Attribute NOT being returned in access-accept but is returned in Access-Challenge

Jake He jake.he at gmail.com
Fri Jun 26 17:56:29 CEST 2015


Can anyone give me some directions? Mikrotik-Total-Limit  is in the
Access-Challenge reply but it is not in the Access-Accept. How do I fix
this? I have no idea. This post
http://lists.freeradius.org/pipermail/freeradius-users/2011-January/051167.html
gives some ideas but I still do not know how to fix it.

(1) Sent Access-Challenge Id 80 from 172.17.0.71:1812 to 175.38.133.35:42418
length 0

(1)   Mikrotik-Total-Limit = 2514816696

(1)   Mikrotik-Total-Limit-Gigawords = 232830643

(1)   Session-Timeout = 10800

(1)   EAP-Message = 0x010200061520

(1)   Message-Authenticator = 0x00000000000000000000000000000000

(1)   State = 0x568c93d5578e86a3fd1dd204a8afe703

(1) Finished request

Waking up in 4.7 seconds.


(27) Sent Access-Accept Id 106 from 172.17.0.71:1812 to 175.38.133.35:60453
length 0

(27)   Session-Timeout = 10800

(27)   Message-Authenticator = 0x00000000000000000000000000000000

(27)   User-Name = 'jake'

(27)   MS-MPPE-Recv-Key =
0xd830d8a84e6bb4c8b7a4504373d28db3ab9b46c567e1b56d50020e3604ad466d

(27)   MS-MPPE-Send-Key =
0xf4ca3a9664ad56f165f260e37632d8826885a38f19ad46bb219def6384c0c680

(27)   EAP-Message = 0x03070004

(27)   Session-Timeout += 10800

(27)   User-Name += 'jake'

(27) Finished request




On 26 June 2015 at 11:38, Jake He <jake.he at gmail.com> wrote:

