我在“用户”文件中创建了一个帐户/密码,客户端(Android手机)可以通过EAP-TTLS-MSCHAPv2成功通过RADIUS身份验证。
但是,我未能使用EAP-PEAP-MSCHAPv2来完成身份验证过程,客户端最终会显示“密码可能不正确”。但是,我很确定帐户和密码与使用的TTLS相同。
FreeRADIUS服务器中的TTLS和PEAP之间是否有任何不同的设置? 我做的不同设置是: 修改“default_eap_type = peap”并取消注释eap.conf文件中的peap {...}部分。
freeRADIUS服务器的失败日志如下:
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.1 port 65524, id=45, length=119
User-Name = "wifitest"
NAS-Port-Type = Wireless-802.11
Called-Station-Id = "00-0A-79-98-19-1F"
Calling-Station-Id = "00-10-20-A7-7E-08"
NAS-IP-Address = 192.168.1.1
Framed-MTU = 1400
EAP-Message = 0x0201000d017769666974657374
Message-Authenticator = 0x57d3133deaf6e6a25993d56bed67305f
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "wifitest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry wifitest at line 94
[files] expand: HelloWiFi, %{User-Name} -> HelloWiFi, wifitest
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 45 to 192.168.1.1 port 65524
Reply-Message = "HelloWiFi, wifitest"
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0ac7b1a00ac5a8adfe884be35ffc7d0d
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 65525, id=46, length=299
User-Name = "wifitest"
NAS-Port-Type = Wireless-802.11
Called-Station-Id = "00-0A-79-98-19-1F"
Calling-Station-Id = "00-10-20-A7-7E-08"
NAS-IP-Address = 192.168.1.1
Framed-MTU = 1400
State = 0x0ac7b1a00ac5a8adfe884be35ffc7d0d
EAP-Message = 0x020200af1980000000a516030100a00100009c0303fc7c8a84191c13ae8a8403a782d1e177845b8f00c11210edb4a7be161fa2c2c000003ec02cc030009fc02bc02f009ecca9cca8c00ac024c014c0280039006bc009c023c013c02700330067c007c011009d009c0035003d002f003c00050004000a01000035ff0100010000170000000d001600140601060305010503040104030301030302010203000b00020100000a00080006001700180019
Message-Authenticator = 0x8a28ef1f68576118361f4bf6e905e151
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "wifitest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 175
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 165
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 00a0], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0039], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 0c5e], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 024b], ServerKeyExchange
[peap] TLS_accept: SSLv3 write key exchange A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 46 to 192.168.1.1 port 65525
EAP-Message = 0x0103040019c000000efa16030100390200003503016e2bbd93a310b46d50495b5b7a0cc457b8f42b054d511e190df32dbef4918cca00c01400000dff01000100000b0004030001021603010c5e0b000c5a000c570005a6308205a23082038aa003020102020106300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966
EAP-Message = 0x696361746520417574686f72697479301e170d3136303630313039333435375a170d3231303533313039333435375a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820222300d06092a864886f70d01010105000382020f003082020a0282020100c5b8ab4e7aa5865334894f1a3b75958692742d5eaa525b667a717f50227c8ae3d7c9eb5bcf144faa1e05750f4c77a7
