User-Name attribute is not included in Access-Accept
kaoru eto
etokaoru.frml at gmail.com
Wed Feb 28 09:41:21 CET 2018
Are there any reason why User-Name attribute is not included in
Access-Accept when Stripped-User-Name attribute is added by rlm_realm?
I think that RFC 3579 seems to require the User-Name attribute in
Access-Accept.
RFC3579
3. Attributes
----------------------------------------
In order to permit forwarding of the Access-Reply by EAP-unaware proxies,
if a User-Name attribute was included in an Access-Request,
the RADIUS server MUST include the User-Name attribute in subsequent
Access-Accept packets.
----------------------------------------
Configuration for reproduce:
proxy.conf
----------------------------------------
#realm "NULL" {
# type=radius
# authhost=LOCAL
# accthost=LOCAL
#}
----------------------------------------
-> User-Name attribute is included in Access-Accept.
----------------------------------------
realm "NULL" {
type=radius
authhost=LOCAL
accthost=LOCAL
}
----------------------------------------
-> User-Name attribute is not included in Access-Accept.
Full degug log at reproduce:
----------------------------------------
/usr/local/radius316/sbin/radiusd -XX
Debug: Server was built with:
Debug: accounting : yes
Debug: authentication : yes
Debug: ascend-binary-attributes : yes
Debug: coa : yes
Debug: control-socket : yes
Debug: detail : yes
Debug: dhcp : yes
Debug: dynamic-clients : yes
Debug: osfc2 : no
Debug: proxy : yes
Debug: regex-pcre : no
Debug: regex-posix : yes
Debug: regex-posix-extended : yes
Debug: session-management : yes
Debug: stats : yes
Debug: tcp : yes
Debug: threads : yes
Debug: tls : yes
Debug: unlang : yes
Debug: vmps : yes
Debug: developer : no
Debug: Server core libs:
Debug: freeradius-server : 3.0.16
Debug: talloc : 2.0.*
Debug: ssl : 1.0.1e release
Debug: Endianness:
Debug: little
Debug: Compilation flags:
Debug: cppflags : -isystem
/usr/local/adapter/account/php/include/php/ext/pcre/pcrelib
Debug: cflags : -I. -Isrc -include src/freeradius-devel/autoconf.h
-include src/freeradius-devel/build.h -include
src/freeradius-devel/features.h -include src/freeradius-devel/radpaths.h
-fno-strict-aliasing -Wno-date-time -g -O2 -Wall -std=c99 -D_GNU_SOURCE
-D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -DNDEBUG
-DIS_MODULE=1
Debug: ldflags :
Debug: libs : -lcrypto -lssl -ltalloc -lcap -lnsl -lresolv -ldl
-lpthread -lreadline
Debug:
Info: FreeRADIUS Version 3.0.16
Info: Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
Info: PARTICULAR PURPOSE
Info: You may redistribute copies of FreeRADIUS under the terms of the
Info: GNU General Public License
Info: For more information about these matters, see the file named COPYRIGHT
Info: Starting - reading configuration files ...
Debug: including dictionary file
/usr/local/radius316/share/freeradius/dictionary
Debug: including dictionary file
/usr/local/radius316/share/freeradius/dictionary.dhcp
Debug: including dictionary file
/usr/local/radius316/share/freeradius/dictionary.vqp
Debug: including dictionary file /usr/local/radius316/etc/raddb/dictionary
Debug: including configuration file
/usr/local/radius316/etc/raddb/radiusd.conf
Debug: including configuration file
/usr/local/radius316/etc/raddb/proxy.conf
Debug: including configuration file
/usr/local/radius316/etc/raddb/clients.conf
Debug: including files in directory
/usr/local/radius316/etc/raddb/mods-enabled/
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/echo
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/utf8
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/cache_eap
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/digest
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/unix
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/attr_filter
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/ntlm_auth
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/detail
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/linelog
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/always
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/expr
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/sradutmp
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/passwd
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/exec
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/pap
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/detail.log
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/expiration
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/unpack
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/preprocess
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/radutmp
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/replicate
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/mschap
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/dynamic_clients
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/realm
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/files
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/eap
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/soh
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/date
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/chap
Debug: including configuration file
/usr/local/radius316/etc/raddb/mods-enabled/logintime
Debug: including files in directory /usr/local/radius316/etc/raddb/policy.d/
Debug: including configuration file
/usr/local/radius316/etc/raddb/policy.d/debug
Debug: including configuration file
/usr/local/radius316/etc/raddb/policy.d/abfab-tr
Debug: including configuration file
/usr/local/radius316/etc/raddb/policy.d/dhcp
Debug: including configuration file
/usr/local/radius316/etc/raddb/policy.d/operator-name
Debug: including configuration file
/usr/local/radius316/etc/raddb/policy.d/control
Debug: including configuration file
/usr/local/radius316/etc/raddb/policy.d/filter
Debug: including configuration file
/usr/local/radius316/etc/raddb/policy.d/canonicalization
Debug: including configuration file
/usr/local/radius316/etc/raddb/policy.d/moonshot-targeted-ids
Debug: including configuration file
/usr/local/radius316/etc/raddb/policy.d/cui
Debug: OPTIMIZING (${policy.cui_require_operator_name} == yes) --> FALSE
Debug: OPTIMIZING (no == yes) --> FALSE
Debug: OPTIMIZING (${policy.cui_require_operator_name} == yes) --> FALSE
Debug: OPTIMIZING (no == yes) --> FALSE
Debug: including configuration file
/usr/local/radius316/etc/raddb/policy.d/eap
Debug: including configuration file
/usr/local/radius316/etc/raddb/policy.d/accounting
Debug: including files in directory
/usr/local/radius316/etc/raddb/sites-enabled/
Debug: including configuration file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: including configuration file
/usr/local/radius316/etc/raddb/sites-enabled/inner-tunnel
Debug: main {
Debug: security {
Debug: allow_core_dumps = no
Warning: /usr/local/radius316/etc/raddb/radiusd.conf[424]: The item
'max_attributes' is defined, but is unused by the configuration
Warning: /usr/local/radius316/etc/raddb/radiusd.conf[442]: The item
'reject_delay' is defined, but is unused by the configuration
Warning: /usr/local/radius316/etc/raddb/radiusd.conf[462]: The item
'status_server' is defined, but is unused by the configuration
Warning: /usr/local/radius316/etc/raddb/radiusd.conf[472]: The item
'allow_vulnerable_openssl' is defined, but is unused by the configuration
Debug: }
Debug: name = "radiusd"
Debug: prefix = "/usr/local/radius316"
Debug: localstatedir = "/usr/local/radius316/var"
Debug: logdir = "/usr/local/radius316/var/log/radius"
Debug: run_dir = "/usr/local/radius316/var/run/radiusd"
Warning: /usr/local/radius316/etc/raddb/radiusd.conf[67]: The item
'confdir' is defined, but is unused by the configuration
Warning: /usr/local/radius316/etc/raddb/radiusd.conf[74]: The item 'db_dir'
is defined, but is unused by the configuration
Warning: /usr/local/radius316/etc/raddb/radiusd.conf[108]: The item
'libdir' is defined, but is unused by the configuration
Warning: /usr/local/radius316/etc/raddb/radiusd.conf[119]: The item
'pidfile' is defined, but is unused by the configuration
Warning: /usr/local/radius316/etc/raddb/radiusd.conf[140]: The item
'correct_escapes' is defined, but is unused by the configuration
Warning: /usr/local/radius316/etc/raddb/radiusd.conf[194]: The item
'max_request_time' is defined, but is unused by the configuration
Warning: /usr/local/radius316/etc/raddb/radiusd.conf[213]: The item
'cleanup_delay' is defined, but is unused by the configuration
Warning: /usr/local/radius316/etc/raddb/radiusd.conf[250]: The item
'hostname_lookups' is defined, but is unused by the configuration
Warning: /usr/local/radius316/etc/raddb/radiusd.conf[334]: The item
'checkrad' is defined, but is unused by the configuration
Warning: /usr/local/radius316/etc/raddb/radiusd.conf[491]: The item
'proxy_requests' is defined, but is unused by the configuration
Debug: }
Debug: main {
Debug: name = "radiusd"
Debug: prefix = "/usr/local/radius316"
Debug: localstatedir = "/usr/local/radius316/var"
Debug: sbindir = "/usr/local/radius316/sbin"
Debug: logdir = "/usr/local/radius316/var/log/radius"
Debug: run_dir = "/usr/local/radius316/var/run/radiusd"
Debug: libdir = "/usr/local/radius316/lib"
Debug: radacctdir = "/usr/local/radius316/var/log/radius/radacct"
Debug: hostname_lookups = no
Debug: max_request_time = 30
Debug: cleanup_delay = 5
Debug: max_requests = 16384
Debug: pidfile = "/usr/local/radius316/var/run/radiusd/radiusd.pid"
Debug: checkrad = "/usr/local/radius316/sbin/checkrad"
Debug: debug_level = 0
Debug: proxy_requests = yes
Debug: log {
Debug: stripped_names = no
Debug: auth = no
Debug: auth_badpass = no
Debug: auth_goodpass = no
Debug: colourise = yes
Debug: msg_denied = "You are already logged in - access denied"
Warning: /usr/local/radius316/etc/raddb/radiusd.conf[268]: The item
'destination' is defined, but is unused by the configuration
Warning: /usr/local/radius316/etc/raddb/radiusd.conf[285]: The item 'file'
is defined, but is unused by the configuration
Warning: /usr/local/radius316/etc/raddb/radiusd.conf[293]: The item
'syslog_facility' is defined, but is unused by the configuration
Debug: }
Debug: resources {
Debug: }
Debug: security {
Debug: max_attributes = 200
Debug: reject_delay = 1.000000
