917dfab46aeba5052c247414e125d4c533dc06a7418cbd66d1f36a6
docker-openwisp-freeradius-1 | (57) State = 0x9163d5c49969cc8246ef01f5c3c072fb
docker-openwisp-freeradius-1 | (57) Aruba-Essid-Name = "radius"
docker-openwisp-freeradius-1 | (57) Aruba-Location-Id = "04:bd:88:c9:5f:f0"
docker-openwisp-freeradius-1 | (57) Aruba-AP-Group = "SetMeUp-C9:5F:F0"
docker-openwisp-freeradius-1 | (57) Aruba-Device-Type = "NOFP"
docker-openwisp-freeradius-1 | (57) Message-Authenticator = 0xfaf2728bbcdccfdd876db9430285ebca
docker-openwisp-freeradius-1 | (57) Restoring &session-state
docker-openwisp-freeradius-1 | (57) &session-state:Framed-MTU = 1004
docker-openwisp-freeradius-1 | (57) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1 | (57) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1 | (57) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1 | (57) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1 | (57) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1 | (57) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange"
docker-openwisp-freeradius-1 | (57) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1 | (57) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec"
docker-openwisp-freeradius-1 | (57) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1 | (57) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
docker-openwisp-freeradius-1 | (57) &session-state:TLS-Session-Version = "TLS 1.2"
docker-openwisp-freeradius-1 | (57) # Executing section authorize from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1 | (57) authorize {
docker-openwisp-freeradius-1 | (57) eap-org_a: Peer sent EAP Response (code 2) ID 10 length 41
docker-openwisp-freeradius-1 | (57) eap-org_a: Continuing tunnel setup
docker-openwisp-freeradius-1 | (57) [eap-org_a] = ok
docker-openwisp-freeradius-1 | (57) } # authorize = ok
docker-openwisp-freeradius-1 | (57) Found Auth-Type = eap-org_a
docker-openwisp-freeradius-1 | (57) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1 | (57) Auth-Type eap-org_a {
docker-openwisp-freeradius-1 | (57) eap-org_a: Expiring EAP session with state 0x9163d5c49969cc82
docker-openwisp-freeradius-1 | (57) eap-org_a: Finished EAP session with state 0x9163d5c49969cc82
docker-openwisp-freeradius-1 | (57) eap-org_a: Previous EAP request found for state 0x9163d5c49969cc82, released from the list
docker-openwisp-freeradius-1 | (57) eap-org_a: Peer sent packet with method EAP PEAP (25)
docker-openwisp-freeradius-1 | (57) eap-org_a: Calling submodule eap_peap to process data
docker-openwisp-freeradius-1 | (57) eap_peap: (TLS) EAP Done initial handshake
docker-openwisp-freeradius-1 | (57) eap_peap: Session established. Decoding tunneled attributes
docker-openwisp-freeradius-1 | (57) eap_peap: PEAP state WAITING FOR INNER IDENTITY
docker-openwisp-freeradius-1 | (57) eap_peap: Identity - admin
docker-openwisp-freeradius-1 | (57) eap_peap: Got inner identity 'admin'
docker-openwisp-freeradius-1 | (57) eap_peap: Setting default EAP type for tunneled EAP session
docker-openwisp-freeradius-1 | (57) eap_peap: Got tunneled request
docker-openwisp-freeradius-1 | (57) eap_peap: EAP-Message = 0x020a000a0161646d696e
docker-openwisp-freeradius-1 | (57) eap_peap: Setting User-Name to admin
docker-openwisp-freeradius-1 | (57) eap_peap: Sending tunneled request to inner-tunnel_org_a
docker-openwisp-freeradius-1 | (57) eap_peap: EAP-Message = 0x020a000a0161646d696e
docker-openwisp-freeradius-1 | (57) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
docker-openwisp-freeradius-1 | (57) eap_peap: User-Name = "admin"
docker-openwisp-freeradius-1 | (57) Virtual server inner-tunnel_org_a received request
docker-openwisp-freeradius-1 | (57) EAP-Message = 0x020a000a0161646d696e
docker-openwisp-freeradius-1 | (57) FreeRADIUS-Proxied-To = 127.0.0.1
docker-openwisp-freeradius-1 | (57) User-Name = "admin"
docker-openwisp-freeradius-1 | (57) WARNING: Outer and inner identities are the same. User privacy is compromised.
