Dynamic vlan assignment

Dario Palmisano Dario.Palmisano at icgeb.org
Fri Jul 19 17:17:37 CEST 2013


On Friday 19 July 2013 16:57:07 A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
> 
> > Here you can download the (almost complete) debug log. Near the end I
> > added a text to make evident when I disconnected.
> >
> > http://webshare.icgeb.org//data/public/ce2e2ee9fbd84c362fd49b10805b36c8.p
> >hp?lang=en
> 
> please dont ask me to visit random web sites that require to to click on
>  things etc. just email the output to this list.
> 
> alan
> -
> List info/subscribe/unsubscribe? See
>  http://www.freeradius.org/list/users.html
> 

OK, I thought it was wiser not to send on the list...


FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on Oct  2 
2012 at 23:16:43
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. 
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
PARTICULAR PURPOSE. 
You may redistribute copies of FreeRADIUS under the terms of the 
GNU General Public License v2. 
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/opendirectory
including configuration file /etc/raddb/modules/replicate
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/ldap
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/redis
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/soh
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/f_ticks
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/dynamic_clients
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/rediswho
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/eap.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/eduroam
including configuration file /etc/raddb/sites-enabled/eduroam-inner-tunnel
main {
	user = "radiusd"
	group = "radiusd"
	allow_core_dumps = no
}
including dictionary file /etc/raddb/dictionary
main {
	name = "radiusd"
	prefix = "/usr"
	localstatedir = "/var"
	sbindir = "/usr/sbin"
	logdir = "/var/log/radius"
	run_dir = "/var/run/radiusd"
	libdir = "/usr/lib64/freeradius"
	radacctdir = "/var/log/radius/radacct"
	hostname_lookups = no
	max_request_time = 30
	cleanup_delay = 5
	max_requests = 1024
	pidfile = "/var/run/radiusd/radiusd.pid"
	checkrad = "/usr/sbin/checkrad"
	debug_level = 0
	proxy_requests = yes
 log {
	stripped_names = no
	auth = no
	auth_badpass = no
	auth_goodpass = no
 }
 security {
	max_attributes = 200
	reject_delay = 0
	status_server = yes
 }
}
radiusd: #### Loading Realms and Home Servers ####
 proxy server {
	retry_delay = 5
	retry_count = 3
	default_fallback = no
	dead_time = 120
	wake_all_if_all_dead = no
 }
 home_server eduroam-upstream-flr-1 {
	ipaddr = 192.168.1.1
	port = 1812
	type = "auth+acct"
	secret = "secretstuff"
	response_window = 30
	max_outstanding = 65536
	zombie_period = 40
	status_check = "status-server"
	ping_interval = 30
	check_interval = 30
	num_answers_to_alive = 3
	num_pings_to_alive = 3
	revive_interval = 300
	status_check_timeout = 4
 }
 home_server eduroam-upstream-flr-2 {
	ipaddr = 192.168.1.2
	port = 1812
	type = "auth+acct"
	secret = "secretstuff"
	response_window = 30
	max_outstanding = 65536
	zombie_period = 40
	status_check = "status-server"
	ping_interval = 30
	check_interval = 30
	num_answers_to_alive = 3
	num_pings_to_alive = 3
	revive_interval = 300
	status_check_timeout = 4
 }
 realm icgeb.trieste.it {
 }
 realm icgeb.ts.it {
 }
 realm NULL {
 }
 realm LOCAL {
 }
 home_server_pool EDUROAM {
	type = fail-over
	home_server = eduroam-upstream-flr-1
	home_server = eduroam-upstream-flr-2
 }
 realm ~.+$ {
	pool = EDUROAM
	nostrip
 }
radiusd: #### Loading Clients ####

 client 172.16.254.45 {
	require_message_authenticator = yes
	secret = "SECRET"
	shortname = "ap-test-1"
 }
radiusd: #### Instantiating modules ####
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/raddb/radiusd.conf
 modules {
 } # modules
} # server
server eduroam { # from file /etc/raddb/sites-enabled/eduroam
 modules {
  Module: Creating Post-Auth-Type = REJECT
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_eap
 Module: Instantiating module "eap" from file /etc/raddb/eap.conf
  eap {
	default_eap_type = "peap"
	timer_expire = 60
	ignore_unknown_eap_types = no
	cisco_accounting_username_bug = no
	max_sessions = 4096
  }
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
	rsa_key_exchange = no
	dh_key_exchange = yes
	rsa_key_length = 512
	dh_key_length = 512
	verify_depth = 0
	pem_file_type = yes
	private_key_file = "/etc/raddb/certs/radius-
radiust.icgeb.trieste.it.key"
	certificate_file = "/etc/raddb/certs/radius-
radiust.icgeb.trieste.it.crt"
	CA_file = "/etc/raddb/certs/ca-helixt.icgeb.trieste.it.crt"
	private_key_password = "ICGEB_PaSsWoRd"
	dh_file = "/etc/raddb/certs/radius-dh"
	random_file = "/dev/urandom"
	fragment_size = 1024
	include_length = yes
	check_crl = no
	cipher_list = "DEFAULT"
    cache {
	enable = yes
	lifetime = 24
	max_entries = 255
    }
   }
 Module: Linked to sub-module rlm_eap_peap
 Module: Instantiating eap-peap
   peap {
	default_eap_type = "mschapv2"
	copy_request_to_tunnel = yes
	use_tunneled_reply = yes
	proxy_tunneled_request_as_eap = yes
	virtual_server = "eduroam-inner-tunnel"
	soh = no
   }
 Module: Linked to sub-module rlm_eap_mschapv2
 Module: Instantiating eap-mschapv2
   mschapv2 {
	with_ntdomain_hack = no
	send_error = no
   }
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating module "preprocess" from file 
/etc/raddb/modules/preprocess
  preprocess {
	huntgroups = "/etc/raddb/huntgroups"
	hints = "/etc/raddb/hints"
	with_ascend_hack = no
	ascend_channels_per_line = 23
	with_ntdomain_hack = no
	with_specialix_jetstream_hack = no
	with_cisco_vsa_hack = no
	with_alvarion_vsa_hack = no
  }
 Module: Linked to module rlm_detail
 Module: Instantiating module "auth_log" from file 
/etc/raddb/modules/detail.log
  detail auth_log {
	detailfile = "/var/log/radius/radacct/auth-detail.log"
	header = "%t"
	detailperm = 384
	dirperm = 493
	locking = no
	log_packet_header = no
  }
 Module: Linked to module rlm_realm
 Module: Instantiating module "suffix" from file /etc/raddb/modules/realm
  realm suffix {
	format = "suffix"
	delimiter = "@"
	ignore_default = no
	ignore_null = no
  }
 Module: Checking preacct {...} for more modules to load
 Module: Linked to module rlm_acct_unique
