rlm_perl added pairs disapear after eap authentication

Peter Kaagman P.Kaagman at atlascollege.nl
Thu May 31 13:51:43 CEST 2012


Hi there list,

After getting (p)eap an mschap working I'm faced with the following
problem: The client gets authenticated through mschap and receives an
Access-Accept but the rlm_perl added pair which where added in request 0
are not send to the client. Resulting in a client ending up in the wrong
vlan.

I've tried several things to resolve this but with no result. One of
which was running the perl code in a post-auth event. This resulted in
something like 250 requests and the client not connecting.,

Two things strike me as odd:
- There is a warning about 2 auth-types - perl and eap
- Why does the authorization run first? I would have thought
authentication comes first.

Below the trace and versions.

Peter

FreeRADIUS Version 2.1.10, for host x86_64-pc-linux-gnu, built on Nov 24
2011 at 07:53:12
Ubuntu 64bit 12.04 (wheezy/sid)

FreeRADIUS Version 2.1.10, for host x86_64-pc-linux-gnu, built on Nov 24
2011 at 07:53:12
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. 
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
PARTICULAR PURPOSE. 
You may redistribute copies of FreeRADIUS under the terms of the 
GNU General Public License v2. 
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/opendirectory
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/dynamic_clients
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file
/etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
main {
	user = "freerad"
	group = "freerad"
	allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
	prefix = "/usr"
	localstatedir = "/var"
	logdir = "/var/log/freeradius"
	libdir = "/usr/lib/freeradius"
	radacctdir = "/var/log/freeradius/radacct"
	hostname_lookups = no
	max_request_time = 30
	cleanup_delay = 5
	max_requests = 1024
	pidfile = "/var/run/freeradius/freeradius.pid"
	checkrad = "/usr/sbin/checkrad"
	debug_level = 0
	proxy_requests = yes
 log {
	stripped_names = no
	auth = no
	auth_badpass = no
	auth_goodpass = no
 }
 security {
	max_attributes = 200
	reject_delay = 1
	status_server = yes
 }
}
radiusd: #### Loading Realms and Home Servers ####
 proxy server {
	retry_delay = 5
	retry_count = 3
	default_fallback = no
	dead_time = 120
	wake_all_if_all_dead = no
 }
 home_server localhost {
	ipaddr = 127.0.0.1
	port = 1812
	type = "auth"
	secret = "testing123"
	response_window = 20
	max_outstanding = 65536
	require_message_authenticator = yes
	zombie_period = 40
	status_check = "status-server"
	ping_interval = 30
	check_interval = 30
	num_answers_to_alive = 3
	num_pings_to_alive = 3
	revive_interval = 120
	status_check_timeout = 4
	irt = 2
	mrt = 16
	mrc = 5
	mrd = 30
 }
 home_server_pool my_auth_failover {
	type = fail-over
	home_server = localhost
 }
 realm example.com {
	auth_pool = my_auth_failover
 }
 realm LOCAL {
 }
radiusd: #### Loading Clients ####
 client localhost {
	ipaddr = 127.0.0.1
	require_message_authenticator = no
	secret = "testing123"
	nastype = "other"
 }
 client sysop-2 {
	ipaddr = 10.0.0.20
	require_message_authenticator = no
	secret = "testing123"
	nastype = "other"
 }
 client ap {
	ipaddr = 10.0.9.48
	require_message_authenticator = no
	secret = "testing123"
	nastype = "cisco"
 }
radiusd: #### Instantiating modules ####
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating module "exec" from file
/etc/freeradius/modules/exec
  exec {
	wait = no
	input_pairs = "request"
	shell_escape = yes
  }
 Module: Linked to module rlm_expr
 Module: Instantiating module "expr" from file
/etc/freeradius/modules/expr
 Module: Linked to module rlm_expiration
 Module: Instantiating module "expiration" from file
/etc/freeradius/modules/expiration
  expiration {
	reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating module "logintime" from file
/etc/freeradius/modules/logintime
  logintime {
	reply-message = "You are calling outside your allowed timespan
"
	minimum-timeout = 60
  }
 }
radiusd: #### Loading Virtual Servers ####
