"WARNING: !! EAP session for state ... did not finish!", And Other Warnings

Jim Seymour jseymour at LinxNet.com
Fri Oct 2 23:24:17 CEST 2015


On Fri, 2 Oct 2015 21:35:17 +0100
Matthew Newton <mcn4 at leicester.ac.uk> wrote:

[snip]
> 
> Can you run
> 
>  radiusd -X | tee logfile
> 
> then connect the laptop to the network, and then post the logfile
> to the list? Otherwise we've got nothing really to go on.

Wellll... Okay.  It's gigantic, tho.  Included below.

> 
> Long shot, have you got the default EAP type (eap.conf) configured
> to the same on that you're using? Shouldn't cause this, but all I
> can think of without seeing any debug output.

Set to "peap" in eap.conf and set to "Microsoft: Protected EAP (PEAP)"
in the config on the laptop.

Here's the debug output...

freeradius: FreeRADIUS Version 2.2.9, for host i686-pc-linux-gnu, built on Oct  2 2015 at 07:12:08
Copyright (C) 1999-2015 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/dynamic_clients
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/dhcp_sqlippool
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/cache
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/soh
including configuration file /etc/freeradius/modules/radrelay
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/opendirectory
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/redis
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/replicate
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/rediswho
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
including configuration file /etc/freeradius/sites-enabled/default
main {
	user = "freerad"
	group = "freerad"
	allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
	name = "freeradius"
	prefix = "/usr"
	localstatedir = "/var"
	sbindir = "/usr/sbin"
	logdir = "/var/log/freeradius"
	run_dir = "/var/run/freeradius"
	libdir = "/usr/lib/freeradius"
	radacctdir = "/var/log/freeradius/radacct"
	hostname_lookups = no
	max_request_time = 30
	cleanup_delay = 5
	max_requests = 1024
	pidfile = "/var/run/freeradius/freeradius.pid"
	checkrad = "/usr/sbin/checkrad"
	debug_level = 0
	proxy_requests = yes
 log {
 	stripped_names = no
 	auth = no
 	auth_badpass = no
 	auth_goodpass = no
 }
 security {
 	max_attributes = 200
 	reject_delay = 1
 	status_server = yes
 }
}
radiusd: #### Loading Realms and Home Servers ####
 proxy server {
 	retry_delay = 5
 	retry_count = 3
 	default_fallback = no
 	dead_time = 120
 	wake_all_if_all_dead = no
 }
 home_server localhost {
 	ipaddr = 127.0.0.1
 	port = 1812
 	type = "auth"
 	secret = "testing123"
 	response_window = 20
 	max_outstanding = 65536
 	require_message_authenticator = yes
 	zombie_period = 40
 	status_check = "status-server"
 	ping_interval = 30
 	check_interval = 30
 	num_answers_to_alive = 3
 	num_pings_to_alive = 3
 	revive_interval = 120
 	status_check_timeout = 4
  coa {
  	irt = 2
  	mrt = 16
  	mrc = 5
  	mrd = 30
  }
 }
 home_server_pool my_auth_failover {
	type = fail-over
	home_server = localhost
 }
 realm example.com {
	auth_pool = my_auth_failover
 }
 realm LOCAL {
 }
radiusd: #### Loading Clients ####
 client 172.24.0.0/16 {
 	ipaddr = 172.24.0.0
 	netmask = 16
 	require_message_authenticator = no
 	secret = "xxxxxxxxxxxxxxxxxxxx"
 	shortname = "localhost"
 	nastype = "other"
 }
radiusd: #### Instantiating modules ####
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
  exec {
  	wait = no
  	input_pairs = "request"
  	shell_escape = yes
  	timeout = 10
  }
 Module: Linked to module rlm_expr
 Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
 Module: Linked to module rlm_expiration
 Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
  expiration {
  	reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
  logintime {
  	reply-message = "You are calling outside your allowed timespan  "
  	minimum-timeout = 60
  }
 }
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/freeradius/radiusd.conf
 modules {
  Module: Creating Auth-Type = digest
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_pap
 Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
  pap {
  	encryption_scheme = "auto"
  	auto_header = no
  }
 Module: Linked to module rlm_chap
 Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
 Module: Linked to module rlm_mschap
 Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
  mschap {
  	use_mppe = yes
  	require_encryption = no
  	require_strong = no
  	with_ntdomain_hack = yes
  	allow_retry = yes
  }
 Module: Linked to module rlm_digest
 Module: Instantiating module "digest" from file /etc/freeradius/modules/digest
 Module: Linked to module rlm_unix
 Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
  unix {
  	radwtmp = "/var/log/freeradius/radwtmp"
  }
 Module: Linked to module rlm_eap
 Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
  eap {
  	default_eap_type = "peap"
  	timer_expire = 60
  	ignore_unknown_eap_types = no
  	cisco_accounting_username_bug = no
  	max_sessions = 4096
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
   gtc {
   	challenge = "Password: "
   	auth_type = "PAP"
   }
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
   	rsa_key_exchange = no
   	dh_key_exchange = yes
   	rsa_key_length = 512
   	dh_key_length = 512
   	verify_depth = 0
   	CA_path = "/etc/ssl/certs"
   	pem_file_type = yes
   	private_key_file = "/etc/ssl/private/skynet-n_wtccorp_com.key"
   	certificate_file = "/etc/ssl/certs/skynet-n_wtccorp_com.crt"
   	CA_file = "/etc/ssl/certs/skynet-n_wtccorp_com_ca.pem"
   	dh_file = "/etc/freeradius/certs/dh"
   	random_file = "/dev/urandom"
   	fragment_size = 1024
   	include_length = yes
   	check_crl = no
   	check_all_crl = no
   	cipher_list = "DEFAULT"
   	make_cert_command = "/etc/ssl/certs/bootstrap"
   	ecdh_curve = "prime256v1"
    cache {
    	enable = no
