proxy-to-realm versus using a suffix
Chris Fruehwirth
cfruehwi at nd.edu
Tue Jul 8 19:12:03 CEST 2008
Below is the debug output from FreeRADIUS. The first attempt is using
the suffix ctester at sw, which works. The second attempt is using the
users file and no realm, which fails.
I'm just trying to figure out the differences between the two
configurations and how to make the users file entry work like the suffix
behavior.
In the users file:
DEFAULT Proxy-To-Ream := "SW"
Debug info:
FreeRADIUS Version 2.0.4, for host i686-pc-linux-gnu, built on Jun 4
2008 at 16:45:18
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file /opt/etc/raddb/radiusd.conf
including configuration file /opt/etc/raddb/proxy.conf
including configuration file /opt/etc/raddb/clients.conf
including configuration file /opt/etc/raddb/snmp.conf
including configuration file /opt/etc/raddb/eap.conf
including configuration file /opt/etc/raddb/sql.conf
including configuration file /opt/etc/raddb/sql/mysql/dialup.conf
including configuration file /opt/etc/raddb/sql/mysql/counter.conf
including configuration file /opt/etc/raddb/policy.conf
including files in directory /opt/etc/raddb/sites-enabled/
including configuration file /opt/etc/raddb/sites-enabled/inner-tunnel
including configuration file /opt/etc/raddb/sites-enabled/default
including dictionary file /opt/etc/raddb/dictionary
main {
prefix = "/opt"
localstatedir = "/opt/var"
logdir = "/opt/var/log/radius"
libdir = "/opt/lib"
radacctdir = "/opt/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/opt/var/run/radiusd/radiusd.pid"
checkrad = "/opt/sbin/checkrad"
debug_level = 0
proxy_requests = yes
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "xxx"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
realm SW {
authhost = nat15.cc.nd.edu:1812
secret = xxxx
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = yes
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
}
Module: Linked to module rlm_unix
Module: Instantiating unix
unix {
radwtmp = "/opt/var/log/radius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/opt/etc/raddb/certs/server.pem"
certificate_file = "/opt/etc/raddb/certs/server.pem"
CA_file = "/opt/etc/raddb/certs/ca.pem"
private_key_password = "whatever"
dh_file = "/opt/etc/raddb/certs/dh"
random_file = "/opt/etc/raddb/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "/opt/etc/raddb/certs/bootstrap"
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = no
proxy_tunneled_request_as_eap = no
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating files
files {
usersfile = "/opt/etc/raddb/users"
acctusersfile = "/opt/etc/raddb/acct_users"
preproxy_usersfile = "/opt/etc/raddb/preproxy_users"
compat = "no"
}
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating radutmp
radutmp {
filename = "/opt/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating attr_filter.access_reject
attr_filter attr_filter.access_reject {
attrsfile = "/opt/etc/raddb/attrs.access_reject"
key = "%{User-Name}"
}
}
}
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = "/opt/etc/raddb/huntgroups"
hints = "/opt/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating detail
detail {
detailfile =
"/opt/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating attr_filter.accounting_response
attr_filter attr_filter.accounting_response {
attrsfile = "/opt/etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
}
}
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
User-Name = "ctester at sw"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200000f0163746573746572407377
Message-Authenticator = 0x215a48692551ddd10fe4187fe481bb70
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: Looking up realm "sw" for User-Name = "ctester at sw"
rlm_realm: Found realm "SW"
rlm_realm: Adding Stripped-User-Name = "ctester"
rlm_realm: Adding Realm = "SW"
rlm_realm: Proxying request from user ctester to realm SW
rlm_realm: Preparing to proxy authentication request to realm "SW"
++[suffix] returns updated
rlm_eap: Request is supposed to be proxied to Realm SW. Not doing EAP.
++[eap] returns noop
++[unix] returns notfound
users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200000f0163746573746572407377
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x30
Proxying request 0 to home server 129.74.4.115 port 1812
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200000f0163746573746572407377
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x30
Going to the next request
Waking up in 0.9 seconds.
Proxy-State = 0x30
Session-Timeout = 30
EAP-Message = 0x010100061920
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0xf1c33704c2f03d3963f8b01f45ece336
+- entering group post-proxy
rlm_eap: No pre-existing handler found
++[eap] returns noop
Session-Timeout = 30
EAP-Message = 0x010100061920
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
User-Name = "ctester at sw"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0201003e190016030100330100002f030148738caa0df6feedf6e4f181385446de3a61ad9fc007a7cb91e5f91e56fc59af000008002f000a000500040100
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x16a6307a7eb4185ec31ebe7f65ff5e38
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: Looking up realm "sw" for User-Name = "ctester at sw"
rlm_realm: Found realm "SW"
rlm_realm: Adding Stripped-User-Name = "ctester"
rlm_realm: Adding Realm = "SW"
rlm_realm: Proxying request from user ctester to realm SW
rlm_realm: Preparing to proxy authentication request to realm "SW"
++[suffix] returns updated
rlm_eap: Request is supposed to be proxied to Realm SW. Not doing EAP.
