zasquash Posté(e) le 25 mai 2009 Partager Posté(e) le 25 mai 2009 Bonjour à tous Je souhaite depuis un certain temps de configurer un serveur radius ainsi FreeRadius + EAP-TTLS/PAP LDAP avec VLAN Dynamique. J'utilise Freeradius 2.1.5 patch depuis les sources et packager sous debian. Debian 5.01 Hostapd 0.5.9 Ldap 2.1.3 xsupplicant 1.2.4 orig J'ai déjà réussi a configurer le freeradius en mode EAP-TLS / LDAP Tout fonctionnait correctement. Maintenant je souhaite FreeRadius + EAP-TTLS/PAP LDAP avec VLAN Dynamique. Voici les logs: FREERADIUS: FreeRADIUS Version 2.1.5, for host i486-pc-linux-gnu, built on Apr 6 2009 at 18:58:22 Copyright © 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/ttls-eap including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/inner-tunnel including configuration file /etc/freeradius/sites-enabled/control-socket group = freerad user = freerad including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = no pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = no log { stripped_names = yes auth = yes auth_badpass = yes auth_goodpass = yes } security { max_attributes = 0 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 require_message_authenticator = no zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 irt = 2 mrt = 16 mrc = 5 mrd = 30 } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client 127.0.0.1 { require_message_authenticator = no secret = "testing123" shortname = "nas" nastype = "other" } client 172.168.1.1 { require_message_authenticator = yes secret = "testing123" shortname = "nas" nastype = "other" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating expr } radiusd: #### Loading Virtual Servers #### server inner-tunnel { modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = "clear" auto_header = no } Module: Linked to module rlm_ldap Module: Instantiating openldap ldap openldap { server = "127.0.0.1" port = 389 password = "" identity = "" net_timeout = 5 timeout = 5 timelimit = 5 tls_mode = no start_tls = no tls_require_cert = "allow" tls { start_tls = no require_cert = "allow" } basedn = "dc=thales,dc=com" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" base_filter = "(objectclass=inetorgperson)" auto_header = no access_attr_used_for_allow = yes groupname_attribute = "cn" groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" dictionary_mapping = "/etc/freeradius/ldap.attrmap" ldap_debug = 0 ldap_connections_number = 5 compare_check_items = no do_xlat = yes edir_account_policy_check = no set_auth_type = no } rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Creating new attribute openldap-Ldap-Group rlm_ldap: Registering ldap_groupcmp for openldap-Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name openldap rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message conns: 0x9e20568 Module: Linked to module rlm_eap Module: Instantiating eap eap { default_eap_type = "ttls" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 2048 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "password" auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = no rsa_key_length = 1024 dh_key_length = 1024 verify_depth = 1 pem_file_type = yes private_key_file = "/etc/freeradius/certs/server.key" certificate_file = "/etc/freeradius/certs/server.pem" CA_file = "/etc/freeradius/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/freeradius/certs/dh" random_file = "/etc/freeradius/certs/random" fragment_size = 1024 include_length = yes check_crl = no check_cert_cn = "%{User-Name}" make_cert_command = "/etc/freeradius/certs/bootstrap" cache { enable = no lifetime = 24 max_entries = 255 } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "gtc" copy_request_to_tunnel = yes use_tunneled_reply = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_expiration Module: Instantiating expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_attr_filter Module: Instantiating attr_filter.access_reject attr_filter attr_filter.access_reject { attrsfile = "/etc/freeradius/attrs.access_reject" key = "%{User-Name}" } } } modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating preprocess preprocess { huntgroups = "/etc/freeradius/huntgroups" hints = "/etc/freeradius/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Linked to module rlm_detail Module: Instantiating auth_log detail auth_log { detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module: Linked to module rlm_realm Module: Instantiating suffix realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating files files { usersfile = "/etc/freeradius/users" acctusersfile = "/etc/freeradius/acct_users" preproxy_usersfile = "/etc/freeradius/preproxy_users" compat = "no" } Module: Checking accounting {...} for more modules to load Module: Instantiating detail detail { detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_unix Module: Instantiating unix unix { radwtmp = "/var/log/freeradius/radwtmp" } Module: Instantiating attr_filter.accounting_response attr_filter attr_filter.accounting_response { attrsfile = "/etc/freeradius/attrs.accounting_response" key = "%{User-Name}" } Module: Checking session {...} for more modules to load Module: Checking post-auth {...} for more modules to load } radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = 172.168.1.254 port = 1812 } listen { type = "control" listen { socket = "/var/run/freeradius/freeradius.sock" } } Listening on authentication address 172.168.1.254 port 1812 Listening on command file /var/run/freeradius/freeradius.sock Ready to process requests. rad_recv: Access-Request packet from host 172.168.1.1 port 34141, id=0, length=145 User-Name = "test" NAS-IP-Address = 172.168.1.1 NAS-Identifier = "nas" NAS-Port = 0 Called-Station-Id = "00-1E-90-9D-DA-65:" Calling-Station-Id = "00-1C-25-CB-69-64" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020100090174657374 Message-Authenticator = 0x8cfb79126134288476a9213bbe5b1482 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.168.1.1/auth-detail-20090525 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.168.1.1/auth-detail-20090525 [auth_log] expand: %t -> Mon May 25 14:50:46 2009 ++[auth_log] returns ok [eap] EAP packet type response id 1 length 9 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [openldap] performing user authorization for test [openldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [openldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=test) [openldap] expand: dc=thales,dc=com -> dc=thales,dc=com rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 127.0.0.1:389, authentication 0 rlm_ldap: bind as / to 127.0.0.1:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=thales,dc=com, with filter (uid=test) [openldap] No default NMAS login sequence [openldap] looking for check items in directory... [openldap] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [openldap] user test authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[openldap] returns ok ++[expiration] returns noop ++[logintime] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 0 to 172.168.1.1 port 34141 EAP-Message = 0x010200061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x47ddcbe847dfdebd14cb1c72c057a598 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.168.1.1 port 34141, id=1, length=257 User-Name = "test" NAS-IP-Address = 172.168.1.1 NAS-Identifier = "nas" NAS-Port = 0 Called-Station-Id = "00-1E-90-9D-DA-65:" Calling-Station-Id = "00-1C-25-CB-69-64" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0202006715800000005d16030100580100005403014a1aae6d8881711bb11d6e87ed9df15e0b60 34142a9d505ce696af4b6fb47ee100002600390038003500160013000a00330032002f00050004001 50012000900140011000800060003020100000400230000 State = 0x47ddcbe847dfdebd14cb1c72c057a598 Message-Authenticator = 0x999036d840ebc6a79fb4133da0b0012a +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.168.1.1/auth-detail-20090525 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.168.1.1/auth-detail-20090525 [auth_log] expand: %t -> Mon May 25 14:50:46 2009 ++[auth_log] returns ok [eap] EAP packet type response id 2 length 103 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 93 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< TLS 1.0 Handshake [length 0058], ClientHello [ttls] TLS_accept: SSLv3 read client hello A [ttls] >>> TLS 1.0 Handshake [length 0030], ServerHello [ttls] TLS_accept: SSLv3 write server hello A [ttls] >>> TLS 1.0 Handshake [length 082c], Certificate [ttls] TLS_accept: SSLv3 write certificate A [ttls] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange [ttls] TLS_accept: SSLv3 write key exchange A [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [ttls] TLS_accept: SSLv3 write server done A [ttls] TLS_accept: SSLv3 flush data [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 1 to 172.168.1.1 port 34141 EAP-Message = 0x0103040015c000000a8116030100300200002c03014a1ab0467e0b5792dff3e3471ff9d3b47618 a9c3306b8bee0af1769d05d5be9e00003901000400230000160301082c0b000828000825000392308 2038e30820276a003020102020101300d06092a864886f70d0101040500308189310b300906035504 0613024652310f300d060355040813065261646975733112301006035504071309536f6d657768657 26531123010060355040a13095465737420496e632e311c301a06092a864886f70d010901160d5465 737440746573742e636f6d312330210603550403131a5465737420436572746966696361746520417 574686f72697479301e170d EAP-Message = 0x3039303532353133303235355a170d3130303532353133303235355a3072310b30090603550406 13024652310f300d0603550408130652616469757331123010060355040a13095465737420496e632 e3120301e060355040313175465737420536572766572204365727469666963617465311c301a0609 2a864886f70d010901160d5465737440746573742e636f6d30820122300d06092a864886f70d01010 105000382010f003082010a0282010100eb8333f4fcdc0ecac4e4062333d2ff5504318967ddbafd5d aad6bfce8cc917c580e7ebc9c44465866f59ed3eb421c810d3d50f8e1141d7258200e730b28a15a09 48bcc3f704a76efe306f9f7 EAP-Message = 0xd15f686643b391c246630479196ca5d391ddc0e11625dc3778542e3e204cab06a49682ddfa603a 1c205482c7505da685b47c7d1edff50a363a7ef4954649b69fbc9c4382fa21c890e99b5086c9d841a 004ca19a4b9381807ae1c2322accf508f8fd426a31cd946a39cec1f6285d212f051297e8ecc1cd459 487d772cd61392039b9942a0446003ac97ab5f4b02213bdec2ff867e0cbcde5bd01f2c0bc4fdeed22 ddd644e4e3c83d0bef985ce451ea7da54c80f7d0203010001a317301530130603551d25040c300a06 082b06010505070301300d06092a864886f70d01010405000382010100157d57a027118106529da2e 1df1f6e3cc2ee61c9b7907d EAP-Message = 0xd3c31dcfb5182bb2ba9f029af27f722079662fbbcd9557aac828d9aca889b51a29bdb4a2243bb8 71e5752de804c797adf06f36d64d4dc957dbba0e4360e4d1109d8fba0bb27bbc5fe06d396883e096e 90b29cffda7bfefa64632f31a1277cc79a871e48da1165dc6141b15ccc2c435f41ffe99945009a291 b3d5c94c1be43b15aae0531af6016c4e2d8d44f32981c5cfe578e0bce6df5fd019c291213de0fa5cf c99f98cdde68deb0aa7c63b039e7ca7584065d46c257c81d71a720a64562173ce09c2a4a974abc287 221f6c51ac2a5d0eaba9d51292bf1f8be47186be9b206dc4ee5905a939b0812c00048d30820489308 20371a003020102020900d1 EAP-Message = 0x72e6eb3365807d300d06092a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x47ddcbe846dedebd14cb1c72c057a598 Finished request 1. Going to the next request Waking up in 4.4 seconds. rad_recv: Access-Request packet from host 172.168.1.1 port 34141, id=2, length=160 User-Name = "test" NAS-IP-Address = 172.168.1.1 NAS-Identifier = "nas" NAS-Port = 0 Called-Station-Id = "00-1E-90-9D-DA-65:" Calling-Station-Id = "00-1C-25-CB-69-64" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020300061500 State = 0x47ddcbe846dedebd14cb1c72c057a598 Message-Authenticator = 0xb756837390e197bfafc6b487b4300878 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.168.1.1/auth-detail-20090525 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.168.1.1/auth-detail-20090525 [auth_log] expand: %t -> Mon May 25 14:50:46 2009 ++[auth_log] returns ok [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 2 to 172.168.1.1 port 34141 EAP-Message = 0x0104040015c000000a81864886f70d0101050500308189310b3009060355040613024652310f30 0d060355040813065261646975733112301006035504071309536f6d6577686572653112301006035 5040a13095465737420496e632e311c301a06092a864886f70d010901160d5465737440746573742e 636f6d312330210603550403131a5465737420436572746966696361746520417574686f726974793 01e170d3039303532353133303235355a170d3130303532353133303235355a308189310b30090603 55040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776 