    	lifetime = 24
    	max_entries = 255
    }
    verify {
    }
    ocsp {
    	enable = no
    	override_cert_url = yes
    	url = "http://127.0.0.1/ocsp/"
    	use_nonce = yes
    	timeout = 0
    	softfail = no
    }
   }
 Module: Linked to sub-module rlm_eap_peap
 Module: Instantiating eap-peap
   peap {
   	default_eap_type = "mschapv2"
   	copy_request_to_tunnel = no
   	use_tunneled_reply = no
   	proxy_tunneled_request_as_eap = yes
   	virtual_server = "inner-tunnel"
   	soh = no
   }
 Module: Linked to sub-module rlm_eap_mschapv2
 Module: Instantiating eap-mschapv2
   mschapv2 {
   	with_ntdomain_hack = no
   	send_error = no
   }
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
  preprocess {
  	huntgroups = "/etc/freeradius/huntgroups"
  	hints = "/etc/freeradius/hints"
  	with_ascend_hack = no
  	ascend_channels_per_line = 23
  	with_ntdomain_hack = no
  	with_specialix_jetstream_hack = no
  	with_cisco_vsa_hack = no
  	with_alvarion_vsa_hack = no
  }
reading pairlist file /etc/freeradius/huntgroups
reading pairlist file /etc/freeradius/hints
 Module: Linked to module rlm_detail
 Module: Instantiating module "auth_log" from file /etc/freeradius/modules/detail.log
  detail auth_log {
  	detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
  	header = "%t"
  	detailperm = 384
  	dirperm = 493
  	locking = no
  	log_packet_header = no
  	escape_filenames = no
  }
 Module: Linked to module rlm_realm
 Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
  realm suffix {
  	format = "suffix"
  	delimiter = "@"
  	ignore_default = no
  	ignore_null = no
  }
 Module: Linked to module rlm_files
 Module: Instantiating module "files" from file /etc/freeradius/modules/files
  files {
  	usersfile = "/etc/freeradius/users"
  	acctusersfile = "/etc/freeradius/acct_users"
  	preproxy_usersfile = "/etc/freeradius/preproxy_users"
  	compat = "no"
  }
reading pairlist file /etc/freeradius/users
reading pairlist file /etc/freeradius/acct_users
reading pairlist file /etc/freeradius/preproxy_users
 Module: Checking preacct {...} for more modules to load
 Module: Linked to module rlm_acct_unique
 Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique
  acct_unique {
  	key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"
  }
 Module: Checking accounting {...} for more modules to load
 Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
  detail {
  	detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  	header = "%t"
  	detailperm = 384
  	dirperm = 493
  	locking = no
  	log_packet_header = no
  	escape_filenames = no
  }
 Module: Linked to module rlm_radutmp
 Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
  radutmp {
  	filename = "/var/log/freeradius/radutmp"
  	username = "%{User-Name}"
  	case_sensitive = yes
  	check_with_nas = yes
  	perm = 384
  	callerid = yes
  }
 Module: Linked to module rlm_attr_filter
 Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter
  attr_filter attr_filter.accounting_response {
  	attrsfile = "/etc/freeradius/attrs.accounting_response"
  	key = "%{User-Name}"
  	relaxed = no
  }
reading pairlist file /etc/freeradius/attrs.accounting_response
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
  attr_filter attr_filter.access_reject {
  	attrsfile = "/etc/freeradius/attrs.access_reject"
  	key = "%{User-Name}"
  	relaxed = no
  }
reading pairlist file /etc/freeradius/attrs.access_reject
 } # modules
} # server
server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_ldap
 Module: Instantiating module "ldap" from file /etc/freeradius/modules/ldap
  ldap {
  	server = "localhost"
  	port = 389
  	password = "slurp2~maybe"
  	expect_password = yes
  	identity = "uid=radius,ou=People,dc=wtccorp,dc=com"
  	net_timeout = 1
  	timeout = 4
  	timelimit = 3
  	max_uses = 0
  	tls_mode = no
  	start_tls = no
  	tls_require_cert = "allow"
   tls {
   	start_tls = yes
   	cacertfile = "/etc/ssl/certs/skynet-n_wtccorp_com_ca.pem"
   	require_cert = "allow"
   }
  	basedn = "ou=People,dc=wtccorp,dc=com"
  	filter = "(uid=%{mschap:User-Name})"
  	base_filter = "(objectclass=radiusprofile)"
  	password_attribute = "userPassword"
  	auto_header = no
  	access_attr_used_for_allow = yes
  	groupname_attribute = "cn"
  	groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
  	dictionary_mapping = "/etc/freeradius/ldap.attrmap"
  	ldap_debug = 0
  	ldap_connections_number = 5
  	compare_check_items = no
  	do_xlat = yes
  	edir_account_policy_check = no
  	set_auth_type = yes
   keepalive {
   	idle = 60
   	probes = 3
   	interval = 3
   }
  }
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: Over-riding set_auth_type, as there is no module ldap listed in the "authenticate" section.
rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP sambaLMPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP sambaNTPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
rlm_ldap: LDAP sambaAcctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id
conns: 0x87ce2f8
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 } # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
 	type = "auth"
 	ipaddr = *
 	port = 0
}
listen {
 	type = "acct"
 	ipaddr = *
 	port = 0
}
listen {
  	type = "auth"
  	ipaddr = 127.0.0.1
  	port = 18120
}
 ... adding new socket proxy address * port 56664
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 172.24.0.48 port 1509, id=0, length=203
	Message-Authenticator = 0xf3fee44722450f2f835bda228c2d88a6
	Service-Type = Framed-User
	User-Name = "win0054\\jeffrey"
	Framed-MTU = 1488
	Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap"
	Calling-Station-Id = "00-1F-3C-B2-AD-72"
	NAS-Identifier = "FWAG114"
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 54Mbps 802.11g"
	EAP-Message = 0x020000140177696e303035345c6a656666726579
	NAS-IP-Address = 0.0.0.0