Debug: status_server = yes
Debug: allow_vulnerable_openssl = "yes"
Debug: }
Warning: /usr/local/radius316/etc/raddb/radiusd.conf[67]: The item
'confdir' is defined, but is unused by the configuration
Warning: /usr/local/radius316/etc/raddb/radiusd.conf[74]: The item 'db_dir'
is defined, but is unused by the configuration
Warning: /usr/local/radius316/etc/raddb/radiusd.conf[140]: The item
'correct_escapes' is defined, but is unused by the configuration
Debug: }
Debug: radiusd: #### Loading Realms and Home Servers ####
Debug: proxy server {
Debug: retry_delay = 5
Debug: retry_count = 3
Debug: default_fallback = no
Debug: dead_time = 120
Debug: wake_all_if_all_dead = no
Debug: }
Debug: home_server localhost {
Debug: ipaddr = 127.0.0.1
Debug: port = 1812
Debug: type = "auth"
Debug: secret = "testing123"
Debug: response_window = 20.000000
Debug: response_timeouts = 1
Debug: max_outstanding = 65536
Debug: zombie_period = 40
Debug: status_check = "status-server"
Debug: ping_interval = 30
Debug: check_interval = 30
Debug: check_timeout = 4
Debug: num_answers_to_alive = 3
Debug: revive_interval = 120
Debug: limit {
Debug: max_connections = 16
Debug: max_requests = 0
Debug: lifetime = 0
Debug: idle_timeout = 0
Debug: }
Debug: coa {
Debug: irt = 2
Debug: mrt = 16
Debug: mrc = 5
Debug: mrd = 30
Debug: }
Debug: }
Debug: home_server_pool my_auth_failover {
Debug: type = fail-over
Debug: home_server = localhost
Debug: }
Debug: realm example.com {
Debug: auth_pool = my_auth_failover
Debug: }
Debug: realm LOCAL {
Debug: }
Debug: realm NULL {
Debug: authhost = LOCAL
Debug: accthost = LOCAL
Debug: }
Debug: radiusd: #### Loading Clients ####
Debug: client localhost {
Debug: ipaddr = 127.0.0.1
Debug: require_message_authenticator = no
Debug: secret = "testing123"
Debug: nas_type = "other"
Debug: proto = "*"
Debug: limit {
Debug: max_connections = 16
Debug: lifetime = 0
Debug: idle_timeout = 30
Debug: }
Debug: }
Debug: Adding client 127.0.0.1/32 (127.0.0.1) to prefix tree 32
Debug: client localhost_ipv6 {
Debug: ipv6addr = ::1
Debug: require_message_authenticator = no
Debug: secret = "testing123"
Debug: limit {
Debug: max_connections = 16
Debug: lifetime = 0
Debug: idle_timeout = 30
Debug: }
Debug: }
Debug: Adding client ::1/128 (::1) to prefix tree 128
Debug: client test {
Debug: ipaddr = 192.168.0.0/16
Debug: require_message_authenticator = no
Debug: secret = "12345"
Debug: limit {
Debug: max_connections = 16
Debug: lifetime = 0
Debug: idle_timeout = 30
Debug: }
Debug: }
Debug: Adding client 192.168.0.0/16 (192.168.0.0) to prefix tree 16
Info: Debugger not attached
Debug: # Creating Auth-Type = mschap
Debug: # Creating Auth-Type = digest
Debug: # Creating Auth-Type = eap
Debug: # Creating Auth-Type = PAP
Debug: # Creating Auth-Type = CHAP
Debug: # Creating Auth-Type = MS-CHAP
Debug: radiusd: #### Instantiating modules ####
Debug: modules {
Debug: Loading rlm_exec with path: /usr/local/radius316/lib/rlm_exec.so
Debug: Loaded rlm_exec, checking if it's valid
Debug: # Loaded module rlm_exec
Debug: # Loading module "echo" from file
/usr/local/radius316/etc/raddb/mods-enabled/echo
Debug: exec echo {
Debug: wait = yes
Debug: program = "/bin/echo %{User-Name}"
Debug: input_pairs = "request"
Debug: output_pairs = "reply"
Debug: shell_escape = yes
Debug: }
Debug: Loading rlm_utf8 with path: /usr/local/radius316/lib/rlm_utf8.so
Debug: Loaded rlm_utf8, checking if it's valid
Debug: # Loaded module rlm_utf8
Debug: # Loading module "utf8" from file
/usr/local/radius316/etc/raddb/mods-enabled/utf8
Debug: Loading rlm_cache with path: /usr/local/radius316/lib/rlm_cache.so
Debug: Loaded rlm_cache, checking if it's valid
Debug: # Loaded module rlm_cache
Debug: # Loading module "cache_eap" from file
/usr/local/radius316/etc/raddb/mods-enabled/cache_eap
Debug: cache cache_eap {
Debug: driver = "rlm_cache_rbtree"
Debug: key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
Debug: ttl = 15
Debug: max_entries = 0
Debug: epoch = 0
Debug: add_stats = no
Debug: }
Debug: Loading rlm_digest with path: /usr/local/radius316/lib/rlm_digest.so
Debug: Loaded rlm_digest, checking if it's valid
Debug: # Loaded module rlm_digest
Debug: # Loading module "digest" from file
/usr/local/radius316/etc/raddb/mods-enabled/digest
Debug: Loading rlm_unix with path: /usr/local/radius316/lib/rlm_unix.so
Debug: Loaded rlm_unix, checking if it's valid
Debug: # Loaded module rlm_unix
Debug: # Loading module "unix" from file
/usr/local/radius316/etc/raddb/mods-enabled/unix
Debug: unix {
Debug: radwtmp = "/usr/local/radius316/var/log/radius/radwtmp"
Debug: }
Debug: Creating attribute Unix-Group
Debug: Loading rlm_attr_filter with path:
/usr/local/radius316/lib/rlm_attr_filter.so
Debug: Loaded rlm_attr_filter, checking if it's valid
Debug: # Loaded module rlm_attr_filter
Debug: # Loading module "attr_filter.post-proxy" from file
/usr/local/radius316/etc/raddb/mods-enabled/attr_filter
Debug: attr_filter attr_filter.post-proxy {
Debug: filename =
"/usr/local/radius316/etc/raddb/mods-config/attr_filter/post-proxy"
Debug: key = "%{Realm}"
Debug: relaxed = no
Debug: }
Debug: # Loading module "attr_filter.pre-proxy" from file
/usr/local/radius316/etc/raddb/mods-enabled/attr_filter
Debug: attr_filter attr_filter.pre-proxy {
Debug: filename =
"/usr/local/radius316/etc/raddb/mods-config/attr_filter/pre-proxy"
Debug: key = "%{Realm}"
Debug: relaxed = no
Debug: }
Debug: # Loading module "attr_filter.access_reject" from file
/usr/local/radius316/etc/raddb/mods-enabled/attr_filter
Debug: attr_filter attr_filter.access_reject {
Debug: filename =
"/usr/local/radius316/etc/raddb/mods-config/attr_filter/access_reject"
Debug: key = "%{User-Name}"
Debug: relaxed = no
Debug: }
Debug: # Loading module "attr_filter.access_challenge" from file
/usr/local/radius316/etc/raddb/mods-enabled/attr_filter
Debug: attr_filter attr_filter.access_challenge {
Debug: filename =
"/usr/local/radius316/etc/raddb/mods-config/attr_filter/access_challenge"
Debug: key = "%{User-Name}"
Debug: relaxed = no
Debug: }
Debug: # Loading module "attr_filter.accounting_response" from file
/usr/local/radius316/etc/raddb/mods-enabled/attr_filter
Debug: attr_filter attr_filter.accounting_response {
Debug: filename =
"/usr/local/radius316/etc/raddb/mods-config/attr_filter/accounting_response"
Debug: key = "%{User-Name}"
Debug: relaxed = no
Debug: }
Debug: # Loading module "ntlm_auth" from file
/usr/local/radius316/etc/raddb/mods-enabled/ntlm_auth
Debug: exec ntlm_auth {
Debug: wait = yes
Debug: program = "/path/to/ntlm_auth --request-nt-key
--domain=MYDOMAIN --username=%{mschap:User-Name}
--password=%{User-Password}"
Debug: shell_escape = yes
Debug: }
Debug: Loading rlm_detail with path: /usr/local/radius316/lib/rlm_detail.so
Debug: Loaded rlm_detail, checking if it's valid
Debug: # Loaded module rlm_detail
Debug: # Loading module "detail" from file
/usr/local/radius316/etc/raddb/mods-enabled/detail
Debug: detail {
Debug: filename =
"/usr/local/radius316/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
Debug: header = "%t"
Debug: permissions = 384
Debug: locking = no
Debug: escape_filenames = no
Debug: log_packet_header = no
Debug: }
Debug: Loading rlm_linelog with path:
/usr/local/radius316/lib/rlm_linelog.so
Debug: Loaded rlm_linelog, checking if it's valid
Debug: # Loaded module rlm_linelog
Debug: # Loading module "linelog" from file
/usr/local/radius316/etc/raddb/mods-enabled/linelog
Debug: linelog {
Debug: filename = "/usr/local/radius316/var/log/radius/linelog"
Debug: escape_filenames = no
Debug: syslog_severity = "info"
Debug: permissions = 384
Debug: format = "This is a log message for %{User-Name}"
Debug: reference = "messages.%{%{reply:Packet-Type}:-default}"
Debug: }
Debug: # Loading module "log_accounting" from file
/usr/local/radius316/etc/raddb/mods-enabled/linelog
Debug: linelog log_accounting {
Debug: filename =
"/usr/local/radius316/var/log/radius/linelog-accounting"
Debug: escape_filenames = no
Debug: syslog_severity = "info"
Debug: permissions = 384
Debug: format = ""
Debug: reference =
"Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
Debug: }
Debug: Loading rlm_always with path: /usr/local/radius316/lib/rlm_always.so
Debug: Loaded rlm_always, checking if it's valid
Debug: # Loaded module rlm_always
Debug: # Loading module "reject" from file
/usr/local/radius316/etc/raddb/mods-enabled/always
Debug: always reject {
Debug: rcode = "reject"
Debug: simulcount = 0
Debug: mpp = no
Debug: }
Debug: # Loading module "fail" from file
/usr/local/radius316/etc/raddb/mods-enabled/always
Debug: always fail {
Debug: rcode = "fail"
Debug: simulcount = 0
Debug: mpp = no
Debug: }
Debug: # Loading module "ok" from file
/usr/local/radius316/etc/raddb/mods-enabled/always
Debug: always ok {
Debug: rcode = "ok"
Debug: simulcount = 0
Debug: mpp = no
Debug: }
Debug: # Loading module "handled" from file
/usr/local/radius316/etc/raddb/mods-enabled/always
Debug: always handled {
Debug: rcode = "handled"
Debug: simulcount = 0
Debug: mpp = no
Debug: }
Debug: # Loading module "invalid" from file
/usr/local/radius316/etc/raddb/mods-enabled/always
Debug: always invalid {
Debug: rcode = "invalid"
Debug: simulcount = 0
Debug: mpp = no
Debug: }
Debug: # Loading module "userlock" from file
/usr/local/radius316/etc/raddb/mods-enabled/always
Debug: always userlock {
Debug: rcode = "userlock"
Debug: simulcount = 0
Debug: mpp = no
Debug: }
Debug: # Loading module "notfound" from file
/usr/local/radius316/etc/raddb/mods-enabled/always
Debug: always notfound {
Debug: rcode = "notfound"
Debug: simulcount = 0
Debug: mpp = no
Debug: }
Debug: # Loading module "noop" from file
/usr/local/radius316/etc/raddb/mods-enabled/always
Debug: always noop {
Debug: rcode = "noop"
Debug: simulcount = 0
Debug: mpp = no
Debug: }
Debug: # Loading module "updated" from file
/usr/local/radius316/etc/raddb/mods-enabled/always
Debug: always updated {
Debug: rcode = "updated"
Debug: simulcount = 0
Debug: mpp = no
Debug: }
Debug: Loading rlm_expr with path: /usr/local/radius316/lib/rlm_expr.so
Debug: Loaded rlm_expr, checking if it's valid
Debug: # Loaded module rlm_expr
Debug: # Loading module "expr" from file
/usr/local/radius316/etc/raddb/mods-enabled/expr
Debug: expr {
Debug: safe_characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/aeouaaaceeeeiio?uuuayAEOUsAAACEEEEIIO?UUU?"