86572653112301006035504 EAP-Message = 0x0a13095465737420496e632e311c301a06092a864886f70d010901160d5465737440746573742e 636f6d312330210603550403131a5465737420436572746966696361746520417574686f726974793 0820122300d06092a864886f70d01010105000382010f003082010a0282010100e3d5489273e00c96 bbc4b0361e979ca1b96dd173d2bb435c7ad147ac796b54e8a5be5011ca7753d5e90346d12f3046f74 57c14c165af4e7c9b27a373b397b06569c4fc3f70f32dec42a333afc8ee2a42f79c8c673f03fcdf29 d635b3838eac56066975187d7854899d10fd3e2424610376517e3b2a6ddea5d237e97a068aa56e276 93919fcefbe88bd44af3d65 EAP-Message = 0x9f658d22c765a6401ded3dca605be94563084cc8f30d5f575c82a67dd83d9d5486f0b41953d38f b8aba7ec1d9fedc2a978dd4597111f037a9bb668c4986579abc6a14fbb647e5b2165eee4d3dda293b 414bab11b2b58515a56387e067aaf4c5c7af06ecc0091749ff6bee111873420429f7ca50203010001 a381f13081ee301d0603551d0e0416041465b582a2d1e3bf81d9087bdfd03434d1ca052a3b3081be0 603551d230481b63081b3801465b582a2d1e3bf81d9087bdfd03434d1ca052a3ba1818fa4818c3081 89310b3009060355040613024652310f300d060355040813065261646975733112301006035504071 309536f6d65776865726531 EAP-Message = 0x123010060355040a13095465737420496e632e311c301a06092a864886f70d010901160d546573 7440746573742e636f6d312330210603550403131a546573742043657274696669636174652041757 4686f72697479820900d172e6eb3365807d300c0603551d13040530030101ff300d06092a864886f7 0d01010505000382010100016af7b0a9b3e272df2c143b3767235aaffab7b0c24b68aea10a2a0d15f 2725d0babdd2707b2d1c2ff4570b938e11df4ad915aba9813402ec4929be3b0fc07d512bad7b07e4c f96338aefa8baa4ca5e46c5a4c66c57f3c67e0ac6829f2732ff27ca39f1b5b866ab1533f0bd5547a7 d212da410e6f2f148b42371 EAP-Message = 0x803ab77f54405027f6b6c0bc Message-Authenticator = 0x00000000000000000000000000000000 State = 0x47ddcbe845d9debd14cb1c72c057a598 Finished request 2. Going to the next request Waking up in 4.4 seconds. rad_recv: Access-Request packet from host 172.168.1.1 port 34141, id=3, length=160 User-Name = "test" NAS-IP-Address = 172.168.1.1 NAS-Identifier = "nas" NAS-Port = 0 Called-Station-Id = "00-1E-90-9D-DA-65:" Calling-Station-Id = "00-1C-25-CB-69-64" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020400061500 State = 0x47ddcbe845d9debd14cb1c72c057a598 Message-Authenticator = 0xb989eb3772f0f9735ec8a3783262ca72 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.168.1.1/auth-detail-20090525 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.168.1.1/auth-detail-20090525 [auth_log] expand: %t -> Mon May 25 14:50:46 2009 ++[auth_log] returns ok [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 3 to 172.168.1.1 port 34141 EAP-Message = 0x0105029f158000000a81949f633b3e27eff6c8a0e4664f6170b9671c73346e88a0a6cd86812f48 d30d9a9ac2b720b2f3ef36435a21f05e3b7f8984824ae84ba1b20687440f664331f6424eead0d487c 9aef565968277688cbc38364f5aafb891f65bbf3f537d0994bfb0718816ad5e36a6e54491c36b6910 780901e7e34c54ec7c929032160301020d0c0002090080d1aef86be9cc76061c1add1f95552757314 47a62b048a5dc3b67c8718cf93198b88fb9f8c7c3c56efc85eda68d944de9a03822e057d6e67c9bfa 1efb92349a4fe67b803d7420cfa43abc10561c7c3d66e41e9e7541ac7b89ea702bae74c1921883462 43b87a9a844e0bac2b6eeae EAP-Message = 0x493a5a48d6e588be9a31595eaefb25c50d8b00010200802ddacb6118c8756ddeda9c21f67f040b 91ba6c9fb07d2eb61dcfff337fb87138b442ebe71cdb6b1b2b64b711856de2dcd94bb26bc98b98cf8 152799b00877afd327fb7159e68ee200a045dcf3a05ecfe6d112240a0c506ff25f4b8483ecaef9c29 cf0ebaa3153ff0b1f929025079a1e41d935460ef8f68d17e9040dd619c7c230100cb244e08f235b04 202a8f2f16edb82af470bc07c40ae911b46d071eb20195bce69ffcb8d3397b597ff2093d1148478bc da9d3577381214ce1ea76695333ddc04823e2124f929d3d39df9908fb30c704fd03dcb3e5c42d4898 c9d2d9beedcc524da42936f EAP-Message = 0x52bf1cf511a7cf1b91a440c11bc5dad4eec6e6e108dbd31b92cf2463afa0d736193d26f32a685a 5838720e3981954d8039d1138fa96e871ae504026f0f121abadf685273d963b56b7a583c6d4801289 dbbc6c84fc70c8fa97d623a33f5605a5da46d9859c4a25ac32c296cd8aceff3a3e9ddebcf19ad7334 e068e20effe34a62bdc8035617ac5b6f5fb62291196ded2fdb65b428be838214df917090160301000 40e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x47ddcbe844d8debd14cb1c72c057a598 Finished request 3. Going to the next request Waking up in 4.3 seconds. rad_recv: Access-Request packet from host 172.168.1.1 port 34141, id=4, length=362 User-Name = "test" NAS-IP-Address = 172.168.1.1 NAS-Identifier = "nas" NAS-Port = 0 Called-Station-Id = "00-1E-90-9D-DA-65:" Calling-Station-Id = "00-1C-25-CB-69-64" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020500d01580000000c616030100861000008200804a1e5d67f955d597c81ca14812e063166b76 18e376e5b0f664bbc9c5c8f4936e887693f410f9e48a8483650ec0676e279bd65eac346b495083c6f 1f3a246795ceb642e9ec922870e25d30382a7fc362d55a6fabe5cd39a6023d76680d6e7b0c49cc3a9 3979c5b9b61b6fb85b2eacd727cf6d36ef2f5d59840926115876aca49f1403010001011603010030b eb6b03a7ca7bcdc8f7e7305aea5933399a3bb712ab46d29d7cdb5773dd6d9451ea830d5457dbb3893 0d45a6211cf9ec State = 0x47ddcbe844d8debd14cb1c72c057a598 Message-Authenticator = 0x7f59457bca9d2044bc0fd9187265710b +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.168.1.1/auth-detail-20090525 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.168.1.1/auth-detail-20090525 [auth_log] expand: %t -> Mon May 25 14:50:46 2009 ++[auth_log] returns ok [eap] EAP packet type response id 5 length 208 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 198 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange [ttls] TLS_accept: SSLv3 read client key exchange A [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] [ttls] <<< TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 read finished A [ttls] >>> TLS 1.0 Handshake [length 00aa]??? [ttls] TLS_accept: unknown state [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] [ttls] TLS_accept: SSLv3 write change cipher spec A [ttls] >>> TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 write finished A [ttls] TLS_accept: SSLv3 flush data [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 4 to 172.168.1.1 port 34141 EAP-Message = 0x010600f41580000000ea16030100aa040000a60000000000a093542c2081dfa38cc994d77f85c4 c12c4f0b456183e915a9a6eaf241c9f940ee640ceaa54ab361e9e80660dc2a1e4a4f754ff27557691 425c9eec1295252dab3f133bdf1b1049127eaa6cdedff1d355dfdf234a179999b1357853380730f4e d90e1815aa23a8621b085c3513e0076d582923bdc8239c39caef4693957f384c0e4ac08f74c839bfa b58f1f9c85f8ef9cc73cc01195b67b5c51894412492391c9f1403010001011603010030122a6ce734 c24f425b0ce16ff1eb9e04af15ff56cfb284d133a9d77bfe84a9d2073bf7fd488d4a2c4f34091a655 eb6d3 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x47ddcbe843dbdebd14cb1c72c057a598 Finished request 4. Going to the next request Waking up in 4.1 seconds. rad_recv: Access-Request packet from host 172.168.1.1 port 34141, id=5, length=160 User-Name = "test" NAS-IP-Address = 172.168.1.1 NAS-Identifier = "nas" NAS-Port = 0 Called-Station-Id = "00-1E-90-9D-DA-65:" Calling-Station-Id = "00-1C-25-CB-69-64" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020600061500 State = 0x47ddcbe843dbdebd14cb1c72c057a598 Message-Authenticator = 0x25c75e2b6914dab9556dec0e930c66a4 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.168.1.1/auth-detail-20090525 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.168.1.1/auth-detail-20090525 [auth_log] expand: %t -> Mon May 25 14:50:47 2009 ++[auth_log] returns ok [eap] EAP packet type response id 6 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake is finished [ttls] eaptls_verify returned 3 [ttls] eaptls_process returned 3 ++[eap] returns handled Sending Access-Challenge of id 5 to 172.168.1.1 port 34141 EAP-Message = 0x0107000a158000000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x47ddcbe842dadebd14cb1c72c057a598 Finished request 5. Going to the next request Waking up in 4.1 seconds. rad_recv: Access-Request packet from host 172.168.1.1 port 34141, id=6, length=229 User-Name = "test" NAS-IP-Address = 172.168.1.1 NAS-Identifier = "nas" NAS-Port = 0 Called-Station-Id = "00-1E-90-9D-DA-65:" Calling-Station-Id = "00-1C-25-CB-69-64" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0207004b15001703010040f1b0106a8c808cf15e72046622af830a338f54b17cc5818538ff8f6f 9cc4b8703116cf93fa4a65ac19f4e90a4c88d5060d62d0fcbb82b30ad3bd8f16ea1c4f06 State = 0x47ddcbe842dadebd14cb1c72c057a598 Message-Authenticator = 0xf874160dbc3dcbeb097c662fccb2db69 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.168.1.1/auth-detail-20090525 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.168.1.1/auth-detail-20090525 [auth_log] expand: %t -> Mon May 25 14:50:47 2009 ++[auth_log] returns ok [eap] EAP packet type response id 7 length 75 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] >>> TLS 1.0 Alert [length 0002], fatal bad_record_mac TLS Alert write:fatal:bad record mac [ttls] SSL_read Error [ttls] eaptls_process returned 4 [eap] Handler failed in EAP/ttls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Login incorrect: [test/<via Auth-Type = EAP>] (from client nas port 0 cli 00-1C-25-CB-69-64) Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> test attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 6 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 6 Sending Access-Reject of id 6 to 172.168.1.1 port 34141 EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.1 seconds. Cleaning up request 0 ID 0 with timestamp +4 Waking up in 0.5 seconds. Cleaning up request 1 ID 1 with timestamp +4 Cleaning up request 2 ID 2 with timestamp +4 Cleaning up request 3 ID 3 with timestamp +4 Waking up in 0.2 seconds. Cleaning up request 4 ID 4 with timestamp +4 Cleaning up request 5 ID 5 with timestamp +5 Waking up in 1.0 seconds. Cleaning up request 6 ID 6 with timestamp +5 Ready to process requests. HOSTAPD Configuration file: /etc/hostapd/hostapd.conf ctrl_interface_group=0 eapol_version=2 Opening raw packet socket for ifindex 3 BSS count 1, BSSID mask ff:ff:ff:ff:ff:ff (0 bits) eth0: IEEE 802.11 Fetching hardware channel/rate support not supported. Flushing old station entries Deauthenticate all stations Using interface eth0 with hwaddr 00:1e:90:9d:da:65 and ssid '' eth0: RADIUS Authentication server 172.168.1.254:1812 eth0: Setup of interface done. Received EAPOL packet Data frame from unknown STA 00:1c:25:cb:69:64 - adding a new STA New STA eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: start authentication IEEE 802.1X: 00:1c:25:cb:69:64 AUTH_PAE entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 BE_AUTH entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 AUTH_KEY_TX entering state NO_KEY_TRANSMIT IEEE 802.1X: 00:1c:25:cb:69:64 KEY_RX entering state NO_KEY_RECEIVE IEEE 802.1X: 00:1c:25:cb:69:64 CTRL_DIR entering state IN_OR_BOTH IEEE 802.1X: 00:1c:25:cb:69:64 AUTH_PAE entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 BE_AUTH entering state IDLE IEEE 802.1X: 00:1c:25:cb:69:64 KEY_RX entering state NO_KEY_RECEIVE IEEE 802.1X: 00:1c:25:cb:69:64 CTRL_DIR entering state FORCE_BOTH IEEE 802.1X: 00:1c:25:cb:69:64 AUTH_PAE entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 KEY_RX entering state NO_KEY_RECEIVE IEEE 802.1X: 46 bytes from 00:1c:25:cb:69:64 IEEE 802.1X: version=2 type=2 length=0 ignoring 42 extra octets after IEEE 802.1X packet eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: received EAPOL-Logoff from STA IEEE 802.1X: 00:1c:25:cb:69:64 AUTH_PAE entering state DISCONNECTED eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: unauthorizing port IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 AUTH_PAE entering state RESTART IEEE 802.1X: station 00:1c:25:cb:69:64 - new auth session, clearing State IEEE 802.1X: Generated EAP Request-Identity for 00:1c:25:cb:69:64 (identifier 0, timeout 30) IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 AUTH_PAE entering state CONNECTING IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 AUTH_PAE entering state AUTHENTICATING IEEE 802.1X: 00:1c:25:cb:69:64 BE_AUTH entering state REQUEST IEEE 802.1X: Sending EAP Packet to 00:1c:25:cb:69:64 (identifier 0) IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE Received EAPOL packet IEEE 802.1X: 46 bytes from 00:1c:25:cb:69:64 IEEE 802.1X: version=2 type=1 length=0 ignoring 42 extra octets after IEEE 802.1X packet eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: received EAPOL-Start from STA IEEE 802.1X: 00:1c:25:cb:69:64 AUTH_PAE entering state ABORTING IEEE 802.1X: 00:1c:25:cb:69:64 BE_AUTH entering state INITIALIZE eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: aborting authentication IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 AUTH_PAE entering state RESTART IEEE 802.1X: station 00:1c:25:cb:69:64 - new auth session, clearing State IEEE 802.1X: Generated EAP Request-Identity for 00:1c:25:cb:69:64 (identifier 1, timeout 30) IEEE 802.1X: 00:1c:25:cb:69:64 BE_AUTH entering state IDLE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 AUTH_PAE entering state CONNECTING IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 AUTH_PAE entering state AUTHENTICATING IEEE 802.1X: 00:1c:25:cb:69:64 BE_AUTH entering state REQUEST IEEE 802.1X: Sending EAP Packet to 00:1c:25:cb:69:64 (identifier 1) IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE Received EAPOL packet IEEE 802.1X: 46 bytes from 00:1c:25:cb:69:64 IEEE 802.1X: version=2 type=0 length=9 ignoring 33 extra octets after IEEE 802.1X packet EAP: code=2 identifier=1 length=9 (response) eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: received EAP packet (code=2 id=1 len=9) from STA: EAP Response-Identity (1) eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: STA identity 'test' IEEE 802.1X: 00:1c:25:cb:69:64 BE_AUTH entering state RESPONSE Encapsulating EAP message into a RADIUS packet eth0: RADIUS Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=0 length=145 Attribute 1 (User-Name) length=6 Value: 'test' Attribute 4 (NAS-IP-Address) length=6 Value: 172.168.1.1 Attribute 32 (NAS-Identifier) length=5 Value: 'nas' Attribute 5 (NAS-Port) length=6 Value: 0 Attribute 30 (Called-Station-Id) length=20 Value: '00-1E-90-9D-DA-65:' Attribute 31 (Calling-Station-Id) length=19 Value: '00-1C-25-CB-69-64' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=22 Value: 'CONNECT 0Mbps 802.11' Attribute 79 (EAP-Message) length=11 Value: 02 01 00 09 01 74 65 73 74 Attribute 80 (Message-Authenticator) length=18 Value: 8c fb 79 12 61 34 28 84 76 a9 21 3b be 5b 14 82 eth0: RADIUS Next RADIUS client retransmit in 3 seconds IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE eth0: RADIUS Received 64 bytes from RADIUS server eth0: RADIUS Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=0 length=64 Attribute 79 (EAP-Message) length=8 Value: 01 02 00 06 15 20 Attribute 80 (Message-Authenticator) length=18 Value: 9c 2e 4f 5a 7a 7d f4 77 21 87 f5 fd 72 b5 9d c8 Attribute 24 (State) length=18 Value: 47 dd cb e8 47 df de bd 14 cb 1c 72 c0 57 a5 98 eth0: STA 00:1c:25:cb:69:64 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.20 sec RADIUS packet matching with station 00:1c:25:cb:69:64 eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: using EAP timeout of 30 seconds eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: decapsulated EAP packet (code=1 id=2 len=6) from RADIUS server: EAP-Request-TTLS (21) IEEE 802.1X: 00:1c:25:cb:69:64 BE_AUTH entering state REQUEST IEEE 802.1X: Sending EAP Packet to 00:1c:25:cb:69:64 (identifier 2) IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE Received EAPOL packet IEEE 802.1X: 107 bytes from 00:1c:25:cb:69:64 IEEE 802.1X: version=2 type=0 length=103 EAP: code=2 identifier=2 length=103 (response) eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: received EAP packet (code=2 id=2 len=103) from STA: EAP Response-TTLS (21) IEEE 802.1X: 00:1c:25:cb:69:64 BE_AUTH entering state RESPONSE Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute eth0: RADIUS Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=1 length=257 Attribute 1 (User-Name) length=6 Value: 'test' Attribute 4 (NAS-IP-Address) length=6 Value: 172.168.1.1 Attribute 32 (NAS-Identifier) length=5 Value: 'nas' Attribute 5 (NAS-Port) length=6 Value: 0 Attribute 30 (Called-Station-Id) length=20 Value: '00-1E-90-9D-DA-65:' Attribute 31 (Calling-Station-Id) length=19 Value: '00-1C-25-CB-69-64' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=22 Value: 'CONNECT 0Mbps 802.11' Attribute 79 (EAP-Message) length=105 Value: 02 02 00 67 15 80 00 00 00 5d 16 03 01 00 58 01 00 00 54 03 01 4a 1a ae 6d 88 81 71 1b b1 1d 6e 87 ed 9d f1 5e 0b 60 34 14 2a 9d 50 5c e6 96 af 4b 6f b4 7e e1 00 00 26 00 39 00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 02 01 00 00 04 00 23 00 00 Attribute 24 (State) length=18 Value: 47 dd cb e8 47 df de bd 14 cb 1c 72 c0 57 a5 98 Attribute 80 (Message-Authenticator) length=18 Value: 99 90 36 d8 40 eb c6 a7 9f b4 13 3d a0 b0 01 2a eth0: RADIUS Next RADIUS client retransmit in 3 seconds IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE eth0: RADIUS Received 1090 bytes from RADIUS server eth0: RADIUS Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=1 length=1090 Attribute 79 (EAP-Message) length=255 Value: 01 03 04 00 15 c0 00 00 0a 81 16 03 01 00 30 02 00 00 2c 03 01 4a 1a b0 46 7e 0b 57 92 df f3 e3 47 1f f9 d3 b4 76 18 a9 c3 30 6b 8b ee 0a f1 76 9d 05 d5 be 9e 00 00 39 01 00 04 00 23 00 00 16 03 01 08 2c 0b 00 08 28 00 08 25 00 03 92 30 82 03 8e 30 82 02 76 a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 81 89 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 13 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 13 09 53 6f 6d 65 77 68 65 72 65 31 12 30 10 06 03 55 04 0a 13 09 54 65 73 74 20 49 6e 63 2e 31 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 09 01 16 0d 54 65 73 74 40 74 65 73 74 2e 63 6f 6d 31 23 30 21 06 03 55 04 03 13 1a 54 65 73 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d Attribute 79 (EAP-Message) length=255 Value: 30 39 30 35 32 35 31 33 30 32 35 35 5a 17 0d 31 30 30 35 32 35 31 33 30 32 35 35 5a 30 72 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 13 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 0a 13 09 54 65 73 74 20 49 6e 63 2e 31 20 30 1e 06 03 55 04 03 13 17 54 65 73 74 20 53 65 72 76 65 72 20 43 65 72 74 69 66 69 63 61 74 65 31 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 09 01 16 0d 54 65 73 74 40 74 65 73 74 2e 63 6f 6d 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 eb 83 33 f4 fc dc 0e ca c4 e4 06 23 33 d2 ff 55 04 31 89 67 dd ba fd 5d aa d6 bf ce 8c c9 17 c5 80 e7 eb c9 c4 44 65 86 6f 59 ed 3e b4 21 c8 10 d3 d5 0f 8e 11 41 d7 25 82 00 e7 30 b2 8a 15 a0 94 8b cc 3f 70 4a 76 ef e3 06 f9 f7 Attribute 79 (EAP-Message) length=255 Value: d1 5f 68 66 43 b3 91 c2 46 63 04 79 19 6c a5 d3 91 dd c0 e1 16 25 dc 37 78 54 2e 3e 20 4c ab 06 a4 96 82 dd fa 60 3a 1c 20 54 82 c7 50 5d a6 85 b4 7c 7d 1e df f5 0a 36 3a 7e f4 95 46 49 b6 9f bc 9c 43 82 fa 21 c8 90 e9 9b 50 86 c9 d8 41 a0 04 ca 19 a4 b9 38 18 07 ae 1c 23 22 ac cf 50 8f 8f d4 26 a3 1c d9 46 a3 9c ec 1f 62 85 d2 12 f0 51 29 7e 8e cc 1c d4 59 48 7d 77 2c d6 13 92 03 9b 99 42 a0 44 60 03 ac 97 ab 5f 4b 02 21 3b de c2 ff 86 7e 0c bc de 5b d0 1f 2c 0b c4 fd ee d2 2d dd 64 4e 4e 3c 83 d0 be f9 85 ce 45 1e a7 da 54 c8 0f 7d 02 03 01 00 01 a3 17 30 15 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 82 01 01 00 15 7d 57 a0 27 11 81 06 52 9d a2 e1 df 1f 6e 3c c2 ee 61 c9 b7 90 7d Attribute 79 (EAP-Message) length=255 Value: d3 c3 1d cf b5 18 2b b2 ba 9f 02 9a f2 7f 72 20 79 66 2f bb cd 95 57 aa c8 28 d9 ac a8 89 b5 1a 29 bd b4 a2 24 3b b8 71 e5 75 2d e8 04 c7 97 ad f0 6f 36 d6 4d 4d c9 57 db ba 0e 43 60 e4 d1 10 9d 8f ba 0b b2 7b bc 5f e0 6d 39 68 83 e0 96 e9 0b 29 cf fd a7 bf ef a6 46 32 f3 1a 12 77 cc 79 a8 71 e4 8d a1 16 5d c6 14 1b 15 cc c2 c4 35 f4 1f fe 99 94 50 09 a2 91 b3 d5 c9 4c 1b e4 3b 15 aa e0 53 1a f6 01 6c 4e 2d 8d 44 f3 29 81 c5 cf e5 78 e0 bc e6 df 5f d0 19 c2 91 21 3d e0 fa 5c fc 99 f9 8c dd e6 8d eb 0a a7 c6 3b 03 9e 7c a7 58 40 65 d4 6c 25 7c 81 d7 1a 72 0a 64 56 21 73 ce 09 c2 a4 a9 74 ab c2 87 22 1f 6c 51 ac 2a 5d 0e ab a9 d5 12 92 bf 1f 8b e4 71 86 be 9b 20 6d c4 ee 59 05 a9 39 b0 81 2c 00 04 8d 30 82 04 89 30 82 03 71 a0 03 02 01 02 02 09 00 d1 Attribute 79 (EAP-Message) length=14 Value: 72 e6 eb 33 65 80 7d 30 0d 06 09 2a Attribute 80 (Message-Authenticator) length=18 Value: ce 01 8b 1f 83 ea 48 89 38 c9 aa 3f b1 06 c8 f9 Attribute 24 (State) length=18 Value: 47 dd cb e8 46 de de bd 14 cb 1c 72 c0 57 a5 98 eth0: STA 00:1c:25:cb:69:64 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.51 sec RADIUS packet matching with station 00:1c:25:cb:69:64 eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: using EAP timeout of 30 seconds eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: decapsulated EAP packet (code=1 id=3 len=1024) from RADIUS server: EAP-Request-TTLS (21) IEEE 802.1X: 00:1c:25:cb:69:64 BE_AUTH entering state REQUEST IEEE 802.1X: Sending EAP Packet to 00:1c:25:cb:69:64 (identifier 3) IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE Received EAPOL packet IEEE 802.1X: 46 bytes from 00:1c:25:cb:69:64 IEEE 802.1X: version=2 type=0 length=6 ignoring 36 extra octets after IEEE 802.1X packet EAP: code=2 identifier=3 length=6 (response) eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: received EAP packet (code=2 id=3 len=6) from STA: EAP Response-TTLS (21) IEEE 802.1X: 00:1c:25:cb:69:64 BE_AUTH entering state RESPONSE Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute eth0: RADIUS Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=2 length=160 Attribute 1 (User-Name) length=6 Value: 'test' Attribute 4 (NAS-IP-Address) length=6 Value: 172.168.1.1 Attribute 32 (NAS-Identifier) length=5 Value: 'nas' Attribute 5 (NAS-Port) length=6 Value: 0 Attribute 30 (Called-Station-Id) length=20 Value: '00-1E-90-9D-DA-65:' Attribute 31 (Calling-Station-Id) length=19 Value: '00-1C-25-CB-69-64' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=22 Value: 'CONNECT 0Mbps 802.11' Attribute 79 (EAP-Message) length=8 Value: 02 03 00 06 15 00 Attribute 24 (State) length=18 Value: 47 dd cb e8 46 de de bd 14 cb 1c 72 c0 57 a5 98 Attribute 80 (Message-Authenticator) length=18 Value: b7 56 83 73 90 e1 97 bf af c6 b4 87 b4 30 08 78 eth0: RADIUS Next RADIUS client retransmit in 3 seconds IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE eth0: RADIUS Received 1090 bytes from RADIUS server eth0: RADIUS Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=2 length=1090 Attribute 79 (EAP-Message) length=255 Value: 01 04 04 00 15 c0 00 00 0a 81 86 48 86 f7 0d 01 01 05 05 00 30 81 89 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 13 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 13 09 53 6f 6d 65 77 68 65 72 65 31 12 30 10 06 03 55 04 0a 13 09 54 65 73 74 20 49 6e 63 2e 31 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 09 01 16 0d 54 65 73 74 40 74 65 73 74 2e 63 6f 6d 31 23 30 21 06 03 55 04 03 13 1a 54 65 73 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 30 39 30 35 32 35 31 33 30 32 35 35 5a 17 0d 31 30 30 35 32 35 31 33 30 32 35 35 5a 30 81 89 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 13 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 13 09 53 6f 6d 65 77 68 65 72 65 31 12 30 10 06 03 55 04 Attribute 79 (EAP-Message) length=255 Value: 0a 13 09 54 65 73 74 20 49 6e 63 2e 31 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 09 01 16 0d 54 65 73 74 40 74 65 73 74 2e 63 6f 6d 31 23 30 21 06 03 55 04 03 13 1a 54 65 73 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 e3 d5 48 92 73 e0 0c 96 bb c4 b0 36 1e 97 9c a1 b9 6d d1 73 d2 bb 43 5c 7a d1 47 ac 79 6b 54 e8 a5 be 50 11 ca 77 53 d5 e9 03 46 d1 2f 30 46 f7 45 7c 14 c1 65 af 4e 7c 9b 27 a3 73 b3 97 b0 65 69 c4 fc 3f 70 f3 2d ec 42 a3 33 af c8 ee 2a 42 f7 9c 8c 67 3f 03 fc df 29 d6 35 b3 83 8e ac 56 06 69 75 18 7d 78 54 89 9d 10 fd 3e 24 24 61 03 76 51 7e 3b 2a 6d de a5 d2 37 e9 7a 06 8a a5 6e 27 69 39 19 fc ef be 88 bd 44 af 3d 65 Attribute 79 (EAP-Message) length=255 Value: 9f 65 8d 22 c7 65 a6 40 1d ed 3d ca 60 5b e9 45 63 08 4c c8 f3 0d 5f 57 5c 82 a6 7d d8 3d 9d 54 86 f0 b4 19 53 d3 8f b8 ab a7 ec 1d 9f ed c2 a9 78 dd 45 97 11 1f 03 7a 9b b6 68 c4 98 65 79 ab c6 a1 4f bb 64 7e 5b 21 65 ee e4 d3 dd a2 93 b4 14 ba b1 1b 2b 58 51 5a 56 38 7e 06 7a af 4c 5c 7a f0 6e cc 00 91 74 9f f6 be e1 11 87 34 20 42 9f 7c a5 02 03 01 00 01 a3 81 f1 30 81 ee 30 1d 06 03 55 1d 0e 04 16 04 14 65 b5 82 a2 d1 e3 bf 81 d9 08 7b df d0 34 34 d1 ca 05 2a 3b 30 81 be 06 03 55 1d 23 04 81 b6 30 81 b3 80 14 65 b5 82 a2 d1 e3 bf 81 d9 08 7b df d0 34 34 d1 ca 05 2a 3b a1 81 8f a4 81 8c 30 81 89 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 13 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 13 09 53 6f 6d 65 77 68 65 72 65 31 Attribute 79 (EAP-Message) length=255 Value: 12 30 10 06 03 55 04 0a 13 09 54 65 