	NAS-Port = 1
	NAS-Port-Id = "STA port # 1"
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 172.24.0.48
[auth_log] 	expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] 	expand: %t -> Fri Oct  2 17:14:26 2015
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 0 length 20
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
++[expiration] = noop
++[logintime] = noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 0 to 172.24.0.48 port 1509
	EAP-Message = 0x010100061920
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x98bd762098bc6f3a092a404097a6cf8c
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.24.0.48 port 1509, id=1, length=340
	Message-Authenticator = 0x179741121daee4790499573ef410e994
	Service-Type = Framed-User
	User-Name = "win0054\\jeffrey"
	Framed-MTU = 1488
	State = 0x98bd762098bc6f3a092a404097a6cf8c
	Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap"
	Calling-Station-Id = "00-1F-3C-B2-AD-72"
	NAS-Identifier = "FWAG114"
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 54Mbps 802.11g"
	EAP-Message = 0x0201008b198000000081160301007c010000780301560ef3ca1db6af18753547212e86a4c29231188ea25d38e9fc506a22d24e4ded204bac48082d3304551bb3dc2591a3abb1481a4b9e1f411604b120384460512c0d0018c014c013c00ac0090035002f00380032000a00130005000401000017000a00080006001900170018000b00020100ff01000100
	NAS-IP-Address = 0.0.0.0
	NAS-Port = 1
	NAS-Port-Id = "STA port # 1"
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 172.24.0.48
[auth_log] 	expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] 	expand: %t -> Fri Oct  2 17:14:26 2015
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 1 length 139
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 129
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 007c], ClientHello  
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0039], ServerHello  
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 0899], Certificate  
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange  
[peap]     TLS_accept: SSLv3 write key exchange A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate A
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase 
In SSL Accept mode  
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 1 to 172.24.0.48 port 1509
	EAP-Message = 0x0102040019c000000a351603010039020000350301e3d36991a480cff0a07864e77a040402f7c8ffb3fa033663de15ee5670a7e1b600c01400000dff01000100000b00040300010216030108990b000895000892000469308204653082034da003020102020900db98278c91c043a9300d06092a864886f70d01010b05003081a5310b30090603550406130255533111300f06035504080c084d6963686967616e3121301f060355040a0c1857656c64696e6720546563686e6f6c6f677920436f72702e31153013060355040b0c0c546563682e2043656e746572311d301b06035504030c14736b796e65742d6e2e777463636f72702e636f6d312a30
	EAP-Message = 0x2806092a864886f70d010901161b686f73746d61737465724077656c6474656368636f72702e636f6d301e170d3135303933303133323735335a170d3136303932393133323735335a3081c0310b30090603550406130255533111300f06035504080c084d6963686967616e3119301706035504070c104661726d696e67746f6e2048696c6c733121301f060355040a0c1857656c64696e6720546563686e6f6c6f677920436f72702e31153013060355040b0c0c546563682e2043656e746572311d301b06035504030c14736b796e65742d6e2e777463636f72702e636f6d312a302806092a864886f70d010901161b686f73746d61737465724077
	EAP-Message = 0x656c6474656368636f72702e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d2d1c7948966ed1341d267fc4f9cbb7296b538e6c723798db5cf417e57e0620f717df13563fa3ee95d91c6cbd0f2919d7cc0574e3525b145ce67bd29b491b13c0521b0d0790a9e1e153f8f5120ec29c3ef45e90eac80eceb1a72e4092484908d485fa92fa5707513fd6af7f510b56d1d0faaadb9e7cd299346fefef85bc2ea77fa161428c0c5282c5c55eff7e3eea1eb2174f802bf43d03232ada75c5e05ab926885f6f67667fab1d529a55db4bb05e1b96eb29372385b57e3b3a7adf39e856aff11f754675e831d57d5fdbacc
	EAP-Message = 0x6c871053262f2b628752fb8fe5f810342b04f8a001177ebd1722fb02c1fe13ba9d97a5fbfe928d7b4e5ec19a8158f75d44d1c90203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604143fd748d1e67b96f55218a8d3506b1520021ead6f301f0603551d230418301680143edcdf7a0e78b6c903868bf018eb6df83782ab9d300d06092a864886f70d01010b05000382010100499ce5c07f4f002837484b1de16566030fd0a519c6f66b6600ddecacbb55c50be98fc448739e30aef582ac786a65a70b38f0a53c
	EAP-Message = 0x205bb219d9d0950173a6e052
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x98bd762099bf6f3a092a404097a6cf8c
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.24.0.48 port 1509, id=2, length=207
	Message-Authenticator = 0xbd29cd2a85b34482305e73ddbeb9fc70
	Service-Type = Framed-User
	User-Name = "win0054\\jeffrey"
	Framed-MTU = 1488
	State = 0x98bd762099bf6f3a092a404097a6cf8c
	Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap"
	Calling-Station-Id = "00-1F-3C-B2-AD-72"
	NAS-Identifier = "FWAG114"
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 54Mbps 802.11g"
	EAP-Message = 0x020200061900
	NAS-IP-Address = 0.0.0.0
	NAS-Port = 1
	NAS-Port-Id = "STA port # 1"
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 172.24.0.48
[auth_log] 	expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] 	expand: %t -> Fri Oct  2 17:14:26 2015
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 2 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 2 to 172.24.0.48 port 1509
	EAP-Message = 0x010303fc1940b6da580861b855560215e1bcddc7cf7827141faabad978a814118c0396af66bb9de3c68f723e7daa398182692569baf4e2286c6ce5036cfc997577ecebc2727ff1ecbf4f7310651cf9ea2752d40b0ffa8f3d93d4e344fede5db5104358bd0361b15d3a673789d36d86caa0800071c88c6f149459efd07b25be0dd75ca2b2aa276c22bd6c8f7481af26b84dda57b527c3ed8889a96b232aba9105d1750cfd3fcf97c1ee8a9339d19ab87264461497c80c8adf4010e1a03fe4048cd611b4fdb0330004233082041f30820307a003020102020900db98278c91c043a8300d06092a864886f70d01010b05003081a5310b3009060355040613