> Here is the debug output:
>
> Listening on auth address * port 1812 bound to server default
>
> Listening on acct address * port 1813 bound to server default
>
> Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
>
> Ready to process requests
>
> (0) Received Access-Request Id 241 from 203.59.132.253:38386 to
> 172.17.0.68:1812 length 222
>
> (0)   Service-Type = Framed-User
>
> (0)   Framed-MTU = 1400
>
> (0)   User-Name = 'jake'
>
> (0)   NAS-Port-Id = 'wlan4'
>
> (0)   NAS-Port-Type = Wireless-802.11
>
> (0)   Acct-Session-Id = '82200019'
>
> (0)   Acct-Multi-Session-Id =
> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'
>
> (0)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'
>
> (0)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'
>
> (0)   EAP-Message = 0x02000009016a616b65
>
> (0)   Message-Authenticator = 0x0942bb06979bc2c6859785baa97efea0
>
> (0)   NAS-Identifier = 'MikroTik'
>
> (0)   NAS-IP-Address = 10.1.1.23
>
> (0) # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
>
> (0)   authorize {
>
> (0)     policy filter_username {
>
> (0)       if (!&User-Name) {
>
> (0)       if (!&User-Name)  -> FALSE
>
> (0)       if (&User-Name =~ / /) {
>
> (0)       if (&User-Name =~ / /)  -> FALSE
>
> (0)       if (&User-Name =~ /@.*@/ ) {
>
> (0)       if (&User-Name =~ /@.*@/ )  -> FALSE
>
> (0)       if (&User-Name =~ /\.\./ ) {
>
> (0)       if (&User-Name =~ /\.\./ )  -> FALSE
>
> (0)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
>
> (0)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
> FALSE
>
> (0)       if (&User-Name =~ /\.$/)  {
>
> (0)       if (&User-Name =~ /\.$/)   -> FALSE
>
> (0)       if (&User-Name =~ /@\./)  {
>
> (0)       if (&User-Name =~ /@\./)   -> FALSE
>
> (0)     } # policy filter_username = notfound
>
> (0)     [preprocess] = ok
>
> (0)     [chap] = noop
>
> (0)     [mschap] = noop
>
> (0)     [digest] = noop
>
> (0) suffix: Checking for suffix after "@"
>
> (0) suffix: No '@' in User-Name = "jake", looking up realm NULL
>
> (0) suffix: No such realm "NULL"
>
> (0)     [suffix] = noop
>
> (0) eap: Peer sent code Response (2) ID 0 length 9
>
> (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
> rest of authorize
>
> (0)     [eap] = ok
>
> (0)   } # authorize = ok
>
> (0) Found Auth-Type = EAP
>
> (0) # Executing group from file /etc/freeradius/sites-enabled/default
>
> (0)   authenticate {
>
> (0) eap: Peer sent method Identity (1)
>
> (0) eap: Calling eap_md5 to process EAP data
>
> (0) eap_md5: Issuing MD5 Challenge
>
> (0) eap: EAP session adding &reply:State = 0x2ae8af442ae9ab52
>
> (0)     [eap] = handled
>
> (0)   } # authenticate = handled
>
> (0) Using Post-Auth-Type Challenge
>
> (0) Post-Auth-Type sub-section not found.  Ignoring.
>
> (0) # Executing group from file /etc/freeradius/sites-enabled/default
>
> (0) Sent Access-Challenge Id 241 from 172.17.0.68:1812 to
> 203.59.132.253:38386 length 0
>
> (0)   EAP-Message = 0x010100160410e9962633c394d82e8af727f23160824c
>
> (0)   Message-Authenticator = 0x00000000000000000000000000000000
>
> (0)   State = 0x2ae8af442ae9ab526f505f86b4932430
>
> (0) Finished request
>
> Waking up in 4.9 seconds.
>
> (1) Received Access-Request Id 242 from 203.59.132.253:44270 to
> 172.17.0.68:1812 length 237
>
> (1)   Service-Type = Framed-User
>
> (1)   Framed-MTU = 1400
>
> (1)   User-Name = 'jake'
>
> (1)   State = 0x2ae8af442ae9ab526f505f86b4932430
>
> (1)   NAS-Port-Id = 'wlan4'
>
> (1)   NAS-Port-Type = Wireless-802.11
>
> (1)   Acct-Session-Id = '82200019'
>
> (1)   Acct-Multi-Session-Id =
> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'
>
> (1)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'
>
> (1)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'
>
> (1)   EAP-Message = 0x020100060319
>
> (1)   Message-Authenticator = 0x23c1df8ed8c64f231b0e8b9a5c48c798
>
> (1)   NAS-Identifier = 'MikroTik'
>
> (1)   NAS-IP-Address = 10.1.1.23
>
> (1) session-state: No cached attributes
>
> (1) # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
>
> (1)   authorize {
>
> (1)     policy filter_username {
>
> (1)       if (!&User-Name) {
>
> (1)       if (!&User-Name)  -> FALSE
>
> (1)       if (&User-Name =~ / /) {
>
> (1)       if (&User-Name =~ / /)  -> FALSE
>
> (1)       if (&User-Name =~ /@.*@/ ) {
>
> (1)       if (&User-Name =~ /@.*@/ )  -> FALSE
>
> (1)       if (&User-Name =~ /\.\./ ) {
>
> (1)       if (&User-Name =~ /\.\./ )  -> FALSE
>
> (1)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
>
> (1)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
> FALSE
>
> (1)       if (&User-Name =~ /\.$/)  {
>
> (1)       if (&User-Name =~ /\.$/)   -> FALSE
>
> (1)       if (&User-Name =~ /@\./)  {
>
> (1)       if (&User-Name =~ /@\./)   -> FALSE
>
> (1)     } # policy filter_username = notfound
>
> (1)     [preprocess] = ok
>
> (1)     [chap] = noop
>
> (1)     [mschap] = noop
>
> (1)     [digest] = noop
>
> (1) suffix: Checking for suffix after "@"
>
> (1) suffix: No '@' in User-Name = "jake", looking up realm NULL
>
> (1) suffix: No such realm "NULL"
>
> (1)     [suffix] = noop
>
> (1) eap: Peer sent code Response (2) ID 1 length 6
>
> (1) eap: No EAP Start, assuming it's an on-going EAP conversation
>
> (1)     [eap] = updated
>
> (1) sql: EXPAND %{User-Name}
>
> (1) sql:    --> jake
>
> (1) sql: SQL-User-Name set to 'jake'
>
> rlm_sql (sql): Reserved connection (4)
>
> (1) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck
> WHERE username = '%{SQL-User-Name}' ORDER BY id
>
> (1) sql:    --> SELECT id, username, attribute, value, op FROM radcheck
> WHERE username = 'jake' ORDER BY id
>
> (1) sql: Executing select query: SELECT id, username, attribute, value, op
> FROM radcheck WHERE username = 'jake' ORDER BY id
>
> (1) sql: User found in radcheck table
>
> (1) sql: Conditional check items matched, merging assignment check items
>
> (1) sql:   Cleartext-Password := 'fheman123'
>
> (1) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply
> WHERE username = '%{SQL-User-Name}' ORDER BY id
>
> (1) sql:    --> SELECT id, username, attribute, value, op FROM radreply
> WHERE username = 'jake' ORDER BY id
>
> (1) sql: Executing select query: SELECT id, username, attribute, value, op
> FROM radreply WHERE username = 'jake' ORDER BY id
>
> (1) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
> '%{SQL-User-Name}' ORDER BY priority
>
> (1) sql:    --> SELECT groupname FROM radusergroup WHERE username = 'jake'
> ORDER BY priority
>
> (1) sql: Executing select query: SELECT groupname FROM radusergroup WHERE
> username = 'jake' ORDER BY priority
>
> (1) sql: User found in the group table
>
> (1) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM
> radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id
>
> (1) sql:    --> SELECT id, groupname, attribute, Value, op FROM
> radgroupcheck WHERE groupname = '14kimberleyst' ORDER BY id
>
> (1) sql: Executing select query: SELECT id, groupname, attribute, Value,
> op FROM radgroupcheck WHERE groupname = '14kimberleyst' ORDER BY id
>
> (1) sql: Group "14kimberleyst": Conditional check items matched
>
> (1) sql: Group "14kimberleyst": Merging assignment check items
>
> (1) sql:   Reset-Date := '13'
>
> (1) sql:   Total-Bytes := '999999999999999999'
>
> (1) sql: EXPAND SELECT id, groupname, attribute, value, op FROM
> radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id
>
> (1) sql:    --> SELECT id, groupname, attribute, value, op FROM
> radgroupreply WHERE groupname = '14kimberleyst' ORDER BY id
>
> (1) sql: Executing select query: SELECT id, groupname, attribute, value,
> op FROM radgroupreply WHERE groupname = '14kimberleyst' ORDER BY id
>
> (1) sql: Group "14kimberleyst": Merging reply items
>
> (1) sql:   Session-Timeout := 10800
>
> rlm_sql (sql): Released connection (4)
>
> (1)     [sql] = ok
>
> (1)     policy site-restriction {
>
> (1)       update request {
>
> (1)         EXPAND %{User-Name}
>
> (1)            --> jake
>
> (1)         SQL-User-Name set to 'jake'
>
> rlm_sql (sql): Reserved connection (4)
>
> (1)         Executing select query: SET @user = 'jake'; SET @nasmac =
> '02-0C-42-B7-A9-5E:GRACE UPON GRACE'; SELECT COUNT(*) FROM (SELECT
> radsitegroup.nasshortname FROM `radsitegroup` INNER JOIN `radusergroup` ON
> radsitegroup.groupname=radusergroup.groupname WHERE nasshortname='ALL' AND
> `radusergroup`.`username` = @user UNION ALL SELECT
> radsitegroup.nasshortname FROM `radsitegroup` INNER JOIN `radusergroup` ON
> radsitegroup.groupname=radusergroup.groupname INNER JOIN `nas` ON
> nas.shortname=radsitegroup.nasshortname WHERE nas.nasidentifier=@nasmac AND
> `radusergroup`.`username` = @user) as a
>
> rlm_sql (sql): Released connection (4)
>
> (1)         EXPAND %{sql:SET @user = '%{User-Name}'; SET @nasmac =
> '%{request:Called-Station-Id}'; SELECT COUNT(*) FROM (SELECT
> radsitegroup.nasshortname FROM `radsitegroup` INNER JOIN `radusergroup` ON
> radsitegroup.groupname=radusergroup.groupname WHERE nasshortname='ALL' AND
> `radusergroup`.`username` = @user UNION ALL SELECT
> radsitegroup.nasshortname FROM `radsitegroup` INNER JOIN `radusergroup` ON
> radsitegroup.groupname=radusergroup.groupname INNER JOIN `nas` ON
> nas.shortname=radsitegroup.nasshortname WHERE nas.nasidentifier=@nasmac AND
> `radusergroup`.`username` = @user) as a}
>
> (1)            --> 1
>
> (1)         Site := 1
>
> (1)       } # update request = noop
>
> (1)       if ( Site == '0' ) {
>
> (1)       if ( Site == '0' )  -> FALSE
>
> (1)     } # policy site-restriction = noop
>
> (1)     policy data-restriction {
>
> (1)       if ((control:Total-Bytes)){
>
> (1)       if ((control:Total-Bytes)) -> TRUE
>
> (1)       if ((control:Total-Bytes)) {
>
> (1)         update control {
>
> (1)           EXPAND %{User-Name}
>
> (1)              --> jake
>
> (1)           SQL-User-Name set to 'jake'
>
> rlm_sql (sql): Reserved connection (4)
>
> (1)           Executing select query: SET @reset_date = '13'; SELECT
> IFNULL((sum(acctinputoctets)+sum(acctoutputoctets)),0) FROM `radacct` WHERE
> UserName='jake' AND DATE(`acctstarttime`) BETWEEN (CASE WHEN @reset_date >
> DAYOFMONTH(NOW()) THEN DATE( DATE_SUB( CONCAT( YEAR( NOW( ) ) , '-', MONTH(
> NOW( ) ) , '-', @reset_date ) , INTERVAL 1 MONTH ) ) ELSE CONCAT( YEAR(
> NOW( ) ) , '-', MONTH( NOW( ) ) , '-', @reset_date )END) AND DATE(NOW());
>
> rlm_sql (sql): Released connection (4)
>
> (1)           EXPAND %{sql:SET @reset_date = '%{control:Reset-Date}';
> SELECT IFNULL((sum(acctinputoctets)+sum(acctoutputoctets)),0) FROM
> `radacct` WHERE UserName='%{request:User-Name}' AND DATE(`acctstarttime`)
> BETWEEN (CASE WHEN @reset_date > DAYOFMONTH(NOW()) THEN DATE( DATE_SUB(
> CONCAT( YEAR( NOW( ) ) , '-', MONTH( NOW( ) ) , '-', @reset_date ) ,
> INTERVAL 1 MONTH ) ) ELSE CONCAT( YEAR( NOW( ) ) , '-', MONTH( NOW( ) ) ,
> '-', @reset_date )END) AND DATE(NOW());}
>
> (1)              --> 154996
>
> (1)           Used-Bytes := 154996
>
> (1)           EXPAND %{User-Name}
>
> (1)              --> jake
>
> (1)           SQL-User-Name set to 'jake'
>
> rlm_sql (sql): Reserved connection (4)
>
> (1)           Executing select query: SELECT `email` FROM `users` WHERE
> `username` = 'jake'
>
> rlm_sql (sql): Released connection (4)
>
> (1)           EXPAND %{sql:SELECT `email` FROM `users` WHERE `username` =
> '%{request:User-Name}'}
>
> (1)              --> zhex900 at gmail.com
>
> (1)           Email := zhex900 at gmail.com
>
> (1)           EXPAND %{User-Name}
>
> (1)              --> jake
>
> (1)           SQL-User-Name set to 'jake'
>
> rlm_sql (sql): Reserved connection (4)
>
> (1)           Executing select query: SELECT `sentmail` FROM `users` WHERE
> `username` = 'jake'
>
> rlm_sql (sql): Released connection (4)
>
> (1)           EXPAND %{sql:SELECT `sentmail` FROM `users` WHERE `username`
> = '%{request:User-Name}'}
>
> (1)              --> 0
>
> (1)           Sent-Mail := 0
>
> (1)           EXPAND %{User-Name}
>
> (1)              --> jake
>
> (1)           SQL-User-Name set to 'jake'
>
> rlm_sql (sql): Reserved connection (4)
>
> (1)           Executing select query: SELECT `mobile_suffix` FROM `users`
> WHERE `username` = 'jake'
>
> rlm_sql (sql): Released connection (4)
>
> (1)           EXPAND %{sql:SELECT `mobile_suffix` FROM `users` WHERE
> `username` = '%{request:User-Name}'}
>
> (1)              --> 0433169153
>
> (1)           Mobile := 0433169153
>
> (1)         } # update control = noop
>
> (1) sendmsg:   $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'jake'
>
> (1) sendmsg:   $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address ->
> '10.1.1.23'
>
> (1) sendmsg:   $RAD_REQUEST{'Service-Type'} = &request:Service-Type ->
> 'Framed-User'
>
> (1) sendmsg:   $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400'
>
> (1) sendmsg:   $RAD_REQUEST{'State'} = &request:State ->
> '0x2ae8af442ae9ab526f505f86b4932430'
>
> (1) sendmsg:   $RAD_REQUEST{'Called-Station-Id'} =
> &request:Called-Station-Id -> '02-0C-42-B7-A9-5E:GRACE UPON GRACE'
>
> (1) sendmsg:   $RAD_REQUEST{'Calling-Station-Id'} =
> &request:Calling-Station-Id -> 'F8-A9-D0-18-F2-24'
>
> (1) sendmsg:   $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier ->
> 'MikroTik'
>
> (1) sendmsg:   $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type ->
