wrong password failures not logged

Stefano Zanmarchi zanmarchi at gmail.com
Thu Mar 31 15:04:17 CEST 2016


Hi,
I'm trying FreeRADIUS Version 3.0.10.
I've realized that quite often when users fail authentication due to wrong
password this does not result in a "Login incorrect" message in the logs.
When the password is set to the correct value again a "Login OK" appears in
the logs.
It looks like the session hangs.
I was able to reproduce the behaviour on an android phone and this is the
output of radiusd -X (NT and SHA1 hashes obscured).
Any help would be greatly appreciated.
Thanks,
Stefano


(0) Received Access-Request Id 175 from 147.162.234.209:32776 to
147.162.57.7:1812 length 288
(0)   User-Name = "stefano.zanmarchi at unipd.it"
(0)   Chargeable-User-Identity = 0x00
(0)   Location-Capable = Civix-Location
(0)   Calling-Station-Id = "64-89-9a-1f-93-d6"
(0)   Called-Station-Id = "AP-GROUP-CSIA"
(0)   NAS-Port = 1
(0)   Cisco-AVPair = "audit-session-id=93a2ead100012e6456fa7c31"
(0)   Acct-Session-Id = "56fa7c31/64:89:9a:1f:93:d6/84429"
(0)   NAS-IP-Address = 147.162.234.209
(0)   NAS-Identifier = "WLC"
(0)   Airespace-Wlan-Id = 6
(0)   Service-Type = Framed-User
(0)   Framed-MTU = 1300
(0)   NAS-Port-Type = Wireless-802.11
(0)   Tunnel-Type:0 = VLAN
(0)   Tunnel-Medium-Type:0 = IEEE-802
(0)   Tunnel-Private-Group-Id:0 = "83"
(0)   EAP-Message =
0x0201001f0173746566616e6f2e7a616e6d617263686940756e6970642e6974
(0)   Message-Authenticator = 0xccfded3b06bc9f6779fc4d3a25cd8c28
(0) # Executing section authorize from file
/etc/freeradius/sites-enabled/eduroam
(0)   authorize {
(0)     policy filter_username {
(0)       if (!&User-Name) {
(0)       if (!&User-Name)  -> FALSE
(0)       if (&User-Name =~ / /) {
(0)       if (&User-Name =~ / /)  -> FALSE
(0)       if (&User-Name =~ /@.*@/ ) {
(0)       if (&User-Name =~ /@.*@/ )  -> FALSE
(0)       if (&User-Name =~ /\.\./ ) {
(0)       if (&User-Name =~ /\.\./ )  -> FALSE
(0)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(0)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE
(0)       if (&User-Name =~ /\.$/)  {
(0)       if (&User-Name =~ /\.$/)   -> FALSE
(0)       if (&User-Name =~ /@\./)  {
(0)       if (&User-Name =~ /@\./)   -> FALSE
(0)     } # policy filter_username = notfound
(0)     [preprocess] = ok
(0) suffix: Checking for suffix after "@"
(0) suffix: Looking up realm "unipd.it" for User-Name = "
stefano.zanmarchi at unipd.it"
(0) suffix: Found realm "unipd.it"
(0) suffix: Adding Realm = "unipd.it"
(0) suffix: Authentication realm is LOCAL
(0)     [suffix] = ok
(0) eap: Peer sent EAP Response (code 2) ID 1 length 31
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(0)     [eap] = ok
(0)   } # authorize = ok
(0) Found Auth-Type = EAP
(0) # Executing group from file /etc/freeradius/sites-enabled/eduroam
(0)   authenticate {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Calling submodule eap_peap to process data
(0) eap_peap: Initiating new EAP-TLS session
(0) eap_peap: [eaptls start] = request
(0) eap: Sending EAP Request (code 1) ID 2 length 6
(0) eap: EAP session adding &reply:State = 0x3adf3a9e3add23ab
(0)     [eap] = handled
(0)   } # authenticate = handled
(0) Using Post-Auth-Type Challenge
(0) Post-Auth-Type sub-section not found.  Ignoring.
(0) # Executing group from file /etc/freeradius/sites-enabled/eduroam
(0) Sent Access-Challenge Id 175 from 147.162.57.7:1812 to
147.162.234.209:32776 length 0
(0)   EAP-Message = 0x010200061920
(0)   Message-Authenticator = 0x00000000000000000000000000000000
(0)   State = 0x3adf3a9e3add23abadde1d2911153d2e
(0) Finished request
Waking up in 4.9 seconds.
(1) Received Access-Request Id 176 from 147.162.234.209:32776 to
147.162.57.7:1812 length 483
(1)   User-Name = "stefano.zanmarchi at unipd.it"
(1)   Chargeable-User-Identity = 0x00
(1)   Location-Capable = Civix-Location
(1)   Calling-Station-Id = "64-89-9a-1f-93-d6"
(1)   Called-Station-Id = "AP-GROUP-CSIA"
(1)   NAS-Port = 1
(1)   Cisco-AVPair = "audit-session-id=93a2ead100012e6456fa7c31"
(1)   Acct-Session-Id = "56fa7c31/64:89:9a:1f:93:d6/84429"
(1)   NAS-IP-Address = 147.162.234.209
(1)   NAS-Identifier = "WLC"
(1)   Airespace-Wlan-Id = 6
(1)   Service-Type = Framed-User
(1)   Framed-MTU = 1300
(1)   NAS-Port-Type = Wireless-802.11
(1)   Tunnel-Type:0 = VLAN
(1)   Tunnel-Medium-Type:0 = IEEE-802
(1)   Tunnel-Private-Group-Id:0 = "83"
(1)   EAP-Message =
0x020200d01980000000c616030100c1010000bd0301969c67acc968dbc4ad3c8d94b9ae9db616fe9fb1316dcdff20d19c913c051c90000054c014c00ac022c02100390038c00fc0050035c012c008c01cc01b00160013c00dc003000ac013c009c01fc01e00330032c00ec004002fc011c007c00cc00200
(1)   State = 0x3adf3a9e3add23abadde1d2911153d2e
(1)   Message-Authenticator = 0xb3a4502bf04b94541918ffd352911106
(1) session-state: No cached attributes
(1) # Executing section authorize from file
/etc/freeradius/sites-enabled/eduroam
(1)   authorize {
(1)     policy filter_username {
(1)       if (!&User-Name) {
(1)       if (!&User-Name)  -> FALSE
(1)       if (&User-Name =~ / /) {
(1)       if (&User-Name =~ / /)  -> FALSE
(1)       if (&User-Name =~ /@.*@/ ) {
(1)       if (&User-Name =~ /@.*@/ )  -> FALSE
(1)       if (&User-Name =~ /\.\./ ) {
(1)       if (&User-Name =~ /\.\./ )  -> FALSE
(1)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(1)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE
(1)       if (&User-Name =~ /\.$/)  {
(1)       if (&User-Name =~ /\.$/)   -> FALSE
(1)       if (&User-Name =~ /@\./)  {
(1)       if (&User-Name =~ /@\./)   -> FALSE
(1)     } # policy filter_username = notfound
(1)     [preprocess] = ok
(1) suffix: Checking for suffix after "@"
(1) suffix: Looking up realm "unipd.it" for User-Name = "
stefano.zanmarchi at unipd.it"
(1) suffix: Found realm "unipd.it"
(1) suffix: Adding Realm = "unipd.it"
(1) suffix: Authentication realm is LOCAL
(1)     [suffix] = ok
(1) eap: Peer sent EAP Response (code 2) ID 2 length 208
(1) eap: Continuing tunnel setup
(1)     [eap] = ok
(1)   } # authorize = ok
(1) Found Auth-Type = EAP
(1) # Executing group from file /etc/freeradius/sites-enabled/eduroam
(1)   authenticate {
(1) eap: Expiring EAP session with state 0x3adf3a9e3add23ab
(1) eap: Finished EAP session with state 0x3adf3a9e3add23ab
(1) eap: Previous EAP request found for state 0x3adf3a9e3add23ab, released
from the list
(1) eap: Peer sent packet with method EAP PEAP (25)
(1) eap: Calling submodule eap_peap to process data
(1) eap_peap: Continuing EAP-TLS
(1) eap_peap: Peer indicated complete TLS record size will be 198 bytes
(1) eap_peap: Got complete TLS record (198 bytes)
(1) eap_peap: [eaptls verify] = length included
(1) eap_peap: (other): before/accept initialization
(1) eap_peap: TLS_accept: before/accept initialization
(1) eap_peap: <<< TLS 1.0 Handshake [length 00c1], ClientHello
(1) eap_peap: TLS_accept: unknown state
(1) eap_peap: >>> TLS 1.0 Handshake [length 0039], ServerHello
(1) eap_peap: TLS_accept: unknown state
(1) eap_peap: >>> TLS 1.0 Handshake [length 0872], Certificate
(1) eap_peap: TLS_accept: unknown state
(1) eap_peap: >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
(1) eap_peap: TLS_accept: unknown state
(1) eap_peap: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
(1) eap_peap: TLS_accept: unknown state
(1) eap_peap: TLS_accept: unknown state
(1) eap_peap: TLS_accept: Need to read more data: unknown state
(1) eap_peap: TLS_accept: Need to read more data: unknown state
(1) eap_peap: In SSL Handshake Phase
(1) eap_peap: In SSL Accept mode
(1) eap_peap: [eaptls process] = handled
(1) eap: Sending EAP Request (code 1) ID 3 length 1004
(1) eap: EAP session adding &reply:State = 0x3adf3a9e3bdc23ab
(1)     [eap] = handled
(1)   } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) Post-Auth-Type sub-section not found.  Ignoring.