	EAP-Message = 0x0255533111300f06035504080c084d6963686967616e3121301f060355040a0c1857656c64696e6720546563686e6f6c6f677920436f72702e31153013060355040b0c0c546563682e2043656e746572311d301b06035504030c14736b796e65742d6e2e777463636f72702e636f6d312a302806092a864886f70d010901161b686f73746d61737465724077656c6474656368636f72702e636f6d301e170d3135303933303133323732315a170d3230303932383133323732315a3081a5310b30090603550406130255533111300f06035504080c084d6963686967616e3121301f060355040a0c1857656c64696e6720546563686e6f6c6f67792043
	EAP-Message = 0x6f72702e31153013060355040b0c0c546563682e2043656e746572311d301b06035504030c14736b796e65742d6e2e777463636f72702e636f6d312a302806092a864886f70d010901161b686f73746d61737465724077656c6474656368636f72702e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c944842f637fef492dcb8b64ea061235ea559291b19a5ae5edc0ed30743c49f613d8e02b4f1c550e2a10a2949470e97d1bfa77fd2d72cf5705e203ab73384d91885043238a0a28aba3da3852a88569281c07f2625df0c9fc44bd7e2b74e1bd17b30e13a34ce06642eb8ea20eab0ac013b1e0295106d8
	EAP-Message = 0xdebfec3c001b3f97c99db881f0bc8175bc2f8a06a57dd173f43d092f406832fa4d379b4e3d139fcd2b17ffc3d462ee2d1bb7f4170af942c0d04e00a7d9735378bca2b39c5442683a6a0311a8c0c24d4782e969362ea68480960546166f7683dde3e32638fb36b04b302198f997e2afb50880b63ffdff863a7812b4e9c0cc7ccda4424c344f3f7f180bf70203010001a350304e301d0603551d0e041604143edcdf7a0e78b6c903868bf018eb6df83782ab9d301f0603551d230418301680143edcdf7a0e78b6c903868bf018eb6df83782ab9d300c0603551d13040530030101ff300d06092a864886f70d01010b0500038201010059c531727c748cb0
	EAP-Message = 0xa73687495c5cba6d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x98bd76209abe6f3a092a404097a6cf8c
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.24.0.48 port 1509, id=3, length=207
	Message-Authenticator = 0xff40c27f0968df6b3d4a998482366677
	Service-Type = Framed-User
	User-Name = "win0054\\jeffrey"
	Framed-MTU = 1488
	State = 0x98bd76209abe6f3a092a404097a6cf8c
	Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap"
	Calling-Station-Id = "00-1F-3C-B2-AD-72"
	NAS-Identifier = "FWAG114"
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 54Mbps 802.11g"
	EAP-Message = 0x020300061900
	NAS-IP-Address = 0.0.0.0
	NAS-Port = 1
	NAS-Port-Id = "STA port # 1"
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 172.24.0.48
[auth_log] 	expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] 	expand: %t -> Fri Oct  2 17:14:26 2015
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 3 to 172.24.0.48 port 1509
	EAP-Message = 0x0104024f1900e7d5270f188a0f21028c17db0c4d3a4838d86a59ff3eec796b43f0c60983ea0d40fd86610f59e6575677f9700434ca9aaea69f8849614008fd93ade3852afb2eef925278f3b28c615233ec17b84f3299944dcb6c776ef66cbb07c8a503ca018747ef169ce512d4b2f1a102b7f941d62239c3cd554545cc8a0662221db9c71caa130d342979bbe0b1ae33d10737740e92a776c525965e97d1f9ab305c7226f8f26c03063af5d76628eba9e851ae0f807182cd582cf834384de1df8b513aff09dcb8409ca58449b5c987a8f574139352b15b5b73e56114eac58602765d28ea98181c344c48f313d5a29a2f2accfb06d4b7160301014b0c00
	EAP-Message = 0x0147030017410458221b4f9563c367cd6345bd1983dd5a0a1d2d9c0c3f3a688675135a2a3dd158eb7ce2a321395da49acebf6d58bb7bc638b6ac01ea1f1dacbbb3f1891effafa701002df95433bd6b5e8b9e54b46658f83af70565a8bacc68904416919cc68c38c00bb8d03e56d7b9825bcbc107f05a8505c371fe58f730e929a777ac59b5f8d8c3ffdb6c1cd8f18f3964224390d311b9d52e76817b0c33d34c42756e9726eb789ecc12975de7b3754bb382aee43ed892b392da09e278fd7b1c1b2a087fdd4ff4a3a9b68abec44550f6fbbedfc24c43eb889c23f921690d5005c4c0d6f09532e9c5fd19bd9f0fad6ec02b28579cdb08e69345d4cabd93
	EAP-Message = 0x988e23bbfd7da569b3228fce00255d14115514e296d1cdcabfc471f6a93865e4727403723468dd50253baec481920b34f9bbd4b31d488db221f224bb73a98de198ce3c3bbaea63a73de0640d16030100040e000000
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x98bd76209bb96f3a092a404097a6cf8c
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.24.0.48 port 1509, id=4, length=207
	Message-Authenticator = 0x6c8a80ed0cc51c66ebf5cb6850444872
	Service-Type = Framed-User
	User-Name = "win0054\\jeffrey"
	Framed-MTU = 1488
	State = 0x98bd76209bb96f3a092a404097a6cf8c
	Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap"
	Calling-Station-Id = "00-1F-3C-B2-AD-72"
	NAS-Identifier = "FWAG114"
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 54Mbps 802.11g"
	EAP-Message = 0x020400061900
	NAS-IP-Address = 0.0.0.0
	NAS-Port = 1
	NAS-Port-Id = "STA port # 1"
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 172.24.0.48
[auth_log] 	expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] 	expand: %t -> Fri Oct  2 17:14:26 2015
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 4 to 172.24.0.48 port 1509
	EAP-Message = 0x010500061900
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x98bd76209cb86f3a092a404097a6cf8c
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.24.0.48 port 1510, id=0, length=203
	Message-Authenticator = 0x121295a68b11c245e8e2f9154fbba8de
	Service-Type = Framed-User
	User-Name = "win0054\\jeffrey"
	Framed-MTU = 1488
	Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap"
	Calling-Station-Id = "00-1F-3C-B2-AD-72"
	NAS-Identifier = "FWAG114"
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 54Mbps 802.11g"
	EAP-Message = 0x020000140177696e303035345c6a656666726579
	NAS-IP-Address = 0.0.0.0
	NAS-Port = 1
	NAS-Port-Id = "STA port # 1"
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 172.24.0.48
[auth_log] 	expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] 	expand: %t -> Fri Oct  2 17:14:28 2015
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 0 length 20
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
++[expiration] = noop
++[logintime] = noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 0 to 172.24.0.48 port 1510
	EAP-Message = 0x010100061920
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x4465ca6b4464d3fe9d648e243ee182ad
Finished request 5.
