全部博文(306)
分类: LINUX
2016-03-28 15:28:03
原文地址:PMK caching PreAuth原理和简单验证方法 作者:hddnwpu
In 802.11i, a Pairwise Master Key (PMK) is the key that results from a successful authentication between a wireless station and an access point. The PMK is generally derived by the wireless station and the back-end EAP/AAA authentication server after a successful EAP authentication and sent to the wireless access point in a AAA message (In the context of EAP/AAA, the PMK is called Master Session Key 'MSK') secured using long-term security association between the authentications server and the access point.
The PMK is stored in the station and the access point with associated context information such as the access point's MAC addresses, the lifetime of the PMK and a unique identifier called PMKID. The collection of this information is called PMK Security Association (PMKSA). The PMKID is computed by applying a hash function (HMAC-SHA1-128) to the concatenation of the PMK, the label `PMK Name', the access point's MAC address (MAC_AP) and the station's MAC address (MAC_STA).
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)
When associating with an access point, the station determines if it has a valid PMK with the target access point by checking if it has a PMKSA that matches the target access point's MAC address. If such PMK does not exist, the station and the access point perform authentication using EAP. If the station determines that it shares a PMK with the target AP, then the station proposes the use of the PMK by including the PMKID in the RSN Information Element of the (Re)Association Request message. Upon reciept of a (Re)Assiciation Request with a PMKID, the access point checks whether is has a valid PMKSA with the same PMKID. If so, it begins the four-way handshake exchange using the negotiated PMKSA.
用大白话说,就是支持RSN的AP会纪录STATION和AP之间的PMK,如果下一次STATION再次过来连AP并且在(Re)assoc request中携带PMKID标记,AP就会根据这个ID查找PMKSA Cache,如果找到了,那么这一次AP和STA之间就不做802.1X而直接进行4-way handshake
PreAuth也是这个道理,STA连上第一只AP,然后通过第一只AP和第二只AP做Pre-Auth,具体就是做802.1X取得PMK,然后当第一只挂了后,就直接Roaming到第二只AP了,两者之间直接进行4-way就可以了,因为第二只AP里面有PMK Cache了。
这两个RSN的特性一定要在WPA-enterprise模式下才有用的,因为这个模式需要802.1X取得PMK和4-way大家相互验证。而且必须在wpa2模式下。对于wpapsk这个特性就没有用的,因为STA和AP之间是直接进行4-way相互验证的。
hostapd支持这个特性,测试如下:
1. STA--assoc-->AP
2.ifconfig ath0 down (触发Reassoc并且PMK cache没有被清除掉)
ifconfig ath0 up
STA--reassoc-->AP
PMK caching hostapd log:
Wireless event: cmd=0x8c03 len=20
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.11: associated
New STA
madwifi req WPA IE - hexdump(len=256): 30 26 01 00 00 0f ac 02 01 00 00 0f ac 04 01 00 00 0f ac 01 3c 00 01 00 f0 d7 18 9e 34 47 0e 24 ea de 03 b9 2d 57 70 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
madwifi req RSN IE - hexdump(len=256): 30 26 01 00 00 0f ac 02 01 00 00 0f ac 04 01 00 00 0f ac 01 3c 00 01 00 f0 d7 18 9e 34 47 0e 24 ea de 03 b9 2d 57 70 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
RSN IE: STA PMKID - hexdump(len=16): f0 d7 18 9e 34 47 0e 24 ea de 03 b9 2d 57 70 15
ath0: STA 00:1f:3b:27:ae:05 WPA: PMKID found from PMKSA cache eap_type=13 vlan_id=0
ath0: STA 00:1f:3b:27:ae:05 WPA: event 1 notification
madwifi_del_key: addr=00:1f:3b:27:ae:05 key_idx=0
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: start authentication
EAP: Server state machine created
IEEE 802.1X: 00:1f:3b:27:ae:05 BE_AUTH entering state IDLE
IEEE 802.1X: 00:1f:3b:27:ae:05 CTRL_DIR entering state FORCE_BOTH
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: PMK from PMKSA cache - skip IEEE 802.1X/EAP
STA identity from PMKSA - hexdump_ascii(len=3):
6c 6c 6c lll
ath0: STA 00:1f:3b:27:ae:05 WPA: start authentication
WPA: 00:1f:3b:27:ae:05 WPA_PTK entering state INITIALIZE
madwifi_del_key: addr=00:1f:3b:27:ae:05 key_idx=0
WPA: 00:1f:3b:27:ae:05 WPA_PTK_GROUP entering state IDLE
WPA: 00:1f:3b:27:ae:05 WPA_PTK entering state AUTHENTICATION
WPA: 00:1f:3b:27:ae:05 WPA_PTK entering state AUTHENTICATION2
WPA: 00:1f:3b:27:ae:05 WPA_PTK entering state INITPMK
WPA: PMK from PMKSA cache
WPA: 00:1f:3b:27:ae:05 WPA_PTK entering state PTKSTART
ath0: STA 00:1f:3b:27:ae:05 WPA: sending 1/4 msg of 4-Way Handshake
WPA: Send EAPOL(version=2 secure=0 mic=0 ack=1 install=0 pairwise=8 kde_len=22 keyidx=0 encr=0)
TX EAPOL - hexdump(len=135): 00 1f 3b 27 ae 05 00 0d 02 30 00 01 88 8e 02 03 00 75 02 00 8a 00 10 00 00 00 00 00 00 00 01 d9 bf df 69 6a 3f 6d a4 d9 a6 29 da c5 a3 f1 ac f8 0d 17 2a 69 96 da 01 4e 3d 46 0d a7 64 9c 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16 dd 14 00 0f ac 04 f0 d7 18 9e 34 47 0e 24 ea de 03 b9 2d 57 70 15