Debug: }
Debug: Loading rlm_radutmp with path:
/usr/local/radius316/lib/rlm_radutmp.so
Debug: Loaded rlm_radutmp, checking if it's valid
Debug: # Loaded module rlm_radutmp
Debug: # Loading module "sradutmp" from file
/usr/local/radius316/etc/raddb/mods-enabled/sradutmp
Debug: radutmp sradutmp {
Debug: filename = "/usr/local/radius316/var/log/radius/sradutmp"
Debug: username = "%{User-Name}"
Debug: case_sensitive = yes
Debug: check_with_nas = yes
Debug: permissions = 420
Debug: caller_id = no
Debug: }
Debug: Loading rlm_passwd with path: /usr/local/radius316/lib/rlm_passwd.so
Debug: Loaded rlm_passwd, checking if it's valid
Debug: # Loaded module rlm_passwd
Debug: # Loading module "etc_passwd" from file
/usr/local/radius316/etc/raddb/mods-enabled/passwd
Debug: passwd etc_passwd {
Debug: filename = "/etc/passwd"
Debug: format = "*User-Name:Crypt-Password:"
Debug: delimiter = ":"
Debug: ignore_nislike = no
Debug: ignore_empty = yes
Debug: allow_multiple_keys = no
Debug: hash_size = 100
Debug: }
Debug: # Loading module "exec" from file
/usr/local/radius316/etc/raddb/mods-enabled/exec
Debug: exec {
Debug: wait = no
Debug: input_pairs = "request"
Debug: shell_escape = yes
Debug: timeout = 10
Debug: }
Debug: Loading rlm_pap with path: /usr/local/radius316/lib/rlm_pap.so
Debug: Loaded rlm_pap, checking if it's valid
Debug: # Loaded module rlm_pap
Debug: # Loading module "pap" from file
/usr/local/radius316/etc/raddb/mods-enabled/pap
Debug: pap {
Debug: normalise = yes
Debug: }
Debug: # Loading module "auth_log" from file
/usr/local/radius316/etc/raddb/mods-enabled/detail.log
Debug: detail auth_log {
Debug: filename =
"/usr/local/radius316/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
Debug: header = "%t"
Debug: permissions = 384
Debug: locking = no
Debug: escape_filenames = no
Debug: log_packet_header = no
Debug: }
Debug: # Loading module "reply_log" from file
/usr/local/radius316/etc/raddb/mods-enabled/detail.log
Debug: detail reply_log {
Debug: filename =
"/usr/local/radius316/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
Debug: header = "%t"
Debug: permissions = 384
Debug: locking = no
Debug: escape_filenames = no
Debug: log_packet_header = no
Debug: }
Debug: # Loading module "pre_proxy_log" from file
/usr/local/radius316/etc/raddb/mods-enabled/detail.log
Debug: detail pre_proxy_log {
Debug: filename =
"/usr/local/radius316/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
Debug: header = "%t"
Debug: permissions = 384
Debug: locking = no
Debug: escape_filenames = no
Debug: log_packet_header = no
Debug: }
Debug: # Loading module "post_proxy_log" from file
/usr/local/radius316/etc/raddb/mods-enabled/detail.log
Debug: detail post_proxy_log {
Debug: filename =
"/usr/local/radius316/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
Debug: header = "%t"
Debug: permissions = 384
Debug: locking = no
Debug: escape_filenames = no
Debug: log_packet_header = no
Debug: }
Debug: Loading rlm_expiration with path:
/usr/local/radius316/lib/rlm_expiration.so
Debug: Loaded rlm_expiration, checking if it's valid
Debug: # Loaded module rlm_expiration
Debug: # Loading module "expiration" from file
/usr/local/radius316/etc/raddb/mods-enabled/expiration
Debug: Loading rlm_unpack with path: /usr/local/radius316/lib/rlm_unpack.so
Debug: Loaded rlm_unpack, checking if it's valid
Debug: # Loaded module rlm_unpack
Debug: # Loading module "unpack" from file
/usr/local/radius316/etc/raddb/mods-enabled/unpack
Debug: Loading rlm_preprocess with path:
/usr/local/radius316/lib/rlm_preprocess.so
Debug: Loaded rlm_preprocess, checking if it's valid
Debug: # Loaded module rlm_preprocess
Debug: # Loading module "preprocess" from file
/usr/local/radius316/etc/raddb/mods-enabled/preprocess
Debug: preprocess {
Debug: huntgroups =
"/usr/local/radius316/etc/raddb/mods-config/preprocess/huntgroups"
Debug: hints =
"/usr/local/radius316/etc/raddb/mods-config/preprocess/hints"
Debug: with_ascend_hack = no
Debug: ascend_channels_per_line = 23
Debug: with_ntdomain_hack = no
Debug: with_specialix_jetstream_hack = no
Debug: with_cisco_vsa_hack = no
Debug: with_alvarion_vsa_hack = no
Debug: }
Debug: # Loading module "radutmp" from file
/usr/local/radius316/etc/raddb/mods-enabled/radutmp
Debug: radutmp {
Debug: filename = "/usr/local/radius316/var/log/radius/radutmp"
Debug: username = "%{User-Name}"
Debug: case_sensitive = yes
Debug: check_with_nas = yes
Debug: permissions = 384
Debug: caller_id = yes
Debug: }
Debug: Loading rlm_replicate with path:
/usr/local/radius316/lib/rlm_replicate.so
Debug: Loaded rlm_replicate, checking if it's valid
Debug: # Loaded module rlm_replicate
Debug: # Loading module "replicate" from file
/usr/local/radius316/etc/raddb/mods-enabled/replicate
Debug: Loading rlm_mschap with path: /usr/local/radius316/lib/rlm_mschap.so
Debug: Loaded rlm_mschap, checking if it's valid
Debug: # Loaded module rlm_mschap
Debug: # Loading module "mschap" from file
/usr/local/radius316/etc/raddb/mods-enabled/mschap
Debug: mschap {
Debug: use_mppe = yes
Debug: require_encryption = no
Debug: require_strong = no
Debug: with_ntdomain_hack = yes
Debug: passchange {
Debug: }
Debug: allow_retry = yes
Debug: winbind_retry_with_normalised_username = no
Debug: }
Debug: Loading rlm_dynamic_clients with path:
/usr/local/radius316/lib/rlm_dynamic_clients.so
Debug: Loaded rlm_dynamic_clients, checking if it's valid
Debug: # Loaded module rlm_dynamic_clients
Debug: # Loading module "dynamic_clients" from file
/usr/local/radius316/etc/raddb/mods-enabled/dynamic_clients
Debug: Loading rlm_realm with path: /usr/local/radius316/lib/rlm_realm.so
Debug: Loaded rlm_realm, checking if it's valid
Debug: # Loaded module rlm_realm
Debug: # Loading module "IPASS" from file
/usr/local/radius316/etc/raddb/mods-enabled/realm
Debug: realm IPASS {
Debug: format = "prefix"
Debug: delimiter = "/"
Debug: ignore_default = no
Debug: ignore_null = no
Debug: }
Debug: # Loading module "suffix" from file
/usr/local/radius316/etc/raddb/mods-enabled/realm
Debug: realm suffix {
Debug: format = "suffix"
Debug: delimiter = "@"
Debug: ignore_default = no
Debug: ignore_null = no
Debug: }
Debug: # Loading module "realmpercent" from file
/usr/local/radius316/etc/raddb/mods-enabled/realm
Debug: realm realmpercent {
Debug: format = "suffix"
Debug: delimiter = "%"
Debug: ignore_default = no
Debug: ignore_null = no
Debug: }
Debug: # Loading module "ntdomain" from file
/usr/local/radius316/etc/raddb/mods-enabled/realm
Debug: realm ntdomain {
Debug: format = "prefix"
Debug: delimiter = "\\"
Debug: ignore_default = no
Debug: ignore_null = no
Debug: }
Debug: Loading rlm_files with path: /usr/local/radius316/lib/rlm_files.so
Debug: Loaded rlm_files, checking if it's valid
Debug: # Loaded module rlm_files
Debug: # Loading module "files" from file
/usr/local/radius316/etc/raddb/mods-enabled/files
Debug: files {
Debug: filename =
"/usr/local/radius316/etc/raddb/mods-config/files/authorize"
Debug: acctusersfile =
"/usr/local/radius316/etc/raddb/mods-config/files/accounting"
Debug: preproxy_usersfile =
"/usr/local/radius316/etc/raddb/mods-config/files/pre-proxy"
Debug: }
Debug: Loading rlm_eap with path: /usr/local/radius316/lib/rlm_eap.so
Debug: Loaded rlm_eap, checking if it's valid
Debug: # Loaded module rlm_eap
Debug: # Loading module "eap" from file
/usr/local/radius316/etc/raddb/mods-enabled/eap
Debug: eap {
Debug: default_eap_type = "md5"
Debug: timer_expire = 60
Debug: ignore_unknown_eap_types = no
Debug: cisco_accounting_username_bug = no
Debug: max_sessions = 16384
Debug: }
Debug: Loading rlm_soh with path: /usr/local/radius316/lib/rlm_soh.so
Debug: Loaded rlm_soh, checking if it's valid
Debug: # Loaded module rlm_soh
Debug: # Loading module "soh" from file
/usr/local/radius316/etc/raddb/mods-enabled/soh
Debug: soh {
Debug: dhcp = yes
Debug: }
Debug: Loading rlm_date with path: /usr/local/radius316/lib/rlm_date.so
Debug: Loaded rlm_date, checking if it's valid
Debug: # Loaded module rlm_date
Debug: # Loading module "date" from file
/usr/local/radius316/etc/raddb/mods-enabled/date
Debug: date {
Debug: format = "%b %e %Y %H:%M:%S %Z"
Debug: utc = no
Debug: }
Debug: Loading rlm_chap with path: /usr/local/radius316/lib/rlm_chap.so
Debug: Loaded rlm_chap, checking if it's valid
Debug: # Loaded module rlm_chap
Debug: # Loading module "chap" from file
/usr/local/radius316/etc/raddb/mods-enabled/chap
Debug: Loading rlm_logintime with path:
/usr/local/radius316/lib/rlm_logintime.so
Debug: Loaded rlm_logintime, checking if it's valid
Debug: # Loaded module rlm_logintime
Debug: # Loading module "logintime" from file
/usr/local/radius316/etc/raddb/mods-enabled/logintime
Debug: logintime {
Debug: minimum_timeout = 60
Debug: }
Debug: instantiate {
Debug: }
Debug: # Instantiating module "cache_eap" from file
/usr/local/radius316/etc/raddb/mods-enabled/cache_eap
Debug: Loading rlm_cache_rbtree with path:
/usr/local/radius316/lib/rlm_cache_rbtree.so
Debug: rlm_cache (cache_eap): Driver rlm_cache_rbtree (module
rlm_cache_rbtree) loaded and linked
Debug: # Instantiating module "attr_filter.post-proxy" from file
/usr/local/radius316/etc/raddb/mods-enabled/attr_filter
Debug: reading pairlist file
/usr/local/radius316/etc/raddb/mods-config/attr_filter/post-proxy
Debug: # Instantiating module "attr_filter.pre-proxy" from file
/usr/local/radius316/etc/raddb/mods-enabled/attr_filter
Debug: reading pairlist file
/usr/local/radius316/etc/raddb/mods-config/attr_filter/pre-proxy
Debug: # Instantiating module "attr_filter.access_reject" from file
/usr/local/radius316/etc/raddb/mods-enabled/attr_filter
Debug: reading pairlist file
/usr/local/radius316/etc/raddb/mods-config/attr_filter/access_reject
Warning:
[/usr/local/radius316/etc/raddb/mods-config/attr_filter/access_reject]:11
Check item "FreeRADIUS-Response-Delay" found in filter list for realm
"DEFAULT".