server inner-tunnel { # from file
/etc/freeradius/sites-enabled/inner-tunnel
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Instantiating module "ntlm_auth" from file
/etc/freeradius/modules/ntlm_auth
  exec ntlm_auth {
	wait = yes
	program = "/usr/bin/ntlm_auth --request-nt-key --domain=ATLAS
--username=%{mschap:User-Name} --password=%{User-Password}"
	input_pairs = "request"
	shell_escape = yes
  }
 Module: Linked to module rlm_pap
 Module: Instantiating module "pap" from file
/etc/freeradius/modules/pap
  pap {
	encryption_scheme = "auto"
	auto_header = no
  }
 Module: Linked to module rlm_chap
 Module: Instantiating module "chap" from file
/etc/freeradius/modules/chap
 Module: Linked to module rlm_mschap
 Module: Instantiating module "mschap" from file
/etc/freeradius/modules/mschap
  mschap {
	use_mppe = yes
	require_encryption = no
	require_strong = no
	with_ntdomain_hack = yes
	ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name:-None}
--domain=%{%{mschap:NT-Domain}:-ATLAS}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"
  }
 Module: Linked to module rlm_unix
 Module: Instantiating module "unix" from file
/etc/freeradius/modules/unix
  unix {
	radwtmp = "/var/log/freeradius/radwtmp"
  }
 Module: Linked to module rlm_eap
 Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
  eap {
	default_eap_type = "peap"
	timer_expire = 60
	ignore_unknown_eap_types = no
	cisco_accounting_username_bug = no
	max_sessions = 4096
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
   gtc {
	challenge = "Password: "
	auth_type = "PAP"
   }
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
	rsa_key_exchange = no
	dh_key_exchange = yes
	rsa_key_length = 512
	dh_key_length = 512
	verify_depth = 0
	CA_path = "/etc/freeradius/certs"
	pem_file_type = yes
	private_key_file = "/etc/freeradius/certs/server.key"
	certificate_file = "/etc/freeradius/certs/server.pem"
	CA_file = "/etc/freeradius/certs/ca.pem"
	private_key_password = "whatever"
	dh_file = "/etc/freeradius/certs/dh"
	random_file = "/dev/urandom"
	fragment_size = 1024
	include_length = yes
	check_crl = no
	cipher_list = "DEFAULT"
	make_cert_command = "/etc/freeradius/certs/bootstrap"
    cache {
	enable = no
	lifetime = 24
	max_entries = 255
    }
    verify {
    }
   }
 Module: Linked to sub-module rlm_eap_ttls
 Module: Instantiating eap-ttls
   ttls {
	default_eap_type = "md5"
	copy_request_to_tunnel = no
	use_tunneled_reply = no
	virtual_server = "inner-tunnel"
	include_length = yes
   }
 Module: Linked to sub-module rlm_eap_peap
 Module: Instantiating eap-peap
   peap {
	default_eap_type = "mschapv2"
	copy_request_to_tunnel = no
	use_tunneled_reply = no
	proxy_tunneled_request_as_eap = yes
	virtual_server = "inner-tunnel"
   }
 Module: Linked to sub-module rlm_eap_mschapv2
 Module: Instantiating eap-mschapv2
   mschapv2 {
	with_ntdomain_hack = no
   }
 Module: Linked to module rlm_perl
 Module: Instantiating module "perl" from file
/etc/freeradius/modules/perl
  perl {
	module = "/etc/freeradius/example.pl"
	func_authorize = "authorize"
	func_authenticate = "authenticate"
	func_accounting = "accounting"
	func_preacct = "preacct"
	func_checksimul = "checksimul"
	func_detach = "detach"
	func_xlat = "xlat"
	func_pre_proxy = "pre_proxy"
	func_post_proxy = "post_proxy"
	func_post_auth = "post_auth"
	func_recv_coa = "recv_coa"
	func_send_coa = "send_coa"
  }
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_realm
 Module: Instantiating module "suffix" from file
/etc/freeradius/modules/realm
  realm suffix {
	format = "suffix"
	delimiter = "@"
	ignore_default = no
	ignore_null = no
  }
 Module: Linked to module rlm_files
 Module: Instantiating module "files" from file
/etc/freeradius/modules/files
  files {
	usersfile = "/etc/freeradius/users"
	acctusersfile = "/etc/freeradius/acct_users"
	preproxy_usersfile = "/etc/freeradius/preproxy_users"
	compat = "no"
  }
 Module: Checking session {...} for more modules to load
 Module: Linked to module rlm_radutmp
 Module: Instantiating module "radutmp" from file