++[eap] returns noop
++[unix] returns notfound
users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0201003e190016030100330100002f030148738caa0df6feedf6e4f181385446de3a61ad9fc007a7cb91e5f91e56fc59af000008002f000a000500040100
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x31
Proxying request 1 to home server 129.74.4.115 port 1812
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0201003e190016030100330100002f030148738caa0df6feedf6e4f181385446de3a61ad9fc007a7cb91e5f91e56fc59af000008002f000a000500040100
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x31
Going to the next request
Waking up in 0.9 seconds.
Proxy-State = 0x31
Session-Timeout = 30
EAP-Message =
0x0102057419c000000f891603010f8402000046030148738caa2adbef5ac0d41b9f00ade324e4b703d85a8b914a2e8e5b6e54b5ac082083060000748a477375b3c6d3a05d943b9f90ad7f8d9df7a08a781e809689d83b0004000b00032100031e00031b3082031730820280a003020102020309207e300d06092a864886f70d0101050500304e310b30090603550406130255533110300e060355040a130745717569666178312d302b060355040b1324457175696661782053656375726520436572746966696361746520417574686f72697479301e170d3038303530313133323535305a170d3039303530323133323535305a3081a1310b30090603
EAP-Message =
0x550406130255533110300e06035504081307496e6469616e61311330110603550407130a6e6f7472652064616d6531283026060355040a131f556e6976657273697479206f66204e6f7472652044616d65206475204c61633121301f060355040b1318556e6976657273697479206f66204e6f7472652044616d65311e301c060355040313157261646975732d6465766c2e64632e6e642e65647530819f300d06092a864886f70d010101050003818d0030818902818100bb32514e5ec33fc20f97ad58789c9230719df55fb0f566bb213edcf2c4740c50d7f97def7dd63b999b6e0aa721ce270f42ced98296972f920b6a5815d7a36526b944abef1f
EAP-Message =
0x82566c8c2e32c0ecc2b6d5efb878797e1867b8abfa3d78c5c776f57bbf56d4fe1c5527456a4073b4b31dfce8ec86747025a087d4260948f0e9dd5f0203010001a381ae3081ab300e0603551d0f0101ff0404030204f0301d0603551d0e041604143df3d9e473605afd107f820d1c573d9512d10fe0303a0603551d1f04333031302fa02da02b8629687474703a2f2f63726c2e67656f74727573742e636f6d2f63726c732f73656375726563612e63726c301f0603551d2304183016801448e668f92bd2b295d747d82320104f3398909fd4301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d0101
EAP-Message =
0x0505000381810006f68b9834039f02993ada4a16228c54d510d8abf5cb2929c4004c9f77bd630f7f52ea3b40a6ec02f6a39dfd954f4947f25d330094ef3b0d724e2f9fef8d39515791c9721505711ac518839b2f6e221a1f736a8f26c18a5560a686cc15984aa64c0dbd894c85de626f14a90249e9937d49d0324fd3e3b54105e7871e9f129fb40d000c0d0201020c0800c43081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732031205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038
EAP-Message =
0x060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b00c43081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732034205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c
EAP-Message =
0x79311f301d060355040b1316566572695369676e205472757374204e6574776f726b00d43081d1310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311a3018060355040a131154686177746520436f6e73756c74696e673128302606035504
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x2a4d0df20cbd1120f22afcfc5af64802
+- entering group post-proxy
rlm_eap: No pre-existing handler found
++[eap] returns noop
Session-Timeout = 30
EAP-Message =
0x0102057419c000000f891603010f8402000046030148738caa2adbef5ac0d41b9f00ade324e4b703d85a8b914a2e8e5b6e54b5ac082083060000748a477375b3c6d3a05d943b9f90ad7f8d9df7a08a781e809689d83b0004000b00032100031e00031b3082031730820280a003020102020309207e300d06092a864886f70d0101050500304e310b30090603550406130255533110300e060355040a130745717569666178312d302b060355040b1324457175696661782053656375726520436572746966696361746520417574686f72697479301e170d3038303530313133323535305a170d3039303530323133323535305a3081a1310b30090603
EAP-Message =
0x550406130255533110300e06035504081307496e6469616e61311330110603550407130a6e6f7472652064616d6531283026060355040a131f556e6976657273697479206f66204e6f7472652044616d65206475204c61633121301f060355040b1318556e6976657273697479206f66204e6f7472652044616d65311e301c060355040313157261646975732d6465766c2e64632e6e642e65647530819f300d06092a864886f70d010101050003818d0030818902818100bb32514e5ec33fc20f97ad58789c9230719df55fb0f566bb213edcf2c4740c50d7f97def7dd63b999b6e0aa721ce270f42ced98296972f920b6a5815d7a36526b944abef1f
EAP-Message =
0x82566c8c2e32c0ecc2b6d5efb878797e1867b8abfa3d78c5c776f57bbf56d4fe1c5527456a4073b4b31dfce8ec86747025a087d4260948f0e9dd5f0203010001a381ae3081ab300e0603551d0f0101ff0404030204f0301d0603551d0e041604143df3d9e473605afd107f820d1c573d9512d10fe0303a0603551d1f04333031302fa02da02b8629687474703a2f2f63726c2e67656f74727573742e636f6d2f63726c732f73656375726563612e63726c301f0603551d2304183016801448e668f92bd2b295d747d82320104f3398909fd4301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d0101
EAP-Message =