IEEE 802.1X: 00:1f:3b:27:ae:05 BE_AUTH entering state IDLE
IEEE 802.1X: 139 bytes from 00:1f:3b:27:ae:05
IEEE 802.1X: version=1 type=3 length=135
ath0: STA 00:1f:3b:27:ae:05 WPA: received EAPOL-Key frame (2/4 Pairwise)
WPA: 00:1f:3b:27:ae:05 WPA_PTK entering state PTKCALCNEGOTIATING
WPA: PTK derivation - A1=00:0d:02:30:00:01 A2=00:1f:3b:27:ae:05
WPA: PMK - hexdump(len=32): [REMOVED]
WPA: PTK - hexdump(len=64): [REMOVED]
WPA: 00:1f:3b:27:ae:05 WPA_PTK entering state PTKCALCNEGOTIATING2
WPA: 00:1f:3b:27:ae:05 WPA_PTK entering state PTKINITNEGOTIATING
madwifi_get_seqnum: addr=00:00:00:00:00:00 idx=1
ath0: STA 00:1f:3b:27:ae:05 WPA: sending 3/4 msg of 4-Way Handshake
WPA: Send EAPOL(version=2 secure=1 mic=1 ack=1 install=1 pairwise=8 kde_len=66 keyidx=1 encr=1)
Plaintext EAPOL-Key Key Data - hexdump(len=80): [REMOVED]
TX EAPOL - hexdump(len=193): 00 1f 3b 27 ae 05 00 0d 02 30 00 01 88 8e 02 03 00 af 02 13 ca 00 10 00 00 00 00 00 00 00 02 d9 bf df 69 6a 3f 6d a4 d9 a6 29 da c5 a3 f1 ac f8 0d 17 2a 69 96 da 01 4e 3d 46 0d a7 64 9c 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a3 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e3 29 ed e8 53 c6 01 79 fc cc 26 63 7e 27 6f a6 00 50 86 46 b4 24 c0 20 ca 78 a6 ac 40 01 c5 56 86 03 e2 e9 39 33 9b 7a 50 87 48 68 4f dc 8b d1 a8 8a 14 fe 74 d2 2b 99 24 8d 97 69 62 1e d4 a1 33 47 44 b0 71 4f a6 28 49 6b 1a a9 e0 00 b9 2c e5 9a 0b 8c 9e e9 d0 45 1b 79 f7 4b 19 9e cb ca 55 ec
IEEE 802.1X: 99 bytes from 00:1f:3b:27:ae:05
IEEE 802.1X: version=1 type=3 length=95
ath0: STA 00:1f:3b:27:ae:05 WPA: received EAPOL-Key frame (4/4 Pairwise)
WPA: 00:1f:3b:27:ae:05 WPA_PTK entering state PTKINITDONE
madwifi_set_key: alg=CCMP addr=00:1f:3b:27:ae:05 key_idx=0
ath0: STA 00:1f:3b:27:ae:05 WPA: pairwise key handshake completed (RSN)
IEEE 802.1X: 00:1f:3b:27:ae:05 AUTH_PAE entering state AUTHENTICATED
madwifi_set_sta_authorized: addr=00:1f:3b:27:ae:05 authorized=1
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: authorizing port
ath0: STA 00:1f:3b:27:ae:05 RADIUS: starting accounting session 3FF932D2-00000004
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: authenticated - EAP type: 13 (TLS) (PMKSA cache)
PreAuth Hostapd Log:
Wireless event: cmd=0x8c04 len=20
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.11: disassociated
ath0: STA 00:1f:3b:27:ae:05 WPA: event 2 notification
WPA: 00:1f:3b:27:ae:05 WPA_PTK entering state DISCONNECTED
WPA: 00:1f:3b:27:ae:05 WPA_PTK entering state INITIALIZE
EAP: Server state machine removed
RSN: receive pre-auth packet from interface 'br0'
New STA
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: start authentication
EAP: Server state machine created
IEEE 802.1X: 00:1f:3b:27:ae:05 BE_AUTH entering state IDLE
IEEE 802.1X: 00:1f:3b:27:ae:05 CTRL_DIR entering state FORCE_BOTH
IEEE 802.1X: 46 bytes from 00:1f:3b:27:ae:05
IEEE 802.1X: version=1 type=1 length=0
ignoring 42 extra octets after IEEE 802.1X packet
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: received EAPOL-Start from STA
IEEE 802.1X: 00:1f:3b:27:ae:05 AUTH_PAE entering state DISCONNECTED
IEEE 802.1X: 00:1f:3b:27:ae:05 AUTH_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state SELECT_ACTION
EAP: getDecision: no identity known yet -> CONTINUE
EAP: EAP entering state PROPOSE_METHOD
EAP: getNextMethod: vendor 0 type 1
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 41
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
IEEE 802.1X: 00:1f:3b:27:ae:05 AUTH_PAE entering state CONNECTING
IEEE 802.1X: 00:1f:3b:27:ae:05 AUTH_PAE entering state AUTHENTICATING
IEEE 802.1X: 00:1f:3b:27:ae:05 BE_AUTH entering state REQUEST
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: Sending EAP Packet (identifier 41)
RSN: receive pre-auth packet from interface 'br0'
IEEE 802.1X: 46 bytes from 00:1f:3b:27:ae:05
IEEE 802.1X: version=1 type=0 length=8
ignoring 34 extra octets after IEEE 802.1X packet
EAP: code=2 identifier=41 length=8
(response)
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: received EAP packet (code=2 id=41 len=8) from STA: EAP Response-Identity (1)
IEEE 802.1X: 00:1f:3b:27:ae:05 BE_AUTH entering state RESPONSE
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 respId=41 respMethod=1 respVendor=0 respVendorMethod=0
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
EAP-Identity: Peer identity - hexdump_ascii(len=3):
6c 6c 6c lll
