proxy-to-realm versus using a suffix

Chris Fruehwirth cfruehwi at nd.edu
Wed Jul 9 04:30:41 CEST 2008


So, I thought I sent this debug earlier today and apparently I did not. 
I was originally testing with 2.0.4. This is before I sent the message 
about trying 1.1.7 and 2.0.5. I will send the debug logs for those 
configurations tomorrow.

Below is the debug output from FreeRADIUS. The first attempt is using 
the suffix ctester at sw, which works. The second attempt is using the 
users file and no realm, which fails.
I'm just trying to figure out the differences between the two 
configurations and how to make the users file entry work like the suffix 
behavior.


In the users file:

DEFAULT Proxy-To-Ream := "SW"

Debug info:

FreeRADIUS Version 2.0.4, for host i686-pc-linux-gnu, built on Jun  4 
2008 at 16:45:18
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file /opt/etc/raddb/radiusd.conf
including configuration file /opt/etc/raddb/proxy.conf
including configuration file /opt/etc/raddb/clients.conf
including configuration file /opt/etc/raddb/snmp.conf
including configuration file /opt/etc/raddb/eap.conf
including configuration file /opt/etc/raddb/sql.conf
including configuration file /opt/etc/raddb/sql/mysql/dialup.conf
including configuration file /opt/etc/raddb/sql/mysql/counter.conf
including configuration file /opt/etc/raddb/policy.conf
including files in directory /opt/etc/raddb/sites-enabled/
including configuration file /opt/etc/raddb/sites-enabled/inner-tunnel
including configuration file /opt/etc/raddb/sites-enabled/default
including dictionary file /opt/etc/raddb/dictionary
main {
   prefix = "/opt"
   localstatedir = "/opt/var"
   logdir = "/opt/var/log/radius"
   libdir = "/opt/lib"
   radacctdir = "/opt/var/log/radius/radacct"
   hostname_lookups = no
   max_request_time = 30
   cleanup_delay = 5
   max_requests = 1024
   allow_core_dumps = no
   pidfile = "/opt/var/run/radiusd/radiusd.pid"
   checkrad = "/opt/sbin/checkrad"
   debug_level = 0
   proxy_requests = yes
security {
   max_attributes = 200
   reject_delay = 1
   status_server = yes
}
}

radiusd: #### Loading Realms and Home Servers ####
proxy server {
   retry_delay = 5
   retry_count = 3
   default_fallback = no
   dead_time = 120
   wake_all_if_all_dead = no
}
home_server localhost {
   ipaddr = 127.0.0.1
   port = 1812
   type = "auth"
   secret = "xxx"
   response_window = 20
   max_outstanding = 65536
   zombie_period = 40
   status_check = "status-server"
   ping_check = "none"
   ping_interval = 30
   check_interval = 30
   num_answers_to_alive = 3
   num_pings_to_alive = 3
   revive_interval = 120
   status_check_timeout = 4
}
home_server_pool my_auth_failover {
   type = fail-over
   home_server = localhost
}
realm example.com {
   auth_pool = my_auth_failover
}
realm LOCAL {
}
realm SW {
   authhost = nat15.cc.nd.edu:1812
   secret = xxxx
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
 exec {
   wait = yes
   input_pairs = "request"
   shell_escape = yes
 }
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
 expiration {
   reply-message = "Password Has Expired  "
 }
Module: Linked to module rlm_logintime
Module: Instantiating logintime
 logintime {
   reply-message = "You are calling outside your allowed timespan  "
   minimum-timeout = 60
 }
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
 pap {
   encryption_scheme = "auto"
   auto_header = no
 }
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
 mschap {
   use_mppe = yes
   require_encryption = no
   require_strong = no
   with_ntdomain_hack = no
 }
Module: Linked to module rlm_unix
Module: Instantiating unix
 unix {
   radwtmp = "/opt/var/log/radius/radwtmp"
 }
Module: Linked to module rlm_eap
Module: Instantiating eap
 eap {
   default_eap_type = "md5"
   timer_expire = 60
   ignore_unknown_eap_types = no
   cisco_accounting_username_bug = no
 }
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
  gtc {
   challenge = "Password: "
   auth_type = "PAP"
  }
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
  tls {
   rsa_key_exchange = no
   dh_key_exchange = yes
   rsa_key_length = 512
   dh_key_length = 512
   verify_depth = 0
   pem_file_type = yes
   private_key_file = "/opt/etc/raddb/certs/server.pem"
   certificate_file = "/opt/etc/raddb/certs/server.pem"
   CA_file = "/opt/etc/raddb/certs/ca.pem"
   private_key_password = "whatever"
   dh_file = "/opt/etc/raddb/certs/dh"
   random_file = "/opt/etc/raddb/certs/random"
   fragment_size = 1024
   include_length = yes
   check_crl = no
   cipher_list = "DEFAULT"
   make_cert_command = "/opt/etc/raddb/certs/bootstrap"
  }
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
  ttls {
   default_eap_type = "md5"
   copy_request_to_tunnel = no
   use_tunneled_reply = no
  }
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
  peap {
   default_eap_type = "mschapv2"
   copy_request_to_tunnel = yes
   use_tunneled_reply = no
   proxy_tunneled_request_as_eap = no
   virtual_server = "inner-tunnel"
  }
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