0x0505000381810006f68b9834039f02993ada4a16228c54d510d8abf5cb2929c4004c9f77bd630f7f52ea3b40a6ec02f6a39dfd954f4947f25d330094ef3b0d724e2f9fef8d39515791c9721505711ac518839b2f6e221a1f736a8f26c18a5560a686cc15984aa64c0dbd894c85de626f14a90249e9937d49d0324fd3e3b54105e7871e9f129fb40d000c0d0201020c0800c43081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732031205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038
EAP-Message =
0x060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b00c43081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732034205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c
EAP-Message =
0x79311f301d060355040b1316566572695369676e205472757374204e6574776f726b00d43081d1310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311a3018060355040a131154686177746520436f6e73756c74696e673128302606035504
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
User-Name = "ctester at sw"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020200061900
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x6fc535d48adbca7ea8fe450536705c18
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: Looking up realm "sw" for User-Name = "ctester at sw"
rlm_realm: Found realm "SW"
rlm_realm: Adding Stripped-User-Name = "ctester"
rlm_realm: Adding Realm = "SW"
rlm_realm: Proxying request from user ctester to realm SW
rlm_realm: Preparing to proxy authentication request to realm "SW"
++[suffix] returns updated
rlm_eap: Request is supposed to be proxied to Realm SW. Not doing EAP.
++[eap] returns noop
++[unix] returns notfound
users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020200061900
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x32
Proxying request 2 to home server 129.74.4.115 port 1812
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020200061900
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x32
Going to the next request
Waking up in 0.9 seconds.
Proxy-State = 0x32
Session-Timeout = 30
EAP-Message =
0x0103057419400b131f43657274696669636174696f6e205365727669636573204469766973696f6e312430220603550403131b54686177746520506572736f6e616c20467265656d61696c204341312b302906092a864886f70d010901161c706572736f6e616c2d667265656d61696c407468617774652e636f6d00d23081cf310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311a3018060355040a131154686177746520436f6e73756c74696e6731283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f
EAP-Message =
0x6e312330210603550403131a54686177746520506572736f6e616c205072656d69756d204341312a302806092a864886f70d010901161b706572736f6e616c2d7072656d69756d407468617774652e636f6d0086308183310b3009060355040613025553312d302b060355040a132446697273742044617461204469676974616c2043657274696669636174657320496e632e314530430603550403133c46697273742044617461204469676974616c2043657274696669636174657320496e632e2043657274696669636174696f6e20417574686f7269747900ce3081cb310b3009060355040613025a41311530130603550408130c576573746572
EAP-Message =
0x6e204361706531123010060355040713094361706520546f776e311a3018060355040a131154686177746520436f6e73756c74696e6731283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e3121301f0603550403131854686177746520506572736f6e616c2042617369632043413128302606092a864886f70d0109011619706572736f6e616c2d6261736963407468617774652e636f6d0061305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274
EAP-Message =
0x696669636174696f6e20417574686f726974790061305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732032205075626c6963205072696d6172792043657274696669636174696f6e20417574686f726974790061305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732031205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747900c43081c1310b300906035504061302555331173015060355040a130e56657269536967
EAP-Message =
0x6e2c20496e632e313c303a060355040b1333436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b009c308199310b30090603550406130248553111300f06035504071308427564617065737431273025060355040a131e4e65744c6f636b2048616c6f7a617462697a746f6e73616769204b66742e311a3018060355040b13115461
EAP-Message =
0x6e7573697476616e796b6961646f6b31323030060355040313294e65744c6f636b20557a6c6574692028436c6173732042292054616e7573697476616e796b6961646f00473045310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e311c301a0603550403131347544520437962657254
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0xeee4ceff1855c2bdc30c956a96e69fda
+- entering group post-proxy
rlm_eap: No pre-existing handler found
++[eap] returns noop
Session-Timeout = 30
EAP-Message =
0x0103057419400b131f43657274696669636174696f6e205365727669636573204469766973696f6e312430220603550403131b54686177746520506572736f6e616c20467265656d61696c204341312b302906092a864886f70d010901161c706572736f6e616c2d667265656d61696c407468617774652e636f6d00d23081cf310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311a3018060355040a131154686177746520436f6e73756c74696e6731283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f
