802.1X Port-Based Authentication HOWTO, Lars Strand [early reader chapter books txt] 📗

tls: include_length = yes

tls: check_crl = no

tls: check_cert_cn = "(null)"

rlm_eap: Loaded and initialized type tls

peap: default_eap_type = "mschapv2" (3)

peap: copy_request_to_tunnel = no

peap: use_tunneled_reply = no

peap: proxy_tunneled_request_as_eap = yes

rlm_eap: Loaded and initialized type peap

mschapv2: with_ntdomain_hack = no

rlm_eap: Loaded and initialized type mschapv2

Module: Instantiated eap (eap)

......

Module: Loaded files

files: usersfile = "/usr/local/etc/raddb/users" (4)

......

Module: Instantiated radutmp (radutmp)

Listening on authentication *:1812

Listening on accounting *:1813

Ready to process requests. (5)

(1) Default EAP type is set to PEAP.

(2) RADIUS's TLS settings are initiated here. The certificate type,

(3) Inside the PEAP tunnel, MS-CHAPv2 is used.

(4) The username/password information is found in the users file.

(5) RADIUS server started successfully. Waiting for incoming requests.

The radius server is now ready to process requests!

The most interesting output is included above. If you get any error

message instead of the last line, go over the configuration (above)

carefully.

Now the Supplicant is ready to get authenticated. Start Xsupplicant in

debug mode. Note that we'll see output produced by the two startup

scripts: startup.sh and startup2.sh.

# xsupplicant -c /usr/local/etc/1x/1x.conf -i eth0 -d 6

Starting /etc/1x/startup.sh

Finished /etc/1x/startup.sh

Starting /etc/1x/startup2.sh

Finished /etc/1x/startup2.sh

At the same time, the RADIUS server is producing a lot of output. Key

snippets are shown below:

......

rlm_eap: Request found, released from the list

rlm_eap: EAP/peap

rlm_eap: processing type peap

rlm_eap_peap: Authenticate

rlm_eap_tls: processing TLS (1)

eaptls_verify returned 7

rlm_eap_tls: Done initial handshake

eaptls_process returned 7

rlm_eap_peap: EAPTLS_OK (2)

rlm_eap_peap: Session established. Decoding tunneled attributes.