EAP: EAP entering state SELECT_ACTION
EAP: getDecision: -> PASSTHROUGH
EAP: EAP entering state INITIALIZE_PASSTHROUGH
EAP: EAP entering state AAA_REQUEST
EAP: EAP entering state AAA_IDLE
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: STA identity 'lll'
Encapsulating EAP message into a RADIUS packet
ath0: RADIUS Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=7 length=148
Attribute 1 (User-Name) length=5
Value: 'lll'
Attribute 5 (NAS-Port) length=6
Value: 0
Attribute 30 (Called-Station-Id) length=25
Value: '00-0D-02-30-00-01:pmksa'
Attribute 31 (Calling-Station-Id) length=19
Value: '00-1F-3B-27-AE-05'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=33
Value: 'IEEE 802.11i Pre-Authentication'
Attribute 79 (EAP-Message) length=10
Value: 02 29 00 08 01 6c 6c 6c
Attribute 80 (Message-Authenticator) length=18
Value: 44 90 9f 1a 75 91 53 c1 cb 8b dd f4 dd 6b 03 f0
ath0: RADIUS Next RADIUS client retransmit in 3 seconds
ath0: RADIUS Received 80 bytes from RADIUS server
ath0: RADIUS Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=7 length=80
Attribute 79 (EAP-Message) length=24
Value: 01 2a 00 16 04 10 64 b8 f7 ae 53 c5 87 9a a5 b5 0e d3 70 5a 16 4e
Attribute 80 (Message-Authenticator) length=18
Value: 9e da 41 bb 38 4c 96 2d 58 1e c4 e3 93 37 2c c3
Attribute 24 (State) length=18
Value: 26 07 5b ef 4e 52 0b 64 a6 53 7e 05 fc a9 75 02
ath0: STA 00:1f:3b:27:ae:05 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station 00:1f:3b:27:ae:05
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: decapsulated EAP packet (code=1 id=42 len=22) from RADIUS server: EAP-Request-MD5-Challenge (4)
EAP: EAP entering state AAA_RESPONSE
EAP: getId: id=42
EAP: EAP entering state SEND_REQUEST2
EAP: EAP entering state IDLE2
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
IEEE 802.1X: 00:1f:3b:27:ae:05 BE_AUTH entering state REQUEST
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: Sending EAP Packet (identifier 42)
RSN: receive pre-auth packet from interface 'br0'
IEEE 802.1X: 46 bytes from 00:1f:3b:27:ae:05
IEEE 802.1X: version=1 type=0 length=6
ignoring 36 extra octets after IEEE 802.1X packet
EAP: code=2 identifier=42 length=6
(response)
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: received EAP packet (code=2 id=42 len=6) from STA: EAP Response-Nak (3)
IEEE 802.1X: 00:1f:3b:27:ae:05 BE_AUTH entering state RESPONSE
EAP: EAP entering state RECEIVED2
EAP: parseEapResp: rxResp=1 respId=42 respMethod=3 respVendor=0 respVendorMethod=0
EAP: EAP entering state AAA_REQUEST
EAP: EAP entering state AAA_IDLE
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
ath0: RADIUS Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=8 length=164
Attribute 1 (User-Name) length=5
Value: 'lll'
Attribute 5 (NAS-Port) length=6
Value: 0
Attribute 30 (Called-Station-Id) length=25
Value: '00-0D-02-30-00-01:pmksa'
Attribute 31 (Calling-Station-Id) length=19
Value: '00-1F-3B-27-AE-05'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=33
Value: 'IEEE 802.11i Pre-Authentication'
Attribute 79 (EAP-Message) length=8
Value: 02 2a 00 06 03 0d
Attribute 24 (State) length=18
Value: 26 07 5b ef 4e 52 0b 64 a6 53 7e 05 fc a9 75 02
Attribute 80 (Message-Authenticator) length=18
Value: 82 0f 6d 52 8b 97 75 86 39 aa dd b6 62 37 07 4c
ath0: RADIUS Next RADIUS client retransmit in 3 seconds
ath0: RADIUS Received 64 bytes from RADIUS server
ath0: RADIUS Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=8 length=64
Attribute 79 (EAP-Message) length=8
Value: 01 2b 00 06 0d 20
Attribute 80 (Message-Authenticator) length=18
Value: 52 d2 f0 46 b5 03 95 97 92 b2 5b 8e 10 e1 05 2c
Attribute 24 (State) length=18
Value: 0b 24 01 37 55 f3 ed 00 cf c2 6b f1 bf 00 1f be
ath0: STA 00:1f:3b:27:ae:05 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station 00:1f:3b:27:ae:05
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: decapsulated EAP packet (code=1 id=43 len=6) from RADIUS server: EAP-Request-TLS (13)
EAP: EAP entering state AAA_RESPONSE
EAP: getId: id=43
EAP: EAP entering state SEND_REQUEST2
EAP: EAP entering state IDLE2
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
IEEE 802.1X: 00:1f:3b:27:ae:05 BE_AUTH entering state REQUEST
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: Sending EAP Packet (identifier 43)
RSN: receive pre-auth packet from interface 'br0'
IEEE 802.1X: 116 bytes from 00:1f:3b:27:ae:05
IEEE 802.1X: version=1 type=0 length=112
EAP: code=2 identifier=43 length=112
(response)