/etc/freeradius/modules/radutmp
  radutmp {
	filename = "/var/log/freeradius/radutmp"
	username = "%{User-Name}"
	case_sensitive = yes
	check_with_nas = yes
	perm = 384
	callerid = yes
  }
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 Module: Linked to module rlm_attr_filter
 Module: Instantiating module "attr_filter.access_reject" from file
/etc/freeradius/modules/attr_filter
  attr_filter attr_filter.access_reject {
	attrsfile = "/etc/freeradius/attrs.access_reject"
	key = "%{User-Name}"
  }
 } # modules
} # server
server { # from file /etc/freeradius/radiusd.conf
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_digest
 Module: Instantiating module "digest" from file
/etc/freeradius/modules/digest
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating module "preprocess" from file
/etc/freeradius/modules/preprocess
  preprocess {
	huntgroups = "/etc/freeradius/huntgroups"
	hints = "/etc/freeradius/hints"
	with_ascend_hack = no
	ascend_channels_per_line = 23
	with_ntdomain_hack = no
	with_specialix_jetstream_hack = no
	with_cisco_vsa_hack = no
	with_alvarion_vsa_hack = no
  }
 Module: Checking preacct {...} for more modules to load
 Module: Linked to module rlm_acct_unique
 Module: Instantiating module "acct_unique" from file
/etc/freeradius/modules/acct_unique
  acct_unique {
	key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
  }
 Module: Checking accounting {...} for more modules to load
 Module: Linked to module rlm_detail
 Module: Instantiating module "detail" from file
/etc/freeradius/modules/detail
  detail {
	detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
	header = "%t"
	detailperm = 384
	dirperm = 493
	locking = no
	log_packet_header = no
  }
 Module: Instantiating module "attr_filter.accounting_response" from
file /etc/freeradius/modules/attr_filter
  attr_filter attr_filter.accounting_response {
	attrsfile = "/etc/freeradius/attrs.accounting_response"
	key = "%{User-Name}"
  }
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 } # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
	type = "auth"
	ipaddr = *
	port = 0
}
listen {
	type = "acct"
	ipaddr = *
	port = 0
}
listen {
	type = "auth"
	ipaddr = 127.0.0.1
	port = 18120
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.0.9.48 port 1645, id=202,
length=210
	User-Name = "host/lt-pkn.atlas.atlascollege.nl"
	Framed-MTU = 1400
	Called-Station-Id = "0019.070a.a011"
	Calling-Station-Id = "0016.eae4.d5aa"
	Cisco-AVPair = "ssid=geengast"
	Service-Type = Login-User
	Message-Authenticator = 0xe29cf9a9ecd3cbce938b7d4917ea7286
	EAP-Message =
0x0202002601686f73742f6c742d706b6e2e61746c61732e61746c6173636f6c6c656765
2e6e6c
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 389
	NAS-Port-Id = "389"
	NAS-IP-Address = 10.0.9.48
	NAS-Identifier = "radtest"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "host/lt-pkn.atlas.atlascollege.nl",
looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 38
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 209
++[files] returns ok
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair Service-Type = Login-User
rlm_perl: Added pair Calling-Station-Id = 0016.eae4.d5aa
rlm_perl: Added pair Called-Station-Id = 0019.070a.a011
rlm_perl: Added pair Message-Authenticator =
0xe29cf9a9ecd3cbce938b7d4917ea7286
rlm_perl: Added pair Cisco-AVPair = ssid=geengast
rlm_perl: Added pair User-Name = host/lt-pkn.atlas.atlascollege.nl
rlm_perl: Added pair NAS-Identifier = radtest
rlm_perl: Added pair EAP-Message =
0x0202002601686f73742f6c742d706b6e2e61746c61732e61746c6173636f6c6c656765
2e6e6c
rlm_perl: Added pair EAP-Type = Identity
rlm_perl: Added pair NAS-IP-Address = 10.0.9.48
rlm_perl: Added pair NAS-Port = 389
rlm_perl: Added pair NAS-Port-Id = 389
rlm_perl: Added pair Framed-MTU = 1400
rlm_perl: Added pair Tunnel-Private-Group-ID = 101
rlm_perl: Added pair Session-Timeout = 250
rlm_perl: Added pair Tunnel-Type = 13
rlm_perl: Added pair Tunnel-Medium-Type = 6
rlm_perl: Added pair Auth-Type = EAP
++[perl] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 202 to 10.0.9.48 port 1645