EAP-Message = 0x8413be4749003d8c8630f0c40c4250255ca49191927a91fd230a93bfc6ffd0b21809a33282ebf1eb2b5dffca64fcf13ce4cbb747d8cc9db13e0d87612f871508193f048b4d85093306cc74aeff8328a6d20aef973e9806916a80504c5fbf9cff3f9ec42b749780cad0e34cce10007892ea65f0f39171da1e5628633565ea5da85f1ac1f28330a5bc82ca4aba341ecf05b9fc04e579c5ae551ced6c21eabe02a6aea988fdb8e783bc15055b00b57866b8227b9ef1148ed809c157e9f2e5868b73d21f4cc4341e64716513413f5b472368b43dc1a39b2f30f591ba0505148d369f3aa7843d87ec583098108d0f77fbe467402866d4341da75a518e84e10b
EAP-Message = 0x009de9ec409ee64adfe9f1ece249b6b6db4586c40520a3fc511750772099e6f363e163f417d9b1d14885851b82fd6b0a7efc9504ef1cf502a632164141ea644d7fdd45e3e5ebee8169de5f7677d5f45a6c09a96b71b73a67e236e0feea17ff34cdbc34ec6aa871201a2a7d4466f43cb813a783770cf3be4215de2bdc4f4733fb6174c8b36426b7553ff6d313ef66bdcdd305ddd7887cd464ac3bee96e91b2cbc0c46cd8d96fa1e64cfd65bb889138614d2f61a3a9bb32f2acc96e5dbc05cef66d3b9ceddeca8b91aff1c152188aa3e998be2f4a90203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01
EAP-Message = 0x010505000382020100add083
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0ac7b1a00bc4a8adfe884be35ffc7d0d
Finished request 1.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 65460, id=47, length=130
User-Name = "wifitest"
NAS-Port-Type = Wireless-802.11
Called-Station-Id = "00-0A-79-98-19-1F"
Calling-Station-Id = "00-10-20-A7-7E-08"
NAS-IP-Address = 192.168.1.1
Framed-MTU = 1400
State = 0x0ac7b1a00bc4a8adfe884be35ffc7d0d
EAP-Message = 0x020300061900
Message-Authenticator = 0x97038b89a169c3527cd44c02f7f20973
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "wifitest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 47 to 192.168.1.1 port 65460
EAP-Message = 0x010403fc19406079f0d2f3281a40096e05244d319c55b5da12e083ad7de46c1fd67fbf447399d10b712479b6b6c3d1665cab48b6b44ded2c585957aeb79cd433432f61d9ff62ba5d6121d3c620beab754791983c0469841b21c95424a3464a4e43c3ca9477b2461f4901babda8cbc309ab3c873af661727b6f7bf3f7bc8ff6247ab27ed900771120ecf20aa8ce9708f91ec169e112406113c3d3c9decb71031db3d956867b59cd5fa890e4750fbe1fb36019b75f6c86faae9a1fa91b9fe29f501dbb1b83f4e1f209d996628efb236888f909fd288722fa9e0956992438feca3a95741f3d99c9015ed688e869ff3a5537d65c37934d99aee2a074a04d27
EAP-Message = 0x5e7f46abdb38960c53545e4e83c78f6163081a61d1cc4cfa0af30a1ab7bc13de039411ea5d18029caa12c54448b6c83e02d21c5678336dc91d82a65177e7115cdee3ad280f97d7ac85604397c69749456ba85af3d4bdb2b6ab576200cdc94182f5c146f2538845cb445797e357d0416ec16ace8d420d540b5b98f637bd9dfcf8769cb428a8ee597fc756b4ce8da91627d1a7efb8c6977cf6146dff9b0237cf0464802516a69821c7923f0c88bd366991d1ad9c082526c113391c102693fc800ba4847c8c6d0b18c12322c4ebc3569545d0f48b80ec1547089cc7897fe27e1bdd16d733c749691b02ade540bb59dc927ba3ff11ea4a946da4e203ec6e0f
EAP-Message = 0x5a6f793acac2ebc2ef0006ab308206a73082048fa00302010202090099d37edcf77ff19f300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3136303630313039333134375a170d3231303533313039333134375a308193310b3009060355040613024652310f300d
EAP-Message = 0x060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a0282020100c28a1e509673aa5a74e504d70c2ac0714a14c2e3e9b2863fee372665bc830f8bb775fc9d733edfd7e95a7270d02100ff4179c9d2db2f17c72c646c53a441194ca094db7b4000a679ff427f43f83a7fc5fcdde8ba810778e2a23b
EAP-Message = 0xe18b087d9dd63c98
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0ac7b1a008c3a8adfe884be35ffc7d0d
Finished request 2.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 65461, id=48, length=130
