search

openwisp / openwisp-radius

Administration web interface and REST API for freeradius 3 build in django & python. Supports captive portal authentication, WPA Enerprise (802.1x), freeradius rlm_rest, social login, Hotspot 2.0 / 802.11u, importing users from CSV, registration of new users and more.
https://openwisp.io/docs/dev/radius/
GNU General Public License v3.0
360 stars 176 forks source link

Problem with EAP-TTLS in MacOS and iOS #475

Closed toanalien closed 1 year ago

toanalien commented 1 year ago

Hello,

I configured EAP-TTLS with certificates and Root CA. I config use FreeRadius with Aruba IAP, it works with Windows 10 but cannot connect from Macos and iOS devices.

The dump logs bellow

root@openwisp:/opt/openwisp/docker-openwisp# docker compose logs -f -n 0 freeradius
docker-openwisp-freeradius-1  | (48) Received Access-Request Id 161 from 125.235.213.130:55823 to 172.18.0.13:1812 length 205
docker-openwisp-freeradius-1  | (48)   User-Name = "admin"
docker-openwisp-freeradius-1  | (48)   NAS-IP-Address = 192.168.1.100
docker-openwisp-freeradius-1  | (48)   NAS-Port = 0
docker-openwisp-freeradius-1  | (48)   NAS-Identifier = "192.168.1.100"
docker-openwisp-freeradius-1  | (48)   NAS-Port-Type = Wireless-802.11
docker-openwisp-freeradius-1  | (48)   Calling-Station-Id = "dadb914a5923"
docker-openwisp-freeradius-1  | (48)   Called-Station-Id = "04bd88c95ff0"
docker-openwisp-freeradius-1  | (48)   Service-Type = Login-User
docker-openwisp-freeradius-1  | (48)   Framed-MTU = 1100
docker-openwisp-freeradius-1  | (48)   EAP-Message = 0x0201000a0161646d696e
docker-openwisp-freeradius-1  | (48)   Aruba-Essid-Name = "radius"
docker-openwisp-freeradius-1  | (48)   Aruba-Location-Id = "04:bd:88:c9:5f:f0"
docker-openwisp-freeradius-1  | (48)   Aruba-AP-Group = "SetMeUp-C9:5F:F0"
docker-openwisp-freeradius-1  | (48)   Aruba-Device-Type = "NOFP"
docker-openwisp-freeradius-1  | (48)   Message-Authenticator = 0xc7c814a9e62595084b577c5243de76fe
docker-openwisp-freeradius-1  | (48) # Executing section authorize from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (48)   authorize {
docker-openwisp-freeradius-1  | (48) eap-org_a: Peer sent EAP Response (code 2) ID 1 length 10
docker-openwisp-freeradius-1  | (48) eap-org_a: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
docker-openwisp-freeradius-1  | (48)     [eap-org_a] = ok
docker-openwisp-freeradius-1  | (48)   } # authorize = ok
docker-openwisp-freeradius-1  | (48) Found Auth-Type = eap-org_a
docker-openwisp-freeradius-1  | (48) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (48)   Auth-Type eap-org_a {
docker-openwisp-freeradius-1  | (48) eap-org_a: Peer sent packet with method EAP Identity (1)
docker-openwisp-freeradius-1  | (48) eap-org_a: Calling submodule eap_peap to process data
docker-openwisp-freeradius-1  | (48) eap_peap: (TLS) Initiating new session
docker-openwisp-freeradius-1  | (48) eap-org_a: Sending EAP Request (code 1) ID 2 length 6
docker-openwisp-freeradius-1  | (48) eap-org_a: EAP session adding &reply:State = 0x9163d5c49161cc82
docker-openwisp-freeradius-1  | (48)     [eap-org_a] = handled
docker-openwisp-freeradius-1  | (48)   } # Auth-Type eap-org_a = handled
docker-openwisp-freeradius-1  | (48) Using Post-Auth-Type Challenge
docker-openwisp-freeradius-1  | (48) Post-Auth-Type sub-section not found.  Ignoring.
docker-openwisp-freeradius-1  | (48) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (48) session-state: Saving cached attributes
docker-openwisp-freeradius-1  | (48)   Framed-MTU = 1004
docker-openwisp-freeradius-1  | (48) Sent Access-Challenge Id 161 from 172.18.0.13:1812 to 125.235.213.130:55823 length 64
docker-openwisp-freeradius-1  | (48)   EAP-Message = 0x010200061920
docker-openwisp-freeradius-1  | (48)   Message-Authenticator = 0x00000000000000000000000000000000
docker-openwisp-freeradius-1  | (48)   State = 0x9163d5c49161cc8246ef01f5c3c072fb
docker-openwisp-freeradius-1  | (48) Finished request
docker-openwisp-freeradius-1  | Waking up in 4.9 seconds.
docker-openwisp-freeradius-1  | (49) Received Access-Request Id 162 from 125.235.213.130:55823 to 172.18.0.13:1812 length 374
docker-openwisp-freeradius-1  | (49)   User-Name = "admin"
docker-openwisp-freeradius-1  | (49)   NAS-IP-Address = 192.168.1.100
docker-openwisp-freeradius-1  | (49)   NAS-Port = 0
docker-openwisp-freeradius-1  | (49)   NAS-Identifier = "192.168.1.100"
docker-openwisp-freeradius-1  | (49)   NAS-Port-Type = Wireless-802.11
docker-openwisp-freeradius-1  | (49)   Calling-Station-Id = "dadb914a5923"
docker-openwisp-freeradius-1  | (49)   Called-Station-Id = "04bd88c95ff0"
docker-openwisp-freeradius-1  | (49)   Service-Type = Login-User
docker-openwisp-freeradius-1  | (49)   Framed-MTU = 1100
docker-openwisp-freeradius-1  | (49)   EAP-Message = 0x020200a119800000009716030100920100008e03036469bc3ca08a84cbd5065ae32836588a0fa23399deac79797103e390366eafa500002c00ffc02cc02bc024c023c00ac009c008c030c02fc028c027c014c013c012009d009c003d003c0035002f000a01000039000a00080006001700180019000b00020100000d00120010040102010501060104030203050306030005000501000000000012000000170000
docker-openwisp-freeradius-1  | (49)   State = 0x9163d5c49161cc8246ef01f5c3c072fb
docker-openwisp-freeradius-1  | (49)   Aruba-Essid-Name = "radius"
docker-openwisp-freeradius-1  | (49)   Aruba-Location-Id = "04:bd:88:c9:5f:f0"
docker-openwisp-freeradius-1  | (49)   Aruba-AP-Group = "SetMeUp-C9:5F:F0"
docker-openwisp-freeradius-1  | (49)   Aruba-Device-Type = "NOFP"
docker-openwisp-freeradius-1  | (49)   Message-Authenticator = 0xf1694c2ac8b51095fd890004d5f74136
docker-openwisp-freeradius-1  | (49) Restoring &session-state
docker-openwisp-freeradius-1  | (49)   &session-state:Framed-MTU = 1004
docker-openwisp-freeradius-1  | (49) # Executing section authorize from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (49)   authorize {
docker-openwisp-freeradius-1  | (49) eap-org_a: Peer sent EAP Response (code 2) ID 2 length 161
docker-openwisp-freeradius-1  | (49) eap-org_a: Continuing tunnel setup
docker-openwisp-freeradius-1  | (49)     [eap-org_a] = ok
docker-openwisp-freeradius-1  | (49)   } # authorize = ok
docker-openwisp-freeradius-1  | (49) Found Auth-Type = eap-org_a
docker-openwisp-freeradius-1  | (49) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (49)   Auth-Type eap-org_a {
docker-openwisp-freeradius-1  | (49) eap-org_a: Expiring EAP session with state 0x9163d5c49161cc82
docker-openwisp-freeradius-1  | (49) eap-org_a: Finished EAP session with state 0x9163d5c49161cc82
docker-openwisp-freeradius-1  | (49) eap-org_a: Previous EAP request found for state 0x9163d5c49161cc82, released from the list
docker-openwisp-freeradius-1  | (49) eap-org_a: Peer sent packet with method EAP PEAP (25)
docker-openwisp-freeradius-1  | (49) eap-org_a: Calling submodule eap_peap to process data
docker-openwisp-freeradius-1  | (49) eap_peap: (TLS) EAP Peer says that the final record size will be 151 bytes
docker-openwisp-freeradius-1  | (49) eap_peap: (TLS) EAP Got all data (151 bytes)
docker-openwisp-freeradius-1  | (49) eap_peap: (TLS) Handshake state - before SSL initialization
docker-openwisp-freeradius-1  | (49) eap_peap: (TLS) Handshake state - Server before SSL initialization
docker-openwisp-freeradius-1  | (49) eap_peap: (TLS) Handshake state - Server before SSL initialization
docker-openwisp-freeradius-1  | (49) eap_peap: (TLS) recv TLS 1.3 Handshake, ClientHello
docker-openwisp-freeradius-1  | (49) eap_peap: (TLS) Handshake state - Server SSLv3/TLS read client hello
docker-openwisp-freeradius-1  | (49) eap_peap: (TLS) send TLS 1.2 Handshake, ServerHello
docker-openwisp-freeradius-1  | (49) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write server hello
docker-openwisp-freeradius-1  | (49) eap_peap: (TLS) send TLS 1.2 Handshake, Certificate
docker-openwisp-freeradius-1  | (49) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write certificate
docker-openwisp-freeradius-1  | (49) eap_peap: (TLS) send TLS 1.2 Handshake, ServerKeyExchange
docker-openwisp-freeradius-1  | (49) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write key exchange
docker-openwisp-freeradius-1  | (49) eap_peap: (TLS) send TLS 1.2 Handshake, ServerHelloDone
docker-openwisp-freeradius-1  | (49) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write server done
docker-openwisp-freeradius-1  | (49) eap_peap: (TLS) Server : Need to read more data: SSLv3/TLS write server done
docker-openwisp-freeradius-1  | (49) eap_peap: (TLS) In Handshake Phase
docker-openwisp-freeradius-1  | (49) eap-org_a: Sending EAP Request (code 1) ID 3 length 1014
docker-openwisp-freeradius-1  | (49) eap-org_a: EAP session adding &reply:State = 0x9163d5c49060cc82
docker-openwisp-freeradius-1  | (49)     [eap-org_a] = handled
docker-openwisp-freeradius-1  | (49)   } # Auth-Type eap-org_a = handled
docker-openwisp-freeradius-1  | (49) Using Post-Auth-Type Challenge
docker-openwisp-freeradius-1  | (49) Post-Auth-Type sub-section not found.  Ignoring.
docker-openwisp-freeradius-1  | (49) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (49) session-state: Saving cached attributes