> 'Wireless-802.11'
>
> (1) sendmsg:   $RAD_REQUEST{'Acct-Session-Id'} = &request:Acct-Session-Id
> -> '82200019'
>
> (1) sendmsg:   $RAD_REQUEST{'Acct-Multi-Session-Id'} =
> &request:Acct-Multi-Session-Id ->
> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'
>
> (1) sendmsg:   $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp
> -> 'Jun 26 2015 03:36:51 UTC'
>
> (1) sendmsg:   $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message ->
> '0x020100060319'
>
> (1) sendmsg:   $RAD_REQUEST{'Message-Authenticator'} =
> &request:Message-Authenticator -> '0x23c1df8ed8c64f231b0e8b9a5c48c798'
>
> (1) sendmsg:   $RAD_REQUEST{'NAS-Port-Id'} = &request:NAS-Port-Id ->
> 'wlan4'
>
> (1) sendmsg:   $RAD_REQUEST{'EAP-Type'} = &request:EAP-Type -> 'NAK'
>
> (1) sendmsg:   $RAD_REQUEST{'SQL-User-Name'} = &request:SQL-User-Name ->
> 'jake'
>
> (1) sendmsg:   $RAD_REQUEST{'Site'} = &request:Site -> '1'
>
> (1) sendmsg:   $RAD_REPLY{'Session-Timeout'} = &reply:Session-Timeout ->
> '10800'
>
> (1) sendmsg:   $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'EAP'
>
> (1) sendmsg:   $RAD_CHECK{'Cleartext-Password'} =
> &control:Cleartext-Password -> 'fheman123'
>
> (1) sendmsg:   $RAD_CHECK{'Total-Bytes'} = &control:Total-Bytes ->
> '999999999999999999'
>
> (1) sendmsg:   $RAD_CHECK{'Used-Bytes'} = &control:Used-Bytes -> '154996'
>
> (1) sendmsg:   $RAD_CHECK{'Reset-Date'} = &control:Reset-Date -> '13'
>
> (1) sendmsg:   $RAD_CHECK{'Email'} = &control:Email -> 'zhex900 at gmail.com'
>
> (1) sendmsg:   $RAD_CHECK{'Sent-Mail'} = &control:Sent-Mail -> '0'
>
> (1) sendmsg:   $RAD_CHECK{'Mobile'} = &control:Mobile -> '0433169153'
>
> (1) sendmsg:   $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'EAP'
>
> (1) sendmsg:   $RAD_CONFIG{'Cleartext-Password'} =
> &control:Cleartext-Password -> 'fheman123'
>
> (1) sendmsg:   $RAD_CONFIG{'Total-Bytes'} = &control:Total-Bytes ->
> '999999999999999999'
>
> (1) sendmsg:   $RAD_CONFIG{'Used-Bytes'} = &control:Used-Bytes -> '154996'
>
> (1) sendmsg:   $RAD_CONFIG{'Reset-Date'} = &control:Reset-Date -> '13'
>
> (1) sendmsg:   $RAD_CONFIG{'Email'} = &control:Email -> 'zhex900 at gmail.com
> '
>
> (1) sendmsg:   $RAD_CONFIG{'Sent-Mail'} = &control:Sent-Mail -> '0'
>
> (1) sendmsg:   $RAD_CONFIG{'Mobile'} = &control:Mobile -> '0433169153'
>
> (1) sendmsg: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400'
>
> (1) sendmsg: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} ->
> 'Jun 26 2015 03:36:51 UTC'
>
> (1) sendmsg: &request:Service-Type = $RAD_REQUEST{'Service-Type'} ->
> 'Framed-User'
>
> (1) sendmsg: &request:Calling-Station-Id =
> $RAD_REQUEST{'Calling-Station-Id'} -> 'F8-A9-D0-18-F2-24'
>
> (1) sendmsg: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'jake'
>
> (1) sendmsg: &request:EAP-Type = $RAD_REQUEST{'EAP-Type'} -> 'NAK'
>
> (1) sendmsg: &request:Message-Authenticator =
> $RAD_REQUEST{'Message-Authenticator'} ->
> '0x23c1df8ed8c64f231b0e8b9a5c48c798'
>
> (1) sendmsg: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} ->
> 'Wireless-802.11'
>
> (1) sendmsg: &request:Acct-Multi-Session-Id =
> $RAD_REQUEST{'Acct-Multi-Session-Id'} ->
> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'
>
> (1) sendmsg: &request:SQL-User-Name = $RAD_REQUEST{'SQL-User-Name'} ->
> 'jake'
>
> (1) sendmsg: &request:Called-Station-Id =
> $RAD_REQUEST{'Called-Station-Id'} -> '02-0C-42-B7-A9-5E:GRACE UPON GRACE'
>
> (1) sendmsg: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} ->
> '10.1.1.23'
>
> (1) sendmsg: &request:Acct-Session-Id = $RAD_REQUEST{'Acct-Session-Id'} ->
> '82200019'
>
> (1) sendmsg: &request:NAS-Port-Id = $RAD_REQUEST{'NAS-Port-Id'} -> 'wlan4'
>
> (1) sendmsg: &request:Site = $RAD_REQUEST{'Site'} -> '1'
>
> (1) sendmsg: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} ->
> '0x020100060319'
>
> (1) sendmsg: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} ->
> 'MikroTik'
>
> (1) sendmsg: &request:State = $RAD_REQUEST{'State'} ->
> '0x2ae8af442ae9ab526f505f86b4932430'
>
> (1) sendmsg: &reply:Session-Timeout = $RAD_REPLY{'Session-Timeout'} ->
> '10800'
>
> (1) sendmsg: &control:Cleartext-Password =
> $RAD_CHECK{'Cleartext-Password'} -> 'fheman123'
>
> (1) sendmsg: &control:Mobile = $RAD_CHECK{'Mobile'} -> '0433169153'
>
> (1) sendmsg: &control:Reset-Date = $RAD_CHECK{'Reset-Date'} -> '13'
>
> (1) sendmsg: &control:Sent-Mail = $RAD_CHECK{'Sent-Mail'} -> '0'
>
> (1) sendmsg: &control:Total-Bytes = $RAD_CHECK{'Total-Bytes'} ->
> '999999999999999999'
>
> (1) sendmsg: &control:Used-Bytes = $RAD_CHECK{'Used-Bytes'} -> '154996'
>
> (1) sendmsg: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'EAP'
>
> (1) sendmsg: &control:Email = $RAD_CHECK{'Email'} -> 'zhex900 at gmail.com'
>
> (1)         [sendmsg] = noop
>
> (1) check_usage:   $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'jake'
>
> (1) check_usage:   $RAD_REQUEST{'NAS-IP-Address'} =
> &request:NAS-IP-Address -> '10.1.1.23'
>
> (1) check_usage:   $RAD_REQUEST{'Service-Type'} = &request:Service-Type ->
> 'Framed-User'
>
> (1) check_usage:   $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU ->
> '1400'
>
> (1) check_usage:   $RAD_REQUEST{'State'} = &request:State ->
> '0x2ae8af442ae9ab526f505f86b4932430'
>
> (1) check_usage:   $RAD_REQUEST{'Called-Station-Id'} =
> &request:Called-Station-Id -> '02-0C-42-B7-A9-5E:GRACE UPON GRACE'
>
> (1) check_usage:   $RAD_REQUEST{'Calling-Station-Id'} =
> &request:Calling-Station-Id -> 'F8-A9-D0-18-F2-24'
>
> (1) check_usage:   $RAD_REQUEST{'NAS-Identifier'} =
> &request:NAS-Identifier -> 'MikroTik'
>
> (1) check_usage:   $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type
> -> 'Wireless-802.11'
>
> (1) check_usage:   $RAD_REQUEST{'Acct-Session-Id'} =
> &request:Acct-Session-Id -> '82200019'
>
> (1) check_usage:   $RAD_REQUEST{'Acct-Multi-Session-Id'} =
> &request:Acct-Multi-Session-Id ->
> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'
>
> (1) check_usage:   $RAD_REQUEST{'Event-Timestamp'} =
> &request:Event-Timestamp -> 'Jun 26 2015 03:36:51 UTC'
>
> (1) check_usage:   $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message ->
> '0x020100060319'
>
> (1) check_usage:   $RAD_REQUEST{'Message-Authenticator'} =
> &request:Message-Authenticator -> '0x23c1df8ed8c64f231b0e8b9a5c48c798'
>
> (1) check_usage:   $RAD_REQUEST{'NAS-Port-Id'} = &request:NAS-Port-Id ->
> 'wlan4'
>
> (1) check_usage:   $RAD_REQUEST{'EAP-Type'} = &request:EAP-Type -> 'NAK'
>
> (1) check_usage:   $RAD_REQUEST{'SQL-User-Name'} = &request:SQL-User-Name
> -> 'jake'
>
> (1) check_usage:   $RAD_REQUEST{'Site'} = &request:Site -> '1'
>
> (1) check_usage:   $RAD_REPLY{'Session-Timeout'} = &reply:Session-Timeout
> -> '10800'
>
> (1) check_usage:   $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'EAP'
>
> (1) check_usage:   $RAD_CHECK{'Cleartext-Password'} =
> &control:Cleartext-Password -> 'fheman123'
>
> (1) check_usage:   $RAD_CHECK{'Total-Bytes'} = &control:Total-Bytes ->
> '999999999999999999'
>
> (1) check_usage:   $RAD_CHECK{'Used-Bytes'} = &control:Used-Bytes ->
> '154996'
>
> (1) check_usage:   $RAD_CHECK{'Reset-Date'} = &control:Reset-Date -> '13'
>
> (1) check_usage:   $RAD_CHECK{'Email'} = &control:Email -> '
> zhex900 at gmail.com'
>
> (1) check_usage:   $RAD_CHECK{'Sent-Mail'} = &control:Sent-Mail -> '0'
>
> (1) check_usage:   $RAD_CHECK{'Mobile'} = &control:Mobile -> '0433169153'
>
> (1) check_usage:   $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'EAP'
>
> (1) check_usage:   $RAD_CONFIG{'Cleartext-Password'} =
> &control:Cleartext-Password -> 'fheman123'
>
> (1) check_usage:   $RAD_CONFIG{'Total-Bytes'} = &control:Total-Bytes ->
> '999999999999999999'
>
> (1) check_usage:   $RAD_CONFIG{'Used-Bytes'} = &control:Used-Bytes ->
> '154996'
>
> (1) check_usage:   $RAD_CONFIG{'Reset-Date'} = &control:Reset-Date -> '13'
>
> (1) check_usage:   $RAD_CONFIG{'Email'} = &control:Email -> '
> zhex900 at gmail.com'
>
> (1) check_usage:   $RAD_CONFIG{'Sent-Mail'} = &control:Sent-Mail -> '0'
>
> (1) check_usage:   $RAD_CONFIG{'Mobile'} = &control:Mobile -> '0433169153'
>
> (1) check_usage: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400'
>
> (1) check_usage: &request:Event-Timestamp =
> $RAD_REQUEST{'Event-Timestamp'} -> 'Jun 26 2015 03:36:51 UTC'
>
> (1) check_usage: &request:Service-Type = $RAD_REQUEST{'Service-Type'} ->
> 'Framed-User'
>
> (1) check_usage: &request:Calling-Station-Id =
> $RAD_REQUEST{'Calling-Station-Id'} -> 'F8-A9-D0-18-F2-24'
>
> (1) check_usage: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'jake'
>
> (1) check_usage: &request:EAP-Type = $RAD_REQUEST{'EAP-Type'} -> 'NAK'
>
> (1) check_usage: &request:Message-Authenticator =
> $RAD_REQUEST{'Message-Authenticator'} ->
> '0x23c1df8ed8c64f231b0e8b9a5c48c798'
>
> (1) check_usage: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} ->
> 'Wireless-802.11'
>
> (1) check_usage: &request:Acct-Multi-Session-Id =
> $RAD_REQUEST{'Acct-Multi-Session-Id'} ->
> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'
>
> (1) check_usage: &request:SQL-User-Name = $RAD_REQUEST{'SQL-User-Name'} ->
> 'jake'
>
> (1) check_usage: &request:Called-Station-Id =
> $RAD_REQUEST{'Called-Station-Id'} -> '02-0C-42-B7-A9-5E:GRACE UPON GRACE'
>
> (1) check_usage: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'}
> -> '10.1.1.23'
>
> (1) check_usage: &request:Acct-Session-Id =
> $RAD_REQUEST{'Acct-Session-Id'} -> '82200019'
>
> (1) check_usage: &request:NAS-Port-Id = $RAD_REQUEST{'NAS-Port-Id'} ->
> 'wlan4'
>
> (1) check_usage: &request:Site = $RAD_REQUEST{'Site'} -> '1'
>
> (1) check_usage: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} ->
> '0x020100060319'
>
> (1) check_usage: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'}
> -> 'MikroTik'
>
> (1) check_usage: &request:State = $RAD_REQUEST{'State'} ->
> '0x2ae8af442ae9ab526f505f86b4932430'
>
> (1) check_usage: &reply:Mikrotik-Total-Limit-Gigawords =
> $RAD_REPLY{'Mikrotik-Total-Limit-Gigawords'} -> '232830643'
>
> (1) check_usage: &reply:Mikrotik-Total-Limit =
> $RAD_REPLY{'Mikrotik-Total-Limit'} -> '2808193675'
>
> (1) check_usage: &reply:Session-Timeout = $RAD_REPLY{'Session-Timeout'} ->
> '10800'
>
> (1) check_usage: &control:Cleartext-Password =
> $RAD_CHECK{'Cleartext-Password'} -> 'fheman123'
>
> (1) check_usage: &control:Avail-Bytes = $RAD_CHECK{'Avail-Bytes'} ->
> '999999999999845003'
>
> (1) check_usage: &control:Mobile = $RAD_CHECK{'Mobile'} -> '0433169153'
>
> (1) check_usage: &control:Reset-Date = $RAD_CHECK{'Reset-Date'} -> '13'
>
> (1) check_usage: &control:Sent-Mail = $RAD_CHECK{'Sent-Mail'} -> '0'
>
> (1) check_usage: &control:Total-Bytes = $RAD_CHECK{'Total-Bytes'} ->
> '999999999999999999'
>
> (1) check_usage: &control:Used-Bytes = $RAD_CHECK{'Used-Bytes'} -> '154996'
>
> (1) check_usage: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'EAP'
>
> (1) check_usage: &control:Email = $RAD_CHECK{'Email'} -> '
> zhex900 at gmail.com'
>
> (1)         [check_usage] = updated
>
> (1)       } # if ((control:Total-Bytes)) = updated
>
> (1)     } # policy data-restriction = updated
>
> (1)     [expiration] = noop
>
> (1)     [logintime] = noop
>
> (1) pap: WARNING: Auth-Type already set.  Not setting to PAP
>
> (1)     [pap] = noop
>
> (1)   } # authorize = updated
>
> (1) Found Auth-Type = EAP
>
> (1) # Executing group from file /etc/freeradius/sites-enabled/default
>
> (1)   authenticate {
>
> (1) eap: Expiring EAP session with state 0x2ae8af442ae9ab52
>
> (1) eap: Finished EAP session with state 0x2ae8af442ae9ab52
>
> (1) eap: Previous EAP request found for state 0x2ae8af442ae9ab52, released
> from the list
>
> (1) eap: Peer sent method NAK (3)
>
> (1) eap: Found mutually acceptable type PEAP (25)
>
> (1) eap: Calling eap_peap to process EAP data
>
> (1) eap_peap: Flushing SSL sessions (of #0)
>
> (1) eap_peap: Initiate
>
> (1) eap_peap: Start returned 1
>
> (1) eap: EAP session adding &reply:State = 0x2ae8af442beab652
>
> (1)     [eap] = handled
>
> (1)   } # authenticate = handled
>
> (1) Using Post-Auth-Type Challenge
>
> (1) Post-Auth-Type sub-section not found.  Ignoring.
>
> (1) # Executing group from file /etc/freeradius/sites-enabled/default
>
> (1) Sent Access-Challenge Id 242 from 172.17.0.68:1812 to
> 203.59.132.253:44270 length 0
>
> (1)   Mikrotik-Total-Limit-Gigawords = 232830643
>
> (1)   Mikrotik-Total-Limit = 2808193675
>
> (1)   Session-Timeout = 10800
>
> (1)   EAP-Message = 0x010200061920
>
> (1)   Message-Authenticator = 0x00000000000000000000000000000000
>
> (1)   State = 0x2ae8af442beab6526f505f86b4932430
>
> (1) Finished request
>
> Waking up in 4.8 seconds.
>
> (2) Received Access-Request Id 243 from 203.59.132.253:52144 to
> 172.17.0.68:1812 length 427
>
> (2)   Service-Type = Framed-User
>
> (2)   Framed-MTU = 1400
>
> (2)   User-Name = 'jake'
>
> (2)   State = 0x2ae8af442beab6526f505f86b4932430
>
> (2)   NAS-Port-Id = 'wlan4'
>
> (2)   NAS-Port-Type = Wireless-802.11
>
> (2)   Acct-Session-Id = '82200019'
>
> (2)   Acct-Multi-Session-Id =
> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'
>
> (2)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'
>
> (2)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'
>
> (2)   EAP-Message =