	Tunnel-Private-Group-Id:0 = "101"
	Session-Timeout = 250
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	EAP-Message = 0x010300061920
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xfa8b288efa8831bb8df0c9954079019a
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.9.48 port 1645, id=203,
length=295
	User-Name = "host/lt-pkn.atlas.atlascollege.nl"
	Framed-MTU = 1400
	Called-Station-Id = "0019.070a.a011"
	Calling-Station-Id = "0016.eae4.d5aa"
	Cisco-AVPair = "ssid=geengast"
	Service-Type = Login-User
	Message-Authenticator = 0xb1f4bca9888d29b9737e493878e3d421
	EAP-Message =
0x0203006919800000005f160301005a0100005603014fc73361cfa763a813cd492895c4
7eaa37aedcae0683cf4fad46d7cfdbfe1f5a000018002f00350005000ac013c014c009c0
0a003200380013000401000015ff01000100000a0006000400170018000b00020100
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 389
	NAS-Port-Id = "389"
	State = 0xfa8b288efa8831bb8df0c9954079019a
	NAS-IP-Address = 10.0.9.48
	NAS-Identifier = "radtest"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "host/lt-pkn.atlas.atlascollege.nl",
looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 105
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 95
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 005a], ClientHello  
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello  
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 02ae], Certificate  
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase 
In SSL Accept mode  
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 203 to 10.0.9.48 port 1645
	EAP-Message =
0x010402f8190016030100310200002d03014fc7334922ea9802ba6fd82e47b9eb5abed5
e3075ad553d92a0502656236500000002f000005ff0100010016030102ae0b0002aa0002
a70002a4308202a03082018802090093612d39d755e4c6300d06092a864886f70d010105
050030123110300e0603550403130772616474657374301e170d31323035323231313430
33325a170d3232303532303131343033325a30123110300e060355040313077261647465
737430820122300d06092a864886f70d01010105000382010f003082010a0282010100ad
3ae0a6b058a19f697fd586bbbabf66f43779ad771cde66d4dbdbf2b824510c485ab969b8
8ac7
	EAP-Message =
0x6a7ba5b8d15fd768890756ef6e606f27d21623f0fa9bfc07dc282a4db2de57fe048773
02e4d91bb921dba6fbafd77da8f8b5eb2082949a8b522092418771ff67d4a186c80b3bd7
d84a89da318eef50b16c931948ef882001269f33d39a0b3644b09125668e4423124eb7ca
b5b85a6b92428edfe4ee1c789b9add3f478b718f4665737afe87a85a7f6580db9c42d204
6aa5263bba39ec6c455dbb80702244dfe3f50a361cb29b66eba17e668cfd860a0ec28f05
b70cc2cc5eea96c4520ea1dd5a237e26034e7ef0a3c82d42ae455c15c9d5a5149d568c13
346f0203010001300d06092a864886f70d010105050003820101000c9d1ae5dbcc0b4fae
fe91
	EAP-Message =
0x9f91d3e971823a0df53cf3783498064e1dbac81a510fcc1162bc2f3e7ab14958d208d1
4653a210430589233379b05bc27611322d9c636da1c6ba154e1f10d6bd4afadfed812e50
4811a8c0b9301a3303cce719f2f78828beaf92d08d21c43cbb001ddf6ea3e57c0c0e24c0
f1a11db8d2d90779dd4860af589161db5633cd1618a87e56500834601697b4eaab460907
d3305686421ab9912d14f33589f1ea98fe2da40497047c35a9436721d0a6703b0fd074c4
3d5673d48706ebd00aaf5efc94f31b5407b43278871a2e56822173ff21811f03657a640b
d912d1b52f4844976c13658655ebab73bcc79299df2830a2f8b1a984d85716030100040e
0000
	EAP-Message = 0x00
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xfa8b288efb8f31bb8df0c9954079019a
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.9.48 port 1645, id=204,
length=528
	User-Name = "host/lt-pkn.atlas.atlascollege.nl"
	Framed-MTU = 1400
	Called-Station-Id = "0019.070a.a011"
	Calling-Station-Id = "0016.eae4.d5aa"
	Cisco-AVPair = "ssid=geengast"
	Service-Type = Login-User
	Message-Authenticator = 0x8297464cc5d683623a7610651854dd3e
	EAP-Message =
0x0204015019800000014616030101061000010201003984f63af6565c1a71d6ca259f81
dbf2194e47cae6f46c5e3c802bea536c17bbad61ea61a89102f672aa22601466e46bb1a7
83d41759125f8ba1174ce7a55b0032997e2606cdfa1e6c015d51a2e1ac6e5751ca48a26c
33df07d8d3fa2327c5dbe2c39f09b688850a06a45ffb1dd46718cf620e5a583393b450fb
66e0a64bb618f84b45292940cceeb1a79907374125d7aed6070943cc9557613ee9bff5db