docker-openwisp-freeradius-1  | (49)   Framed-MTU = 1004
docker-openwisp-freeradius-1  | (49)   TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1  | (49)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1  | (49)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1  | (49)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1  | (49)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1  | (49) Sent Access-Challenge Id 162 from 172.18.0.13:1812 to 125.235.213.130:55823 length 1080
docker-openwisp-freeradius-1  | (49)   EAP-Message = 0x010303f619c0000013e5160303003d020000390303652422800101c4706de36d336a264e820d9bf7aefe14a0891afb1dcce251833100c030000011ff01000100000b0004030001020017000016030312430b00123f00123c00063a308206363082051ea0030201020210568a648a213ae3b9f403cfc98d75d9bb300d06092a864886f70d01010b050030818f310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f726431183016060355040a130f5365637469676f204c696d69746564313730350603550403132e5365637469676f2052534120446f6d61696e2056616c69646174696f6e2053656375726520536572766572204341301e170d3233303531353030303030305a170d3234303531353233353935395a3018311630140603550403130d616c706861747275652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d5
docker-openwisp-freeradius-1  | (49)   Message-Authenticator = 0x00000000000000000000000000000000
docker-openwisp-freeradius-1  | (49)   State = 0x9163d5c49060cc8246ef01f5c3c072fb
docker-openwisp-freeradius-1  | (49) Finished request
docker-openwisp-freeradius-1  | Waking up in 4.8 seconds.
docker-openwisp-freeradius-1  | (50) Received Access-Request Id 163 from 125.235.213.130:55823 to 172.18.0.13:1812 length 219
docker-openwisp-freeradius-1  | (50)   User-Name = "admin"
docker-openwisp-freeradius-1  | (50)   NAS-IP-Address = 192.168.1.100
docker-openwisp-freeradius-1  | (50)   NAS-Port = 0
docker-openwisp-freeradius-1  | (50)   NAS-Identifier = "192.168.1.100"
docker-openwisp-freeradius-1  | (50)   NAS-Port-Type = Wireless-802.11
docker-openwisp-freeradius-1  | (50)   Calling-Station-Id = "dadb914a5923"
docker-openwisp-freeradius-1  | (50)   Called-Station-Id = "04bd88c95ff0"
docker-openwisp-freeradius-1  | (50)   Service-Type = Login-User
docker-openwisp-freeradius-1  | (50)   Framed-MTU = 1100
docker-openwisp-freeradius-1  | (50)   EAP-Message = 0x020300061900
docker-openwisp-freeradius-1  | (50)   State = 0x9163d5c49060cc8246ef01f5c3c072fb
docker-openwisp-freeradius-1  | (50)   Aruba-Essid-Name = "radius"
docker-openwisp-freeradius-1  | (50)   Aruba-Location-Id = "04:bd:88:c9:5f:f0"
docker-openwisp-freeradius-1  | (50)   Aruba-AP-Group = "SetMeUp-C9:5F:F0"
docker-openwisp-freeradius-1  | (50)   Aruba-Device-Type = "NOFP"
docker-openwisp-freeradius-1  | (50)   Message-Authenticator = 0xda6f99bcb17587b4205d1ee9cc402d8e
docker-openwisp-freeradius-1  | (50) Restoring &session-state
docker-openwisp-freeradius-1  | (50)   &session-state:Framed-MTU = 1004
docker-openwisp-freeradius-1  | (50)   &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1  | (50)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1  | (50)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1  | (50)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1  | (50)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1  | (50) # Executing section authorize from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (50)   authorize {
docker-openwisp-freeradius-1  | (50) eap-org_a: Peer sent EAP Response (code 2) ID 3 length 6
docker-openwisp-freeradius-1  | (50) eap-org_a: Continuing tunnel setup
docker-openwisp-freeradius-1  | (50)     [eap-org_a] = ok
docker-openwisp-freeradius-1  | (50)   } # authorize = ok
docker-openwisp-freeradius-1  | (50) Found Auth-Type = eap-org_a
docker-openwisp-freeradius-1  | (50) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (50)   Auth-Type eap-org_a {
docker-openwisp-freeradius-1  | (50) eap-org_a: Expiring EAP session with state 0x9163d5c49060cc82
docker-openwisp-freeradius-1  | (50) eap-org_a: Finished EAP session with state 0x9163d5c49060cc82
docker-openwisp-freeradius-1  | (50) eap-org_a: Previous EAP request found for state 0x9163d5c49060cc82, released from the list
docker-openwisp-freeradius-1  | (50) eap-org_a: Peer sent packet with method EAP PEAP (25)
docker-openwisp-freeradius-1  | (50) eap-org_a: Calling submodule eap_peap to process data
docker-openwisp-freeradius-1  | (50) eap_peap: (TLS) Peer ACKed our handshake fragment
docker-openwisp-freeradius-1  | (50) eap-org_a: Sending EAP Request (code 1) ID 4 length 1010
docker-openwisp-freeradius-1  | (50) eap-org_a: EAP session adding &reply:State = 0x9163d5c49367cc82
docker-openwisp-freeradius-1  | (50)     [eap-org_a] = handled
docker-openwisp-freeradius-1  | (50)   } # Auth-Type eap-org_a = handled
docker-openwisp-freeradius-1  | (50) Using Post-Auth-Type Challenge
docker-openwisp-freeradius-1  | (50) Post-Auth-Type sub-section not found.  Ignoring.
docker-openwisp-freeradius-1  | (50) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (50) session-state: Saving cached attributes
docker-openwisp-freeradius-1  | (50)   Framed-MTU = 1004
docker-openwisp-freeradius-1  | (50)   TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1  | (50)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1  | (50)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1  | (50)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1  | (50)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1  | (50) Sent Access-Challenge Id 163 from 172.18.0.13:1812 to 125.235.213.130:55823 length 1074
docker-openwisp-freeradius-1  | (50)   EAP-Message = 0x010403f2194061747275652e636f6d3082017e060a2b06010401d6790204020482016e0482016a016800760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a74000001881de2b5e20000040300473045022100e4469484e3d53a1030b972bcb6346f16f7278c98ff34a42130cd43bfba4f8570022055b6a0e3f01b6f8f3dc45de7860e63fc38533ad3755ea0443dc38cf7ca46456f007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab000001881de2b6330000040300473045022026e1cd99e6627eb0d277d7cb7676b534b3d6be7e89fea365345122a5fb51cc0f022100fe5ff9b10ae18798bc0adb22e4b1c1e85c26f15afdcabfa95a1c0a7d34b6dd90007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b000001881de2b60a000004030047304502203c55884dece5451211f3638d06a7170f52589e15501b3b24891853589a6887ed022100a9ed00faf8d9
docker-openwisp-freeradius-1  | (50)   Message-Authenticator = 0x00000000000000000000000000000000
docker-openwisp-freeradius-1  | (50)   State = 0x9163d5c49367cc8246ef01f5c3c072fb
docker-openwisp-freeradius-1  | (50) Finished request
docker-openwisp-freeradius-1  | Waking up in 4.6 seconds.
docker-openwisp-freeradius-1  | (51) Received Access-Request Id 164 from 125.235.213.130:55823 to 172.18.0.13:1812 length 219
docker-openwisp-freeradius-1  | (51)   User-Name = "admin"
docker-openwisp-freeradius-1  | (51)   NAS-IP-Address = 192.168.1.100
docker-openwisp-freeradius-1  | (51)   NAS-Port = 0
docker-openwisp-freeradius-1  | (51)   NAS-Identifier = "192.168.1.100"
docker-openwisp-freeradius-1  | (51)   NAS-Port-Type = Wireless-802.11
docker-openwisp-freeradius-1  | (51)   Calling-Station-Id = "dadb914a5923"
docker-openwisp-freeradius-1  | (51)   Called-Station-Id = "04bd88c95ff0"
docker-openwisp-freeradius-1  | (51)   Service-Type = Login-User
docker-openwisp-freeradius-1  | (51)   Framed-MTU = 1100
docker-openwisp-freeradius-1  | (51)   EAP-Message = 0x020400061900
docker-openwisp-freeradius-1  | (51)   State = 0x9163d5c49367cc8246ef01f5c3c072fb
docker-openwisp-freeradius-1  | (51)   Aruba-Essid-Name = "radius"
docker-openwisp-freeradius-1  | (51)   Aruba-Location-Id = "04:bd:88:c9:5f:f0"
docker-openwisp-freeradius-1  | (51)   Aruba-AP-Group = "SetMeUp-C9:5F:F0"
docker-openwisp-freeradius-1  | (51)   Aruba-Device-Type = "NOFP"
docker-openwisp-freeradius-1  | (51)   Message-Authenticator = 0xac40676186705627dc1fd83eb7f9159c
docker-openwisp-freeradius-1  | (51) Restoring &session-state
docker-openwisp-freeradius-1  | (51)   &session-state:Framed-MTU = 1004
docker-openwisp-freeradius-1  | (51)   &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1  | (51)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1  | (51)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1  | (51)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1  | (51)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1  | (51) # Executing section authorize from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (51)   authorize {
docker-openwisp-freeradius-1  | (51) eap-org_a: Peer sent EAP Response (code 2) ID 4 length 6
docker-openwisp-freeradius-1  | (51) eap-org_a: Continuing tunnel setup
docker-openwisp-freeradius-1  | (51)     [eap-org_a] = ok
docker-openwisp-freeradius-1  | (51)   } # authorize = ok
docker-openwisp-freeradius-1  | (51) Found Auth-Type = eap-org_a
docker-openwisp-freeradius-1  | (51) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (51)   Auth-Type eap-org_a {
docker-openwisp-freeradius-1  | (51) eap-org_a: Expiring EAP session with state 0x9163d5c49367cc82