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: received EAP packet (code=2 id=43 len=112) from STA: EAP Response-TLS (13)
IEEE 802.1X: 00:1f:3b:27:ae:05 BE_AUTH entering state RESPONSE
EAP: EAP entering state RECEIVED2
EAP: parseEapResp: rxResp=1 respId=43 respMethod=13 respVendor=0 respVendorMethod=0
EAP: EAP entering state AAA_REQUEST
EAP: EAP entering state AAA_IDLE
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
ath0: RADIUS Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=9 length=270
Attribute 1 (User-Name) length=5
Value: 'lll'
Attribute 5 (NAS-Port) length=6
Value: 0
Attribute 30 (Called-Station-Id) length=25
Value: '00-0D-02-30-00-01:pmksa'
Attribute 31 (Calling-Station-Id) length=19
Value: '00-1F-3B-27-AE-05'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=33
Value: 'IEEE 802.11i Pre-Authentication'
Attribute 79 (EAP-Message) length=114
Value: 02 2b 00 70 0d 80 00 00 00 66 16 03 01 00 61 01 00 00 5d 03 01 4a 94 d5 02 ac 68 b9 63 78 6c 85 6a 78 38 f1 21 03 ea ea 45 46 6c 80 12 03 4d c8 8d d3 bc 43 62 00 00 36 00 39 00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f 00 07 00 66 00 05 00 04 00 63 00 62 00 61 00 15 00 12 00 09 00 65 00 64 00 60 00 14 00 11 00 08 00 06 00 03 01 00
Attribute 24 (State) length=18
Value: 0b 24 01 37 55 f3 ed 00 cf c2 6b f1 bf 00 1f be
Attribute 80 (Message-Authenticator) length=18
Value: 63 96 9a 49 10 23 89 bb 3d 6c 9e 8d 89 20 2e a1
ath0: RADIUS Next RADIUS client retransmit in 3 seconds
ath0: RADIUS Received 1100 bytes from RADIUS server
ath0: RADIUS Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=9 length=1100
Attribute 79 (EAP-Message) length=255
Value: 01 2c 04 0a 0d c0 00 00 05 92 16 03 01 00 4a 02 00 00 46 03 01 4a 94 d5 dc de b5 09 57 b2 4e c2 fc 87 5e c7 ff c5 45 0a 8c 95 4e 20 b9 64 7c 69 79 5f ae 59 c0 20 21 53 70 fd 1f 28 53 c0 99 e1 fd 23 76 d9 ec 50 fa c4 56 ba 08 c5 51 20 41 b4 15 ce 3a 0b e7 e2 00 35 00 16 03 01 04 df 0b 00 04 db 00 04 d8 00 02 22 30 82 02 1e 30 82 01 87 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 49 31 0b 30 09 06 03 55 04 06 13 02 43 4e 31 11 30 0f 06 03 55 04 08 13 08 53 68 61 6e 67 68 61 69 31 1a 30 18 06 03 55 04 0a 13 11 44 65 6c 74 61 20 4e 65 74 77 6f 72 6b 20 49 6e 63 31 0b 30 09 06 03 55 04 03 13 02 6c 6c 30 1e 17 0d 30 36 30 37 33 31 30 35 32 38 34 38 5a 17 0d 31 36 30 37 32 38 30 35 32 38 34 38 5a 30 48 31 0b 30 09 06 03 55 04 06
Attribute 79 (EAP-Message) length=255
Value: 13 02 43 4e 31 11 30 0f 06 03 55 04 08 13 08 53 68 61 6e 67 68 61 69 31 1a 30 18 06 03 55 04 0a 13 11 44 65 6c 74 61 20 4e 65 74 77 6f 72 6b 20 49 6e 63 31 0a 30 08 06 03 55 04 03 13 01 6c 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 b9 c7 fd 07 9b 22 80 d6 dc 25 8b 8c 0e f1 0f fb cf b1 85 2b 6c 4e 13 24 4b 45 03 cc e3 37 f7 90 41 a1 f3 e0 79 ae 7e 49 9e af 1f 56 bc 01 bc 35 e0 53 b5 75 ac c0 5c 8d 0f f1 66 17 59 5d 55 72 16 0d 71 29 85 e5 29 4c 27 c7 25 fe 4c 15 7e c3 36 f2 0d 42 b7 ce c2 3f 14 db 68 66 df 78 32 5b 45 67 cc e5 80 86 fc 42 92 ef 98 06 17 72 c0 29 9d 2d 1d 0f 9d cd 23 4c db 23 17 a1 95 33 ff 3d 02 03 01 00 01 a3 17 30 15 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 0d 06
Attribute 79 (EAP-Message) length=255
Value: 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 81 81 00 60 52 5f f7 b7 d3 69 3a 26 87 6d ea f2 0a 1e 6f 47 bd 9f 54 89 b9 ce 25 69 74 9d 6b 09 4d 2e 28 22 e4 86 b3 ba c4 61 dd 1b 86 12 3d ec 79 0c 36 e6 b8 3d 73 99 b4 87 d2 45 91 13 dc d1 27 69 2c 6f 40 4c 68 b9 04 64 de 1c b7 31 2d f7 9b b4 39 33 24 5a 93 8e c2 7d f0 f4 16 66 9e 3c 29 86 49 25 86 01 50 c0 25 54 73 61 3b 52 44 bb 99 a4 7c 0b cf 32 05 78 2a f0 a1 76 f3 0a 44 10 82 00 a3 00 02 b0 30 82 02 ac 30 82 02 15 a0 03 02 01 02 02 01 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 49 31 0b 30 09 06 03 55 04 06 13 02 43 4e 31 11 30 0f 06 03 55 04 08 13 08 53 68 61 6e 67 68 61 69 31 1a 30 18 06 03 55 04 0a 13 11 44 65 6c 74 61 20 4e 65 74 77 6f 72 6b 20 49 6e 63 31 0b 30 09 06 03 55 04 03 13 02 6c 6c
Attribute 79 (EAP-Message) length=255
Value: 30 1e 17 0d 30 36 30 37 33 31 30 35 32 38 31 34 5a 17 0d 31 31 30 38 30 31 30 35 32 38 31 34 5a 30 49 31 0b 30 09 06 03 55 04 06 13 02 43 4e 31 11 30 0f 06 03 55 04 08 13 08 53 68 61 6e 67 68 61 69 31 1a 30 18 06 03 55 04 0a 13 11 44 65 6c 74 61 20 4e 65 74 77 6f 72 6b 20 49 6e 63 31 0b 30 09 06 03 55 04 03 13 02 6c 6c 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 a4 7e 6f 9a 73 8c dc 07 51 54 2a bc 0e 64 06 21 92 5e bd 36 0f 70 74 6b 08 c8 49 d9 39 af 06 76 e8 37 7f a2 ca e0 3e 33 33 fe 3b 6e 73 59 59 c8 b9 78 0f 65 87 a2 6b 18 d5 33 99 4e c6 b6 6b c1 ed c5 6f 31 6d 0a b3 b0 d4 23 8b ae 43 d6 de cb 4c 4d 20 77 92 d1 93 7a aa 5f 12 67 b1 14 0a 70 1e 15 70 b8 3d 82 7e cf 4a 34 5a 0b dd 6c f5 6a af b3 73 4c 7a