> 0x020200c41980000000ba16030100b5010000b103016e692cd58137a32168d3f582da80112b10f99f0b740669a6ebb3372583558513000048c014c00a00390038c00fc0050035c013c00900330032c00ec004002fc011c007c00cc00200050004c012c00800160013c00dc003000a001500120009001400
>
> (2)   Message-Authenticator = 0xe1a2042b676d0a3bca307cb23bd11d3d
>
> (2)   NAS-Identifier = 'MikroTik'
>
> (2)   NAS-IP-Address = 10.1.1.23
>
> (2) session-state: No cached attributes
>
> (2) # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
>
> (2)   authorize {
>
> (2)     policy filter_username {
>
> (2)       if (!&User-Name) {
>
> (2)       if (!&User-Name)  -> FALSE
>
> (2)       if (&User-Name =~ / /) {
>
> (2)       if (&User-Name =~ / /)  -> FALSE
>
> (2)       if (&User-Name =~ /@.*@/ ) {
>
> (2)       if (&User-Name =~ /@.*@/ )  -> FALSE
>
> (2)       if (&User-Name =~ /\.\./ ) {
>
> (2)       if (&User-Name =~ /\.\./ )  -> FALSE
>
> (2)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
>
> (2)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
> FALSE
>
> (2)       if (&User-Name =~ /\.$/)  {
>
> (2)       if (&User-Name =~ /\.$/)   -> FALSE
>
> (2)       if (&User-Name =~ /@\./)  {
>
> (2)       if (&User-Name =~ /@\./)   -> FALSE
>
> (2)     } # policy filter_username = notfound
>
> (2)     [preprocess] = ok
>
> (2)     [chap] = noop
>
> (2)     [mschap] = noop
>
> (2)     [digest] = noop
>
> (2) suffix: Checking for suffix after "@"
>
> (2) suffix: No '@' in User-Name = "jake", looking up realm NULL
>
> (2) suffix: No such realm "NULL"
>
> (2)     [suffix] = noop
>
> (2) eap: Peer sent code Response (2) ID 2 length 196
>
> (2) eap: Continuing tunnel setup
>
> (2)     [eap] = ok
>
> (2)   } # authorize = ok
>
> (2) Found Auth-Type = EAP
>
> (2) # Executing group from file /etc/freeradius/sites-enabled/default
>
> (2)   authenticate {
>
> (2) eap: Expiring EAP session with state 0x2ae8af442beab652
>
> (2) eap: Finished EAP session with state 0x2ae8af442beab652
>
> (2) eap: Previous EAP request found for state 0x2ae8af442beab652, released
> from the list
>
> (2) eap: Peer sent method PEAP (25)
>
> (2) eap: EAP PEAP (25)
>
> (2) eap: Calling eap_peap to process EAP data
>
> (2) eap_peap: processing EAP-TLS
>
> (2) eap_peap: TLS Length 186
>
> (2) eap_peap: Length Included
>
> (2) eap_peap: eaptls_verify returned 11
>
> (2) eap_peap: (other): before/accept initialization
>
> (2) eap_peap: TLS_accept: before/accept initialization
>
> (2) eap_peap: <<< TLS 1.0 Handshake [length 00b5], ClientHello
>
> (2) eap_peap: TLS_accept: SSLv3 read client hello A
>
> (2) eap_peap: >>> TLS 1.0 Handshake [length 0059], ServerHello
>
> (2) eap_peap: TLS_accept: SSLv3 write server hello A
>
> (2) eap_peap: >>> TLS 1.0 Handshake [length 08d0], Certificate
>
> (2) eap_peap: TLS_accept: SSLv3 write certificate A
>
> (2) eap_peap: >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
>
> (2) eap_peap: TLS_accept: SSLv3 write key exchange A
>
> (2) eap_peap: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
>
> (2) eap_peap: TLS_accept: SSLv3 write server done A
>
> (2) eap_peap: TLS_accept: SSLv3 flush data
>
> (2) eap_peap: TLS_accept: Need to read more data: SSLv3 read client
> certificate A
>
> (2) eap_peap: TLS_accept: Need to read more data: SSLv3 read client
> certificate A
>
> In SSL Handshake Phase
>
> In SSL Accept mode
>
> (2) eap_peap: eaptls_process returned 13
>
> (2) eap_peap: FR_TLS_HANDLED
>
> (2) eap: EAP session adding &reply:State = 0x2ae8af4428ebb652
>
> (2)     [eap] = handled
>
> (2)   } # authenticate = handled
>
> (2) Using Post-Auth-Type Challenge
>
> (2) Post-Auth-Type sub-section not found.  Ignoring.
>
> (2) # Executing group from file /etc/freeradius/sites-enabled/default
>
> (2) Sent Access-Challenge Id 243 from 172.17.0.68:1812 to
> 203.59.132.253:52144 length 0
>
> (2)   EAP-Message =
> 0x010303ec19c000000a8c1603010059020000550301d46c8d0a4b602b18e16f0c2eca4ab0b9923c8c75937b6be866c61bccebeff4f020f8318cccbe262c0e3e6529d8f49d6f94bb3d20480c225789496ecaf88b6d23bbc01400000dff01000100000b00040300010216030108d00b0008cc0008c90003de
>
> (2)   Message-Authenticator = 0x00000000000000000000000000000000
>
> (2)   State = 0x2ae8af4428ebb6526f505f86b4932430
>
> (2) Finished request
>
> Waking up in 4.7 seconds.
>
> (3) Received Access-Request Id 244 from 203.59.132.253:35924 to
> 172.17.0.68:1812 length 237
>
> (3)   Service-Type = Framed-User
>
> (3)   Framed-MTU = 1400
>
> (3)   User-Name = 'jake'
>
> (3)   State = 0x2ae8af4428ebb6526f505f86b4932430
>
> (3)   NAS-Port-Id = 'wlan4'
>
> (3)   NAS-Port-Type = Wireless-802.11
>
> (3)   Acct-Session-Id = '82200019'
>
> (3)   Acct-Multi-Session-Id =
> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'
>
> (3)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'
>
> (3)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'
>
> (3)   EAP-Message = 0x020300061900
>
> (3)   Message-Authenticator = 0xbcede2e1f511c39d7829a8d31d3056ca
>
> (3)   NAS-Identifier = 'MikroTik'
>
> (3)   NAS-IP-Address = 10.1.1.23
>
> (3) session-state: No cached attributes
>
> (3) # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
>
> (3)   authorize {
>
> (3)     policy filter_username {
>
> (3)       if (!&User-Name) {
>
> (3)       if (!&User-Name)  -> FALSE
>
> (3)       if (&User-Name =~ / /) {
>
> (3)       if (&User-Name =~ / /)  -> FALSE
>
> (3)       if (&User-Name =~ /@.*@/ ) {
>
> (3)       if (&User-Name =~ /@.*@/ )  -> FALSE
>
> (3)       if (&User-Name =~ /\.\./ ) {
>
> (3)       if (&User-Name =~ /\.\./ )  -> FALSE
>
> (3)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
>
> (3)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
> FALSE
>
> (3)       if (&User-Name =~ /\.$/)  {
>
> (3)       if (&User-Name =~ /\.$/)   -> FALSE
>
> (3)       if (&User-Name =~ /@\./)  {
>
> (3)       if (&User-Name =~ /@\./)   -> FALSE
>
> (3)     } # policy filter_username = notfound
>
> (3)     [preprocess] = ok
>
> (3)     [chap] = noop
>
> (3)     [mschap] = noop
>
> (3)     [digest] = noop
>
> (3) suffix: Checking for suffix after "@"
>
> (3) suffix: No '@' in User-Name = "jake", looking up realm NULL
>
> (3) suffix: No such realm "NULL"
>
> (3)     [suffix] = noop
>
> (3) eap: Peer sent code Response (2) ID 3 length 6
>
> (3) eap: Continuing tunnel setup
>
> (3)     [eap] = ok
>
> (3)   } # authorize = ok
>
> (3) Found Auth-Type = EAP
>
> (3) # Executing group from file /etc/freeradius/sites-enabled/default
>
> (3)   authenticate {
>
> (3) eap: Expiring EAP session with state 0x2ae8af4428ebb652
>
> (3) eap: Finished EAP session with state 0x2ae8af4428ebb652
>
> (3) eap: Previous EAP request found for state 0x2ae8af4428ebb652, released
> from the list
>
> (3) eap: Peer sent method PEAP (25)
>
> (3) eap: EAP PEAP (25)
>
> (3) eap: Calling eap_peap to process EAP data
>
> (3) eap_peap: processing EAP-TLS
>
> (3) eap_peap: Received TLS ACK
>
> (3) eap_peap: Received TLS ACK
>
> (3) eap_peap: ACK handshake fragment handler
>
> (3) eap_peap: eaptls_verify returned 1
>
> (3) eap_peap: eaptls_process returned 13
>
> (3) eap_peap: FR_TLS_HANDLED
>
> (3) eap: EAP session adding &reply:State = 0x2ae8af4429ecb652
>
> (3)     [eap] = handled
>
> (3)   } # authenticate = handled
>
> (3) Using Post-Auth-Type Challenge
>
> (3) Post-Auth-Type sub-section not found.  Ignoring.
>
> (3) # Executing group from file /etc/freeradius/sites-enabled/default
>
> (3) Sent Access-Challenge Id 244 from 172.17.0.68:1812 to
> 203.59.132.253:35924 length 0
>
> (3)   EAP-Message =
> 0x010403e8194070fc3072618327914b90833c80b17761d6b71ed327b33f801709abca73c4785893e2238950ca0494c79dceb74a47d2ae97f2cf40c1857e89d6543f5d275ca54082c2d8a4ec8109ca6d7161699efce7a8d33588e1f1403c619f4ebd02f166ab8a0d9b07ad442d0202e60004e5308204e130
>
> (3)   Message-Authenticator = 0x00000000000000000000000000000000
>
> (3)   State = 0x2ae8af4429ecb6526f505f86b4932430
>
> (3) Finished request
>
> Waking up in 4.6 seconds.
>
> (4) Received Access-Request Id 245 from 203.59.132.253:39524 to
> 172.17.0.68:1812 length 237
>
> (4)   Service-Type = Framed-User
>
> (4)   Framed-MTU = 1400
>
> (4)   User-Name = 'jake'
>
> (4)   State = 0x2ae8af4429ecb6526f505f86b4932430
>
> (4)   NAS-Port-Id = 'wlan4'
>
> (4)   NAS-Port-Type = Wireless-802.11
>
> (4)   Acct-Session-Id = '82200019'
>
> (4)   Acct-Multi-Session-Id =
> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'
>
> (4)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'
>
> (4)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'
>
> (4)   EAP-Message = 0x020400061900
>
> (4)   Message-Authenticator = 0x54aecaf6cd05e5bf1bce8ad82728077d
>
> (4)   NAS-Identifier = 'MikroTik'
>
> (4)   NAS-IP-Address = 10.1.1.23
>
> (4) session-state: No cached attributes
>
> (4) # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
>
> (4)   authorize {
>
> (4)     policy filter_username {
>
> (4)       if (!&User-Name) {
>
> (4)       if (!&User-Name)  -> FALSE
>
> (4)       if (&User-Name =~ / /) {
>
> (4)       if (&User-Name =~ / /)  -> FALSE
>
> (4)       if (&User-Name =~ /@.*@/ ) {
>
> (4)       if (&User-Name =~ /@.*@/ )  -> FALSE
>
> (4)       if (&User-Name =~ /\.\./ ) {
>
> (4)       if (&User-Name =~ /\.\./ )  -> FALSE
>
> (4)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
>
> (4)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
> FALSE
>
> (4)       if (&User-Name =~ /\.$/)  {
>
> (4)       if (&User-Name =~ /\.$/)   -> FALSE
>
> (4)       if (&User-Name =~ /@\./)  {
>
> (4)       if (&User-Name =~ /@\./)   -> FALSE
>
> (4)     } # policy filter_username = notfound
>
> (4)     [preprocess] = ok
>
> (4)     [chap] = noop
>
> (4)     [mschap] = noop
>
> (4)     [digest] = noop
>
> (4) suffix: Checking for suffix after "@"
>
> (4) suffix: No '@' in User-Name = "jake", looking up realm NULL
>
> (4) suffix: No such realm "NULL"
>
> (4)     [suffix] = noop
>
> (4) eap: Peer sent code Response (2) ID 4 length 6
>
> (4) eap: Continuing tunnel setup
>
> (4)     [eap] = ok
>
> (4)   } # authorize = ok
>
> (4) Found Auth-Type = EAP
>
> (4) # Executing group from file /etc/freeradius/sites-enabled/default
>
> (4)   authenticate {
>
> (4) eap: Expiring EAP session with state 0x2ae8af4429ecb652
>
> (4) eap: Finished EAP session with state 0x2ae8af4429ecb652
>
> (4) eap: Previous EAP request found for state 0x2ae8af4429ecb652, released
> from the list
>
> (4) eap: Peer sent method PEAP (25)
>
> (4) eap: EAP PEAP (25)
>
> (4) eap: Calling eap_peap to process EAP data
>
> (4) eap_peap: processing EAP-TLS
>
> (4) eap_peap: Received TLS ACK
>
> (4) eap_peap: Received TLS ACK
>
> (4) eap_peap: ACK handshake fragment handler
>
> (4) eap_peap: eaptls_verify returned 1
>
> (4) eap_peap: eaptls_process returned 13
>
> (4) eap_peap: FR_TLS_HANDLED
>
> (4) eap: EAP session adding &reply:State = 0x2ae8af442eedb652
>
> (4)     [eap] = handled
>
> (4)   } # authenticate = handled
>
> (4) Using Post-Auth-Type Challenge
>
> (4) Post-Auth-Type sub-section not found.  Ignoring.
>
> (4) # Executing group from file /etc/freeradius/sites-enabled/default
>
> (4) Sent Access-Challenge Id 245 from 172.17.0.68:1812 to
> 203.59.132.253:39524 length 0
>
> (4)   EAP-Message =
> 0x010502ce190020417574686f72697479820900b019525dc1d9412e300c0603551d13040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101006f73
>
> (4)   Message-Authenticator = 0x00000000000000000000000000000000
>
> (4)   State = 0x2ae8af442eedb6526f505f86b4932430
>
> (4) Finished request
>
> Waking up in 4.4 seconds.
>
> (5) Received Access-Request Id 246 from 203.59.132.253:45440 to
> 172.17.0.68:1812 length 375
>
> (5)   Service-Type = Framed-User
>
> (5)   Framed-MTU = 1400
>
> (5)   User-Name = 'jake'
>
> (5)   State = 0x2ae8af442eedb6526f505f86b4932430
>
> (5)   NAS-Port-Id = 'wlan4'
>
> (5)   NAS-Port-Type = Wireless-802.11
>
> (5)   Acct-Session-Id = '82200019'
>
> (5)   Acct-Multi-Session-Id =
> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'
>
> (5)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'
>
> (5)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'
>
> (5)   EAP-Message =
> 0x020500901980000000861603010046100000424104bd66ff8372c1dc049759a9b955193ffa8e8e4da7348cc4e36500cb9b5198ba94ea171b8d06416f4894d5ff73e68fa74a8d6fd8563daec796148288a0a5ed0ebb1403010001011603010030bfe20542d15a4dfa96fecdb720ea6156305308632d1890
>
> (5)   Message-Authenticator = 0x7df94396891c33014810e3acbeafcbb1
>
> (5)   NAS-Identifier = 'MikroTik'
>
> (5)   NAS-IP-Address = 10.1.1.23
>
> (5) session-state: No cached attributes
>
> (5) # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
>
> (5)   authorize {
>
> (5)     policy filter_username {
>
> (5)       if (!&User-Name) {
>
> (5)       if (!&User-Name)  -> FALSE
>
> (5)       if (&User-Name =~ / /) {
>
> (5)       if (&User-Name =~ / /)  -> FALSE
>
> (5)       if (&User-Name =~ /@.*@/ ) {
>
> (5)       if (&User-Name =~ /@.*@/ )  -> FALSE
>
> (5)       if (&User-Name =~ /\.\./ ) {
>
> (5)       if (&User-Name =~ /\.\./ )  -> FALSE
>
> (5)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
>
> (5)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
> FALSE
>
> (5)       if (&User-Name =~ /\.$/)  {
>
> (5)       if (&User-Name =~ /\.$/)   -> FALSE
>
> (5)       if (&User-Name =~ /@\./)  {
>
> (5)       if (&User-Name =~ /@\./)   -> FALSE
>
> (5)     } # policy filter_username = notfound
>