EAP-Message =
0x6e312330210603550403131a54686177746520506572736f6e616c205072656d69756d204341312a302806092a864886f70d010901161b706572736f6e616c2d7072656d69756d407468617774652e636f6d0086308183310b3009060355040613025553312d302b060355040a132446697273742044617461204469676974616c2043657274696669636174657320496e632e314530430603550403133c46697273742044617461204469676974616c2043657274696669636174657320496e632e2043657274696669636174696f6e20417574686f7269747900ce3081cb310b3009060355040613025a41311530130603550408130c576573746572
EAP-Message =
0x6e204361706531123010060355040713094361706520546f776e311a3018060355040a131154686177746520436f6e73756c74696e6731283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e3121301f0603550403131854686177746520506572736f6e616c2042617369632043413128302606092a864886f70d0109011619706572736f6e616c2d6261736963407468617774652e636f6d0061305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274
EAP-Message =
0x696669636174696f6e20417574686f726974790061305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732032205075626c6963205072696d6172792043657274696669636174696f6e20417574686f726974790061305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732031205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747900c43081c1310b300906035504061302555331173015060355040a130e56657269536967
EAP-Message =
0x6e2c20496e632e313c303a060355040b1333436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b009c308199310b30090603550406130248553111300f06035504071308427564617065737431273025060355040a131e4e65744c6f636b2048616c6f7a617462697a746f6e73616769204b66742e311a3018060355040b13115461
EAP-Message =
0x6e7573697476616e796b6961646f6b31323030060355040313294e65744c6f636b20557a6c6574692028436c6173732042292054616e7573697476616e796b6961646f00473045310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e311c301a0603550403131347544520437962657254
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
User-Name = "ctester at sw"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020300061900
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x6bc3982cda4ec25ac8b2566cda481ccc
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: Looking up realm "sw" for User-Name = "ctester at sw"
rlm_realm: Found realm "SW"
rlm_realm: Adding Stripped-User-Name = "ctester"
rlm_realm: Adding Realm = "SW"
rlm_realm: Proxying request from user ctester to realm SW
rlm_realm: Preparing to proxy authentication request to realm "SW"
++[suffix] returns updated
rlm_eap: Request is supposed to be proxied to Realm SW. Not doing EAP.
++[eap] returns noop
++[unix] returns notfound
users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020300061900
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x33
Proxying request 3 to home server 129.74.4.115 port 1812
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020300061900
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x33
Going to the next request
Waking up in 0.9 seconds.
Proxy-State = 0x33
Session-Timeout = 30
EAP-Message =
0x010404b719007275737420526f6f7400773075310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e31273025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e312330210603550403131a475445204379626572547275737420476c6f62616c20526f6f7400c63081c3310b300906035504061302555331143012060355040a130b456e74727573742e6e6574313b3039060355040b13327777772e656e74727573742e6e65742f43505320696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c2863292031
EAP-Message =
0x39393920456e74727573742e6e6574204c696d69746564313a303806035504031331456e74727573742e6e657420536563757265205365727665722043657274696669636174696f6e20417574686f7269747900b23081af310b30090603550406130248553110300e0603550408130748756e676172793111300f06035504071308427564617065737431273025060355040a131e4e65744c6f636b2048616c6f7a617462697a746f6e73616769204b66742e311a3018060355040b131154616e7573697476616e796b6961646f6b313630340603550403132d4e65744c6f636b204b6f7a6a6567797a6f692028436c6173732041292054616e757369
EAP-Message =
0x7476616e796b6961646f00c43081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732032205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b0070306e310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e3127
EAP-Message =
0x3025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e311c301a06035504031313475445204379626572547275737420526f6f74009e30819b310b30090603550406130248553111300f06035504071308427564617065737431273025060355040a131e4e65744c6f636b2048616c6f7a617462697a746f6e73616769204b66742e311a3018060355040b131154616e7573697476616e796b6961646f6b313430320603550403132b4e65744c6f636b20457870726573737a2028436c6173732043292054616e7573697476616e796b6961646f00723070312b3029060355040b1322436f70797269676874
EAP-Message =