Attribute 79 (EAP-Message) length=24
Value: c8 57 4e a4 c4 c6 e9 98 32 bc 3d 02 03 01 00 01 a3 81 a3 30 81 a0
Attribute 80 (Message-Authenticator) length=18
Value: 2e 5e 24 2c 6c df f8 5d b2 44 fe 39 e4 89 55 e2
Attribute 24 (State) length=18
Value: c2 47 f5 15 2b 84 99 bc 25 a5 8b ac 6c c0 8a e6
ath0: STA 00:1f:3b:27:ae:05 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.35 sec
RADIUS packet matching with station 00:1f:3b:27:ae:05
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: decapsulated EAP packet (code=1 id=44 len=1034) from RADIUS server: EAP-Request-TLS (13)
EAP: EAP entering state AAA_RESPONSE
EAP: getId: id=44
EAP: EAP entering state SEND_REQUEST2
EAP: EAP entering state IDLE2
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
IEEE 802.1X: 00:1f:3b:27:ae:05 BE_AUTH entering state REQUEST
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: Sending EAP Packet (identifier 44)
RSN: receive pre-auth packet from interface 'br0'
IEEE 802.1X: 46 bytes from 00:1f:3b:27:ae:05
IEEE 802.1X: version=1 type=0 length=6
ignoring 36 extra octets after IEEE 802.1X packet
EAP: code=2 identifier=44 length=6
(response)
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: received EAP packet (code=2 id=44 len=6) from STA: EAP Response-TLS (13)
IEEE 802.1X: 00:1f:3b:27:ae:05 BE_AUTH entering state RESPONSE
EAP: EAP entering state RECEIVED2
EAP: parseEapResp: rxResp=1 respId=44 respMethod=13 respVendor=0 respVendorMethod=0
EAP: EAP entering state AAA_REQUEST
EAP: EAP entering state AAA_IDLE
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
ath0: RADIUS Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=10 length=164
Attribute 1 (User-Name) length=5
Value: 'lll'
Attribute 5 (NAS-Port) length=6
Value: 0
Attribute 30 (Called-Station-Id) length=25
Value: '00-0D-02-30-00-01:pmksa'
Attribute 31 (Calling-Station-Id) length=19
Value: '00-1F-3B-27-AE-05'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=33
Value: 'IEEE 802.11i Pre-Authentication'
Attribute 79 (EAP-Message) length=8
Value: 02 2c 00 06 0d 00
Attribute 24 (State) length=18
Value: c2 47 f5 15 2b 84 99 bc 25 a5 8b ac 6c c0 8a e6
Attribute 80 (Message-Authenticator) length=18
Value: 39 54 fa 5a 4d b3 b7 7c 2a b2 f3 a6 fa f1 6c 27
ath0: RADIUS Next RADIUS client retransmit in 3 seconds
ath0: RADIUS Received 472 bytes from RADIUS server
ath0: RADIUS Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=10 length=472
Attribute 79 (EAP-Message) length=255
Value: 01 2d 01 9c 0d 80 00 00 05 92 30 1d 06 03 55 1d 0e 04 16 04 14 c8 1e 58 ad f5 28 ed 5c 12 c2 fb 8a e7 11 53 cc 20 0c 10 28 30 71 06 03 55 1d 23 04 6a 30 68 80 14 c8 1e 58 ad f5 28 ed 5c 12 c2 fb 8a e7 11 53 cc 20 0c 10 28 a1 4d a4 4b 30 49 31 0b 30 09 06 03 55 04 06 13 02 43 4e 31 11 30 0f 06 03 55 04 08 13 08 53 68 61 6e 67 68 61 69 31 1a 30 18 06 03 55 04 0a 13 11 44 65 6c 74 61 20 4e 65 74 77 6f 72 6b 20 49 6e 63 31 0b 30 09 06 03 55 04 03 13 02 6c 6c 82 01 00 30 0c 06 03 55 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 81 81 00 48 f8 f5 c5 e0 6c eb 50 b0 b6 95 e2 88 70 27 b3 e9 cd a9 09 c3 26 f5 6a 80 00 a3 8a 73 24 12 ae 6b 9c 34 01 a7 1e 66 2d aa b5 12 73 a8 d6 17 53 bc f3 fb f5 90 b5 59 cc 62 dc fe 53 18 08 b7 bb
Attribute 79 (EAP-Message) length=161
Value: c2 c4 4a 2a 83 63 ea 24 ec f8 54 b1 64 b5 2f ba 6d 75 40 6e 2a 6a 46 2c 27 87 6d 18 86 c0 b5 2c be ea 98 eb aa 94 1a 3e c5 cd 14 88 fc 01 70 d3 94 55 48 fa eb e8 73 d0 2c f4 b2 38 d7 6d f8 b2 16 03 01 00 5a 0d 00 00 52 02 01 02 00 4d 00 4b 30 49 31 0b 30 09 06 03 55 04 06 13 02 43 4e 31 11 30 0f 06 03 55 04 08 13 08 53 68 61 6e 67 68 61 69 31 1a 30 18 06 03 55 04 0a 13 11 44 65 6c 74 61 20 4e 65 74 77 6f 72 6b 20 49 6e 63 31 0b 30 09 06 03 55 04 03 13 02 6c 6c 0e 00 00 00
Attribute 80 (Message-Authenticator) length=18
Value: c0 a0 58 3e de 3d c8 76 10 fa 80 b1 d9 ca d6 6c
Attribute 24 (State) length=18
Value: 12 7c 5d 62 0d 60 0f b6 cb 97 90 3c cd cc 12 92
ath0: STA 00:1f:3b:27:ae:05 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station 00:1f:3b:27:ae:05
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: decapsulated EAP packet (code=1 id=45 len=412) from RADIUS server: EAP-Request-TLS (13)
EAP: EAP entering state AAA_RESPONSE