docker-openwisp-freeradius-1 | (57) server inner-tunnel_org_a {
docker-openwisp-freeradius-1 | (57) # Executing section authorize from file /opt/etc/raddb/sites-enabled/inner-tunnel
docker-openwisp-freeradius-1 | (57) authorize {
docker-openwisp-freeradius-1 | (57) policy filter_username {
docker-openwisp-freeradius-1 | (57) if (&User-Name) {
docker-openwisp-freeradius-1 | (57) if (&User-Name) -> TRUE
docker-openwisp-freeradius-1 | (57) if (&User-Name) {
docker-openwisp-freeradius-1 | (57) if (&User-Name =~ / /) {
docker-openwisp-freeradius-1 | (57) if (&User-Name =~ / /) -> FALSE
docker-openwisp-freeradius-1 | (57) if (&User-Name =~ /@[^@]*@/ ) {
docker-openwisp-freeradius-1 | (57) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
docker-openwisp-freeradius-1 | (57) if (&User-Name =~ /\.\./ ) {
docker-openwisp-freeradius-1 | (57) if (&User-Name =~ /\.\./ ) -> FALSE
docker-openwisp-freeradius-1 | (57) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
docker-openwisp-freeradius-1 | (57) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
docker-openwisp-freeradius-1 | (57) if (&User-Name =~ /\.$/) {
docker-openwisp-freeradius-1 | (57) if (&User-Name =~ /\.$/) -> FALSE
docker-openwisp-freeradius-1 | (57) if (&User-Name =~ /@\./) {
docker-openwisp-freeradius-1 | (57) if (&User-Name =~ /@\./) -> FALSE
docker-openwisp-freeradius-1 | (57) } # if (&User-Name) = notfound
docker-openwisp-freeradius-1 | (57) } # policy filter_username = notfound
docker-openwisp-freeradius-1 | (57) update control {
docker-openwisp-freeradius-1 | (57) &REST-HTTP-Header += "Authorization: Bearer 97dca65c-d074-433a-bae5-4e5f030f741e tGW29mwRo9K0SJc16S2Wl7osC8HcTtbt"
docker-openwisp-freeradius-1 | (57) } # update control = noop
docker-openwisp-freeradius-1 | rlm_rest (rest): Reserved connection (8)
docker-openwisp-freeradius-1 | (57) rest: Expanding URI components
docker-openwisp-freeradius-1 | (57) rest: EXPAND http://api.internal
docker-openwisp-freeradius-1 | (57) rest: --> http://api.internal
docker-openwisp-freeradius-1 | (57) rest: EXPAND /api/v1/freeradius/authorize/
docker-openwisp-freeradius-1 | (57) rest: --> /api/v1/freeradius/authorize/
docker-openwisp-freeradius-1 | (57) rest: Sending HTTP POST to "http://api.internal/api/v1/freeradius/authorize/"
docker-openwisp-freeradius-1 | (57) rest: EXPAND {"username": "%{User-Name}", "password": "%{User-Password}"}
docker-openwisp-freeradius-1 | (57) rest: --> {"username": "admin", "password": ""}
docker-openwisp-freeradius-1 | (57) rest: Processing response header
docker-openwisp-freeradius-1 | (57) rest: Status : 400 (Bad Request)
docker-openwisp-freeradius-1 | (57) rest: Type : json (application/json)
docker-openwisp-freeradius-1 | (57) rest: Adding reply:REST-HTTP-Status-Code = "400"
docker-openwisp-freeradius-1 | (57) rest: ERROR: Server returned:
docker-openwisp-freeradius-1 | (57) rest: ERROR: {"password":["This field may not be blank."]}
docker-openwisp-freeradius-1 | rlm_rest (rest): Released connection (8)
docker-openwisp-freeradius-1 | Need 3 more connections to reach min connections (5)
docker-openwisp-freeradius-1 | Need more connections to reach 3 spares
docker-openwisp-freeradius-1 | rlm_rest (rest): Opening additional connection (9), 1 of 8 pending slots used
docker-openwisp-freeradius-1 | rlm_rest (rest): Connecting to "http://api.internal/api/v1/freeradius"
docker-openwisp-freeradius-1 | rlm_rest (rest): You probably need to lower "min"
docker-openwisp-freeradius-1 | rlm_rest (rest): Closing expired connection (6) - Hit idle_timeout limit
docker-openwisp-freeradius-1 | (57) [rest] = invalid
docker-openwisp-freeradius-1 | (57) } # authorize = invalid
docker-openwisp-freeradius-1 | (57) Invalid user (rest: Server returned:): [admin/<no User-Password attribute>] (from client localhost port 0 via TLS tunnel)
docker-openwisp-freeradius-1 | (57) Using Post-Auth-Type Reject
docker-openwisp-freeradius-1 | (57) Post-Auth-Type sub-section not found. Ignoring.