0x202863292031393937204d6963726f736f667420436f72702e311e301c060355040b13154d6963726f736f667420436f72706f726174696f6e3121301f060355040313184d6963726f736f667420526f6f7420417574686f726974790061305f31133011060a0992268993f22c6401191603636f6d31193017060a0992268993f22c64011916096d6963726f736f6674312d302b060355040313244d6963726f736f667420526f6f7420436572746966696361746520417574686f726974790e000000
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0xc462deed5008175792e6615860d28953
+- entering group post-proxy
rlm_eap: No pre-existing handler found
++[eap] returns noop
Session-Timeout = 30
EAP-Message =
0x010404b719007275737420526f6f7400773075310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e31273025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e312330210603550403131a475445204379626572547275737420476c6f62616c20526f6f7400c63081c3310b300906035504061302555331143012060355040a130b456e74727573742e6e6574313b3039060355040b13327777772e656e74727573742e6e65742f43505320696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c2863292031
EAP-Message =
0x39393920456e74727573742e6e6574204c696d69746564313a303806035504031331456e74727573742e6e657420536563757265205365727665722043657274696669636174696f6e20417574686f7269747900b23081af310b30090603550406130248553110300e0603550408130748756e676172793111300f06035504071308427564617065737431273025060355040a131e4e65744c6f636b2048616c6f7a617462697a746f6e73616769204b66742e311a3018060355040b131154616e7573697476616e796b6961646f6b313630340603550403132d4e65744c6f636b204b6f7a6a6567797a6f692028436c6173732041292054616e757369
EAP-Message =
0x7476616e796b6961646f00c43081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732032205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b0070306e310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e3127
EAP-Message =
0x3025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e311c301a06035504031313475445204379626572547275737420526f6f74009e30819b310b30090603550406130248553111300f06035504071308427564617065737431273025060355040a131e4e65744c6f636b2048616c6f7a617462697a746f6e73616769204b66742e311a3018060355040b131154616e7573697476616e796b6961646f6b313430320603550403132b4e65744c6f636b20457870726573737a2028436c6173732043292054616e7573697476616e796b6961646f00723070312b3029060355040b1322436f70797269676874
EAP-Message =
0x202863292031393937204d6963726f736f667420436f72702e311e301c060355040b13154d6963726f736f667420436f72706f726174696f6e3121301f060355040313184d6963726f736f667420526f6f7420417574686f726974790061305f31133011060a0992268993f22c6401191603636f6d31193017060a0992268993f22c64011916096d6963726f736f6674312d302b060355040313244d6963726f736f667420526f6f7420436572746966696361746520417574686f726974790e000000
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 3.
Going to the next request
Waking up in 4.8 seconds.
User-Name = "ctester at sw"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020400c8190016030100070b000003000000160301008610000082008068b1d70454f9e4ba8197aada1ed6f1698c578c542721bd0e10bd9b3171330fd654eec4808d5f6ae227df2ce5b11913dbda0ade4fb828597b56a1fa07b8fcfffa78b4dff88f423ebc7f6cdd9139d9e632944aef8a92a53a31fb40be5d7f62ebbaac110acb98ee399627226ae2b32ee40c70de0eb150beee58fa394a7feea2bca414030100010116030100206a483d9c499dc66e715d62a8b66c9a5628db3dc3683dd1da3b0afd47e445eeb8
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x28dad817967a4fa35a9e18bb91328350
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: Looking up realm "sw" for User-Name = "ctester at sw"
rlm_realm: Found realm "SW"
rlm_realm: Adding Stripped-User-Name = "ctester"
rlm_realm: Adding Realm = "SW"
rlm_realm: Proxying request from user ctester to realm SW
rlm_realm: Preparing to proxy authentication request to realm "SW"
++[suffix] returns updated
rlm_eap: Request is supposed to be proxied to Realm SW. Not doing EAP.
++[eap] returns noop
++[unix] returns notfound
users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020400c8190016030100070b000003000000160301008610000082008068b1d70454f9e4ba8197aada1ed6f1698c578c542721bd0e10bd9b3171330fd654eec4808d5f6ae227df2ce5b11913dbda0ade4fb828597b56a1fa07b8fcfffa78b4dff88f423ebc7f6cdd9139d9e632944aef8a92a53a31fb40be5d7f62ebbaac110acb98ee399627226ae2b32ee40c70de0eb150beee58fa394a7feea2bca414030100010116030100206a483d9c499dc66e715d62a8b66c9a5628db3dc3683dd1da3b0afd47e445eeb8
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x34
Proxying request 4 to home server 129.74.4.115 port 1812
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020400c8190016030100070b000003000000160301008610000082008068b1d70454f9e4ba8197aada1ed6f1698c578c542721bd0e10bd9b3171330fd654eec4808d5f6ae227df2ce5b11913dbda0ade4fb828597b56a1fa07b8fcfffa78b4dff88f423ebc7f6cdd9139d9e632944aef8a92a53a31fb40be5d7f62ebbaac110acb98ee399627226ae2b32ee40c70de0eb150beee58fa394a7feea2bca414030100010116030100206a483d9c499dc66e715d62a8b66c9a5628db3dc3683dd1da3b0afd47e445eeb8
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x34
Going to the next request
Waking up in 0.9 seconds.