User-Name = "wifitest"
NAS-Port-Type = Wireless-802.11
Called-Station-Id = "00-0A-79-98-19-1F"
Calling-Station-Id = "00-10-20-A7-7E-08"
NAS-IP-Address = 192.168.1.1
Framed-MTU = 1400
State = 0x0ac7b1a008c3a8adfe884be35ffc7d0d
EAP-Message = 0x020400061900
Message-Authenticator = 0xdb1c2e526bee62e61be6813ce1748dc8
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "wifitest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 48 to 192.168.1.1 port 65461
EAP-Message = 0x010503fc19403369ae7946772f6ef5d99dce22c9e859ad763673e04c40790332ceb6a9bd1424ffedb2cb10981260e5dfba3d105f6e4bc28ef2c88ab0cc603cc5635644c31b82884e97fddcfed4cb98cb260ffd3e75e672a0d0eda18b6fda0c349546ce354c81f7c2162d8e782e09864540e6975b8063df95589bd40c8e8ba0734137cc270455c301e78ecfb6c88444c51123487fbf4f06c3e713e2396b702624d56233caf1beb6eb1bccbdefbf77fb9a2ce05f21570d824afe77e75a8310aab28dcf0b2c820453275a1f97a8b2257bb706923375abdde24c0b816946d13ca1eba5a11da3d76ac5203253b4aa5cf8c4819eb6c235461441ed1cd7f92b16
EAP-Message = 0x1ffaea04fc083aeffbb9930ca6bc283f91cc4ee235e94d702c70288d886cbbdc3e244defdb0c54fd2b67bf5ef6e11d5c51cbbe7c405f07162acfe13a51e28be2b6dce0aa1a0a0464d13745274d0dfd15b83894c1afec4712b824c2b0a7cc66e53a383da3a87c584b1508516415d5aed992e7c097202edc7c12b015949cdc1ba69a4e41ae4ac52b746eb4f7bdea3abb2dfe5cd1fbbe381d88bd110a591b8aadab3f06d51458b19f0203010001a381fb3081f8301d0603551d0e0416041485dce2df9413899626bed9e6565f115193fe05333081c80603551d230481c03081bd801485dce2df9413899626bed9e6565f115193fe0533a18199a481963081
EAP-Message = 0x93310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747982090099d37edcf77ff19f300c0603551d13040530030101ff300d06092a864886f70d01010b05000382020100105e3f9216b37634aa92db34a4624950f21dbfc6d1ea22233640b7406c2f0534acd6ddc8646f637651df353058bc9fcf8115d868010499440d36b671
EAP-Message = 0x021e0ef5cb7c10a364e8fcb7294325cafd5ccb1eb1b19a623603d3acf91dac1256c52ea78b08cc0ff3d994ca7687413cf2fef642faef4646612dda0e943367dffb10ec06d88d34ed26ac36d20068f499605d7227669ff97530b3ffccd4018d91a622fbc7551a73241732eb9ab0cd42b26e69067479480de230a70ac9180ef332dfaa8cfa91788a8614be6d45e787342b90e01fcbee466d5c437e8cd84d37c3f8a680a75ab3800363a2b66f489bfa025bd3f586c1ff822784fb3067756b48b7d42e5b5c867c33fedea19b10c068a9ea584ddedfce30ccefd4e7eca8655aeff259ab0afd9838af2e629d1d1f27b04c86d2eeda8492efdcaf0a67cf9dfe39
EAP-Message = 0x1b79642b879016a9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0ac7b1a009c2a8adfe884be35ffc7d0d
Finished request 3.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 65462, id=49, length=130
User-Name = "wifitest"
NAS-Port-Type = Wireless-802.11
Called-Station-Id = "00-0A-79-98-19-1F"
Calling-Station-Id = "00-10-20-A7-7E-08"
NAS-IP-Address = 192.168.1.1
Framed-MTU = 1400
State = 0x0ac7b1a009c2a8adfe884be35ffc7d0d
EAP-Message = 0x020500061900
Message-Authenticator = 0xc3cda7510fb1b33edc51ca2bbdf1db68
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "wifitest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 49 to 192.168.1.1 port 65462