> (5)     [preprocess] = ok
>
> (5)     [chap] = noop
>
> (5)     [mschap] = noop
>
> (5)     [digest] = noop
>
> (5) suffix: Checking for suffix after "@"
>
> (5) suffix: No '@' in User-Name = "jake", looking up realm NULL
>
> (5) suffix: No such realm "NULL"
>
> (5)     [suffix] = noop
>
> (5) eap: Peer sent code Response (2) ID 5 length 144
>
> (5) eap: Continuing tunnel setup
>
> (5)     [eap] = ok
>
> (5)   } # authorize = ok
>
> (5) Found Auth-Type = EAP
>
> (5) # Executing group from file /etc/freeradius/sites-enabled/default
>
> (5)   authenticate {
>
> (5) eap: Expiring EAP session with state 0x2ae8af442eedb652
>
> (5) eap: Finished EAP session with state 0x2ae8af442eedb652
>
> (5) eap: Previous EAP request found for state 0x2ae8af442eedb652, released
> from the list
>
> (5) eap: Peer sent method PEAP (25)
>
> (5) eap: EAP PEAP (25)
>
> (5) eap: Calling eap_peap to process EAP data
>
> (5) eap_peap: processing EAP-TLS
>
> (5) eap_peap: TLS Length 134
>
> (5) eap_peap: Length Included
>
> (5) eap_peap: eaptls_verify returned 11
>
> (5) eap_peap: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
>
> (5) eap_peap: TLS_accept: SSLv3 read client key exchange A
>
> (5) eap_peap: <<< TLS 1.0 ChangeCipherSpec [length 0001]
>
> (5) eap_peap: <<< TLS 1.0 Handshake [length 0010], Finished
>
> (5) eap_peap: TLS_accept: SSLv3 read finished A
>
> (5) eap_peap: >>> TLS 1.0 ChangeCipherSpec [length 0001]
>
> (5) eap_peap: TLS_accept: SSLv3 write change cipher spec A
>
> (5) eap_peap: >>> TLS 1.0 Handshake [length 0010], Finished
>
> (5) eap_peap: TLS_accept: SSLv3 write finished A
>
> (5) eap_peap: TLS_accept: SSLv3 flush data
>
>   TLS: adding session
> f8318cccbe262c0e3e6529d8f49d6f94bb3d20480c225789496ecaf88b6d23bb to cache
>
> (5) eap_peap: (other): SSL negotiation finished successfully
>
> SSL Connection Established
>
> (5) eap_peap: eaptls_process returned 13
>
> (5) eap_peap: FR_TLS_HANDLED
>
> (5) eap: EAP session adding &reply:State = 0x2ae8af442feeb652
>
> (5)     [eap] = handled
>
> (5)   } # authenticate = handled
>
> (5) Using Post-Auth-Type Challenge
>
> (5) Post-Auth-Type sub-section not found.  Ignoring.
>
> (5) # Executing group from file /etc/freeradius/sites-enabled/default
>
> (5) Sent Access-Challenge Id 246 from 172.17.0.68:1812 to
> 203.59.132.253:45440 length 0
>
> (5)   EAP-Message =
> 0x0106004119001403010001011603010030b50c5c6bcd7f1f0c3cdb9a9dd16fb6d24bfc64db51180644d3f3806f9a566ed700be78e43a68b107312669ee0fbe6d1f
>
> (5)   Message-Authenticator = 0x00000000000000000000000000000000
>
> (5)   State = 0x2ae8af442feeb6526f505f86b4932430
>
> (5) Finished request
>
> Waking up in 4.3 seconds.
>
> (6) Received Access-Request Id 247 from 203.59.132.253:39369 to
> 172.17.0.68:1812 length 237
>
> (6)   Service-Type = Framed-User
>
> (6)   Framed-MTU = 1400
>
> (6)   User-Name = 'jake'
>
> (6)   State = 0x2ae8af442feeb6526f505f86b4932430
>
> (6)   NAS-Port-Id = 'wlan4'
>
> (6)   NAS-Port-Type = Wireless-802.11
>
> (6)   Acct-Session-Id = '82200019'
>
> (6)   Acct-Multi-Session-Id =
> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'
>
> (6)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'
>
> (6)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'
>
> (6)   EAP-Message = 0x020600061900
>
> (6)   Message-Authenticator = 0xb6affee6faf6ee543b6ef9c9f52f74ec
>
> (6)   NAS-Identifier = 'MikroTik'
>
> (6)   NAS-IP-Address = 10.1.1.23
>
> (6) session-state: No cached attributes
>
> (6) # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
>
> (6)   authorize {
>
> (6)     policy filter_username {
>
> (6)       if (!&User-Name) {
>
> (6)       if (!&User-Name)  -> FALSE
>
> (6)       if (&User-Name =~ / /) {
>
> (6)       if (&User-Name =~ / /)  -> FALSE
>
> (6)       if (&User-Name =~ /@.*@/ ) {
>
> (6)       if (&User-Name =~ /@.*@/ )  -> FALSE
>
> (6)       if (&User-Name =~ /\.\./ ) {
>
> (6)       if (&User-Name =~ /\.\./ )  -> FALSE
>
> (6)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
>
> (6)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
> FALSE
>
> (6)       if (&User-Name =~ /\.$/)  {
>
> (6)       if (&User-Name =~ /\.$/)   -> FALSE
>
> (6)       if (&User-Name =~ /@\./)  {
>
> (6)       if (&User-Name =~ /@\./)   -> FALSE
>
> (6)     } # policy filter_username = notfound
>
> (6)     [preprocess] = ok
>
> (6)     [chap] = noop
>
> (6)     [mschap] = noop
>
> (6)     [digest] = noop
>
> (6) suffix: Checking for suffix after "@"
>
> (6) suffix: No '@' in User-Name = "jake", looking up realm NULL
>
> (6) suffix: No such realm "NULL"
>
> (6)     [suffix] = noop
>
> (6) eap: Peer sent code Response (2) ID 6 length 6
>
> (6) eap: Continuing tunnel setup
>
> (6)     [eap] = ok
>
> (6)   } # authorize = ok
>
> (6) Found Auth-Type = EAP
>
> (6) # Executing group from file /etc/freeradius/sites-enabled/default
>
> (6)   authenticate {
>
> (6) eap: Expiring EAP session with state 0x2ae8af442feeb652
>
> (6) eap: Finished EAP session with state 0x2ae8af442feeb652
>
> (6) eap: Previous EAP request found for state 0x2ae8af442feeb652, released
> from the list
>
> (6) eap: Peer sent method PEAP (25)
>
> (6) eap: EAP PEAP (25)
>
> (6) eap: Calling eap_peap to process EAP data
>
> (6) eap_peap: processing EAP-TLS
>
> (6) eap_peap: Received TLS ACK
>
> (6) eap_peap: Received TLS ACK
>
> (6) eap_peap: ACK handshake is finished
>
> (6) eap_peap: eaptls_verify returned 3
>
> (6) eap_peap: eaptls_process returned 3
>
> (6) eap_peap: FR_TLS_SUCCESS
>
> (6) eap_peap: Session established.  Decoding tunneled attributes
>
> (6) eap_peap: PEAP state TUNNEL ESTABLISHED
>
> (6) eap: EAP session adding &reply:State = 0x2ae8af442cefb652
>
> (6)     [eap] = handled
>
> (6)   } # authenticate = handled
>
> (6) Using Post-Auth-Type Challenge
>
> (6) Post-Auth-Type sub-section not found.  Ignoring.
>
> (6) # Executing group from file /etc/freeradius/sites-enabled/default
>
> (6) Sent Access-Challenge Id 247 from 172.17.0.68:1812 to
> 203.59.132.253:39369 length 0
>
> (6)   EAP-Message =
> 0x0107002b190017030100209db4b82b7785ec126910f4c56f3693646b7c87d993175dec544c881e17ff7e66
>
> (6)   Message-Authenticator = 0x00000000000000000000000000000000
>
> (6)   State = 0x2ae8af442cefb6526f505f86b4932430
>
> (6) Finished request
>
> Waking up in 4.2 seconds.
>
> (7) Received Access-Request Id 248 from 203.59.132.253:54163 to
> 172.17.0.68:1812 length 274
>
> (7)   Service-Type = Framed-User
>
> (7)   Framed-MTU = 1400
>
> (7)   User-Name = 'jake'
>
> (7)   State = 0x2ae8af442cefb6526f505f86b4932430
>
> (7)   NAS-Port-Id = 'wlan4'
>
> (7)   NAS-Port-Type = Wireless-802.11
>
> (7)   Acct-Session-Id = '82200019'
>
> (7)   Acct-Multi-Session-Id =
> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'
>
> (7)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'
>
> (7)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'
>
> (7)   EAP-Message =
> 0x0207002b190017030100208286978455a47dcaa043b6ee4493bf1162e7a1a6105b84d369f022c49c2db0b8
>
> (7)   Message-Authenticator = 0xb259288f94fab665a32a8e25909eabe9
>
> (7)   NAS-Identifier = 'MikroTik'
>
> (7)   NAS-IP-Address = 10.1.1.23
>
> (7) session-state: No cached attributes
>
> (7) # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
>
> (7)   authorize {
>
> (7)     policy filter_username {
>
> (7)       if (!&User-Name) {
>
> (7)       if (!&User-Name)  -> FALSE
>
> (7)       if (&User-Name =~ / /) {
>
> (7)       if (&User-Name =~ / /)  -> FALSE
>
> (7)       if (&User-Name =~ /@.*@/ ) {
>
> (7)       if (&User-Name =~ /@.*@/ )  -> FALSE
>
> (7)       if (&User-Name =~ /\.\./ ) {
>
> (7)       if (&User-Name =~ /\.\./ )  -> FALSE
>
> (7)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
>
> (7)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
> FALSE
>
> (7)       if (&User-Name =~ /\.$/)  {
>
> (7)       if (&User-Name =~ /\.$/)   -> FALSE
>
> (7)       if (&User-Name =~ /@\./)  {
>
> (7)       if (&User-Name =~ /@\./)   -> FALSE
>
> (7)     } # policy filter_username = notfound
>
> (7)     [preprocess] = ok
>
> (7)     [chap] = noop
>
> (7)     [mschap] = noop
>
> (7)     [digest] = noop
>
> (7) suffix: Checking for suffix after "@"
>
> (7) suffix: No '@' in User-Name = "jake", looking up realm NULL
>
> (7) suffix: No such realm "NULL"
>
> (7)     [suffix] = noop
>
> (7) eap: Peer sent code Response (2) ID 7 length 43
>
> (7) eap: Continuing tunnel setup
>
> (7)     [eap] = ok
>
> (7)   } # authorize = ok
>
> (7) Found Auth-Type = EAP
>
> (7) # Executing group from file /etc/freeradius/sites-enabled/default
>
> (7)   authenticate {
>
> (7) eap: Expiring EAP session with state 0x2ae8af442cefb652
>
> (7) eap: Finished EAP session with state 0x2ae8af442cefb652
>
> (7) eap: Previous EAP request found for state 0x2ae8af442cefb652, released
> from the list
>
> (7) eap: Peer sent method PEAP (25)
>
> (7) eap: EAP PEAP (25)
>
> (7) eap: Calling eap_peap to process EAP data
>
> (7) eap_peap: processing EAP-TLS
>
> (7) eap_peap: eaptls_verify returned 7
>
> (7) eap_peap: Done initial handshake
>
> (7) eap_peap: eaptls_process returned 7
>
> (7) eap_peap: FR_TLS_OK
>
> (7) eap_peap: Session established.  Decoding tunneled attributes
>
> (7) eap_peap: PEAP state WAITING FOR INNER IDENTITY
>
> (7) eap_peap: Identity - jake
>
> (7) eap_peap: Got inner identity 'jake'
>
> (7) eap_peap: Setting default EAP type for tunneled EAP session
>
> (7) eap_peap: Got tunneled request
>
> (7) eap_peap:   EAP-Message = 0x02070009016a616b65
>
> (7) eap_peap: Setting User-Name to jake
>
> (7) eap_peap: Sending tunneled request to inner-tunnel
>
> (7) eap_peap:   EAP-Message = 0x02070009016a616b65
>
> (7) eap_peap:   FreeRADIUS-Proxied-To = 127.0.0.1
>
> (7) eap_peap:   User-Name = 'jake'
>
> (7) eap_peap:   Service-Type = Framed-User
>
> (7) eap_peap:   Framed-MTU = 1400
>
> (7) eap_peap:   NAS-Port-Id = 'wlan4'
>
> (7) eap_peap:   NAS-Port-Type = Wireless-802.11
>
> (7) eap_peap:   Acct-Session-Id = '82200019'
>
> (7) eap_peap:   Acct-Multi-Session-Id =
> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'
>
> (7) eap_peap:   Calling-Station-Id = 'F8-A9-D0-18-F2-24'
>
> (7) eap_peap:   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'
>
> (7) eap_peap:   NAS-Identifier = 'MikroTik'
>
> (7) eap_peap:   NAS-IP-Address = 10.1.1.23
>
> (7) eap_peap:   Event-Timestamp = 'Jun 26 2015 03:36:52 UTC'
>
> (7) Virtual server inner-tunnel received request
>
> (7)   EAP-Message = 0x02070009016a616b65
>
> (7)   FreeRADIUS-Proxied-To = 127.0.0.1
>
> (7)   User-Name = 'jake'
>
> (7)   Service-Type = Framed-User
>
> (7)   Framed-MTU = 1400
>
> (7)   NAS-Port-Id = 'wlan4'
>
> (7)   NAS-Port-Type = Wireless-802.11
>
> (7)   Acct-Session-Id = '82200019'
>
> (7)   Acct-Multi-Session-Id =
> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'
>
> (7)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'
>
> (7)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'
>
> (7)   NAS-Identifier = 'MikroTik'
>
> (7)   NAS-IP-Address = 10.1.1.23
>
> (7)   Event-Timestamp = 'Jun 26 2015 03:36:52 UTC'
>
> (7) server inner-tunnel {
>
> (7)   # Executing section authorize from file
> /etc/freeradius/sites-enabled/inner-tunnel
>
> (7)     authorize {
>
> (7)       [chap] = noop
>
> (7)       [mschap] = noop
>
> (7) suffix: Checking for suffix after "@"
>
> (7) suffix: No '@' in User-Name = "jake", looking up realm NULL
>
> (7) suffix: No such realm "NULL"
>
> (7)       [suffix] = noop
>
> (7)       update control {
>
> (7)         &Proxy-To-Realm := LOCAL
>
> (7)       } # update control = noop
>
> (7) eap: Peer sent code Response (2) ID 7 length 9
>
> (7) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
> rest of authorize
>
> (7)       [eap] = ok
>
> (7)     } # authorize = ok
>
> (7)   Found Auth-Type = EAP
>
> (7)   # Executing group from file
> /etc/freeradius/sites-enabled/inner-tunnel
>
> (7)     authenticate {
>
> (7) eap: Peer sent method Identity (1)
>
> (7) eap: Calling eap_mschapv2 to process EAP data
>
> (7) eap_mschapv2: Issuing Challenge
>
> (7) eap: EAP session adding &reply:State = 0x22b0356022b82f2e
>
> (7)       [eap] = handled
>
> (7)     } # authenticate = handled
>
> (7) } # server inner-tunnel
>
> (7) Virtual server sending reply
>
> (7)   EAP-Message =
> 0x0108002a1a010800251014f3168a99ab99e591528dc482b16e2c667265657261646975732d332e302e38
>
> (7)   Message-Authenticator = 0x00000000000000000000000000000000
>
> (7)   State = 0x22b0356022b82f2e85a63bb65e619718
>
> (7) eap_peap: Got tunneled reply code 11
>
> (7) eap_peap:   EAP-Message =
> 0x0108002a1a010800251014f3168a99ab99e591528dc482b16e2c667265657261646975732d332e302e38
>
> (7) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
>
> (7) eap_peap:   State = 0x22b0356022b82f2e85a63bb65e619718
>
> (7) eap_peap: Got tunneled reply RADIUS code 11
>
> (7) eap_peap:   EAP-Message =
> 0x0108002a1a010800251014f3168a99ab99e591528dc482b16e2c667265657261646975732d332e302e38
>
> (7) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
>
> (7) eap_peap:   State = 0x22b0356022b82f2e85a63bb65e619718
>
> (7) eap_peap: Got tunneled Access-Challenge
>
> (7) eap: EAP session adding &reply:State = 0x2ae8af442de0b652
>
> (7)     [eap] = handled
>
> (7)   } # authenticate = handled
>
> (7) Using Post-Auth-Type Challenge
>
> (7) Post-Auth-Type sub-section not found.  Ignoring.