Proxy-State = 0x34
Session-Timeout = 30
EAP-Message =
0x0105003519800000002b14030100010116030100207acba7ec4a687af66a465918700353977a75c6dfeef5209f94196921f61208f6
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x79b2088ca62dc8b91364e7129039d60b
+- entering group post-proxy
rlm_eap: No pre-existing handler found
++[eap] returns noop
Session-Timeout = 30
EAP-Message =
0x0105003519800000002b14030100010116030100207acba7ec4a687af66a465918700353977a75c6dfeef5209f94196921f61208f6
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 4.
Going to the next request
Waking up in 4.7 seconds.
User-Name = "ctester at sw"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020500061900
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0xc13df51a7ebb61ce5e4e57f8fc5968e8
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: Looking up realm "sw" for User-Name = "ctester at sw"
rlm_realm: Found realm "SW"
rlm_realm: Adding Stripped-User-Name = "ctester"
rlm_realm: Adding Realm = "SW"
rlm_realm: Proxying request from user ctester to realm SW
rlm_realm: Preparing to proxy authentication request to realm "SW"
++[suffix] returns updated
rlm_eap: Request is supposed to be proxied to Realm SW. Not doing EAP.
++[eap] returns noop
++[unix] returns notfound
users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020500061900
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x35
Proxying request 5 to home server 129.74.4.115 port 1812
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020500061900
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x35
Going to the next request
Waking up in 0.9 seconds.
Proxy-State = 0x35
Session-Timeout = 30
EAP-Message = 0x0106001c190017030100113ec16ae9f198c6c77dbf0ef18790f2f22e
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x5370867582ccf4dce9f3b7a3c61b0653
+- entering group post-proxy
rlm_eap: No pre-existing handler found
++[eap] returns noop
Session-Timeout = 30
EAP-Message = 0x0106001c190017030100113ec16ae9f198c6c77dbf0ef18790f2f22e
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 5.
Going to the next request
Waking up in 4.6 seconds.
User-Name = "ctester at sw"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020600261900170301001b2fc8ba66e7d6b203804402c2b5133a9c47b1e46de8941ee6410882
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0xd7915475fe6bc38a40fb4a681264a73f
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: Looking up realm "sw" for User-Name = "ctester at sw"
rlm_realm: Found realm "SW"
rlm_realm: Adding Stripped-User-Name = "ctester"
rlm_realm: Adding Realm = "SW"
rlm_realm: Proxying request from user ctester to realm SW
rlm_realm: Preparing to proxy authentication request to realm "SW"
++[suffix] returns updated
rlm_eap: Request is supposed to be proxied to Realm SW. Not doing EAP.
++[eap] returns noop
++[unix] returns notfound
users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020600261900170301001b2fc8ba66e7d6b203804402c2b5133a9c47b1e46de8941ee6410882
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x36
Proxying request 6 to home server 129.74.4.115 port 1812
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020600261900170301001b2fc8ba66e7d6b203804402c2b5133a9c47b1e46de8941ee6410882
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x36
Going to the next request
Waking up in 0.9 seconds.
Proxy-State = 0x36
Session-Timeout = 6
EAP-Message =
0x0107003f19001703010034fbfdcd888585f8a4e8d07f42fb6b8fac1e4e345473a42b2a0222544a87c1ad7b388087567413ba47e433e3c054c5799b98271095
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x0577dc43e045c437fe6ffc736f827b66
+- entering group post-proxy
rlm_eap: No pre-existing handler found
++[eap] returns noop
Session-Timeout = 6
EAP-Message =
0x0107003f19001703010034fbfdcd888585f8a4e8d07f42fb6b8fac1e4e345473a42b2a0222544a87c1ad7b388087567413ba47e433e3c054c5799b98271095
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 6.
Going to the next request
Waking up in 4.6 seconds.