  mschapv2 {
   with_ntdomain_hack = no
  }
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating suffix
 realm suffix {
   format = "suffix"
   delimiter = "@"
   ignore_default = no
   ignore_null = no
 }
Module: Linked to module rlm_files
Module: Instantiating files
 files {
   usersfile = "/opt/etc/raddb/users"
   acctusersfile = "/opt/etc/raddb/acct_users"
   preproxy_usersfile = "/opt/etc/raddb/preproxy_users"
   compat = "no"
 }
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating radutmp
 radutmp {
   filename = "/opt/var/log/radius/radutmp"
   username = "%{User-Name}"
   case_sensitive = yes
   check_with_nas = yes
   perm = 384
   callerid = yes
 }
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating attr_filter.access_reject
 attr_filter attr_filter.access_reject {
   attrsfile = "/opt/etc/raddb/attrs.access_reject"
   key = "%{User-Name}"
 }
}
}
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
 preprocess {
   huntgroups = "/opt/etc/raddb/huntgroups"
   hints = "/opt/etc/raddb/hints"
   with_ascend_hack = no
   ascend_channels_per_line = 23
   with_ntdomain_hack = no
   with_specialix_jetstream_hack = no
   with_cisco_vsa_hack = no
   with_alvarion_vsa_hack = no
 }
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
 acct_unique {
   key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, 
NAS-Port"
 }
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating detail
 detail {
   detailfile = 
"/opt/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
   header = "%t"
   detailperm = 384
   dirperm = 493
   locking = no
   log_packet_header = no
 }
Module: Instantiating attr_filter.accounting_response
 attr_filter attr_filter.accounting_response {
   attrsfile = "/opt/etc/raddb/attrs.accounting_response"
   key = "%{User-Name}"
 }
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
}
}
radiusd: #### Opening IP addresses and Ports ####
listen {
   type = "auth"
   ipaddr = *
   port = 0
}
listen {
   type = "acct"
   ipaddr = *
   port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
   User-Name = "ctester at sw"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 0x0200000f0163746573746572407377
   Message-Authenticator = 0x215a48692551ddd10fe4187fe481bb70
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
   rlm_realm: Looking up realm "sw" for User-Name = "ctester at sw"
   rlm_realm: Found realm "SW"
   rlm_realm: Adding Stripped-User-Name = "ctester"
   rlm_realm: Adding Realm = "SW"
   rlm_realm: Proxying request from user ctester to realm SW
   rlm_realm: Preparing to proxy authentication request to realm "SW"
++[suffix] returns updated
 rlm_eap: Request is supposed to be proxied to Realm SW.  Not doing EAP.
++[eap] returns noop
++[unix] returns notfound
   users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 0x0200000f0163746573746572407377
   Message-Authenticator = 0x00000000000000000000000000000000
   Proxy-State = 0x30
Proxying request 0 to home server 129.74.4.115 port 1812
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 0x0200000f0163746573746572407377
   Message-Authenticator = 0x00000000000000000000000000000000
   Proxy-State = 0x30
Going to the next request
Waking up in 0.9 seconds.
   Proxy-State = 0x30
   Session-Timeout = 30
   EAP-Message = 0x010100061920
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0xf1c33704c2f03d3963f8b01f45ece336
+- entering group post-proxy
 rlm_eap: No pre-existing handler found
++[eap] returns noop
   Session-Timeout = 30
   EAP-Message = 0x010100061920
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
   User-Name = "ctester at sw"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 
0x0201003e190016030100330100002f030148738caa0df6feedf6e4f181385446de3a61ad9fc007a7cb91e5f91e56fc59af000008002f000a000500040100
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x16a6307a7eb4185ec31ebe7f65ff5e38
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
   rlm_realm: Looking up realm "sw" for User-Name = "ctester at sw"
   rlm_realm: Found realm "SW"
   rlm_realm: Adding Stripped-User-Name = "ctester"
   rlm_realm: Adding Realm = "SW"
   rlm_realm: Proxying request from user ctester to realm SW
   rlm_realm: Preparing to proxy authentication request to realm "SW"
++[suffix] returns updated
 rlm_eap: Request is supposed to be proxied to Realm SW.  Not doing EAP.
++[eap] returns noop
++[unix] returns notfound
   users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 
0x0201003e190016030100330100002f030148738caa0df6feedf6e4f181385446de3a61ad9fc007a7cb91e5f91e56fc59af000008002f000a000500040100
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
   Proxy-State = 0x31
Proxying request 1 to home server 129.74.4.115 port 1812
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 
0x0201003e190016030100330100002f030148738caa0df6feedf6e4f181385446de3a61ad9fc007a7cb91e5f91e56fc59af000008002f000a000500040100
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
   Proxy-State = 0x31
Going to the next request
Waking up in 0.9 seconds.