(1) # Executing group from file /etc/freeradius/sites-enabled/eduroam
(1) Sent Access-Challenge Id 176 from 147.162.57.7:1812 to
147.162.234.209:32776 length 0
(1)   EAP-Message =
0x010303ec19c000000a0e1603010039020000350301b7177f6d9e3032797230a6f3413574a730725e60992ed9d439c00a787b088f4000c01400000dff01000100000b00040300010216030108720b00086e00086b0003cf308203cb308202b3a003020102020101300d06092a864886f70d010105050030
(1)   Message-Authenticator = 0x00000000000000000000000000000000
(1)   State = 0x3adf3a9e3bdc23abadde1d2911153d2e
(1) Finished request
Waking up in 4.9 seconds.
(2) Received Access-Request Id 177 from 147.162.234.209:32776 to
147.162.57.7:1812 length 281
(2)   User-Name = "stefano.zanmarchi at unipd.it"
(2)   Chargeable-User-Identity = 0x00
(2)   Location-Capable = Civix-Location
(2)   Calling-Station-Id = "64-89-9a-1f-93-d6"
(2)   Called-Station-Id = "AP-GROUP-CSIA"
(2)   NAS-Port = 1
(2)   Cisco-AVPair = "audit-session-id=93a2ead100012e6456fa7c31"
(2)   Acct-Session-Id = "56fa7c31/64:89:9a:1f:93:d6/84429"
(2)   NAS-IP-Address = 147.162.234.209
(2)   NAS-Identifier = "WLC"
(2)   Airespace-Wlan-Id = 6
(2)   Service-Type = Framed-User
(2)   Framed-MTU = 1300
(2)   NAS-Port-Type = Wireless-802.11
(2)   Tunnel-Type:0 = VLAN
(2)   Tunnel-Medium-Type:0 = IEEE-802
(2)   Tunnel-Private-Group-Id:0 = "83"
(2)   EAP-Message = 0x020300061900
(2)   State = 0x3adf3a9e3bdc23abadde1d2911153d2e
(2)   Message-Authenticator = 0xcb6416eeff83d20ed4309fb25316a8ba
(2) session-state: No cached attributes
(2) # Executing section authorize from file
/etc/freeradius/sites-enabled/eduroam
(2)   authorize {
(2)     policy filter_username {
(2)       if (!&User-Name) {
(2)       if (!&User-Name)  -> FALSE
(2)       if (&User-Name =~ / /) {
(2)       if (&User-Name =~ / /)  -> FALSE
(2)       if (&User-Name =~ /@.*@/ ) {
(2)       if (&User-Name =~ /@.*@/ )  -> FALSE
(2)       if (&User-Name =~ /\.\./ ) {
(2)       if (&User-Name =~ /\.\./ )  -> FALSE
(2)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(2)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE
(2)       if (&User-Name =~ /\.$/)  {
(2)       if (&User-Name =~ /\.$/)   -> FALSE
(2)       if (&User-Name =~ /@\./)  {
(2)       if (&User-Name =~ /@\./)   -> FALSE
(2)     } # policy filter_username = notfound
(2)     [preprocess] = ok
(2) suffix: Checking for suffix after "@"
(2) suffix: Looking up realm "unipd.it" for User-Name = "
stefano.zanmarchi at unipd.it"
(2) suffix: Found realm "unipd.it"
(2) suffix: Adding Realm = "unipd.it"
(2) suffix: Authentication realm is LOCAL
(2)     [suffix] = ok
(2) eap: Peer sent EAP Response (code 2) ID 3 length 6
(2) eap: Continuing tunnel setup
(2)     [eap] = ok
(2)   } # authorize = ok
(2) Found Auth-Type = EAP
(2) # Executing group from file /etc/freeradius/sites-enabled/eduroam
(2)   authenticate {
(2) eap: Expiring EAP session with state 0x3adf3a9e3bdc23ab
(2) eap: Finished EAP session with state 0x3adf3a9e3bdc23ab
(2) eap: Previous EAP request found for state 0x3adf3a9e3bdc23ab, released
from the list
(2) eap: Peer sent packet with method EAP PEAP (25)
(2) eap: Calling submodule eap_peap to process data
(2) eap_peap: Continuing EAP-TLS
(2) eap_peap: Peer ACKed our handshake fragment
(2) eap_peap: [eaptls verify] = request
(2) eap_peap: [eaptls process] = handled
(2) eap: Sending EAP Request (code 1) ID 4 length 1000
(2) eap: EAP session adding &reply:State = 0x3adf3a9e38db23ab
(2)     [eap] = handled
(2)   } # authenticate = handled
(2) Using Post-Auth-Type Challenge
(2) Post-Auth-Type sub-section not found.  Ignoring.
(2) # Executing group from file /etc/freeradius/sites-enabled/eduroam
(2) Sent Access-Challenge Id 177 from 147.162.57.7:1812 to
147.162.234.209:32776 length 0
(2)   EAP-Message =
0x010403e81940615303759f86db56d0ef434ad84d7a3cce7a6d343f735f2bd9e8b9a3f70dc23d640220814ec749af6bb5e9396a38d2ca58f5809013a17ee10414000496308204923082037aa003020102020900e844f7302b8c478a300d06092a864886f70d010105050030818c310b3009060355040613
(2)   Message-Authenticator = 0x00000000000000000000000000000000
(2)   State = 0x3adf3a9e38db23abadde1d2911153d2e
(2) Finished request
Waking up in 4.9 seconds.