Warning:
[/usr/local/radius316/etc/raddb/mods-config/attr_filter/access_reject]:11
Check item "FreeRADIUS-Response-Delay-USec" found in filter list for
realm "DEFAULT".
Debug: # Instantiating module "attr_filter.access_challenge" from file
/usr/local/radius316/etc/raddb/mods-enabled/attr_filter
Debug: reading pairlist file
/usr/local/radius316/etc/raddb/mods-config/attr_filter/access_challenge
Debug: # Instantiating module "attr_filter.accounting_response" from file
/usr/local/radius316/etc/raddb/mods-enabled/attr_filter
Debug: reading pairlist file
/usr/local/radius316/etc/raddb/mods-config/attr_filter/accounting_response
Debug: # Instantiating module "detail" from file
/usr/local/radius316/etc/raddb/mods-enabled/detail
Debug: # Instantiating module "linelog" from file
/usr/local/radius316/etc/raddb/mods-enabled/linelog
Debug: # Instantiating module "log_accounting" from file
/usr/local/radius316/etc/raddb/mods-enabled/linelog
Debug: # Instantiating module "reject" from file
/usr/local/radius316/etc/raddb/mods-enabled/always
Debug: # Instantiating module "fail" from file
/usr/local/radius316/etc/raddb/mods-enabled/always
Debug: # Instantiating module "ok" from file
/usr/local/radius316/etc/raddb/mods-enabled/always
Debug: # Instantiating module "handled" from file
/usr/local/radius316/etc/raddb/mods-enabled/always
Debug: # Instantiating module "invalid" from file
/usr/local/radius316/etc/raddb/mods-enabled/always
Debug: # Instantiating module "userlock" from file
/usr/local/radius316/etc/raddb/mods-enabled/always
Debug: # Instantiating module "notfound" from file
/usr/local/radius316/etc/raddb/mods-enabled/always
Debug: # Instantiating module "noop" from file
/usr/local/radius316/etc/raddb/mods-enabled/always
Debug: # Instantiating module "updated" from file
/usr/local/radius316/etc/raddb/mods-enabled/always
Debug: # Instantiating module "etc_passwd" from file
/usr/local/radius316/etc/raddb/mods-enabled/passwd
Debug: rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
Debug: # Instantiating module "pap" from file
/usr/local/radius316/etc/raddb/mods-enabled/pap
Debug: # Instantiating module "auth_log" from file
/usr/local/radius316/etc/raddb/mods-enabled/detail.log
Debug: rlm_detail (auth_log): 'User-Password' suppressed, will not appear
in detail output
Debug: # Instantiating module "reply_log" from file
/usr/local/radius316/etc/raddb/mods-enabled/detail.log
Debug: # Instantiating module "pre_proxy_log" from file
/usr/local/radius316/etc/raddb/mods-enabled/detail.log
Debug: # Instantiating module "post_proxy_log" from file
/usr/local/radius316/etc/raddb/mods-enabled/detail.log
Debug: # Instantiating module "expiration" from file
/usr/local/radius316/etc/raddb/mods-enabled/expiration
Debug: # Instantiating module "preprocess" from file
/usr/local/radius316/etc/raddb/mods-enabled/preprocess
Debug: reading pairlist file
/usr/local/radius316/etc/raddb/mods-config/preprocess/huntgroups
Debug: reading pairlist file
/usr/local/radius316/etc/raddb/mods-config/preprocess/hints
Debug: # Instantiating module "mschap" from file
/usr/local/radius316/etc/raddb/mods-enabled/mschap
Debug: rlm_mschap (mschap): using internal authentication
Debug: # Instantiating module "IPASS" from file
/usr/local/radius316/etc/raddb/mods-enabled/realm
Debug: # Instantiating module "suffix" from file
/usr/local/radius316/etc/raddb/mods-enabled/realm
Debug: # Instantiating module "realmpercent" from file
/usr/local/radius316/etc/raddb/mods-enabled/realm
Debug: # Instantiating module "ntdomain" from file
/usr/local/radius316/etc/raddb/mods-enabled/realm
Debug: # Instantiating module "files" from file
/usr/local/radius316/etc/raddb/mods-enabled/files
Debug: reading pairlist file
/usr/local/radius316/etc/raddb/mods-config/files/authorize
Debug: reading pairlist file
/usr/local/radius316/etc/raddb/mods-config/files/accounting
Debug: reading pairlist file
/usr/local/radius316/etc/raddb/mods-config/files/pre-proxy
Debug: # Instantiating module "eap" from file
/usr/local/radius316/etc/raddb/mods-enabled/eap
Debug: Loading rlm_eap_md5 with path:
/usr/local/radius316/lib/rlm_eap_md5.so
Debug: # Linked to sub-module rlm_eap_md5
Debug: Loading rlm_eap_leap with path:
/usr/local/radius316/lib/rlm_eap_leap.so
Debug: # Linked to sub-module rlm_eap_leap
Debug: Loading rlm_eap_gtc with path:
/usr/local/radius316/lib/rlm_eap_gtc.so
Debug: # Linked to sub-module rlm_eap_gtc
Debug: gtc {
Debug: challenge = "Password: "
Debug: auth_type = "PAP"
Debug: }
Debug: Loading rlm_eap_tls with path:
/usr/local/radius316/lib/rlm_eap_tls.so
Debug: # Linked to sub-module rlm_eap_tls
Debug: tls {
Debug: tls = "tls-common"
Debug: }
Debug: tls-config tls-common {
Debug: verify_depth = 0
Debug: ca_path = "/usr/local/radius316/etc/raddb/certs"
Debug: pem_file_type = yes
Debug: private_key_file =
"/usr/local/radius316/etc/raddb/certs/server.pem"
Debug: certificate_file =
"/usr/local/radius316/etc/raddb/certs/server.pem"
Debug: ca_file = "/usr/local/radius316/etc/raddb/certs/ca.pem"
Debug: private_key_password = "whatever"
Debug: dh_file = "/usr/local/radius316/etc/raddb/certs/dh"
Debug: fragment_size = 1024
Debug: include_length = yes
Debug: auto_chain = yes
Debug: check_crl = no
Debug: check_all_crl = no
Debug: cipher_list = "DEFAULT"
Debug: cipher_server_preference = no
Debug: ecdh_curve = "prime256v1"
Debug: tls_max_version = ""
Debug: tls_min_version = "1.0"
Debug: cache {
Debug: enable = no
Debug: lifetime = 24
Debug: max_entries = 255
Debug: }
Debug: verify {
Debug: skip_if_ocsp_ok = no
Debug: }
Debug: ocsp {
Debug: enable = no
Debug: override_cert_url = yes
Debug: url = "http://127.0.0.1/ocsp/"
Debug: use_nonce = yes
Debug: timeout = 0
Debug: softfail = no
Debug: }
Debug: }
Debug: Loading rlm_eap_ttls with path:
/usr/local/radius316/lib/rlm_eap_ttls.so
Debug: # Linked to sub-module rlm_eap_ttls
Debug: ttls {
Debug: tls = "tls-common"
Debug: default_eap_type = "md5"
Debug: copy_request_to_tunnel = no
Debug: use_tunneled_reply = no
Debug: virtual_server = "inner-tunnel"
Debug: include_length = yes
Debug: require_client_cert = no
Debug: }
Debug: tls: Using cached TLS configuration from previous invocation
Debug: Loading rlm_eap_peap with path:
/usr/local/radius316/lib/rlm_eap_peap.so
Debug: # Linked to sub-module rlm_eap_peap
Debug: peap {
Debug: tls = "tls-common"
Debug: default_eap_type = "mschapv2"
Debug: copy_request_to_tunnel = no
Debug: use_tunneled_reply = no
Debug: proxy_tunneled_request_as_eap = yes
Debug: virtual_server = "inner-tunnel"
Debug: soh = no
Debug: require_client_cert = no
Debug: }
Debug: tls: Using cached TLS configuration from previous invocation
Debug: Loading rlm_eap_mschapv2 with path:
/usr/local/radius316/lib/rlm_eap_mschapv2.so
Debug: # Linked to sub-module rlm_eap_mschapv2
Debug: mschapv2 {
Debug: with_ntdomain_hack = no
Debug: send_error = no
Debug: }
Debug: # Instantiating module "logintime" from file
/usr/local/radius316/etc/raddb/mods-enabled/logintime
Debug: } # modules
Debug: radiusd: #### Loading Virtual Servers ####
Debug: server { # from file /usr/local/radius316/etc/raddb/radiusd.conf
Debug: } # server
Debug: server default { # from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: authenticate {
Debug: group {
Debug: pap
Debug: }
Debug: group {
Debug: chap
Debug: }
Debug: group {
Debug: mschap
Debug: }
Debug: mschap
Debug: digest
Debug: eap
Debug: } # authenticate
Debug: authorize {
Debug: policy filter_username {
Debug: if (&User-Name) {
Debug: if (&User-Name =~ / /) {
Debug: update {
Debug: &Module-Failure-Message += 'Rejected: User-Name contains
whitespace'
Debug: }
Debug: reject
Debug: }
Debug: if (&User-Name =~ /@[^@]*@/) {
Debug: update {
Debug: &Module-Failure-Message += 'Rejected: Multiple @ in User-Name'
Debug: }
Debug: reject
Debug: }
Debug: if (&User-Name =~ /\.\./) {
Debug: update {
Debug: &Module-Failure-Message += 'Rejected: User-Name contains
multiple ..s'
Debug: }
Debug: reject
Debug: }
Debug: if (&User-Name =~ /@/ && !&User-Name =~ /@(.+)\.(.+)$/) {
Debug: update {
Debug: &Module-Failure-Message += 'Rejected: Realm does not have at
least one dot separator'
Debug: }
Debug: reject
Debug: }
Debug: if (&User-Name =~ /\.$/) {
Debug: update {
Debug: &Module-Failure-Message += 'Rejected: Realm ends with a dot'
Debug: }
Debug: reject
Debug: }
Debug: if (&User-Name =~ /@\./) {
Debug: update {
Debug: &Module-Failure-Message += 'Rejected: Realm begins with a dot'
Debug: }
Debug: reject
Debug: }
Debug: }
Debug: }
Debug: preprocess
Debug: chap
Debug: mschap
Debug: digest
Debug: suffix
Debug: eap
Debug: files
Warning: Ignoring "sql" (see raddb/mods-available/README.rst)
Warning: Ignoring "ldap" (see raddb/mods-available/README.rst)
Debug: expiration
Debug: logintime
Debug: pap
Debug: } # authorize
Debug: preacct {
Debug: preprocess
Debug: policy acct_unique {
Debug: update {
Debug: &Tmp-String-9 := "ai:"
Debug: }
Debug: if ("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/ &&
"%{string:&Class}" =~ /^ai:([0-9a-f]{32})/) {
Debug: update {
Debug: &Acct-Unique-Session-Id := "%{md5:%{1},%{Acct-Session-ID}}"
Debug: }
Debug: }
Debug: else {
Debug: update {
Debug: &Acct-Unique-Session-Id :=
"%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}"
Debug: }
Debug: }
Debug: }
Debug: suffix
Debug: files
Debug: } # preacct
Debug: accounting {
Debug: detail
Debug: unix
Debug: exec
Debug: attr_filter.accounting_response
Debug: } # accounting
Debug: post-proxy {
Debug: eap
Debug: } # post-proxy
Debug: post-auth {
Debug: update {
Debug: &reply:[*] += &session-state:[*]
Debug: }
Debug: exec
Debug: policy remove_reply_message_if_eap {
Debug: if (&reply:EAP-Message && &reply:Reply-Message) {
Debug: update {
Debug: &reply:Reply-Message !* ANY
Debug: }
Debug: }
Debug: else {
Debug: noop
Debug: }
Debug: }
Debug: group {
Debug: attr_filter.access_reject
Debug: eap
Debug: policy remove_reply_message_if_eap {
Debug: if (&reply:EAP-Message && &reply:Reply-Message) {