docker-openwisp-freeradius-1 | (57) Login incorrect (rest: Server returned:): [admin/<no User-Password attribute>] (from client localhost port 0 via TLS tunnel)
docker-openwisp-freeradius-1 | (57) } # server inner-tunnel_org_a
docker-openwisp-freeradius-1 | (57) Virtual server sending reply
docker-openwisp-freeradius-1 | (57) REST-HTTP-Status-Code := 400
docker-openwisp-freeradius-1 | (57) eap_peap: Got tunneled reply code 3
docker-openwisp-freeradius-1 | (57) eap_peap: REST-HTTP-Status-Code := 400
docker-openwisp-freeradius-1 | (57) eap_peap: Got tunneled reply RADIUS code 3
docker-openwisp-freeradius-1 | (57) eap_peap: REST-HTTP-Status-Code := 400
docker-openwisp-freeradius-1 | (57) eap_peap: Tunneled authentication was rejected
docker-openwisp-freeradius-1 | (57) eap_peap: FAILURE
docker-openwisp-freeradius-1 | (57) eap-org_a: Sending EAP Request (code 1) ID 11 length 46
docker-openwisp-freeradius-1 | (57) eap-org_a: EAP session adding &reply:State = 0x9163d5c49868cc82
docker-openwisp-freeradius-1 | (57) [eap-org_a] = handled
docker-openwisp-freeradius-1 | (57) } # Auth-Type eap-org_a = handled
docker-openwisp-freeradius-1 | (57) Using Post-Auth-Type Challenge
docker-openwisp-freeradius-1 | (57) Post-Auth-Type sub-section not found. Ignoring.
docker-openwisp-freeradius-1 | (57) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1 | (57) session-state: Saving cached attributes
docker-openwisp-freeradius-1 | (57) Framed-MTU = 1004
docker-openwisp-freeradius-1 | (57) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1 | (57) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1 | (57) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1 | (57) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1 | (57) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1 | (57) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange"
docker-openwisp-freeradius-1 | (57) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1 | (57) TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec"
docker-openwisp-freeradius-1 | (57) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1 | (57) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
docker-openwisp-freeradius-1 | (57) TLS-Session-Version = "TLS 1.2"
docker-openwisp-freeradius-1 | (57) Sent Access-Challenge Id 170 from 172.18.0.13:1812 to 125.235.213.130:55823 length 104
docker-openwisp-freeradius-1 | (57) EAP-Message = 0x010b002e190017030300238e2f8e6218f7b3ca11ac010d3cc73f4ab19b57aedcba60ace0c174734bbb6c1a3fc2da
docker-openwisp-freeradius-1 | (57) Message-Authenticator = 0x00000000000000000000000000000000
docker-openwisp-freeradius-1 | (57) State = 0x9163d5c49868cc8246ef01f5c3c072fb
docker-openwisp-freeradius-1 | (57) Finished request
docker-openwisp-freeradius-1 | Waking up in 3.7 seconds.