(3) Received Access-Request Id 178 from 147.162.234.209:32776 to
147.162.57.7:1812 length 281
(3)   User-Name = "stefano.zanmarchi at unipd.it"
(3)   Chargeable-User-Identity = 0x00
(3)   Location-Capable = Civix-Location
(3)   Calling-Station-Id = "64-89-9a-1f-93-d6"
(3)   Called-Station-Id = "AP-GROUP-CSIA"
(3)   NAS-Port = 1
(3)   Cisco-AVPair = "audit-session-id=93a2ead100012e6456fa7c31"
(3)   Acct-Session-Id = "56fa7c31/64:89:9a:1f:93:d6/84429"
(3)   NAS-IP-Address = 147.162.234.209
(3)   NAS-Identifier = "WLC"
(3)   Airespace-Wlan-Id = 6
(3)   Service-Type = Framed-User
(3)   Framed-MTU = 1300
(3)   NAS-Port-Type = Wireless-802.11
(3)   Tunnel-Type:0 = VLAN
(3)   Tunnel-Medium-Type:0 = IEEE-802
(3)   Tunnel-Private-Group-Id:0 = "83"
(3)   EAP-Message = 0x020400061900
(3)   State = 0x3adf3a9e38db23abadde1d2911153d2e
(3)   Message-Authenticator = 0xb50359a22e2e95a9ed46f832e08cf9a8
(3) session-state: No cached attributes
(3) # Executing section authorize from file
/etc/freeradius/sites-enabled/eduroam
(3)   authorize {
(3)     policy filter_username {
(3)       if (!&User-Name) {
(3)       if (!&User-Name)  -> FALSE
(3)       if (&User-Name =~ / /) {
(3)       if (&User-Name =~ / /)  -> FALSE
(3)       if (&User-Name =~ /@.*@/ ) {
(3)       if (&User-Name =~ /@.*@/ )  -> FALSE
(3)       if (&User-Name =~ /\.\./ ) {
(3)       if (&User-Name =~ /\.\./ )  -> FALSE
(3)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(3)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE
(3)       if (&User-Name =~ /\.$/)  {
(3)       if (&User-Name =~ /\.$/)   -> FALSE
(3)       if (&User-Name =~ /@\./)  {
(3)       if (&User-Name =~ /@\./)   -> FALSE
(3)     } # policy filter_username = notfound
(3)     [preprocess] = ok
(3) suffix: Checking for suffix after "@"
(3) suffix: Looking up realm "unipd.it" for User-Name = "
stefano.zanmarchi at unipd.it"
(3) suffix: Found realm "unipd.it"
(3) suffix: Adding Realm = "unipd.it"
(3) suffix: Authentication realm is LOCAL
(3)     [suffix] = ok
(3) eap: Peer sent EAP Response (code 2) ID 4 length 6
(3) eap: Continuing tunnel setup
(3)     [eap] = ok
(3)   } # authorize = ok
(3) Found Auth-Type = EAP
(3) # Executing group from file /etc/freeradius/sites-enabled/eduroam
(3)   authenticate {
(3) eap: Expiring EAP session with state 0x3adf3a9e38db23ab
(3) eap: Finished EAP session with state 0x3adf3a9e38db23ab
(3) eap: Previous EAP request found for state 0x3adf3a9e38db23ab, released
from the list
(3) eap: Peer sent packet with method EAP PEAP (25)
(3) eap: Calling submodule eap_peap to process data
(3) eap_peap: Continuing EAP-TLS
(3) eap_peap: Peer ACKed our handshake fragment
(3) eap_peap: [eaptls verify] = request
(3) eap_peap: [eaptls process] = handled
(3) eap: Sending EAP Request (code 1) ID 5 length 592
(3) eap: EAP session adding &reply:State = 0x3adf3a9e39da23ab
(3)     [eap] = handled
(3)   } # authenticate = handled
(3) Using Post-Auth-Type Challenge
(3) Post-Auth-Type sub-section not found.  Ignoring.
(3) # Executing group from file /etc/freeradius/sites-enabled/eduroam
(3) Sent Access-Challenge Id 178 from 147.162.57.7:1812 to
147.162.234.209:32776 length 0
(3)   EAP-Message =
0x010502501900a7a684baf97aecd2eef8b0b44514c7b507c8c995b89e7c83bb3292aeb1f67239bbc928d8e50658a7a80c78c2945dc51c0ba44f51309774b01f659149de4dcd6430808a20c7523d614c1d02cb6f6ba3dc82bd6ea4a9f63a732b9b14735f36ebb571b865d1c72a2f432f105721c3a46fe07b
(3)   Message-Authenticator = 0x00000000000000000000000000000000
(3)   State = 0x3adf3a9e39da23abadde1d2911153d2e
(3) Finished request
Waking up in 4.9 seconds.
(4) Received Access-Request Id 179 from 147.162.234.209:32776 to
147.162.57.7:1812 length 419
(4)   User-Name = "stefano.zanmarchi at unipd.it"
(4)   Chargeable-User-Identity = 0x00
(4)   Location-Capable = Civix-Location
(4)   Calling-Station-Id = "64-89-9a-1f-93-d6"
(4)   Called-Station-Id = "AP-GROUP-CSIA"
(4)   NAS-Port = 1
(4)   Cisco-AVPair = "audit-session-id=93a2ead100012e6456fa7c31"
(4)   Acct-Session-Id = "56fa7c31/64:89:9a:1f:93:d6/84429"
(4)   NAS-IP-Address = 147.162.234.209
(4)   NAS-Identifier = "WLC"
(4)   Airespace-Wlan-Id = 6
(4)   Service-Type = Framed-User
(4)   Framed-MTU = 1300
(4)   NAS-Port-Type = Wireless-802.11
(4)   Tunnel-Type:0 = VLAN
(4)   Tunnel-Medium-Type:0 = IEEE-802
(4)   Tunnel-Private-Group-Id:0 = "83"
(4)   EAP-Message =
0x0205009019800000008616030100461000004241043cb671ee52940994f9ae05ab5f95057965c697c47d43e1c34c9db46bb5182aded07390f3724cb801ec35e1408259434863a3de860d5a7c421271b4f179bd07701403010001011603010030b7a729bde9c569be42d4661a37622f9750281f9c3b911e
(4)   State = 0x3adf3a9e39da23abadde1d2911153d2e
(4)   Message-Authenticator = 0x676371211b581d2118426440bdb98377
(4) session-state: No cached attributes
(4) # Executing section authorize from file
/etc/freeradius/sites-enabled/eduroam
(4)   authorize {
(4)     policy filter_username {
(4)       if (!&User-Name) {
(4)       if (!&User-Name)  -> FALSE
(4)       if (&User-Name =~ / /) {
(4)       if (&User-Name =~ / /)  -> FALSE
(4)       if (&User-Name =~ /@.*@/ ) {
(4)       if (&User-Name =~ /@.*@/ )  -> FALSE
(4)       if (&User-Name =~ /\.\./ ) {
(4)       if (&User-Name =~ /\.\./ )  -> FALSE
(4)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(4)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE
(4)       if (&User-Name =~ /\.$/)  {
(4)       if (&User-Name =~ /\.$/)   -> FALSE
(4)       if (&User-Name =~ /@\./)  {
(4)       if (&User-Name =~ /@\./)   -> FALSE
(4)     } # policy filter_username = notfound
(4)     [preprocess] = ok
(4) suffix: Checking for suffix after "@"
(4) suffix: Looking up realm "unipd.it" for User-Name = "
stefano.zanmarchi at unipd.it"
(4) suffix: Found realm "unipd.it"
(4) suffix: Adding Realm = "unipd.it"
(4) suffix: Authentication realm is LOCAL
(4)     [suffix] = ok
(4) eap: Peer sent EAP Response (code 2) ID 5 length 144
(4) eap: Continuing tunnel setup
(4)     [eap] = ok
(4)   } # authorize = ok
(4) Found Auth-Type = EAP
(4) # Executing group from file /etc/freeradius/sites-enabled/eduroam
(4)   authenticate {
(4) eap: Expiring EAP session with state 0x3adf3a9e39da23ab
(4) eap: Finished EAP session with state 0x3adf3a9e39da23ab
(4) eap: Previous EAP request found for state 0x3adf3a9e39da23ab, released
from the list
(4) eap: Peer sent packet with method EAP PEAP (25)
(4) eap: Calling submodule eap_peap to process data
(4) eap_peap: Continuing EAP-TLS
(4) eap_peap: Peer indicated complete TLS record size will be 134 bytes
(4) eap_peap: Got complete TLS record (134 bytes)
(4) eap_peap: [eaptls verify] = length included
(4) eap_peap: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
(4) eap_peap: TLS_accept: unknown state
(4) eap_peap: <<< TLS 1.0 ChangeCipherSpec [length 0001]
(4) eap_peap: <<< TLS 1.0 Handshake [length 0010], Finished
(4) eap_peap: TLS_accept: unknown state
(4) eap_peap: >>> TLS 1.0 ChangeCipherSpec [length 0001]
(4) eap_peap: TLS_accept: unknown state
(4) eap_peap: >>> TLS 1.0 Handshake [length 0010], Finished
(4) eap_peap: TLS_accept: unknown state
(4) eap_peap: TLS_accept: unknown state
(4) eap_peap: (other): SSL negotiation finished successfully
(4) eap_peap: SSL Connection Established
(4) eap_peap: [eaptls process] = handled
(4) eap: Sending EAP Request (code 1) ID 6 length 65
(4) eap: EAP session adding &reply:State = 0x3adf3a9e3ed923ab
(4)     [eap] = handled
(4)   } # authenticate = handled
(4) Using Post-Auth-Type Challenge
(4) Post-Auth-Type sub-section not found.  Ignoring.