Debug: update {
Debug: &reply:Reply-Message !* ANY
Debug: }
Debug: }
Debug: else {
Debug: noop
Debug: }
Debug: }
Debug: }
Debug: group {
Debug: }
Debug: } # post-auth
Debug: } # server default
Debug: server inner-tunnel { # from file
/usr/local/radius316/etc/raddb/sites-enabled/inner-tunnel
Debug: authenticate {
Debug: group {
Debug: pap
Debug: }
Debug: group {
Debug: chap
Debug: }
Debug: group {
Debug: mschap
Debug: }
Debug: mschap
Debug: eap
Debug: } # authenticate
Debug: authorize {
Debug: policy filter_username {
Debug: if (&User-Name) {
Debug: if (&User-Name =~ / /) {
Debug: update {
Debug: &Module-Failure-Message += 'Rejected: User-Name contains
whitespace'
Debug: }
Debug: reject
Debug: }
Debug: if (&User-Name =~ /@[^@]*@/) {
Debug: update {
Debug: &Module-Failure-Message += 'Rejected: Multiple @ in User-Name'
Debug: }
Debug: reject
Debug: }
Debug: if (&User-Name =~ /\.\./) {
Debug: update {
Debug: &Module-Failure-Message += 'Rejected: User-Name contains
multiple ..s'
Debug: }
Debug: reject
Debug: }
Debug: if (&User-Name =~ /@/ && !&User-Name =~ /@(.+)\.(.+)$/) {
Debug: update {
Debug: &Module-Failure-Message += 'Rejected: Realm does not have at
least one dot separator'
Debug: }
Debug: reject
Debug: }
Debug: if (&User-Name =~ /\.$/) {
Debug: update {
Debug: &Module-Failure-Message += 'Rejected: Realm ends with a dot'
Debug: }
Debug: reject
Debug: }
Debug: if (&User-Name =~ /@\./) {
Debug: update {
Debug: &Module-Failure-Message += 'Rejected: Realm begins with a dot'
Debug: }
Debug: reject
Debug: }
Debug: }
Debug: }
Debug: chap
Debug: mschap
Debug: suffix
Debug: update {
Debug: &control:Proxy-To-Realm := LOCAL
Debug: }
Debug: eap
Debug: files
Debug: expiration
Debug: logintime
Debug: pap
Debug: } # authorize
Debug: session {
Debug: radutmp
Debug: } # session
Debug: post-proxy {
Debug: eap
Debug: } # post-proxy
Debug: post-auth {
Info: # Skipping contents of 'if' as it is always 'false' --
/usr/local/radius316/etc/raddb/sites-enabled/inner-tunnel:331
Debug: if (false) {
Debug: }
Debug: group {
Debug: attr_filter.access_reject
Debug: update {
Debug: &outer.session-state:Module-Failure-Message :=
&Module-Failure-Message
Debug: }
Debug: }
Debug: } # post-auth
Debug: } # server inner-tunnel
Debug: Created signal pipe. Read end FD 5, write end FD 6
Debug: radiusd: #### Opening IP addresses and Ports ####
Debug: Loading proto_auth with path: /usr/local/radius316/lib/proto_auth.so
Debug: Loading proto_auth failed: /usr/local/radius316/lib/proto_auth.so:
cannot open shared object file: No such file or directory - No such file or
directory
Debug: Loading library using linker search path(s)
Debug: Defaults : /lib:/usr/lib
Debug: Failed with error: proto_auth.so: cannot open shared object file: No
such file or directory
Debug: listen {
Debug: type = "auth"
Debug: ipaddr = *
Debug: port = 0
Debug: limit {
Debug: max_connections = 16
Debug: lifetime = 0
Debug: idle_timeout = 30
Debug: }
Debug: }
Debug: Loading proto_acct with path: /usr/local/radius316/lib/proto_acct.so
Debug: Loading proto_acct failed: /usr/local/radius316/lib/proto_acct.so:
cannot open shared object file: No such file or directory - No such file or
directory
Debug: Loading library using linker search path(s)
Debug: Defaults : /lib:/usr/lib
Debug: Failed with error: proto_acct.so: cannot open shared object file: No
such file or directory
Debug: listen {
Debug: type = "acct"
Debug: ipaddr = *
Debug: port = 0
Debug: limit {
Debug: max_connections = 16
Debug: lifetime = 0
Debug: idle_timeout = 30
Debug: }
Debug: }
Debug: Loading proto_auth with path: /usr/local/radius316/lib/proto_auth.so
Debug: Loading proto_auth failed: /usr/local/radius316/lib/proto_auth.so:
cannot open shared object file: No such file or directory - No such file or
directory
Debug: Loading library using linker search path(s)
Debug: Defaults : /lib:/usr/lib
Debug: Failed with error: proto_auth.so: cannot open shared object file: No
such file or directory
Debug: listen {
Debug: type = "auth"
Debug: ipv6addr = ::
Debug: port = 0
Debug: limit {
Debug: max_connections = 16
Debug: lifetime = 0
Debug: idle_timeout = 30
Debug: }
Debug: }
Debug: Loading proto_acct with path: /usr/local/radius316/lib/proto_acct.so
Debug: Loading proto_acct failed: /usr/local/radius316/lib/proto_acct.so:
cannot open shared object file: No such file or directory - No such file or
directory
Debug: Loading library using linker search path(s)
Debug: Defaults : /lib:/usr/lib
Debug: Failed with error: proto_acct.so: cannot open shared object file: No
such file or directory
Debug: listen {
Debug: type = "acct"
Debug: ipv6addr = ::
Debug: port = 0
Debug: limit {
Debug: max_connections = 16
Debug: lifetime = 0
Debug: idle_timeout = 30
Debug: }
Debug: }
Debug: Loading proto_auth with path: /usr/local/radius316/lib/proto_auth.so
Debug: Loading proto_auth failed: /usr/local/radius316/lib/proto_auth.so:
cannot open shared object file: No such file or directory - No such file or
directory
Debug: Loading library using linker search path(s)
Debug: Defaults : /lib:/usr/lib
Debug: Failed with error: proto_auth.so: cannot open shared object file: No
such file or directory
Debug: listen {
Debug: type = "auth"
Debug: ipaddr = 127.0.0.1
Debug: port = 18120
Debug: }
Debug: Listening on auth address * port 1812 bound to server default
Debug: Listening on acct address * port 1813 bound to server default
Debug: Listening on auth address :: port 1812 bound to server default
Debug: Listening on acct address :: port 1813 bound to server default
Debug: Listening on auth address 127.0.0.1 port 18120 bound to server
inner-tunnel
Debug: Opened new proxy socket 'proxy address * port 53124'
Debug: Listening on proxy address * port 53124
Debug: Opened new proxy socket 'proxy address :: port 51628'
Debug: Listening on proxy address :: port 51628
Info: Ready to process requests
Debug: (0) Received Access-Request Id 0 from 192.168.103.4:35803 to
192.168.103.1:1812 length 122
Debug: (0) User-Name = "user001"
Debug: (0) NAS-IP-Address = 127.0.0.1
Debug: (0) Calling-Station-Id = "02-00-00-00-00-01"
Debug: (0) Framed-MTU = 1400
Debug: (0) NAS-Port-Type = Wireless-802.11
Debug: (0) Connect-Info = "CONNECT 11Mbps 802.11b"
Debug: (0) EAP-Message = 0x0200000c0175736572303031
Debug: (0) Message-Authenticator = 0x1b713d66546c5df82fc9440221b72bee
Debug: (0) session-state: No State attribute
Debug: (0) # Executing section authorize from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (0) authorize {
Debug: (0) policy filter_username {
Debug: (0) if (&User-Name) {
Debug: (0) if (&User-Name) -> TRUE
Debug: (0) if (&User-Name) {
Debug: (0) if (&User-Name =~ / /) {
Debug: No matches
Debug: (0) if (&User-Name =~ / /) -> FALSE
Debug: (0) if (&User-Name =~ /@[^@]*@/ ) {
Debug: No matches
Debug: (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
Debug: (0) if (&User-Name =~ /\.\./ ) {
Debug: No matches
Debug: (0) if (&User-Name =~ /\.\./ ) -> FALSE
Debug: (0) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) {
Debug: No matches
Debug: (0) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) -> FALSE
Debug: (0) if (&User-Name =~ /\.$/) {
Debug: No matches
Debug: (0) if (&User-Name =~ /\.$/) -> FALSE
Debug: (0) if (&User-Name =~ /@\./) {
Debug: No matches
Debug: (0) if (&User-Name =~ /@\./) -> FALSE
Debug: (0) } # if (&User-Name) = notfound
Debug: (0) } # policy filter_username = notfound
Debug: (0) modsingle[authorize]: calling preprocess (rlm_preprocess)
Debug: (0) modsingle[authorize]: returned from preprocess
(rlm_preprocess)
Debug: (0) [preprocess] = ok
Debug: (0) modsingle[authorize]: calling chap (rlm_chap)
Debug: (0) modsingle[authorize]: returned from chap (rlm_chap)
Debug: (0) [chap] = noop
Debug: (0) modsingle[authorize]: calling mschap (rlm_mschap)
Debug: (0) modsingle[authorize]: returned from mschap (rlm_mschap)
Debug: (0) [mschap] = noop
Debug: (0) modsingle[authorize]: calling digest (rlm_digest)
Debug: (0) modsingle[authorize]: returned from digest (rlm_digest)
Debug: (0) [digest] = noop
Debug: (0) modsingle[authorize]: calling suffix (rlm_realm)
Debug: (0) suffix: Checking for suffix after "@"
Debug: (0) suffix: No '@' in User-Name = "user001", looking up realm NULL
Debug: (0) suffix: Found realm "NULL"
Debug: (0) suffix: Adding Stripped-User-Name = "user001"
Debug: (0) suffix: Adding Realm = "NULL"
Debug: (0) suffix: Authentication realm is LOCAL
Debug: (0) modsingle[authorize]: returned from suffix (rlm_realm)
Debug: (0) [suffix] = ok
Debug: (0) modsingle[authorize]: calling eap (rlm_eap)
Debug: (0) eap: Peer sent EAP Response (code 2) ID 0 length 12
Debug: (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit
the rest of authorize
Debug: (0) modsingle[authorize]: returned from eap (rlm_eap)
Debug: (0) [eap] = ok
Debug: (0) } # authorize = ok
Debug: (0) Found Auth-Type = eap
Debug: (0) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (0) authenticate {
Debug: (0) modsingle[authenticate]: calling eap (rlm_eap)
Debug: (0) eap: Peer sent packet with method EAP Identity (1)
Debug: (0) eap: Calling submodule eap_md5 to process data
Debug: (0) eap_md5: Issuing MD5 Challenge
Debug: (0) eap: Sending EAP Request (code 1) ID 1 length 22
Debug: (0) eap: EAP session adding &reply:State = 0x2943cbb82942cf0f
Debug: (0) modsingle[authenticate]: returned from eap (rlm_eap)
Debug: (0) [eap] = handled
Debug: (0) } # authenticate = handled
Debug: (0) Using Post-Auth-Type Challenge
Debug: (0) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (0) Challenge { ... } # empty sub-section is ignored
Debug: (0) session-state: Nothing to cache
Debug: (0) Sent Access-Challenge Id 0 from 192.168.103.1:1812 to
192.168.103.4:35803 length 0
Debug: (0) EAP-Message = 0x0101001604106467fcdc56eaf2330ba7f13f533cc588
Debug: (0) Message-Authenticator = 0x00000000000000000000000000000000
Debug: (0) State = 0x2943cbb82942cf0f1f4c032fd1862a21
Debug: (0) Finished request
Debug: Waking up in 4.9 seconds.