   Proxy-State = 0x31
   Session-Timeout = 30
   EAP-Message = 
0x0102057419c000000f891603010f8402000046030148738caa2adbef5ac0d41b9f00ade324e4b703d85a8b914a2e8e5b6e54b5ac082083060000748a477375b3c6d3a05d943b9f90ad7f8d9df7a08a781e809689d83b0004000b00032100031e00031b3082031730820280a003020102020309207e300d06092a864886f70d0101050500304e310b30090603550406130255533110300e060355040a130745717569666178312d302b060355040b1324457175696661782053656375726520436572746966696361746520417574686f72697479301e170d3038303530313133323535305a170d3039303530323133323535305a3081a1310b30090603
   EAP-Message = 
0x550406130255533110300e06035504081307496e6469616e61311330110603550407130a6e6f7472652064616d6531283026060355040a131f556e6976657273697479206f66204e6f7472652044616d65206475204c61633121301f060355040b1318556e6976657273697479206f66204e6f7472652044616d65311e301c060355040313157261646975732d6465766c2e64632e6e642e65647530819f300d06092a864886f70d010101050003818d0030818902818100bb32514e5ec33fc20f97ad58789c9230719df55fb0f566bb213edcf2c4740c50d7f97def7dd63b999b6e0aa721ce270f42ced98296972f920b6a5815d7a36526b944abef1f
   EAP-Message = 
0x82566c8c2e32c0ecc2b6d5efb878797e1867b8abfa3d78c5c776f57bbf56d4fe1c5527456a4073b4b31dfce8ec86747025a087d4260948f0e9dd5f0203010001a381ae3081ab300e0603551d0f0101ff0404030204f0301d0603551d0e041604143df3d9e473605afd107f820d1c573d9512d10fe0303a0603551d1f04333031302fa02da02b8629687474703a2f2f63726c2e67656f74727573742e636f6d2f63726c732f73656375726563612e63726c301f0603551d2304183016801448e668f92bd2b295d747d82320104f3398909fd4301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d0101
   EAP-Message = 
0x0505000381810006f68b9834039f02993ada4a16228c54d510d8abf5cb2929c4004c9f77bd630f7f52ea3b40a6ec02f6a39dfd954f4947f25d330094ef3b0d724e2f9fef8d39515791c9721505711ac518839b2f6e221a1f736a8f26c18a5560a686cc15984aa64c0dbd894c85de626f14a90249e9937d49d0324fd3e3b54105e7871e9f129fb40d000c0d0201020c0800c43081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732031205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038
   EAP-Message = 
0x060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b00c43081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732034205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c
   EAP-Message = 
0x79311f301d060355040b1316566572695369676e205472757374204e6574776f726b00d43081d1310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311a3018060355040a131154686177746520436f6e73756c74696e673128302606035504
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x2a4d0df20cbd1120f22afcfc5af64802
+- entering group post-proxy
 rlm_eap: No pre-existing handler found
++[eap] returns noop
   Session-Timeout = 30
   EAP-Message = 
0x0102057419c000000f891603010f8402000046030148738caa2adbef5ac0d41b9f00ade324e4b703d85a8b914a2e8e5b6e54b5ac082083060000748a477375b3c6d3a05d943b9f90ad7f8d9df7a08a781e809689d83b0004000b00032100031e00031b3082031730820280a003020102020309207e300d06092a864886f70d0101050500304e310b30090603550406130255533110300e060355040a130745717569666178312d302b060355040b1324457175696661782053656375726520436572746966696361746520417574686f72697479301e170d3038303530313133323535305a170d3039303530323133323535305a3081a1310b30090603
   EAP-Message = 
0x550406130255533110300e06035504081307496e6469616e61311330110603550407130a6e6f7472652064616d6531283026060355040a131f556e6976657273697479206f66204e6f7472652044616d65206475204c61633121301f060355040b1318556e6976657273697479206f66204e6f7472652044616d65311e301c060355040313157261646975732d6465766c2e64632e6e642e65647530819f300d06092a864886f70d010101050003818d0030818902818100bb32514e5ec33fc20f97ad58789c9230719df55fb0f566bb213edcf2c4740c50d7f97def7dd63b999b6e0aa721ce270f42ced98296972f920b6a5815d7a36526b944abef1f
   EAP-Message = 
0x82566c8c2e32c0ecc2b6d5efb878797e1867b8abfa3d78c5c776f57bbf56d4fe1c5527456a4073b4b31dfce8ec86747025a087d4260948f0e9dd5f0203010001a381ae3081ab300e0603551d0f0101ff0404030204f0301d0603551d0e041604143df3d9e473605afd107f820d1c573d9512d10fe0303a0603551d1f04333031302fa02da02b8629687474703a2f2f63726c2e67656f74727573742e636f6d2f63726c732f73656375726563612e63726c301f0603551d2304183016801448e668f92bd2b295d747d82320104f3398909fd4301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d0101
   EAP-Message = 
0x0505000381810006f68b9834039f02993ada4a16228c54d510d8abf5cb2929c4004c9f77bd630f7f52ea3b40a6ec02f6a39dfd954f4947f25d330094ef3b0d724e2f9fef8d39515791c9721505711ac518839b2f6e221a1f736a8f26c18a5560a686cc15984aa64c0dbd894c85de626f14a90249e9937d49d0324fd3e3b54105e7871e9f129fb40d000c0d0201020c0800c43081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732031205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038
   EAP-Message = 
0x060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b00c43081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732034205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c
   EAP-Message = 
0x79311f301d060355040b1316566572695369676e205472757374204e6574776f726b00d43081d1310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311a3018060355040a131154686177746520436f6e73756c74696e673128302606035504
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
   User-Name = "ctester at sw"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 0x020200061900
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x6fc535d48adbca7ea8fe450536705c18
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
   rlm_realm: Looking up realm "sw" for User-Name = "ctester at sw"
   rlm_realm: Found realm "SW"
   rlm_realm: Adding Stripped-User-Name = "ctester"
   rlm_realm: Adding Realm = "SW"
   rlm_realm: Proxying request from user ctester to realm SW
   rlm_realm: Preparing to proxy authentication request to realm "SW"
++[suffix] returns updated
 rlm_eap: Request is supposed to be proxied to Realm SW.  Not doing EAP.
++[eap] returns noop
++[unix] returns notfound
   users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 0x020200061900
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
   Proxy-State = 0x32
Proxying request 2 to home server 129.74.4.115 port 1812
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 0x020200061900
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
   Proxy-State = 0x32
Going to the next request
Waking up in 0.9 seconds.