(4) # Executing group from file /etc/freeradius/sites-enabled/eduroam
(4) Sent Access-Challenge Id 179 from 147.162.57.7:1812 to
147.162.234.209:32776 length 0
(4)   EAP-Message =
0x0106004119001403010001011603010030f9ed23944a88a71125eaa9f3b8f579c9e15adf58c096171f3f63c08c7a2b846273684b3d6a012fba87f33e21250ae4c5
(4)   Message-Authenticator = 0x00000000000000000000000000000000
(4)   State = 0x3adf3a9e3ed923abadde1d2911153d2e
(4) Finished request
Waking up in 4.9 seconds.
(5) Received Access-Request Id 180 from 147.162.234.209:32776 to
147.162.57.7:1812 length 281
(5)   User-Name = "stefano.zanmarchi at unipd.it"
(5)   Chargeable-User-Identity = 0x00
(5)   Location-Capable = Civix-Location
(5)   Calling-Station-Id = "64-89-9a-1f-93-d6"
(5)   Called-Station-Id = "AP-GROUP-CSIA"
(5)   NAS-Port = 1
(5)   Cisco-AVPair = "audit-session-id=93a2ead100012e6456fa7c31"
(5)   Acct-Session-Id = "56fa7c31/64:89:9a:1f:93:d6/84429"
(5)   NAS-IP-Address = 147.162.234.209
(5)   NAS-Identifier = "WLC"
(5)   Airespace-Wlan-Id = 6
(5)   Service-Type = Framed-User
(5)   Framed-MTU = 1300
(5)   NAS-Port-Type = Wireless-802.11
(5)   Tunnel-Type:0 = VLAN
(5)   Tunnel-Medium-Type:0 = IEEE-802
(5)   Tunnel-Private-Group-Id:0 = "83"
(5)   EAP-Message = 0x020600061900
(5)   State = 0x3adf3a9e3ed923abadde1d2911153d2e
(5)   Message-Authenticator = 0x4ef8dfdfb188820743371d8a471ebf95
(5) session-state: No cached attributes
(5) # Executing section authorize from file
/etc/freeradius/sites-enabled/eduroam
(5)   authorize {
(5)     policy filter_username {
(5)       if (!&User-Name) {
(5)       if (!&User-Name)  -> FALSE
(5)       if (&User-Name =~ / /) {
(5)       if (&User-Name =~ / /)  -> FALSE
(5)       if (&User-Name =~ /@.*@/ ) {
(5)       if (&User-Name =~ /@.*@/ )  -> FALSE
(5)       if (&User-Name =~ /\.\./ ) {
(5)       if (&User-Name =~ /\.\./ )  -> FALSE
(5)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(5)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE
(5)       if (&User-Name =~ /\.$/)  {
(5)       if (&User-Name =~ /\.$/)   -> FALSE
(5)       if (&User-Name =~ /@\./)  {
(5)       if (&User-Name =~ /@\./)   -> FALSE
(5)     } # policy filter_username = notfound
(5)     [preprocess] = ok
(5) suffix: Checking for suffix after "@"
(5) suffix: Looking up realm "unipd.it" for User-Name = "
stefano.zanmarchi at unipd.it"
(5) suffix: Found realm "unipd.it"
(5) suffix: Adding Realm = "unipd.it"
(5) suffix: Authentication realm is LOCAL
(5)     [suffix] = ok
(5) eap: Peer sent EAP Response (code 2) ID 6 length 6
(5) eap: Continuing tunnel setup
(5)     [eap] = ok
(5)   } # authorize = ok
(5) Found Auth-Type = EAP
(5) # Executing group from file /etc/freeradius/sites-enabled/eduroam
(5)   authenticate {
(5) eap: Expiring EAP session with state 0x3adf3a9e3ed923ab
(5) eap: Finished EAP session with state 0x3adf3a9e3ed923ab
(5) eap: Previous EAP request found for state 0x3adf3a9e3ed923ab, released
from the list
(5) eap: Peer sent packet with method EAP PEAP (25)
(5) eap: Calling submodule eap_peap to process data
(5) eap_peap: Continuing EAP-TLS
(5) eap_peap: Peer ACKed our handshake fragment.  handshake is finished
(5) eap_peap: [eaptls verify] = success
(5) eap_peap: [eaptls process] = success
(5) eap_peap: Session established.  Decoding tunneled attributes
(5) eap_peap: PEAP state TUNNEL ESTABLISHED
(5) eap: Sending EAP Request (code 1) ID 7 length 43
(5) eap: EAP session adding &reply:State = 0x3adf3a9e3fd823ab
(5)     [eap] = handled
(5)   } # authenticate = handled
(5) Using Post-Auth-Type Challenge
(5) Post-Auth-Type sub-section not found.  Ignoring.
(5) # Executing group from file /etc/freeradius/sites-enabled/eduroam
(5) Sent Access-Challenge Id 180 from 147.162.57.7:1812 to
147.162.234.209:32776 length 0
(5)   EAP-Message =
0x0107002b19001703010020f3c9c2b8099d88fb8a5a17e92339b071361f4512552aa935b8f2c1d2a5e999e4
(5)   Message-Authenticator = 0x00000000000000000000000000000000
(5)   State = 0x3adf3a9e3fd823abadde1d2911153d2e
(5) Finished request
Waking up in 4.8 seconds.