 Module: Instantiating module "acct_unique" from file 
/etc/raddb/modules/acct_unique
  acct_unique {
	key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, 
NAS-Port"
  }
 Module: Linked to module rlm_files
 Module: Instantiating module "files" from file /etc/raddb/modules/files
  files {
	usersfile = "/etc/raddb/users"
	acctusersfile = "/etc/raddb/acct_users"
	preproxy_usersfile = "/etc/raddb/preproxy_users"
	compat = "no"
	key = "%{%{Stripped-User-Name}:-%{User-Name}}"
  }
 Module: Checking accounting {...} for more modules to load
 Module: Instantiating module "detail" from file /etc/raddb/modules/detail
  detail {
	detailfile = "/var/log/radius/radacct/detail"
	header = "%t"
	detailperm = 384
	dirperm = 493
	locking = no
	log_packet_header = no
  }
 Module: Linked to module rlm_radutmp
 Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp
  radutmp {
	filename = "/var/log/radius/radutmp"
	username = "%{%{Stripped-User-Name}:-%{User-Name}}"
	case_sensitive = yes
	check_with_nas = no
	perm = 384
	callerid = yes
  }
 Module: Instantiating module "sradutmp" from file /etc/raddb/modules/sradutmp
  radutmp sradutmp {
	filename = "/var/log/radius/sradutmp"
	username = "%{User-Name}"
	case_sensitive = yes
	check_with_nas = yes
	perm = 420
	callerid = no
  }
 Module: Checking pre-proxy {...} for more modules to load
 Module: Instantiating module "pre_proxy_log" from file 
/etc/raddb/modules/detail.log
  detail pre_proxy_log {
	detailfile = "/var/log/radius/radacct/pre-proxy-detail.log"
	header = "%t"
	detailperm = 384
	dirperm = 493
	locking = no
	log_packet_header = no
  }
 Module: Linked to module rlm_attr_filter
 Module: Instantiating module "attr_filter.pre-proxy" from file 
/etc/raddb/modules/attr_filter
  attr_filter attr_filter.pre-proxy {
	attrsfile = "/etc/raddb/attrs.pre-proxy"
	key = "%{Realm}"
	relaxed = no
  }
 Module: Checking post-proxy {...} for more modules to load
 Module: Instantiating module "post_proxy_log" from file 
/etc/raddb/modules/detail.log
  detail post_proxy_log {
	detailfile = "/var/log/radius/radacct/post-proxy-detail.log"
	header = "%t"
	detailperm = 384
	dirperm = 493
	locking = no
	log_packet_header = no
  }
 Module: Instantiating module "attr_filter.post-proxy" from file 
/etc/raddb/modules/attr_filter
  attr_filter attr_filter.post-proxy {
	attrsfile = "/etc/raddb/attrs"
	key = "%{Realm}"
	relaxed = no
  }
 Module: Checking post-auth {...} for more modules to load
 Module: Instantiating module "reply_log" from file 
/etc/raddb/modules/detail.log
  detail reply_log {
	detailfile = "/var/log/radius/radacct/reply-detail.log"
	header = "%t"
	detailperm = 384
	dirperm = 493
	locking = no
	log_packet_header = no
  }
 Module: Linked to module rlm_linelog
 Module: Instantiating module "f_ticks" from file /etc/raddb/modules/f_ticks
  linelog f_ticks {
	filename = "/var/log/radius/radacct/f_ticks"
	permissions = 384
	format = ""
	reference = "f_ticks.%{%{reply:Packet-Type}:-format}"
  }
 } # modules
} # server
server eduroam-inner-tunnel { # from file /etc/raddb/sites-enabled/eduroam-
inner-tunnel
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_mschap
 Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap
  mschap {
	use_mppe = yes
	require_encryption = no
	require_strong = no
	with_ntdomain_hack = no
	allow_retry = yes
  }
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_always
 Module: Instantiating module "reject" from file /etc/raddb/modules/always
  always reject {
	rcode = "reject"
	simulcount = 0
	mpp = no
  }
 Module: Linked to module rlm_ldap
 Module: Instantiating module "ldap1" from file /etc/raddb/modules/ldap
  ldap ldap1 {
	server = "ldap1.icgeb.org"
	port = 389
	password = "SECRET"
	identity = "cn=samba,dc=icgeb,dc=org"
	net_timeout = 1
	timeout = 4
	timelimit = 3
	tls_mode = no
	start_tls = no
	tls_require_cert = "allow"
   tls {
	start_tls = yes
	require_cert = "never"
   }
	basedn = "ou=Users,dc=icgeb,dc=org"
	filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
	base_filter = "(objectclass=radiusprofile)"
	auto_header = no
	access_attr = "uid"
	access_attr_used_for_allow = yes
	groupname_attribute = "cn"
	groupmembership_filter = "(|(&(objectClass=GroupOfNames)
(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)
(uniquemember=%{Ldap-UserDn})))"
	dictionary_mapping = "/etc/raddb/ldap.attrmap"
	ldap_debug = 0
	ldap_connections_number = 5
	compare_check_items = no
	do_xlat = yes
	set_auth_type = yes
   keepalive {
	idle = 60
	probes = 3
	interval = 3
   }
  }
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Creating new attribute ldap1-Ldap-Group
rlm_ldap: Registering ldap_groupcmp for ldap1-Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap1
rlm_ldap: Over-riding set_auth_type, as there is no module ldap1 listed in the 
"authenticate" section.
rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-
Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-
Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-
Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-
Group-Id
conns: 0x7f4c61f9ac40
 Module: Instantiating module "ldap2" from file /etc/raddb/modules/ldap
  ldap ldap2 {
	server = "ldap2.icgeb.org"
	port = 389
	password = "SECRET"
	identity = "cn=samba,dc=icgeb,dc=org"
	net_timeout = 1
	timeout = 4
	timelimit = 3
	tls_mode = no
	start_tls = no
	tls_require_cert = "allow"
   tls {
	start_tls = yes
	require_cert = "never"
   }
	basedn = "ou=Users,dc=icgeb,dc=org"
	filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
	base_filter = "(objectclass=radiusprofile)"
	auto_header = no
	access_attr = "uid"
	access_attr_used_for_allow = yes
	groupname_attribute = "cn"
	groupmembership_filter = "(|(&(objectClass=GroupOfNames)
(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)
(uniquemember=%{Ldap-UserDn})))"
	dictionary_mapping = "/etc/raddb/ldap.attrmap"
	ldap_debug = 0
	ldap_connections_number = 5
	compare_check_items = no
	do_xlat = yes
	set_auth_type = yes
   keepalive {
	idle = 60
	probes = 3
	interval = 3
   }
  }
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Creating new attribute ldap2-Ldap-Group
rlm_ldap: Registering ldap_groupcmp for ldap2-Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap2
rlm_ldap: Over-riding set_auth_type, as there is no module ldap2 listed in the 
"authenticate" section.
rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-
Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-
Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-
Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-
Group-Id
conns: 0x7f4c61f9c680
 Module: Linked to module rlm_expiration
 Module: Instantiating module "expiration" from file 
/etc/raddb/modules/expiration
  expiration {
	reply-message = "Password Has Expired  "
  }
 Module: Checking session {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 } # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
	type = "auth"
	virtual_server = "eduroam"
	ipaddr = *
	port = 0
}
listen {
	type = "acct"
	virtual_server = "eduroam"
	ipaddr = *
	port = 0
}
 ... adding new socket proxy address * port 50818
 ... adding new socket proxy address * port 48997
 ... adding new socket proxy address * port 36625
 ... adding new socket proxy address * port 51958
Listening on authentication address * port 1812 as server eduroam
Listening on accounting address * port 1813 as server eduroam
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=180, 
length=251
	User-Name = "palmi at icgeb.ts.it"
	Framed-MTU = 1400
	Called-Station-Id = "003a.9ae0.1460"
	Calling-Station-Id = "d49a.2063.2450"
	Cisco-AVPair = "ssid=XXX-ER"
	WISPr-Location-Name = "Floor Ground, Building F1 (test)"
	Service-Type = Login-User
	Message-Authenticator = 0xfc2c0afcddc3f092eb89869e5cdccbcc
	EAP-Message = 0x020100160170616c6d694069636765622e74732e6974
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1016
	NAS-Port-Id = "1016"
	NAS-IP-Address = 172.16.254.45
server eduroam {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam
+- entering group authorize {...}
++[preprocess] returns ok
++[request] returns ok
[auth_log] 	expand: /var/log/radius/radacct/auth-detail.log -> 
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to 
/var/log/radius/radacct/auth-detail.log
[auth_log] 	expand: %t -> Fri Jul 19 15:02:51 2013
++[auth_log] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 1 length 22
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Flushing SSL sessions (of #0)
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
} # server eduroam
Sending Access-Challenge of id 180 to 172.16.254.45 port 1645
	EAP-Message = 0x010200061920
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x669027bd66923e30f26eb21d75d65d85
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=181, 
length=411
	User-Name = "palmi at icgeb.ts.it"
	Framed-MTU = 1400
	Called-Station-Id = "003a.9ae0.1460"
	Calling-Station-Id = "d49a.2063.2450"
	Cisco-AVPair = "ssid=XXX-ER"
	WISPr-Location-Name = "Floor Ground, Building F1 (test)"
	Service-Type = Login-User
	Message-Authenticator = 0x79d8e016f5c847ef528f668472bb9a59
	EAP-Message = 
0x020200a419800000009a160301009501000091030151e93900542f13df3626ff6d17f8c44f8a5b2e5d2789dbdcf49a02dc36bc7d1e000056c00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a000900030008000600320033003800390016001500140013001200110034003a0018001b001a00170019000101000012000a00080006001700180019000b00020100
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1016
	NAS-Port-Id = "1016"
	State = 0x669027bd66923e30f26eb21d75d65d85
	NAS-IP-Address = 172.16.254.45
server eduroam {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam
+- entering group authorize {...}
++[preprocess] returns ok
++[request] returns ok
[auth_log] 	expand: /var/log/radius/radacct/auth-detail.log -> 
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to 
/var/log/radius/radacct/auth-detail.log
[auth_log] 	expand: %t -> Fri Jul 19 15:02:51 2013
++[auth_log] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 2 length 164
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 154
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0095], ClientHello  
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 004a], ServerHello  
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 0790], Certificate  
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase 
In SSL Accept mode  
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
} # server eduroam
Sending Access-Challenge of id 181 to 172.16.254.45 port 1645
	EAP-Message = 
0x0103040019c0000007ed160301004a02000046030151e938fbc7620d4fbcde52beebee35261e32ac240ac914ded87da542f76fce5420d13d4c1b37c5a8c5abc874c7b8ebcfb2adee9ed86972f10820789335d57620cd002f0016030107900b00078c0007890003cd308203c9308202b1a003020102020101300d06092a864886f70d010105050030819a310b3009060355040613024954310e300c060355040813054974616c793110300e0603550407130754726965737465310e300c060355040a1305494347454231163014060355040b130d436f6d707574657220556e6974311f301d06092a864886f70d010901161073797361646d4069636765
	EAP-Message = 
0x622e6f72673120301e0603550403131768656c6978742e69636765622e747269657374652e6974301e170d3133303730393039313634345a170d3433303730323039313634345a30819b310b3009060355040613024954310e300c060355040813054974616c793110300e0603550407130754726965737465310e300c060355040a1305494347454231163014060355040b130d436f6d707574657220556e6974311f301d06092a864886f70d010901161073797361646d4069636765622e6f72673121301f06035504031318726164697573742e69636765622e747269657374652e697430820122300d06092a864886f70d01010105000382010f00
	EAP-Message = 
0x3082010a0282010100c979e46c9cde8cf2c80df8c846dafaf642d4e5855fd369b069bfdf09e1d4d0bad965114dbec1aaacb81543e9399a87a73d723b6ee2a6ff4d1fddb96ca6a8b540bb82bc0fe8d2578937fd34d1b7945c2288f13f4f996a35316c413ce361db45f5b460ce35b5c294a4bf165030bcfd4986b9fc3790d4b4811c06e4f51f473a288029f8e674faa574eafd5d356abfe1295b05d32a344eb19d159526be6d9efc99f4d9f8f5a0a3269441c8535f933b535510e8848bd2518a4cb2096bd3e5e637296072a4ba1e0dff960b124a108329988b2a0eaaa9688cac3f9913bc37b1025f47527f2d972555d65685c509fc0906001fdee214de19
	EAP-Message = 
0xe2889d4fa82f472920611b0f0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003820101004fc473c5789733c97ddc8b7fe530ecb0fe4f3a86d4c27c8c8154a0872e21d15ee25b16f106b6330921292ec1627cd6e9e066cb36b8ffdd640e87bd8dfa496b362850ef8af23d8f8e3b74714208461fd250240cd7d4a77015e69640b0eeb7ac4a1601329a2c97aee6799446e2320f9a0c670d7b67732a7f3e3a425462adc297d384f4ca3b31bb318061b9f002553d7cbadd8b6342e54823ef44a34a525ea02772b6e6220724e6a2e39ccd9ed54b7d44b58afceff3de5f178ef4ebe691e5210d
	EAP-Message = 0x5f3eb23962f874699e641862
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x669027bd67933e30f26eb21d75d65d85
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=182, 
length=253
	User-Name = "palmi at icgeb.ts.it"
	Framed-MTU = 1400
	Called-Station-Id = "003a.9ae0.1460"
	Calling-Station-Id = "d49a.2063.2450"
	Cisco-AVPair = "ssid=XXX-ER"
	WISPr-Location-Name = "Floor Ground, Building F1 (test)"
	Service-Type = Login-User
	Message-Authenticator = 0x538a1d81b611fde158176047d16a7a69
	EAP-Message = 0x020300061900
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1016
	NAS-Port-Id = "1016"
	State = 0x669027bd67933e30f26eb21d75d65d85
	NAS-IP-Address = 172.16.254.45
server eduroam {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam
+- entering group authorize {...}
++[preprocess] returns ok
++[request] returns ok
[auth_log] 	expand: /var/log/radius/radacct/auth-detail.log -> 
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to 
/var/log/radius/radacct/auth-detail.log
[auth_log] 	expand: %t -> Fri Jul 19 15:02:52 2013
++[auth_log] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
} # server eduroam
Sending Access-Challenge of id 182 to 172.16.254.45 port 1645
	EAP-Message = 
0x010403fc1940258df22a84e2e9a9aff58ca761d45210d122606db6735bffcea1ad8d0c27606ba3326203b3e415d84d513a1692b992e31683a729d50003b6308203b23082029a020900db825bfb96c90cea300d06092a864886f70d010105050030819a310b3009060355040613024954310e300c060355040813054974616c793110300e0603550407130754726965737465310e300c060355040a1305494347454231163014060355040b130d436f6d707574657220556e6974311f301d06092a864886f70d010901161073797361646d4069636765622e6f72673120301e0603550403131768656c6978742e69636765622e747269657374652e6974
	EAP-Message = 
0x301e170d3133303730393039313633315a170d3233303730373039313633315a30819a310b3009060355040613024954310e300c060355040813054974616c793110300e0603550407130754726965737465310e300c060355040a1305494347454231163014060355040b130d436f6d707574657220556e6974311f301d06092a864886f70d010901161073797361646d4069636765622e6f72673120301e0603550403131768656c6978742e69636765622e747269657374652e697430820122300d06092a864886f70d01010105000382010f003082010a0282010100ba393288c78bc251ede2a3928cf908844db6bea8a9850b86765ec6bf6ca650
	EAP-Message = 
0x2d67ab8fb53bead648f7f1c2aaa1a88fc2224317dce1c4e176aa072edb3cb640353dfcfedee8695bce862b7ba1a224ccfc1b96615067d6e7bf824bde42b52763e392b91f2ba163ac501ef4dbeab18eb6e7ed08a8e02a5b4558cb21886d69974ab1404cad961044af66069d1cab98475e5a47ee503111b4a61a7bb393665e5a4404d547e4fc86437ffca7c1073ca29930932977b86b063144e7c6356ac42ed0aa1458275d0f487805142170f29659b175d36eadd01218ac19107ce1a37216fc1372076bbe3d25deef56656eb5905a8be2f0d2e245bf7c1cdde2b97c544c3dc045f10203010001300d06092a864886f70d010105050003820101002ce5c1
	EAP-Message = 
0x1608e87136325db92df41abad7837ba24969dd7a6833c66a3386cf5a804805fe91c77f46a544da5bd650e09750a3766933b028c8ac6dc91d7c67b9301d50cfb1b820ffd24615e3c6c0dfae04fb1b108af7d15a1c141bc9b3d4cb71e97748495376dd09dfbc791db404b66d2e5226947d2eec3789981daecf310dfb46139e9e054efe7e7eea41e92923db041f91ace2745a19a44e817bc1dc753fda067d35dd33155d468f99240b718d9b30f86e299734860d4e20654c9fead475723ff2720f5f68c63a8530999198b515e3f89012f15bd1696ecb3ef035703d68af0d63f53994c2dcdbb774c0a4ef19db8a7ff047523187b4b7c0d50e549ccde4b77db2
	EAP-Message = 0x16030100040e0000
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x669027bd64943e30f26eb21d75d65d85
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=183, 
length=253
	User-Name = "palmi at icgeb.ts.it"
	Framed-MTU = 1400
	Called-Station-Id = "003a.9ae0.1460"
	Calling-Station-Id = "d49a.2063.2450"
	Cisco-AVPair = "ssid=XXX-ER"
	WISPr-Location-Name = "Floor Ground, Building F1 (test)"
	Service-Type = Login-User
	Message-Authenticator = 0x27c83e5b3123ec9cd32a9a0e4287ea7a
	EAP-Message = 0x020400061900
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1016
	NAS-Port-Id = "1016"
	State = 0x669027bd64943e30f26eb21d75d65d85
	NAS-IP-Address = 172.16.254.45
server eduroam {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam
+- entering group authorize {...}
++[preprocess] returns ok
++[request] returns ok
[auth_log] 	expand: /var/log/radius/radacct/auth-detail.log -> 
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to 
/var/log/radius/radacct/auth-detail.log
[auth_log] 	expand: %t -> Fri Jul 19 15:02:52 2013
++[auth_log] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
} # server eduroam
Sending Access-Challenge of id 183 to 172.16.254.45 port 1645
	EAP-Message = 0x01050007190000
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x669027bd65953e30f26eb21d75d65d85
Finished request 3.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=184, 
length=585
	User-Name = "palmi at icgeb.ts.it"
	Framed-MTU = 1400
	Called-Station-Id = "003a.9ae0.1460"
	Calling-Station-Id = "d49a.2063.2450"
	Cisco-AVPair = "ssid=XXX-ER"
	WISPr-Location-Name = "Floor Ground, Building F1 (test)"
	Service-Type = Login-User
	Message-Authenticator = 0x4f4006c7ee8fc3c4d08f33997ef0f9ea
	EAP-Message = 
0x0205015019800000014616030101061000010201005cbeaf7e39a5128df9b044ded226d6da6a1df06c4c14b6248c3b017e350a3c18ff08ea6e865545f21f29187c9cbbeca27526b21e5d3e7c172068d92318972e404019e7d241b473c0f2f6288f6b25f78cec134805f2d45b51a8d09095e30be78c069e8c2681c00da8bde4cd70411f0a5e694d4f7f94e4efaaabb32fb80e99b8b79163e574aa56094b6007743d0ae1886934242ee6bca933f4d500df29976c80ef6b77dac039faa296079b9eb8fa234a800788add69c2981962048ba3a965d56c93438a808db460918deac5deb2af03ebb682c972cb9a8361897793b667a77317c4027e29fe7f69c5e
	EAP-Message = 
0x97bb4f0d9afebd4e276d9c2e7ae1565dae8fcb2c50bf94681403010001011603010030cac6507c26ca4546f6571611d86d8a9cf189a6cd3d7a827e0693e92fc2403dd8d394adf41b299e3a165846ba39108984
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1016
	NAS-Port-Id = "1016"
	State = 0x669027bd65953e30f26eb21d75d65d85
	NAS-IP-Address = 172.16.254.45
server eduroam {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam
+- entering group authorize {...}
++[preprocess] returns ok
++[request] returns ok
[auth_log] 	expand: /var/log/radius/radacct/auth-detail.log -> 
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to 
/var/log/radius/radacct/auth-detail.log
[auth_log] 	expand: %t -> Fri Jul 19 15:02:52 2013
++[auth_log] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 5 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange  
[peap]     TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]  
[peap] <<< TLS 1.0 Handshake [length 0010], Finished  
[peap]     TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]  
[peap]     TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished  
[peap]     TLS_accept: SSLv3 write finished A
[peap]     TLS_accept: SSLv3 flush data
  SSL: adding session 
d13d4c1b37c5a8c5abc874c7b8ebcfb2adee9ed86972f10820789335d57620cd to cache
[peap]     (other): SSL negotiation finished successfully
SSL Connection Established 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
} # server eduroam
Sending Access-Challenge of id 184 to 172.16.254.45 port 1645
	EAP-Message = 
0x01060041190014030100010116030100307628a872abf1034fb3f8c9e92cde545d25d682118edb43927185247ec8f5ab630379ea6045aa8a5177f25cbae275a27f
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x669027bd62963e30f26eb21d75d65d85
Finished request 4.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=185, 
length=253
	User-Name = "palmi at icgeb.ts.it"
	Framed-MTU = 1400
	Called-Station-Id = "003a.9ae0.1460"
	Calling-Station-Id = "d49a.2063.2450"
	Cisco-AVPair = "ssid=XXX-ER"
	WISPr-Location-Name = "Floor Ground, Building F1 (test)"
	Service-Type = Login-User
	Message-Authenticator = 0x12b44dd4d38f59bdfd0f7cdf01739c54
	EAP-Message = 0x020600061900
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1016