   Proxy-State = 0x32
   Session-Timeout = 30
   EAP-Message = 
0x0103057419400b131f43657274696669636174696f6e205365727669636573204469766973696f6e312430220603550403131b54686177746520506572736f6e616c20467265656d61696c204341312b302906092a864886f70d010901161c706572736f6e616c2d667265656d61696c407468617774652e636f6d00d23081cf310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311a3018060355040a131154686177746520436f6e73756c74696e6731283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f
   EAP-Message = 
0x6e312330210603550403131a54686177746520506572736f6e616c205072656d69756d204341312a302806092a864886f70d010901161b706572736f6e616c2d7072656d69756d407468617774652e636f6d0086308183310b3009060355040613025553312d302b060355040a132446697273742044617461204469676974616c2043657274696669636174657320496e632e314530430603550403133c46697273742044617461204469676974616c2043657274696669636174657320496e632e2043657274696669636174696f6e20417574686f7269747900ce3081cb310b3009060355040613025a41311530130603550408130c576573746572
   EAP-Message = 
0x6e204361706531123010060355040713094361706520546f776e311a3018060355040a131154686177746520436f6e73756c74696e6731283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e3121301f0603550403131854686177746520506572736f6e616c2042617369632043413128302606092a864886f70d0109011619706572736f6e616c2d6261736963407468617774652e636f6d0061305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274
   EAP-Message = 
0x696669636174696f6e20417574686f726974790061305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732032205075626c6963205072696d6172792043657274696669636174696f6e20417574686f726974790061305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732031205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747900c43081c1310b300906035504061302555331173015060355040a130e56657269536967
   EAP-Message = 
0x6e2c20496e632e313c303a060355040b1333436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b009c308199310b30090603550406130248553111300f06035504071308427564617065737431273025060355040a131e4e65744c6f636b2048616c6f7a617462697a746f6e73616769204b66742e311a3018060355040b13115461
   EAP-Message = 
0x6e7573697476616e796b6961646f6b31323030060355040313294e65744c6f636b20557a6c6574692028436c6173732042292054616e7573697476616e796b6961646f00473045310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e311c301a0603550403131347544520437962657254
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0xeee4ceff1855c2bdc30c956a96e69fda
+- entering group post-proxy
 rlm_eap: No pre-existing handler found
++[eap] returns noop
   Session-Timeout = 30
   EAP-Message = 
0x0103057419400b131f43657274696669636174696f6e205365727669636573204469766973696f6e312430220603550403131b54686177746520506572736f6e616c20467265656d61696c204341312b302906092a864886f70d010901161c706572736f6e616c2d667265656d61696c407468617774652e636f6d00d23081cf310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311a3018060355040a131154686177746520436f6e73756c74696e6731283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f
   EAP-Message = 
0x6e312330210603550403131a54686177746520506572736f6e616c205072656d69756d204341312a302806092a864886f70d010901161b706572736f6e616c2d7072656d69756d407468617774652e636f6d0086308183310b3009060355040613025553312d302b060355040a132446697273742044617461204469676974616c2043657274696669636174657320496e632e314530430603550403133c46697273742044617461204469676974616c2043657274696669636174657320496e632e2043657274696669636174696f6e20417574686f7269747900ce3081cb310b3009060355040613025a41311530130603550408130c576573746572
   EAP-Message = 
0x6e204361706531123010060355040713094361706520546f776e311a3018060355040a131154686177746520436f6e73756c74696e6731283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e3121301f0603550403131854686177746520506572736f6e616c2042617369632043413128302606092a864886f70d0109011619706572736f6e616c2d6261736963407468617774652e636f6d0061305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274
   EAP-Message = 
0x696669636174696f6e20417574686f726974790061305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732032205075626c6963205072696d6172792043657274696669636174696f6e20417574686f726974790061305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732031205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747900c43081c1310b300906035504061302555331173015060355040a130e56657269536967
   EAP-Message = 
0x6e2c20496e632e313c303a060355040b1333436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b009c308199310b30090603550406130248553111300f06035504071308427564617065737431273025060355040a131e4e65744c6f636b2048616c6f7a617462697a746f6e73616769204b66742e311a3018060355040b13115461
   EAP-Message = 
0x6e7573697476616e796b6961646f6b31323030060355040313294e65744c6f636b20557a6c6574692028436c6173732042292054616e7573697476616e796b6961646f00473045310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e311c301a0603550403131347544520437962657254
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
   User-Name = "ctester at sw"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 0x020300061900
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x6bc3982cda4ec25ac8b2566cda481ccc
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
   rlm_realm: Looking up realm "sw" for User-Name = "ctester at sw"
   rlm_realm: Found realm "SW"
   rlm_realm: Adding Stripped-User-Name = "ctester"
   rlm_realm: Adding Realm = "SW"
   rlm_realm: Proxying request from user ctester to realm SW
   rlm_realm: Preparing to proxy authentication request to realm "SW"
++[suffix] returns updated
 rlm_eap: Request is supposed to be proxied to Realm SW.  Not doing EAP.
++[eap] returns noop
++[unix] returns notfound
   users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 0x020300061900
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
   Proxy-State = 0x33
Proxying request 3 to home server 129.74.4.115 port 1812
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 0x020300061900
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
   Proxy-State = 0x33
Going to the next request
Waking up in 0.9 seconds.