Going to the next request
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 172.24.0.48 port 1510, id=1, length=308
	Message-Authenticator = 0xed6907899fefd56815ebca6b3afae42d
	Service-Type = Framed-User
	User-Name = "win0054\\jeffrey"
	Framed-MTU = 1488
	State = 0x4465ca6b4464d3fe9d648e243ee182ad
	Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap"
	Calling-Station-Id = "00-1F-3C-B2-AD-72"
	NAS-Identifier = "FWAG114"
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 54Mbps 802.11g"
	EAP-Message = 0x0201006b198000000061160301005c010000580301560ef3ccbf5284b3d32a2f4774af9d62f43b2ee8527a8caeff6653df745e5cef000018c014c013c00ac0090035002f00380032000a00130005000401000017000a00080006001900170018000b00020100ff01000100
	NAS-IP-Address = 0.0.0.0
	NAS-Port = 1
	NAS-Port-Id = "STA port # 1"
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 172.24.0.48
[auth_log] 	expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] 	expand: %t -> Fri Oct  2 17:14:28 2015
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 1 length 107
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 97
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 005c], ClientHello  
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0039], ServerHello  
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 0899], Certificate  
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange  
[peap]     TLS_accept: SSLv3 write key exchange A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate A
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase 
In SSL Accept mode  
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 1 to 172.24.0.48 port 1510
	EAP-Message = 0x0102040019c000000a351603010039020000350301563f8767bca18f9ef80d326eb862a320de9154c43e762c9317971aa689858f3600c01400000dff01000100000b00040300010216030108990b000895000892000469308204653082034da003020102020900db98278c91c043a9300d06092a864886f70d01010b05003081a5310b30090603550406130255533111300f06035504080c084d6963686967616e3121301f060355040a0c1857656c64696e6720546563686e6f6c6f677920436f72702e31153013060355040b0c0c546563682e2043656e746572311d301b06035504030c14736b796e65742d6e2e777463636f72702e636f6d312a30
	EAP-Message = 0x2806092a864886f70d010901161b686f73746d61737465724077656c6474656368636f72702e636f6d301e170d3135303933303133323735335a170d3136303932393133323735335a3081c0310b30090603550406130255533111300f06035504080c084d6963686967616e3119301706035504070c104661726d696e67746f6e2048696c6c733121301f060355040a0c1857656c64696e6720546563686e6f6c6f677920436f72702e31153013060355040b0c0c546563682e2043656e746572311d301b06035504030c14736b796e65742d6e2e777463636f72702e636f6d312a302806092a864886f70d010901161b686f73746d61737465724077
	EAP-Message = 0x656c6474656368636f72702e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d2d1c7948966ed1341d267fc4f9cbb7296b538e6c723798db5cf417e57e0620f717df13563fa3ee95d91c6cbd0f2919d7cc0574e3525b145ce67bd29b491b13c0521b0d0790a9e1e153f8f5120ec29c3ef45e90eac80eceb1a72e4092484908d485fa92fa5707513fd6af7f510b56d1d0faaadb9e7cd299346fefef85bc2ea77fa161428c0c5282c5c55eff7e3eea1eb2174f802bf43d03232ada75c5e05ab926885f6f67667fab1d529a55db4bb05e1b96eb29372385b57e3b3a7adf39e856aff11f754675e831d57d5fdbacc
	EAP-Message = 0x6c871053262f2b628752fb8fe5f810342b04f8a001177ebd1722fb02c1fe13ba9d97a5fbfe928d7b4e5ec19a8158f75d44d1c90203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604143fd748d1e67b96f55218a8d3506b1520021ead6f301f0603551d230418301680143edcdf7a0e78b6c903868bf018eb6df83782ab9d300d06092a864886f70d01010b05000382010100499ce5c07f4f002837484b1de16566030fd0a519c6f66b6600ddecacbb55c50be98fc448739e30aef582ac786a65a70b38f0a53c
	EAP-Message = 0x205bb219d9d0950173a6e052
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x4465ca6b4567d3fe9d648e243ee182ad
Finished request 6.
Going to the next request
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 172.24.0.48 port 1510, id=2, length=207
	Message-Authenticator = 0xe82b5064a4f1a842ea017d1df9ed2249
	Service-Type = Framed-User
	User-Name = "win0054\\jeffrey"
	Framed-MTU = 1488
	State = 0x4465ca6b4567d3fe9d648e243ee182ad
	Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap"
	Calling-Station-Id = "00-1F-3C-B2-AD-72"
	NAS-Identifier = "FWAG114"
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 54Mbps 802.11g"
	EAP-Message = 0x020200061900
	NAS-IP-Address = 0.0.0.0
	NAS-Port = 1
	NAS-Port-Id = "STA port # 1"
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 172.24.0.48
[auth_log] 	expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] 	expand: %t -> Fri Oct  2 17:14:28 2015
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 2 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 2 to 172.24.0.48 port 1510
	EAP-Message = 0x010303fc1940b6da580861b855560215e1bcddc7cf7827141faabad978a814118c0396af66bb9de3c68f723e7daa398182692569baf4e2286c6ce5036cfc997577ecebc2727ff1ecbf4f7310651cf9ea2752d40b0ffa8f3d93d4e344fede5db5104358bd0361b15d3a673789d36d86caa0800071c88c6f149459efd07b25be0dd75ca2b2aa276c22bd6c8f7481af26b84dda57b527c3ed8889a96b232aba9105d1750cfd3fcf97c1ee8a9339d19ab87264461497c80c8adf4010e1a03fe4048cd611b4fdb0330004233082041f30820307a003020102020900db98278c91c043a8300d06092a864886f70d01010b05003081a5310b3009060355040613
	EAP-Message = 0x0255533111300f06035504080c084d6963686967616e3121301f060355040a0c1857656c64696e6720546563686e6f6c6f677920436f72702e31153013060355040b0c0c546563682e2043656e746572311d301b06035504030c14736b796e65742d6e2e777463636f72702e636f6d312a302806092a864886f70d010901161b686f73746d61737465724077656c6474656368636f72702e636f6d301e170d3135303933303133323732315a170d3230303932383133323732315a3081a5310b30090603550406130255533111300f06035504080c084d6963686967616e3121301f060355040a0c1857656c64696e6720546563686e6f6c6f67792043
	EAP-Message = 0x6f72702e31153013060355040b0c0c546563682e2043656e746572311d301b06035504030c14736b796e65742d6e2e777463636f72702e636f6d312a302806092a864886f70d010901161b686f73746d61737465724077656c6474656368636f72702e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c944842f637fef492dcb8b64ea061235ea559291b19a5ae5edc0ed30743c49f613d8e02b4f1c550e2a10a2949470e97d1bfa77fd2d72cf5705e203ab73384d91885043238a0a28aba3da3852a88569281c07f2625df0c9fc44bd7e2b74e1bd17b30e13a34ce06642eb8ea20eab0ac013b1e0295106d8
	EAP-Message = 0xdebfec3c001b3f97c99db881f0bc8175bc2f8a06a57dd173f43d092f406832fa4d379b4e3d139fcd2b17ffc3d462ee2d1bb7f4170af942c0d04e00a7d9735378bca2b39c5442683a6a0311a8c0c24d4782e969362ea68480960546166f7683dde3e32638fb36b04b302198f997e2afb50880b63ffdff863a7812b4e9c0cc7ccda4424c344f3f7f180bf70203010001a350304e301d0603551d0e041604143edcdf7a0e78b6c903868bf018eb6df83782ab9d301f0603551d230418301680143edcdf7a0e78b6c903868bf018eb6df83782ab9d300c0603551d13040530030101ff300d06092a864886f70d01010b0500038201010059c531727c748cb0
	EAP-Message = 0xa73687495c5cba6d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x4465ca6b4666d3fe9d648e243ee182ad
Finished request 7.