73 74 20 49 6e 63 2e 31 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 09 01 16 0d 54 65 73 74 40 74 65 73 74 2e 63 6f 6d 31 23 30 21 06 03 55 04 03 13 1a 54 65 73 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 82 09 00 d1 72 e6 eb 33 65 80 7d 30 0c 06 03 55 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 82 01 01 00 01 6a f7 b0 a9 b3 e2 72 df 2c 14 3b 37 67 23 5a af fa b7 b0 c2 4b 68 ae a1 0a 2a 0d 15 f2 72 5d 0b ab dd 27 07 b2 d1 c2 ff 45 70 b9 38 e1 1d f4 ad 91 5a ba 98 13 40 2e c4 92 9b e3 b0 fc 07 d5 12 ba d7 b0 7e 4c f9 63 38 ae fa 8b aa 4c a5 e4 6c 5a 4c 66 c5 7f 3c 67 e0 ac 68 29 f2 73 2f f2 7c a3 9f 1b 5b 86 6a b1 53 3f 0b d5 54 7a 7d 21 2d a4 10 e6 f2 f1 48 b4 23 71 Attribute 79 (EAP-Message) length=14 Value: 80 3a b7 7f 54 40 50 27 f6 b6 c0 bc Attribute 80 (Message-Authenticator) length=18 Value: 35 0d f4 f5 2b 41 89 cf aa 96 a3 3b 56 d3 95 5f Attribute 24 (State) length=18 Value: 47 dd cb e8 45 d9 de bd 14 cb 1c 72 c0 57 a5 98 eth0: STA 00:1c:25:cb:69:64 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.04 sec RADIUS packet matching with station 00:1c:25:cb:69:64 eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: using EAP timeout of 30 seconds eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: decapsulated EAP packet (code=1 id=4 len=1024) from RADIUS server: EAP-Request-TTLS (21) IEEE 802.1X: 00:1c:25:cb:69:64 BE_AUTH entering state REQUEST IEEE 802.1X: Sending EAP Packet to 00:1c:25:cb:69:64 (identifier 4) IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE Received EAPOL packet IEEE 802.1X: 46 bytes from 00:1c:25:cb:69:64 IEEE 802.1X: version=2 type=0 length=6 ignoring 36 extra octets after IEEE 802.1X packet EAP: code=2 identifier=4 length=6 (response) eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: received EAP packet (code=2 id=4 len=6) from STA: EAP Response-TTLS (21) IEEE 802.1X: 00:1c:25:cb:69:64 BE_AUTH entering state RESPONSE Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute eth0: RADIUS Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=3 length=160 Attribute 1 (User-Name) length=6 Value: 'test' Attribute 4 (NAS-IP-Address) length=6 Value: 172.168.1.1 Attribute 32 (NAS-Identifier) length=5 Value: 'nas' Attribute 5 (NAS-Port) length=6 Value: 0 Attribute 30 (Called-Station-Id) length=20 Value: '00-1E-90-9D-DA-65:' Attribute 31 (Calling-Station-Id) length=19 Value: '00-1C-25-CB-69-64' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=22 Value: 'CONNECT 0Mbps 802.11' Attribute 79 (EAP-Message) length=8 Value: 02 04 00 06 15 00 Attribute 24 (State) length=18 Value: 47 dd cb e8 45 d9 de bd 14 cb 1c 72 c0 57 a5 98 Attribute 80 (Message-Authenticator) length=18 Value: b9 89 eb 37 72 f0 f9 73 5e c8 a3 78 32 62 ca 72 eth0: RADIUS Next RADIUS client retransmit in 3 seconds IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE eth0: RADIUS Received 733 bytes from RADIUS server eth0: RADIUS Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=3 length=733 Attribute 79 (EAP-Message) length=255 Value: 01 05 02 9f 15 80 00 00 0a 81 94 9f 63 3b 3e 27 ef f6 c8 a0 e4 66 4f 61 70 b9 67 1c 73 34 6e 88 a0 a6 cd 86 81 2f 48 d3 0d 9a 9a c2 b7 20 b2 f3 ef 36 43 5a 21 f0 5e 3b 7f 89 84 82 4a e8 4b a1 b2 06 87 44 0f 66 43 31 f6 42 4e ea d0 d4 87 c9 ae f5 65 96 82 77 68 8c bc 38 36 4f 5a af b8 91 f6 5b bf 3f 53 7d 09 94 bf b0 71 88 16 ad 5e 36 a6 e5 44 91 c3 6b 69 10 78 09 01 e7 e3 4c 54 ec 7c 92 90 32 16 03 01 02 0d 0c 00 02 09 00 80 d1 ae f8 6b e9 cc 76 06 1c 1a dd 1f 95 55 27 57 31 44 7a 62 b0 48 a5 dc 3b 67 c8 71 8c f9 31 98 b8 8f b9 f8 c7 c3 c5 6e fc 85 ed a6 8d 94 4d e9 a0 38 22 e0 57 d6 e6 7c 9b fa 1e fb 92 34 9a 4f e6 7b 80 3d 74 20 cf a4 3a bc 10 56 1c 7c 3d 66 e4 1e 9e 75 41 ac 7b 89 ea 70 2b ae 74 c1 92 18 83 46 24 3b 87 a9 a8 44 e0 ba c2 b6 ee ae Attribute 79 (EAP-Message) length=255 Value: 49 3a 5a 48 d6 e5 88 be 9a 31 59 5e ae fb 25 c5 0d 8b 00 01 02 00 80 2d da cb 61 18 c8 75 6d de da 9c 21 f6 7f 04 0b 91 ba 6c 9f b0 7d 2e b6 1d cf ff 33 7f b8 71 38 b4 42 eb e7 1c db 6b 1b 2b 64 b7 11 85 6d e2 dc d9 4b b2 6b c9 8b 98 cf 81 52 79 9b 00 87 7a fd 32 7f b7 15 9e 68 ee 20 0a 04 5d cf 3a 05 ec fe 6d 11 22 40 a0 c5 06 ff 25 f4 b8 48 3e ca ef 9c 29 cf 0e ba a3 15 3f f0 b1 f9 29 02 50 79 a1 e4 1d 93 54 60 ef 8f 68 d1 7e 90 40 dd 61 9c 7c 23 01 00 cb 24 4e 08 f2 35 b0 42 02 a8 f2 f1 6e db 82 af 47 0b c0 7c 40 ae 91 1b 46 d0 71 eb 20 19 5b ce 69 ff cb 8d 33 97 b5 97 ff 20 93 d1 14 84 78 bc da 9d 35 77 38 12 14 ce 1e a7 66 95 33 3d dc 04 82 3e 21 24 f9 29 d3 d3 9d f9 90 8f b3 0c 70 4f d0 3d cb 3e 5c 42 d4 89 8c 9d 2d 9b ee dc c5 24 da 42 93 6f Attribute 79 (EAP-Message) length=167 Value: 52 bf 1c f5 11 a7 cf 1b 91 a4 40 c1 1b c5 da d4 ee c6 e6 e1 08 db d3 1b 92 cf 24 63 af a0 d7 36 19 3d 26 f3 2a 68 5a 58 38 72 0e 39 81 95 4d 80 39 d1 13 8f a9 6e 87 1a e5 04 02 6f 0f 12 1a ba df 68 52 73 d9 63 b5 6b 7a 58 3c 6d 48 01 28 9d bb c6 c8 4f c7 0c 8f a9 7d 62 3a 33 f5 60 5a 5d a4 6d 98 59 c4 a2 5a c3 2c 29 6c d8 ac ef f3 a3 e9 dd eb cf 19 ad 73 34 e0 68 e2 0e ff e3 4a 62 bd c8 03 56 17 ac 5b 6f 5f b6 22 91 19 6d ed 2f db 65 b4 28 be 83 82 14 df 91 70 90 16 03 01 00 04 0e 00 00 00 Attribute 80 (Message-Authenticator) length=18 Value: 87 0c 1c f3 7e b9 bc 25 aa ce 22 d7 cc 11 d9 bc Attribute 24 (State) length=18 Value: 47 dd cb e8 44 d8 de bd 14 cb 1c 72 c0 57 a5 98 eth0: STA 00:1c:25:cb:69:64 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.05 sec RADIUS packet matching with station 00:1c:25:cb:69:64 eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: using EAP timeout of 30 seconds eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: decapsulated EAP packet (code=1 id=5 len=671) from RADIUS server: EAP-Request-TTLS (21) IEEE 802.1X: 00:1c:25:cb:69:64 BE_AUTH entering state REQUEST IEEE 802.1X: Sending EAP Packet to 00:1c:25:cb:69:64 (identifier 5) IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE Received EAPOL packet IEEE 802.1X: 212 bytes from 00:1c:25:cb:69:64 IEEE 802.1X: version=2 type=0 length=208 EAP: code=2 identifier=5 length=208 (response) eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: received EAP packet (code=2 id=5 len=208) from STA: EAP Response-TTLS (21) IEEE 802.1X: 00:1c:25:cb:69:64 BE_AUTH entering state RESPONSE Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute eth0: RADIUS Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=4 length=362 Attribute 1 (User-Name) length=6 Value: 'test' Attribute 4 (NAS-IP-Address) length=6 Value: 172.168.1.1 Attribute 32 (NAS-Identifier) length=5 Value: 'nas' Attribute 5 (NAS-Port) length=6 Value: 0 Attribute 30 (Called-Station-Id) length=20 Value: '00-1E-90-9D-DA-65:' Attribute 31 (Calling-Station-Id) length=19 Value: '00-1C-25-CB-69-64' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=22 Value: 'CONNECT 0Mbps 802.11' Attribute 79 (EAP-Message) length=210 Value: 02 05 00 d0 15 80 00 00 00 c6 16 03 01 00 86 10 00 00 82 00 80 4a 1e 5d 67 f9 55 d5 97 c8 1c a1 48 12 e0 63 16 6b 76 18 e3 76 e5 b0 f6 64 bb c9 c5 c8 f4 93 6e 88 76 93 f4 10 f9 e4 8a 84 83 65 0e c0 67 6e 27 9b d6 5e ac 34 6b 49 50 83 c6 f1 f3 a2 46 79 5c eb 64 2e 9e c9 22 87 0e 25 d3 03 82 a7 fc 36 2d 55 a6 fa be 5c d3 9a 60 23 d7 66 80 d6 e7 b0 c4 9c c3 a9 39 79 c5 b9 b6 1b 6f b8 5b 2e ac d7 27 cf 6d 36 ef 2f 5d 59 84 09 26 11 58 76 ac a4 9f 14 03 01 00 01 01 16 03 01 00 30 be b6 b0 3a 7c a7 bc dc 8f 7e 73 05 ae a5 93 33 99 a3 bb 71 2a b4 6d 29 d7 cd b5 77 3d d6 d9 45 1e a8 30 d5 45 7d bb 38 93 0d 45 a6 21 1c f9 ec Attribute 24 (State) length=18 Value: 47 dd cb e8 44 d8 de bd 14 cb 1c 72 c0 57 a5 98 Attribute 80 (Message-Authenticator) length=18 Value: 7f 59 45 7b ca 9d 20 44 bc 0f d9 18 72 65 71 0b eth0: RADIUS Next RADIUS client retransmit in 3 seconds IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE eth0: RADIUS Received 302 bytes from RADIUS server eth0: RADIUS Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=4 length=302 Attribute 79 (EAP-Message) length=246 Value: 01 06 00 f4 15 80 00 00 00 ea 16 03 01 00 aa 04 00 00 a6 00 00 00 00 00 a0 93 54 2c 20 81 df a3 8c c9 94 d7 7f 85 c4 c1 2c 4f 0b 45 61 83 e9 15 a9 a6 ea f2 41 c9 f9 40 ee 64 0c ea a5 4a b3 61 e9 e8 06 60 dc 2a 1e 4a 4f 75 4f f2 75 57 69 14 25 c9 ee c1 29 52 52 da b3 f1 33 bd f1 b1 04 91 27 ea a6 cd ed ff 1d 35 5d fd f2 34 a1 79 99 9b 13 57 85 33 80 73 0f 4e d9 0e 18 15 aa 23 a8 62 1b 08 5c 35 13 e0 07 6d 58 29 23 bd c8 23 9c 39 ca ef 46 93 95 7f 38 4c 0e 4a c0 8f 74 c8 39 bf ab 58 f1 f9 c8 5f 8e f9 cc 73 cc 01 19 5b 67 b5 c5 18 94 41 24 92 39 1c 9f 14 03 01 00 01 01 16 03 01 00 30 12 2a 6c e7 34 c2 4f 42 5b 0c e1 6f f1 eb 9e 04 af 15 ff 56 cf b2 84 d1 33 a9 d7 7b fe 84 a9 d2 07 3b f7 fd 48 8d 4a 2c 4f 34 09 1a 65 5e b6 d3 Attribute 80 (Message-Authenticator) length=18 Value: 7d 4e ba bd 81 5f 4b 9a c6 a1 5c df ed 16 73 cd Attribute 24 (State) length=18 Value: 47 dd cb e8 43 db de bd 14 cb 1c 72 c0 57 a5 98 eth0: STA 00:1c:25:cb:69:64 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.19 sec RADIUS packet matching with station 00:1c:25:cb:69:64 eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: using EAP timeout of 30 seconds eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: decapsulated EAP packet (code=1 id=6 len=244) from RADIUS server: EAP-Request-TTLS (21) IEEE 802.1X: 00:1c:25:cb:69:64 BE_AUTH entering state REQUEST IEEE 802.1X: Sending EAP Packet to 00:1c:25:cb:69:64 (identifier 6) IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE Received EAPOL packet IEEE 802.1X: 46 bytes from 00:1c:25:cb:69:64 IEEE 802.1X: version=2 type=0 length=6 ignoring 36 extra octets after IEEE 802.1X packet EAP: code=2 identifier=6 length=6 (response) eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: received EAP packet (code=2 id=6 len=6) from STA: EAP Response-TTLS (21) IEEE 802.1X: 00:1c:25:cb:69:64 BE_AUTH entering state RESPONSE Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute eth0: RADIUS Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=5 length=160 Attribute 1 (User-Name) length=6 Value: 'test' Attribute 4 (NAS-IP-Address) length=6 Value: 172.168.1.1 Attribute 32 (NAS-Identifier) length=5 Value: 'nas' Attribute 5 (NAS-Port) length=6 Value: 0 Attribute 30 (Called-Station-Id) length=20 Value: '00-1E-90-9D-DA-65:' Attribute 31 (Calling-Station-Id) length=19 Value: '00-1C-25-CB-69-64' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=22 Value: 'CONNECT 0Mbps 802.11' Attribute 79 (EAP-Message) length=8 Value: 02 06 00 06 15 00 Attribute 24 (State) length=18 Value: 47 dd cb e8 43 db de bd 14 cb 1c 72 c0 57 a5 98 Attribute 80 (Message-Authenticator) length=18 Value: 25 c7 5e 2b 69 14 da b9 55 6d ec 0e 93 0c 66 a4 eth0: RADIUS Next RADIUS client retransmit in 3 seconds IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE eth0: RADIUS Received 68 bytes from RADIUS server eth0: RADIUS Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=5 length=68 Attribute 79 (EAP-Message) length=12 Value: 01 07 00 0a 15 80 00 00 00 00 Attribute 80 (Message-Authenticator) length=18 Value: fa ad ee d8 c5 fe 0c c3 5d f6 22 a3 29 ac 77 64 Attribute 24 (State) length=18 Value: 47 dd cb e8 42 da de bd 14 cb 1c 72 c0 57 a5 98 eth0: STA 00:1c:25:cb:69:64 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.05 sec RADIUS packet matching with station 00:1c:25:cb:69:64 eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: using EAP timeout of 30 seconds eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: decapsulated EAP packet (code=1 id=7 len=10) from RADIUS server: EAP-Request-TTLS (21) IEEE 802.1X: 00:1c:25:cb:69:64 BE_AUTH entering state REQUEST IEEE 802.1X: Sending EAP Packet to 00:1c:25:cb:69:64 (identifier 7) IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE Received EAPOL packet IEEE 802.1X: 79 bytes from 00:1c:25:cb:69:64 IEEE 802.1X: version=2 type=0 length=75 EAP: code=2 identifier=7 length=75 (response) eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: received EAP packet (code=2 id=7 len=75) from STA: EAP Response-TTLS (21) IEEE 802.1X: 00:1c:25:cb:69:64 BE_AUTH entering state RESPONSE Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute eth0: RADIUS Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=6 length=229 Attribute 1 (User-Name) length=6 Value: 'test' Attribute 4 (NAS-IP-Address) length=6 Value: 172.168.1.1 Attribute 32 (NAS-Identifier) length=5 Value: 'nas' Attribute 5 (NAS-Port) length=6 Value: 0 Attribute 30 (Called-Station-Id) length=20 Value: '00-1E-90-9D-DA-65:' Attribute 31 (Calling-Station-Id) length=19 Value: '00-1C-25-CB-69-64' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=22 Value: 'CONNECT 0Mbps 802.11' Attribute 79 (EAP-Message) length=77 Value: 02 07 00 4b 15 00 17 03 01 00 40 f1 b0 10 6a 8c 80 8c f1 5e 72 04 66 22 af 83 0a 33 8f 54 b1 7c c5 81 85 38 ff 8f 6f 9c c4 b8 70 31 16 cf 93 fa 4a 65 ac 19 f4 e9 0a 4c 88 d5 06 0d 62 d0 fc bb 82 b3 0a d3 bd 8f 16 ea 1c 4f 06 Attribute 24 (State) length=18 Value: 47 dd cb e8 42 da de bd 14 cb 1c 72 c0 57 a5 98 Attribute 80 (Message-Authenticator) length=18 Value: f8 74 16 0d bc 3d cb eb 09 7c 66 2f cc b2 db 69 eth0: RADIUS Next RADIUS client retransmit in 3 seconds IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE eth0: RADIUS Received 44 bytes from RADIUS server eth0: RADIUS Received RADIUS message RADIUS message: code=3 (Access-Reject) identifier=6 length=44 Attribute 79 (EAP-Message) length=6 Value: 04 07 00 04 Attribute 80 (Message-Authenticator) length=18 Value: b9 7c 23 f1 cd d5 24 c3 c8 d9 a9 f0 92 eb d0 88 eth0: STA 00:1c:25:cb:69:64 RADIUS: Received RADIUS packet matched with a pending request, round trip time 1.00 sec RADIUS packet matching with station 00:1c:25:cb:69:64 eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: decapsulated EAP packet (code=4 id=7 len=4) from RADIUS server: EAP Failure IEEE 802.1X: 00:1c:25:cb:69:64 BE_AUTH entering state FAIL IEEE 802.1X: Sending EAP Packet to 00:1c:25:cb:69:64 (identifier 7) IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 AUTH_PAE entering state HELD eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: unauthorizing port eth0: STA 00:1c:25:cb:69:64 IEEE 802.1X: authentication failed - EAP type: 21 (TTLS) IEEE 802.1X: 00:1c:25:cb:69:64 BE_AUTH entering state IDLE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE IEEE 802.1X: 00:1c:25:cb:69:64 REAUTH_TIMER entering state INITIALIZE Signal 2 received - terminating Removing station 00:1c:25:cb:69:64 Flushing old station entries Deauthenticate all stations XSUPPLICANT Unknown driver 'wired' requested. [sTATE] Reinit state machine [sTATE] [backend_sm] REQUEST -> INITIALIZE [sTATE] [backend_sm] INITIALIZE -> IDLE [sTATE] [backend_sm] UNKNOWN -> INITIALIZE [sTATE] [backend_sm] INITIALIZE -> IDLE [iNT] Initializing socket for interface eth0.. [iNT] Interface eth0 is NOT wireless! Couldn't get encryption capabilites! [iNT] Interface has no encryption capabilities, or unknown abilitites. [iNT] Interface initialized! [CONFIG] Working from config file test.conf. No configuration information for network "(null)" found. Using default. [iNT] Opened socket descriptor #5 [iNT] Interface eth0 is NOT wireless! [sTATE] Changing from DISCONNECTED to CONNECTING. [sTATE] Sending EAPOL-Start Frame. [ALL] Frame to be sent (18) : 000 | 01 80 c2 00 00 03 00 1c 25 cb 69 64 88 8e 02 01 | ........%.id.... 010 | 00 00 | .. [ALL] Got Frame (60) : 000 | 00 1c 25 cb 69 64 00 1e 90 9d da 65 88 8e 02 00 | ..%.id.....e.... 010 | 00 05 01 01 00 05 01 00 00 00 00 00 00 00 00 00 | ................ 020 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 030 | 00 00 00 00 00 00 00 00 00 00 00 00 | ............ [iNT] Changing destination mac to source. [ALL] Got EAP-Request-Identification. [sTATE] Changing from CONNECTING to RESTART. [sTATE] Supplicant PAE has issued a restart. [sTATE] Changing from RESTART to AUTHENTICATING. [sTATE] [backend_sm] IDLE -> REQUEST [ALL] Got EAP-Request-Identification. [sTATE] Building EAP-Response-ID! [CONFIG] Identity : test [sTATE] [backend_sm] REQUEST -> RESPONSE [ALL] Frame to be sent (27) : 000 | 00 1e 90 9d da 65 00 1c 25 cb 69 64 88 8e 02 00 | .....e..%.id.... 010 | 00 09 02 01 00 09 01 74 65 73 74 | .......test [sTATE] [backend_sm] RESPONSE -> RECEIVE [ALL] Got Frame (60) : 000 | 00 1c 25 cb 69 64 00 1e 90 9d da 65 88 8e 02 00 | ..%.id.....e.... 010 | 00 06 01 02 00 06 15 20 00 00 00 00 00 00 00 00 | ....... ........ 020 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 030 | 00 00 00 00 00 00 00 00 00 00 00 00 | ............ [ALL] Got EAP-Request for type 21 (EAP_TTLS). [ALL] Got EAP-Request-Authentication. [sTATE] [backend_sm] RECEIVE -> REQUEST [ALL] Got EAP-Request for type 21 (EAP_TTLS). [ALL] Got EAP-Request-Authentication. [sTATE] Building EAPOL-Response-Authentication [ALL] (EAP-TTLS) Initialized. [CONFIG] Trying to load root certificate certs_ttls/ca.pem or certificate directory certs_ttls [CONFIG] Loaded root certificate certs_ttls/ca.pem and directory certs_ttls [AUTH TYPE] Packet in (1) : 000 | 20 | [AUTH TYPE] --- SSL : before/connect initialization [AUTH TYPE] --- SSL : before/connect initialization [AUTH TYPE] --- SSL : SSLv3 write client hello A [AUTH TYPE] --- SSL : SSLv3 read server hello A [sTATE] [backend_sm] REQUEST -> RESPONSE [ALL] Frame to be sent (121) : 000 | 00 1e 90 9d da 65 00 1c 25 cb 69 64 88 8e 02 00 | .....e..%.id.... 010 | 00 67 02 02 00 67 15 80 00 00 00 5d 16 03 01 00 | .g...g.....].... 020 | 58 01 00 00 54 03 01 4a 1a ae 6d 88 81 71 1b b1 | X...T..J..m..q.. 030 | 1d 6e 87 ed 9d f1 5e 0b 60 34 14 2a 9d 50 5c e6 | .n....^.`4.*.P\. 040 | 96 af 4b 6f b4 7e e1 00 00 26 00 39 00 38 00 35 | ..Ko.~...&.9.8.5 050 | 00 16 00 13 00 0a 00 33 00 32 00 2f 00 05 00 04 | .......3.2./.... 060 | 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 | ................ 070 | 02 01 00 00 04 00 23 00 00 | ......#.. [sTATE] [backend_sm] RESPONSE -> RECEIVE [ALL] Clock tick! authWhile=29 heldWhile=59 startWhen=29 curState=AUTHENTICATING [ALL] Got Frame (1042) : 000 | 00 1c 25 cb 69 64 00 1e 90 9d da 65 88 8e 02 00 | ..%.id.....e.... 010 | 04 00 01 03 04 00 15 c0 00 00 0a 81 16 03 01 00 | ................ 020 | 30 02 00 00 2c 03 01 4a 1a b0 46 7e 0b 57 92 df | 0...,..J..F~.W.. 030 | f3 e3 47 1f f9 d3 b4 76 18 a9 c3 30 6b 8b ee 0a | ..G....v...0k... 040 | f1 76 9d 05 d5 be 9e 00 00 39 01 00 04 00 23 00 | .v.......9....#. 050 | 00 16 03 01 08 2c 0b 00 08 28 00 08 25 00 03 92 | .....,...(..%... 060 | 30 82 03 8e 30 82 02 76 a0 03 02 01 02 02 01 01 | 0...0..v........ 070 | 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 | 0...*.H........0 080 | 81 89 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 | ..1.0...U....FR1 090 | 0f 30 0d 06 03 55 04 08 13 06 52 61 64 69 75 73 | .0...U....Radius 0a0 | 31 12 30 10 06 03 55 04 07 13 09 53 6f 6d 65 77 | 1.0...U....Somew 0b0 | 68 65 72 65 31 12 30 10 06 03 55 04 0a 13 09 54 | here1.0...U....T 0c0 | 65 73 74 20 49 6e 63 2e 31 1c 30 1a 06 09 2a 86 | est Inc.1.0...*. 0d0 | 48 86 f7 0d 01 09 01 16 0d 54 65 73 74 40 74 65 | H........Test@te 0e0 | 73 74 2e 63 6f 6d 31 23 30 21 06 03 55 04 03 13 | st.com1#0!..U... 0f0 | 1a 54 65 73 74 20 43 65 72 74 69 66 69 63 61 74 | .Test Certificat 100 | 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 30 | e Authority0...0 110 | 39 30 35 32 35 31 33 30 32 35 35 5a 17 0d 31 30 | 90525130255Z..10 120 | 30 35 32 35 31 33 30 32 35 35 5a 30 72 31 0b 30 | 0525130255Z0r1.0 130 | 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 | ...U....FR1.0... 140 | 55 04 08 13 06 52 61 64 69 75 73 31 12 30 10 06 | U....Radius1.0.. 150 | 03 55 04 0a 13 09 54 65 73 74 20 49 6e 63 2e 31 | .U....Test Inc.1 160 | 20 30 1e 06 03 55 04 03 13 17 54 65 73 74 20 53 | 0...U....Test S 170 | 65 72 76 65 72 20 43 65 72 74 69 66 69 63 61 74 | erver Certificat 180 | 65 31 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 09 01 | e1.0...*.H...... 190 | 16 0d 54 65 73 74 40 74 65 73 74 2e 63 6f 6d 30 | ..Test@test.com0 1a0 | 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 | .."0...*.H...... 1b0 | 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 | .......0........ 1c0 | eb 83 33 f4 fc dc 0e ca c4 e4 06 23 33 d2 ff 55 | ..3........#3..U 1d0 | 04 31 89 67 dd ba fd 5d aa d6 bf ce 8c c9 17 c5 | .1.g...]........ 1e0 | 80 e7 eb c9 c4 44 65 86 6f 59 ed 3e b4 21 c8 10 | .....De.oY.>.!.. 1f0 | d3 d5 0f 8e 11 41 d7 25 82 00 e7 30 b2 8a 15 a0 | .....A.%...0.... 200 | 94 8b cc 3f 70 4a 76 ef e3 06 f9 f7 d1 5f 68 66 | ...?pJv......_hf 210 | 43 b3 91 c2 46 63 04 79 19 6c a5 d3 91 dd c0 e1 | C...Fc.y.l...... 220 | 16 25 dc 37 78 54 2e 3e 20 4c ab 06 a4 96 82 dd | .%.7xT.> L...... 230 | fa 60 3a 1c 20 54 82 c7 50 5d a6 85 b4 7c 7d 1e | .`:. T..P]...|}. 240 | df f5 0a 36 3a 7e f4 95 46 49 b6 9f bc 9c 43 82 | ...6:~..FI....C. 250 | fa 21 c8 90 e9 9b 50 86 c9 d8 41 a0 04 ca 19 a4 | .!....P...A..... 260 | b9 38 18 07 ae 1c 23 22 ac cf 50 8f 8f d4 26 a3 | .8....#"..P...&. 270 | 1c d9 46 a3 9c ec 1f 62 85 d2 12 f0 51 29 7e 8e | ..F....b....Q)~. 280 | cc 1c d4 59 48 7d 77 2c d6 13 92 03 9b 99 42 a0 | ...YH}w,......B. 290 | 44 60 03 ac 97 ab 5f 4b 02 21 3b de c2 ff 86 7e | D`...._K.!;....~ 2a0 | 0c bc de 5b d0 1f 2c 0b c4 fd ee d2 2d dd 64 4e | ...[..,.....-.dN 2b0 | 4e 3c 83 d0 be f9 85 ce 45 1e a7 da 54 c8 0f 7d | N<......E...T..} 2c0 | 02 03 01 00 01 a3 17 30 15 30 13 06 03 55 1d 25 | .......0.0...U.% 2d0 | 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 0d | ..0...+.......0. 2e0 | 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 82 01 | ..*.H........... 2f0 | 01 00 15 7d 57 a0 27 11 81 06 52 9d a2 e1 df 1f | ...}W.'...R..... 300 | 6e 3c c2 ee 61 c9 b7 90 7d d3 c3 1d cf b5 18 2b | n<..a...}......+ 310 | b2 ba 9f 02 9a f2 7f 72 20 79 66 2f bb cd 95 57 | .......r yf/...W 320 | aa c8 28 d9 ac a8 89 b5 1a 29 bd b4 a2 24 3b b8 | ..(......)...$;. 330 | 71 e5 75 2d e8 04 c7 97 ad f0 6f 36 d6 4d 4d c9 | q.u-......o6.MM. 340 | 57 db ba 0e 43 60 e4 d1 10 9d 8f ba 0b b2 7b bc | W...C`........{. 350 | 5f e0 6d 39 68 83 e0 96 e9 0b 29 cf fd a7 bf ef | _.m9h.....)..... 360 | a6 46 32 f3 1a 12 77 cc 79 a8 71 e4 8d a1 16 5d | .F2...w.y.q....] 370 | c6 14 1b 15 cc c2 c4 35 f4 1f fe 99 94 50 09 a2 | .......5.....P.. 380 | 91 b3 d5 c9 4c 1b e4 3b 15 aa e0 53 1a f6 01 6c | ....L..;...S...l 390 | 4e 2d 8d 44 f3 29 81 c5 cf e5 78 e0 bc e6 df 5f | N-.D.)....x...._ 3a0 | d0 19 c2 91 21 3d e0 fa 5c fc 99 f9 8c dd e6 8d | ....!=..\....... 3b0 | eb 0a a7 c6 3b 03 9e 7c a7 58 40 65 d4 6c 25 7c | ....;..|.X@e.l%| 3c0 | 81 d7 1a 72 0a 64 56 21 73 ce 09 c2 a4 a9 74 ab | ...r.dV!s.....t. 3d0 | c2 87 22 1f 6c 51 ac 2a 5d 0e ab a9 d5 12 92 bf | ..".lQ.*]....... 3e0 | 1f 8b e4 71 86 be 9b 20 6d c4 ee 59 05 a9 39 b0 | ...q... m..Y..9. 3f0 | 81 2c 00 04 8d 30 82 04 89 30 82 03 71 a0 03 02 | .,...0...0..q... 400 | 01 02 02 09 00 d1 72 e6 eb 33 65 80 7d 30 0d 06 | ......r..3e.}0.. 410 | 09 2a | .* [ALL] Got EAP-Request for type 21 (EAP_TTLS). [ALL] Got EAP-Request-Authentication. [sTATE] [backend_sm] RECEIVE -> REQUEST [ALL] Got EAP-Request for type 21 (EAP_TTLS). [ALL] Got EAP-Request-Authentication. [sTATE] Building EAPOL-Response-Authentication [AUTH TYPE] Packet in (1019) : 000 | c0 00 00 0a 81 16 03 01 00 30 02 00 00 2c 03 01 | .........0...,.. 010 | 4a 1a b0 46 7e 0b 57 92 df f3 e3 47 1f f9 d3 b4 | J..F~.W....G.... 020 | 76 18 a9 c3 30 6b 8b ee 0a f1 76 9d 05 d5 be 9e | v...0k....v..... 030 | 00 00 39 01 00 04 00 23 00 00 16 03 01 08 2c 0b | ..9....#......,. 040 | 00 08 28 00 08 25 00 03 92 30 82 03 8e 30 82 02 | ..(..%...0...0.. 050 | 76 a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 | v........0...*.H 060 | 86 f7 0d 01 01 04 05 00 30 81 89 31 0b 30 09 06 | ........0..1.0.. 070 | 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 | .U....FR1.0...U. 080 | 08 13 06 52 61 64 69 75 73 31 12 30 10 06 03 55 | ...Radius1.0...U 090 | 04 07 13 09 53 6f 6d 65 77 68 65 72 65 31 12 30 | ....Somewhere1.0 0a0 | 10 06 03 55 04 0a 13 09 54 65 73 74 20 49 6e 63 | ...U....Test Inc 0b0 | 2e 31 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 09 01 | .1.0...*.H...... 0c0 | 16 0d 54 65 73 74 40 74 65 73 74 2e 63 6f 6d 31 | ..Test@test.com1 0d0 | 23 30 21 06 03 55 04 03 13 1a 54 65 73 74 20 43 | #0!..U....Test C 0e0 | 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f | ertificate Autho 0f0 | 72 69 74 79 30 1e 17 0d 30 39 30 35 32 35 31 33 | rity0...09052513 100 | 30 32 35 35 5a 17 0d 31 30 30 35 32 35 31 33 30 | 0255Z..100525130 110 | 32 35 35 5a 30 72 31 0b 30 09 06 03 55 04 06 13 | 255Z0r1.0...U... 120 | 02 46 52 31 0f 30 0d 06 03 55 04 08 13 06 52 61 | .FR1.0...U....Ra 130 | 64 69 75 73 31 12 30 10 06 03 55 04 0a 13 09 54 | dius1.0...U....T 140 | 65 73 74 20 49 6e 63 2e 31 20 30 1e 06 03 55 04 | est Inc.1 0...U. 150 | 03 13 17 54 65 73 74 20 53 65 72 76 65 72 20 43 | ...Test Server C 160 | 65 72 74 69 66 69 63 61 74 65 31 1c 30 1a 06 09 | ertificate1.0... 