   Proxy-State = 0x33
   Session-Timeout = 30
   EAP-Message = 
0x010404b719007275737420526f6f7400773075310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e31273025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e312330210603550403131a475445204379626572547275737420476c6f62616c20526f6f7400c63081c3310b300906035504061302555331143012060355040a130b456e74727573742e6e6574313b3039060355040b13327777772e656e74727573742e6e65742f43505320696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c2863292031
   EAP-Message = 
0x39393920456e74727573742e6e6574204c696d69746564313a303806035504031331456e74727573742e6e657420536563757265205365727665722043657274696669636174696f6e20417574686f7269747900b23081af310b30090603550406130248553110300e0603550408130748756e676172793111300f06035504071308427564617065737431273025060355040a131e4e65744c6f636b2048616c6f7a617462697a746f6e73616769204b66742e311a3018060355040b131154616e7573697476616e796b6961646f6b313630340603550403132d4e65744c6f636b204b6f7a6a6567797a6f692028436c6173732041292054616e757369
   EAP-Message = 
0x7476616e796b6961646f00c43081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732032205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b0070306e310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e3127
   EAP-Message = 
0x3025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e311c301a06035504031313475445204379626572547275737420526f6f74009e30819b310b30090603550406130248553111300f06035504071308427564617065737431273025060355040a131e4e65744c6f636b2048616c6f7a617462697a746f6e73616769204b66742e311a3018060355040b131154616e7573697476616e796b6961646f6b313430320603550403132b4e65744c6f636b20457870726573737a2028436c6173732043292054616e7573697476616e796b6961646f00723070312b3029060355040b1322436f70797269676874
   EAP-Message = 
0x202863292031393937204d6963726f736f667420436f72702e311e301c060355040b13154d6963726f736f667420436f72706f726174696f6e3121301f060355040313184d6963726f736f667420526f6f7420417574686f726974790061305f31133011060a0992268993f22c6401191603636f6d31193017060a0992268993f22c64011916096d6963726f736f6674312d302b060355040313244d6963726f736f667420526f6f7420436572746966696361746520417574686f726974790e000000
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0xc462deed5008175792e6615860d28953
+- entering group post-proxy
 rlm_eap: No pre-existing handler found
++[eap] returns noop
   Session-Timeout = 30
   EAP-Message = 
0x010404b719007275737420526f6f7400773075310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e31273025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e312330210603550403131a475445204379626572547275737420476c6f62616c20526f6f7400c63081c3310b300906035504061302555331143012060355040a130b456e74727573742e6e6574313b3039060355040b13327777772e656e74727573742e6e65742f43505320696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c2863292031
   EAP-Message = 
0x39393920456e74727573742e6e6574204c696d69746564313a303806035504031331456e74727573742e6e657420536563757265205365727665722043657274696669636174696f6e20417574686f7269747900b23081af310b30090603550406130248553110300e0603550408130748756e676172793111300f06035504071308427564617065737431273025060355040a131e4e65744c6f636b2048616c6f7a617462697a746f6e73616769204b66742e311a3018060355040b131154616e7573697476616e796b6961646f6b313630340603550403132d4e65744c6f636b204b6f7a6a6567797a6f692028436c6173732041292054616e757369
   EAP-Message = 
0x7476616e796b6961646f00c43081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732032205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b0070306e310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e3127
   EAP-Message = 
0x3025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e311c301a06035504031313475445204379626572547275737420526f6f74009e30819b310b30090603550406130248553111300f06035504071308427564617065737431273025060355040a131e4e65744c6f636b2048616c6f7a617462697a746f6e73616769204b66742e311a3018060355040b131154616e7573697476616e796b6961646f6b313430320603550403132b4e65744c6f636b20457870726573737a2028436c6173732043292054616e7573697476616e796b6961646f00723070312b3029060355040b1322436f70797269676874
   EAP-Message = 
0x202863292031393937204d6963726f736f667420436f72702e311e301c060355040b13154d6963726f736f667420436f72706f726174696f6e3121301f060355040313184d6963726f736f667420526f6f7420417574686f726974790061305f31133011060a0992268993f22c6401191603636f6d31193017060a0992268993f22c64011916096d6963726f736f6674312d302b060355040313244d6963726f736f667420526f6f7420436572746966696361746520417574686f726974790e000000
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
Finished request 3.
Going to the next request
Waking up in 4.8 seconds.
   User-Name = "ctester at sw"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 
0x020400c8190016030100070b000003000000160301008610000082008068b1d70454f9e4ba8197aada1ed6f1698c578c542721bd0e10bd9b3171330fd654eec4808d5f6ae227df2ce5b11913dbda0ade4fb828597b56a1fa07b8fcfffa78b4dff88f423ebc7f6cdd9139d9e632944aef8a92a53a31fb40be5d7f62ebbaac110acb98ee399627226ae2b32ee40c70de0eb150beee58fa394a7feea2bca414030100010116030100206a483d9c499dc66e715d62a8b66c9a5628db3dc3683dd1da3b0afd47e445eeb8
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x28dad817967a4fa35a9e18bb91328350
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
   rlm_realm: Looking up realm "sw" for User-Name = "ctester at sw"
   rlm_realm: Found realm "SW"
   rlm_realm: Adding Stripped-User-Name = "ctester"
   rlm_realm: Adding Realm = "SW"
   rlm_realm: Proxying request from user ctester to realm SW
   rlm_realm: Preparing to proxy authentication request to realm "SW"
++[suffix] returns updated
 rlm_eap: Request is supposed to be proxied to Realm SW.  Not doing EAP.
++[eap] returns noop
++[unix] returns notfound
   users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 
0x020400c8190016030100070b000003000000160301008610000082008068b1d70454f9e4ba8197aada1ed6f1698c578c542721bd0e10bd9b3171330fd654eec4808d5f6ae227df2ce5b11913dbda0ade4fb828597b56a1fa07b8fcfffa78b4dff88f423ebc7f6cdd9139d9e632944aef8a92a53a31fb40be5d7f62ebbaac110acb98ee399627226ae2b32ee40c70de0eb150beee58fa394a7feea2bca414030100010116030100206a483d9c499dc66e715d62a8b66c9a5628db3dc3683dd1da3b0afd47e445eeb8
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
   Proxy-State = 0x34
Proxying request 4 to home server 129.74.4.115 port 1812
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 
0x020400c8190016030100070b000003000000160301008610000082008068b1d70454f9e4ba8197aada1ed6f1698c578c542721bd0e10bd9b3171330fd654eec4808d5f6ae227df2ce5b11913dbda0ade4fb828597b56a1fa07b8fcfffa78b4dff88f423ebc7f6cdd9139d9e632944aef8a92a53a31fb40be5d7f62ebbaac110acb98ee399627226ae2b32ee40c70de0eb150beee58fa394a7feea2bca414030100010116030100206a483d9c499dc66e715d62a8b66c9a5628db3dc3683dd1da3b0afd47e445eeb8
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
   Proxy-State = 0x34
Going to the next request
Waking up in 0.9 seconds.