User-Name = "ctester at sw"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0207005c190017030100515c63f8f6af8d8bfdbbec6c15056130f71a9f249b8ca05ed9fc5255576c1419e2698deaab99e8216399884dac19580863d124ce13c35d892a8b476e634fb96ff242e52f0189d8e93e2564b1c213ba70c3cf
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x5de8cdaa7279b2485df13444eed0c766
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: Looking up realm "sw" for User-Name = "ctester at sw"
rlm_realm: Found realm "SW"
rlm_realm: Adding Stripped-User-Name = "ctester"
rlm_realm: Adding Realm = "SW"
rlm_realm: Proxying request from user ctester to realm SW
rlm_realm: Preparing to proxy authentication request to realm "SW"
++[suffix] returns updated
rlm_eap: Request is supposed to be proxied to Realm SW. Not doing EAP.
++[eap] returns noop
++[unix] returns notfound
users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0207005c190017030100515c63f8f6af8d8bfdbbec6c15056130f71a9f249b8ca05ed9fc5255576c1419e2698deaab99e8216399884dac19580863d124ce13c35d892a8b476e634fb96ff242e52f0189d8e93e2564b1c213ba70c3cf
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x37
Proxying request 7 to home server 129.74.4.115 port 1812
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0207005c190017030100515c63f8f6af8d8bfdbbec6c15056130f71a9f249b8ca05ed9fc5255576c1419e2698deaab99e8216399884dac19580863d124ce13c35d892a8b476e634fb96ff242e52f0189d8e93e2564b1c213ba70c3cf
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x37
Going to the next request
Waking up in 0.9 seconds.
Proxy-State = 0x37
Session-Timeout = 6
EAP-Message =
0x0108004a1900170301003f69b194763c233aa66fc5d30e07d223b700d5627cb6a187f8bda8435fb0bb7744b45ee08113bb0e4559b82d0d6350cf6b6bd0e98337fcb61c9ec7fd0744754c
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x5de6dbe809164f22ba5fecc874be56ba
+- entering group post-proxy
rlm_eap: No pre-existing handler found
++[eap] returns noop
Session-Timeout = 6
EAP-Message =
0x0108004a1900170301003f69b194763c233aa66fc5d30e07d223b700d5627cb6a187f8bda8435fb0bb7744b45ee08113bb0e4559b82d0d6350cf6b6bd0e98337fcb61c9ec7fd0744754c
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 7.
Going to the next request
Waking up in 4.5 seconds.
User-Name = "ctester at sw"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0208001d19001703010012bb7bf4f7fe6995bc37b4424778dc6c17f9f6
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x69b72b8f583ac600e5462514742e126b
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: Looking up realm "sw" for User-Name = "ctester at sw"
rlm_realm: Found realm "SW"
rlm_realm: Adding Stripped-User-Name = "ctester"
rlm_realm: Adding Realm = "SW"
rlm_realm: Proxying request from user ctester to realm SW
rlm_realm: Preparing to proxy authentication request to realm "SW"
++[suffix] returns updated
rlm_eap: Request is supposed to be proxied to Realm SW. Not doing EAP.
++[eap] returns noop
++[unix] returns notfound
users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0208001d19001703010012bb7bf4f7fe6995bc37b4424778dc6c17f9f6
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x38
Proxying request 8 to home server 129.74.4.115 port 1812
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0208001d19001703010012bb7bf4f7fe6995bc37b4424778dc6c17f9f6
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x38
Going to the next request
Waking up in 0.9 seconds.
Proxy-State = 0x38
Session-Timeout = 30
EAP-Message =
0x010900261900170301001bb272c5e74bf73bac507705d33c44c800ee5076131dc7d4d279fcdc
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x4d6bc01c2d899819ddddfae8c11cda15
+- entering group post-proxy
rlm_eap: No pre-existing handler found
++[eap] returns noop
Session-Timeout = 30
EAP-Message =
0x010900261900170301001bb272c5e74bf73bac507705d33c44c800ee5076131dc7d4d279fcdc
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 8.
Going to the next request
Waking up in 4.5 seconds.
User-Name = "ctester at sw"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020900261900170301001b34f85f32b0e64b645cf4c386b0ce92a22d876fd6106202335be429
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x9a53d9c3903169b786b9b92564b2e3cb
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: Looking up realm "sw" for User-Name = "ctester at sw"
rlm_realm: Found realm "SW"
rlm_realm: Adding Stripped-User-Name = "ctester"
rlm_realm: Adding Realm = "SW"
rlm_realm: Proxying request from user ctester to realm SW
rlm_realm: Preparing to proxy authentication request to realm "SW"
++[suffix] returns updated
rlm_eap: Request is supposed to be proxied to Realm SW. Not doing EAP.