docker-openwisp-freeradius-1  | (51) eap-org_a: Finished EAP session with state 0x9163d5c49367cc82
docker-openwisp-freeradius-1  | (51) eap-org_a: Previous EAP request found for state 0x9163d5c49367cc82, released from the list
docker-openwisp-freeradius-1  | (51) eap-org_a: Peer sent packet with method EAP PEAP (25)
docker-openwisp-freeradius-1  | (51) eap-org_a: Calling submodule eap_peap to process data
docker-openwisp-freeradius-1  | (51) eap_peap: (TLS) Peer ACKed our handshake fragment
docker-openwisp-freeradius-1  | (51) eap-org_a: Sending EAP Request (code 1) ID 5 length 1010
docker-openwisp-freeradius-1  | (51) eap-org_a: EAP session adding &reply:State = 0x9163d5c49266cc82
docker-openwisp-freeradius-1  | (51)     [eap-org_a] = handled
docker-openwisp-freeradius-1  | (51)   } # Auth-Type eap-org_a = handled
docker-openwisp-freeradius-1  | (51) Using Post-Auth-Type Challenge
docker-openwisp-freeradius-1  | (51) Post-Auth-Type sub-section not found.  Ignoring.
docker-openwisp-freeradius-1  | (51) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (51) session-state: Saving cached attributes
docker-openwisp-freeradius-1  | (51)   Framed-MTU = 1004
docker-openwisp-freeradius-1  | (51)   TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1  | (51)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1  | (51)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1  | (51)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1  | (51)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1  | (51) Sent Access-Challenge Id 164 from 172.18.0.13:1812 to 125.235.213.130:55823 length 1074
docker-openwisp-freeradius-1  | (51)   EAP-Message = 0x010503f219406f6d61696e2056616c69646174696f6e205365637572652053657276657220434130820122300d06092a864886f70d01010105000382010f003082010a0282010100d67333d6d73c20d000d21745b8d63e07a23fc741ee3230c9b06cfdf49fcb12980f2d3f8d4d010c820f177f622ee9b84879fb16834eadd7322593b707bfb9503fa94cc3402ae939ffd981ca1f163241da8026b9237a87201ee3ff209a3c95446f8775069040b4329316091008233ed2dd870f6f5d51146a0a69c54f017269cfd3934c6d04a0a31b827eb19ab9edc59ec537789f9a0834fb562e58c4090e06645bbc37dcf19f2868a856b092a35c9fbb8898081b241dab3085aeafb02e9e7a9dc1c0421ce202f0eae04ad2ef900eb4c14016f06f85424a64f7a430a0febf2ea3275a8e8b58b8adc319178463ed6f56fd83cb6034c474bee69ddbe1e4e5ca0c5f150203010001a382016e3082016a301f0603551d230418301680145379bf5aaa2b4acf5480e1d89bc09df2b20366cb30
docker-openwisp-freeradius-1  | (51)   Message-Authenticator = 0x00000000000000000000000000000000
docker-openwisp-freeradius-1  | (51)   State = 0x9163d5c49266cc8246ef01f5c3c072fb
docker-openwisp-freeradius-1  | (51) Finished request
docker-openwisp-freeradius-1  | Waking up in 4.5 seconds.
docker-openwisp-freeradius-1  | (52) Received Access-Request Id 165 from 125.235.213.130:55823 to 172.18.0.13:1812 length 219
docker-openwisp-freeradius-1  | (52)   User-Name = "admin"
docker-openwisp-freeradius-1  | (52)   NAS-IP-Address = 192.168.1.100
docker-openwisp-freeradius-1  | (52)   NAS-Port = 0
docker-openwisp-freeradius-1  | (52)   NAS-Identifier = "192.168.1.100"
docker-openwisp-freeradius-1  | (52)   NAS-Port-Type = Wireless-802.11
docker-openwisp-freeradius-1  | (52)   Calling-Station-Id = "dadb914a5923"
docker-openwisp-freeradius-1  | (52)   Called-Station-Id = "04bd88c95ff0"
docker-openwisp-freeradius-1  | (52)   Service-Type = Login-User
docker-openwisp-freeradius-1  | (52)   Framed-MTU = 1100
docker-openwisp-freeradius-1  | (52)   EAP-Message = 0x020500061900
docker-openwisp-freeradius-1  | (52)   State = 0x9163d5c49266cc8246ef01f5c3c072fb
docker-openwisp-freeradius-1  | (52)   Aruba-Essid-Name = "radius"
docker-openwisp-freeradius-1  | (52)   Aruba-Location-Id = "04:bd:88:c9:5f:f0"
docker-openwisp-freeradius-1  | (52)   Aruba-AP-Group = "SetMeUp-C9:5F:F0"
docker-openwisp-freeradius-1  | (52)   Aruba-Device-Type = "NOFP"
docker-openwisp-freeradius-1  | (52)   Message-Authenticator = 0x2f481697cf0f924509f7a324f8bd32ee
docker-openwisp-freeradius-1  | (52) Restoring &session-state
docker-openwisp-freeradius-1  | (52)   &session-state:Framed-MTU = 1004
docker-openwisp-freeradius-1  | (52)   &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1  | (52)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1  | (52)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1  | (52)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1  | (52)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1  | (52) # Executing section authorize from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (52)   authorize {
docker-openwisp-freeradius-1  | (52) eap-org_a: Peer sent EAP Response (code 2) ID 5 length 6
docker-openwisp-freeradius-1  | (52) eap-org_a: Continuing tunnel setup
docker-openwisp-freeradius-1  | (52)     [eap-org_a] = ok
docker-openwisp-freeradius-1  | (52)   } # authorize = ok
docker-openwisp-freeradius-1  | (52) Found Auth-Type = eap-org_a
docker-openwisp-freeradius-1  | (52) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (52)   Auth-Type eap-org_a {
docker-openwisp-freeradius-1  | (52) eap-org_a: Expiring EAP session with state 0x9163d5c49266cc82
docker-openwisp-freeradius-1  | (52) eap-org_a: Finished EAP session with state 0x9163d5c49266cc82
docker-openwisp-freeradius-1  | (52) eap-org_a: Previous EAP request found for state 0x9163d5c49266cc82, released from the list
docker-openwisp-freeradius-1  | (52) eap-org_a: Peer sent packet with method EAP PEAP (25)
docker-openwisp-freeradius-1  | (52) eap-org_a: Calling submodule eap_peap to process data
docker-openwisp-freeradius-1  | (52) eap_peap: (TLS) Peer ACKed our handshake fragment
docker-openwisp-freeradius-1  | (52) eap-org_a: Sending EAP Request (code 1) ID 6 length 1010
docker-openwisp-freeradius-1  | (52) eap-org_a: EAP session adding &reply:State = 0x9163d5c49565cc82
docker-openwisp-freeradius-1  | (52)     [eap-org_a] = handled
docker-openwisp-freeradius-1  | (52)   } # Auth-Type eap-org_a = handled
docker-openwisp-freeradius-1  | (52) Using Post-Auth-Type Challenge
docker-openwisp-freeradius-1  | (52) Post-Auth-Type sub-section not found.  Ignoring.
docker-openwisp-freeradius-1  | (52) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (52) session-state: Saving cached attributes
docker-openwisp-freeradius-1  | (52)   Framed-MTU = 1004
docker-openwisp-freeradius-1  | (52)   TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1  | (52)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1  | (52)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1  | (52)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1  | (52)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1  | (52) Sent Access-Challenge Id 165 from 172.18.0.13:1812 to 125.235.213.130:55823 length 1074
docker-openwisp-freeradius-1  | (52)   EAP-Message = 0x010603f21940a405875ba9b7b8a3200b97a94585ddb38be589378e290dfc0617f638400e42e41206fb7bf3c6116862dfe398f413d8154f8bb169d91060bc642aea31b7e4b5a33a149b26e30b7bfd028eb699c138975936f6a874a286b65eebc664eacfa0a3f96e9eba2d11b6869808582dc9ac2564f25e75b438c1ae7f5a4683ea51cab6f19911356ba56a7bc600b0e7f8be64b2adc8c2f1ace351eaa493e079c8e18140c90a5be1123cc1602ae397c08942ca94cf46981269bb98d0c2d30d724b476ee593c43228638743e4b0323e0ad34bbf239b1429412b9a041f932df1c739483cad5a127f0005e2308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c
docker-openwisp-freeradius-1  | (52)   Message-Authenticator = 0x00000000000000000000000000000000
docker-openwisp-freeradius-1  | (52)   State = 0x9163d5c49565cc8246ef01f5c3c072fb
docker-openwisp-freeradius-1  | (52) Finished request
docker-openwisp-freeradius-1  | Waking up in 4.3 seconds.
docker-openwisp-freeradius-1  | (53) Received Access-Request Id 166 from 125.235.213.130:55823 to 172.18.0.13:1812 length 219
docker-openwisp-freeradius-1  | (53)   User-Name = "admin"
docker-openwisp-freeradius-1  | (53)   NAS-IP-Address = 192.168.1.100
docker-openwisp-freeradius-1  | (53)   NAS-Port = 0
docker-openwisp-freeradius-1  | (53)   NAS-Identifier = "192.168.1.100"
docker-openwisp-freeradius-1  | (53)   NAS-Port-Type = Wireless-802.11
docker-openwisp-freeradius-1  | (53)   Calling-Station-Id = "dadb914a5923"
docker-openwisp-freeradius-1  | (53)   Called-Station-Id = "04bd88c95ff0"
docker-openwisp-freeradius-1  | (53)   Service-Type = Login-User
docker-openwisp-freeradius-1  | (53)   Framed-MTU = 1100
docker-openwisp-freeradius-1  | (53)   EAP-Message = 0x020600061900
docker-openwisp-freeradius-1  | (53)   State = 0x9163d5c49565cc8246ef01f5c3c072fb
docker-openwisp-freeradius-1  | (53)   Aruba-Essid-Name = "radius"
docker-openwisp-freeradius-1  | (53)   Aruba-Location-Id = "04:bd:88:c9:5f:f0"
docker-openwisp-freeradius-1  | (53)   Aruba-AP-Group = "SetMeUp-C9:5F:F0"
docker-openwisp-freeradius-1  | (53)   Aruba-Device-Type = "NOFP"
docker-openwisp-freeradius-1  | (53)   Message-Authenticator = 0x397b67b8656b70a77c18d80ca4894b89
docker-openwisp-freeradius-1  | (53) Restoring &session-state
docker-openwisp-freeradius-1  | (53)   &session-state:Framed-MTU = 1004