   Proxy-State = 0x34
   Session-Timeout = 30
   EAP-Message = 
0x0105003519800000002b14030100010116030100207acba7ec4a687af66a465918700353977a75c6dfeef5209f94196921f61208f6
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x79b2088ca62dc8b91364e7129039d60b
+- entering group post-proxy
 rlm_eap: No pre-existing handler found
++[eap] returns noop
   Session-Timeout = 30
   EAP-Message = 
0x0105003519800000002b14030100010116030100207acba7ec4a687af66a465918700353977a75c6dfeef5209f94196921f61208f6
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
Finished request 4.
Going to the next request
Waking up in 4.7 seconds.
   User-Name = "ctester at sw"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 0x020500061900
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0xc13df51a7ebb61ce5e4e57f8fc5968e8
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
   rlm_realm: Looking up realm "sw" for User-Name = "ctester at sw"
   rlm_realm: Found realm "SW"
   rlm_realm: Adding Stripped-User-Name = "ctester"
   rlm_realm: Adding Realm = "SW"
   rlm_realm: Proxying request from user ctester to realm SW
   rlm_realm: Preparing to proxy authentication request to realm "SW"
++[suffix] returns updated
 rlm_eap: Request is supposed to be proxied to Realm SW.  Not doing EAP.
++[eap] returns noop
++[unix] returns notfound
   users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 0x020500061900
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
   Proxy-State = 0x35
Proxying request 5 to home server 129.74.4.115 port 1812
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 0x020500061900
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
   Proxy-State = 0x35
Going to the next request
Waking up in 0.9 seconds.
   Proxy-State = 0x35
   Session-Timeout = 30
   EAP-Message = 0x0106001c190017030100113ec16ae9f198c6c77dbf0ef18790f2f22e
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x5370867582ccf4dce9f3b7a3c61b0653
+- entering group post-proxy
 rlm_eap: No pre-existing handler found
++[eap] returns noop
   Session-Timeout = 30
   EAP-Message = 0x0106001c190017030100113ec16ae9f198c6c77dbf0ef18790f2f22e
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
Finished request 5.
Going to the next request
Waking up in 4.6 seconds.
   User-Name = "ctester at sw"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 
0x020600261900170301001b2fc8ba66e7d6b203804402c2b5133a9c47b1e46de8941ee6410882
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0xd7915475fe6bc38a40fb4a681264a73f
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
   rlm_realm: Looking up realm "sw" for User-Name = "ctester at sw"
   rlm_realm: Found realm "SW"
   rlm_realm: Adding Stripped-User-Name = "ctester"
   rlm_realm: Adding Realm = "SW"
   rlm_realm: Proxying request from user ctester to realm SW
   rlm_realm: Preparing to proxy authentication request to realm "SW"
++[suffix] returns updated
 rlm_eap: Request is supposed to be proxied to Realm SW.  Not doing EAP.
++[eap] returns noop
++[unix] returns notfound
   users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 
0x020600261900170301001b2fc8ba66e7d6b203804402c2b5133a9c47b1e46de8941ee6410882
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
   Proxy-State = 0x36
Proxying request 6 to home server 129.74.4.115 port 1812
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 
0x020600261900170301001b2fc8ba66e7d6b203804402c2b5133a9c47b1e46de8941ee6410882
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
   Proxy-State = 0x36
Going to the next request
Waking up in 0.9 seconds.
   Proxy-State = 0x36
   Session-Timeout = 6
   EAP-Message = 
0x0107003f19001703010034fbfdcd888585f8a4e8d07f42fb6b8fac1e4e345473a42b2a0222544a87c1ad7b388087567413ba47e433e3c054c5799b98271095
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x0577dc43e045c437fe6ffc736f827b66
+- entering group post-proxy
 rlm_eap: No pre-existing handler found
++[eap] returns noop
   Session-Timeout = 6
   EAP-Message = 
0x0107003f19001703010034fbfdcd888585f8a4e8d07f42fb6b8fac1e4e345473a42b2a0222544a87c1ad7b388087567413ba47e433e3c054c5799b98271095
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
Finished request 6.
Going to the next request
Waking up in 4.6 seconds.
   User-Name = "ctester at sw"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 
0x0207005c190017030100515c63f8f6af8d8bfdbbec6c15056130f71a9f249b8ca05ed9fc5255576c1419e2698deaab99e8216399884dac19580863d124ce13c35d892a8b476e634fb96ff242e52f0189d8e93e2564b1c213ba70c3cf
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x5de8cdaa7279b2485df13444eed0c766
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
   rlm_realm: Looking up realm "sw" for User-Name = "ctester at sw"
   rlm_realm: Found realm "SW"
   rlm_realm: Adding Stripped-User-Name = "ctester"
   rlm_realm: Adding Realm = "SW"
   rlm_realm: Proxying request from user ctester to realm SW
   rlm_realm: Preparing to proxy authentication request to realm "SW"
++[suffix] returns updated
 rlm_eap: Request is supposed to be proxied to Realm SW.  Not doing EAP.
++[eap] returns noop
++[unix] returns notfound
   users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 
0x0207005c190017030100515c63f8f6af8d8bfdbbec6c15056130f71a9f249b8ca05ed9fc5255576c1419e2698deaab99e8216399884dac19580863d124ce13c35d892a8b476e634fb96ff242e52f0189d8e93e2564b1c213ba70c3cf
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
   Proxy-State = 0x37
Proxying request 7 to home server 129.74.4.115 port 1812
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 
0x0207005c190017030100515c63f8f6af8d8bfdbbec6c15056130f71a9f249b8ca05ed9fc5255576c1419e2698deaab99e8216399884dac19580863d124ce13c35d892a8b476e634fb96ff242e52f0189d8e93e2564b1c213ba70c3cf
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
   Proxy-State = 0x37
Going to the next request
Waking up in 0.9 seconds.