Debug: (1) Received Access-Request Id 1 from 192.168.103.4:35803 to
192.168.103.1:1812 length 134
Debug: (1) User-Name = "user001"
Debug: (1) NAS-IP-Address = 127.0.0.1
Debug: (1) Calling-Station-Id = "02-00-00-00-00-01"
Debug: (1) Framed-MTU = 1400
Debug: (1) NAS-Port-Type = Wireless-802.11
Debug: (1) Connect-Info = "CONNECT 11Mbps 802.11b"
Debug: (1) EAP-Message = 0x020100060319
Debug: (1) State = 0x2943cbb82942cf0f1f4c032fd1862a21
Debug: (1) Message-Authenticator = 0xc82b0685d2ea8c8d20720b0ae20b6706
Debug: (1) session-state: No cached attributes
Debug: (1) # Executing section authorize from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (1) authorize {
Debug: (1) policy filter_username {
Debug: (1) if (&User-Name) {
Debug: (1) if (&User-Name) -> TRUE
Debug: (1) if (&User-Name) {
Debug: (1) if (&User-Name =~ / /) {
Debug: No matches
Debug: (1) if (&User-Name =~ / /) -> FALSE
Debug: (1) if (&User-Name =~ /@[^@]*@/ ) {
Debug: No matches
Debug: (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
Debug: (1) if (&User-Name =~ /\.\./ ) {
Debug: No matches
Debug: (1) if (&User-Name =~ /\.\./ ) -> FALSE
Debug: (1) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) {
Debug: No matches
Debug: (1) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) -> FALSE
Debug: (1) if (&User-Name =~ /\.$/) {
Debug: No matches
Debug: (1) if (&User-Name =~ /\.$/) -> FALSE
Debug: (1) if (&User-Name =~ /@\./) {
Debug: No matches
Debug: (1) if (&User-Name =~ /@\./) -> FALSE
Debug: (1) } # if (&User-Name) = notfound
Debug: (1) } # policy filter_username = notfound
Debug: (1) modsingle[authorize]: calling preprocess (rlm_preprocess)
Debug: (1) modsingle[authorize]: returned from preprocess
(rlm_preprocess)
Debug: (1) [preprocess] = ok
Debug: (1) modsingle[authorize]: calling chap (rlm_chap)
Debug: (1) modsingle[authorize]: returned from chap (rlm_chap)
Debug: (1) [chap] = noop
Debug: (1) modsingle[authorize]: calling mschap (rlm_mschap)
Debug: (1) modsingle[authorize]: returned from mschap (rlm_mschap)
Debug: (1) [mschap] = noop
Debug: (1) modsingle[authorize]: calling digest (rlm_digest)
Debug: (1) modsingle[authorize]: returned from digest (rlm_digest)
Debug: (1) [digest] = noop
Debug: (1) modsingle[authorize]: calling suffix (rlm_realm)
Debug: (1) suffix: Checking for suffix after "@"
Debug: (1) suffix: No '@' in User-Name = "user001", looking up realm NULL
Debug: (1) suffix: Found realm "NULL"
Debug: (1) suffix: Adding Stripped-User-Name = "user001"
Debug: (1) suffix: Adding Realm = "NULL"
Debug: (1) suffix: Authentication realm is LOCAL
Debug: (1) modsingle[authorize]: returned from suffix (rlm_realm)
Debug: (1) [suffix] = ok
Debug: (1) modsingle[authorize]: calling eap (rlm_eap)
Debug: (1) eap: Peer sent EAP Response (code 2) ID 1 length 6
Debug: (1) eap: No EAP Start, assuming it's an on-going EAP conversation
Debug: (1) modsingle[authorize]: returned from eap (rlm_eap)
Debug: (1) [eap] = updated
Debug: (1) modsingle[authorize]: calling files (rlm_files)
Debug: (1) files: users: Matched entry user001 at line 221
Debug: (1) files: ::: FROM 1 TO 0 MAX 1
Debug: (1) files: ::: Examining Reply-Message
Debug: Hello, %{User-Name}
Debug: Parsed xlat tree:
Debug: literal --> Hello,
Debug: attribute --> User-Name
Debug: (1) files: EXPAND Hello, %{User-Name}
Debug: (1) files: --> Hello, user001
Debug: (1) files: ::: APPENDING Reply-Message FROM 0 TO 0
Debug: (1) files: ::: TO in 0 out 0
Debug: (1) modsingle[authorize]: returned from files (rlm_files)
Debug: (1) [files] = ok
Debug: (1) modsingle[authorize]: calling expiration (rlm_expiration)
Debug: (1) modsingle[authorize]: returned from expiration
(rlm_expiration)
Debug: (1) [expiration] = noop
Debug: (1) modsingle[authorize]: calling logintime (rlm_logintime)
Debug: (1) modsingle[authorize]: returned from logintime (rlm_logintime)
Debug: (1) [logintime] = noop
Debug: (1) modsingle[authorize]: calling pap (rlm_pap)
WARNING: (1) pap: Auth-Type already set. Not setting to PAP
Debug: (1) modsingle[authorize]: returned from pap (rlm_pap)
Debug: (1) [pap] = noop
Debug: (1) } # authorize = updated
Debug: (1) Found Auth-Type = eap
Debug: (1) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (1) authenticate {
Debug: (1) modsingle[authenticate]: calling eap (rlm_eap)
Debug: (1) eap: Expiring EAP session with state 0x2943cbb82942cf0f
Debug: (1) eap: Finished EAP session with state 0x2943cbb82942cf0f
Debug: (1) eap: Previous EAP request found for state 0x2943cbb82942cf0f,
released from the list
Debug: (1) eap: Peer sent packet with method EAP NAK (3)
Debug: (1) eap: Found mutually acceptable type PEAP (25)
Debug: (1) eap: Calling submodule eap_peap to process data
Debug: (1) eap_peap: Initiating new EAP-TLS session
Debug: (1) eap_peap: [eaptls start] = request
Debug: (1) eap: Sending EAP Request (code 1) ID 2 length 6
Debug: (1) eap: EAP session adding &reply:State = 0x2943cbb82841d20f
Debug: (1) modsingle[authenticate]: returned from eap (rlm_eap)
Debug: (1) [eap] = handled
Debug: (1) } # authenticate = handled
Debug: (1) Using Post-Auth-Type Challenge
Debug: (1) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (1) Challenge { ... } # empty sub-section is ignored
Debug: (1) session-state: Nothing to cache
Debug: (1) Sent Access-Challenge Id 1 from 192.168.103.1:1812 to
192.168.103.4:35803 length 0
Debug: (1) Reply-Message = "Hello, user001"
Debug: (1) EAP-Message = 0x010200061920
Debug: (1) Message-Authenticator = 0x00000000000000000000000000000000
Debug: (1) State = 0x2943cbb82841d20f1f4c032fd1862a21
Debug: (1) Finished request
Debug: Waking up in 4.9 seconds.