>
> (7) # Executing group from file /etc/freeradius/sites-enabled/default
>
> (7) Sent Access-Challenge Id 248 from 172.17.0.68:1812 to
> 203.59.132.253:54163 length 0
>
> (7)   EAP-Message =
> 0x0108004b190017030100405d23e6bcb09cb6d20b68d9aaca1f83e4091ceff102e5083ddd35b9012b3d0e7188c3b1e155ea8f9bddc0ea1f850f357d2b8f6240e497819ecfd11cf2a7c0fbbb
>
> (7)   Message-Authenticator = 0x00000000000000000000000000000000
>
> (7)   State = 0x2ae8af442de0b6526f505f86b4932430
>
> (7) Finished request
>
> Waking up in 4.1 seconds.
>
> (8) Received Access-Request Id 249 from 203.59.132.253:36869 to
> 172.17.0.68:1812 length 322
>
> (8)   Service-Type = Framed-User
>
> (8)   Framed-MTU = 1400
>
> (8)   User-Name = 'jake'
>
> (8)   State = 0x2ae8af442de0b6526f505f86b4932430
>
> (8)   NAS-Port-Id = 'wlan4'
>
> (8)   NAS-Port-Type = Wireless-802.11
>
> (8)   Acct-Session-Id = '82200019'
>
> (8)   Acct-Multi-Session-Id =
> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'
>
> (8)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'
>
> (8)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'
>
> (8)   EAP-Message =
> 0x0208005b190017030100507a6c5910e9c1dc3a4adf8951c44d459517e50c2a6116265ff2d8924df35f0557e921ca3264d2be55f40dc688cb5fa91b6d9c14b1c9a895996ca03e1c224e31a2efb0740a6415f05685f77b4427b49f76
>
> (8)   Message-Authenticator = 0x1b7b410bbe118d5b2da8add5b4ac1a43
>
> (8)   NAS-Identifier = 'MikroTik'
>
> (8)   NAS-IP-Address = 10.1.1.23
>
> (8) session-state: No cached attributes
>
> (8) # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
>
> (8)   authorize {
>
> (8)     policy filter_username {
>
> (8)       if (!&User-Name) {
>
> (8)       if (!&User-Name)  -> FALSE
>
> (8)       if (&User-Name =~ / /) {
>
> (8)       if (&User-Name =~ / /)  -> FALSE
>
> (8)       if (&User-Name =~ /@.*@/ ) {
>
> (8)       if (&User-Name =~ /@.*@/ )  -> FALSE
>
> (8)       if (&User-Name =~ /\.\./ ) {
>
> (8)       if (&User-Name =~ /\.\./ )  -> FALSE
>
> (8)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
>
> (8)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
> FALSE
>
> (8)       if (&User-Name =~ /\.$/)  {
>
> (8)       if (&User-Name =~ /\.$/)   -> FALSE
>
> (8)       if (&User-Name =~ /@\./)  {
>
> (8)       if (&User-Name =~ /@\./)   -> FALSE
>
> (8)     } # policy filter_username = notfound
>
> (8)     [preprocess] = ok
>
> (8)     [chap] = noop
>
> (8)     [mschap] = noop
>
> (8)     [digest] = noop
>
> (8) suffix: Checking for suffix after "@"
>
> (8) suffix: No '@' in User-Name = "jake", looking up realm NULL
>
> (8) suffix: No such realm "NULL"
>
> (8)     [suffix] = noop
>
> (8) eap: Peer sent code Response (2) ID 8 length 91
>
> (8) eap: Continuing tunnel setup
>
> (8)     [eap] = ok
>
> (8)   } # authorize = ok
>
> (8) Found Auth-Type = EAP
>
> (8) # Executing group from file /etc/freeradius/sites-enabled/default
>
> (8)   authenticate {
>
> (8) eap: Expiring EAP session with state 0x22b0356022b82f2e
>
> (8) eap: Finished EAP session with state 0x2ae8af442de0b652
>
> (8) eap: Previous EAP request found for state 0x2ae8af442de0b652, released
> from the list
>
> (8) eap: Peer sent method PEAP (25)
>
> (8) eap: EAP PEAP (25)
>
> (8) eap: Calling eap_peap to process EAP data
>
> (8) eap_peap: processing EAP-TLS
>
> (8) eap_peap: eaptls_verify returned 7
>
> (8) eap_peap: Done initial handshake
>
> (8) eap_peap: eaptls_process returned 7
>
> (8) eap_peap: FR_TLS_OK
>
> (8) eap_peap: Session established.  Decoding tunneled attributes
>
> (8) eap_peap: PEAP state phase2
>
> (8) eap_peap: EAP type MSCHAPv2 (26)
>
> (8) eap_peap: Got tunneled request
>
> (8) eap_peap:   EAP-Message =
> 0x0208003f1a0208003a31fcc0fb5d30dd364f4a9edc06a2029b9d0000000000000000312629d61823e24eb9069392de30e57b93615a8ff11013d1006a616b65
>
> (8) eap_peap: Setting User-Name to jake
>
> (8) eap_peap: Sending tunneled request to inner-tunnel
>
> (8) eap_peap:   EAP-Message =
> 0x0208003f1a0208003a31fcc0fb5d30dd364f4a9edc06a2029b9d0000000000000000312629d61823e24eb9069392de30e57b93615a8ff11013d1006a616b65
>
> (8) eap_peap:   FreeRADIUS-Proxied-To = 127.0.0.1
>
> (8) eap_peap:   User-Name = 'jake'
>
> (8) eap_peap:   State = 0x22b0356022b82f2e85a63bb65e619718
>
> (8) eap_peap:   Service-Type = Framed-User
>
> (8) eap_peap:   Framed-MTU = 1400
>
> (8) eap_peap:   NAS-Port-Id = 'wlan4'
>
> (8) eap_peap:   NAS-Port-Type = Wireless-802.11
>
> (8) eap_peap:   Acct-Session-Id = '82200019'
>
> (8) eap_peap:   Acct-Multi-Session-Id =
> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'
>
> (8) eap_peap:   Calling-Station-Id = 'F8-A9-D0-18-F2-24'
>
> (8) eap_peap:   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'
>
> (8) eap_peap:   NAS-Identifier = 'MikroTik'
>
> (8) eap_peap:   NAS-IP-Address = 10.1.1.23
>
> (8) eap_peap:   Event-Timestamp = 'Jun 26 2015 03:36:52 UTC'
>
> (8) Virtual server inner-tunnel received request
>
> (8)   EAP-Message =
> 0x0208003f1a0208003a31fcc0fb5d30dd364f4a9edc06a2029b9d0000000000000000312629d61823e24eb9069392de30e57b93615a8ff11013d1006a616b65
>
> (8)   FreeRADIUS-Proxied-To = 127.0.0.1
>
> (8)   User-Name = 'jake'
>
> (8)   State = 0x22b0356022b82f2e85a63bb65e619718
>
> (8)   Service-Type = Framed-User
>
> (8)   Framed-MTU = 1400
>
> (8)   NAS-Port-Id = 'wlan4'
>
> (8)   NAS-Port-Type = Wireless-802.11
>
> (8)   Acct-Session-Id = '82200019'
>
> (8)   Acct-Multi-Session-Id =
> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'
>
> (8)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'
>
> (8)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'
>
> (8)   NAS-Identifier = 'MikroTik'
>
> (8)   NAS-IP-Address = 10.1.1.23
>
> (8)   Event-Timestamp = 'Jun 26 2015 03:36:52 UTC'
>
> (8) server inner-tunnel {
>
> (8)   session-state: No cached attributes
>
> (8)   # Executing section authorize from file
> /etc/freeradius/sites-enabled/inner-tunnel
>
> (8)     authorize {
>
> (8)       [chap] = noop
>
> (8)       [mschap] = noop
>
> (8) suffix: Checking for suffix after "@"
>
> (8) suffix: No '@' in User-Name = "jake", looking up realm NULL
>
> (8) suffix: No such realm "NULL"
>
> (8)       [suffix] = noop
>
> (8)       update control {
>
> (8)         &Proxy-To-Realm := LOCAL
>
> (8)       } # update control = noop
>
> (8) eap: Peer sent code Response (2) ID 8 length 63
>
> (8) eap: No EAP Start, assuming it's an on-going EAP conversation
>
> (8)       [eap] = updated
>
> (8)       [files] = noop
>
> (8) sql: EXPAND %{User-Name}
>
> (8) sql:    --> jake
>
> (8) sql: SQL-User-Name set to 'jake'
>
> rlm_sql (sql): Reserved connection (4)
>
> (8) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck
> WHERE username = '%{SQL-User-Name}' ORDER BY id
>
> (8) sql:    --> SELECT id, username, attribute, value, op FROM radcheck
> WHERE username = 'jake' ORDER BY id
>
> (8) sql: Executing select query: SELECT id, username, attribute, value, op
> FROM radcheck WHERE username = 'jake' ORDER BY id
>
> (8) sql: User found in radcheck table
>
> (8) sql: Conditional check items matched, merging assignment check items
>
> (8) sql:   Cleartext-Password := 'fheman123'
>
> (8) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply
> WHERE username = '%{SQL-User-Name}' ORDER BY id
>
> (8) sql:    --> SELECT id, username, attribute, value, op FROM radreply
> WHERE username = 'jake' ORDER BY id
>
> (8) sql: Executing select query: SELECT id, username, attribute, value, op
> FROM radreply WHERE username = 'jake' ORDER BY id
>
> (8) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
> '%{SQL-User-Name}' ORDER BY priority
>
> (8) sql:    --> SELECT groupname FROM radusergroup WHERE username = 'jake'
> ORDER BY priority
>
> (8) sql: Executing select query: SELECT groupname FROM radusergroup WHERE
> username = 'jake' ORDER BY priority
>
> (8) sql: User found in the group table
>
> (8) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM
> radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id
>
> (8) sql:    --> SELECT id, groupname, attribute, Value, op FROM
> radgroupcheck WHERE groupname = '14kimberleyst' ORDER BY id
>
> (8) sql: Executing select query: SELECT id, groupname, attribute, Value,
> op FROM radgroupcheck WHERE groupname = '14kimberleyst' ORDER BY id
>
> (8) sql: Group "14kimberleyst": Conditional check items matched
>
> (8) sql: Group "14kimberleyst": Merging assignment check items
>
> (8) sql:   Reset-Date := '13'
>
> (8) sql:   Total-Bytes := '999999999999999999'
>
> (8) sql: EXPAND SELECT id, groupname, attribute, value, op FROM
> radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id
>
> (8) sql:    --> SELECT id, groupname, attribute, value, op FROM
> radgroupreply WHERE groupname = '14kimberleyst' ORDER BY id
>
> (8) sql: Executing select query: SELECT id, groupname, attribute, value,
> op FROM radgroupreply WHERE groupname = '14kimberleyst' ORDER BY id
>
> (8) sql: Group "14kimberleyst": Merging reply items
>
> (8) sql:   Session-Timeout := 10800
>
> rlm_sql (sql): Released connection (4)
>
> (8)       [sql] = ok
>
> (8)       [expiration] = noop
>
> (8)       [logintime] = noop
>
> (8) pap: WARNING: Auth-Type already set.  Not setting to PAP
>
> (8)       [pap] = noop
>
> (8)     } # authorize = updated
>
> (8)   Found Auth-Type = EAP
>
> (8)   # Executing group from file
> /etc/freeradius/sites-enabled/inner-tunnel
>
> (8)     authenticate {
>
> (8) eap: Expiring EAP session with state 0x22b0356022b82f2e
>
> (8) eap: Finished EAP session with state 0x22b0356022b82f2e
>
> (8) eap: Previous EAP request found for state 0x22b0356022b82f2e, released
> from the list
>
> (8) eap: Peer sent method MSCHAPv2 (26)
>
> (8) eap: EAP MSCHAPv2 (26)
>
> (8) eap: Calling eap_mschapv2 to process EAP data
>
> (8) eap_mschapv2: # Executing group from file
> /etc/freeradius/sites-enabled/inner-tunnel
>
> (8) eap_mschapv2:   Auth-Type MS-CHAP {
>
> (8) mschap: Found Cleartext-Password, hashing to create NT-Password
>
> (8) mschap: Found Cleartext-Password, hashing to create LM-Password
>
> (8) mschap: Creating challenge hash with username: jake
>
> (8) mschap: Client is using MS-CHAPv2
>
> (8) mschap: Adding MS-CHAPv2 MPPE keys
>
> (8)     [mschap] = ok
>
> (8)   } # Auth-Type MS-CHAP = ok
>
> (8) MSCHAP Success
>
> (8) eap: EAP session adding &reply:State = 0x22b0356023b92f2e
>
> (8)       [eap] = handled
>
> (8)     } # authenticate = handled
>
> (8) } # server inner-tunnel
>
> (8) Virtual server sending reply
>
> (8)   Session-Timeout = 10800
>
> (8)   EAP-Message =
> 0x010900331a0308002e533d41333944323941353645323936313832444636323842413142393243463244353430393334463042
>
> (8)   Message-Authenticator = 0x00000000000000000000000000000000
>
> (8)   State = 0x22b0356023b92f2e85a63bb65e619718
>
> (8) eap_peap: Got tunneled reply code 11
>
> (8) eap_peap:   Session-Timeout = 10800
>
> (8) eap_peap:   EAP-Message =
> 0x010900331a0308002e533d41333944323941353645323936313832444636323842413142393243463244353430393334463042
>
> (8) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
>
> (8) eap_peap:   State = 0x22b0356023b92f2e85a63bb65e619718
>
> (8) eap_peap: Got tunneled reply RADIUS code 11
>
> (8) eap_peap:   Session-Timeout = 10800
>
> (8) eap_peap:   EAP-Message =
> 0x010900331a0308002e533d41333944323941353645323936313832444636323842413142393243463244353430393334463042
>
> (8) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
>
> (8) eap_peap:   State = 0x22b0356023b92f2e85a63bb65e619718
>
> (8) eap_peap: Got tunneled Access-Challenge
>
> (8) eap: EAP session adding &reply:State = 0x2ae8af4422e1b652
>
> (8)     [eap] = handled
>
> (8)   } # authenticate = handled
>
> (8) Using Post-Auth-Type Challenge
>
> (8) Post-Auth-Type sub-section not found.  Ignoring.
>
> (8) # Executing group from file /etc/freeradius/sites-enabled/default
>
> (8) Sent Access-Challenge Id 249 from 172.17.0.68:1812 to
> 203.59.132.253:36869 length 0
>
> (8)   EAP-Message =
> 0x0109005b19001703010050ff2fa83e838510f3b311adc6a2de5dd4e3bf9e49ca7b67699dc84fd1c698570243feeaa1c808dee3846a38ffbdf223dee1afbe871ba2398fe4bc3653e21b24c6fcee8c9607bbe10fe7370c07f0b041f4
>
> (8)   Message-Authenticator = 0x00000000000000000000000000000000
>
> (8)   State = 0x2ae8af4422e1b6526f505f86b4932430
>
> (8) Finished request
>
> Waking up in 4.0 seconds.
>
> (9) Received Access-Request Id 250 from 203.59.132.253:51671 to
> 172.17.0.68:1812 length 274
>
> (9)   Service-Type = Framed-User
>
> (9)   Framed-MTU = 1400
>
> (9)   User-Name = 'jake'
>
> (9)   State = 0x2ae8af4422e1b6526f505f86b4932430
>
> (9)   NAS-Port-Id = 'wlan4'
>
> (9)   NAS-Port-Type = Wireless-802.11
>
> (9)   Acct-Session-Id = '82200019'
>
> (9)   Acct-Multi-Session-Id =
> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'
>
> (9)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'
>
> (9)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'
>
> (9)   EAP-Message =
> 0x0209002b19001703010020b385b35defe2309a0a1087757d0f1334ba0c847fa90fecacec7d8233ff986872
>
> (9)   Message-Authenticator = 0xd85c93784094e1af3cf813ae7c2212c5
>
> (9)   NAS-Identifier = 'MikroTik'
>
> (9)   NAS-IP-Address = 10.1.1.23
>
> (9) session-state: No cached attributes
>
> (9) # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
>
> (9)   authorize {
>
> (9)     policy filter_username {
>
> (9)       if (!&User-Name) {
>