c0efdc61145238e349b343bce6e8032fe69b9f769100b021819cd532e66a4dbab9decdd0
adec15598a86993cc9105aafcb937d62229d5b02d530d66e49875a6ce6b0061ffb20b2c1
13d8
	EAP-Message =
0x465df29cbfb7867a6e326bc5833ab5619c421643e0976b8d1403010001011603010030
7409547395973a8f1dd53ca88878b699e118d5042d0ec13681f7bce17fd6af272e2053cf
c663c966a8dd362722af3684
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 389
	NAS-Port-Id = "389"
	State = 0xfa8b288efb8f31bb8df0c9954079019a
	NAS-IP-Address = 10.0.9.48
	NAS-Identifier = "radtest"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "host/lt-pkn.atlas.atlascollege.nl",
looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange  
[peap]     TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]  
[peap] <<< TLS 1.0 Handshake [length 0010], Finished  
[peap]     TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]  
[peap]     TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished  
[peap]     TLS_accept: SSLv3 write finished A
[peap]     TLS_accept: SSLv3 flush data
[peap]     (other): SSL negotiation finished successfully
SSL Connection Established 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 204 to 10.0.9.48 port 1645
	EAP-Message =
0x0105004119001403010001011603010030b44fd787ae0d0ad9df11ad9e7c34e5309ff1
4efaaf30a8f24eccb23a628bde5320bbe9d461ce50186a0d260a5450d9e1
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xfa8b288ef88e31bb8df0c9954079019a
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.9.48 port 1645, id=205,
length=196
	User-Name = "host/lt-pkn.atlas.atlascollege.nl"
	Framed-MTU = 1400
	Called-Station-Id = "0019.070a.a011"
	Calling-Station-Id = "0016.eae4.d5aa"
	Cisco-AVPair = "ssid=geengast"
	Service-Type = Login-User
	Message-Authenticator = 0x43082862e1ec75cac73daf2685e9089a
	EAP-Message = 0x020500061900
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 389
	NAS-Port-Id = "389"
	State = 0xfa8b288ef88e31bb8df0c9954079019a
	NAS-IP-Address = 10.0.9.48
	NAS-Identifier = "radtest"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "host/lt-pkn.atlas.atlascollege.nl",
looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3 
[peap] eaptls_process returned 3 
[peap] EAPTLS_SUCCESS
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 205 to 10.0.9.48 port 1645
	EAP-Message =
0x0106002b19001703010020054299ee7054795987b8ffa05baf241e11bf2cfbd8a59fb7
dfa152855b2b9010
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xfa8b288ef98d31bb8df0c9954079019a
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.9.48 port 1645, id=206,
length=265
	User-Name = "host/lt-pkn.atlas.atlascollege.nl"
	Framed-MTU = 1400
	Called-Station-Id = "0019.070a.a011"
	Calling-Station-Id = "0016.eae4.d5aa"
	Cisco-AVPair = "ssid=geengast"
	Service-Type = Login-User
	Message-Authenticator = 0x68aa7f1b7c3e6edd8a86f5d00dbcf8a0
	EAP-Message =
0x0206004b19001703010040e4a88b3269302d6cfce6b1a7989d18617e49499b98d34f06
845ebb556174a44eddc8752ae1709c96aa0501fdbb077d31f706ac32123100731f075910
02136df9
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 389
	NAS-Port-Id = "389"
	State = 0xfa8b288ef98d31bb8df0c9954079019a
	NAS-IP-Address = 10.0.9.48
	NAS-Identifier = "radtest"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "host/lt-pkn.atlas.atlascollege.nl",
looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 75
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - host/lt-pkn.atlas.atlascollege.nl
[peap] Got inner identity 'host/lt-pkn.atlas.atlascollege.nl'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
	EAP-Message =
0x0206002601686f73742f6c742d706b6e2e61746c61732e61746c6173636f6c6c656765
2e6e6c
server  {
  PEAP: Setting User-Name to host/lt-pkn.atlas.atlascollege.nl
Sending tunneled request
	EAP-Message =
0x0206002601686f73742f6c742d706b6e2e61746c61732e61746c6173636f6c6c656765
2e6e6c
	FreeRADIUS-Proxied-To = 127.0.0.1
	User-Name = "host/lt-pkn.atlas.atlascollege.nl"
server inner-tunnel {
# Executing section authorize from file
/etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "host/lt-pkn.atlas.atlascollege.nl",
looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[files] users: Matched entry DEFAULT at line 209
++[files] returns ok
rlm_perl: Added pair User-Name = host/lt-pkn.atlas.atlascollege.nl
rlm_perl: Added pair EAP-Message =
0x0206002601686f73742f6c742d706b6e2e61746c61732e61746c6173636f6c6c656765
2e6e6c
rlm_perl: Added pair FreeRADIUS-Proxied-To = 127.0.0.1
rlm_perl: Added pair Auth-Type = Perl
rlm_perl: Added pair Proxy-To-Realm = LOCAL
rlm_perl: Added pair EAP-Type = MS-CHAP-V2
++[perl] returns noop
[eap] EAP packet type response id 6 length 38
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = Perl
Found Auth-Type = EAP
Warning:  Found 2 auth-types on request for user
'host/lt-pkn.atlas.atlascollege.nl'
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
	EAP-Message =
0x0107003b1a010700361052c2c92bbd0e87883b4b4f0274aba0d2686f73742f6c742d70
6b6e2e61746c61732e61746c6173636f6c6c6567652e6e6c
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xed1f2576ed183f556982a467baafe64e
[peap] Got tunneled reply RADIUS code 11
	EAP-Message =
0x0107003b1a010700361052c2c92bbd0e87883b4b4f0274aba0d2686f73742f6c742d70
6b6e2e61746c61732e61746c6173636f6c6c6567652e6e6c
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xed1f2576ed183f556982a467baafe64e
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 206 to 10.0.9.48 port 1645
	EAP-Message =
0x0107005b190017030100506963cc9b3e61da63080f3f4649e097ce960af7145c127858
b6e32f795b6a8768628888fc569f050c4e9ff7581b993f91c83610dcebc1f97097dd1385
520f0e66cd7d6c63c0b4afe5a0d526f13917e99e
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xfa8b288efe8c31bb8df0c9954079019a
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.9.48 port 1645, id=207,
length=313
	User-Name = "host/lt-pkn.atlas.atlascollege.nl"
	Framed-MTU = 1400
	Called-Station-Id = "0019.070a.a011"
	Calling-Station-Id = "0016.eae4.d5aa"
	Cisco-AVPair = "ssid=geengast"
	Service-Type = Login-User
	Message-Authenticator = 0xe33f0b004c2ca6563de0b3ad8040eed7
	EAP-Message =
0x0207007b19001703010070beb17e8fe13c07a0d805fe4183f700b885c5f9204faa53ff
1cec4bc5774926082432d9443b371b83f91e3d73770c20a875836cad6a362464c52fd450
4f9522a09e6c2d7602f94a0130fce57149e9ba16f55da6cfe6a1946e4b9565975b423dc0
fd31defda2dcbeea261dcbd9faf9938e
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 389
	NAS-Port-Id = "389"
	State = 0xfa8b288efe8c31bb8df0c9954079019a
	NAS-IP-Address = 10.0.9.48
	NAS-Identifier = "radtest"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "host/lt-pkn.atlas.atlascollege.nl",
looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 123
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
	EAP-Message =
0x0207005c1a0207005731f4a74198ac9707e6d2e2de480af77ddc000000000000000074
9aed48b37215d879a819b543c8230fc1ea904c861be95000686f73742f6c742d706b6e2e
61746c61732e61746c6173636f6c6c6567652e6e6c
server  {
  PEAP: Setting User-Name to host/lt-pkn.atlas.atlascollege.nl
Sending tunneled request
	EAP-Message =
0x0207005c1a0207005731f4a74198ac9707e6d2e2de480af77ddc000000000000000074
9aed48b37215d879a819b543c8230fc1ea904c861be95000686f73742f6c742d706b6e2e
61746c61732e61746c6173636f6c6c6567652e6e6c
	FreeRADIUS-Proxied-To = 127.0.0.1
	User-Name = "host/lt-pkn.atlas.atlascollege.nl"
	State = 0xed1f2576ed183f556982a467baafe64e
server inner-tunnel {
# Executing section authorize from file
/etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "host/lt-pkn.atlas.atlascollege.nl",
looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[files] users: Matched entry DEFAULT at line 209
++[files] returns ok
rlm_perl: Added pair User-Name = host/lt-pkn.atlas.atlascollege.nl
rlm_perl: Added pair EAP-Message =
0x0207005c1a0207005731f4a74198ac9707e6d2e2de480af77ddc000000000000000074
9aed48b37215d879a819b543c8230fc1ea904c861be95000686f73742f6c742d706b6e2e
61746c61732e61746c6173636f6c6c6567652e6e6c
rlm_perl: Added pair State = 0xed1f2576ed183f556982a467baafe64e
rlm_perl: Added pair FreeRADIUS-Proxied-To = 127.0.0.1
rlm_perl: Added pair Auth-Type = Perl
rlm_perl: Added pair Proxy-To-Realm = LOCAL
++[perl] returns noop