++[eap] returns noop
++[unix] returns notfound
users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020900261900170301001b34f85f32b0e64b645cf4c386b0ce92a22d876fd6106202335be429
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x39
Proxying request 9 to home server 129.74.4.115 port 1812
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020900261900170301001b34f85f32b0e64b645cf4c386b0ce92a22d876fd6106202335be429
State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x39
Going to the next request
Waking up in 0.9 seconds.
Proxy-State = 0x39
Airespace-QOS-Level = Gold
EAP-Message = 0x030a0004
Class = 0x5aac06c2000001370001ac13ea8e01c8cb923571594600000000000040a6
MS-CHAP-Domain = "\001ADN"
MS-CHAP2-Success =
0x01533d39443436344143374130354245313143434538324546313537363036434642334242443633463844
MS-MPPE-Send-Key =
0xcb0dc976cdcf6c132fb59c5cd7bc02a6561681c4d3a9fbc494ff41747ee9602c
MS-MPPE-Recv-Key =
0x665468e92068fd285dd14b910c62ac5bb0279dbf42d91e8c40396ec84a9b3fbf
Message-Authenticator = 0x318bd7867f5fb0c61cabfb76a859cc6f
+- entering group post-proxy
rlm_eap: No pre-existing handler found
++[eap] returns noop
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: Proxy reply, or no User-Name. Ignoring.
++[suffix] returns noop
++[eap] returns noop
++[unix] returns notfound
users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
rad_check_password: Found Auth-Type
rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [ctester at sw/<no User-Password attribute>] (from client
private-network-2 port 0 cli 02-00-00-00-00-01)
+- entering group post-auth
++[exec] returns noop
Airespace-QOS-Level = Gold
EAP-Message = 0x030a0004
Class = 0x5aac06c2000001370001ac13ea8e01c8cb923571594600000000000040a6
MS-CHAP-Domain = "\001ADN"
MS-CHAP2-Success =
0x01533d39443436344143374130354245313143434538324546313537363036434642334242443633463844
MS-MPPE-Send-Key =
0xcb0dc976cdcf6c132fb59c5cd7bc02a6561681c4d3a9fbc494ff41747ee9602c
MS-MPPE-Recv-Key =
0x665468e92068fd285dd14b910c62ac5bb0279dbf42d91e8c40396ec84a9b3fbf
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 9.
Going to the next request
Waking up in 4.4 seconds.
Cleaning up request 0 ID 0 with timestamp +11
Cleaning up request 1 ID 1 with timestamp +11
Cleaning up request 2 ID 2 with timestamp +11
Cleaning up request 3 ID 3 with timestamp +11
Waking up in 0.1 seconds.
Cleaning up request 4 ID 4 with timestamp +11
Cleaning up request 5 ID 5 with timestamp +11
Cleaning up request 6 ID 6 with timestamp +11
Cleaning up request 7 ID 7 with timestamp +11
Cleaning up request 8 ID 8 with timestamp +11
Cleaning up request 9 ID 9 with timestamp +11
Ready to process requests.
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200000c0163746573746572
Message-Authenticator = 0x84d1723e8dff8a827501781507bf3884
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "ctester", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 0 length 12
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200000c0163746573746572
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x30
Proxying request 10 to home server 129.74.4.115 port 1812
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200000c0163746573746572
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x30
Going to the next request
Waking up in 0.9 seconds.
Proxy-State = 0x30
Session-Timeout = 30
EAP-Message = 0x010100061920
State = 0x23500464000001370001ac13ea8e0000000316ea6c8400
Message-Authenticator = 0x7071b51e58d18b16f0f952175ad62759
+- entering group post-proxy
rlm_eap: No pre-existing handler found
++[eap] returns noop
Session-Timeout = 30
EAP-Message = 0x010100061920
State = 0x23500464000001370001ac13ea8e0000000316ea6c8400
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 10.
Going to the next request
Waking up in 4.9 seconds.
User-Name = "ctester"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0201003e190016030100330100002f030148738cb6ed41b889e4ab936e7c1998f2690664e24b1dbacb6bdafc821718117c000008002f000a000500040100
State = 0x23500464000001370001ac13ea8e0000000316ea6c8400
Message-Authenticator = 0x3cee22f09d2b59bca6fade2db7ff5488
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "ctester", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 1 length 62
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown
EAP-request
rlm_eap: Failed in handler
++[eap] returns invalid
auth: Failed to validate the user.
Login incorrect: [ctester/<via Auth-Type = EAP>] (from client
private-network-2 port 0 cli 02-00-00-00-00-01)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> ctester
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 11 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 11
Waking up in 3.9 seconds.
Cleaning up request 10 ID 0 with timestamp +18
Waking up in 1.0 seconds.
Cleaning up request 11 ID 1 with timestamp +18
Ready to process requests.
Thanks for the help,
Chris
More information about the Freeradius-Users
mailing list