> (9)       if (!&User-Name)  -> FALSE
>
> (9)       if (&User-Name =~ / /) {
>
> (9)       if (&User-Name =~ / /)  -> FALSE
>
> (9)       if (&User-Name =~ /@.*@/ ) {
>
> (9)       if (&User-Name =~ /@.*@/ )  -> FALSE
>
> (9)       if (&User-Name =~ /\.\./ ) {
>
> (9)       if (&User-Name =~ /\.\./ )  -> FALSE
>
> (9)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
>
> (9)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
> FALSE
>
> (9)       if (&User-Name =~ /\.$/)  {
>
> (9)       if (&User-Name =~ /\.$/)   -> FALSE
>
> (9)       if (&User-Name =~ /@\./)  {
>
> (9)       if (&User-Name =~ /@\./)   -> FALSE
>
> (9)     } # policy filter_username = notfound
>
> (9)     [preprocess] = ok
>
> (9)     [chap] = noop
>
> (9)     [mschap] = noop
>
> (9)     [digest] = noop
>
> (9) suffix: Checking for suffix after "@"
>
> (9) suffix: No '@' in User-Name = "jake", looking up realm NULL
>
> (9) suffix: No such realm "NULL"
>
> (9)     [suffix] = noop
>
> (9) eap: Peer sent code Response (2) ID 9 length 43
>
> (9) eap: Continuing tunnel setup
>
> (9)     [eap] = ok
>
> (9)   } # authorize = ok
>
> (9) Found Auth-Type = EAP
>
> (9) # Executing group from file /etc/freeradius/sites-enabled/default
>
> (9)   authenticate {
>
> (9) eap: Expiring EAP session with state 0x22b0356023b92f2e
>
> (9) eap: Finished EAP session with state 0x2ae8af4422e1b652
>
> (9) eap: Previous EAP request found for state 0x2ae8af4422e1b652, released
> from the list
>
> (9) eap: Peer sent method PEAP (25)
>
> (9) eap: EAP PEAP (25)
>
> (9) eap: Calling eap_peap to process EAP data
>
> (9) eap_peap: processing EAP-TLS
>
> (9) eap_peap: eaptls_verify returned 7
>
> (9) eap_peap: Done initial handshake
>
> (9) eap_peap: eaptls_process returned 7
>
> (9) eap_peap: FR_TLS_OK
>
> (9) eap_peap: Session established.  Decoding tunneled attributes
>
> (9) eap_peap: PEAP state phase2
>
> (9) eap_peap: EAP type MSCHAPv2 (26)
>
> (9) eap_peap: Got tunneled request
>
> (9) eap_peap:   EAP-Message = 0x020900061a03
>
> (9) eap_peap: Setting User-Name to jake
>
> (9) eap_peap: Sending tunneled request to inner-tunnel
>
> (9) eap_peap:   EAP-Message = 0x020900061a03
>
> (9) eap_peap:   FreeRADIUS-Proxied-To = 127.0.0.1
>
> (9) eap_peap:   User-Name = 'jake'
>
> (9) eap_peap:   State = 0x22b0356023b92f2e85a63bb65e619718
>
> (9) eap_peap:   Service-Type = Framed-User
>
> (9) eap_peap:   Framed-MTU = 1400
>
> (9) eap_peap:   NAS-Port-Id = 'wlan4'
>
> (9) eap_peap:   NAS-Port-Type = Wireless-802.11
>
> (9) eap_peap:   Acct-Session-Id = '82200019'
>
> (9) eap_peap:   Acct-Multi-Session-Id =
> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'
>
> (9) eap_peap:   Calling-Station-Id = 'F8-A9-D0-18-F2-24'
>
> (9) eap_peap:   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'
>
> (9) eap_peap:   NAS-Identifier = 'MikroTik'
>
> (9) eap_peap:   NAS-IP-Address = 10.1.1.23
>
> (9) eap_peap:   Event-Timestamp = 'Jun 26 2015 03:36:52 UTC'
>
> (9) Virtual server inner-tunnel received request
>
> (9)   EAP-Message = 0x020900061a03
>
> (9)   FreeRADIUS-Proxied-To = 127.0.0.1
>
> (9)   User-Name = 'jake'
>
> (9)   State = 0x22b0356023b92f2e85a63bb65e619718
>
> (9)   Service-Type = Framed-User
>
> (9)   Framed-MTU = 1400
>
> (9)   NAS-Port-Id = 'wlan4'
>
> (9)   NAS-Port-Type = Wireless-802.11
>
> (9)   Acct-Session-Id = '82200019'
>
> (9)   Acct-Multi-Session-Id =
> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'
>
> (9)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'
>
> (9)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'
>
> (9)   NAS-Identifier = 'MikroTik'
>
> (9)   NAS-IP-Address = 10.1.1.23
>
> (9)   Event-Timestamp = 'Jun 26 2015 03:36:52 UTC'
>
> (9) server inner-tunnel {
>
> (9)   session-state: No cached attributes
>
> (9)   # Executing section authorize from file
> /etc/freeradius/sites-enabled/inner-tunnel
>
> (9)     authorize {
>
> (9)       [chap] = noop
>
> (9)       [mschap] = noop
>
> (9) suffix: Checking for suffix after "@"
>
> (9) suffix: No '@' in User-Name = "jake", looking up realm NULL
>
> (9) suffix: No such realm "NULL"
>
> (9)       [suffix] = noop
>
> (9)       update control {
>
> (9)         &Proxy-To-Realm := LOCAL
>
> (9)       } # update control = noop
>
> (9) eap: Peer sent code Response (2) ID 9 length 6
>
> (9) eap: No EAP Start, assuming it's an on-going EAP conversation
>
> (9)       [eap] = updated
>
> (9)       [files] = noop
>
> (9) sql: EXPAND %{User-Name}
>
> (9) sql:    --> jake
>
> (9) sql: SQL-User-Name set to 'jake'
>
> rlm_sql (sql): Reserved connection (4)
>
> (9) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck
> WHERE username = '%{SQL-User-Name}' ORDER BY id
>
> (9) sql:    --> SELECT id, username, attribute, value, op FROM radcheck
> WHERE username = 'jake' ORDER BY id
>
> (9) sql: Executing select query: SELECT id, username, attribute, value, op
> FROM radcheck WHERE username = 'jake' ORDER BY id
>
> (9) sql: User found in radcheck table
>
> (9) sql: Conditional check items matched, merging assignment check items
>
> (9) sql:   Cleartext-Password := 'fheman123'
>
> (9) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply
> WHERE username = '%{SQL-User-Name}' ORDER BY id
>
> (9) sql:    --> SELECT id, username, attribute, value, op FROM radreply
> WHERE username = 'jake' ORDER BY id
>
> (9) sql: Executing select query: SELECT id, username, attribute, value, op
> FROM radreply WHERE username = 'jake' ORDER BY id
>
> (9) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
> '%{SQL-User-Name}' ORDER BY priority
>
> (9) sql:    --> SELECT groupname FROM radusergroup WHERE username = 'jake'
> ORDER BY priority
>
> (9) sql: Executing select query: SELECT groupname FROM radusergroup WHERE
> username = 'jake' ORDER BY priority
>
> (9) sql: User found in the group table
>
> (9) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM
> radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id
>
> (9) sql:    --> SELECT id, groupname, attribute, Value, op FROM
> radgroupcheck WHERE groupname = '14kimberleyst' ORDER BY id
>
> (9) sql: Executing select query: SELECT id, groupname, attribute, Value,
> op FROM radgroupcheck WHERE groupname = '14kimberleyst' ORDER BY id
>
> (9) sql: Group "14kimberleyst": Conditional check items matched
>
> (9) sql: Group "14kimberleyst": Merging assignment check items
>
> (9) sql:   Reset-Date := '13'
>
> (9) sql:   Total-Bytes := '999999999999999999'
>
> (9) sql: EXPAND SELECT id, groupname, attribute, value, op FROM
> radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id
>
> (9) sql:    --> SELECT id, groupname, attribute, value, op FROM
> radgroupreply WHERE groupname = '14kimberleyst' ORDER BY id
>
> (9) sql: Executing select query: SELECT id, groupname, attribute, value,
> op FROM radgroupreply WHERE groupname = '14kimberleyst' ORDER BY id
>
> (9) sql: Group "14kimberleyst": Merging reply items
>
> (9) sql:   Session-Timeout := 10800
>
> rlm_sql (sql): Released connection (4)
>
> (9)       [sql] = ok
>
> (9)       [expiration] = noop
>
> (9)       [logintime] = noop
>
> (9) pap: WARNING: Auth-Type already set.  Not setting to PAP
>
> (9)       [pap] = noop
>
> (9)     } # authorize = updated
>
> (9)   Found Auth-Type = EAP
>
> (9)   # Executing group from file
> /etc/freeradius/sites-enabled/inner-tunnel
>
> (9)     authenticate {
>
> (9) eap: Expiring EAP session with state 0x22b0356023b92f2e
>
> (9) eap: Finished EAP session with state 0x22b0356023b92f2e
>
> (9) eap: Previous EAP request found for state 0x22b0356023b92f2e, released
> from the list
>
> (9) eap: Peer sent method MSCHAPv2 (26)
>
> (9) eap: EAP MSCHAPv2 (26)
>
> (9) eap: Calling eap_mschapv2 to process EAP data
>
> (9) eap: Freeing handler
>
> (9)       [eap] = ok
>
> (9)     } # authenticate = ok
>
> (9)   # Executing section post-auth from file
> /etc/freeradius/sites-enabled/inner-tunnel
>
> (9)     post-auth {
>
> (9) sql: EXPAND .query
>
> (9) sql:    --> .query
>
> (9) sql: Using query template 'query'
>
> rlm_sql (sql): Reserved connection (4)
>
> (9) sql: EXPAND %{User-Name}
>
> (9) sql:    --> jake
>
> (9) sql: SQL-User-Name set to 'jake'
>
> (9) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate)
> VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
> '%{reply:Packet-Type}', '%S')
>
> (9) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate)
> VALUES ( 'jake', '', 'Access-Accept', '2015-06-26 03:36:52')
>
> (9) sql: Executing query: INSERT INTO radpostauth (username, pass, reply,
> authdate) VALUES ( 'jake', '', 'Access-Accept', '2015-06-26 03:36:52')
>
> (9) sql: SQL query returned: success
>
> (9) sql: 1 record(s) updated
>
> rlm_sql (sql): Released connection (4)
>
> (9)       [sql] = ok
>
> (9)       update {
>
> (9)         &outer.session-state:Session-Timeout += &reply:Session-Timeout
> -> 10800
>
> (9)         &outer.session-state:MS-MPPE-Encryption-Policy +=
> &reply:MS-MPPE-Encryption-Policy -> Encryption-Allowed
>
> (9)         &outer.session-state:MS-MPPE-Encryption-Types +=
> &reply:MS-MPPE-Encryption-Types -> RC4-40or128-bit-Allowed
>
> (9)         &outer.session-state:MS-MPPE-Send-Key +=
> &reply:MS-MPPE-Send-Key -> 0x89180aba877672b89e8af47487914f88
>
> (9)         &outer.session-state:MS-MPPE-Recv-Key +=
> &reply:MS-MPPE-Recv-Key -> 0xeb1d86612d6cfa12c45d9dfa87f470d1
>
> (9)         &outer.session-state:EAP-Message += &reply:EAP-Message ->
> 0x03090004
>
> (9)         &outer.session-state:Message-Authenticator +=
> &reply:Message-Authenticator -> 0x00000000000000000000000000000000
>
> (9)         &outer.session-state:User-Name += &reply:User-Name -> jake
>
> (9)       } # update = noop
>
> (9)       update outer.session-state {
>
> (9)         MS-MPPE-Encryption-Policy !* ANY
>
> (9)         MS-MPPE-Encryption-Types !* ANY
>
> (9)         MS-MPPE-Send-Key !* ANY
>
> (9)         MS-MPPE-Recv-Key !* ANY
>
> (9)         Message-Authenticator !* ANY
>
> (9)         EAP-Message !* ANY
>
> (9)         Proxy-State !* ANY
>
> (9)       } # update outer.session-state = noop
>
> (9)     } # post-auth = ok
>
> (9) } # server inner-tunnel
>
> (9) Virtual server sending reply
>
> (9)   Session-Timeout = 10800
>
> (9)   MS-MPPE-Encryption-Policy = Encryption-Allowed
>
> (9)   MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
>
> (9)   MS-MPPE-Send-Key = 0x89180aba877672b89e8af47487914f88
>
> (9)   MS-MPPE-Recv-Key = 0xeb1d86612d6cfa12c45d9dfa87f470d1
>
> (9)   EAP-Message = 0x03090004
>
> (9)   Message-Authenticator = 0x00000000000000000000000000000000
>
> (9)   User-Name = 'jake'
>
> (9) eap_peap: Got tunneled reply code 2
>
> (9) eap_peap:   Session-Timeout = 10800
>
> (9) eap_peap:   MS-MPPE-Encryption-Policy = Encryption-Allowed
>
> (9) eap_peap:   MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
>
> (9) eap_peap:   MS-MPPE-Send-Key = 0x89180aba877672b89e8af47487914f88
>
> (9) eap_peap:   MS-MPPE-Recv-Key = 0xeb1d86612d6cfa12c45d9dfa87f470d1
>
> (9) eap_peap:   EAP-Message = 0x03090004
>
> (9) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
>
> (9) eap_peap:   User-Name = 'jake'
>
> (9) eap_peap: Got tunneled reply RADIUS code 2
>
> (9) eap_peap:   Session-Timeout = 10800
>
> (9) eap_peap:   MS-MPPE-Encryption-Policy = Encryption-Allowed
>
> (9) eap_peap:   MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
>
> (9) eap_peap:   MS-MPPE-Send-Key = 0x89180aba877672b89e8af47487914f88
>
> (9) eap_peap:   MS-MPPE-Recv-Key = 0xeb1d86612d6cfa12c45d9dfa87f470d1
>
> (9) eap_peap:   EAP-Message = 0x03090004
>
> (9) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
>
> (9) eap_peap:   User-Name = 'jake'
>
> (9) eap_peap: Tunneled authentication was successful
>
> (9) eap_peap: SUCCESS
>
> (9) eap_peap: Saving tunneled attributes for later
>
> (9) eap: EAP session adding &reply:State = 0x2ae8af4423e2b652
>
> (9)     [eap] = handled
>
> (9)   } # authenticate = handled
>
> (9) Using Post-Auth-Type Challenge
>
> (9) Post-Auth-Type sub-section not found.  Ignoring.
>
> (9) # Executing group from file /etc/freeradius/sites-enabled/default
>
> (9) session-state: Saving cached attributes
>
> (9)   Session-Timeout += 10800
>
> (9)   User-Name += 'jake'
>
> (9) Sent Access-Challenge Id 250 from 172.17.0.68:1812 to
> 203.59.132.253:51671 length 0
>
> (9)   EAP-Message =
> 0x010a002b190017030100209ffa89db62ad66cc4ddee6a4a1950f7ef37a98001a17f318cb0b6beb1492a1e0
>
> (9)   Message-Authenticator = 0x00000000000000000000000000000000
>
> (9)   State = 0x2ae8af4423e2b6526f505f86b4932430
>
> (9) Finished request
>
> Waking up in 3.9 seconds.
>
> (10) Received Access-Request Id 251 from 203.59.132.253:49242 to
> 172.17.0.68:1812 length 274
>
> (10)   Service-Type = Framed-User
>
> (10)   Framed-MTU = 1400
>
> (10)   User-Name = 'jake'
>
> (10)   State = 0x2ae8af4423e2b6526f505f86b4932430
>
> (10)   NAS-Port-Id = 'wlan4'
>
> (10)   NAS-Port-Type = Wireless-802.11
>
> (10)   Acct-Session-Id = '82200019'
>
> (10)   Acct-Multi-Session-Id =
> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'
>
> (10)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'
>
> (10)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'
>
> (10)   EAP-Message =
> 0x020a002b1900170301002026447f2d4d239efdc5f79e265525ede34826f132b7d0c5c8874169bacc4ac3a3
>
> (10)   Message-Authenticator = 0xa5e90887435c642376fc2a49a006da0b