(6) Received Access-Request Id 181 from 147.162.234.209:32776 to
147.162.57.7:1812 length 334
(6)   User-Name = "stefano.zanmarchi at unipd.it"
(6)   Chargeable-User-Identity = 0x00
(6)   Location-Capable = Civix-Location
(6)   Calling-Station-Id = "64-89-9a-1f-93-d6"
(6)   Called-Station-Id = "AP-GROUP-CSIA"
(6)   NAS-Port = 1
(6)   Cisco-AVPair = "audit-session-id=93a2ead100012e6456fa7c31"
(6)   Acct-Session-Id = "56fa7c31/64:89:9a:1f:93:d6/84429"
(6)   NAS-IP-Address = 147.162.234.209
(6)   NAS-Identifier = "WLC"
(6)   Airespace-Wlan-Id = 6
(6)   Service-Type = Framed-User
(6)   Framed-MTU = 1300
(6)   NAS-Port-Type = Wireless-802.11
(6)   Tunnel-Type:0 = VLAN
(6)   Tunnel-Medium-Type:0 = IEEE-802
(6)   Tunnel-Private-Group-Id:0 = "83"
(6)   EAP-Message =
0x0207003b19001703010030b781fe68e1dc489c935b9b06c89fbc7155e55c6ba11b13ef4513cc5fc511461936c348ab414f8ad33403ea7f4726b46e
(6)   State = 0x3adf3a9e3fd823abadde1d2911153d2e
(6)   Message-Authenticator = 0x8d3ff642d9fd28b6988d9f0d24a13e0c
(6) session-state: No cached attributes
(6) # Executing section authorize from file
/etc/freeradius/sites-enabled/eduroam
(6)   authorize {
(6)     policy filter_username {
(6)       if (!&User-Name) {
(6)       if (!&User-Name)  -> FALSE
(6)       if (&User-Name =~ / /) {
(6)       if (&User-Name =~ / /)  -> FALSE
(6)       if (&User-Name =~ /@.*@/ ) {
(6)       if (&User-Name =~ /@.*@/ )  -> FALSE
(6)       if (&User-Name =~ /\.\./ ) {
(6)       if (&User-Name =~ /\.\./ )  -> FALSE
(6)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(6)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE
(6)       if (&User-Name =~ /\.$/)  {
(6)       if (&User-Name =~ /\.$/)   -> FALSE
(6)       if (&User-Name =~ /@\./)  {
(6)       if (&User-Name =~ /@\./)   -> FALSE
(6)     } # policy filter_username = notfound
(6)     [preprocess] = ok
(6) suffix: Checking for suffix after "@"
(6) suffix: Looking up realm "unipd.it" for User-Name = "
stefano.zanmarchi at unipd.it"
(6) suffix: Found realm "unipd.it"
(6) suffix: Adding Realm = "unipd.it"
(6) suffix: Authentication realm is LOCAL
(6)     [suffix] = ok
(6) eap: Peer sent EAP Response (code 2) ID 7 length 59
(6) eap: Continuing tunnel setup
(6)     [eap] = ok
(6)   } # authorize = ok
(6) Found Auth-Type = EAP
(6) # Executing group from file /etc/freeradius/sites-enabled/eduroam
(6)   authenticate {
(6) eap: Expiring EAP session with state 0x3adf3a9e3fd823ab
(6) eap: Finished EAP session with state 0x3adf3a9e3fd823ab
(6) eap: Previous EAP request found for state 0x3adf3a9e3fd823ab, released
from the list
(6) eap: Peer sent packet with method EAP PEAP (25)
(6) eap: Calling submodule eap_peap to process data
(6) eap_peap: Continuing EAP-TLS
(6) eap_peap: [eaptls verify] = ok
(6) eap_peap: Done initial handshake
(6) eap_peap: [eaptls process] = ok
(6) eap_peap: Session established.  Decoding tunneled attributes
(6) eap_peap: PEAP state WAITING FOR INNER IDENTITY
(6) eap_peap: Identity - stefano.zanmarchi at unipd.it
(6) eap_peap: Got inner identity 'stefano.zanmarchi at unipd.it'
(6) eap_peap: Setting default EAP type for tunneled EAP session
(6) eap_peap: Got tunneled request
(6) eap_peap:   EAP-Message =
0x0207001f0173746566616e6f2e7a616e6d617263686940756e6970642e6974
(6) eap_peap: Setting User-Name to stefano.zanmarchi at unipd.it
(6) eap_peap: Sending tunneled request to eduroam-inner-tunnel
(6) eap_peap:   EAP-Message =
0x0207001f0173746566616e6f2e7a616e6d617263686940756e6970642e6974
(6) eap_peap:   FreeRADIUS-Proxied-To = 127.0.0.1
(6) eap_peap:   User-Name = "stefano.zanmarchi at unipd.it"
(6) eap_peap:   Chargeable-User-Identity = 0x00
(6) eap_peap:   Location-Capable = Civix-Location
(6) eap_peap:   Calling-Station-Id = "64-89-9a-1f-93-d6"
(6) eap_peap:   Called-Station-Id = "AP-GROUP-CSIA"
(6) eap_peap:   NAS-Port = 1
(6) eap_peap:   Acct-Session-Id = "56fa7c31/64:89:9a:1f:93:d6/84429"
(6) eap_peap:   NAS-IP-Address = 147.162.234.209
(6) eap_peap:   NAS-Identifier = "WLC"
(6) eap_peap:   Service-Type = Framed-User
(6) eap_peap:   Framed-MTU = 1300
(6) eap_peap:   NAS-Port-Type = Wireless-802.11
(6) eap_peap:   Tunnel-Type:0 = VLAN
(6) eap_peap:   Tunnel-Medium-Type:0 = IEEE-802
(6) eap_peap:   Tunnel-Private-Group-Id:0 = "83"
(6) eap_peap:   Event-Timestamp = "Mar 29 2016 14:59:28 CEST"
(6) Virtual server eduroam-inner-tunnel received request
(6)   EAP-Message =
0x0207001f0173746566616e6f2e7a616e6d617263686940756e6970642e6974
(6)   FreeRADIUS-Proxied-To = 127.0.0.1
(6)   User-Name = "stefano.zanmarchi at unipd.it"
(6)   Chargeable-User-Identity = 0x00
(6)   Location-Capable = Civix-Location
(6)   Calling-Station-Id = "64-89-9a-1f-93-d6"
(6)   Called-Station-Id = "AP-GROUP-CSIA"
(6)   NAS-Port = 1
(6)   Acct-Session-Id = "56fa7c31/64:89:9a:1f:93:d6/84429"
(6)   NAS-IP-Address = 147.162.234.209
(6)   NAS-Identifier = "WLC"
(6)   Service-Type = Framed-User
(6)   Framed-MTU = 1300
(6)   NAS-Port-Type = Wireless-802.11
(6)   Tunnel-Type:0 = VLAN
(6)   Tunnel-Medium-Type:0 = IEEE-802
(6)   Tunnel-Private-Group-Id:0 = "83"
(6)   Event-Timestamp = "Mar 29 2016 14:59:28 CEST"
(6) server eduroam-inner-tunnel {
(6)   # Executing section authorize from file
/etc/freeradius/sites-enabled/eduroam-inner-tunnel
(6)     authorize {
(6) SZ_test: EXPAND TEST: %{User-Name} da client %{client:shortname} cli
%{Calling-Station-Id} con Framed IP address %{Framed-IP-Address} e
NAS-IP-Address %{NAS-IP-Address} e NAS-Identifier %{NAS-Identifier}
(6) SZ_test:    --> TEST: stefano.zanmarchi at unipd.it da client
eduroam.cca.unipd.it cli 64-89-9a-1f-93-d6 con Framed IP address  e
NAS-IP-Address 147.162.234.209 e NAS-Identifier WLC
(6)       [SZ_test] = ok
(6)       [preprocess] = ok
(6)       policy rewrite_calling_station_id {
(6)         if (&Calling-Station-Id && (&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
{
(6)         if (&Calling-Station-Id && (&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
 -> TRUE
(6)         if (&Calling-Station-Id && (&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
 {
(6)           update request {
(6)             EXPAND %{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}
(6)                --> 64-89-9A-1F-93-D6
(6)             &Calling-Station-Id := 64-89-9A-1F-93-D6
(6)           } # update request = noop
(6)           [updated] = updated
(6)         } # if (&Calling-Station-Id && (&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
 = updated
(6)         ... skipping else for request 6: Preceding "if" was taken
(6)       } # policy rewrite_calling_station_id = updated
(6)       if ("%{client:shortname}" =~ /radius_garr_(.*)/i) {
(6)       EXPAND %{client:shortname}
(6)          --> eduroam.cca.unipd.it
(6)       if ("%{client:shortname}" =~ /radius_garr_(.*)/i)  -> FALSE
(6)       elsif ("%{sql:SELECT count(*) FROM eduroam_mac_registrati m,
eduroam_diritto_uso d WHERE m.username = d.username AND
m.mac=LOWER(SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),1,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),3,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),5,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),7,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),9,2)
|| '-'
||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),11,2)) AND
m.data_cancell IS NULL AND d.diritto='S' AND d.username = '%{User-Name}'}"
>= 1) {
(6)       EXPAND %{User-Name}
(6)          --> stefano.zanmarchi at unipd.it
(6)       SQL-User-Name set to 'stefano.zanmarchi at unipd.it'
rlm_sql (sql): Reserved connection (0)
(6)       Executing select query: SELECT count(*) FROM
eduroam_mac_registrati m, eduroam_diritto_uso d WHERE m.username =
d.username AND
m.mac=LOWER(SUBSTR(REGEXP_REPLACE('64-89-9A-1F-93-D6','(-|\.|:)',''),1,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('64-89-9A-1F-93-D6','(-|\.|:)',''),3,2) ||
'-' ||SUBSTR(REGEXP_REPLACE('64-89-9A-1F-93-D6','(-|\.|:)',''),5,2) || '-'
||SUBSTR(REGEXP_REPLACE('64-89-9A-1F-93-D6','(-|\.|:)',''),7,2) || '-'
||SUBSTR(REGEXP_REPLACE('64-89-9A-1F-93-D6','(-|\.|:)',''),9,2) || '-'
||SUBSTR(REGEXP_REPLACE('64-89-9A-1F-93-D6','(-|\.|:)',''),11,2)) AND
m.data_cancell IS NULL AND d.diritto='S' AND d.username = '
stefano.zanmarchi at unipd.it'
rlm_sql (sql): Released connection (0)