Debug: (2) Received Access-Request Id 2 from 192.168.103.4:35803 to
192.168.103.1:1812 length 293
Debug: (2) User-Name = "user001"
Debug: (2) NAS-IP-Address = 127.0.0.1
Debug: (2) Calling-Station-Id = "02-00-00-00-00-01"
Debug: (2) Framed-MTU = 1400
Debug: (2) NAS-Port-Type = Wireless-802.11
Debug: (2) Connect-Info = "CONNECT 11Mbps 802.11b"
Debug: (2) EAP-Message =
0x020200a519800000009b16030100960100009203015a9650accd2e450636c95743fa5ce471555ee10a89cced36c1bbdf4e92a2a7cb00004cc014c00a0039003800880087c00fc00500350084c013c00900330032009a009900450044c00ec004002f00960041c012c00800160013c00dc003000a0007c0
Debug: (2) State = 0x2943cbb82841d20f1f4c032fd1862a21
Debug: (2) Message-Authenticator = 0x925091610982fc04f4f09cdf1dcf1186
Debug: (2) session-state: No cached attributes
Debug: (2) # Executing section authorize from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (2) authorize {
Debug: (2) policy filter_username {
Debug: (2) if (&User-Name) {
Debug: (2) if (&User-Name) -> TRUE
Debug: (2) if (&User-Name) {
Debug: (2) if (&User-Name =~ / /) {
Debug: No matches
Debug: (2) if (&User-Name =~ / /) -> FALSE
Debug: (2) if (&User-Name =~ /@[^@]*@/ ) {
Debug: No matches
Debug: (2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
Debug: (2) if (&User-Name =~ /\.\./ ) {
Debug: No matches
Debug: (2) if (&User-Name =~ /\.\./ ) -> FALSE
Debug: (2) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) {
Debug: No matches
Debug: (2) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) -> FALSE
Debug: (2) if (&User-Name =~ /\.$/) {
Debug: No matches
Debug: (2) if (&User-Name =~ /\.$/) -> FALSE
Debug: (2) if (&User-Name =~ /@\./) {
Debug: No matches
Debug: (2) if (&User-Name =~ /@\./) -> FALSE
Debug: (2) } # if (&User-Name) = notfound
Debug: (2) } # policy filter_username = notfound
Debug: (2) modsingle[authorize]: calling preprocess (rlm_preprocess)
Debug: (2) modsingle[authorize]: returned from preprocess
(rlm_preprocess)
Debug: (2) [preprocess] = ok
Debug: (2) modsingle[authorize]: calling chap (rlm_chap)
Debug: (2) modsingle[authorize]: returned from chap (rlm_chap)
Debug: (2) [chap] = noop
Debug: (2) modsingle[authorize]: calling mschap (rlm_mschap)
Debug: (2) modsingle[authorize]: returned from mschap (rlm_mschap)
Debug: (2) [mschap] = noop
Debug: (2) modsingle[authorize]: calling digest (rlm_digest)
Debug: (2) modsingle[authorize]: returned from digest (rlm_digest)
Debug: (2) [digest] = noop
Debug: (2) modsingle[authorize]: calling suffix (rlm_realm)
Debug: (2) suffix: Checking for suffix after "@"
Debug: (2) suffix: No '@' in User-Name = "user001", looking up realm NULL
Debug: (2) suffix: Found realm "NULL"
Debug: (2) suffix: Adding Stripped-User-Name = "user001"
Debug: (2) suffix: Adding Realm = "NULL"
Debug: (2) suffix: Authentication realm is LOCAL
Debug: (2) modsingle[authorize]: returned from suffix (rlm_realm)
Debug: (2) [suffix] = ok
Debug: (2) modsingle[authorize]: calling eap (rlm_eap)
Debug: (2) eap: Peer sent EAP Response (code 2) ID 2 length 165
Debug: (2) eap: Continuing tunnel setup
Debug: (2) modsingle[authorize]: returned from eap (rlm_eap)
Debug: (2) [eap] = ok
Debug: (2) } # authorize = ok
Debug: (2) Found Auth-Type = eap
Debug: (2) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (2) authenticate {
Debug: (2) modsingle[authenticate]: calling eap (rlm_eap)
Debug: (2) eap: Expiring EAP session with state 0x2943cbb82841d20f
Debug: (2) eap: Finished EAP session with state 0x2943cbb82841d20f
Debug: (2) eap: Previous EAP request found for state 0x2943cbb82841d20f,
released from the list
Debug: (2) eap: Peer sent packet with method EAP PEAP (25)
Debug: (2) eap: Calling submodule eap_peap to process data
Debug: (2) eap_peap: Continuing EAP-TLS
Debug: (2) eap_peap: Peer sent flags --L
Debug: (2) eap_peap: Peer indicated complete TLS record size will be 155
bytes
Debug: (2) eap_peap: Got complete TLS record (155 bytes)
Debug: (2) eap_peap: [eaptls verify] = length included
Debug: (2) eap_peap: (other): before/accept initialization
Debug: (2) eap_peap: TLS_accept: before/accept initialization
Debug: (2) eap_peap: <<< recv TLS 1.0 Handshake [length 0096], ClientHello
Debug: (2) eap_peap: TLS_accept: SSLv3 read client hello A
Debug: (2) eap_peap: >>> send TLS 1.0 Handshake [length 003e], ServerHello
Debug: (2) eap_peap: TLS_accept: SSLv3 write server hello A
Debug: (2) eap_peap: >>> send TLS 1.0 Handshake [length 08d3], Certificate
Debug: (2) eap_peap: TLS_accept: SSLv3 write certificate A
Debug: (2) eap_peap: >>> send TLS 1.0 Handshake [length 014b],
ServerKeyExchange
Debug: (2) eap_peap: TLS_accept: SSLv3 write key exchange A
Debug: (2) eap_peap: >>> send TLS 1.0 Handshake [length 0004],
ServerHelloDone
Debug: (2) eap_peap: TLS_accept: SSLv3 write server done A
Debug: (2) eap_peap: TLS_accept: SSLv3 flush data
Debug: (2) eap_peap: TLS_accept: Need to read more data: SSLv3 read client
certificate A
Debug: (2) eap_peap: TLS_accept: Need to read more data: SSLv3 read client
certificate A
Debug: (2) eap_peap: In SSL Handshake Phase
Debug: (2) eap_peap: In SSL Accept mode
Debug: (2) eap_peap: [eaptls process] = handled
Debug: (2) eap: Sending EAP Request (code 1) ID 3 length 1004
Debug: (2) eap: EAP session adding &reply:State = 0x2943cbb82b40d20f
Debug: (2) modsingle[authenticate]: returned from eap (rlm_eap)
Debug: (2) [eap] = handled
Debug: (2) } # authenticate = handled
Debug: (2) Using Post-Auth-Type Challenge
Debug: (2) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (2) Challenge { ... } # empty sub-section is ignored
Debug: (2) session-state: Nothing to cache
Debug: (2) Sent Access-Challenge Id 2 from 192.168.103.1:1812 to
192.168.103.4:35803 length 0
Debug: (2) EAP-Message =
0x010303ec19c000000a74160301003e0200003a03015a9650c9f8406b23f795268b7d9728863db6131fbcb6bdb2f17c3b9c7a35eeba00c014000012ff01000100000b000403000102000f00010116030108d30b0008cf0008cc0003de308203da308202c2a003020102020101300d06092a864886f70d01
Debug: (2) Message-Authenticator = 0x00000000000000000000000000000000
Debug: (2) State = 0x2943cbb82b40d20f1f4c032fd1862a21
Debug: (2) Finished request
Debug: Waking up in 4.9 seconds.
Debug: (3) Received Access-Request Id 3 from 192.168.103.4:35803 to
192.168.103.1:1812 length 134
Debug: (3) User-Name = "user001"
Debug: (3) NAS-IP-Address = 127.0.0.1
Debug: (3) Calling-Station-Id = "02-00-00-00-00-01"
Debug: (3) Framed-MTU = 1400
Debug: (3) NAS-Port-Type = Wireless-802.11
Debug: (3) Connect-Info = "CONNECT 11Mbps 802.11b"
Debug: (3) EAP-Message = 0x020300061900
Debug: (3) State = 0x2943cbb82b40d20f1f4c032fd1862a21
Debug: (3) Message-Authenticator = 0x13435caaa8eef5857e7508494cc1c865
Debug: (3) session-state: No cached attributes
Debug: (3) # Executing section authorize from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (3) authorize {
Debug: (3) policy filter_username {
Debug: (3) if (&User-Name) {
Debug: (3) if (&User-Name) -> TRUE
Debug: (3) if (&User-Name) {
Debug: (3) if (&User-Name =~ / /) {
Debug: No matches
Debug: (3) if (&User-Name =~ / /) -> FALSE
Debug: (3) if (&User-Name =~ /@[^@]*@/ ) {
Debug: No matches
Debug: (3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
Debug: (3) if (&User-Name =~ /\.\./ ) {
Debug: No matches
Debug: (3) if (&User-Name =~ /\.\./ ) -> FALSE
Debug: (3) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) {
Debug: No matches
Debug: (3) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) -> FALSE
Debug: (3) if (&User-Name =~ /\.$/) {
Debug: No matches
Debug: (3) if (&User-Name =~ /\.$/) -> FALSE
Debug: (3) if (&User-Name =~ /@\./) {
Debug: No matches
Debug: (3) if (&User-Name =~ /@\./) -> FALSE
Debug: (3) } # if (&User-Name) = notfound
Debug: (3) } # policy filter_username = notfound
Debug: (3) modsingle[authorize]: calling preprocess (rlm_preprocess)
Debug: (3) modsingle[authorize]: returned from preprocess
(rlm_preprocess)
Debug: (3) [preprocess] = ok
Debug: (3) modsingle[authorize]: calling chap (rlm_chap)
Debug: (3) modsingle[authorize]: returned from chap (rlm_chap)
Debug: (3) [chap] = noop
Debug: (3) modsingle[authorize]: calling mschap (rlm_mschap)
Debug: (3) modsingle[authorize]: returned from mschap (rlm_mschap)
Debug: (3) [mschap] = noop
Debug: (3) modsingle[authorize]: calling digest (rlm_digest)
Debug: (3) modsingle[authorize]: returned from digest (rlm_digest)
Debug: (3) [digest] = noop
Debug: (3) modsingle[authorize]: calling suffix (rlm_realm)
Debug: (3) suffix: Checking for suffix after "@"
Debug: (3) suffix: No '@' in User-Name = "user001", looking up realm NULL
Debug: (3) suffix: Found realm "NULL"
Debug: (3) suffix: Adding Stripped-User-Name = "user001"
Debug: (3) suffix: Adding Realm = "NULL"
Debug: (3) suffix: Authentication realm is LOCAL
Debug: (3) modsingle[authorize]: returned from suffix (rlm_realm)
Debug: (3) [suffix] = ok
Debug: (3) modsingle[authorize]: calling eap (rlm_eap)
Debug: (3) eap: Peer sent EAP Response (code 2) ID 3 length 6
Debug: (3) eap: Continuing tunnel setup
Debug: (3) modsingle[authorize]: returned from eap (rlm_eap)
Debug: (3) [eap] = ok
Debug: (3) } # authorize = ok
Debug: (3) Found Auth-Type = eap
Debug: (3) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (3) authenticate {
Debug: (3) modsingle[authenticate]: calling eap (rlm_eap)
Debug: (3) eap: Expiring EAP session with state 0x2943cbb82b40d20f
Debug: (3) eap: Finished EAP session with state 0x2943cbb82b40d20f
Debug: (3) eap: Previous EAP request found for state 0x2943cbb82b40d20f,
released from the list
Debug: (3) eap: Peer sent packet with method EAP PEAP (25)
Debug: (3) eap: Calling submodule eap_peap to process data
Debug: (3) eap_peap: Continuing EAP-TLS
Debug: (3) eap_peap: Peer sent flags ---
Debug: (3) eap_peap: Peer ACKed our handshake fragment
Debug: (3) eap_peap: [eaptls verify] = request
Debug: (3) eap_peap: [eaptls process] = handled
Debug: (3) eap: Sending EAP Request (code 1) ID 4 length 1000
Debug: (3) eap: EAP session adding &reply:State = 0x2943cbb82a47d20f
Debug: (3) modsingle[authenticate]: returned from eap (rlm_eap)
Debug: (3) [eap] = handled
Debug: (3) } # authenticate = handled
Debug: (3) Using Post-Auth-Type Challenge
Debug: (3) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (3) Challenge { ... } # empty sub-section is ignored
Debug: (3) session-state: Nothing to cache
Debug: (3) Sent Access-Challenge Id 3 from 192.168.103.1:1812 to
192.168.103.4:35803 length 0
Debug: (3) EAP-Message =
0x010403e8194022f574cdc123f123515bf01861af46940502c871f00829171dc2399cce50c19782bd7fee1d944feb44ba24a7a68f198b9e0772b2d413a4d37505ad76c7311f8818707537cfde955caf818a037edd0004e8308204e4308203cca0030201020209009b296716b43d9494300d06092a864886
Debug: (3) Message-Authenticator = 0x00000000000000000000000000000000
Debug: (3) State = 0x2943cbb82a47d20f1f4c032fd1862a21
Debug: (3) Finished request
Debug: Waking up in 4.9 seconds.