	NAS-Port-Id = "1016"
	State = 0x669027bd62963e30f26eb21d75d65d85
	NAS-IP-Address = 172.16.254.45
server eduroam {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam
+- entering group authorize {...}
++[preprocess] returns ok
++[request] returns ok
[auth_log] 	expand: /var/log/radius/radacct/auth-detail.log -> 
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to 
/var/log/radius/radacct/auth-detail.log
[auth_log] 	expand: %t -> Fri Jul 19 15:02:52 2013
++[auth_log] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3 
[peap] eaptls_process returned 3 
[peap] EAPTLS_SUCCESS
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
} # server eduroam
Sending Access-Challenge of id 185 to 172.16.254.45 port 1645
	EAP-Message = 
0x0107002b19001703010020a9e273a342b9e50c6f22c2b7decbfa7a9ad396cbbcb7c91663c8c6dc3059382e
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x669027bd63973e30f26eb21d75d65d85
Finished request 5.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=186, 
length=306
	User-Name = "palmi at icgeb.ts.it"
	Framed-MTU = 1400
	Called-Station-Id = "003a.9ae0.1460"
	Calling-Station-Id = "d49a.2063.2450"
	Cisco-AVPair = "ssid=XXX-ER"
	WISPr-Location-Name = "Floor Ground, Building F1 (test)"
	Service-Type = Login-User
	Message-Authenticator = 0x58780dba17878ac8570d3045fb9218b4
	EAP-Message = 
0x0207003b19001703010030d4189c5081ce041f25e2e134a4e9d7ba2067f9c7a525156f41405eec84b3c4e9255fa1fbb1db92587f815951ee27b8e9
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1016
	NAS-Port-Id = "1016"
	State = 0x669027bd63973e30f26eb21d75d65d85
	NAS-IP-Address = 172.16.254.45
server eduroam {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam
+- entering group authorize {...}
++[preprocess] returns ok
++[request] returns ok
[auth_log] 	expand: /var/log/radius/radacct/auth-detail.log -> 
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to 
/var/log/radius/radacct/auth-detail.log
[auth_log] 	expand: %t -> Fri Jul 19 15:02:52 2013
++[auth_log] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 7 length 59
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - palmi at icgeb.ts.it
[peap] Got inner identity 'palmi at icgeb.ts.it'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
	EAP-Message = 0x020700160170616c6d694069636765622e74732e6974
server eduroam {
[peap] Setting User-Name to palmi at icgeb.ts.it
Sending tunneled request
	EAP-Message = 0x020700160170616c6d694069636765622e74732e6974
	FreeRADIUS-Proxied-To = 127.0.0.1
	User-Name = "palmi at icgeb.ts.it"
	Framed-MTU = 1400
	Called-Station-Id = "003a.9ae0.1460"
	Calling-Station-Id = "d49a.2063.2450"
	Cisco-AVPair = "ssid=XXX-ER"
	WISPr-Location-Name = "Floor Ground, Building F1 (test)"
	Service-Type = Login-User
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1016
	NAS-Port-Id = "1016"
	NAS-IP-Address = 172.16.254.45
	Operator-Name = "1icgeb.trieste.it"
server eduroam-inner-tunnel {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam-
inner-tunnel
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[auth_log] 	expand: /var/log/radius/radacct/auth-detail.log -> 
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to 
/var/log/radius/radacct/auth-detail.log
[auth_log] 	expand: %t -> Fri Jul 19 15:02:52 2013
++[auth_log] returns ok
[eap] EAP packet type response id 7 length 22
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] 	expand: %{Stripped-User-Name} -> palmi
[files] 	expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi
[files] users: Matched entry palmi at line 438
++[files] returns ok
++? if (Cisco-AVPair == "ssid=XXX-ER" && Realm == NULL)
? Evaluating (Cisco-AVPair == "ssid=XXX-ER" ) -> TRUE
? Evaluating (Realm == NULL) -> FALSE
++? if (Cisco-AVPair == "ssid=XXX-ER" && Realm == NULL) -> FALSE
++? elsif (Cisco-AVPair == "ssid=XXX-ER" && (!control:ICGEB-Eduroam-Enabled || 
control:ICGEB-Eduroam-Enabled != Yes))
? Evaluating (Cisco-AVPair == "ssid=XXX-ER" ) -> TRUE
?? Evaluating !(control:ICGEB-Eduroam-Enabled ) -> FALSE
?? Evaluating (control:ICGEB-Eduroam-Enabled != Yes) -> FALSE
++? elsif (Cisco-AVPair == "ssid=XXX-ER" && (!control:ICGEB-Eduroam-Enabled || 
control:ICGEB-Eduroam-Enabled != Yes)) -> FALSE
++- entering else else {...}
+++- entering redundant-load-balance group redundant-load-balance {...}
[ldap1] performing user authorization for palmi
[ldap1] 	expand: %{Stripped-User-Name} -> palmi
[ldap1] 	expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> 
(uid=palmi)
[ldap1] 	expand: ou=Users,dc=icgeb,dc=org -> ou=Users,dc=icgeb,dc=org
  [ldap1] ldap_get_conn: Checking Id: 0
  [ldap1] ldap_get_conn: Got Id: 0
  [ldap1] attempting LDAP reconnection
  [ldap1] (re)connect to ldap1.icgeb.org:389, authentication 0
  [ldap1] setting TLS Require Cert to never
  [ldap1] starting TLS
  [ldap1] bind as cn=samba,dc=icgeb,dc=org/SECRET to ldap1.icgeb.org:389
  [ldap1] waiting for bind result ...
  [ldap1] Bind was successful
  [ldap1] performing search in ou=Users,dc=icgeb,dc=org, with filter 
(uid=palmi)
[ldap1] checking if remote access for palmi is allowed by uid
[ldap1] looking for check items in directory...
  [ldap1] sambaNtPassword -> NT-Password == 
0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  [ldap1] sambaLmPassword -> LM-Password == 
0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[ldap1] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the 
user is configured correctly?
[ldap1] user palmi authorized to use remote access
  [ldap1] ldap_release_conn: Release Id: 0
++++[ldap1] returns ok
+++- redundant-load-balance group redundant-load-balance returns ok
+++[expiration] returns noop
++- else else returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam-inner-tunnel
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server eduroam-inner-tunnel
[peap] Got tunneled reply code 11
	Tunnel-Type:0 := VLAN
	Tunnel-Medium-Type:0 := IEEE-802
	Tunnel-Private-Group-Id:0 := "220"
	EAP-Message = 
0x0108002b1a010800261031bbf45a68ff5991a784b7775ad66d0f70616c6d694069636765622e74732e6974
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xac6f4ed7ac6754fe563139e39634b030
[peap] Got tunneled reply RADIUS code 11
	Tunnel-Type:0 := VLAN
	Tunnel-Medium-Type:0 := IEEE-802
	Tunnel-Private-Group-Id:0 := "220"
	EAP-Message = 
0x0108002b1a010800261031bbf45a68ff5991a784b7775ad66d0f70616c6d694069636765622e74732e6974
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xac6f4ed7ac6754fe563139e39634b030
[peap] Got tunneled Access-Challenge
++[eap] returns handled
} # server eduroam
Sending Access-Challenge of id 186 to 172.16.254.45 port 1645
	EAP-Message = 
0x0108004b190017030100407551bcc12b2ed0feac5f15ba5fa6ad83f217dd6ae55063326b6059264b1f953c94ccc718eadc9621d0be180137c8f111fbafe7bc100eff058756bebb490d095a
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x669027bd60983e30f26eb21d75d65d85
Finished request 6.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=187, 
length=354
	User-Name = "palmi at icgeb.ts.it"
	Framed-MTU = 1400
	Called-Station-Id = "003a.9ae0.1460"