Going to the next request
Waking up in 2.8 seconds.
rad_recv: Access-Request packet from host 172.24.0.48 port 1510, id=3, length=207
	Message-Authenticator = 0xa1bb90d986293276b7e1daa26bbb9422
	Service-Type = Framed-User
	User-Name = "win0054\\jeffrey"
	Framed-MTU = 1488
	State = 0x4465ca6b4666d3fe9d648e243ee182ad
	Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap"
	Calling-Station-Id = "00-1F-3C-B2-AD-72"
	NAS-Identifier = "FWAG114"
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 54Mbps 802.11g"
	EAP-Message = 0x020300061900
	NAS-IP-Address = 0.0.0.0
	NAS-Port = 1
	NAS-Port-Id = "STA port # 1"
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 172.24.0.48
[auth_log] 	expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] 	expand: %t -> Fri Oct  2 17:14:28 2015
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 3 to 172.24.0.48 port 1510
	EAP-Message = 0x0104024f1900e7d5270f188a0f21028c17db0c4d3a4838d86a59ff3eec796b43f0c60983ea0d40fd86610f59e6575677f9700434ca9aaea69f8849614008fd93ade3852afb2eef925278f3b28c615233ec17b84f3299944dcb6c776ef66cbb07c8a503ca018747ef169ce512d4b2f1a102b7f941d62239c3cd554545cc8a0662221db9c71caa130d342979bbe0b1ae33d10737740e92a776c525965e97d1f9ab305c7226f8f26c03063af5d76628eba9e851ae0f807182cd582cf834384de1df8b513aff09dcb8409ca58449b5c987a8f574139352b15b5b73e56114eac58602765d28ea98181c344c48f313d5a29a2f2accfb06d4b7160301014b0c00
	EAP-Message = 0x01470300174104f94f27db84c936ece3f8f2dabd1578d95d6ac7a27dfb6daa83d62030d7be1f8298f1889a729c7ed1475895e8f796516031e5bb67c5779570fe2e3baa4fc59f980100656917d6493b86f841676412f995ab7e1ba7c1e28e39d94c08325c836b0887772396b6b04f6db1bcbc09f143184d3d37677a484de33a58e0b182788527dede27c5345dba9bd4e06dd487cb32c55e95efeab1cf8b4b5726b5950c473d5264c03ec379147429d3492e4695a1153ba005598749f4a9f13e3847148f3455cffc4121180cdc839bc84dccf2758f4d624583bf051e94fcaecded9834a0e7c632087051a0cada0de572368894b07c019e3e85a379e8df26
	EAP-Message = 0x3c7a29973798e12add22ade92b3511a131fb4d81bfcdec1d7106d6c70b89fed598f1aca96b1ce9d45de544b8f2d96c2bde80f76ae69041e752e6ddbfcbafca70df67258cdeff72cc52f1958616030100040e000000
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x4465ca6b4761d3fe9d648e243ee182ad
Finished request 8.
Going to the next request
Waking up in 2.8 seconds.
rad_recv: Access-Request packet from host 172.24.0.48 port 1510, id=4, length=345
	Message-Authenticator = 0x8bc28ce67ea7ac4969fbf9ae2e9e208f
	Service-Type = Framed-User
	User-Name = "win0054\\jeffrey"
	Framed-MTU = 1488
	State = 0x4465ca6b4761d3fe9d648e243ee182ad
	Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap"
	Calling-Station-Id = "00-1F-3C-B2-AD-72"
	NAS-Identifier = "FWAG114"
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 54Mbps 802.11g"
	EAP-Message = 0x0204009019800000008616030100461000004241043c809efc0e0a2ca176b2606111d62bf84fc511208a5bf64b3017688baf469126994847f9f55b6a4a9a14f69a5cc2d9093ca45977068034173e49aa8c6567ef231403010001011603010030cfd781c88abc2f1f2308318db52c884dc33bb5034282e0be3ae40b6265ee2d415484e772c9889a03bfd6d113e8b7b925
	NAS-IP-Address = 0.0.0.0
	NAS-Port = 1
	NAS-Port-Id = "STA port # 1"
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 172.24.0.48
[auth_log] 	expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] 	expand: %t -> Fri Oct  2 17:14:28 2015
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 4 length 144
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 134
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange  
[peap]     TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]  
[peap] <<< TLS 1.0 Handshake [length 0010], Finished  
[peap]     TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]  
[peap]     TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished  
[peap]     TLS_accept: SSLv3 write finished A
[peap]     TLS_accept: SSLv3 flush data
[peap]     (other): SSL negotiation finished successfully
SSL Connection Established 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 4 to 172.24.0.48 port 1510
	EAP-Message = 0x010500411900140301000101160301003013153c9bcbbbc61fdf54f31d9dc1f6e0f0688aed91c84831ea12d943c445d4bc36982989b0a1c12ffff77e06438851c7
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x4465ca6b4060d3fe9d648e243ee182ad
Finished request 9.
Going to the next request
Waking up in 2.8 seconds.
rad_recv: Access-Request packet from host 172.24.0.48 port 1510, id=5, length=207
	Message-Authenticator = 0xe672cfd12303a02af4cd8bf93844cc0a
	Service-Type = Framed-User
	User-Name = "win0054\\jeffrey"
	Framed-MTU = 1488
	State = 0x4465ca6b4060d3fe9d648e243ee182ad
	Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap"
	Calling-Station-Id = "00-1F-3C-B2-AD-72"
	NAS-Identifier = "FWAG114"
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 54Mbps 802.11g"
	EAP-Message = 0x020500061900
	NAS-IP-Address = 0.0.0.0
	NAS-Port = 1
	NAS-Port-Id = "STA port # 1"
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 172.24.0.48
[auth_log] 	expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] 	expand: %t -> Fri Oct  2 17:14:28 2015
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3 
[peap] eaptls_process returned 3 
[peap] EAPTLS_SUCCESS
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 5 to 172.24.0.48 port 1510
	EAP-Message = 0x0106002b190017030100206e4c28c25fa0be9b294a675f54f4795ab01b00a6d1c9b7001d7da69b3807e510
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x4465ca6b4163d3fe9d648e243ee182ad
Finished request 10.
Going to the next request
Waking up in 2.8 seconds.
rad_recv: Access-Request packet from host 172.24.0.48 port 1510, id=6, length=260
	Message-Authenticator = 0xdbd26e3f6b395640e552601e0c30b267
	Service-Type = Framed-User
	User-Name = "win0054\\jeffrey"
	Framed-MTU = 1488
	State = 0x4465ca6b4163d3fe9d648e243ee182ad
	Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap"
	Calling-Station-Id = "00-1F-3C-B2-AD-72"
	NAS-Identifier = "FWAG114"
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 54Mbps 802.11g"
	EAP-Message = 0x0206003b19001703010030ace4d439a4ad129c9a846d74d6695ccaea39e77e2c524cf5065c69ae97d02d1c7dc9ec9c5a4e7d530ef19a7485a6d6f0
	NAS-IP-Address = 0.0.0.0
	NAS-Port = 1
	NAS-Port-Id = "STA port # 1"
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 172.24.0.48
[auth_log] 	expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] 	expand: %t -> Fri Oct  2 17:14:28 2015
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 6 length 59
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - win0054\jeffrey
[peap] Got inner identity 'win0054\jeffrey'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
	EAP-Message = 0x020600140177696e303035345c6a656666726579
server  {
[peap] Setting User-Name to win0054\jeffrey
Sending tunneled request
	EAP-Message = 0x020600140177696e303035345c6a656666726579
	FreeRADIUS-Proxied-To = 127.0.0.1
	User-Name = "win0054\\jeffrey"
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+group authorize {
++[chap] = noop
++[mschap] = noop
[suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
++update control {
++} # update control = noop
[eap] EAP packet type response id 6 length 20
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
[ldap] performing user authorization for win0054\jeffrey
[ldap] 	expand: (uid=%{mschap:User-Name}) -> (uid=jeffrey)
[ldap] 	expand: ou=People,dc=wtccorp,dc=com -> ou=People,dc=wtccorp,dc=com
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] attempting LDAP reconnection
  [ldap] (re)connect to localhost:389, authentication 0
  [ldap] setting TLS CACert File to /etc/ssl/certs/skynet-n_wtccorp_com_ca.pem
  [ldap] starting TLS
  [ldap] bind as uid=radius,ou=People,dc=wtccorp,dc=com/slurp2~maybe to localhost:389
  [ldap] waiting for bind result ...