EAP: getId: id=45
EAP: EAP entering state SEND_REQUEST2
EAP: EAP entering state IDLE2
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
IEEE 802.1X: 00:1f:3b:27:ae:05 BE_AUTH entering state REQUEST
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: Sending EAP Packet (identifier 45)
RSN: receive pre-auth packet from interface 'br0'
IEEE 802.1X: 1412 bytes from 00:1f:3b:27:ae:05
IEEE 802.1X: version=1 type=0 length=1408
EAP: code=2 identifier=45 length=1408
(response)
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: received EAP packet (code=2 id=45 len=1408) from STA: EAP Response-TLS (13)
IEEE 802.1X: 00:1f:3b:27:ae:05 BE_AUTH entering state RESPONSE
EAP: EAP entering state RECEIVED2
EAP: parseEapResp: rxResp=1 respId=45 respMethod=13 respVendor=0 respVendorMethod=0
EAP: EAP entering state AAA_REQUEST
EAP: EAP entering state AAA_IDLE
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
ath0: RADIUS Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=11 length=1576
Attribute 1 (User-Name) length=5
Value: 'lll'
Attribute 5 (NAS-Port) length=6
Value: 0
Attribute 30 (Called-Station-Id) length=25
Value: '00-0D-02-30-00-01:pmksa'
Attribute 31 (Calling-Station-Id) length=19
Value: '00-1F-3B-27-AE-05'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=33
Value: 'IEEE 802.11i Pre-Authentication'
Attribute 79 (EAP-Message) length=255
Value: 02 2d 05 80 0d c0 00 00 06 37 16 03 01 04 e1 0b 00 04 dd 00 04 da 00 02 24 30 82 02 20 30 82 01 89 a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 49 31 0b 30 09 06 03 55 04 06 13 02 43 4e 31 11 30 0f 06 03 55 04 08 13 08 53 68 61 6e 67 68 61 69 31 1a 30 18 06 03 55 04 0a 13 11 44 65 6c 74 61 20 4e 65 74 77 6f 72 6b 20 49 6e 63 31 0b 30 09 06 03 55 04 03 13 02 6c 6c 30 1e 17 0d 30 36 30 37 33 31 30 35 32 38 33 33 5a 17 0d 31 36 30 37 32 38 30 35 32 38 33 33 5a 30 4a 31 0b 30 09 06 03 55 04 06 13 02 43 4e 31 11 30 0f 06 03 55 04 08 13 08 53 68 61 6e 67 68 61 69 31 1a 30 18 06 03 55 04 0a 13 11 44 65 6c 74 61 20 4e 65 74 77 6f 72 6b 20 49 6e 63 31 0c 30 0a 06 03 55 04 03 13 03 6c 6c 6c 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01
Attribute 79 (EAP-Message) length=255
Value: 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 de 50 03 83 98 41 45 0e 8f 57 77 dd 88 40 be 54 fd fd da 65 b8 62 02 71 f4 37 9b d5 9a 4d 90 08 43 14 78 f1 17 a7 14 39 af bc 00 9c 4f 22 e1 8e d9 db 17 ad ab 40 f1 e0 8d db 3c 44 fa 35 a3 d8 0b f2 9f c4 61 0c ad d0 18 29 e3 ae 51 c1 ad 56 a1 36 01 68 49 19 6c 18 07 57 68 2d 39 00 20 46 68 c2 6b 51 b2 de 53 b2 e9 c4 44 b3 ac 80 f9 59 fc fd 4f 3c ad 07 9f c0 6f c4 f3 6f ca 9a fb a3 02 03 01 00 01 a3 17 30 15 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 02 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 81 81 00 3b 4f 81 ba 81 63 8a 4e bf 27 f5 53 67 97 68 5a 30 2d 04 78 1b 8c 07 28 c5 8e 8b 00 f8 12 b6 1b a6 6b c3 6f 5b 17 63 0f 6f 80 61 75 8f 46 d1 6f 47 e4 9a ca 4f 92 ef 1e 23 77 10 de e9
Attribute 79 (EAP-Message) length=255
Value: 06 82 f9 04 e0 22 f1 42 66 d7 8b 44 87 e1 30 df e2 a2 9e 3e 71 92 bb 3e 20 a9 4d 00 fd ad ab e0 1f 08 e8 95 d3 f3 fc 0e cf 25 d5 3b db 29 4a db 01 57 4a c7 cf c2 95 cd 91 fc 67 77 f0 e8 8a 50 70 93 8d 00 02 b0 30 82 02 ac 30 82 02 15 a0 03 02 01 02 02 01 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 49 31 0b 30 09 06 03 55 04 06 13 02 43 4e 31 11 30 0f 06 03 55 04 08 13 08 53 68 61 6e 67 68 61 69 31 1a 30 18 06 03 55 04 0a 13 11 44 65 6c 74 61 20 4e 65 74 77 6f 72 6b 20 49 6e 63 31 0b 30 09 06 03 55 04 03 13 02 6c 6c 30 1e 17 0d 30 36 30 37 33 31 30 35 32 38 31 34 5a 17 0d 31 31 30 38 30 31 30 35 32 38 31 34 5a 30 49 31 0b 30 09 06 03 55 04 06 13 02 43 4e 31 11 30 0f 06 03 55 04 08 13 08 53 68 61 6e 67 68 61 69 31 1a 30 18 06 03 55 04 0a 13 11
Attribute 79 (EAP-Message) length=255
Value: 44 65 6c 74 61 20 4e 65 74 77 6f 72 6b 20 49 6e 63 31 0b 30 09 06 03 55 04 03 13 02 6c 6c 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 a4 7e 6f 9a 73 8c dc 07 51 54 2a bc 0e 64 06 21 92 5e bd 36 0f 70 74 6b 08 c8 49 d9 39 af 06 76 e8 37 7f a2 ca e0 3e 33 33 fe 3b 6e 73 59 59 c8 b9 78 0f 65 87 a2 6b 18 d5 33 99 4e c6 b6 6b c1 ed c5 6f 31 6d 0a b3 b0 d4 23 8b ae 43 d6 de cb 4c 4d 20 77 92 d1 93 7a aa 5f 12 67 b1 14 0a 70 1e 15 70 b8 3d 82 7e cf 4a 34 5a 0b dd 6c f5 6a af b3 73 4c 7a c8 57 4e a4 c4 c6 e9 98 32 bc 3d 02 03 01 00 01 a3 81 a3 30 81 a0 30 1d 06 03 55 1d 0e 04 16 04 14 c8 1e 58 ad f5 28 ed 5c 12 c2 fb 8a e7 11 53 cc 20 0c 10 28 30 71 06 03 55 1d 23 04 6a 30 68 80 14 c8 1e 58 ad f5 28 ed 5c 12 c2 fb