	Calling-Station-Id = "d49a.2063.2450"
	Cisco-AVPair = "ssid=XXX-ER"
	WISPr-Location-Name = "Floor Ground, Building F1 (test)"
	Service-Type = Login-User
	Message-Authenticator = 0x9a32cc720eca9c8424fd7ad00e8ab3bf
	EAP-Message = 
0x0208006b19001703010060adc8a19d618921aa8fa847c35215bbd5da5aff1bb2e5181cee87cc1be6f7a74a4fd73f16dc290bf5937c44dfe080a9b6b9570b42011aac39617c06480c879c28116d65575bf375e04be2490fb411ba819a4411060d439e2a366841bfe801a741
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1016
	NAS-Port-Id = "1016"
	State = 0x669027bd60983e30f26eb21d75d65d85
	NAS-IP-Address = 172.16.254.45
server eduroam {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam
+- entering group authorize {...}
++[preprocess] returns ok
++[request] returns ok
[auth_log] 	expand: /var/log/radius/radacct/auth-detail.log -> 
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to 
/var/log/radius/radacct/auth-detail.log
[auth_log] 	expand: %t -> Fri Jul 19 15:02:52 2013
++[auth_log] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 8 length 107
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
	EAP-Message = 
0x0208004c1a02080047317b0c4f82dc21d6ba0960f3d09523fda00000000000000000f3daf62acb5f6cbc9566592c64b57d73ba4ebf437eb029910070616c6d694069636765622e74732e6974
server eduroam {
[peap] Setting User-Name to palmi at icgeb.ts.it
Sending tunneled request
	EAP-Message = 
0x0208004c1a02080047317b0c4f82dc21d6ba0960f3d09523fda00000000000000000f3daf62acb5f6cbc9566592c64b57d73ba4ebf437eb029910070616c6d694069636765622e74732e6974
	FreeRADIUS-Proxied-To = 127.0.0.1
	User-Name = "palmi at icgeb.ts.it"
	State = 0xac6f4ed7ac6754fe563139e39634b030
	Framed-MTU = 1400
	Called-Station-Id = "003a.9ae0.1460"
	Calling-Station-Id = "d49a.2063.2450"
	Cisco-AVPair = "ssid=XXX-ER"
	WISPr-Location-Name = "Floor Ground, Building F1 (test)"
	Service-Type = Login-User
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1016
	NAS-Port-Id = "1016"
	NAS-IP-Address = 172.16.254.45
	Operator-Name = "1icgeb.trieste.it"
server eduroam-inner-tunnel {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam-
inner-tunnel
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[auth_log] 	expand: /var/log/radius/radacct/auth-detail.log -> 
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to 
/var/log/radius/radacct/auth-detail.log
[auth_log] 	expand: %t -> Fri Jul 19 15:02:52 2013
++[auth_log] returns ok
[eap] EAP packet type response id 8 length 76
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] 	expand: %{Stripped-User-Name} -> palmi
[files] 	expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi
[files] users: Matched entry palmi at line 438
++[files] returns ok
++? if (Cisco-AVPair == "ssid=XXX-ER" && Realm == NULL)
? Evaluating (Cisco-AVPair == "ssid=XXX-ER" ) -> TRUE
? Evaluating (Realm == NULL) -> FALSE
++? if (Cisco-AVPair == "ssid=XXX-ER" && Realm == NULL) -> FALSE
++? elsif (Cisco-AVPair == "ssid=XXX-ER" && (!control:ICGEB-Eduroam-Enabled || 
control:ICGEB-Eduroam-Enabled != Yes))
? Evaluating (Cisco-AVPair == "ssid=XXX-ER" ) -> TRUE
?? Evaluating !(control:ICGEB-Eduroam-Enabled ) -> FALSE
?? Evaluating (control:ICGEB-Eduroam-Enabled != Yes) -> FALSE
++? elsif (Cisco-AVPair == "ssid=XXX-ER" && (!control:ICGEB-Eduroam-Enabled || 
control:ICGEB-Eduroam-Enabled != Yes)) -> FALSE
++- entering else else {...}
+++- entering redundant-load-balance group redundant-load-balance {...}
[ldap1] performing user authorization for palmi
[ldap1] 	expand: %{Stripped-User-Name} -> palmi
[ldap1] 	expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> 
(uid=palmi)
[ldap1] 	expand: ou=Users,dc=icgeb,dc=org -> ou=Users,dc=icgeb,dc=org
  [ldap1] ldap_get_conn: Checking Id: 0
  [ldap1] ldap_get_conn: Got Id: 0
  [ldap1] performing search in ou=Users,dc=icgeb,dc=org, with filter 
(uid=palmi)
[ldap1] checking if remote access for palmi is allowed by uid
[ldap1] looking for check items in directory...
  [ldap1] sambaNtPassword -> NT-Password == 
0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  [ldap1] sambaLmPassword -> LM-Password == 
0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[ldap1] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the 
user is configured correctly?
[ldap1] user palmi authorized to use remote access
  [ldap1] ldap_release_conn: Release Id: 0
++++[ldap1] returns ok
+++- redundant-load-balance group redundant-load-balance returns ok
+++[expiration] returns noop
++- else else returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam-inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/raddb/sites-enabled/eduroam-inner-
tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Found LM-Password
[mschap] Found NT-Password
[mschap] Creating challenge hash with username: palmi at icgeb.ts.it
[mschap] Told to do MS-CHAPv2 for palmi at icgeb.ts.it with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success 
++[eap] returns handled
} # server eduroam-inner-tunnel
[peap] Got tunneled reply code 11
	Tunnel-Type:0 := VLAN
	Tunnel-Medium-Type:0 := IEEE-802
	Tunnel-Private-Group-Id:0 := "220"
	EAP-Message = 
0x010900331a0308002e533d46434546384137334445324244353032344230414632413139334635464446444637453838364532
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xac6f4ed7ad6654fe563139e39634b030
[peap] Got tunneled reply RADIUS code 11
	Tunnel-Type:0 := VLAN
	Tunnel-Medium-Type:0 := IEEE-802
	Tunnel-Private-Group-Id:0 := "220"
	EAP-Message = 
0x010900331a0308002e533d46434546384137334445324244353032344230414632413139334635464446444637453838364532
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xac6f4ed7ad6654fe563139e39634b030
[peap] Got tunneled Access-Challenge
++[eap] returns handled
} # server eduroam
Sending Access-Challenge of id 187 to 172.16.254.45 port 1645
	EAP-Message = 
0x0109005b190017030100508b428fcbaba9455852f5170646e2df5522351f71a2ce8c1d7a276dcd36366d325356aec936a2282d9fe3386fde30c15f2c6b08faf44485a0d35b368aa684156593d286df9a3dbb8285733e737f2bc604
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x669027bd61993e30f26eb21d75d65d85
Finished request 7.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=188, 
length=290
	User-Name = "palmi at icgeb.ts.it"
	Framed-MTU = 1400
	Called-Station-Id = "003a.9ae0.1460"
	Calling-Station-Id = "d49a.2063.2450"
	Cisco-AVPair = "ssid=XXX-ER"
	WISPr-Location-Name = "Floor Ground, Building F1 (test)"
	Service-Type = Login-User
	Message-Authenticator = 0x1b70ff8392af063cd76871601bb653aa
	EAP-Message = 
0x0209002b19001703010020aca48497bb2e628cb8380aecb52865e5ff28b39d4cf95a8aef162a3b0bc703fe
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1016
	NAS-Port-Id = "1016"
	State = 0x669027bd61993e30f26eb21d75d65d85
	NAS-IP-Address = 172.16.254.45
server eduroam {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam
+- entering group authorize {...}
++[preprocess] returns ok
++[request] returns ok
[auth_log] 	expand: /var/log/radius/radacct/auth-detail.log -> 
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to 