  [ldap] Bind was successful
  [ldap] performing search in ou=People,dc=wtccorp,dc=com, with filter (uid=jeffrey)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
  [ldap] sambaAcctFlags -> SMB-Account-CTRL-TEXT == "[U]"
  [ldap] sambaNTPassword -> NT-Password == 0x4338374239333639433331343843433241314331363738344134363645463435
  [ldap] sambaLMPassword -> LM-Password == 0x3936393736373035453543463432463941414433423433354235313430344545
[ldap] looking for reply items in directory...
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] = ok
++[expiration] = noop
++[logintime] = noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+group authenticate {
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] = handled
+} # group authenticate = handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
	EAP-Message = 0x010700291a01070024109974050545ffc02dfc8e72d8f44f439b77696e303035345c6a656666726579
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x05a66f0605a1753bbd5d795e1c248c9d
[peap] Got tunneled reply RADIUS code Access-Challenge
	EAP-Message = 0x010700291a01070024109974050545ffc02dfc8e72d8f44f439b77696e303035345c6a656666726579
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x05a66f0605a1753bbd5d795e1c248c9d
[peap] Got tunneled Access-Challenge
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 6 to 172.24.0.48 port 1510
	EAP-Message = 0x0107004b19001703010040a9546f8399001b6a8bd342e619ae8162f76fc837888a09fa384a010c9e2dee9268df149f6f8055970ae10d2cc4a47f0cac733dd468db1838054de093bc3dec3f
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x4465ca6b4262d3fe9d648e243ee182ad
Finished request 11.
Going to the next request
Waking up in 2.7 seconds.
rad_recv: Access-Request packet from host 172.24.0.48 port 1510, id=7, length=308
	Message-Authenticator = 0x0ca2718b291fbbe28082bcdb84c545b7
	Service-Type = Framed-User
	User-Name = "win0054\\jeffrey"
	Framed-MTU = 1488
	State = 0x4465ca6b4262d3fe9d648e243ee182ad
	Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap"
	Calling-Station-Id = "00-1F-3C-B2-AD-72"
	NAS-Identifier = "FWAG114"
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 54Mbps 802.11g"
	EAP-Message = 0x0207006b190017030100609050f71be529e8a4298db7da8502b8faeadcba74fc99e9ddfe0960259c3f195a921fa28d69ba8df233282f6a29547be7c11310bccfed272c506a790337ba47b73fdd5ff2760bd67eb09d62a5a385bbf54ed00eb3066e8955bdf5f48dc46b93f3
	NAS-IP-Address = 0.0.0.0
	NAS-Port = 1
	NAS-Port-Id = "STA port # 1"
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 172.24.0.48
[auth_log] 	expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] 	expand: %t -> Fri Oct  2 17:14:28 2015
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 7 length 107
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
	EAP-Message = 0x020700421a0207003d31f613ab6b1e8f20d69b72000370a616000000000000000000a0ae9b346e3a9f3f939556588b676a35929c01f270327e77006a656666726579
server  {
[peap] Setting User-Name to win0054\jeffrey
Sending tunneled request
	EAP-Message = 0x020700421a0207003d31f613ab6b1e8f20d69b72000370a616000000000000000000a0ae9b346e3a9f3f939556588b676a35929c01f270327e77006a656666726579
	FreeRADIUS-Proxied-To = 127.0.0.1
	User-Name = "win0054\\jeffrey"
	State = 0x05a66f0605a1753bbd5d795e1c248c9d
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+group authorize {
++[chap] = noop
++[mschap] = noop
[suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
++update control {
++} # update control = noop
[eap] EAP packet type response id 7 length 66
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
[ldap] performing user authorization for win0054\jeffrey
[ldap] 	expand: (uid=%{mschap:User-Name}) -> (uid=jeffrey)
[ldap] 	expand: ou=People,dc=wtccorp,dc=com -> ou=People,dc=wtccorp,dc=com
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in ou=People,dc=wtccorp,dc=com, with filter (uid=jeffrey)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
  [ldap] sambaAcctFlags -> SMB-Account-CTRL-TEXT == "[U]"
  [ldap] sambaNTPassword -> NT-Password == 0x4338374239333639433331343843433241314331363738344134363645463435
  [ldap] sambaLMPassword -> LM-Password == 0x3936393736373035453543463432463941414433423433354235313430344545
[ldap] looking for reply items in directory...
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] = ok
++[expiration] = noop
++[logintime] = noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +group MS-CHAP {
[mschap] Found LM-Password
[mschap] Found NT-Password
[mschap] WARNING: User-Name (win0054\jeffrey) is not the same as MS-CHAP Name (jeffrey) from EAP-MSCHAPv2
[mschap] Creating challenge hash with username: jeffrey
[mschap] Client is using MS-CHAPv2 for jeffrey, we need NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] = ok
+} # group MS-CHAP = ok
MSCHAP Success 
++[eap] = handled
+} # group authenticate = handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
	EAP-Message = 0x010800331a0307002e533d41343938333341454445323745364436324232423838464442363141453031334334344641353133
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x05a66f0604ae753bbd5d795e1c248c9d
[peap] Got tunneled reply RADIUS code Access-Challenge
	EAP-Message = 0x010800331a0307002e533d41343938333341454445323745364436324232423838464442363141453031334334344641353133
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x05a66f0604ae753bbd5d795e1c248c9d
[peap] Got tunneled Access-Challenge
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 7 to 172.24.0.48 port 1510
	EAP-Message = 0x0108005b19001703010050e447287e8c32c97b3bba2d5ddcebbb2a7a5072606bb3985055cb0d1e42f19cab85b5e3ba2c1c3d5911d6088e96ba61543cb4a2730c2de449aca8322d707acff85d1c89e4719868c37ece12a7858d0ce0
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x4465ca6b436dd3fe9d648e243ee182ad
Finished request 12.