170 | 2a 86 48 86 f7 0d 01 09 01 16 0d 54 65 73 74 40 | *.H........Test@ 180 | 74 65 73 74 2e 63 6f 6d 30 82 01 22 30 0d 06 09 | test.com0.."0... 190 | 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 | *.H............. 1a0 | 30 82 01 0a 02 82 01 01 00 eb 83 33 f4 fc dc 0e | 0..........3.... 1b0 | ca c4 e4 06 23 33 d2 ff 55 04 31 89 67 dd ba fd | ....#3..U.1.g... 1c0 | 5d aa d6 bf ce 8c c9 17 c5 80 e7 eb c9 c4 44 65 | ].............De 1d0 | 86 6f 59 ed 3e b4 21 c8 10 d3 d5 0f 8e 11 41 d7 | .oY.>.!.......A. 1e0 | 25 82 00 e7 30 b2 8a 15 a0 94 8b cc 3f 70 4a 76 | %...0.......?pJv 1f0 | ef e3 06 f9 f7 d1 5f 68 66 43 b3 91 c2 46 63 04 | ......_hfC...Fc. 200 | 79 19 6c a5 d3 91 dd c0 e1 16 25 dc 37 78 54 2e | y.l.......%.7xT. 210 | 3e 20 4c ab 06 a4 96 82 dd fa 60 3a 1c 20 54 82 | > L.......`:. T. 220 | c7 50 5d a6 85 b4 7c 7d 1e df f5 0a 36 3a 7e f4 | .P]...|}....6:~. 230 | 95 46 49 b6 9f bc 9c 43 82 fa 21 c8 90 e9 9b 50 | .FI....C..!....P 240 | 86 c9 d8 41 a0 04 ca 19 a4 b9 38 18 07 ae 1c 23 | ...A......8....# 250 | 22 ac cf 50 8f 8f d4 26 a3 1c d9 46 a3 9c ec 1f | "..P...&...F.... 260 | 62 85 d2 12 f0 51 29 7e 8e cc 1c d4 59 48 7d 77 | b....Q)~....YH}w 270 | 2c d6 13 92 03 9b 99 42 a0 44 60 03 ac 97 ab 5f | ,......B.D`...._ 280 | 4b 02 21 3b de c2 ff 86 7e 0c bc de 5b d0 1f 2c | K.!;....~...[.., 290 | 0b c4 fd ee d2 2d dd 64 4e 4e 3c 83 d0 be f9 85 | .....-.dNN<..... 2a0 | ce 45 1e a7 da 54 c8 0f 7d 02 03 01 00 01 a3 17 | .E...T..}....... 2b0 | 30 15 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b | 0.0...U.%..0...+ 2c0 | 06 01 05 05 07 03 01 30 0d 06 09 2a 86 48 86 f7 | .......0...*.H.. 2d0 | 0d 01 01 04 05 00 03 82 01 01 00 15 7d 57 a0 27 | ............}W.' 2e0 | 11 81 06 52 9d a2 e1 df 1f 6e 3c c2 ee 61 c9 b7 | ...R.....n<..a.. 2f0 | 90 7d d3 c3 1d cf b5 18 2b b2 ba 9f 02 9a f2 7f | .}......+....... 300 | 72 20 79 66 2f bb cd 95 57 aa c8 28 d9 ac a8 89 | r yf/...W..(.... 310 | b5 1a 29 bd b4 a2 24 3b b8 71 e5 75 2d e8 04 c7 | ..)...$;.q.u-... 320 | 97 ad f0 6f 36 d6 4d 4d c9 57 db ba 0e 43 60 e4 | ...o6.MM.W...C`. 330 | d1 10 9d 8f ba 0b b2 7b bc 5f e0 6d 39 68 83 e0 | .......{._.m9h.. 340 | 96 e9 0b 29 cf fd a7 bf ef a6 46 32 f3 1a 12 77 | ...)......F2...w 350 | cc 79 a8 71 e4 8d a1 16 5d c6 14 1b 15 cc c2 c4 | .y.q....]....... 360 | 35 f4 1f fe 99 94 50 09 a2 91 b3 d5 c9 4c 1b e4 | 5.....P......L.. 370 | 3b 15 aa e0 53 1a f6 01 6c 4e 2d 8d 44 f3 29 81 | ;...S...lN-.D.). 380 | c5 cf e5 78 e0 bc e6 df 5f d0 19 c2 91 21 3d e0 | ...x...._....!=. 390 | fa 5c fc 99 f9 8c dd e6 8d eb 0a a7 c6 3b 03 9e | .\...........;.. 3a0 | 7c a7 58 40 65 d4 6c 25 7c 81 d7 1a 72 0a 64 56 | |.X@e.l%|...r.dV 3b0 | 21 73 ce 09 c2 a4 a9 74 ab c2 87 22 1f 6c 51 ac | !s.....t...".lQ. 3c0 | 2a 5d 0e ab a9 d5 12 92 bf 1f 8b e4 71 86 be 9b | *]..........q... 3d0 | 20 6d c4 ee 59 05 a9 39 b0 81 2c 00 04 8d 30 82 | m..Y..9..,...0. 3e0 | 04 89 30 82 03 71 a0 03 02 01 02 02 09 00 d1 72 | ..0..q.........r 3f0 | e6 eb 33 65 80 7d 30 0d 06 09 2a | ..3e.}0...* [AUTH TYPE] --- SSL : SSLv3 read server hello A [AUTH TYPE] --- SSL : SSLv3 read server certificate A [AUTH TYPE] No data returned! [ALL] Sending TLS ACK! [sTATE] [backend_sm] REQUEST -> RESPONSE [ALL] Frame to be sent (24) : 000 | 00 1e 90 9d da 65 00 1c 25 cb 69 64 88 8e 02 00 | .....e..%.id.... 010 | 00 06 02 03 00 06 15 00 | ........ [sTATE] [backend_sm] RESPONSE -> RECEIVE [ALL] Got Frame (1042) : 000 | 00 1c 25 cb 69 64 00 1e 90 9d da 65 88 8e 02 00 | ..%.id.....e.... 010 | 04 00 01 04 04 00 15 c0 00 00 0a 81 86 48 86 f7 | .............H.. 020 | 0d 01 01 05 05 00 30 81 89 31 0b 30 09 06 03 55 | ......0..1.0...U 030 | 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 13 | ....FR1.0...U... 040 | 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 | .Radius1.0...U.. 050 | 13 09 53 6f 6d 65 77 68 65 72 65 31 12 30 10 06 | ..Somewhere1.0.. 060 | 03 55 04 0a 13 09 54 65 73 74 20 49 6e 63 2e 31 | .U....Test Inc.1 070 | 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 09 01 16 0d | .0...*.H........ 080 | 54 65 73 74 40 74 65 73 74 2e 63 6f 6d 31 23 30 | Test@test.com1#0 090 | 21 06 03 55 04 03 13 1a 54 65 73 74 20 43 65 72 | !..U....Test Cer 0a0 | 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 | tificate Authori 0b0 | 74 79 30 1e 17 0d 30 39 30 35 32 35 31 33 30 32 | ty0...0905251302 0c0 | 35 35 5a 17 0d 31 30 30 35 32 35 31 33 30 32 35 | 55Z..10052513025 0d0 | 35 5a 30 81 89 31 0b 30 09 06 03 55 04 06 13 02 | 5Z0..1.0...U.... 0e0 | 46 52 31 0f 30 0d 06 03 55 04 08 13 06 52 61 64 | FR1.0...U....Rad 0f0 | 69 75 73 31 12 30 10 06 03 55 04 07 13 09 53 6f | ius1.0...U....So 100 | 6d 65 77 68 65 72 65 31 12 30 10 06 03 55 04 0a | mewhere1.0...U.. 110 | 13 09 54 65 73 74 20 49 6e 63 2e 31 1c 30 1a 06 | ..Test Inc.1.0.. 120 | 09 2a 86 48 86 f7 0d 01 09 01 16 0d 54 65 73 74 | .*.H........Test 130 | 40 74 65 73 74 2e 63 6f 6d 31 23 30 21 06 03 55 | @test.com1#0!..U 140 | 04 03 13 1a 54 65 73 74 20 43 65 72 74 69 66 69 | ....Test Certifi 150 | 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 82 | cate Authority0. 160 | 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 | ."0...*.H....... 170 | 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 e3 | ......0......... 180 | d5 48 92 73 e0 0c 96 bb c4 b0 36 1e 97 9c a1 b9 | .H.s......6..... 190 | 6d d1 73 d2 bb 43 5c 7a d1 47 ac 79 6b 54 e8 a5 | m.s..C\z.G.ykT.. 1a0 | be 50 11 ca 77 53 d5 e9 03 46 d1 2f 30 46 f7 45 | .P..wS...F./0F.E 1b0 | 7c 14 c1 65 af 4e 7c 9b 27 a3 73 b3 97 b0 65 69 | |..e.N|.'.s...ei 1c0 | c4 fc 3f 70 f3 2d ec 42 a3 33 af c8 ee 2a 42 f7 | ..?p.-.B.3...*B. 1d0 | 9c 8c 67 3f 03 fc df 29 d6 35 b3 83 8e ac 56 06 | ..g?...).5....V. 1e0 | 69 75 18 7d 78 54 89 9d 10 fd 3e 24 24 61 03 76 | iu.}xT....>$$a.v 1f0 | 51 7e 3b 2a 6d de a5 d2 37 e9 7a 06 8a a5 6e 27 | Q~;*m...7.z...n' 200 | 69 39 19 fc ef be 88 bd 44 af 3d 65 9f 65 8d 22 | i9......D.=e.e." 210 | c7 65 a6 40 1d ed 3d ca 60 5b e9 45 63 08 4c c8 | .e.@..=.`[.Ec.L. 220 | f3 0d 5f 57 5c 82 a6 7d d8 3d 9d 54 86 f0 b4 19 | .._W\..}.=.T.... 230 | 53 d3 8f b8 ab a7 ec 1d 9f ed c2 a9 78 dd 45 97 | S...........x.E. 240 | 11 1f 03 7a 9b b6 68 c4 98 65 79 ab c6 a1 4f bb | ...z..h..ey...O. 250 | 64 7e 5b 21 65 ee e4 d3 dd a2 93 b4 14 ba b1 1b | d~[!e........... 260 | 2b 58 51 5a 56 38 7e 06 7a af 4c 5c 7a f0 6e cc | +XQZV8~.z.L\z.n. 270 | 00 91 74 9f f6 be e1 11 87 34 20 42 9f 7c a5 02 | ..t......4 B.|.. 280 | 03 01 00 01 a3 81 f1 30 81 ee 30 1d 06 03 55 1d | .......0..0...U. 290 | 0e 04 16 04 14 65 b5 82 a2 d1 e3 bf 81 d9 08 7b | .....e.........{ 2a0 | df d0 34 34 d1 ca 05 2a 3b 30 81 be 06 03 55 1d | ..44...*;0....U. 2b0 | 23 04 81 b6 30 81 b3 80 14 65 b5 82 a2 d1 e3 bf | #...0....e...... 2c0 | 81 d9 08 7b df d0 34 34 d1 ca 05 2a 3b a1 81 8f | ...{..44...*;... 2d0 | a4 81 8c 30 81 89 31 0b 30 09 06 03 55 04 06 13 | ...0..1.0...U... 2e0 | 02 46 52 31 0f 30 0d 06 03 55 04 08 13 06 52 61 | .FR1.0...U....Ra 2f0 | 64 69 75 73 31 12 30 10 06 03 55 04 07 13 09 53 | dius1.0...U....S 300 | 6f 6d 65 77 68 65 72 65 31 12 30 10 06 03 55 04 | omewhere1.0...U. 310 | 0a 13 09 54 65 73 74 20 49 6e 63 2e 31 1c 30 1a | ...Test Inc.1.0. 320 | 06 09 2a 86 48 86 f7 0d 01 09 01 16 0d 54 65 73 | ..*.H........Tes 330 | 74 40 74 65 73 74 2e 63 6f 6d 31 23 30 21 06 03 | t@test.com1#0!.. 340 | 55 04 03 13 1a 54 65 73 74 20 43 65 72 74 69 66 | U....Test Certif 350 | 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 82 | icate Authority. 360 | 09 00 d1 72 e6 eb 33 65 80 7d 30 0c 06 03 55 1d | ...r..3e.}0...U. 370 | 13 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 | ...0....0...*.H. 380 | f7 0d 01 01 05 05 00 03 82 01 01 00 01 6a f7 b0 | .............j.. 390 | a9 b3 e2 72 df 2c 14 3b 37 67 23 5a af fa b7 b0 | ...r.,.;7g#Z.... 3a0 | c2 4b 68 ae a1 0a 2a 0d 15 f2 72 5d 0b ab dd 27 | .Kh...*...r]...' 3b0 | 07 b2 d1 c2 ff 45 70 b9 38 e1 1d f4 ad 91 5a ba | .....Ep.8.....Z. 3c0 | 98 13 40 2e c4 92 9b e3 b0 fc 07 d5 12 ba d7 b0 | ..@............. 3d0 | 7e 4c f9 63 38 ae fa 8b aa 4c a5 e4 6c 5a 4c 66 | ~L.c8....L..lZLf 3e0 | c5 7f 3c 67 e0 ac 68 29 f2 73 2f f2 7c a3 9f 1b | ..<g..h).s/.|... 3f0 | 5b 86 6a b1 53 3f 0b d5 54 7a 7d 21 2d a4 10 e6 | [.j.S?..Tz}!-... 400 | f2 f1 48 b4 23 71 80 3a b7 7f 54 40 50 27 f6 b6 | ..H.#q.:..T@P'.. 410 | c0 bc | .. [ALL] Got EAP-Request for type 21 (EAP_TTLS). [ALL] Got EAP-Request-Authentication. [sTATE] [backend_sm] RECEIVE -> REQUEST [ALL] Got EAP-Request for type 21 (EAP_TTLS). [ALL] Got EAP-Request-Authentication. [sTATE] Building EAPOL-Response-Authentication [AUTH TYPE] Packet in (1019) : 000 | c0 00 00 0a 81 86 48 86 f7 0d 01 01 05 05 00 30 | ......H........0 010 | 81 89 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 | ..1.0...U....FR1 020 | 0f 30 0d 06 03 55 04 08 13 06 52 61 64 69 75 73 | .0...U....Radius 030 | 31 12 30 10 06 03 55 04 07 13 09 53 6f 6d 65 77 | 1.0...U....Somew 040 | 68 65 72 65 31 12 30 10 06 03 55 04 0a 13 09 54 | here1.0...U....T 050 | 65 73 74 20 49 6e 63 2e 31 1c 30 1a 06 09 2a 86 | est Inc.1.0...*. 060 | 48 86 f7 0d 01 09 01 16 0d 54 65 73 74 40 74 65 | H........Test@te 070 | 73 74 2e 63 6f 6d 31 23 30 21 06 03 55 04 03 13 | st.com1#0!..U... 080 | 1a 54 65 73 74 20 43 65 72 74 69 66 69 63 61 74 | .Test Certificat 090 | 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 30 | e Authority0...0 0a0 | 39 30 35 32 35 31 33 30 32 35 35 5a 17 0d 31 30 | 90525130255Z..10 0b0 | 30 35 32 35 31 33 30 32 35 35 5a 30 81 89 31 0b | 0525130255Z0..1. 0c0 | 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 | 0...U....FR1.0.. 0d0 | 03 55 04 08 13 06 52 61 64 69 75 73 31 12 30 10 | .U....Radius1.0. 0e0 | 06 03 55 04 07 13 09 53 6f 6d 65 77 68 65 72 65 | ..U....Somewhere 0f0 | 31 12 30 10 06 03 55 04 0a 13 09 54 65 73 74 20 | 1.0...U....Test 100 | 49 6e 63 2e 31 1c 30 1a 06 09 2a 86 48 86 f7 0d | Inc.1.0...*.H... 110 | 01 09 01 16 0d 54 65 73 74 40 74 65 73 74 2e 63 | .....Test@test.c 120 | 6f 6d 31 23 30 21 06 03 55 04 03 13 1a 54 65 73 | om1#0!..U....Tes 130 | 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 | t Certificate Au 140 | 74 68 6f 72 69 74 79 30 82 01 22 30 0d 06 09 2a | thority0.."0...* 150 | 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 | .H.............0 160 | 82 01 0a 02 82 01 01 00 e3 d5 48 92 73 e0 0c 96 | ..........H.s... 170 | bb c4 b0 36 1e 97 9c a1 b9 6d d1 73 d2 bb 43 5c | ...6.....m.s..C\ 180 | 7a d1 47 ac 79 6b 54 e8 a5 be 50 11 ca 77 53 d5 | z.G.ykT...P..wS. 190 | e9 03 46 d1 2f 30 46 f7 45 7c 14 c1 65 af 4e 7c | ..F./0F.E|..e.N| 1a0 | 9b 27 a3 73 b3 97 b0 65 69 c4 fc 3f 70 f3 2d ec | .'.s...ei..?p.-. 1b0 | 42 a3 33 af c8 ee 2a 42 f7 9c 8c 67 3f 03 fc df | B.3...*B...g?... 1c0 | 29 d6 35 b3 83 8e ac 56 06 69 75 18 7d 78 54 89 | ).5....V.iu.}xT. 1d0 | 9d 10 fd 3e 24 24 61 03 76 51 7e 3b 2a 6d de a5 | ...>$$a.vQ~;*m.. 1e0 | d2 37 e9 7a 06 8a a5 6e 27 69 39 19 fc ef be 88 | .7.z...n'i9..... 1f0 | bd 44 af 3d 65 9f 65 8d 22 c7 65 a6 40 1d ed 3d | .D.=e.e.".e.@..= 200 | ca 60 5b e9 45 63 08 4c c8 f3 0d 5f 57 5c 82 a6 | .`[.Ec.L..._W\.. 210 | 7d d8 3d 9d 54 86 f0 b4 19 53 d3 8f b8 ab a7 ec | }.=.T....S...... 220 | 1d 9f ed c2 a9 78 dd 45 97 11 1f 03 7a 9b b6 68 | .....x.E....z..h 230 | c4 98 65 79 ab c6 a1 4f bb 64 7e 5b 21 65 ee e4 | ..ey...O.d~[!e.. 240 | d3 dd a2 93 b4 14 ba b1 1b 2b 58 51 5a 56 38 7e | .........+XQZV8~ 250 | 06 7a af 4c 5c 7a f0 6e cc 00 91 74 9f f6 be e1 | .z.L\z.n...t.... 260 | 11 87 34 20 42 9f 7c a5 02 03 01 00 01 a3 81 f1 | ..4 B.|......... 270 | 30 81 ee 30 1d 06 03 55 1d 0e 04 16 04 14 65 b5 | 0..0...U......e. 280 | 82 a2 d1 e3 bf 81 d9 08 7b df d0 34 34 d1 ca 05 | ........{..44... 290 | 2a 3b 30 81 be 06 03 55 1d 23 04 81 b6 30 81 b3 | *;0....U.#...0.. 2a0 | 80 14 65 b5 82 a2 d1 e3 bf 81 d9 08 7b df d0 34 | ..e.........{..4 2b0 | 34 d1 ca 05 2a 3b a1 81 8f a4 81 8c 30 81 89 31 | 4...*;......0..1 2c0 | 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d | .0...U....FR1.0. 2d0 | 06 03 55 04 08 13 06 52 61 64 69 75 73 31 12 30 | ..U....Radius1.0 2e0 | 10 06 03 55 04 07 13 09 53 6f 6d 65 77 68 65 72 | ...U....Somewher 2f0 | 65 31 12 30 10 06 03 55 04 0a 13 09 54 65 73 74 | e1.0...U....Test 300 | 20 49 6e 63 2e 31 1c 30 1a 06 09 2a 86 48 86 f7 | Inc.1.0...*.H.. 310 | 0d 01 09 01 16 0d 54 65 73 74 40 74 65 73 74 2e | ......Test@test. 320 | 63 6f 6d 31 23 30 21 06 03 55 04 03 13 1a 54 65 | com1#0!..U....Te 330 | 73 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 | st Certificate A 340 | 75 74 68 6f 72 69 74 79 82 09 00 d1 72 e6 eb 33 | uthority....r..3 350 | 65 80 7d 30 0c 06 03 55 1d 13 04 05 30 03 01 01 | e.