/var/log/radius/radacct/auth-detail.log
[auth_log] 	expand: %t -> Fri Jul 19 15:02:52 2013
++[auth_log] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 9 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
	EAP-Message = 0x020900061a03
server eduroam {
[peap] Setting User-Name to palmi at icgeb.ts.it
Sending tunneled request
	EAP-Message = 0x020900061a03
	FreeRADIUS-Proxied-To = 127.0.0.1
	User-Name = "palmi at icgeb.ts.it"
	State = 0xac6f4ed7ad6654fe563139e39634b030
	Framed-MTU = 1400
	Called-Station-Id = "003a.9ae0.1460"
	Calling-Station-Id = "d49a.2063.2450"
	Cisco-AVPair = "ssid=XXX-ER"
	WISPr-Location-Name = "Floor Ground, Building F1 (test)"
	Service-Type = Login-User
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1016
	NAS-Port-Id = "1016"
	NAS-IP-Address = 172.16.254.45
	Operator-Name = "1icgeb.trieste.it"
server eduroam-inner-tunnel {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam-
inner-tunnel
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[auth_log] 	expand: /var/log/radius/radacct/auth-detail.log -> 
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to 
/var/log/radius/radacct/auth-detail.log
[auth_log] 	expand: %t -> Fri Jul 19 15:02:52 2013
++[auth_log] returns ok
[eap] EAP packet type response id 9 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] 	expand: %{Stripped-User-Name} -> palmi
[files] 	expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi
[files] users: Matched entry palmi at line 438
++[files] returns ok
++? if (Cisco-AVPair == "ssid=XXX-ER" && Realm == NULL)
? Evaluating (Cisco-AVPair == "ssid=XXX-ER" ) -> TRUE
? Evaluating (Realm == NULL) -> FALSE
++? if (Cisco-AVPair == "ssid=XXX-ER" && Realm == NULL) -> FALSE
++? elsif (Cisco-AVPair == "ssid=XXX-ER" && (!control:ICGEB-Eduroam-Enabled || 
control:ICGEB-Eduroam-Enabled != Yes))
? Evaluating (Cisco-AVPair == "ssid=XXX-ER" ) -> TRUE
?? Evaluating !(control:ICGEB-Eduroam-Enabled ) -> FALSE
?? Evaluating (control:ICGEB-Eduroam-Enabled != Yes) -> FALSE
++? elsif (Cisco-AVPair == "ssid=XXX-ER" && (!control:ICGEB-Eduroam-Enabled || 
control:ICGEB-Eduroam-Enabled != Yes)) -> FALSE
++- entering else else {...}
+++- entering redundant-load-balance group redundant-load-balance {...}
[ldap1] performing user authorization for palmi
[ldap1] 	expand: %{Stripped-User-Name} -> palmi
[ldap1] 	expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> 
(uid=palmi)
[ldap1] 	expand: ou=Users,dc=icgeb,dc=org -> ou=Users,dc=icgeb,dc=org
  [ldap1] ldap_get_conn: Checking Id: 0
  [ldap1] ldap_get_conn: Got Id: 0
  [ldap1] performing search in ou=Users,dc=icgeb,dc=org, with filter 
(uid=palmi)
[ldap1] checking if remote access for palmi is allowed by uid
[ldap1] looking for check items in directory...
  [ldap1] sambaNtPassword -> NT-Password == 
0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  [ldap1] sambaLmPassword -> LM-Password == 
0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[ldap1] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the 
user is configured correctly?
[ldap1] user palmi authorized to use remote access
  [ldap1] ldap_release_conn: Release Id: 0
++++[ldap1] returns ok
+++- redundant-load-balance group redundant-load-balance returns ok
+++[expiration] returns noop
++- else else returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam-inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
# Executing section session from file /etc/raddb/sites-enabled/eduroam-inner-
tunnel
+- entering group session {...}
[radutmp] 	expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
[radutmp] 	expand: %{Stripped-User-Name} -> palmi
[radutmp] 	expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi
++[radutmp] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/eduroam-
inner-tunnel
+- entering group post-auth {...}
++? if (outer.request:User-Name != "%{request:User-Name}")
	expand: %{request:User-Name} -> palmi at icgeb.ts.it
? Evaluating (outer.request:User-Name != "%{request:User-Name}") -> FALSE
++? if (outer.request:User-Name != "%{request:User-Name}") -> FALSE
[reply_log] 	expand: /var/log/radius/radacct/reply-detail.log -> 
/var/log/radius/radacct/reply-detail.log
[reply_log] /var/log/radius/radacct/reply-detail.log expands to 
/var/log/radius/radacct/reply-detail.log
[reply_log] 	expand: %t -> Fri Jul 19 15:02:52 2013
++[reply_log] returns ok
} # server eduroam-inner-tunnel
[peap] Got tunneled reply code 2
	Tunnel-Type:0 := VLAN
	Tunnel-Medium-Type:0 := IEEE-802
	Tunnel-Private-Group-Id:0 := "220"
	MS-MPPE-Encryption-Policy = 0x00000001
	MS-MPPE-Encryption-Types = 0x00000006
	MS-MPPE-Send-Key = 0xbe1daddb8ed87c9b5e06ce402b322c71
	MS-MPPE-Recv-Key = 0x4bd89713a7634f3d3ce739d3e21738f3
	EAP-Message = 0x03090004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "palmi"
[peap] Got tunneled reply RADIUS code 2
	Tunnel-Type:0 := VLAN
	Tunnel-Medium-Type:0 := IEEE-802
	Tunnel-Private-Group-Id:0 := "220"
	MS-MPPE-Encryption-Policy = 0x00000001
	MS-MPPE-Encryption-Types = 0x00000006
	MS-MPPE-Send-Key = 0xbe1daddb8ed87c9b5e06ce402b322c71
	MS-MPPE-Recv-Key = 0x4bd89713a7634f3d3ce739d3e21738f3
	EAP-Message = 0x03090004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "palmi"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
[peap] Saving tunneled attributes for later
++[eap] returns handled
} # server eduroam
Sending Access-Challenge of id 188 to 172.16.254.45 port 1645
	EAP-Message = 
0x010a002b19001703010020723574f51e400d5fd7c58894bf8b6d79afe0482191f3a11696858d1afad5bded
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x669027bd6e9a3e30f26eb21d75d65d85
Finished request 8.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=189, 
length=290
	User-Name = "palmi at icgeb.ts.it"
	Framed-MTU = 1400
	Called-Station-Id = "003a.9ae0.1460"
	Calling-Station-Id = "d49a.2063.2450"
	Cisco-AVPair = "ssid=XXX-ER"
	WISPr-Location-Name = "Floor Ground, Building F1 (test)"
	Service-Type = Login-User
	Message-Authenticator = 0xf30f3bd40f6109c508a83f933cd65d1e
	EAP-Message = 
0x020a002b190017030100209afce8ff8c13dd63d65628da201d3ea4bf820c83dbc028062ce807b02c1931e4
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1016
	NAS-Port-Id = "1016"
	State = 0x669027bd6e9a3e30f26eb21d75d65d85
	NAS-IP-Address = 172.16.254.45
server eduroam {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam
+- entering group authorize {...}
++[preprocess] returns ok
++[request] returns ok
[auth_log] 	expand: /var/log/radius/radacct/auth-detail.log -> 
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to 
/var/log/radius/radacct/auth-detail.log
[auth_log] 	expand: %t -> Fri Jul 19 15:02:52 2013
++[auth_log] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 10 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[peap] Using saved attributes from the original Access-Accept
	Tunnel-Type:0 := VLAN
	Tunnel-Medium-Type:0 := IEEE-802
	Tunnel-Private-Group-Id:0 := "220"
	User-Name = "palmi"
[peap] Saving response in the cache
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/eduroam