   Proxy-State = 0x37
   Session-Timeout = 6
   EAP-Message = 
0x0108004a1900170301003f69b194763c233aa66fc5d30e07d223b700d5627cb6a187f8bda8435fb0bb7744b45ee08113bb0e4559b82d0d6350cf6b6bd0e98337fcb61c9ec7fd0744754c
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x5de6dbe809164f22ba5fecc874be56ba
+- entering group post-proxy
 rlm_eap: No pre-existing handler found
++[eap] returns noop
   Session-Timeout = 6
   EAP-Message = 
0x0108004a1900170301003f69b194763c233aa66fc5d30e07d223b700d5627cb6a187f8bda8435fb0bb7744b45ee08113bb0e4559b82d0d6350cf6b6bd0e98337fcb61c9ec7fd0744754c
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
Finished request 7.
Going to the next request
Waking up in 4.5 seconds.
   User-Name = "ctester at sw"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 
0x0208001d19001703010012bb7bf4f7fe6995bc37b4424778dc6c17f9f6
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x69b72b8f583ac600e5462514742e126b
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
   rlm_realm: Looking up realm "sw" for User-Name = "ctester at sw"
   rlm_realm: Found realm "SW"
   rlm_realm: Adding Stripped-User-Name = "ctester"
   rlm_realm: Adding Realm = "SW"
   rlm_realm: Proxying request from user ctester to realm SW
   rlm_realm: Preparing to proxy authentication request to realm "SW"
++[suffix] returns updated
 rlm_eap: Request is supposed to be proxied to Realm SW.  Not doing EAP.
++[eap] returns noop
++[unix] returns notfound
   users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 
0x0208001d19001703010012bb7bf4f7fe6995bc37b4424778dc6c17f9f6
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
   Proxy-State = 0x38
Proxying request 8 to home server 129.74.4.115 port 1812
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 
0x0208001d19001703010012bb7bf4f7fe6995bc37b4424778dc6c17f9f6
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
   Proxy-State = 0x38
Going to the next request
Waking up in 0.9 seconds.
   Proxy-State = 0x38
   Session-Timeout = 30
   EAP-Message = 
0x010900261900170301001bb272c5e74bf73bac507705d33c44c800ee5076131dc7d4d279fcdc
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x4d6bc01c2d899819ddddfae8c11cda15
+- entering group post-proxy
 rlm_eap: No pre-existing handler found
++[eap] returns noop
   Session-Timeout = 30
   EAP-Message = 
0x010900261900170301001bb272c5e74bf73bac507705d33c44c800ee5076131dc7d4d279fcdc
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
Finished request 8.
Going to the next request
Waking up in 4.5 seconds.
   User-Name = "ctester at sw"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 
0x020900261900170301001b34f85f32b0e64b645cf4c386b0ce92a22d876fd6106202335be429
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x9a53d9c3903169b786b9b92564b2e3cb
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
   rlm_realm: Looking up realm "sw" for User-Name = "ctester at sw"
   rlm_realm: Found realm "SW"
   rlm_realm: Adding Stripped-User-Name = "ctester"
   rlm_realm: Adding Realm = "SW"
   rlm_realm: Proxying request from user ctester to realm SW
   rlm_realm: Preparing to proxy authentication request to realm "SW"
++[suffix] returns updated
 rlm_eap: Request is supposed to be proxied to Realm SW.  Not doing EAP.
++[eap] returns noop
++[unix] returns notfound
   users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 
0x020900261900170301001b34f85f32b0e64b645cf4c386b0ce92a22d876fd6106202335be429
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
   Proxy-State = 0x39
Proxying request 9 to home server 129.74.4.115 port 1812
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 
0x020900261900170301001b34f85f32b0e64b645cf4c386b0ce92a22d876fd6106202335be429
   State = 0x234e0463000001370001ac13ea8e0000000316ea6c8300
   Message-Authenticator = 0x00000000000000000000000000000000
   Proxy-State = 0x39
Going to the next request
Waking up in 0.9 seconds.
   Proxy-State = 0x39
   Airespace-QOS-Level = Gold
   EAP-Message = 0x030a0004
   Class = 0x5aac06c2000001370001ac13ea8e01c8cb923571594600000000000040a6
   MS-CHAP-Domain = "\001ADN"
   MS-CHAP2-Success = 
0x01533d39443436344143374130354245313143434538324546313537363036434642334242443633463844
   MS-MPPE-Send-Key = 
0xcb0dc976cdcf6c132fb59c5cd7bc02a6561681c4d3a9fbc494ff41747ee9602c
   MS-MPPE-Recv-Key = 
0x665468e92068fd285dd14b910c62ac5bb0279dbf42d91e8c40396ec84a9b3fbf
   Message-Authenticator = 0x318bd7867f5fb0c61cabfb76a859cc6f
+- entering group post-proxy
 rlm_eap: No pre-existing handler found
++[eap] returns noop
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
   rlm_realm: Proxy reply, or no User-Name.  Ignoring.
++[suffix] returns noop
++[eap] returns noop
++[unix] returns notfound
   users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
 rad_check_password:  Found Auth-Type
 rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [ctester at sw/<no User-Password attribute>] (from client 
private-network-2 port 0 cli 02-00-00-00-00-01)
+- entering group post-auth
++[exec] returns noop
   Airespace-QOS-Level = Gold
   EAP-Message = 0x030a0004
   Class = 0x5aac06c2000001370001ac13ea8e01c8cb923571594600000000000040a6
   MS-CHAP-Domain = "\001ADN"
   MS-CHAP2-Success = 
0x01533d39443436344143374130354245313143434538324546313537363036434642334242443633463844
   MS-MPPE-Send-Key = 
0xcb0dc976cdcf6c132fb59c5cd7bc02a6561681c4d3a9fbc494ff41747ee9602c
   MS-MPPE-Recv-Key = 
0x665468e92068fd285dd14b910c62ac5bb0279dbf42d91e8c40396ec84a9b3fbf
   Message-Authenticator = 0x00000000000000000000000000000000
Finished request 9.