[eap] EAP packet type response id 7 length 92
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = Perl
Found Auth-Type = EAP
Warning:  Found 2 auth-types on request for user
'host/lt-pkn.atlas.atlascollege.nl'
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file
/etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username:
host/lt-pkn.atlas.atlascollege.nl
[mschap] Told to do MS-CHAPv2 for host/lt-pkn.atlas.atlascollege.nl with
NT-Password
[mschap] 	expand: --username=%{mschap:User-Name:-None} ->
--username=lt-pkn$
[mschap] 	expand: %{mschap:NT-Domain} -> atlas
[mschap] 	expand: --domain=%{%{mschap:NT-Domain}:-ATLAS} ->
--domain=atlas
[mschap]  mschap2: 52
[mschap] Creating challenge hash with username:
host/lt-pkn.atlas.atlascollege.nl
[mschap] 	expand: --challenge=%{mschap:Challenge:-00} ->
--challenge=2a115578878d4bc4
[mschap] 	expand: --nt-response=%{mschap:NT-Response:-00} ->
--nt-response=749aed48b37215d879a819b543c8230fc1ea904c861be950
Exec-Program output: NT_KEY: 0E4B3AC71048637A22E975629A7E708B 
Exec-Program-Wait: plaintext: NT_KEY: 0E4B3AC71048637A22E975629A7E708B 
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success 
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
	EAP-Message =
0x010800331a0307002e533d333044303431353546324430383542393832454638463339
44443846343330393345394445304230
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xed1f2576ec173f556982a467baafe64e
[peap] Got tunneled reply RADIUS code 11
	EAP-Message =
0x010800331a0307002e533d333044303431353546324430383542393832454638463339
44443846343330393345394445304230
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xed1f2576ec173f556982a467baafe64e
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 207 to 10.0.9.48 port 1645
	EAP-Message =
0x0108005b190017030100502098e038ea3dda0988810bd213735cf28e6dc3a3d5669105
0ce3d24d50dd9e3c25b5dabc315f20b0c5cfdb599016c1875de725cd2c9be6206065cd5e
50d49ce05630243c395e4d6c8df6c9b770f41992
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xfa8b288eff8331bb8df0c9954079019a
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.9.48 port 1645, id=208,
length=233
	User-Name = "host/lt-pkn.atlas.atlascollege.nl"
	Framed-MTU = 1400
	Called-Station-Id = "0019.070a.a011"
	Calling-Station-Id = "0016.eae4.d5aa"
	Cisco-AVPair = "ssid=geengast"
	Service-Type = Login-User
	Message-Authenticator = 0x01f97cbd1a55a4b5d3c343a8bff50e32
	EAP-Message =
0x0208002b19001703010020195414ca1d196ee92e32583f8298b7ea67f168be12401176
4e2561105941cb00
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 389
	NAS-Port-Id = "389"
	State = 0xfa8b288eff8331bb8df0c9954079019a
	NAS-IP-Address = 10.0.9.48
	NAS-Identifier = "radtest"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "host/lt-pkn.atlas.atlascollege.nl",
looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
	EAP-Message = 0x020800061a03
server  {
  PEAP: Setting User-Name to host/lt-pkn.atlas.atlascollege.nl
Sending tunneled request
	EAP-Message = 0x020800061a03
	FreeRADIUS-Proxied-To = 127.0.0.1
	User-Name = "host/lt-pkn.atlas.atlascollege.nl"
	State = 0xed1f2576ec173f556982a467baafe64e
server inner-tunnel {
# Executing section authorize from file
/etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "host/lt-pkn.atlas.atlascollege.nl",
looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[files] users: Matched entry DEFAULT at line 209
++[files] returns ok
rlm_perl: Added pair User-Name = host/lt-pkn.atlas.atlascollege.nl
rlm_perl: Added pair EAP-Message = 0x020800061a03
rlm_perl: Added pair State = 0xed1f2576ec173f556982a467baafe64e
rlm_perl: Added pair FreeRADIUS-Proxied-To = 127.0.0.1
rlm_perl: Added pair Auth-Type = Perl
rlm_perl: Added pair Proxy-To-Realm = LOCAL
++[perl] returns noop
[eap] EAP packet type response id 8 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = Perl
Found Auth-Type = EAP
Warning:  Found 2 auth-types on request for user
'host/lt-pkn.atlas.atlascollege.nl'
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
  WARNING: Empty post-auth section.  Using default return values.