+- entering group post-auth {...}
[reply_log] 	expand: /var/log/radius/radacct/reply-detail.log -> 
/var/log/radius/radacct/reply-detail.log
[reply_log] /var/log/radius/radacct/reply-detail.log expands to 
/var/log/radius/radacct/reply-detail.log
[reply_log] 	expand: %t -> Fri Jul 19 15:02:52 2013
++[reply_log] returns ok
++? if (Cisco-AVPair == "ssid=XXX-ER")
? Evaluating (Cisco-AVPair == "ssid=XXX-ER") -> TRUE
++? if (Cisco-AVPair == "ssid=XXX-ER") -> TRUE
++- entering if (Cisco-AVPair == "ssid=XXX-ER") {...}
[f_ticks] 	expand: %{reply:Packet-Type} -> Access-Accept
[f_ticks] 	expand: f_ticks.%{%{reply:Packet-Type}:-format} -> 
f_ticks.Access-Accept
[f_ticks] 	expand: /var/log/radius/radacct/f_ticks -> 
/var/log/radius/radacct/f_ticks
[f_ticks] 	expand: F-
TICKS/eduroam/1.0#REALM=%{Realm}#VISCOUNTRY=LU#VISINST=YOUR-ID#CSI=%{Calling-
Station-Id}#RESULT=OK# -> F-
TICKS/eduroam/1.0#REALM=icgeb.ts.it#VISCOUNTRY=LU#VISINST=YOUR-
ID#CSI=d49a.2063.2450#RESULT=OK#
+++[f_ticks] returns ok
++- if (Cisco-AVPair == "ssid=XXX-ER") returns ok
} # server eduroam
Sending Access-Accept of id 189 to 172.16.254.45 port 1645
	Tunnel-Type:0 := VLAN
	Tunnel-Medium-Type:0 := IEEE-802
	Tunnel-Private-Group-Id:0 := "220"
	User-Name = "palmi"
	MS-MPPE-Recv-Key = 
0xf308f970d2507771e30d0f1cc87c6d35ab9a6c65b56dfec2141f50273d6045ff
	MS-MPPE-Send-Key = 
0xa68961323bdf00916cf8ee1043d99477eeaf6a46de78f1101234e9a8a5faf8e2
	EAP-Message = 0x030a0004
	Message-Authenticator = 0x00000000000000000000000000000000
Finished request 9.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Accounting-Request packet from host 172.16.254.45 port 1646, id=17, 
length=366
	Acct-Session-Id = "0000038C"
	Called-Station-Id = "003a.9ae0.1460"
	Calling-Station-Id = "d49a.2063.2450"
	Cisco-AVPair = "ssid=XXX-ER"
	Cisco-AVPair = "vlan-id=220"
	Cisco-AVPair = "nas-location=Floor Ground, Building F1 (test)"
	WISPr-Location-Name = "Floor Ground, Building F1 (test)"
	User-Name = "palmi"
	Cisco-AVPair = "connect-progress=Call Up"
	Acct-Authentic = RADIUS
	Acct-Status-Type = Start
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1016
	NAS-Port-Id = "1016"
	Service-Type = Framed-User
	NAS-IP-Address = 172.16.254.45
	Acct-Delay-Time = 0
server eduroam {
# Executing section preacct from file /etc/raddb/sites-enabled/eduroam
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 1016,Client-IP-Address = 172.16.254.45,NAS-
IP-Address = 172.16.254.45,Acct-Session-Id = "0000038C",User-Name = "palmi"'
[acct_unique] Acct-Unique-Session-ID = "4cdcd06ed9699fd5".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "palmi", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "NULL"
[suffix] Accounting realm is LOCAL.
++[suffix] returns ok
[files] 	expand: %{Stripped-User-Name} -> palmi
[files] 	expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi
++[files] returns noop
# Executing section accounting from file /etc/raddb/sites-enabled/eduroam
+- entering group accounting {...}
[detail] 	expand: /var/log/radius/radacct/detail -> 
/var/log/radius/radacct/detail
[detail] /var/log/radius/radacct/detail expands to 
/var/log/radius/radacct/detail
[detail] 	expand: %t -> Fri Jul 19 15:02:52 2013
++[detail] returns ok
[radutmp] 	expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
[radutmp] 	expand: %{Stripped-User-Name} -> palmi
[radutmp] 	expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi
++[radutmp] returns ok
[sradutmp] 	expand: /var/log/radius/sradutmp -> /var/log/radius/sradutmp
[sradutmp] 	expand: %{User-Name} -> palmi
++[sradutmp] returns ok
} # server eduroam
Sending Accounting-Response of id 17 to 172.16.254.45 port 1646
Finished request 10.
Cleaning up request 10 ID 17 with timestamp +7
Going to the next request
Waking up in 4.5 seconds.
Cleaning up request 0 ID 180 with timestamp +6
Cleaning up request 1 ID 181 with timestamp +6
Cleaning up request 2 ID 182 with timestamp +7
Cleaning up request 3 ID 183 with timestamp +7
Cleaning up request 4 ID 184 with timestamp +7
Cleaning up request 5 ID 185 with timestamp +7
Cleaning up request 6 ID 186 with timestamp +7
Cleaning up request 7 ID 187 with timestamp +7
Cleaning up request 8 ID 188 with timestamp +7
Cleaning up request 9 ID 189 with timestamp +7
Ready to process requests.



###################################################################################################
HERE I DISCONNECTED FROM WIRELESS NETWORK
###################################################################################################




rad_recv: Accounting-Request packet from host 172.16.254.45 port 1646, id=18, 
length=465
	Acct-Session-Id = "0000038C"
	Called-Station-Id = "003a.9ae0.1460"
	Calling-Station-Id = "d49a.2063.2450"
	Cisco-AVPair = "ssid=XXX-ER"
	Cisco-AVPair = "vlan-id=220"
	Cisco-AVPair = "nas-location=Floor Ground, Building F1 (test)"
	WISPr-Location-Name = "Floor Ground, Building F1 (test)"
	Cisco-AVPair = "auth-algo-type=eap-peap"
	User-Name = "palmi"
	Acct-Authentic = RADIUS
	Cisco-AVPair = "connect-progress=Call Up"
	Acct-Session-Time = 37
	Acct-Input-Octets = 19549
	Acct-Output-Octets = 15498
	Acct-Input-Packets = 88
	Acct-Output-Packets = 72
	Acct-Terminate-Cause = Lost-Carrier
	Cisco-AVPair = "disc-cause-ext=No Reason"
	Acct-Status-Type = Stop
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1016
	NAS-Port-Id = "1016"
	Service-Type = Framed-User
	NAS-IP-Address = 172.16.254.45
	Acct-Delay-Time = 0
server eduroam {
# Executing section preacct from file /etc/raddb/sites-enabled/eduroam
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 1016,Client-IP-Address = 172.16.254.45,NAS-
IP-Address = 172.16.254.45,Acct-Session-Id = "0000038C",User-Name = "palmi"'
[acct_unique] Acct-Unique-Session-ID = "4cdcd06ed9699fd5".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "palmi", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "NULL"
[suffix] Accounting realm is LOCAL.
++[suffix] returns ok
[files] 	expand: %{Stripped-User-Name} -> palmi
[files] 	expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi
++[files] returns noop
# Executing section accounting from file /etc/raddb/sites-enabled/eduroam
+- entering group accounting {...}
[detail] 	expand: /var/log/radius/radacct/detail -> 
/var/log/radius/radacct/detail
[detail] /var/log/radius/radacct/detail expands to 
/var/log/radius/radacct/detail
[detail] 	expand: %t -> Fri Jul 19 15:03:28 2013
++[detail] returns ok
[radutmp] 	expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
[radutmp] 	expand: %{Stripped-User-Name} -> palmi
[radutmp] 	expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi
++[radutmp] returns ok
[sradutmp] 	expand: /var/log/radius/sradutmp -> /var/log/radius/sradutmp
[sradutmp] 	expand: %{User-Name} -> palmi
++[sradutmp] returns ok
} # server eduroam
Sending Accounting-Response of id 18 to 172.16.254.45 port 1646
Finished request 11.
Cleaning up request 11 ID 18 with timestamp +43
Going to the next request
Ready to process requests.


More information about the Freeradius-Users mailing list