}0...U....0... 360 | ff 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 | .0...*.H........ 370 | 03 82 01 01 00 01 6a f7 b0 a9 b3 e2 72 df 2c 14 | ......j.....r.,. 380 | 3b 37 67 23 5a af fa b7 b0 c2 4b 68 ae a1 0a 2a | ;7g#Z.....Kh...* 390 | 0d 15 f2 72 5d 0b ab dd 27 07 b2 d1 c2 ff 45 70 | ...r]...'.....Ep 3a0 | b9 38 e1 1d f4 ad 91 5a ba 98 13 40 2e c4 92 9b | .8.....Z...@.... 3b0 | e3 b0 fc 07 d5 12 ba d7 b0 7e 4c f9 63 38 ae fa | .........~L.c8.. 3c0 | 8b aa 4c a5 e4 6c 5a 4c 66 c5 7f 3c 67 e0 ac 68 | ..L..lZLf..<g..h 3d0 | 29 f2 73 2f f2 7c a3 9f 1b 5b 86 6a b1 53 3f 0b | ).s/.|...[.j.S?. 3e0 | d5 54 7a 7d 21 2d a4 10 e6 f2 f1 48 b4 23 71 80 | .Tz}!-.....H.#q. 3f0 | 3a b7 7f 54 40 50 27 f6 b6 c0 bc | :..T@P'.... [AUTH TYPE] --- SSL : SSLv3 read server certificate A [AUTH TYPE] No data returned! [ALL] Sending TLS ACK! [sTATE] [backend_sm] REQUEST -> RESPONSE [ALL] Frame to be sent (24) : 000 | 00 1e 90 9d da 65 00 1c 25 cb 69 64 88 8e 02 00 | .....e..%.id.... 010 | 00 06 02 04 00 06 15 00 | ........ [sTATE] [backend_sm] RESPONSE -> RECEIVE [ALL] Got Frame (689) : 000 | 00 1c 25 cb 69 64 00 1e 90 9d da 65 88 8e 02 00 | ..%.id.....e.... 010 | 02 9f 01 05 02 9f 15 80 00 00 0a 81 94 9f 63 3b | ..............c; 020 | 3e 27 ef f6 c8 a0 e4 66 4f 61 70 b9 67 1c 73 34 | >'.....fOap.g.s4 030 | 6e 88 a0 a6 cd 86 81 2f 48 d3 0d 9a 9a c2 b7 20 | n....../H...... 040 | b2 f3 ef 36 43 5a 21 f0 5e 3b 7f 89 84 82 4a e8 | ...6CZ!.^;....J. 050 | 4b a1 b2 06 87 44 0f 66 43 31 f6 42 4e ea d0 d4 | K....D.fC1.BN... 060 | 87 c9 ae f5 65 96 82 77 68 8c bc 38 36 4f 5a af | ....e..wh..86OZ. 070 | b8 91 f6 5b bf 3f 53 7d 09 94 bf b0 71 88 16 ad | ...[.?S}....q... 080 | 5e 36 a6 e5 44 91 c3 6b 69 10 78 09 01 e7 e3 4c | ^6..D..ki.x....L 090 | 54 ec 7c 92 90 32 16 03 01 02 0d 0c 00 02 09 00 | T.|..2.......... 0a0 | 80 d1 ae f8 6b e9 cc 76 06 1c 1a dd 1f 95 55 27 | ....k..v......U' 0b0 | 57 31 44 7a 62 b0 48 a5 dc 3b 67 c8 71 8c f9 31 | W1Dzb.H..;g.q..1 0c0 | 98 b8 8f b9 f8 c7 c3 c5 6e fc 85 ed a6 8d 94 4d | ........n......M 0d0 | e9 a0 38 22 e0 57 d6 e6 7c 9b fa 1e fb 92 34 9a | ..8".W..|.....4. 0e0 | 4f e6 7b 80 3d 74 20 cf a4 3a bc 10 56 1c 7c 3d | O.{.=t ..:..V.|= 0f0 | 66 e4 1e 9e 75 41 ac 7b 89 ea 70 2b ae 74 c1 92 | f...uA.{..p+.t.. 100 | 18 83 46 24 3b 87 a9 a8 44 e0 ba c2 b6 ee ae 49 | ..F$;...D......I 110 | 3a 5a 48 d6 e5 88 be 9a 31 59 5e ae fb 25 c5 0d | :ZH.....1Y^..%.. 120 | 8b 00 01 02 00 80 2d da cb 61 18 c8 75 6d de da | ......-..a..um.. 130 | 9c 21 f6 7f 04 0b 91 ba 6c 9f b0 7d 2e b6 1d cf | .!......l..}.... 140 | ff 33 7f b8 71 38 b4 42 eb e7 1c db 6b 1b 2b 64 | .3..q8.B....k.+d 150 | b7 11 85 6d e2 dc d9 4b b2 6b c9 8b 98 cf 81 52 | ...m...K.k.....R 160 | 79 9b 00 87 7a fd 32 7f b7 15 9e 68 ee 20 0a 04 | y...z.2....h. .. 170 | 5d cf 3a 05 ec fe 6d 11 22 40 a0 c5 06 ff 25 f4 | ].:...m."@....%. 180 | b8 48 3e ca ef 9c 29 cf 0e ba a3 15 3f f0 b1 f9 | .H>...).....?... 190 | 29 02 50 79 a1 e4 1d 93 54 60 ef 8f 68 d1 7e 90 | ).Py....T`..h.~. 1a0 | 40 dd 61 9c 7c 23 01 00 cb 24 4e 08 f2 35 b0 42 | @.a.|#...$N..5.B 1b0 | 02 a8 f2 f1 6e db 82 af 47 0b c0 7c 40 ae 91 1b | ....n...G..|@... 1c0 | 46 d0 71 eb 20 19 5b ce 69 ff cb 8d 33 97 b5 97 | F.q. .[.i...3... 1d0 | ff 20 93 d1 14 84 78 bc da 9d 35 77 38 12 14 ce | . ....x...5w8... 1e0 | 1e a7 66 95 33 3d dc 04 82 3e 21 24 f9 29 d3 d3 | ..f.3=...>!$.).. 1f0 | 9d f9 90 8f b3 0c 70 4f d0 3d cb 3e 5c 42 d4 89 | ......pO.=.>\B.. 200 | 8c 9d 2d 9b ee dc c5 24 da 42 93 6f 52 bf 1c f5 | ..-....$.B.oR... 210 | 11 a7 cf 1b 91 a4 40 c1 1b c5 da d4 ee c6 e6 e1 | ......@......... 220 | 08 db d3 1b 92 cf 24 63 af a0 d7 36 19 3d 26 f3 | ......$c...6.=&. 230 | 2a 68 5a 58 38 72 0e 39 81 95 4d 80 39 d1 13 8f | *hZX8r.9..M.9... 240 | a9 6e 87 1a e5 04 02 6f 0f 12 1a ba df 68 52 73 | .n.....o.....hRs 250 | d9 63 b5 6b 7a 58 3c 6d 48 01 28 9d bb c6 c8 4f | .c.kzX<mH.(....O 260 | c7 0c 8f a9 7d 62 3a 33 f5 60 5a 5d a4 6d 98 59 | ....}b:3.`Z].m.Y 270 | c4 a2 5a c3 2c 29 6c d8 ac ef f3 a3 e9 dd eb cf | ..Z.,)l......... 280 | 19 ad 73 34 e0 68 e2 0e ff e3 4a 62 bd c8 03 56 | ..s4.h....Jb...V 290 | 17 ac 5b 6f 5f b6 22 91 19 6d ed 2f db 65 b4 28 | ..[o_."..m./.e.( 2a0 | be 83 82 14 df 91 70 90 16 03 01 00 04 0e 00 00 | ......p......... 2b0 | 00 | . [ALL] Got EAP-Request for type 21 (EAP_TTLS). [ALL] Got EAP-Request-Authentication. [sTATE] [backend_sm] RECEIVE -> REQUEST [ALL] Got EAP-Request for type 21 (EAP_TTLS). [ALL] Got EAP-Request-Authentication. [sTATE] Building EAPOL-Response-Authentication [AUTH TYPE] Packet in (666) : 000 | 80 00 00 0a 81 94 9f 63 3b 3e 27 ef f6 c8 a0 e4 | .......c;>'..... 010 | 66 4f 61 70 b9 67 1c 73 34 6e 88 a0 a6 cd 86 81 | fOap.g.s4n...... 020 | 2f 48 d3 0d 9a 9a c2 b7 20 b2 f3 ef 36 43 5a 21 | /H...... ...6CZ! 030 | f0 5e 3b 7f 89 84 82 4a e8 4b a1 b2 06 87 44 0f | .^;....J.K....D. 040 | 66 43 31 f6 42 4e ea d0 d4 87 c9 ae f5 65 96 82 | fC1.BN.......e.. 050 | 77 68 8c bc 38 36 4f 5a af b8 91 f6 5b bf 3f 53 | wh..86OZ....[.?S 060 | 7d 09 94 bf b0 71 88 16 ad 5e 36 a6 e5 44 91 c3 | }....q...^6..D.. 070 | 6b 69 10 78 09 01 e7 e3 4c 54 ec 7c 92 90 32 16 | ki.x....LT.|..2. 080 | 03 01 02 0d 0c 00 02 09 00 80 d1 ae f8 6b e9 cc | .............k.. 090 | 76 06 1c 1a dd 1f 95 55 27 57 31 44 7a 62 b0 48 | v......U'W1Dzb.H 0a0 | a5 dc 3b 67 c8 71 8c f9 31 98 b8 8f b9 f8 c7 c3 | ..;g.q..1....... 0b0 | c5 6e fc 85 ed a6 8d 94 4d e9 a0 38 22 e0 57 d6 | .n......M..8".W. 0c0 | e6 7c 9b fa 1e fb 92 34 9a 4f e6 7b 80 3d 74 20 | .|.....4.O.{.=t 0d0 | cf a4 3a bc 10 56 1c 7c 3d 66 e4 1e 9e 75 41 ac | ..:..V.|=f...uA. 0e0 | 7b 89 ea 70 2b ae 74 c1 92 18 83 46 24 3b 87 a9 | {..p+.t....F$;.. 0f0 | a8 44 e0 ba c2 b6 ee ae 49 3a 5a 48 d6 e5 88 be | .D......I:ZH.... 100 | 9a 31 59 5e ae fb 25 c5 0d 8b 00 01 02 00 80 2d | .1Y^..%........- 110 | da cb 61 18 c8 75 6d de da 9c 21 f6 7f 04 0b 91 | ..a..um...!..... 120 | ba 6c 9f b0 7d 2e b6 1d cf ff 33 7f b8 71 38 b4 | .l..}.....3..q8. 130 | 42 eb e7 1c db 6b 1b 2b 64 b7 11 85 6d e2 dc d9 | B....k.+d...m... 140 | 4b b2 6b c9 8b 98 cf 81 52 79 9b 00 87 7a fd 32 | K.k.....Ry...z.2 150 | 7f b7 15 9e 68 ee 20 0a 04 5d cf 3a 05 ec fe 6d | ....h. ..].:...m 160 | 11 22 40 a0 c5 06 ff 25 f4 b8 48 3e ca ef 9c 29 | ."@....%..H>...) 170 | cf 0e ba a3 15 3f f0 b1 f9 29 02 50 79 a1 e4 1d | .....?...).Py... 180 | 93 54 60 ef 8f 68 d1 7e 90 40 dd 61 9c 7c 23 01 | .T`..h.~.@.a.|#. 190 | 00 cb 24 4e 08 f2 35 b0 42 02 a8 f2 f1 6e db 82 | ..$N..5.B....n.. 1a0 | af 47 0b c0 7c 40 ae 91 1b 46 d0 71 eb 20 19 5b | .G..|@...F.q. .[ 1b0 | ce 69 ff cb 8d 33 97 b5 97 ff 20 93 d1 14 84 78 | .i...3.... ....x 1c0 | bc da 9d 35 77 38 12 14 ce 1e a7 66 95 33 3d dc | ...5w8.....f.3=. 1d0 | 04 82 3e 21 24 f9 29 d3 d3 9d f9 90 8f b3 0c 70 | ..>!$.)........p 1e0 | 4f d0 3d cb 3e 5c 42 d4 89 8c 9d 2d 9b ee dc c5 | O.=.>\B....-.... 1f0 | 24 da 42 93 6f 52 bf 1c f5 11 a7 cf 1b 91 a4 40 | $.B.oR.........@ 200 | c1 1b c5 da d4 ee c6 e6 e1 08 db d3 1b 92 cf 24 | ...............$ 210 | 63 af a0 d7 36 19 3d 26 f3 2a 68 5a 58 38 72 0e | c...6.=&.*hZX8r. 220 | 39 81 95 4d 80 39 d1 13 8f a9 6e 87 1a e5 04 02 | 9..M.9....n..... 230 | 6f 0f 12 1a ba df 68 52 73 d9 63 b5 6b 7a 58 3c | o.....hRs.c.kzX< 240 | 6d 48 01 28 9d bb c6 c8 4f c7 0c 8f a9 7d 62 3a | mH.(....O....}b: 250 | 33 f5 60 5a 5d a4 6d 98 59 c4 a2 5a c3 2c 29 6c | 3.`Z].m.Y..Z.,)l 260 | d8 ac ef f3 a3 e9 dd eb cf 19 ad 73 34 e0 68 e2 | ...........s4.h. 270 | 0e ff e3 4a 62 bd c8 03 56 17 ac 5b 6f 5f b6 22 | ...Jb...V..[o_." 280 | 91 19 6d ed 2f db 65 b4 28 be 83 82 14 df 91 70 | ..m./.e.(......p 290 | 90 16 03 01 00 04 0e 00 00 00 | .......... [AUTH TYPE] --- SSL_verify : depth 1 [AUTH TYPE] --- SSL_verify : depth 0 [AUTH TYPE] --- SSL : SSLv3 read server certificate A [AUTH TYPE] --- SSL : SSLv3 read server key exchange A [AUTH TYPE] --- SSL : SSLv3 read server done A [AUTH TYPE] --- SSL : SSLv3 write client key exchange A [AUTH TYPE] --- SSL : SSLv3 write change cipher spec A [AUTH TYPE] --- SSL : SSLv3 write finished A [AUTH TYPE] --- SSL : SSLv3 flush data [AUTH TYPE] --- SSL : unknown state [sTATE] [backend_sm] REQUEST -> RESPONSE [ALL] Frame to be sent (226) : 000 | 00 1e 90 9d da 65 00 1c 25 cb 69 64 88 8e 02 00 | .....e..%.id.... 010 | 00 d0 02 05 00 d0 15 80 00 00 00 c6 16 03 01 00 | ................ 020 | 86 10 00 00 82 00 80 4a 1e 5d 67 f9 55 d5 97 c8 | .......J.]g.U... 030 | 1c a1 48 12 e0 63 16 6b 76 18 e3 76 e5 b0 f6 64 | ..H..c.kv..v...d 040 | bb c9 c5 c8 f4 93 6e 88 76 93 f4 10 f9 e4 8a 84 | ......n.v....... 050 | 83 65 0e c0 67 6e 27 9b d6 5e ac 34 6b 49 50 83 | .e..gn'..^.4kIP. 060 | c6 f1 f3 a2 46 79 5c eb 64 2e 9e c9 22 87 0e 25 | ....Fy\.d..."..% 070 | d3 03 82 a7 fc 36 2d 55 a6 fa be 5c d3 9a 60 23 | .....6-U...\..`# 080 | d7 66 80 d6 e7 b0 c4 9c c3 a9 39 79 c5 b9 b6 1b | .f........9y.... 090 | 6f b8 5b 2e ac d7 27 cf 6d 36 ef 2f 5d 59 84 09 | o.[...'.m6./]Y.. 0a0 | 26 11 58 76 ac a4 9f 14 03 01 00 01 01 16 03 01 | &.Xv............ 0b0 | 00 30 be b6 b0 3a 7c a7 bc dc 8f 7e 73 05 ae a5 | .0.......~s... 0c0 | 93 33 99 a3 bb 71 2a b4 6d 29 d7 cd b5 77 3d d6 | .3...q*.m)...w=. 0d0 | d9 45 1e a8 30 d5 45 7d bb 38 93 0d 45 a6 21 1c | .E..0.E}.8..E.!. 0e0 | f9 ec | .. [sTATE] [backend_sm] RESPONSE -> RECEIVE [ALL] Got Frame (262) : 000 | 00 1c 25 cb 69 64 00 1e 90 9d da 65 88 8e 02 00 | ..%.id.....e.... 010 | 00 f4 01 06 00 f4 15 80 00 00 00 ea 16 03 01 00 | ................ 020 | aa 04 00 00 a6 00 00 00 00 00 a0 93 54 2c 20 81 | ............T, . 030 | df a3 8c c9 94 d7 7f 85 c4 c1 2c 4f 0b 45 61 83 | ..........,O.Ea. 040 | e9 15 a9 a6 ea f2 41 c9 f9 40 ee 64 0c ea a5 4a | ......A..@.d...J 050 | b3 61 e9 e8 06 60 dc 2a 1e 4a 4f 75 4f f2 75 57 | .a...`.*.JOuO.uW 060 | 69 14 25 c9 ee c1 29 52 52 da b3 f1 33 bd f1 b1 | i.%...)RR...3... 070 | 04 91 27 ea a6 cd ed ff 1d 35 5d fd f2 34 a1 79 | ..'......5]..4.y 080 | 99 9b 13 57 85 33 80 73 0f 4e d9 0e 18 15 aa 23 | ...W.3.s.N.....# 090 | a8 62 1b 08 5c 35 13 e0 07 6d 58 29 23 bd c8 23 | .b..\5...mX)#..# 0a0 | 9c 39 ca ef 46 93 95 7f 38 4c 0e 4a c0 8f 74 c8 | .9..F...8L.J..t. 0b0 | 39 bf ab 58 f1 f9 c8 5f 8e f9 cc 73 cc 01 19 5b | 9..X..._...s...[ 0c0 | 67 b5 c5 18 94 41 24 92 39 1c 9f 14 03 01 00 01 | g....A$.9....... 0d0 | 01 16 03 01 00 30 12 2a 6c e7 34 c2 4f 42 5b 0c | .....0.*l.4.OB[. 0e0 | e1 6f f1 eb 9e 04 af 15 ff 56 cf b2 84 d1 33 a9 | .o.......V....3. 0f0 | d7 7b fe 84 a9 d2 07 3b f7 fd 48 8d 4a 2c 4f 34 | .{.....;..H.J,O4 100 | 09 1a 65 5e b6 d3 | ..e^.. [ALL] Got EAP-Request for type 21 (EAP_TTLS). [ALL] Got EAP-Request-Authentication. [sTATE] [backend_sm] RECEIVE -> REQUEST [ALL] Got EAP-Request for type 21 (EAP_TTLS). [ALL] Got EAP-Request-Authentication. [sTATE] Building EAPOL-Response-Authentication [AUTH TYPE] Packet in (239) : 000 | 80 00 00 00 ea 16 03 01 00 aa 04 00 00 a6 00 00 | ................ 010 | 00 00 00 a0 93 54 2c 20 81 df a3 8c c9 94 d7 7f | .....T, ........ 020 | 85 c4 c1 2c 4f 0b 45 61 83 e9 15 a9 a6 ea f2 41 | ...,O.Ea.......A 030 | c9 f9 40 ee 64 0c ea a5 4a b3 61 e9 e8 06 60 dc | ..@.d...J.a...`. 040 | 2a 1e 4a 4f 75 4f f2 75 57 69 14 25 c9 ee c1 29 | *.JOuO.uWi.%...) 050 | 52 52 da b3 f1 33 bd f1 b1 04 91 27 ea a6 cd ed | RR...3.....'.... 060 | ff 1d 35 5d fd f2 34 a1 79 99 9b 13 57 85 33 80 | ..5]..4.y...W.3. 070 | 73 0f 4e d9 0e 18 15 aa 23 a8 62 1b 08 5c 35 13 | s.N.....#.b..\5. 080 | e0 07 6d 58 29 23 bd c8 23 9c 39 ca ef 46 93 95 | ..mX)#..#.9..F.. 090 | 7f 38 4c 0e 4a c0 8f 74 c8 39 bf ab 58 f1 f9 c8 | .8L.J..t.9..X... 0a0 | 5f 8e f9 cc 73 cc 01 19 5b 67 b5 c5 18 94 41 24 | _...s...[g....A$ 0b0 | 92 39 1c 9f 14 03 01 00 01 01 16 03 01 00 30 12 | .9............0. 0c0 | 2a 6c e7 34 c2 4f 42 5b 0c e1 6f f1 eb 9e 04 af | *l.4.OB[..o..... 0d0 | 15 ff 56 cf b2 84 d1 33 a9 d7 7b fe 84 a9 d2 07 | ..V....3..{..... 0e0 | 3b f7 fd 48 8d 4a 2c 4f 34 09 1a 65 5e b6 d3 | ;..H.J,O4..e^.. [AUTH TYPE] --- SSL : unknown state [AUTH TYPE] --- SSL : SSLv3 read finished A [AUTH TYPE] --- SSL : SSL negotiation finished successfully [AUTH TYPE] --- SSL : SSL negotiation finished successfully [AUTH TYPE] No data returned! [AUTH TYPE] Encrypted Inner (234) : 000 | 16 03 01 00 aa 04 00 00 a6 00 00 00 00 00 a0 93 | ................ 010 | 54 2c 20 81 df a3 8c c9 94 d7 7f 85 c4 c1 2c 4f | T, ...........,O 020 | 0b 45 61 83 e9 15 a9 a6 ea f2 41 c9 f9 40 ee 64 | .Ea.......A..