>
> (10)   NAS-Identifier = 'MikroTik'
>
> (10)   NAS-IP-Address = 10.1.1.23
>
> (10) session-state: Found cached attributes
>
> (10)   Session-Timeout += 10800
>
> (10)   User-Name += 'jake'
>
> (10) # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
>
> (10)   authorize {
>
> (10)     policy filter_username {
>
> (10)       if (!&User-Name) {
>
> (10)       if (!&User-Name)  -> FALSE
>
> (10)       if (&User-Name =~ / /) {
>
> (10)       if (&User-Name =~ / /)  -> FALSE
>
> (10)       if (&User-Name =~ /@.*@/ ) {
>
> (10)       if (&User-Name =~ /@.*@/ )  -> FALSE
>
> (10)       if (&User-Name =~ /\.\./ ) {
>
> (10)       if (&User-Name =~ /\.\./ )  -> FALSE
>
> (10)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
>
> (10)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
> FALSE
>
> (10)       if (&User-Name =~ /\.$/)  {
>
> (10)       if (&User-Name =~ /\.$/)   -> FALSE
>
> (10)       if (&User-Name =~ /@\./)  {
>
> (10)       if (&User-Name =~ /@\./)   -> FALSE
>
> (10)     } # policy filter_username = notfound
>
> (10)     [preprocess] = ok
>
> (10)     [chap] = noop
>
> (10)     [mschap] = noop
>
> (10)     [digest] = noop
>
> (10) suffix: Checking for suffix after "@"
>
> (10) suffix: No '@' in User-Name = "jake", looking up realm NULL
>
> (10) suffix: No such realm "NULL"
>
> (10)     [suffix] = noop
>
> (10) eap: Peer sent code Response (2) ID 10 length 43
>
> (10) eap: Continuing tunnel setup
>
> (10)     [eap] = ok
>
> (10)   } # authorize = ok
>
> (10) Found Auth-Type = EAP
>
> (10) # Executing group from file /etc/freeradius/sites-enabled/default
>
> (10)   authenticate {
>
> (10) eap: Expiring EAP session with state 0x2ae8af4423e2b652
>
> (10) eap: Finished EAP session with state 0x2ae8af4423e2b652
>
> (10) eap: Previous EAP request found for state 0x2ae8af4423e2b652,
> released from the list
>
> (10) eap: Peer sent method PEAP (25)
>
> (10) eap: EAP PEAP (25)
>
> (10) eap: Calling eap_peap to process EAP data
>
> (10) eap_peap: processing EAP-TLS
>
> (10) eap_peap: eaptls_verify returned 7
>
> (10) eap_peap: Done initial handshake
>
> (10) eap_peap: eaptls_process returned 7
>
> (10) eap_peap: FR_TLS_OK
>
> (10) eap_peap: Session established.  Decoding tunneled attributes
>
> (10) eap_peap: PEAP state send tlv success
>
> (10) eap_peap: Received EAP-TLV response
>
> (10) eap_peap: Success
>
> (10) eap_peap: Using saved attributes from the original Access-Accept
>
> (10) eap_peap:   Session-Timeout = 10800
>
> (10) eap_peap:   User-Name = 'jake'
>
> (10) eap_peap: Saving session
> f8318cccbe262c0e3e6529d8f49d6f94bb3d20480c225789496ecaf88b6d23bb vps
> 0x18cb740 in the cache
>
> (10) eap: Freeing handler
>
> (10)     [eap] = ok
>
> (10)   } # authenticate = ok
>
> (10) # Executing section post-auth from file
> /etc/freeradius/sites-enabled/default
>
> (10)   post-auth {
>
> (10)     update {
>
> (10)       &reply:Session-Timeout += &session-state:Session-Timeout ->
> 10800
>
> (10)       &reply:User-Name += &session-state:User-Name -> jake
>
> (10)     } # update = noop
>
> (10) sql: EXPAND .query
>
> (10) sql:    --> .query
>
> (10) sql: Using query template 'query'
>
> rlm_sql (sql): Reserved connection (4)
>
> (10) sql: EXPAND %{User-Name}
>
> (10) sql:    --> jake
>
> (10) sql: SQL-User-Name set to 'jake'
>
> (10) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate)
> VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
> '%{reply:Packet-Type}', '%S')
>
> (10) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate)
> VALUES ( 'jake', '', 'Access-Accept', '2015-06-26 03:36:52')
>
> (10) sql: Executing query: INSERT INTO radpostauth (username, pass, reply,
> authdate) VALUES ( 'jake', '', 'Access-Accept', '2015-06-26 03:36:52')
>
> (10) sql: SQL query returned: success
>
> (10) sql: 1 record(s) updated
>
> rlm_sql (sql): Released connection (4)
>
> (10)     [sql] = ok
>
> (10)     [exec] = noop
>
> (10)     policy remove_reply_message_if_eap {
>
> (10)       if (&reply:EAP-Message && &reply:Reply-Message) {
>
> (10)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
>
> (10)       else {
>
> (10)         [noop] = noop
>
> (10)       } # else = noop
>
> (10)     } # policy remove_reply_message_if_eap = noop
>
> (10)   } # post-auth = ok
>
> (10) Sent Access-Accept Id 251 from 172.17.0.68:1812 to
> 203.59.132.253:49242 length 0
>
> (10)   Session-Timeout = 10800
>
> (10)   User-Name = 'jake'
>
> (10)   MS-MPPE-Recv-Key =
> 0xe5deb546fc8f6e00acdf29b623d95704d2ed1020f037955b5200e47def068653
>
> (10)   MS-MPPE-Send-Key =
> 0x1c0c6d0296a173ab78c88bae351114f84de5cdc9386cbb1dc93bb9ff188d29ef
>
> (10)   EAP-Message = 0x030a0004
>
> (10)   Message-Authenticator = 0x00000000000000000000000000000000
>
> (10)   Session-Timeout += 10800
>
> (10)   User-Name += 'jake'
>
> (10) Finished request
>
> Waking up in 3.8 seconds.
>
> (11) Received Accounting-Request Id 252 from 203.59.132.253:49829 to
> 172.17.0.68:1813 length 205
>
> (11)   Service-Type = Framed-User
>
> (11)   NAS-Port-Id = 'wlan4'
>
> (11)   NAS-Port-Type = Wireless-802.11
>
> (11)   User-Name = 'jake'
>
> (11)   Acct-Session-Id = '82200019'
>
> (11)   Acct-Multi-Session-Id =
> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'
>
> (11)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'
>
> (11)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'
>
> (11)   Acct-Authentic = RADIUS
>
> (11)   Acct-Status-Type = Start
>
> (11)   NAS-Identifier = 'MikroTik'
>
> (11)   Acct-Delay-Time = 0
>
> (11)   NAS-IP-Address = 10.1.1.23
>
> (11) # Executing section preacct from file
> /etc/freeradius/sites-enabled/default
>
> (11)   preacct {
>
> (11)     [preprocess] = ok
>
> (11)     policy acct_unique {
>
> (11)       if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) {
>
> (11)       EXPAND %{string:Class}
>
> (11)          -->
>
> (11)       if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i)  -> FALSE
>
> (11)       else {
>
> (11)         update request {
>
> (11)           EXPAND
> %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
>
> (11)              --> fbad663f9e23f248b243af3297e4a26d
>
> (11)           &Acct-Unique-Session-Id := fbad663f9e23f248b243af3297e4a26d
>
> (11)         } # update request = noop
>
> (11)       } # else = noop
>
> (11)     } # policy acct_unique = noop
>
> (11) suffix: Checking for suffix after "@"
>
> (11) suffix: No '@' in User-Name = "jake", looking up realm NULL
>
> (11) suffix: No such realm "NULL"
>
> (11)     [suffix] = noop
>
> (11)     [files] = noop
>
> (11)   } # preacct = ok
>
> (11) # Executing section accounting from file
> /etc/freeradius/sites-enabled/default
>
> (11)   accounting {
>
> (11) detail: EXPAND
> /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
>
> (11) detail:    --> /var/log/freeradius/radacct/
> 203.59.132.253/detail-20150626
>
> (11) detail:
> /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
> expands to /var/log/freeradius/radacct/203.59.132.253/detail-20150626
>
> (11) detail: EXPAND %t
>
> (11) detail:    --> Fri Jun 26 03:36:52 2015
>
> (11)     [detail] = ok
>
> (11)     [unix] = ok
>
> (11) sql: EXPAND %{tolower:type.%{Acct-Status-Type}.query}
>
> (11) sql:    --> type.start.query
>
> (11) sql: Using query template 'query'
>
> rlm_sql (sql): Reserved connection (4)
>
> (11) sql: EXPAND %{User-Name}
>
> (11) sql:    --> jake
>
> (11) sql: SQL-User-Name set to 'jake'
>
> (11) sql: EXPAND INSERT INTO radacct (acctsessionid, acctuniqueid,
> username, realm, nasipaddress, nasportid, nasporttype,acctstarttime,
> acctupdatetime, acctstoptime, acctsessiontime, acctauthentic,
> connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets,
> calledstationid, callingstationid, acctterminatecause, servicetype,
> framedprotocol, framedipaddress) VALUES ('%{Acct-Session-Id}',
> '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}',
> '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}',
> FROM_UNIXTIME(%{integer:Event-Timestamp}),
> FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0', '%{Acct-Authentic}',
> '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}',
> '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}',
> '%{Framed-IP-Address}')
>
> (11) sql:    --> INSERT INTO radacct (acctsessionid, acctuniqueid,
> username, realm, nasipaddress, nasportid, nasporttype,acctstarttime,
> acctupdatetime, acctstoptime, acctsessiontime, acctauthentic,
> connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets,
> calledstationid, callingstationid, acctterminatecause, servicetype,
> framedprotocol, framedipaddress) VALUES ('82200019',
> 'fbad663f9e23f248b243af3297e4a26d', 'jake', '', '10.1.1.23', '',
> 'Wireless-802.11', FROM_UNIXTIME(1435289812), FROM_UNIXTIME(1435289812),
> NULL, '0', 'RADIUS', '', '', '0', '0', '02-0C-42-B7-A9-5E:GRACE UPON
> GRACE', 'F8-A9-D0-18-F2-24', '', 'Framed-User', '', '')
>
> (11) sql: Executing query: INSERT INTO radacct (acctsessionid,
> acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype,
> acctstarttime, acctupdatetime, acctstoptime, acctsessiontime,
> acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets,
> acctoutputoctets, calledstationid, callingstationid, acctterminatecause,
> servicetype, framedprotocol, framedipaddress) VALUES ('82200019',
> 'fbad663f9e23f248b243af3297e4a26d', 'jake', '', '10.1.1.23', '',
> 'Wireless-802.11', FROM_UNIXTIME(1435289812), FROM_UNIXTIME(1435289812),
> NULL, '0', 'RADIUS', '', '', '0', '0', '02-0C-42-B7-A9-5E:GRACE UPON
> GRACE', 'F8-A9-D0-18-F2-24', '', 'Framed-User', '', '')
>
> (11) sql: SQL query returned: success
>
> (11) sql: 1 record(s) updated
>
> rlm_sql (sql): Released connection (4)
>
> (11)     [sql] = ok
>
> (11)     [exec] = noop
>
> (11) attr_filter.accounting_response: EXPAND %{User-Name}
>
> (11) attr_filter.accounting_response:    --> jake
>
> (11) attr_filter.accounting_response: Matched entry DEFAULT at line 15
>
> (11)     [attr_filter.accounting_response] = updated
>
> (11)   } # accounting = updated
>
> (11) Sent Accounting-Response Id 252 from 172.17.0.68:1813 to
> 203.59.132.253:49829 length 0
>
> (11) Finished request
>
> (11) <done>: Cleaning up request packet ID 252 with timestamp +10
>
> Waking up in 3.7 seconds.
>
> (0) <done>: Cleaning up request packet ID 241 with timestamp +9
>
> Waking up in 0.1 seconds.
>
> (1) <done>: Cleaning up request packet ID 242 with timestamp +9
>
> Waking up in 0.1 seconds.
>
> (2) <done>: Cleaning up request packet ID 243 with timestamp +9
>
> Waking up in 0.1 seconds.
>
> (3) <done>: Cleaning up request packet ID 244 with timestamp +9
>
> Waking up in 0.1 seconds.
>
> (4) <done>: Cleaning up request packet ID 245 with timestamp +9
>
> Waking up in 0.1 seconds.
>
> (5) <done>: Cleaning up request packet ID 246 with timestamp +9
>
> Waking up in 0.1 seconds.
>
> (6) <done>: Cleaning up request packet ID 247 with timestamp +10
>
> (7) <done>: Cleaning up request packet ID 248 with timestamp +10
>
> Waking up in 0.1 seconds.
>
> (8) <done>: Cleaning up request packet ID 249 with timestamp +10
>
> Waking up in 0.1 seconds.
>
> (9) <done>: Cleaning up request packet ID 250 with timestamp +10
>
> Waking up in 0.1 seconds.
>
> (10) <done>: Cleaning up request packet ID 251 with timestamp +10
>
> Ready to process requests
>
>
> On 26 June 2015 at 11:33, Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> wrote:
> >
> >
> > > On 25 Jun 2015, at 23:21, Jake He <jake.he at gmail.com> wrote:
> > >
> > > Hi,
> > >
> > > I have a problem where Attribute MT-Recv-Limit is returned in
> > > Access-Challenge but not in Access-Accept.
> > >
> > > This is my setup. FR 3.0.8
> > >
> > > I have configured following in the eap.conf file in the ttls section :
> > >
> > > copy_request_to_tunnel = yes
> > > use_tunneled_reply = yes
> > > virtual_server = "inner-tunnel"
> > >
> > > /etc/freeradius/sites-available/inner-tunnel. post-auth block,
> uncommented.
> > >
> > > update {
> > >                &outer.session-state: += &reply:
> > >          }
> > >
> > > update outer.session-state {
> > >
> > >                MS-MPPE-Encryption-Policy !* ANY
> > >
> > >                MS-MPPE-Encryption-Types !* ANY
> > >
> > >                MS-MPPE-Send-Key !* ANY
> > >
> > >                MS-MPPE-Recv-Key !* ANY
> > >
> > >                Message-Authenticator !* ANY
> > >
> > >                EAP-Message !* ANY
> > >
> > >                Proxy-State !* ANY
> > >
> > >        }
> > >
> > > I have a fixed radreply attribute Session-Timeout in the database.
> This is
> > > sent in the Access-Accept.
> > >
> > > MT-Recv-Limit is sent by a perl script
> > > <
> https://raw.githubusercontent.com/zhex900/radius-config/master/version.3/mods-config/perl/check_usage.pl
> >.
> > > This
> > > script add a new radreply $RAD_REPLY{'Mikrotik-Recv-Limit'}. This is
> called
> > > in the site-available/default authorize block.
> > > Mikrotik-Recv-Limit does appear in the Access-Challenge but not in the
> > > Access-Accept.
> > >
> > > Any ideas?
> >
> > Not really, seeing as you've not provided the debug output...
> >
> > -Arran
> >
> > Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> > FreeRADIUS development team
> >
> > FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


More information about the Freeradius-Users mailing list