EAP-Message = 0x0106031e190004d1292d15b881155210f2bb201e16de770a465e12c98420dda39a1068b666150527f26761e5a407828cfad8037da749131363bc30af8fb5702ad500400b9ff554768ba24c27385a72b5b640fe368757f423c581bc9aa904671cea63168da8dca9e272a20825372268ac9b300a5a6e06715f179ee443feba2a24b66ebb5e1fb3104e9d32c2bd094af9330d8e9e1689a75960782ee8d939d82b57062257b434054f488ad31538217d45d283406d13cf4f1a1e6df8707d7c44fa99c203c410eb160301024b0c0002470300174104e1e0bf67a4251302135a6081cf85de3e6fe719a17065e225cfb93e28776194dd0590e9d26c1f3268ff59
EAP-Message = 0x7e1d8560169a994926988f4befd64a09f528f42a102002006a25e2844961c383888a207386b361b59b4e16ef1ca76134bfad7b13235c13ce731d982bb5e350680c774a45d479dcb4c8deeef992e87a2713a92b542b491f9280b6303248a085e94957c8113a19055f29099f8b4db897a127d553c1dbc944db941e69f6f78808d82c40b8c4b1281a72d9f0edde2d1bb9aa5f1f312ff8c7ae210e8fe316a42ae3a853dadb6baac8f3f09bc7bd17034d6deb4288533031fbaae05b9444762bcc70735f479cb68ce715589e68961433d708b8f31fec55b6d6a297e60fcf34a8e16a727daaecb7d5ec9ec7e3469bfd01001413e201f5f928a7b250e1d023e484
EAP-Message = 0xba6d7500d96c749af6f288c646682392f47057d42c0d19d2cef00ef353f48e94b16cba38317aa35c08e5d26db15cd6b98f43e3232c340315ef190ff88017486704fd36b728a92e2a6a49c5e12eb9e2e626a0bc0dca6d80c9a73ef8326851b93e6699e7b81b0a03d56233f4a8521b6062c6b743efecd6c78942d2d21b18f9ca6eb0fa6b1e12a26692eeaf1e5159bd6d6df45a13ace07bc4f789eb025f9637ee293c7e4900fbc8d1a9020c072491fc07b70928e9a927df99cb975fce9a259994ae1d78845994fe0e5f994087addb8640fbdae2177c5ca0c3b38ecabc364e021a2e1102b4d84228eafb51253bb947fa451f8e2cfd76716e38648c19504948
EAP-Message = 0xa1d4ed0224163fefed7bdf06c119067edb4e9fc5405172005a578c2690a516030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0ac7b1a00ec1a8adfe884be35ffc7d0d
Finished request 4.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 65463, id=50, length=268
User-Name = "wifitest"
NAS-Port-Type = Wireless-802.11
Called-Station-Id = "00-0A-79-98-19-1F"
Calling-Station-Id = "00-10-20-A7-7E-08"
NAS-IP-Address = 192.168.1.1
Framed-MTU = 1400
State = 0x0ac7b1a00ec1a8adfe884be35ffc7d0d
EAP-Message = 0x02060090198000000086160301004610000042410451d7946c6db099c77bab87d55fd6c1c931b6e74dfd178a5938f3e367229919e2d13fc6ae87e1e08abae29d5fc4c439a1eaa5d769288ac2c57ff05acc3ce49cd21403010001011603010030d2730a92cffc790d51b6bd15f10fa461138cb4f7238f30b4af6b8a04bd90eac7a769a64683f32872f886311d77e322d1
Message-Authenticator = 0xf6d668ee7258659efeeb32a6c70c74ed
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "wifitest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 144
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 134
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 50 to 192.168.1.1 port 65463
EAP-Message = 0x010700411900140301000101160301003053208a378c6d9dd4ebf97c372d8898063fbdc33f891ad18ad022ed1fce5e3b50e88d8ab406c630d904c365b0cde82703
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0ac7b1a00fc0a8adfe884be35ffc7d0d
Finished request 5.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 65464, id=51, length=130
User-Name = "wifitest"
NAS-Port-Type = Wireless-802.11
Called-Station-Id = "00-0A-79-98-19-1F"
Calling-Station-Id = "00-10-20-A7-7E-08"
NAS-IP-Address = 192.168.1.1
Framed-MTU = 1400
State = 0x0ac7b1a00fc0a8adfe884be35ffc7d0d
EAP-Message = 0x020700061900
Message-Authenticator = 0x38022336d7bf3377b3b2e2d8cad98dcf
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "wifitest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 51 to 192.168.1.1 port 65464