docker-openwisp-freeradius-1  | (53)   &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1  | (53)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1  | (53)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1  | (53)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1  | (53)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1  | (53) # Executing section authorize from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (53)   authorize {
docker-openwisp-freeradius-1  | (53) eap-org_a: Peer sent EAP Response (code 2) ID 6 length 6
docker-openwisp-freeradius-1  | (53) eap-org_a: Continuing tunnel setup
docker-openwisp-freeradius-1  | (53)     [eap-org_a] = ok
docker-openwisp-freeradius-1  | (53)   } # authorize = ok
docker-openwisp-freeradius-1  | (53) Found Auth-Type = eap-org_a
docker-openwisp-freeradius-1  | (53) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (53)   Auth-Type eap-org_a {
docker-openwisp-freeradius-1  | (53) eap-org_a: Expiring EAP session with state 0x9163d5c49565cc82
docker-openwisp-freeradius-1  | (53) eap-org_a: Finished EAP session with state 0x9163d5c49565cc82
docker-openwisp-freeradius-1  | (53) eap-org_a: Previous EAP request found for state 0x9163d5c49565cc82, released from the list
docker-openwisp-freeradius-1  | (53) eap-org_a: Peer sent packet with method EAP PEAP (25)
docker-openwisp-freeradius-1  | (53) eap-org_a: Calling submodule eap_peap to process data
docker-openwisp-freeradius-1  | (53) eap_peap: (TLS) Peer ACKed our handshake fragment
docker-openwisp-freeradius-1  | (53) eap-org_a: Sending EAP Request (code 1) ID 7 length 1010
docker-openwisp-freeradius-1  | (53) eap-org_a: EAP session adding &reply:State = 0x9163d5c49464cc82
docker-openwisp-freeradius-1  | (53)     [eap-org_a] = handled
docker-openwisp-freeradius-1  | (53)   } # Auth-Type eap-org_a = handled
docker-openwisp-freeradius-1  | (53) Using Post-Auth-Type Challenge
docker-openwisp-freeradius-1  | (53) Post-Auth-Type sub-section not found.  Ignoring.
docker-openwisp-freeradius-1  | (53) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (53) session-state: Saving cached attributes
docker-openwisp-freeradius-1  | (53)   Framed-MTU = 1004
docker-openwisp-freeradius-1  | (53)   TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1  | (53)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1  | (53)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1  | (53)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1  | (53)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1  | (53) Sent Access-Challenge Id 166 from 172.18.0.13:1812 to 125.235.213.130:55823 length 1074
docker-openwisp-freeradius-1  | (53)   EAP-Message = 0x010703f2194055740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282e
docker-openwisp-freeradius-1  | (53)   Message-Authenticator = 0x00000000000000000000000000000000
docker-openwisp-freeradius-1  | (53)   State = 0x9163d5c49464cc8246ef01f5c3c072fb
docker-openwisp-freeradius-1  | (53) Finished request
docker-openwisp-freeradius-1  | Waking up in 4.2 seconds.
docker-openwisp-freeradius-1  | (54) Received Access-Request Id 167 from 125.235.213.130:55823 to 172.18.0.13:1812 length 219
docker-openwisp-freeradius-1  | (54)   User-Name = "admin"
docker-openwisp-freeradius-1  | (54)   NAS-IP-Address = 192.168.1.100
docker-openwisp-freeradius-1  | (54)   NAS-Port = 0
docker-openwisp-freeradius-1  | (54)   NAS-Identifier = "192.168.1.100"
docker-openwisp-freeradius-1  | (54)   NAS-Port-Type = Wireless-802.11
docker-openwisp-freeradius-1  | (54)   Calling-Station-Id = "dadb914a5923"
docker-openwisp-freeradius-1  | (54)   Called-Station-Id = "04bd88c95ff0"
docker-openwisp-freeradius-1  | (54)   Service-Type = Login-User
docker-openwisp-freeradius-1  | (54)   Framed-MTU = 1100
docker-openwisp-freeradius-1  | (54)   EAP-Message = 0x020700061900
docker-openwisp-freeradius-1  | (54)   State = 0x9163d5c49464cc8246ef01f5c3c072fb
docker-openwisp-freeradius-1  | (54)   Aruba-Essid-Name = "radius"
docker-openwisp-freeradius-1  | (54)   Aruba-Location-Id = "04:bd:88:c9:5f:f0"
docker-openwisp-freeradius-1  | (54)   Aruba-AP-Group = "SetMeUp-C9:5F:F0"
docker-openwisp-freeradius-1  | (54)   Aruba-Device-Type = "NOFP"
docker-openwisp-freeradius-1  | (54)   Message-Authenticator = 0x5d8a007fae953c0dbc3f6b3bda7afa40
docker-openwisp-freeradius-1  | (54) Restoring &session-state
docker-openwisp-freeradius-1  | (54)   &session-state:Framed-MTU = 1004
docker-openwisp-freeradius-1  | (54)   &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1  | (54)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1  | (54)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1  | (54)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1  | (54)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1  | (54) # Executing section authorize from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (54)   authorize {
docker-openwisp-freeradius-1  | (54) eap-org_a: Peer sent EAP Response (code 2) ID 7 length 6
docker-openwisp-freeradius-1  | (54) eap-org_a: Continuing tunnel setup
docker-openwisp-freeradius-1  | (54)     [eap-org_a] = ok
docker-openwisp-freeradius-1  | (54)   } # authorize = ok
docker-openwisp-freeradius-1  | (54) Found Auth-Type = eap-org_a
docker-openwisp-freeradius-1  | (54) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (54)   Auth-Type eap-org_a {
docker-openwisp-freeradius-1  | (54) eap-org_a: Expiring EAP session with state 0x9163d5c49464cc82
docker-openwisp-freeradius-1  | (54) eap-org_a: Finished EAP session with state 0x9163d5c49464cc82
docker-openwisp-freeradius-1  | (54) eap-org_a: Previous EAP request found for state 0x9163d5c49464cc82, released from the list
docker-openwisp-freeradius-1  | (54) eap-org_a: Peer sent packet with method EAP PEAP (25)
docker-openwisp-freeradius-1  | (54) eap-org_a: Calling submodule eap_peap to process data
docker-openwisp-freeradius-1  | (54) eap_peap: (TLS) Peer ACKed our handshake fragment
docker-openwisp-freeradius-1  | (54) eap-org_a: Sending EAP Request (code 1) ID 8 length 79
docker-openwisp-freeradius-1  | (54) eap-org_a: EAP session adding &reply:State = 0x9163d5c4976bcc82
docker-openwisp-freeradius-1  | (54)     [eap-org_a] = handled
docker-openwisp-freeradius-1  | (54)   } # Auth-Type eap-org_a = handled
docker-openwisp-freeradius-1  | (54) Using Post-Auth-Type Challenge
docker-openwisp-freeradius-1  | (54) Post-Auth-Type sub-section not found.  Ignoring.
docker-openwisp-freeradius-1  | (54) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (54) session-state: Saving cached attributes
docker-openwisp-freeradius-1  | (54)   Framed-MTU = 1004
docker-openwisp-freeradius-1  | (54)   TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1  | (54)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1  | (54)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1  | (54)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1  | (54)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1  | (54) Sent Access-Challenge Id 167 from 172.18.0.13:1812 to 125.235.213.130:55823 length 137
docker-openwisp-freeradius-1  | (54)   EAP-Message = 0x0108004f190084024cd2768641bd966a1d83aa6e96a7e8df4fa245e1a1a2a4e70b8bf71be3fd02b926e859261b68993a7ca2d69d1e1bc57435774b9d1c893698944c9de0802d16030300040e000000
docker-openwisp-freeradius-1  | (54)   Message-Authenticator = 0x00000000000000000000000000000000
docker-openwisp-freeradius-1  | (54)   State = 0x9163d5c4976bcc8246ef01f5c3c072fb
docker-openwisp-freeradius-1  | (54) Finished request
docker-openwisp-freeradius-1  | Waking up in 4.1 seconds.
docker-openwisp-freeradius-1  | (55) Received Access-Request Id 168 from 125.235.213.130:55823 to 172.18.0.13:1812 length 349
docker-openwisp-freeradius-1  | (55)   User-Name = "admin"
docker-openwisp-freeradius-1  | (55)   NAS-IP-Address = 192.168.1.100
docker-openwisp-freeradius-1  | (55)   NAS-Port = 0
docker-openwisp-freeradius-1  | (55)   NAS-Identifier = "192.168.1.100"
docker-openwisp-freeradius-1  | (55)   NAS-Port-Type = Wireless-802.11
docker-openwisp-freeradius-1  | (55)   Calling-Station-Id = "dadb914a5923"
docker-openwisp-freeradius-1  | (55)   Called-Station-Id = "04bd88c95ff0"
docker-openwisp-freeradius-1  | (55)   Service-Type = Login-User
docker-openwisp-freeradius-1  | (55)   Framed-MTU = 1100
docker-openwisp-freeradius-1  | (55)   EAP-Message = 0x0208008819800000007e16030300461000004241041adda2e5e42659f2b9a27cdff6f383962f4b89c168c688120e43e91aa793587d724ddf73889953ebde275db256ec8988948d393e19d10f159e4e978ff50fa07114030300010116030300286061d917dfab46ad8f25d68f7e48be73928af2703a05d309ba642aa20cbbd3fedf3a4adb4eca6de4
docker-openwisp-freeradius-1  | (55)   State = 0x9163d5c4976bcc8246ef01f5c3c072fb
docker-openwisp-freeradius-1  | (55)   Aruba-Essid-Name = "radius"
docker-openwisp-freeradius-1  | (55)   Aruba-Location-Id = "04:bd:88:c9:5f:f0"
docker-openwisp-freeradius-1  | (55)   Aruba-AP-Group = "SetMeUp-C9:5F:F0"
docker-openwisp-freeradius-1  | (55)   Aruba-Device-Type = "NOFP"
docker-openwisp-freeradius-1  | (55)   Message-Authenticator = 0xa5f2f051f5bb2457ff808610dae829df
docker-openwisp-freeradius-1  | (55) Restoring &session-state
docker-openwisp-freeradius-1  | (55)   &session-state:Framed-MTU = 1004
toanalien commented 1 year ago