rlm_sql (sql): Need 5 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used
(6)       EXPAND %{sql:SELECT count(*) FROM eduroam_mac_registrati m,
eduroam_diritto_uso d WHERE m.username = d.username AND
m.mac=LOWER(SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),1,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),3,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),5,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),7,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),9,2)
|| '-'
||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),11,2)) AND
m.data_cancell IS NULL AND d.diritto='S' AND d.username = '%{User-Name}'}
(6)          --> 1
(6)       elsif ("%{sql:SELECT count(*) FROM eduroam_mac_registrati m,
eduroam_diritto_uso d WHERE m.username = d.username AND
m.mac=LOWER(SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),1,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),3,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),5,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),7,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),9,2)
|| '-'
||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),11,2)) AND
m.data_cancell IS NULL AND d.diritto='S' AND d.username = '%{User-Name}'}"
>= 1)  -> TRUE
(6)       elsif ("%{sql:SELECT count(*) FROM eduroam_mac_registrati m,
eduroam_diritto_uso d WHERE m.username = d.username AND
m.mac=LOWER(SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),1,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),3,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),5,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),7,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),9,2)
|| '-'
||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),11,2)) AND
m.data_cancell IS NULL AND d.diritto='S' AND d.username = '%{User-Name}'}"
>= 1)  {
(6)         [ok] = ok
(6)       } # elsif ("%{sql:SELECT count(*) FROM eduroam_mac_registrati m,
eduroam_diritto_uso d WHERE m.username = d.username AND
m.mac=LOWER(SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),1,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),3,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),5,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),7,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),9,2)
|| '-'
||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),11,2)) AND
m.data_cancell IS NULL AND d.diritto='S' AND d.username = '%{User-Name}'}"
>= 1)  = ok
(6)       ... skipping else for request 6: Preceding "if" was taken
(6)       [mschap] = noop
(6) eap: Peer sent EAP Response (code 2) ID 7 length 31
(6) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(6)       [eap] = ok
(6)     } # authorize = ok
(6)   Found Auth-Type = EAP
(6)   # Executing group from file
/etc/freeradius/sites-enabled/eduroam-inner-tunnel
(6)     authenticate {
(6) eap: Peer sent packet with method EAP Identity (1)
(6) eap: Calling submodule eap_mschapv2 to process data
(6) eap_mschapv2: Issuing Challenge
(6) eap: Sending EAP Request (code 1) ID 8 length 43
(6) eap: EAP session adding &reply:State = 0x8b88ae478b80b4f4
(6)       [eap] = handled
(6)     } # authenticate = handled
(6) } # server eduroam-inner-tunnel
(6) Virtual server sending reply
(6)   EAP-Message =
0x0108002b1a01080026104244889bc21c473d54ace02c5eccd042667265657261646975732d332e302e3130
(6)   Message-Authenticator = 0x00000000000000000000000000000000
(6)   State = 0x8b88ae478b80b4f47def8c61a94495e0
(6) eap_peap: Got tunneled reply code 11
(6) eap_peap:   EAP-Message =
0x0108002b1a01080026104244889bc21c473d54ace02c5eccd042667265657261646975732d332e302e3130
(6) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
(6) eap_peap:   State = 0x8b88ae478b80b4f47def8c61a94495e0
(6) eap_peap: Got tunneled reply RADIUS code 11
(6) eap_peap:   EAP-Message =
0x0108002b1a01080026104244889bc21c473d54ace02c5eccd042667265657261646975732d332e302e3130
(6) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
(6) eap_peap:   State = 0x8b88ae478b80b4f47def8c61a94495e0
(6) eap_peap: Got tunneled Access-Challenge
(6) eap: Sending EAP Request (code 1) ID 8 length 75
(6) eap: EAP session adding &reply:State = 0x3adf3a9e3cd723ab
(6)     [eap] = handled
(6)   } # authenticate = handled
(6) Using Post-Auth-Type Challenge
(6) Post-Auth-Type sub-section not found.  Ignoring.
(6) # Executing group from file /etc/freeradius/sites-enabled/eduroam
(6) Sent Access-Challenge Id 181 from 147.162.57.7:1812 to
147.162.234.209:32776 length 0
(6)   EAP-Message =
0x0108004b19001703010040dd631c1b0d9bf69f9ffa222f96176fbd96b7bcc6b35f99549a24fbf18be5308d359e9a85b105e8a37ae982ec48907653f14569e954ac7c0043cbd9f37eccae8f
(6)   Message-Authenticator = 0x00000000000000000000000000000000
(6)   State = 0x3adf3a9e3cd723abadde1d2911153d2e
(6) Finished request
Waking up in 4.8 seconds.
(7) Received Access-Request Id 182 from 147.162.234.209:32776 to
147.162.57.7:1812 length 398
(7)   User-Name = "stefano.zanmarchi at unipd.it"
(7)   Chargeable-User-Identity = 0x00
(7)   Location-Capable = Civix-Location
(7)   Calling-Station-Id = "64-89-9a-1f-93-d6"
(7)   Called-Station-Id = "AP-GROUP-CSIA"
(7)   NAS-Port = 1
(7)   Cisco-AVPair = "audit-session-id=93a2ead100012e6456fa7c31"
(7)   Acct-Session-Id = "56fa7c31/64:89:9a:1f:93:d6/84429"
(7)   NAS-IP-Address = 147.162.234.209
(7)   NAS-Identifier = "WLC"
(7)   Airespace-Wlan-Id = 6
(7)   Service-Type = Framed-User
(7)   Framed-MTU = 1300
(7)   NAS-Port-Type = Wireless-802.11
(7)   Tunnel-Type:0 = VLAN
(7)   Tunnel-Medium-Type:0 = IEEE-802
(7)   Tunnel-Private-Group-Id:0 = "83"
(7)   EAP-Message =
0x0208007b190017030100705610816905db6adcfe969b807a18738075bc096ab28b380a093f4e40ce422da1693ca7095dd7e1a0915d2a90de9c93931a2a65325bac062a343567297e088bfe6d62442e0107a51e1cbbfa2f6b376956c8ec250b445f6bb672ccae875a34aff4c5ee6269e83ce423dd14fedf
(7)   State = 0x3adf3a9e3cd723abadde1d2911153d2e
(7)   Message-Authenticator = 0x0d1b0904bfd3b74235a0f88a643e4344
(7) session-state: No cached attributes
(7) # Executing section authorize from file
/etc/freeradius/sites-enabled/eduroam
(7)   authorize {
(7)     policy filter_username {
(7)       if (!&User-Name) {
(7)       if (!&User-Name)  -> FALSE
(7)       if (&User-Name =~ / /) {
(7)       if (&User-Name =~ / /)  -> FALSE
(7)       if (&User-Name =~ /@.*@/ ) {
(7)       if (&User-Name =~ /@.*@/ )  -> FALSE
(7)       if (&User-Name =~ /\.\./ ) {
(7)       if (&User-Name =~ /\.\./ )  -> FALSE
(7)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(7)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE
(7)       if (&User-Name =~ /\.$/)  {
(7)       if (&User-Name =~ /\.$/)   -> FALSE
(7)       if (&User-Name =~ /@\./)  {
(7)       if (&User-Name =~ /@\./)   -> FALSE
(7)     } # policy filter_username = notfound
(7)     [preprocess] = ok
(7) suffix: Checking for suffix after "@"
(7) suffix: Looking up realm "unipd.it" for User-Name = "
stefano.zanmarchi at unipd.it"
(7) suffix: Found realm "unipd.it"
(7) suffix: Adding Realm = "unipd.it"
(7) suffix: Authentication realm is LOCAL
(7)     [suffix] = ok
(7) eap: Peer sent EAP Response (code 2) ID 8 length 123
(7) eap: Continuing tunnel setup
(7)     [eap] = ok
(7)   } # authorize = ok
(7) Found Auth-Type = EAP
(7) # Executing group from file /etc/freeradius/sites-enabled/eduroam
(7)   authenticate {
(7) eap: Expiring EAP session with state 0x8b88ae478b80b4f4
(7) eap: Finished EAP session with state 0x3adf3a9e3cd723ab
(7) eap: Previous EAP request found for state 0x3adf3a9e3cd723ab, released
from the list
(7) eap: Peer sent packet with method EAP PEAP (25)
(7) eap: Calling submodule eap_peap to process data
(7) eap_peap: Continuing EAP-TLS
(7) eap_peap: [eaptls verify] = ok
(7) eap_peap: Done initial handshake
(7) eap_peap: [eaptls process] = ok
(7) eap_peap: Session established.  Decoding tunneled attributes
(7) eap_peap: PEAP state phase2
(7) eap_peap: EAP method MSCHAPv2 (26)
(7) eap_peap: Got tunneled request
(7) eap_peap:   EAP-Message =
0x020800551a0208005031c4b0987b86deb1ab0391deeed5b7e9060000000000000000ec36fb4662c854a92a2b7834c29eab13b273957b7c32cbd60073746566616e6f2e7a616e6d617263686940756e6970642e6974
(7) eap_peap: Setting User-Name to stefano.zanmarchi at unipd.it