docker-openwisp-freeradius-1 | (58) Received Access-Request Id 171 from 125.235.213.130:55823 to 172.18.0.13:1812 length 259
docker-openwisp-freeradius-1 | (58) User-Name = "admin"
docker-openwisp-freeradius-1 | (58) NAS-IP-Address = 192.168.1.100
docker-openwisp-freeradius-1 | (58) NAS-Port = 0
docker-openwisp-freeradius-1 | (58) NAS-Identifier = "192.168.1.100"
docker-openwisp-freeradius-1 | (58) NAS-Port-Type = Wireless-802.11
docker-openwisp-freeradius-1 | (58) Calling-Station-Id = "dadb914a5923"
docker-openwisp-freeradius-1 | (58) Called-Station-Id = "04bd88c95ff0"
docker-openwisp-freeradius-1 | (58) Service-Type = Login-User
docker-openwisp-freeradius-1 | (58) Framed-MTU = 1100
docker-openwisp-freeradius-1 | (58) EAP-Message = 0x020b002e190017030300236061d917dfab46af4a79c6db2d6c16dee6638000f406c54c3f779fd94eaa790fece3b6
docker-openwisp-freeradius-1 | (58) State = 0x9163d5c49868cc8246ef01f5c3c072fb
docker-openwisp-freeradius-1 | (58) Aruba-Essid-Name = "radius"
docker-openwisp-freeradius-1 | (58) Aruba-Location-Id = "04:bd:88:c9:5f:f0"
docker-openwisp-freeradius-1 | (58) Aruba-AP-Group = "SetMeUp-C9:5F:F0"
docker-openwisp-freeradius-1 | (58) Aruba-Device-Type = "NOFP"
docker-openwisp-freeradius-1 | (58) Message-Authenticator = 0x17164e24b5881f375269915f0554d1d6
docker-openwisp-freeradius-1 | (58) Restoring &session-state
docker-openwisp-freeradius-1 | (58) &session-state:Framed-MTU = 1004
docker-openwisp-freeradius-1 | (58) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1 | (58) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1 | (58) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1 | (58) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1 | (58) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1 | (58) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange"
docker-openwisp-freeradius-1 | (58) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1 | (58) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec"
docker-openwisp-freeradius-1 | (58) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1 | (58) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
docker-openwisp-freeradius-1 | (58) &session-state:TLS-Session-Version = "TLS 1.2"
docker-openwisp-freeradius-1 | (58) # Executing section authorize from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1 | (58) authorize {
docker-openwisp-freeradius-1 | (58) eap-org_a: Peer sent EAP Response (code 2) ID 11 length 46
docker-openwisp-freeradius-1 | (58) eap-org_a: Continuing tunnel setup
docker-openwisp-freeradius-1 | (58) [eap-org_a] = ok
docker-openwisp-freeradius-1 | (58) } # authorize = ok
docker-openwisp-freeradius-1 | (58) Found Auth-Type = eap-org_a
docker-openwisp-freeradius-1 | (58) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1 | (58) Auth-Type eap-org_a {
docker-openwisp-freeradius-1 | (58) eap-org_a: Expiring EAP session with state 0x9163d5c49868cc82
docker-openwisp-freeradius-1 | (58) eap-org_a: Finished EAP session with state 0x9163d5c49868cc82
docker-openwisp-freeradius-1 | (58) eap-org_a: Previous EAP request found for state 0x9163d5c49868cc82, released from the list
docker-openwisp-freeradius-1 | (58) eap-org_a: Peer sent packet with method EAP PEAP (25)
docker-openwisp-freeradius-1 | (58) eap-org_a: Calling submodule eap_peap to process data
docker-openwisp-freeradius-1 | (58) eap_peap: (TLS) EAP Done initial handshake
docker-openwisp-freeradius-1 | (58) eap_peap: Session established. Decoding tunneled attributes
docker-openwisp-freeradius-1 | (58) eap_peap: PEAP state send tlv failure
docker-openwisp-freeradius-1 | (58) eap_peap: Received EAP-TLV response
docker-openwisp-freeradius-1 | (58) eap_peap: ERROR: The users session was previously rejected: returning reject (again.)