Log is too long so I split 2 parts

docker-openwisp-freeradius-1  | (55)   &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1  | (55)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1  | (55)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1  | (55)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1  | (55)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1  | (55) # Executing section authorize from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (55)   authorize {
docker-openwisp-freeradius-1  | (55) eap-org_a: Peer sent EAP Response (code 2) ID 8 length 136
docker-openwisp-freeradius-1  | (55) eap-org_a: Continuing tunnel setup
docker-openwisp-freeradius-1  | (55)     [eap-org_a] = ok
docker-openwisp-freeradius-1  | (55)   } # authorize = ok
docker-openwisp-freeradius-1  | (55) Found Auth-Type = eap-org_a
docker-openwisp-freeradius-1  | (55) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (55)   Auth-Type eap-org_a {
docker-openwisp-freeradius-1  | (55) eap-org_a: Expiring EAP session with state 0x9163d5c4976bcc82
docker-openwisp-freeradius-1  | (55) eap-org_a: Finished EAP session with state 0x9163d5c4976bcc82
docker-openwisp-freeradius-1  | (55) eap-org_a: Previous EAP request found for state 0x9163d5c4976bcc82, released from the list
docker-openwisp-freeradius-1  | (55) eap-org_a: Peer sent packet with method EAP PEAP (25)
docker-openwisp-freeradius-1  | (55) eap-org_a: Calling submodule eap_peap to process data
docker-openwisp-freeradius-1  | (55) eap_peap: (TLS) EAP Peer says that the final record size will be 126 bytes
docker-openwisp-freeradius-1  | (55) eap_peap: (TLS) EAP Got all data (126 bytes)
docker-openwisp-freeradius-1  | (55) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write server done
docker-openwisp-freeradius-1  | (55) eap_peap: (TLS) recv TLS 1.2 Handshake, ClientKeyExchange
docker-openwisp-freeradius-1  | (55) eap_peap: (TLS) Handshake state - Server SSLv3/TLS read client key exchange
docker-openwisp-freeradius-1  | (55) eap_peap: (TLS) Handshake state - Server SSLv3/TLS read change cipher spec
docker-openwisp-freeradius-1  | (55) eap_peap: (TLS) recv TLS 1.2 Handshake, Finished
docker-openwisp-freeradius-1  | (55) eap_peap: (TLS) Handshake state - Server SSLv3/TLS read finished
docker-openwisp-freeradius-1  | (55) eap_peap: (TLS) send TLS 1.2 ChangeCipherSpec
docker-openwisp-freeradius-1  | (55) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write change cipher spec
docker-openwisp-freeradius-1  | (55) eap_peap: (TLS) send TLS 1.2 Handshake, Finished
docker-openwisp-freeradius-1  | (55) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write finished
docker-openwisp-freeradius-1  | (55) eap_peap: (TLS) Handshake state - SSL negotiation finished successfully
docker-openwisp-freeradius-1  | (55) eap_peap: (TLS) Connection Established
docker-openwisp-freeradius-1  | (55) eap_peap:   TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
docker-openwisp-freeradius-1  | (55) eap_peap:   TLS-Session-Version = "TLS 1.2"
docker-openwisp-freeradius-1  | (55) eap-org_a: Sending EAP Request (code 1) ID 9 length 57
docker-openwisp-freeradius-1  | (55) eap-org_a: EAP session adding &reply:State = 0x9163d5c4966acc82
docker-openwisp-freeradius-1  | (55)     [eap-org_a] = handled
docker-openwisp-freeradius-1  | (55)   } # Auth-Type eap-org_a = handled
docker-openwisp-freeradius-1  | (55) Using Post-Auth-Type Challenge
docker-openwisp-freeradius-1  | (55) Post-Auth-Type sub-section not found.  Ignoring.
docker-openwisp-freeradius-1  | (55) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (55) session-state: Saving cached attributes
docker-openwisp-freeradius-1  | (55)   Framed-MTU = 1004
docker-openwisp-freeradius-1  | (55)   TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1  | (55)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1  | (55)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1  | (55)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1  | (55)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1  | (55)   TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange"
docker-openwisp-freeradius-1  | (55)   TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1  | (55)   TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec"
docker-openwisp-freeradius-1  | (55)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1  | (55)   TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
docker-openwisp-freeradius-1  | (55)   TLS-Session-Version = "TLS 1.2"
docker-openwisp-freeradius-1  | (55) Sent Access-Challenge Id 168 from 172.18.0.13:1812 to 125.235.213.130:55823 length 115
docker-openwisp-freeradius-1  | (55)   EAP-Message = 0x01090039190014030300010116030300288e2f8e6218f7b3c8af6eb1c8800d3d336627d9291e235295acebb712e8999cafea42a60b3b457a46
docker-openwisp-freeradius-1  | (55)   Message-Authenticator = 0x00000000000000000000000000000000
docker-openwisp-freeradius-1  | (55)   State = 0x9163d5c4966acc8246ef01f5c3c072fb
docker-openwisp-freeradius-1  | (55) Finished request
docker-openwisp-freeradius-1  | Waking up in 4.0 seconds.
docker-openwisp-freeradius-1  | (56) Received Access-Request Id 169 from 125.235.213.130:55823 to 172.18.0.13:1812 length 219
docker-openwisp-freeradius-1  | (56)   User-Name = "admin"
docker-openwisp-freeradius-1  | (56)   NAS-IP-Address = 192.168.1.100
docker-openwisp-freeradius-1  | (56)   NAS-Port = 0
docker-openwisp-freeradius-1  | (56)   NAS-Identifier = "192.168.1.100"
docker-openwisp-freeradius-1  | (56)   NAS-Port-Type = Wireless-802.11
docker-openwisp-freeradius-1  | (56)   Calling-Station-Id = "dadb914a5923"
docker-openwisp-freeradius-1  | (56)   Called-Station-Id = "04bd88c95ff0"
docker-openwisp-freeradius-1  | (56)   Service-Type = Login-User
docker-openwisp-freeradius-1  | (56)   Framed-MTU = 1100
docker-openwisp-freeradius-1  | (56)   EAP-Message = 0x020900061900
docker-openwisp-freeradius-1  | (56)   State = 0x9163d5c4966acc8246ef01f5c3c072fb
docker-openwisp-freeradius-1  | (56)   Aruba-Essid-Name = "radius"
docker-openwisp-freeradius-1  | (56)   Aruba-Location-Id = "04:bd:88:c9:5f:f0"
docker-openwisp-freeradius-1  | (56)   Aruba-AP-Group = "SetMeUp-C9:5F:F0"
docker-openwisp-freeradius-1  | (56)   Aruba-Device-Type = "NOFP"
docker-openwisp-freeradius-1  | (56)   Message-Authenticator = 0xbad8b8055384c7fdc0352450c3e1cc27
docker-openwisp-freeradius-1  | (56) Restoring &session-state
docker-openwisp-freeradius-1  | (56)   &session-state:Framed-MTU = 1004
docker-openwisp-freeradius-1  | (56)   &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1  | (56)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1  | (56)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1  | (56)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1  | (56)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1  | (56)   &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange"
docker-openwisp-freeradius-1  | (56)   &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1  | (56)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec"
docker-openwisp-freeradius-1  | (56)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1  | (56)   &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
docker-openwisp-freeradius-1  | (56)   &session-state:TLS-Session-Version = "TLS 1.2"
docker-openwisp-freeradius-1  | (56) # Executing section authorize from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (56)   authorize {
docker-openwisp-freeradius-1  | (56) eap-org_a: Peer sent EAP Response (code 2) ID 9 length 6
docker-openwisp-freeradius-1  | (56) eap-org_a: Continuing tunnel setup
docker-openwisp-freeradius-1  | (56)     [eap-org_a] = ok
docker-openwisp-freeradius-1  | (56)   } # authorize = ok
docker-openwisp-freeradius-1  | (56) Found Auth-Type = eap-org_a