Going to the next request
Waking up in 2.7 seconds.
rad_recv: Access-Request packet from host 172.24.0.48 port 1510, id=8, length=244
	Message-Authenticator = 0x1e3e0ca33e12a9b4057830f377b82244
	Service-Type = Framed-User
	User-Name = "win0054\\jeffrey"
	Framed-MTU = 1488
	State = 0x4465ca6b436dd3fe9d648e243ee182ad
	Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap"
	Calling-Station-Id = "00-1F-3C-B2-AD-72"
	NAS-Identifier = "FWAG114"
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 54Mbps 802.11g"
	EAP-Message = 0x0208002b1900170301002058ac08dc09598152957686e0d9ec0bfb4af9ed80b8e98be8b21c0d7ba2a73c78
	NAS-IP-Address = 0.0.0.0
	NAS-Port = 1
	NAS-Port-Id = "STA port # 1"
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 172.24.0.48
[auth_log] 	expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] 	expand: %t -> Fri Oct  2 17:14:28 2015
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 8 length 43
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
	EAP-Message = 0x020800061a03
server  {
[peap] Setting User-Name to win0054\jeffrey
Sending tunneled request
	EAP-Message = 0x020800061a03
	FreeRADIUS-Proxied-To = 127.0.0.1
	User-Name = "win0054\\jeffrey"
	State = 0x05a66f0604ae753bbd5d795e1c248c9d
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+group authorize {
++[chap] = noop
++[mschap] = noop
[suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
++update control {
++} # update control = noop
[eap] EAP packet type response id 8 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
[ldap] performing user authorization for win0054\jeffrey
[ldap] 	expand: (uid=%{mschap:User-Name}) -> (uid=jeffrey)
[ldap] 	expand: ou=People,dc=wtccorp,dc=com -> ou=People,dc=wtccorp,dc=com
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in ou=People,dc=wtccorp,dc=com, with filter (uid=jeffrey)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
  [ldap] sambaAcctFlags -> SMB-Account-CTRL-TEXT == "[U]"
  [ldap] sambaNTPassword -> NT-Password == 0x4338374239333639433331343843433241314331363738344134363645463435
  [ldap] sambaLMPassword -> LM-Password == 0x3936393736373035453543463432463941414433423433354235313430344545
[ldap] looking for reply items in directory...
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] = ok
++[expiration] = noop
++[logintime] = noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] = ok
+} # group authenticate = ok
  WARNING: Empty post-auth section.  Using default return values.
# Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel
} # server inner-tunnel
[peap] Got tunneled reply code 2
	MS-MPPE-Encryption-Policy = 0x00000001
	MS-MPPE-Encryption-Types = 0x00000006
	MS-MPPE-Send-Key = 0x14cdaa5dd80a97d68f9a273925682cff
	MS-MPPE-Recv-Key = 0x0d3dced83362f21239048b9280abfc62
	EAP-Message = 0x03080004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "win0054\\jeffrey"
[peap] Got tunneled reply RADIUS code Access-Accept
	MS-MPPE-Encryption-Policy = 0x00000001
	MS-MPPE-Encryption-Types = 0x00000006
	MS-MPPE-Send-Key = 0x14cdaa5dd80a97d68f9a273925682cff
	MS-MPPE-Recv-Key = 0x0d3dced83362f21239048b9280abfc62
	EAP-Message = 0x03080004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "win0054\\jeffrey"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 8 to 172.24.0.48 port 1510
	EAP-Message = 0x0109002b19001703010020789df7189a45a0b33091349b5e386e2fc1ff4a2f09623998d30272a775b4cb92
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x4465ca6b4c6cd3fe9d648e243ee182ad
Finished request 13.
Going to the next request
Waking up in 2.7 seconds.
rad_recv: Access-Request packet from host 172.24.0.48 port 1510, id=9, length=244
	Message-Authenticator = 0xc85bfd7428baa565719f188f4e6077f2
	Service-Type = Framed-User
	User-Name = "win0054\\jeffrey"
	Framed-MTU = 1488
	State = 0x4465ca6b4c6cd3fe9d648e243ee182ad
	Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap"
	Calling-Station-Id = "00-1F-3C-B2-AD-72"
	NAS-Identifier = "FWAG114"
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 54Mbps 802.11g"
	EAP-Message = 0x0209002b190017030100201f684809b50701513be173c26cfb7cb773d3d2ff3af2d82a04e5aa5203930ec2
	NAS-IP-Address = 0.0.0.0
	NAS-Port = 1
	NAS-Port-Id = "STA port # 1"
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 172.24.0.48
[auth_log] 	expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002
[auth_log] 	expand: %t -> Fri Oct  2 17:14:28 2015
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 9 length 43
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] = ok
+} # group authenticate = ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+group post-auth {
++[exec] = noop
+} # group post-auth = noop
Sending Access-Accept of id 9 to 172.24.0.48 port 1510
	MS-MPPE-Recv-Key = 0xb6366ecd1300654a450cf0f52f17764ceef21afb49657ae5569ac80e7ac85529
	MS-MPPE-Send-Key = 0xfe041f1c30415092e2a826a51a0ff7eff3d0fceac33d78f95f08a36ad310fec0
	EAP-Message = 0x03090004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "win0054\\jeffrey"
Finished request 14.
Going to the next request
Waking up in 2.7 seconds.
Cleaning up request 0 ID 0 with timestamp +32
Cleaning up request 1 ID 1 with timestamp +32
Cleaning up request 2 ID 2 with timestamp +32
Cleaning up request 3 ID 3 with timestamp +32
Cleaning up request 4 ID 4 with timestamp +32
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x98bd76209cb86f3a did not finish!
WARNING: !! Please read http://wiki.freeradius.org/guide/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Waking up in 2.0 seconds.
Cleaning up request 5 ID 0 with timestamp +34
Cleaning up request 6 ID 1 with timestamp +34
Cleaning up request 7 ID 2 with timestamp +34
Cleaning up request 8 ID 3 with timestamp +34
Cleaning up request 9 ID 4 with timestamp +34
Cleaning up request 10 ID 5 with timestamp +34
Cleaning up request 11 ID 6 with timestamp +34
Cleaning up request 12 ID 7 with timestamp +34
Cleaning up request 13 ID 8 with timestamp +34
Cleaning up request 14 ID 9 with timestamp +34
Ready to process requests.

Regards,
Jim
-- 
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.


More information about the Freeradius-Users mailing list