(7) eap_peap: Sending tunneled request to eduroam-inner-tunnel
(7) eap_peap:   EAP-Message =
0x020800551a0208005031c4b0987b86deb1ab0391deeed5b7e9060000000000000000ec36fb4662c854a92a2b7834c29eab13b273957b7c32cbd60073746566616e6f2e7a616e6d617263686940756e6970642e6974
(7) eap_peap:   FreeRADIUS-Proxied-To = 127.0.0.1
(7) eap_peap:   User-Name = "stefano.zanmarchi at unipd.it"
(7) eap_peap:   State = 0x8b88ae478b80b4f47def8c61a94495e0
(7) eap_peap:   Chargeable-User-Identity = 0x00
(7) eap_peap:   Location-Capable = Civix-Location
(7) eap_peap:   Calling-Station-Id = "64-89-9a-1f-93-d6"
(7) eap_peap:   Called-Station-Id = "AP-GROUP-CSIA"
(7) eap_peap:   NAS-Port = 1
(7) eap_peap:   Acct-Session-Id = "56fa7c31/64:89:9a:1f:93:d6/84429"
(7) eap_peap:   NAS-IP-Address = 147.162.234.209
(7) eap_peap:   NAS-Identifier = "WLC"
(7) eap_peap:   Service-Type = Framed-User
(7) eap_peap:   Framed-MTU = 1300
(7) eap_peap:   NAS-Port-Type = Wireless-802.11
(7) eap_peap:   Tunnel-Type:0 = VLAN
(7) eap_peap:   Tunnel-Medium-Type:0 = IEEE-802
(7) eap_peap:   Tunnel-Private-Group-Id:0 = "83"
(7) eap_peap:   Event-Timestamp = "Mar 29 2016 14:59:28 CEST"
(7) Virtual server eduroam-inner-tunnel received request
(7)   EAP-Message =
0x020800551a0208005031c4b0987b86deb1ab0391deeed5b7e9060000000000000000ec36fb4662c854a92a2b7834c29eab13b273957b7c32cbd60073746566616e6f2e7a616e6d617263686940756e6970642e6974
(7)   FreeRADIUS-Proxied-To = 127.0.0.1
(7)   User-Name = "stefano.zanmarchi at unipd.it"
(7)   State = 0x8b88ae478b80b4f47def8c61a94495e0
(7)   Chargeable-User-Identity = 0x00
(7)   Location-Capable = Civix-Location
(7)   Calling-Station-Id = "64-89-9a-1f-93-d6"
(7)   Called-Station-Id = "AP-GROUP-CSIA"
(7)   NAS-Port = 1
(7)   Acct-Session-Id = "56fa7c31/64:89:9a:1f:93:d6/84429"
(7)   NAS-IP-Address = 147.162.234.209
(7)   NAS-Identifier = "WLC"
(7)   Service-Type = Framed-User
(7)   Framed-MTU = 1300
(7)   NAS-Port-Type = Wireless-802.11
(7)   Tunnel-Type:0 = VLAN
(7)   Tunnel-Medium-Type:0 = IEEE-802
(7)   Tunnel-Private-Group-Id:0 = "83"
(7)   Event-Timestamp = "Mar 29 2016 14:59:28 CEST"
(7) server eduroam-inner-tunnel {
(7)   session-state: No cached attributes
(7)   # Executing section authorize from file
/etc/freeradius/sites-enabled/eduroam-inner-tunnel
(7)     authorize {
(7) SZ_test: EXPAND TEST: %{User-Name} da client %{client:shortname} cli
%{Calling-Station-Id} con Framed IP address %{Framed-IP-Address} e
NAS-IP-Address %{NAS-IP-Address} e NAS-Identifier %{NAS-Identifier}
(7) SZ_test:    --> TEST: stefano.zanmarchi at unipd.it da client
eduroam.cca.unipd.it cli 64-89-9a-1f-93-d6 con Framed IP address  e
NAS-IP-Address 147.162.234.209 e NAS-Identifier WLC
(7)       [SZ_test] = ok
(7)       [preprocess] = ok
(7)       policy rewrite_calling_station_id {
(7)         if (&Calling-Station-Id && (&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
{
(7)         if (&Calling-Station-Id && (&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
 -> TRUE
(7)         if (&Calling-Station-Id && (&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
 {
(7)           update request {
(7)             EXPAND %{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}
(7)                --> 64-89-9A-1F-93-D6
(7)             &Calling-Station-Id := 64-89-9A-1F-93-D6
(7)           } # update request = noop
(7)           [updated] = updated
(7)         } # if (&Calling-Station-Id && (&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
 = updated
(7)         ... skipping else for request 7: Preceding "if" was taken
(7)       } # policy rewrite_calling_station_id = updated
(7)       if ("%{client:shortname}" =~ /radius_garr_(.*)/i) {
(7)       EXPAND %{client:shortname}
(7)          --> eduroam.cca.unipd.it
(7)       if ("%{client:shortname}" =~ /radius_garr_(.*)/i)  -> FALSE
(7)       elsif ("%{sql:SELECT count(*) FROM eduroam_mac_registrati m,
eduroam_diritto_uso d WHERE m.username = d.username AND
m.mac=LOWER(SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),1,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),3,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),5,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),7,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),9,2)
|| '-'
||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),11,2)) AND
m.data_cancell IS NULL AND d.diritto='S' AND d.username = '%{User-Name}'}"
>= 1) {
(7)       EXPAND %{User-Name}
(7)          --> stefano.zanmarchi at unipd.it
(7)       SQL-User-Name set to 'stefano.zanmarchi at unipd.it'
rlm_sql (sql): Reserved connection (1)
(7)       Executing select query: SELECT count(*) FROM
eduroam_mac_registrati m, eduroam_diritto_uso d WHERE m.username =
d.username AND
m.mac=LOWER(SUBSTR(REGEXP_REPLACE('64-89-9A-1F-93-D6','(-|\.|:)',''),1,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('64-89-9A-1F-93-D6','(-|\.|:)',''),3,2) ||
'-' ||SUBSTR(REGEXP_REPLACE('64-89-9A-1F-93-D6','(-|\.|:)',''),5,2) || '-'
||SUBSTR(REGEXP_REPLACE('64-89-9A-1F-93-D6','(-|\.|:)',''),7,2) || '-'
||SUBSTR(REGEXP_REPLACE('64-89-9A-1F-93-D6','(-|\.|:)',''),9,2) || '-'
||SUBSTR(REGEXP_REPLACE('64-89-9A-1F-93-D6','(-|\.|:)',''),11,2)) AND
m.data_cancell IS NULL AND d.diritto='S' AND d.username = '
stefano.zanmarchi at unipd.it'
rlm_sql (sql): Released connection (1)
(7)       EXPAND %{sql:SELECT count(*) FROM eduroam_mac_registrati m,
eduroam_diritto_uso d WHERE m.username = d.username AND
m.mac=LOWER(SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),1,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),3,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),5,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),7,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),9,2)
|| '-'
||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),11,2)) AND
m.data_cancell IS NULL AND d.diritto='S' AND d.username = '%{User-Name}'}
(7)          --> 1
(7)       elsif ("%{sql:SELECT count(*) FROM eduroam_mac_registrati m,
eduroam_diritto_uso d WHERE m.username = d.username AND
m.mac=LOWER(SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),1,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),3,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),5,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),7,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),9,2)
|| '-'
||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),11,2)) AND
m.data_cancell IS NULL AND d.diritto='S' AND d.username = '%{User-Name}'}"
>= 1)  -> TRUE
(7)       elsif ("%{sql:SELECT count(*) FROM eduroam_mac_registrati m,
eduroam_diritto_uso d WHERE m.username = d.username AND
m.mac=LOWER(SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),1,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),3,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),5,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),7,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),9,2)
|| '-'
||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),11,2)) AND
m.data_cancell IS NULL AND d.diritto='S' AND d.username = '%{User-Name}'}"
>= 1)  {
(7)         [ok] = ok
(7)       } # elsif ("%{sql:SELECT count(*) FROM eduroam_mac_registrati m,
eduroam_diritto_uso d WHERE m.username = d.username AND
m.mac=LOWER(SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),1,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),3,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),5,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),7,2)
|| '-' ||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),9,2)
|| '-'
||SUBSTR(REGEXP_REPLACE('%{Calling-Station-Id}','(-|\.|:)',''),11,2)) AND
m.data_cancell IS NULL AND d.diritto='S' AND d.username = '%{User-Name}'}"
>= 1)  = ok
(7)       ... skipping else for request 7: Preceding "if" was taken
(7)       [mschap] = noop
(7) eap: Peer sent EAP Response (code 2) ID 8 length 85
(7) eap: No EAP Start, assuming it's an on-going EAP conversation
(7)       [eap] = updated
rlm_ldap (ldap): Reserved connection (0)
(7) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(7) ldap:    --> (uid=stefano.zanmarchi at unipd.it)
(7) ldap: Performing search in "dc=unipd,dc=it" with filter "(uid=
stefano.zanmarchi at unipd.it)", scope "sub"
(7) ldap: Waiting for search result...