docker-openwisp-freeradius-1  | (56) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (56)   Auth-Type eap-org_a {
docker-openwisp-freeradius-1  | (56) eap-org_a: Expiring EAP session with state 0x9163d5c4966acc82
docker-openwisp-freeradius-1  | (56) eap-org_a: Finished EAP session with state 0x9163d5c4966acc82
docker-openwisp-freeradius-1  | (56) eap-org_a: Previous EAP request found for state 0x9163d5c4966acc82, released from the list
docker-openwisp-freeradius-1  | (56) eap-org_a: Peer sent packet with method EAP PEAP (25)
docker-openwisp-freeradius-1  | (56) eap-org_a: Calling submodule eap_peap to process data
docker-openwisp-freeradius-1  | (56) eap_peap: (TLS) Peer ACKed our handshake fragment.  handshake is finished
docker-openwisp-freeradius-1  | (56) eap_peap: Session established.  Decoding tunneled attributes
docker-openwisp-freeradius-1  | (56) eap_peap: PEAP state TUNNEL ESTABLISHED
docker-openwisp-freeradius-1  | (56) eap-org_a: Sending EAP Request (code 1) ID 10 length 40
docker-openwisp-freeradius-1  | (56) eap-org_a: EAP session adding &reply:State = 0x9163d5c49969cc82
docker-openwisp-freeradius-1  | (56)     [eap-org_a] = handled
docker-openwisp-freeradius-1  | (56)   } # Auth-Type eap-org_a = handled
docker-openwisp-freeradius-1  | (56) Using Post-Auth-Type Challenge
docker-openwisp-freeradius-1  | (56) Post-Auth-Type sub-section not found.  Ignoring.
docker-openwisp-freeradius-1  | (56) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (56) session-state: Saving cached attributes
docker-openwisp-freeradius-1  | (56)   Framed-MTU = 1004
docker-openwisp-freeradius-1  | (56)   TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1  | (56)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1  | (56)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1  | (56)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1  | (56)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1  | (56)   TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange"
docker-openwisp-freeradius-1  | (56)   TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1  | (56)   TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec"
docker-openwisp-freeradius-1  | (56)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1  | (56)   TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
docker-openwisp-freeradius-1  | (56)   TLS-Session-Version = "TLS 1.2"
docker-openwisp-freeradius-1  | (56) Sent Access-Challenge Id 169 from 172.18.0.13:1812 to 125.235.213.130:55823 length 98
docker-openwisp-freeradius-1  | (56)   EAP-Message = 0x010a00281900170303001d8e2f8e6218f7b3c9052745b9f232bb35a07eff5c474c5709a0e72f2454
docker-openwisp-freeradius-1  | (56)   Message-Authenticator = 0x00000000000000000000000000000000
docker-openwisp-freeradius-1  | (56)   State = 0x9163d5c49969cc8246ef01f5c3c072fb
docker-openwisp-freeradius-1  | (56) Finished request
docker-openwisp-freeradius-1  | Waking up in 3.9 seconds.
docker-openwisp-freeradius-1  | (57) Received Access-Request Id 170 from 125.235.213.130:55823 to 172.18.0.13:1812 length 254
docker-openwisp-freeradius-1  | (57)   User-Name = "admin"
docker-openwisp-freeradius-1  | (57)   NAS-IP-Address = 192.168.1.100
docker-openwisp-freeradius-1  | (57)   NAS-Port = 0
docker-openwisp-freeradius-1  | (57)   NAS-Identifier = "192.168.1.100"
docker-openwisp-freeradius-1  | (57)   NAS-Port-Type = Wireless-802.11
docker-openwisp-freeradius-1  | (57)   Calling-Station-Id = "dadb914a5923"
docker-openwisp-freeradius-1  | (57)   Called-Station-Id = "04bd88c95ff0"
docker-openwisp-freeradius-1  | (57)   Service-Type = Login-User
docker-openwisp-freeradius-1  | (57)   Framed-MTU = 1100
docker-openwisp-freeradius-1  | (57)   EAP-Message = 0x020a00291900170303001e6061d917dfab46aeba5052c247414e125d4c533dc06a7418cbd66d1f36a6
docker-openwisp-freeradius-1  | (57)   State = 0x9163d5c49969cc8246ef01f5c3c072fb
docker-openwisp-freeradius-1  | (57)   Aruba-Essid-Name = "radius"
docker-openwisp-freeradius-1  | (57)   Aruba-Location-Id = "04:bd:88:c9:5f:f0"
docker-openwisp-freeradius-1  | (57)   Aruba-AP-Group = "SetMeUp-C9:5F:F0"
docker-openwisp-freeradius-1  | (57)   Aruba-Device-Type = "NOFP"
docker-openwisp-freeradius-1  | (57)   Message-Authenticator = 0xfaf2728bbcdccfdd876db9430285ebca
docker-openwisp-freeradius-1  | (57) Restoring &session-state
docker-openwisp-freeradius-1  | (57)   &session-state:Framed-MTU = 1004
docker-openwisp-freeradius-1  | (57)   &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1  | (57)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1  | (57)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1  | (57)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1  | (57)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1  | (57)   &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange"
docker-openwisp-freeradius-1  | (57)   &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1  | (57)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec"
docker-openwisp-freeradius-1  | (57)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1  | (57)   &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
docker-openwisp-freeradius-1  | (57)   &session-state:TLS-Session-Version = "TLS 1.2"
docker-openwisp-freeradius-1  | (57) # Executing section authorize from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (57)   authorize {
docker-openwisp-freeradius-1  | (57) eap-org_a: Peer sent EAP Response (code 2) ID 10 length 41
docker-openwisp-freeradius-1  | (57) eap-org_a: Continuing tunnel setup
docker-openwisp-freeradius-1  | (57)     [eap-org_a] = ok
docker-openwisp-freeradius-1  | (57)   } # authorize = ok
docker-openwisp-freeradius-1  | (57) Found Auth-Type = eap-org_a
docker-openwisp-freeradius-1  | (57) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (57)   Auth-Type eap-org_a {
docker-openwisp-freeradius-1  | (57) eap-org_a: Expiring EAP session with state 0x9163d5c49969cc82
docker-openwisp-freeradius-1  | (57) eap-org_a: Finished EAP session with state 0x9163d5c49969cc82
docker-openwisp-freeradius-1  | (57) eap-org_a: Previous EAP request found for state 0x9163d5c49969cc82, released from the list
docker-openwisp-freeradius-1  | (57) eap-org_a: Peer sent packet with method EAP PEAP (25)
docker-openwisp-freeradius-1  | (57) eap-org_a: Calling submodule eap_peap to process data
docker-openwisp-freeradius-1  | (57) eap_peap: (TLS) EAP Done initial handshake
docker-openwisp-freeradius-1  | (57) eap_peap: Session established.  Decoding tunneled attributes
docker-openwisp-freeradius-1  | (57) eap_peap: PEAP state WAITING FOR INNER IDENTITY
docker-openwisp-freeradius-1  | (57) eap_peap: Identity - admin
docker-openwisp-freeradius-1  | (57) eap_peap: Got inner identity 'admin'
docker-openwisp-freeradius-1  | (57) eap_peap: Setting default EAP type for tunneled EAP session
docker-openwisp-freeradius-1  | (57) eap_peap: Got tunneled request
docker-openwisp-freeradius-1  | (57) eap_peap:   EAP-Message = 0x020a000a0161646d696e
docker-openwisp-freeradius-1  | (57) eap_peap: Setting User-Name to admin
docker-openwisp-freeradius-1  | (57) eap_peap: Sending tunneled request to inner-tunnel_org_a
docker-openwisp-freeradius-1  | (57) eap_peap:   EAP-Message = 0x020a000a0161646d696e
docker-openwisp-freeradius-1  | (57) eap_peap:   FreeRADIUS-Proxied-To = 127.0.0.1
docker-openwisp-freeradius-1  | (57) eap_peap:   User-Name = "admin"
docker-openwisp-freeradius-1  | (57) Virtual server inner-tunnel_org_a received request
docker-openwisp-freeradius-1  | (57)   EAP-Message = 0x020a000a0161646d696e
docker-openwisp-freeradius-1  | (57)   FreeRADIUS-Proxied-To = 127.0.0.1
docker-openwisp-freeradius-1  | (57)   User-Name = "admin"