# Executing section post-auth from file
/etc/freeradius/sites-enabled/inner-tunnel
} # server inner-tunnel
[peap] Got tunneled reply code 2
	MS-MPPE-Encryption-Policy = 0x00000001
	MS-MPPE-Encryption-Types = 0x00000006
	MS-MPPE-Send-Key = 0xa2a8dbf6f2cfb9fdbd0b000663af7c62
	MS-MPPE-Recv-Key = 0x2288dd50426a86ee2dca3737658de57c
	EAP-Message = 0x03080004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "host/lt-pkn.atlas.atlascollege.nl"
[peap] Got tunneled reply RADIUS code 2
	MS-MPPE-Encryption-Policy = 0x00000001
	MS-MPPE-Encryption-Types = 0x00000006
	MS-MPPE-Send-Key = 0xa2a8dbf6f2cfb9fdbd0b000663af7c62
	MS-MPPE-Recv-Key = 0x2288dd50426a86ee2dca3737658de57c
	EAP-Message = 0x03080004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "host/lt-pkn.atlas.atlascollege.nl"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 208 to 10.0.9.48 port 1645
	EAP-Message =
0x0109002b19001703010020dc05ca7cb6357d0b606833914286d4570c9be8b49d0fb0e5
5712e1f7d1ee6020
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xfa8b288efc8231bb8df0c9954079019a
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.9.48 port 1645, id=209,
length=233
	User-Name = "host/lt-pkn.atlas.atlascollege.nl"
	Framed-MTU = 1400
	Called-Station-Id = "0019.070a.a011"
	Calling-Station-Id = "0016.eae4.d5aa"
	Cisco-AVPair = "ssid=geengast"
	Service-Type = Login-User
	Message-Authenticator = 0x810f84840491233963bd54edd7cd489d
	EAP-Message =
0x0209002b190017030100209393b67c4b83a3c60c318cbe352bac2f864b5fb9a1fe6a37
34b682ea4f6fa775
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 389
	NAS-Port-Id = "389"
	State = 0xfa8b288efc8231bb8df0c9954079019a
	NAS-IP-Address = 10.0.9.48
	NAS-Identifier = "radtest"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "host/lt-pkn.atlas.atlascollege.nl",
looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file
/etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 209 to 10.0.9.48 port 1645
	MS-MPPE-Recv-Key =
0x33ecfbf5652ce567309f5f2b1710989bd8c1c1ef2e68386139e7c94f2eb06a75
	MS-MPPE-Send-Key =
0x5c0639908bded95e2a61821743bf72ea714a6acc829016d7c4ce07edfdba4223
	EAP-Message = 0x03090004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "host/lt-pkn.atlas.atlascollege.nl"
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 202 with timestamp +10
Cleaning up request 1 ID 203 with timestamp +10
Cleaning up request 2 ID 204 with timestamp +10
Cleaning up request 3 ID 205 with timestamp +10
Cleaning up request 4 ID 206 with timestamp +10
Cleaning up request 5 ID 207 with timestamp +10
Cleaning up request 6 ID 208 with timestamp +10
Cleaning up request 7 ID 209 with timestamp +10
Ready to process requests.


More information about the Freeradius-Users mailing list