(7) ldap: User object found at DN "uid=stefano.zanmarchi at unipd.it
,ou=people,dc=unipd,dc=it"
(7) ldap: Processing user attributes
(7) ldap: control:Password-With-Header +=
'{SSHA}daAb5hYqd57iqIj0r06v1EAbt9jJ45Ab'
(7) ldap: control:NT-Password =
0x3664184078903237303639104460024333383932463938343041010385285232
rlm_ldap (ldap): Released connection (0)
rlm_ldap (ldap): Need 5 more connections to reach 10 spares
rlm_ldap (ldap): Opening additional connection (5), 1 of 27 pending slots
used
rlm_ldap (ldap): Connecting to ldap://directory.cca.unipd.it:12316
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
(7)       [ldap] = updated
(7)       [expiration] = noop
(7)       [logintime] = noop
(7) pap: Converted: Password-With-Header -> SSHA1-Password
(7) pap: Removing &control:Password-With-Header
(7) pap: Normalizing NT-Password from hex encoding, 32 bytes -> 16 bytes
(7) pap: Normalizing SSHA1-Password from base64 encoding, 32 bytes -> 24
bytes
(7) pap: WARNING: Auth-Type already set.  Not setting to PAP
(7)       [pap] = noop
(7)     } # authorize = updated
(7)   Found Auth-Type = EAP
(7)   # Executing group from file
/etc/freeradius/sites-enabled/eduroam-inner-tunnel
(7)     authenticate {
(7) eap: Expiring EAP session with state 0x8b88ae478b80b4f4
(7) eap: Finished EAP session with state 0x8b88ae478b80b4f4
(7) eap: Previous EAP request found for state 0x8b88ae478b80b4f4, released
from the list
(7) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(7) eap: Calling submodule eap_mschapv2 to process data
(7) eap_mschapv2: # Executing group from file
/etc/freeradius/sites-enabled/eduroam-inner-tunnel
(7) eap_mschapv2:   Auth-Type MS-CHAP {
(7) SZ_BBB: EXPAND BBB: %{User-Name} da client %{client:shortname} cli
%{Calling-Station-Id} con Framed IP address %{Framed-IP-Address} e
NAS-IP-Address %{NAS-IP-Address} e NAS-Identifier %{NAS-Identifier}
(7) SZ_BBB:    --> BBB: stefano.zanmarchi at unipd.it da client
eduroam.cca.unipd.it cli 64-89-9A-1F-93-D6 con Framed IP address  e
NAS-IP-Address 147.162.234.209 e NAS-Identifier WLC
(7)     [SZ_BBB] = ok
(7) mschap: Found NT-Password
(7) mschap: Creating challenge hash with username:
stefano.zanmarchi at unipd.it
(7) mschap: Client is using MS-CHAPv2
(7) mschap: ERROR: MS-CHAP2-Response is incorrect
(7)     [mschap] = reject
(7)   } # Auth-Type MS-CHAP = reject
(7) MSCHAP-Error: ?E=691 R=1 C=6e8acc35f6597bba35a458c113c9cb09 V=3
M=Authentication failed
(7) Found new challenge from MS-CHAP-Error: err=691 retry=1
challenge=6e8acc35f6597bba35a458c113c9cb09
(7) ERROR: MSCHAP Failure
(7) eap: Sending EAP Request (code 1) ID 9 length 81
(7) eap: EAP session adding &reply:State = 0x8b88ae478a81b4f4
(7)       [eap] = handled
(7)     } # authenticate = handled
(7) } # server eduroam-inner-tunnel
(7) Virtual server sending reply
(7)   EAP-Message =
0x010900511a0408004c453d36393120523d3120433d366538616363333566363539376262613335613435386331313363396362303920563d33204d3d41757468656e7469636174696f6e206661696c6564
(7)   Message-Authenticator = 0x00000000000000000000000000000000
(7)   State = 0x8b88ae478a81b4f47def8c61a94495e0
(7) eap_peap: Got tunneled reply code 11
(7) eap_peap:   EAP-Message =
0x010900511a0408004c453d36393120523d3120433d366538616363333566363539376262613335613435386331313363396362303920563d33204d3d41757468656e7469636174696f6e206661696c6564
(7) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
(7) eap_peap:   State = 0x8b88ae478a81b4f47def8c61a94495e0
(7) eap_peap: Got tunneled reply RADIUS code 11
(7) eap_peap:   EAP-Message =
0x010900511a0408004c453d36393120523d3120433d366538616363333566363539376262613335613435386331313363396362303920563d33204d3d41757468656e7469636174696f6e206661696c6564
(7) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
(7) eap_peap:   State = 0x8b88ae478a81b4f47def8c61a94495e0
(7) eap_peap: Got tunneled Access-Challenge
(7) eap: Sending EAP Request (code 1) ID 9 length 123
(7) eap: EAP session adding &reply:State = 0x3adf3a9e3dd623ab
(7)     [eap] = handled
(7)   } # authenticate = handled
(7) Using Post-Auth-Type Challenge
(7) Post-Auth-Type sub-section not found.  Ignoring.
(7) # Executing group from file /etc/freeradius/sites-enabled/eduroam
(7) Sent Access-Challenge Id 182 from 147.162.57.7:1812 to
147.162.234.209:32776 length 0
(7)   EAP-Message =
0x0109007b190017030100705a4b4e13a23f3d9f94ddfedb9e691bf9b8099e093560fbbcb0bc0ea1ea2d0c63a6c7ed0292643cc99b5e1f2113026e70d751ada6850ffee66fd821d4a16c3f918b1d1763b3e958d5c7bfd01db00287630429d6b7efa719c09595b87a65fa13162ad0d664cf4f63cbdec7583a
(7)   Message-Authenticator = 0x00000000000000000000000000000000
(7)   State = 0x3adf3a9e3dd623abadde1d2911153d2e
(7) Finished request
Waking up in 4.8 seconds.


More information about the Freeradius-Users mailing list