Attribute 79 (EAP-Message) length=255
Value: 8a e7 11 53 cc 20 0c 10 28 a1 4d a4 4b 30 49 31 0b 30 09 06 03 55 04 06 13 02 43 4e 31 11 30 0f 06 03 55 04 08 13 08 53 68 61 6e 67 68 61 69 31 1a 30 18 06 03 55 04 0a 13 11 44 65 6c 74 61 20 4e 65 74 77 6f 72 6b 20 49 6e 63 31 0b 30 09 06 03 55 04 03 13 02 6c 6c 82 01 00 30 0c 06 03 55 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 81 81 00 48 f8 f5 c5 e0 6c eb 50 b0 b6 95 e2 88 70 27 b3 e9 cd a9 09 c3 26 f5 6a 80 00 a3 8a 73 24 12 ae 6b 9c 34 01 a7 1e 66 2d aa b5 12 73 a8 d6 17 53 bc f3 fb f5 90 b5 59 cc 62 dc fe 53 18 08 b7 bb c2 c4 4a 2a 83 63 ea 24 ec f8 54 b1 64 b5 2f ba 6d 75 40 6e 2a 6a 46 2c 27 87 6d 18 86 c0 b5 2c be ea 98 eb aa 94 1a 3e c5 cd 14 88 fc 01 70 d3 94 55 48 fa eb e8 73 d0 2c f4 b2 38 d7 6d f8 b2 16
Attribute 79 (EAP-Message) length=145
Value: 03 01 00 86 10 00 00 82 00 80 26 e8 e8 dd e0 76 a6 c3 da 15 91 96 1d 8a 3c 41 4f 32 e5 b5 a2 83 93 1f 1a 15 51 3e 74 92 e6 cb 86 89 44 29 e6 0d 48 6a ed 43 e1 0c 8a 26 ca 91 50 96 06 8f 91 c8 52 53 08 4e 12 40 b0 6b 85 11 3c 75 a6 e9 de e1 49 d3 98 eb 13 ab e6 dd 42 d7 f1 18 03 02 ba 39 52 d1 67 90 16 62 c9 f7 b2 f0 d4 0f 7e b5 f3 be b4 39 6f c4 18 30 2a f3 43 b1 66 fe 14 2b 9e ae ba 64 23 95 cb c7 b7 27 04 48 16 03 01 00 86
Attribute 24 (State) length=18
Value: 12 7c 5d 62 0d 60 0f b6 cb 97 90 3c cd cc 12 92
Attribute 80 (Message-Authenticator) length=18
Value: 0d cc df 02 4f 9a 18 18 12 b6 49 c4 18 1c 08 61
ath0: RADIUS Next RADIUS client retransmit in 3 seconds
ath0: RADIUS Received 64 bytes from RADIUS server
ath0: RADIUS Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=11 length=64
Attribute 79 (EAP-Message) length=8
Value: 01 2e 00 06 0d 00
Attribute 80 (Message-Authenticator) length=18
Value: 25 5f 33 7d 4f c1 62 29 b5 6b 0a bd 9d c2 67 e4
Attribute 24 (State) length=18
Value: 51 36 71 6b dc df ca 3c 00 11 8d 7c d2 ba 88 04
ath0: STA 00:1f:3b:27:ae:05 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station 00:1f:3b:27:ae:05
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: decapsulated EAP packet (code=1 id=46 len=6) from RADIUS server: EAP-Request-TLS (13)
EAP: EAP entering state AAA_RESPONSE
EAP: getId: id=46
EAP: EAP entering state SEND_REQUEST2
EAP: EAP entering state IDLE2
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
IEEE 802.1X: 00:1f:3b:27:ae:05 BE_AUTH entering state REQUEST
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: Sending EAP Packet (identifier 46)
RSN: receive pre-auth packet from interface 'br0'
IEEE 802.1X: 203 bytes from 00:1f:3b:27:ae:05
IEEE 802.1X: version=1 type=0 length=199
EAP: code=2 identifier=46 length=199
(response)
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: received EAP packet (code=2 id=46 len=199) from STA: EAP Response-TLS (13)
IEEE 802.1X: 00:1f:3b:27:ae:05 BE_AUTH entering state RESPONSE
EAP: EAP entering state RECEIVED2
EAP: parseEapResp: rxResp=1 respId=46 respMethod=13 respVendor=0 respVendorMethod=0
EAP: EAP entering state AAA_REQUEST
EAP: EAP entering state AAA_IDLE
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
ath0: RADIUS Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=12 length=357
Attribute 1 (User-Name) length=5
Value: 'lll'
Attribute 5 (NAS-Port) length=6
Value: 0
Attribute 30 (Called-Station-Id) length=25
Value: '00-0D-02-30-00-01:pmksa'
Attribute 31 (Calling-Station-Id) length=19
Value: '00-1F-3B-27-AE-05'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=33
Value: 'IEEE 802.11i Pre-Authentication'
Attribute 79 (EAP-Message) length=201
Value: 02 2e 00 c7 0d 00 0f 00 00 82 00 80 32 af e3 18 77 a7 a6 3b 65 7e 53 5c 1f e2 09 f4 3e 39 65 46 b3 9d ee 56 26 94 e7 71 19 07 cb 57 e5 ed 1f 1d 01 8f 2c 64 7e ca c7 a3 3a 3a cf 16 94 2f e0 08 3c 1f 61 26 fd 58 c4 f5 12 1f 01 37 0b 40 0f 7c 08 a7 46 75 d0 1a 89 3f 9c 39 d5 61 fd 66 76 18 87 be 74 e7 7e ce 5d c4 9f 81 18 e9 7a c0 ef 3f be 97 05 24 e0 d5 61 07 12 15 9f 22 04 22 66 8b a6 68 3d 4f 33 88 a5 fa 05 ab 23 7f 14 03 01 00 01 01 16 03 01 00 30 a8 f2 e4 99 bd 4f a6 00 f3 3a 95 0e 1f 96 1f 24 ce 25 9d 44 6a f1 75 ad 0d 67 24 cc 29 00 44 9a e3 33 7c de b7 7b 56 f4 44 b0 ba 18 6a e0 02 51
Attribute 24 (State) length=18
Value: 51 36 71 6b dc df ca 3c 00 11 8d 7c d2 ba 88 04
Attribute 80 (Message-Authenticator) length=18
Value: 2c 76 d9 14 b6 2d cc fa 97 f8 3b 63 5e a3 5c ed
ath0: RADIUS Next RADIUS client retransmit in 3 seconds
ath0: RADIUS Received 127 bytes from RADIUS server