docker-openwisp-freeradius-1 | (58) eap_peap: This means you need to read the PREVIOUS messages in the debug output
docker-openwisp-freeradius-1 | (58) eap_peap: to find out the reason why the user was rejected
docker-openwisp-freeradius-1 | (58) eap_peap: Look for "reject" or "fail". Those earlier messages will tell you
docker-openwisp-freeradius-1 | (58) eap_peap: what went wrong, and how to fix the problem
docker-openwisp-freeradius-1 | (58) eap-org_a: ERROR: Failed continuing EAP PEAP (25) session. EAP sub-module failed
docker-openwisp-freeradius-1 | (58) eap-org_a: Sending EAP Failure (code 4) ID 11 length 4
docker-openwisp-freeradius-1 | (58) eap-org_a: Failed in EAP select
docker-openwisp-freeradius-1 | (58) [eap-org_a] = invalid
docker-openwisp-freeradius-1 | (58) } # Auth-Type eap-org_a = invalid
docker-openwisp-freeradius-1 | (58) Failed to authenticate the user
docker-openwisp-freeradius-1 | (58) Using Post-Auth-Type Reject
docker-openwisp-freeradius-1 | (58) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1 | (58) Post-Auth-Type REJECT {
docker-openwisp-freeradius-1 | (58) update control {
docker-openwisp-freeradius-1 | (58) &REST-HTTP-Header += "Authorization: Bearer 97dca65c-d074-433a-bae5-4e5f030f741e tGW29mwRo9K0SJc16S2Wl7osC8HcTtbt"
docker-openwisp-freeradius-1 | (58) } # update control = noop
docker-openwisp-freeradius-1 | rlm_rest (rest): Reserved connection (8)
docker-openwisp-freeradius-1 | (58) rest: Expanding URI components
docker-openwisp-freeradius-1 | (58) rest: EXPAND http://api.internal
docker-openwisp-freeradius-1 | (58) rest: --> http://api.internal
docker-openwisp-freeradius-1 | (58) rest: EXPAND /api/v1/freeradius/postauth/
docker-openwisp-freeradius-1 | (58) rest: --> /api/v1/freeradius/postauth/
docker-openwisp-freeradius-1 | (58) rest: Sending HTTP POST to "http://api.internal/api/v1/freeradius/postauth/"
docker-openwisp-freeradius-1 | (58) rest: EXPAND {"username": "%{User-Name}", "password": "%{User-Password}", "reply": "%{reply:Packet-Type}", "called_station_id": "%{Called-Station-ID}", "calling_station_id": "%{Calling-Station-ID}"}
docker-openwisp-freeradius-1 | (58) rest: --> {"username": "admin", "password": "", "reply": "Access-Reject", "called_station_id": "04bd88c95ff0", "calling_station_id": "dadb914a5923"}
docker-openwisp-freeradius-1 | (58) rest: Processing response header
docker-openwisp-freeradius-1 | (58) rest: Status : 201 (Created)
docker-openwisp-freeradius-1 | (58) rest: Adding reply:REST-HTTP-Status-Code = "201"
docker-openwisp-freeradius-1 | (58) rest: Skipping attribute processing, no valid body data received
docker-openwisp-freeradius-1 | rlm_rest (rest): Released connection (8)
docker-openwisp-freeradius-1 | (58) [rest] = ok
docker-openwisp-freeradius-1 | (58) } # Post-Auth-Type REJECT = ok
docker-openwisp-freeradius-1 | (58) Login incorrect (eap_peap: The users session was previously rejected: returning reject (again.)): [admin/<via Auth-Type = eap-org_a>] (from client localhost port 0 cli dadb914a5923)
docker-openwisp-freeradius-1 | (58) Delaying response for 1.000000 seconds
docker-openwisp-freeradius-1 | Waking up in 0.3 seconds.
docker-openwisp-freeradius-1 | Waking up in 0.6 seconds.
docker-openwisp-freeradius-1 | (58) Sending delayed response
docker-openwisp-freeradius-1 | (58) Sent Access-Reject Id 171 from 172.18.0.13:1812 to 125.235.213.130:55823 length 44
docker-openwisp-freeradius-1 | (58) EAP-Message = 0x040b0004
docker-openwisp-freeradius-1 | (58) Message-Authenticator = 0x00000000000000000000000000000000
I checked again and see that MacOS and iOS use PEAP-mschapv2 as default authentication method. I created a Profile via Apple Configurator and apply EAP-TTLS method, it works.
I guess we can close this then.
Hello @nemesisdesign,
Problem has not been resolved. I just changed authentication method from PEAP-mschapv2 to EAP-TTLS but I must create custom Profile by Apple Configurator and install to each device.
How I config default method authentication PEAP-mschapv2 in FreeRadius and integrate with OpenWisp, if you have tutorial, please give me one.
Thank you!
Hello,
I configured EAP-TTLS with certificates and Root CA. I config use FreeRadius with Aruba IAP, it works with Windows 10 but cannot connect from Macos and iOS devices.
The dump logs bellow