Going to the next request
Waking up in 4.4 seconds.
Cleaning up request 0 ID 0 with timestamp +11
Cleaning up request 1 ID 1 with timestamp +11
Cleaning up request 2 ID 2 with timestamp +11
Cleaning up request 3 ID 3 with timestamp +11
Waking up in 0.1 seconds.
Cleaning up request 4 ID 4 with timestamp +11
Cleaning up request 5 ID 5 with timestamp +11
Cleaning up request 6 ID 6 with timestamp +11
Cleaning up request 7 ID 7 with timestamp +11
Cleaning up request 8 ID 8 with timestamp +11
Cleaning up request 9 ID 9 with timestamp +11
Ready to process requests.
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 0x0200000c0163746573746572
   Message-Authenticator = 0x84d1723e8dff8a827501781507bf3884
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
   rlm_realm: No '@' in User-Name = "ctester", looking up realm NULL
   rlm_realm: No such realm "NULL"
++[suffix] returns noop
 rlm_eap: EAP packet type response id 0 length 12
 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
   users: Matched entry DEFAULT at line 207
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 0x0200000c0163746573746572
   Message-Authenticator = 0x00000000000000000000000000000000
   Proxy-State = 0x30
Proxying request 10 to home server 129.74.4.115 port 1812
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 0x0200000c0163746573746572
   Message-Authenticator = 0x00000000000000000000000000000000
   Proxy-State = 0x30
Going to the next request
Waking up in 0.9 seconds.
   Proxy-State = 0x30
   Session-Timeout = 30
   EAP-Message = 0x010100061920
   State = 0x23500464000001370001ac13ea8e0000000316ea6c8400
   Message-Authenticator = 0x7071b51e58d18b16f0f952175ad62759
+- entering group post-proxy
 rlm_eap: No pre-existing handler found
++[eap] returns noop
   Session-Timeout = 30
   EAP-Message = 0x010100061920
   State = 0x23500464000001370001ac13ea8e0000000316ea6c8400
   Message-Authenticator = 0x00000000000000000000000000000000
Finished request 10.
Going to the next request
Waking up in 4.9 seconds.
   User-Name = "ctester"
   NAS-IP-Address = 127.0.0.1
   Calling-Station-Id = "02-00-00-00-00-01"
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 11Mbps 802.11b"
   EAP-Message = 
0x0201003e190016030100330100002f030148738cb6ed41b889e4ab936e7c1998f2690664e24b1dbacb6bdafc821718117c000008002f000a000500040100
   State = 0x23500464000001370001ac13ea8e0000000316ea6c8400
   Message-Authenticator = 0x3cee22f09d2b59bca6fade2db7ff5488
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
   rlm_realm: No '@' in User-Name = "ctester", looking up realm NULL
   rlm_realm: No such realm "NULL"
++[suffix] returns noop
 rlm_eap: EAP packet type response id 1 length 62
 rlm_eap: Continuing tunnel setup.
++[eap] returns ok
 rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown 
EAP-request
 rlm_eap: Failed in handler
++[eap] returns invalid
auth: Failed to validate the user.
Login incorrect: [ctester/<via Auth-Type = EAP>] (from client 
private-network-2 port 0 cli 02-00-00-00-00-01)
 Found Post-Auth-Type Reject
+- entering group REJECT
   expand: %{User-Name} -> ctester
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 11 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 11
Waking up in 3.9 seconds.
Cleaning up request 10 ID 0 with timestamp +18
Waking up in 1.0 seconds.
Cleaning up request 11 ID 1 with timestamp +18
Ready to process requests.

Thanks for the help,

Chris







Alan DeKok wrote:
> Chris Fruehwirth wrote:
>   
>> Here is my update from testing with different versions. I tried to test
>> the same scenario with 2.0.5 and got the same failed results. Then I
>> went back to 1.1.7 and it worked.
>>     
>
>   Read the debug output to see where the differences are.
>
>   
>> I would like to add the realm name to specific RADIUS traffic either by
>> IP address, EAP type or NAS-Port-Type.
>>     
>
>   Why "add realm name"?  Why not just "proxy traffic"?   The two
> statements are *very* different.
>
>   On top of that, you *can't* proxy by EAP type.  The server recommends
> an EAP type... which means that by the time an EAP type is selected, the
> EAP session has already started.  You can't switch an EAP session from
> one server to another.
>
>   
>> I was thinking of doing something like this below in the users file.
>>
>> DEFAULT EAP-Type == PEAP, Proxy-To-Realm := "SW"
>>     
>
>   That won't work.  Ever.
>
>   
>> DEFAULT NAS-Port-Type == Wireless-802.11, Proxy-To-Realm := "SW"
>>     
>
>   If your NAS sends that NAS-Port-Type, it should work.
>
>   
>> DEFAULT Huntgroup-Name == Wirelesscontrollers,  Proxy-To-Realm := "SW"
>>     
>
>   That should work, too.
>
>   
>> If there is a better way to do this in 2.0.4-5, please let me know.
>>     
>
>   It SHOULD work.  If it doesn't, read the FAQ for "it doesn't work".
>
>   i.e. You've posted configurations that you think *might* work.  You've
>  also said that you tried *other* configurations (not posted) that
> didn't work.  How do you expect anyone to help you when you don't say
> what you're doing, and you don't say what happened?
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>   




More information about the Freeradius-Users mailing list