ath0: RADIUS Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=12 length=127
Attribute 79 (EAP-Message) length=71
Value: 01 2f 00 45 0d 80 00 00 00 3b 14 03 01 00 01 01 16 03 01 00 30 d3 a3 d2 33 3f 26 d6 c6 19 e7 48 79 97 49 f9 23 91 6c a3 da cf 39 4a 5d 97 5f 5e 55 42 2b b1 d8 f2 c0 d7 77 b9 8e ce 8b f3 65 d9 e1 43 b4 16 f6
Attribute 80 (Message-Authenticator) length=18
Value: 99 51 fd 8f 0e 37 70 b1 38 96 12 84 9f 53 7c c4
Attribute 24 (State) length=18
Value: a2 39 2d 85 35 72 71 32 28 ad 18 7c 6b 2c 37 a7
ath0: STA 00:1f:3b:27:ae:05 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station 00:1f:3b:27:ae:05
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: decapsulated EAP packet (code=1 id=47 len=69) from RADIUS server: EAP-Request-TLS (13)
EAP: EAP entering state AAA_RESPONSE
EAP: getId: id=47
EAP: EAP entering state SEND_REQUEST2
EAP: EAP entering state IDLE2
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
IEEE 802.1X: 00:1f:3b:27:ae:05 BE_AUTH entering state REQUEST
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: Sending EAP Packet (identifier 47)
RSN: receive pre-auth packet from interface 'br0'
IEEE 802.1X: 46 bytes from 00:1f:3b:27:ae:05
IEEE 802.1X: version=1 type=0 length=6
ignoring 36 extra octets after IEEE 802.1X packet
EAP: code=2 identifier=47 length=6
(response)
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: received EAP packet (code=2 id=47 len=6) from STA: EAP Response-TLS (13)
IEEE 802.1X: 00:1f:3b:27:ae:05 BE_AUTH entering state RESPONSE
EAP: EAP entering state RECEIVED2
EAP: parseEapResp: rxResp=1 respId=47 respMethod=13 respVendor=0 respVendorMethod=0
EAP: EAP entering state AAA_REQUEST
EAP: EAP entering state AAA_IDLE
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
ath0: RADIUS Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=13 length=164
Attribute 1 (User-Name) length=5
Value: 'lll'
Attribute 5 (NAS-Port) length=6
Value: 0
Attribute 30 (Called-Station-Id) length=25
Value: '00-0D-02-30-00-01:pmksa'
Attribute 31 (Calling-Station-Id) length=19
Value: '00-1F-3B-27-AE-05'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=33
Value: 'IEEE 802.11i Pre-Authentication'
Attribute 79 (EAP-Message) length=8
Value: 02 2f 00 06 0d 00
Attribute 24 (State) length=18
Value: a2 39 2d 85 35 72 71 32 28 ad 18 7c 6b 2c 37 a7
Attribute 80 (Message-Authenticator) length=18
Value: 68 bf 18 a4 08 b9 92 26 19 a5 d5 01 d5 7e b0 bb
ath0: RADIUS Next RADIUS client retransmit in 3 seconds
ath0: RADIUS Received 165 bytes from RADIUS server
ath0: RADIUS Received RADIUS message
RADIUS message: code=2 (Access-Accept) identifier=13 length=165
Attribute 26 (Vendor-Specific) length=58
Value: 00 00 01 37 11 34 c6 e1 d1 7a b1 fc b5 5c 2c 1a 8f 7b fb a9 b1 5a a7 8d 20 7d 13 1b a8 35 3b 5e 9f 8b be 86 fd 77 2d 0b 35 10 05 67 66 4b 24 36 fb 9e a8 2e fb dd 24 6f
Attribute 26 (Vendor-Specific) length=58
Value: 00 00 01 37 10 34 cf 8e e9 23 5b 1c d4 a3 ef 9a a0 77 63 6e d8 b2 98 e5 3d 23 fb ac 2e bd 6d 2d 16 1a 01 28 85 f0 85 41 1c 81 1b c2 b7 fe fa 2e 1c f9 ed be 2d f5 4a 0b
Attribute 79 (EAP-Message) length=6
Value: 03 2f 00 04
Attribute 80 (Message-Authenticator) length=18
Value: 28 f4 7d 6a 4f 17 5d 16 87 49 25 05 8c 8f af 7e
Attribute 1 (User-Name) length=5
Value: 'lll'
ath0: STA 00:1f:3b:27:ae:05 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station 00:1f:3b:27:ae:05
MS-MPPE-Send-Key - hexdump(len=32): [REMOVED]
MS-MPPE-Recv-Key - hexdump(len=32): [REMOVED]
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: old identity 'lll' updated with User-Name from Access-Accept 'lll'
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: decapsulated EAP packet (code=3 id=47 len=4) from RADIUS server: EAP Success
EAP: EAP entering state SUCCESS2
IEEE 802.1X: 00:1f:3b:27:ae:05 BE_AUTH entering state SUCCESS
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: Sending EAP Packet (identifier 47)
IEEE 802.1X: 00:1f:3b:27:ae:05 AUTH_PAE entering state AUTHENTICATED
ath0: STA 00:1f:3b:27:ae:05 IEEE 802.1X: authenticated - EAP type: 13 (TLS) (pre-authentication)
ath0: STA 00:1f:3b:27:ae:05 WPA: pre-authentication succeeded
RSN: added PMKSA cache entry for 00:1f:3b:27:ae:05
RSN: added PMKID - hexdump(len=16): de 2a 62 e9 a1 c5 95 6c ef 80 68 ce 0b 36 ff 64
ath0: STA 00:1f:3b:27:ae:05 WPA: added PMKSA cache entry (pre-auth)
IEEE 802.1X: 00:1f:3b:27:ae:05 BE_AUTH entering state IDLE
RSN: Removing pre-authentication STA entry for 00:1f:3b:27:ae:05
EAP: Server state machine removed