@.d 030 | 0c ea a5 4a b3 61 e9 e8 06 60 dc 2a 1e 4a 4f 75 | ...J.a...`.*.JOu 040 | 4f f2 75 57 69 14 25 c9 ee c1 29 52 52 da b3 f1 | O.uWi.%...)RR... 050 | 33 bd f1 b1 04 91 27 ea a6 cd ed ff 1d 35 5d fd | 3.....'......5]. 060 | f2 34 a1 79 99 9b 13 57 85 33 80 73 0f 4e d9 0e | .4.y...W.3.s.N.. 070 | 18 15 aa 23 a8 62 1b 08 5c 35 13 e0 07 6d 58 29 | ...#.b..\5...mX) 080 | 23 bd c8 23 9c 39 ca ef 46 93 95 7f 38 4c 0e 4a | #..#.9..F...8L.J 090 | c0 8f 74 c8 39 bf ab 58 f1 f9 c8 5f 8e f9 cc 73 | ..t.9..X..._...s 0a0 | cc 01 19 5b 67 b5 c5 18 94 41 24 92 39 1c 9f 14 | ...[g....A$.9... 0b0 | 03 01 00 01 01 16 03 01 00 30 12 2a 6c e7 34 c2 | .........0.*l.4. 0c0 | 4f 42 5b 0c e1 6f f1 eb 9e 04 af 15 ff 56 cf b2 | OB[..o.......V.. 0d0 | 84 d1 33 a9 d7 7b fe 84 a9 d2 07 3b f7 fd 48 8d | ..3..{.....;..H. 0e0 | 4a 2c 4f 34 09 1a 65 5e b6 d3 | J,O4..e^.. [AUTH TYPE] --- SSL : SSL negotiation finished successfully [AUTH TYPE] --- ALERT : decryption failed In tls_crypt.c, SSL_read(mytls_vars->ssl, out_data, 1000) failed. OpenSSL Error -- error:140D2081:SSL routines:TLS1_ENC:block cipher pad is wrong Library : SSL routines Function : TLS1_ENC Reason : block cipher pad is wrong [AUTH TYPE] Decrypted Inner (234) : [AUTH TYPE] (Hack) Acking for second inner phase packet! [sTATE] [backend_sm] REQUEST -> RESPONSE [ALL] Frame to be sent (24) : 000 | 00 1e 90 9d da 65 00 1c 25 cb 69 64 88 8e 02 00 | .....e..%.id.... 010 | 00 06 02 06 00 06 15 00 | ........ [sTATE] [backend_sm] RESPONSE -> RECEIVE [ALL] Got Frame (60) : 000 | 00 1c 25 cb 69 64 00 1e 90 9d da 65 88 8e 02 00 | ..%.id.....e.... 010 | 00 0a 01 07 00 0a 15 80 00 00 00 00 00 00 00 00 | ................ 020 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 030 | 00 00 00 00 00 00 00 00 00 00 00 00 | ............ [ALL] Got EAP-Request for type 21 (EAP_TTLS). [ALL] Got EAP-Request-Authentication. [sTATE] [backend_sm] RECEIVE -> REQUEST [ALL] Got EAP-Request for type 21 (EAP_TTLS). [ALL] Got EAP-Request-Authentication. [sTATE] Building EAPOL-Response-Authentication [AUTH TYPE] Packet in (5) : 000 | 80 00 00 00 00 | ..... [AUTH TYPE] Encrypted Inner (0) : [AUTH TYPE] Doing Phase 2 PAP! [AUTH TYPE] Phase 2 Username : test [AUTH TYPE] Returning from do_pap : 000 | 00 00 00 01 40 00 00 0c 74 65 73 74 00 00 00 02 | ....@...test.... 010 | 40 00 00 18 74 61 74 61 00 00 00 00 00 00 00 00 | @...tata........ 020 | 00 00 00 00 | .... [AUTH TYPE] Returning from (TTLS) do_phase2 : 000 | 00 17 03 01 00 40 f1 b0 10 6a 8c 80 8c f1 5e 72 | .....@...j....^r 010 | 04 66 22 af 83 0a 33 8f 54 b1 7c c5 81 85 38 ff | .f"...3.T.|...8. 020 | 8f 6f 9c c4 b8 70 31 16 cf 93 fa 4a 65 ac 19 f4 | .o...p1....Je... 030 | e9 0a 4c 88 d5 06 0d 62 d0 fc bb 82 b3 0a d3 bd | ..L....b........ 040 | 8f 16 ea 1c 4f 06 | ....O. [sTATE] [backend_sm] REQUEST -> RESPONSE [ALL] Frame to be sent (93) : 000 | 00 1e 90 9d da 65 00 1c 25 cb 69 64 88 8e 02 00 | .....e..%.id.... 010 | 00 4b 02 07 00 4b 15 00 17 03 01 00 40 f1 b0 10 | .K...K......@... 020 | 6a 8c 80 8c f1 5e 72 04 66 22 af 83 0a 33 8f 54 | j....^r.f"...3.T 030 | b1 7c c5 81 85 38 ff 8f 6f 9c c4 b8 70 31 16 cf | .|...8..o...p1.. 040 | 93 fa 4a 65 ac 19 f4 e9 0a 4c 88 d5 06 0d 62 d0 | ..Je.....L....b. 050 | fc bb 82 b3 0a d3 bd 8f 16 ea 1c 4f 06 | ...........O. [sTATE] [backend_sm] RESPONSE -> RECEIVE [ALL] Clock tick! authWhile=29 heldWhile=58 startWhen=28 curState=AUTHENTICATING [ALL] Got Frame (60) : 000 | 00 1c 25 cb 69 64 00 1e 90 9d da 65 88 8e 02 00 | ..%.id.....e.... 010 | 00 04 04 07 00 04 00 00 00 00 00 00 00 00 00 00 | ................ 020 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 030 | 00 00 00 00 00 00 00 00 00 00 00 00 | ............ [ALL] Got EAP-Failure! Failed to authenticate eth0 [ALL] (TLS-FUNCS) Cleaning up (possible after a failure)! [AUTH TYPE] (EAP-TLS) Freeing mytls_vars->ctx! [ALL] (EAP-TTLS) Failed. Resetting. Stats for Interface eth0 : EAPOL Frames RX : 8 EAPOL Frames TX : 8 EAPOL Starts TX : 1 EAPOL Logoff TX : 0 EAPOL Resp. ID TX : 1 EAPOL Resp. TX : 6 EAPOL Req. ID RX : 1 EAPOL Req. RX : 6 EAPOL Invalid Frame: 0 EAP Length Error : 0 Last EAPOL Version : 2 Last EAPOL Src. :00 1e 90 9d da 65 EAPOL Success : 0 EAPOL Failure : 1 Backend Timeouts : 0 [sTATE] [backend_sm] RECEIVE -> FAIL [sTATE] [backend_sm] FAIL -> IDLE [sTATE] Changing from AUTHENTICATING to HELD. [ALL] Clock tick! authWhile=28 heldWhile=59 startWhen=27 curState=HELD [ALL] Clock tick! authWhile=27 heldWhile=58 startWhen=26 curState=HELD [ALL] Clock tick! authWhile=26 heldWhile=57 startWhen=25 curState=HELD [ALL] Clock tick! authWhile=25 heldWhile=56 startWhen=24 curState=HELD [ALL] Clock tick! authWhile=24 heldWhile=55 startWhen=23 curState=HELD [ALL] Clock tick! authWhile=23 heldWhile=54 startWhen=22 curState=HELD [ALL] Clock tick! authWhile=22 heldWhile=53 startWhen=21 curState=HELD [ALL] Clock tick! authWhile=21 heldWhile=52 startWhen=20 curState=HELD [ALL] Clock tick! authWhile=20 heldWhile=51 startWhen=19 curState=HELD [ALL] Clock tick! authWhile=19 heldWhile=50 startWhen=18 curState=HELD [ALL] Clock tick! authWhile=18 heldWhile=49 startWhen=17 curState=HELD [ALL] Clock tick! authWhile=17 heldWhile=48 startWhen=16 curState=HELD [ALL] Clock tick! authWhile=16 heldWhile=47 startWhen=15 curState=HELD [ALL] Clock tick! authWhile=15 heldWhile=46 startWhen=14 curState=HELD [ALL] Clock tick! authWhile=14 heldWhile=45 startWhen=13 curState=HELD [ALL] Clock tick! authWhile=13 heldWhile=44 startWhen=12 curState=HELD [ALL] Clock tick! authWhile=12 heldWhile=43 startWhen=11 curState=HELD [ALL] Clock tick! authWhile=11 heldWhile=42 startWhen=10 curState=HELD [ALL] Clock tick! authWhile=10 heldWhile=41 startWhen=9 curState=HELD [ALL] Shutting down IPC socket! [iNT] Closing socket descriptor #5 [ALL] Doing statemachine cleanup! [ALL] Calling EAP-Cleanup! [ALL] (TLS-FUNCS) Cleaning up! [ALL] (TLS-FUNCS) Cleaning up (possible after a failure)! [AUTH TYPE] (EAP-TLS) Freeing session key const! [ALL] (EAP-TTLS) Cleaned up. [iNT] Sending Logoff for int eth0! [sTATE] Sending EAPOL-Logoff Frame. [ALL] Frame to be sent (18) : 000 | 00 1e 90 9d da 65 00 1c 25 cb 69 64 88 8e 02 02 | .....e..%.id.... 010 | 00 00 | .. [ALL] Cleaning up interface eth0... [iNT] Called event_core_cleanup()! [iNT] Called cardif_linux_rtnetlink_cleanup()! Je pense que je parviens à initialiser un tunnel TLS mais je ne parviens pas l'utiliser avec PAP. Il y a une erreur significative sur xsupplicant qui se constate sur freeradius aussi. Je n'ai pas de trouvé comment corriger l'erreur. Je n'écarte pas le fait que cela puisse venir de la configuration du radius. Merci pour votre aide potentiel. Lien vers le commentaire Partager sur d’autres sites More sharing options...
Serom Posté(e) le 26 mai 2009 Partager Posté(e) le 26 mai 2009 Je pense que tu fais tout sur un seul PC (le supplicant, et l'authenticator radius). Je te conseille sérieusement de séparer les deux entités pour mieux comprendre ce qui se passe, parce que comme ça je vois pas trop. Serait il possible que tu ais un ordinateur portable sous windows ou linux comptatible TTLS (pour windows il faut installer secureW2) pour faire supplicant. Comme ça tu installe wireshark dessus et on pourrait mieux voir la source du problème. Prends cette conf pour TTLS: eap { default_eap_type = ttls timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no md5 { } tls { certdir = ${confdir}/certs cadir = ${confdir}/certs private_key_password = radius private_key_file = ${certdir}/radius.key certificate_file = ${certdir}/radius.pem CA_file = ${cadir}/cacert.pem dh_file = ${certdir}/dh random_file = ${certdir}/random make_cert_command = "${certdir}/bootstrap" } ttls { default_eap_type = md5 copy_request_to_tunnel = yes use_tunneled_reply = yes } mschapv2 { } } } Pour le faire fonctionner j'avais ça. Use_tunneled reply cela veut dire que le User-Name passe dans le tunnel. En gros quand tu mets ca à no, tu verras User-Name = anonymous. Avec cette option à yes, le User-Name passe dans le tunnel. Et copy_request_to_tunnel c'est que t'envoi les requêtes dans le tunnel. En gros comme ça tout es chiffré. En ce qui concerne ton erreur aussi, oublie pas qu'il n'y a pas besoin de certificat côté client. Vu que tu as fait du TLS avant tu as peu être laisser le certificat. L'erreur de la mauvaise empreinte du cypher peut être du à ta ligne default_eap_type = gtc. En fait dans le Tunnel TLS qu'aura crée l'instance TTLS, les échanges seront contrôlé grace à un hash en MD5. Et la méthode d'authentification sera réalisé grâce au protocole PAP. C'est un peut compliqué mais ca se passe comme ca. Voilà déjà essaye comme ça et dit moi s'il y a des évolutions Lien vers le commentaire Partager sur d’autres sites More sharing options...
zasquash Posté(e) le 27 mai 2009 Auteur Partager Posté(e) le 27 mai 2009 Déjà merci beaucoup pour ta réponse. Mon architecture est répartie sur plusieurs postes physiques et logique. Le supplicant se trouve sur un poste P1 physique. Le NAS est sur un poste P2 et le radius est isolé sur une machine Virtuel hébergé sur le P2. Mais l'architecture est parfaitement segmenté. Wireshark tourne derrière sans problème. Je suis full nux. En ce qui concerne le fichier eap.conf. Est il possible d'utiliser une autre forme de Hashage que le MD5 ? genre SHA256 ou 386. J'ai une autre question. Les mots de passe dans mon LDAP doit il être en claire ou chiffré ? Je t'envoies la conf de mon client. network_list = all default_netname = client #destination = auto logfile = syslog log_facility = daemon #auth_period = 10 #held_period = 10 #max_starts = 3 default_interface = eth0 #stale_key_timeout = 600 allmulti = no client { type = wired allow_types = eap-ttls force_eapol_ver = 2 identity = test eap-ttls { root_cert = certs_ttls/ca.pem root_dir = certs_ttls chunk_size = 1398 random_file = certs_ttls/random phase2_type = pap pap { username = "test" password = "tata" } } } En ce qui concerne le cipher ne n'ai pas le choix de laisser le root_cert = certs_ttls/ca.pem et root_dir = certs_ttls car sinon il me refuse systématiquement le certificat serveur. Mais c'est logique car sinon il ne peut pas verifié la validité du certificats server. Je teste tout ce que tu m'as dit demain encore une fois merci. Lien vers le commentaire Partager sur d’autres sites More sharing options...
zasquash Posté(e) le 1 juin 2009 Auteur Partager Posté(e) le 1 juin 2009 Bon... Je n'ai aucun changement. J'ai tjrs mon message d'erreur ds mon Xsupplicant. J'ai compiler la version Xsupplicant 1.2.8 et refait un teste. Le message d'erreur apparait toujours. Je vais procéder par ordre logique. Je ne vais pas utiliser LDAP dans un premier temps. mais plutôt passer par le fichier de configuration users. quelqu'un aurait il un fichier de configuration fonctionnel pour eap.conf et users default et inner-tunnel. Merci Lien vers le commentaire Partager sur d’autres sites More sharing options...
Serom Posté(e) le 1 juin 2009 Partager Posté(e) le 1 juin 2009 Salut, J'ai tout mes fichiers de conf qui fonctionnait pour TTLS mais s'était les anciennes version et il n'y avait pas le fichier inner-tunnel. Je peux te les filer si tu veux. EAP.conf tu l'a déjà. Maintenant user: #DEFAULT Ldap-Group == "disabled", Auth-Type = LDAP # # # Tunnel-Medium-Type = IEEE-802, # Tunnel-Type = VLAN, # Tunnel-Private-Group-Id = "2" # #DEFAULT Ldap-Group == "enabled", Auth-Type = LDAP # # Tunnel-Medium-Type = IEEE-802, # Tunnel-Type = VLAN, # Tunnel-Private-Group-Id = "3" # DEFAULT Auth-Type = LDAP Ces fichiers de conf était pour des versions anterieur à la tienne. Avec ces fichiers, LDAP + TTLS fonctionnait. Et je faisais aussi du Vlan dynamique Lien vers le commentaire Partager sur d’autres sites More sharing options...
zasquash Posté(e) le 2 juin 2009 Auteur Partager Posté(e) le 2 juin 2009 BON... J'ai trouvé. J'ai réaliser une authentification avec freeradius EAP-TTLS / PAP avec LDAP et les mots passe chiffré en SHA. xsupplicant ne fonctionne clairement pas en TTLS / PAP dans les versions 1.2.4, jusqu'à 1.2.8. Je n'ai pas testé les versions antérieur. J'utilise wpa_supplicant commet client. http://rnd.feide.no/content/feide-and-eduroam Lien vers le commentaire Partager sur d’autres sites More sharing options...
Messages recommandés
Archivé
Ce sujet est désormais archivé et ne peut plus recevoir de nouvelles réponses.