EAP-Message = 0x0108002b190017030100203bea44bfaf0d3cb7dd8b3bb2dfe8e24d988856ab2dda082e51c314fdd8189b1a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0ac7b1a00ccfa8adfe884be35ffc7d0d
Finished request 6.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 65465, id=52, length=167
User-Name = "wifitest"
NAS-Port-Type = Wireless-802.11
Called-Station-Id = "00-0A-79-98-19-1F"
Calling-Station-Id = "00-10-20-A7-7E-08"
NAS-IP-Address = 192.168.1.1
Framed-MTU = 1400
State = 0x0ac7b1a00ccfa8adfe884be35ffc7d0d
EAP-Message = 0x0208002b190017030100204eeb9a1bb90d4d5f0ae0e4e497ada34e29844eff109f13399594730b7edd7078
Message-Authenticator = 0x1f27cf7d4b1f36e0c4ac83c23509530d
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "wifitest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - wifitest
[peap] Got inner identity 'wifitest'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message = 0x0208000d017769666974657374
server {
[peap] Setting User-Name to wifitest
Sending tunneled request
EAP-Message = 0x0208000d017769666974657374
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "wifitest"
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "wifitest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry wifitest at line 94
[files] expand: HelloWiFi, %{User-Name} -> HelloWiFi, wifitest
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] EAP Identity
[eap] No such EAP type mschapv2
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
Reply-Message = "HelloWiFi, wifitest"
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
Reply-Message = "HelloWiFi, wifitest"
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 52 to 192.168.1.1 port 65465
EAP-Message = 0x0109002b19001703010020572a74599cc45c80b14c309cc97e354b5a357277b3713e42dfe79a0ae136ebc5
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0ac7b1a00dcea8adfe884be35ffc7d0d
Finished request 7.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 65466, id=53, length=167
User-Name = "wifitest"
NAS-Port-Type = Wireless-802.11
Called-Station-Id = "00-0A-79-98-19-1F"
Calling-Station-Id = "00-10-20-A7-7E-08"
NAS-IP-Address = 192.168.1.1
Framed-MTU = 1400
State = 0x0ac7b1a00dcea8adfe884be35ffc7d0d
EAP-Message = 0x0209002b1900170301002011994ee8ade612577c284d3774f192fe16ec990740c07c6d6d11ff0a7a3b3714
Message-Authenticator = 0xc979186ad70969571f2d3fee85447035
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "wifitest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv failure
[peap] Received EAP-TLV response.
[peap] The users session was previously rejected: returning reject (again.)
[peap] *** This means you need to read the PREVIOUS messages in the debug output
[peap] *** to find out the reason why the user was rejected.
[peap] *** Look for "reject" or "fail". Those earlier messages will tell you.
[peap] *** what went wrong, and how to fix the problem.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> wifitest
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 8 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 8
Sending Access-Reject of id 53 to 192.168.1.1 port 65466
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000