docker-openwisp-freeradius-1  | (57) WARNING: Outer and inner identities are the same.  User privacy is compromised.
docker-openwisp-freeradius-1  | (57) server inner-tunnel_org_a {
docker-openwisp-freeradius-1  | (57)   # Executing section authorize from file /opt/etc/raddb/sites-enabled/inner-tunnel
docker-openwisp-freeradius-1  | (57)     authorize {
docker-openwisp-freeradius-1  | (57)       policy filter_username {
docker-openwisp-freeradius-1  | (57)         if (&User-Name) {
docker-openwisp-freeradius-1  | (57)         if (&User-Name)  -> TRUE
docker-openwisp-freeradius-1  | (57)         if (&User-Name)  {
docker-openwisp-freeradius-1  | (57)           if (&User-Name =~ / /) {
docker-openwisp-freeradius-1  | (57)           if (&User-Name =~ / /)  -> FALSE
docker-openwisp-freeradius-1  | (57)           if (&User-Name =~ /@[^@]*@/ ) {
docker-openwisp-freeradius-1  | (57)           if (&User-Name =~ /@[^@]*@/ )  -> FALSE
docker-openwisp-freeradius-1  | (57)           if (&User-Name =~ /\.\./ ) {
docker-openwisp-freeradius-1  | (57)           if (&User-Name =~ /\.\./ )  -> FALSE
docker-openwisp-freeradius-1  | (57)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
docker-openwisp-freeradius-1  | (57)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
docker-openwisp-freeradius-1  | (57)           if (&User-Name =~ /\.$/)  {
docker-openwisp-freeradius-1  | (57)           if (&User-Name =~ /\.$/)   -> FALSE
docker-openwisp-freeradius-1  | (57)           if (&User-Name =~ /@\./)  {
docker-openwisp-freeradius-1  | (57)           if (&User-Name =~ /@\./)   -> FALSE
docker-openwisp-freeradius-1  | (57)         } # if (&User-Name)  = notfound
docker-openwisp-freeradius-1  | (57)       } # policy filter_username = notfound
docker-openwisp-freeradius-1  | (57)       update control {
docker-openwisp-freeradius-1  | (57)         &REST-HTTP-Header += "Authorization: Bearer 97dca65c-d074-433a-bae5-4e5f030f741e tGW29mwRo9K0SJc16S2Wl7osC8HcTtbt"
docker-openwisp-freeradius-1  | (57)       } # update control = noop
docker-openwisp-freeradius-1  | rlm_rest (rest): Reserved connection (8)
docker-openwisp-freeradius-1  | (57) rest: Expanding URI components
docker-openwisp-freeradius-1  | (57) rest: EXPAND http://api.internal
docker-openwisp-freeradius-1  | (57) rest:    --> http://api.internal
docker-openwisp-freeradius-1  | (57) rest: EXPAND /api/v1/freeradius/authorize/
docker-openwisp-freeradius-1  | (57) rest:    --> /api/v1/freeradius/authorize/
docker-openwisp-freeradius-1  | (57) rest: Sending HTTP POST to "http://api.internal/api/v1/freeradius/authorize/"
docker-openwisp-freeradius-1  | (57) rest: EXPAND {"username": "%{User-Name}", "password": "%{User-Password}"}
docker-openwisp-freeradius-1  | (57) rest:    --> {"username": "admin", "password": ""}
docker-openwisp-freeradius-1  | (57) rest: Processing response header
docker-openwisp-freeradius-1  | (57) rest:   Status : 400 (Bad Request)
docker-openwisp-freeradius-1  | (57) rest:   Type   : json (application/json)
docker-openwisp-freeradius-1  | (57) rest: Adding reply:REST-HTTP-Status-Code = "400"
docker-openwisp-freeradius-1  | (57) rest: ERROR: Server returned:
docker-openwisp-freeradius-1  | (57) rest: ERROR: {"password":["This field may not be blank."]}
docker-openwisp-freeradius-1  | rlm_rest (rest): Released connection (8)
docker-openwisp-freeradius-1  | Need 3 more connections to reach min connections (5)
docker-openwisp-freeradius-1  | Need more connections to reach 3 spares
docker-openwisp-freeradius-1  | rlm_rest (rest): Opening additional connection (9), 1 of 8 pending slots used
docker-openwisp-freeradius-1  | rlm_rest (rest): Connecting to "http://api.internal/api/v1/freeradius"
docker-openwisp-freeradius-1  | rlm_rest (rest): You probably need to lower "min"
docker-openwisp-freeradius-1  | rlm_rest (rest): Closing expired connection (6) - Hit idle_timeout limit
docker-openwisp-freeradius-1  | (57)       [rest] = invalid
docker-openwisp-freeradius-1  | (57)     } # authorize = invalid
docker-openwisp-freeradius-1  | (57)   Invalid user (rest: Server returned:): [admin/<no User-Password attribute>] (from client localhost port 0 via TLS tunnel)
docker-openwisp-freeradius-1  | (57)   Using Post-Auth-Type Reject
docker-openwisp-freeradius-1  | (57)   Post-Auth-Type sub-section not found.  Ignoring.
docker-openwisp-freeradius-1  | (57)   Login incorrect (rest: Server returned:): [admin/<no User-Password attribute>] (from client localhost port 0 via TLS tunnel)
docker-openwisp-freeradius-1  | (57) } # server inner-tunnel_org_a
docker-openwisp-freeradius-1  | (57) Virtual server sending reply
docker-openwisp-freeradius-1  | (57)   REST-HTTP-Status-Code := 400
docker-openwisp-freeradius-1  | (57) eap_peap: Got tunneled reply code 3
docker-openwisp-freeradius-1  | (57) eap_peap:   REST-HTTP-Status-Code := 400
docker-openwisp-freeradius-1  | (57) eap_peap: Got tunneled reply RADIUS code 3
docker-openwisp-freeradius-1  | (57) eap_peap:   REST-HTTP-Status-Code := 400
docker-openwisp-freeradius-1  | (57) eap_peap: Tunneled authentication was rejected
docker-openwisp-freeradius-1  | (57) eap_peap: FAILURE
docker-openwisp-freeradius-1  | (57) eap-org_a: Sending EAP Request (code 1) ID 11 length 46
docker-openwisp-freeradius-1  | (57) eap-org_a: EAP session adding &reply:State = 0x9163d5c49868cc82
docker-openwisp-freeradius-1  | (57)     [eap-org_a] = handled
docker-openwisp-freeradius-1  | (57)   } # Auth-Type eap-org_a = handled
docker-openwisp-freeradius-1  | (57) Using Post-Auth-Type Challenge
docker-openwisp-freeradius-1  | (57) Post-Auth-Type sub-section not found.  Ignoring.
docker-openwisp-freeradius-1  | (57) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (57) session-state: Saving cached attributes
docker-openwisp-freeradius-1  | (57)   Framed-MTU = 1004
docker-openwisp-freeradius-1  | (57)   TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1  | (57)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1  | (57)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1  | (57)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1  | (57)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1  | (57)   TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange"
docker-openwisp-freeradius-1  | (57)   TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1  | (57)   TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec"
docker-openwisp-freeradius-1  | (57)   TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1  | (57)   TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
docker-openwisp-freeradius-1  | (57)   TLS-Session-Version = "TLS 1.2"
docker-openwisp-freeradius-1  | (57) Sent Access-Challenge Id 170 from 172.18.0.13:1812 to 125.235.213.130:55823 length 104
docker-openwisp-freeradius-1  | (57)   EAP-Message = 0x010b002e190017030300238e2f8e6218f7b3ca11ac010d3cc73f4ab19b57aedcba60ace0c174734bbb6c1a3fc2da
docker-openwisp-freeradius-1  | (57)   Message-Authenticator = 0x00000000000000000000000000000000
docker-openwisp-freeradius-1  | (57)   State = 0x9163d5c49868cc8246ef01f5c3c072fb
docker-openwisp-freeradius-1  | (57) Finished request
docker-openwisp-freeradius-1  | Waking up in 3.7 seconds.
docker-openwisp-freeradius-1  | (58) Received Access-Request Id 171 from 125.235.213.130:55823 to 172.18.0.13:1812 length 259
docker-openwisp-freeradius-1  | (58)   User-Name = "admin"
docker-openwisp-freeradius-1  | (58)   NAS-IP-Address = 192.168.1.100
docker-openwisp-freeradius-1  | (58)   NAS-Port = 0
docker-openwisp-freeradius-1  | (58)   NAS-Identifier = "192.168.1.100"
docker-openwisp-freeradius-1  | (58)   NAS-Port-Type = Wireless-802.11
docker-openwisp-freeradius-1  | (58)   Calling-Station-Id = "dadb914a5923"
docker-openwisp-freeradius-1  | (58)   Called-Station-Id = "04bd88c95ff0"
docker-openwisp-freeradius-1  | (58)   Service-Type = Login-User
docker-openwisp-freeradius-1  | (58)   Framed-MTU = 1100
docker-openwisp-freeradius-1  | (58)   EAP-Message = 0x020b002e190017030300236061d917dfab46af4a79c6db2d6c16dee6638000f406c54c3f779fd94eaa790fece3b6
docker-openwisp-freeradius-1  | (58)   State = 0x9163d5c49868cc8246ef01f5c3c072fb
docker-openwisp-freeradius-1  | (58)   Aruba-Essid-Name = "radius"
docker-openwisp-freeradius-1  | (58)   Aruba-Location-Id = "04:bd:88:c9:5f:f0"
docker-openwisp-freeradius-1  | (58)   Aruba-AP-Group = "SetMeUp-C9:5F:F0"
docker-openwisp-freeradius-1  | (58)   Aruba-Device-Type = "NOFP"
docker-openwisp-freeradius-1  | (58)   Message-Authenticator = 0x17164e24b5881f375269915f0554d1d6
docker-openwisp-freeradius-1  | (58) Restoring &session-state
docker-openwisp-freeradius-1  | (58)   &session-state:Framed-MTU = 1004
docker-openwisp-freeradius-1  | (58)   &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
docker-openwisp-freeradius-1  | (58)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
docker-openwisp-freeradius-1  | (58)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
docker-openwisp-freeradius-1  | (58)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
docker-openwisp-freeradius-1  | (58)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
docker-openwisp-freeradius-1  | (58)   &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange"
docker-openwisp-freeradius-1  | (58)   &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1  | (58)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec"
docker-openwisp-freeradius-1  | (58)   &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished"
docker-openwisp-freeradius-1  | (58)   &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
docker-openwisp-freeradius-1  | (58)   &session-state:TLS-Session-Version = "TLS 1.2"
docker-openwisp-freeradius-1  | (58) # Executing section authorize from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (58)   authorize {
docker-openwisp-freeradius-1  | (58) eap-org_a: Peer sent EAP Response (code 2) ID 11 length 46
docker-openwisp-freeradius-1  | (58) eap-org_a: Continuing tunnel setup
docker-openwisp-freeradius-1  | (58)     [eap-org_a] = ok
docker-openwisp-freeradius-1  | (58)   } # authorize = ok
docker-openwisp-freeradius-1  | (58) Found Auth-Type = eap-org_a
docker-openwisp-freeradius-1  | (58) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (58)   Auth-Type eap-org_a {
docker-openwisp-freeradius-1  | (58) eap-org_a: Expiring EAP session with state 0x9163d5c49868cc82
docker-openwisp-freeradius-1  | (58) eap-org_a: Finished EAP session with state 0x9163d5c49868cc82
docker-openwisp-freeradius-1  | (58) eap-org_a: Previous EAP request found for state 0x9163d5c49868cc82, released from the list
docker-openwisp-freeradius-1  | (58) eap-org_a: Peer sent packet with method EAP PEAP (25)
docker-openwisp-freeradius-1  | (58) eap-org_a: Calling submodule eap_peap to process data
docker-openwisp-freeradius-1  | (58) eap_peap: (TLS) EAP Done initial handshake
docker-openwisp-freeradius-1  | (58) eap_peap: Session established.  Decoding tunneled attributes
docker-openwisp-freeradius-1  | (58) eap_peap: PEAP state send tlv failure
docker-openwisp-freeradius-1  | (58) eap_peap: Received EAP-TLV response
docker-openwisp-freeradius-1  | (58) eap_peap:   ERROR: The users session was previously rejected: returning reject (again.)
docker-openwisp-freeradius-1  | (58) eap_peap:   This means you need to read the PREVIOUS messages in the debug output
docker-openwisp-freeradius-1  | (58) eap_peap:   to find out the reason why the user was rejected
docker-openwisp-freeradius-1  | (58) eap_peap:   Look for "reject" or "fail".  Those earlier messages will tell you
docker-openwisp-freeradius-1  | (58) eap_peap:   what went wrong, and how to fix the problem
docker-openwisp-freeradius-1  | (58) eap-org_a: ERROR: Failed continuing EAP PEAP (25) session.  EAP sub-module failed
docker-openwisp-freeradius-1  | (58) eap-org_a: Sending EAP Failure (code 4) ID 11 length 4
docker-openwisp-freeradius-1  | (58) eap-org_a: Failed in EAP select
docker-openwisp-freeradius-1  | (58)     [eap-org_a] = invalid
docker-openwisp-freeradius-1  | (58)   } # Auth-Type eap-org_a = invalid
docker-openwisp-freeradius-1  | (58) Failed to authenticate the user
docker-openwisp-freeradius-1  | (58) Using Post-Auth-Type Reject
docker-openwisp-freeradius-1  | (58) # Executing group from file /opt/etc/raddb/sites-enabled/default
docker-openwisp-freeradius-1  | (58)   Post-Auth-Type REJECT {
docker-openwisp-freeradius-1  | (58)     update control {
docker-openwisp-freeradius-1  | (58)       &REST-HTTP-Header += "Authorization: Bearer 97dca65c-d074-433a-bae5-4e5f030f741e tGW29mwRo9K0SJc16S2Wl7osC8HcTtbt"
docker-openwisp-freeradius-1  | (58)     } # update control = noop
docker-openwisp-freeradius-1  | rlm_rest (rest): Reserved connection (8)
docker-openwisp-freeradius-1  | (58) rest: Expanding URI components
docker-openwisp-freeradius-1  | (58) rest: EXPAND http://api.internal
docker-openwisp-freeradius-1  | (58) rest:    --> http://api.internal
docker-openwisp-freeradius-1  | (58) rest: EXPAND /api/v1/freeradius/postauth/
docker-openwisp-freeradius-1  | (58) rest:    --> /api/v1/freeradius/postauth/
docker-openwisp-freeradius-1  | (58) rest: Sending HTTP POST to "http://api.internal/api/v1/freeradius/postauth/"
docker-openwisp-freeradius-1  | (58) rest: EXPAND {"username": "%{User-Name}", "password": "%{User-Password}", "reply": "%{reply:Packet-Type}", "called_station_id": "%{Called-Station-ID}", "calling_station_id": "%{Calling-Station-ID}"}
docker-openwisp-freeradius-1  | (58) rest:    --> {"username": "admin", "password": "", "reply": "Access-Reject", "called_station_id": "04bd88c95ff0", "calling_station_id": "dadb914a5923"}
docker-openwisp-freeradius-1  | (58) rest: Processing response header
docker-openwisp-freeradius-1  | (58) rest:   Status : 201 (Created)
docker-openwisp-freeradius-1  | (58) rest: Adding reply:REST-HTTP-Status-Code = "201"
docker-openwisp-freeradius-1  | (58) rest: Skipping attribute processing, no valid body data received
docker-openwisp-freeradius-1  | rlm_rest (rest): Released connection (8)
docker-openwisp-freeradius-1  | (58)     [rest] = ok
docker-openwisp-freeradius-1  | (58)   } # Post-Auth-Type REJECT = ok
docker-openwisp-freeradius-1  | (58) Login incorrect (eap_peap: The users session was previously rejected: returning reject (again.)): [admin/<via Auth-Type = eap-org_a>] (from client localhost port 0 cli dadb914a5923)
docker-openwisp-freeradius-1  | (58) Delaying response for 1.000000 seconds
docker-openwisp-freeradius-1  | Waking up in 0.3 seconds.
docker-openwisp-freeradius-1  | Waking up in 0.6 seconds.
docker-openwisp-freeradius-1  | (58) Sending delayed response
docker-openwisp-freeradius-1  | (58) Sent Access-Reject Id 171 from 172.18.0.13:1812 to 125.235.213.130:55823 length 44
docker-openwisp-freeradius-1  | (58)   EAP-Message = 0x040b0004
docker-openwisp-freeradius-1  | (58)   Message-Authenticator = 0x00000000000000000000000000000000
toanalien commented 1 year ago

I checked again and see that MacOS and iOS use PEAP-mschapv2 as default authentication method. I created a Profile via Apple Configurator and apply EAP-TTLS method, it works.

nemesifier commented 1 year ago

I guess we can close this then.

toanalien commented 1 year ago

Hello @nemesisdesign,

Problem has not been resolved. I just changed authentication method from PEAP-mschapv2 to EAP-TTLS but I must create custom Profile by Apple Configurator and install to each device.

How I config default method authentication PEAP-mschapv2 in FreeRadius and integrate with OpenWisp, if you have tutorial, please give me one.

Thank you!