Debug: (4) Received Access-Request Id 4 from 192.168.103.4:35803 to
192.168.103.1:1812 length 134
Debug: (4) User-Name = "user001"
Debug: (4) NAS-IP-Address = 127.0.0.1
Debug: (4) Calling-Station-Id = "02-00-00-00-00-01"
Debug: (4) Framed-MTU = 1400
Debug: (4) NAS-Port-Type = Wireless-802.11
Debug: (4) Connect-Info = "CONNECT 11Mbps 802.11b"
Debug: (4) EAP-Message = 0x020400061900
Debug: (4) State = 0x2943cbb82a47d20f1f4c032fd1862a21
Debug: (4) Message-Authenticator = 0x9b180ea8d3b49ce70efc224a84d4f452
Debug: (4) session-state: No cached attributes
Debug: (4) # Executing section authorize from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (4) authorize {
Debug: (4) policy filter_username {
Debug: (4) if (&User-Name) {
Debug: (4) if (&User-Name) -> TRUE
Debug: (4) if (&User-Name) {
Debug: (4) if (&User-Name =~ / /) {
Debug: No matches
Debug: (4) if (&User-Name =~ / /) -> FALSE
Debug: (4) if (&User-Name =~ /@[^@]*@/ ) {
Debug: No matches
Debug: (4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
Debug: (4) if (&User-Name =~ /\.\./ ) {
Debug: No matches
Debug: (4) if (&User-Name =~ /\.\./ ) -> FALSE
Debug: (4) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) {
Debug: No matches
Debug: (4) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) -> FALSE
Debug: (4) if (&User-Name =~ /\.$/) {
Debug: No matches
Debug: (4) if (&User-Name =~ /\.$/) -> FALSE
Debug: (4) if (&User-Name =~ /@\./) {
Debug: No matches
Debug: (4) if (&User-Name =~ /@\./) -> FALSE
Debug: (4) } # if (&User-Name) = notfound
Debug: (4) } # policy filter_username = notfound
Debug: (4) modsingle[authorize]: calling preprocess (rlm_preprocess)
Debug: (4) modsingle[authorize]: returned from preprocess
(rlm_preprocess)
Debug: (4) [preprocess] = ok
Debug: (4) modsingle[authorize]: calling chap (rlm_chap)
Debug: (4) modsingle[authorize]: returned from chap (rlm_chap)
Debug: (4) [chap] = noop
Debug: (4) modsingle[authorize]: calling mschap (rlm_mschap)
Debug: (4) modsingle[authorize]: returned from mschap (rlm_mschap)
Debug: (4) [mschap] = noop
Debug: (4) modsingle[authorize]: calling digest (rlm_digest)
Debug: (4) modsingle[authorize]: returned from digest (rlm_digest)
Debug: (4) [digest] = noop
Debug: (4) modsingle[authorize]: calling suffix (rlm_realm)
Debug: (4) suffix: Checking for suffix after "@"
Debug: (4) suffix: No '@' in User-Name = "user001", looking up realm NULL
Debug: (4) suffix: Found realm "NULL"
Debug: (4) suffix: Adding Stripped-User-Name = "user001"
Debug: (4) suffix: Adding Realm = "NULL"
Debug: (4) suffix: Authentication realm is LOCAL
Debug: (4) modsingle[authorize]: returned from suffix (rlm_realm)
Debug: (4) [suffix] = ok
Debug: (4) modsingle[authorize]: calling eap (rlm_eap)
Debug: (4) eap: Peer sent EAP Response (code 2) ID 4 length 6
Debug: (4) eap: Continuing tunnel setup
Debug: (4) modsingle[authorize]: returned from eap (rlm_eap)
Debug: (4) [eap] = ok
Debug: (4) } # authorize = ok
Debug: (4) Found Auth-Type = eap
Debug: (4) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (4) authenticate {
Debug: (4) modsingle[authenticate]: calling eap (rlm_eap)
Debug: (4) eap: Expiring EAP session with state 0x2943cbb82a47d20f
Debug: (4) eap: Finished EAP session with state 0x2943cbb82a47d20f
Debug: (4) eap: Previous EAP request found for state 0x2943cbb82a47d20f,
released from the list
Debug: (4) eap: Peer sent packet with method EAP PEAP (25)
Debug: (4) eap: Calling submodule eap_peap to process data
Debug: (4) eap_peap: Continuing EAP-TLS
Debug: (4) eap_peap: Peer sent flags ---
Debug: (4) eap_peap: Peer ACKed our handshake fragment
Debug: (4) eap_peap: [eaptls verify] = request
Debug: (4) eap_peap: [eaptls process] = handled
Debug: (4) eap: Sending EAP Request (code 1) ID 5 length 694
Debug: (4) eap: EAP session adding &reply:State = 0x2943cbb82d46d20f
Debug: (4) modsingle[authenticate]: returned from eap (rlm_eap)
Debug: (4) [eap] = handled
Debug: (4) } # authenticate = handled
Debug: (4) Using Post-Auth-Type Challenge
Debug: (4) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (4) Challenge { ... } # empty sub-section is ignored
Debug: (4) session-state: Nothing to cache
Debug: (4) Sent Access-Challenge Id 4 from 192.168.103.1:1812 to
192.168.103.4:35803 length 0
Debug: (4) EAP-Message =
0x010502b61900130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d010105050003820101003b1d856463526e89dd3ae7e90db7a059ae6154830280ed2ab780
Debug: (4) Message-Authenticator = 0x00000000000000000000000000000000
Debug: (4) State = 0x2943cbb82d46d20f1f4c032fd1862a21
Debug: (4) Finished request
Debug: Waking up in 4.9 seconds.
Debug: (5) Received Access-Request Id 5 from 192.168.103.4:35803 to
192.168.103.1:1812 length 272
Debug: (5) User-Name = "user001"
Debug: (5) NAS-IP-Address = 127.0.0.1
Debug: (5) Calling-Station-Id = "02-00-00-00-00-01"
Debug: (5) Framed-MTU = 1400
Debug: (5) NAS-Port-Type = Wireless-802.11
Debug: (5) Connect-Info = "CONNECT 11Mbps 802.11b"
Debug: (5) EAP-Message =
0x0205009019800000008616030100461000004241047b6bf12f82e35029d5b7c3085566542bfa8a780f25e296c2ffe22aa8f7edad58c652a697cb041e13cc84e737de54e6fb42c176d0c57439f9de9d568e992cddae14030100010116030100306509a0a9e8c31011a63c550b52a9652751e329d42d292c
Debug: (5) State = 0x2943cbb82d46d20f1f4c032fd1862a21
Debug: (5) Message-Authenticator = 0x802a0ab93dac5c71fac91d767711c6b0
Debug: (5) session-state: No cached attributes
Debug: (5) # Executing section authorize from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (5) authorize {
Debug: (5) policy filter_username {
Debug: (5) if (&User-Name) {
Debug: (5) if (&User-Name) -> TRUE
Debug: (5) if (&User-Name) {
Debug: (5) if (&User-Name =~ / /) {
Debug: No matches
Debug: (5) if (&User-Name =~ / /) -> FALSE
Debug: (5) if (&User-Name =~ /@[^@]*@/ ) {
Debug: No matches
Debug: (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
Debug: (5) if (&User-Name =~ /\.\./ ) {
Debug: No matches
Debug: (5) if (&User-Name =~ /\.\./ ) -> FALSE
Debug: (5) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) {
Debug: No matches
Debug: (5) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) -> FALSE
Debug: (5) if (&User-Name =~ /\.$/) {
Debug: No matches
Debug: (5) if (&User-Name =~ /\.$/) -> FALSE
Debug: (5) if (&User-Name =~ /@\./) {
Debug: No matches
Debug: (5) if (&User-Name =~ /@\./) -> FALSE
Debug: (5) } # if (&User-Name) = notfound
Debug: (5) } # policy filter_username = notfound
Debug: (5) modsingle[authorize]: calling preprocess (rlm_preprocess)
Debug: (5) modsingle[authorize]: returned from preprocess
(rlm_preprocess)
Debug: (5) [preprocess] = ok
Debug: (5) modsingle[authorize]: calling chap (rlm_chap)
Debug: (5) modsingle[authorize]: returned from chap (rlm_chap)
Debug: (5) [chap] = noop
Debug: (5) modsingle[authorize]: calling mschap (rlm_mschap)
Debug: (5) modsingle[authorize]: returned from mschap (rlm_mschap)
Debug: (5) [mschap] = noop
Debug: (5) modsingle[authorize]: calling digest (rlm_digest)
Debug: (5) modsingle[authorize]: returned from digest (rlm_digest)
Debug: (5) [digest] = noop
Debug: (5) modsingle[authorize]: calling suffix (rlm_realm)
Debug: (5) suffix: Checking for suffix after "@"
Debug: (5) suffix: No '@' in User-Name = "user001", looking up realm NULL
Debug: (5) suffix: Found realm "NULL"
Debug: (5) suffix: Adding Stripped-User-Name = "user001"
Debug: (5) suffix: Adding Realm = "NULL"
Debug: (5) suffix: Authentication realm is LOCAL
Debug: (5) modsingle[authorize]: returned from suffix (rlm_realm)
Debug: (5) [suffix] = ok
Debug: (5) modsingle[authorize]: calling eap (rlm_eap)
Debug: (5) eap: Peer sent EAP Response (code 2) ID 5 length 144
Debug: (5) eap: Continuing tunnel setup
Debug: (5) modsingle[authorize]: returned from eap (rlm_eap)
Debug: (5) [eap] = ok
Debug: (5) } # authorize = ok
Debug: (5) Found Auth-Type = eap
Debug: (5) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (5) authenticate {
Debug: (5) modsingle[authenticate]: calling eap (rlm_eap)
Debug: (5) eap: Expiring EAP session with state 0x2943cbb82d46d20f
Debug: (5) eap: Finished EAP session with state 0x2943cbb82d46d20f
Debug: (5) eap: Previous EAP request found for state 0x2943cbb82d46d20f,
released from the list
Debug: (5) eap: Peer sent packet with method EAP PEAP (25)
Debug: (5) eap: Calling submodule eap_peap to process data
Debug: (5) eap_peap: Continuing EAP-TLS
Debug: (5) eap_peap: Peer sent flags --L
Debug: (5) eap_peap: Peer indicated complete TLS record size will be 134
bytes
Debug: (5) eap_peap: Got complete TLS record (134 bytes)
Debug: (5) eap_peap: [eaptls verify] = length included
Debug: (5) eap_peap: <<< recv TLS 1.0 Handshake [length 0046],
ClientKeyExchange
Debug: (5) eap_peap: TLS_accept: SSLv3 read client key exchange A
Debug: (5) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
Debug: (5) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
Debug: (5) eap_peap: TLS_accept: SSLv3 read finished A
Debug: (5) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
Debug: (5) eap_peap: TLS_accept: SSLv3 write change cipher spec A
Debug: (5) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
Debug: (5) eap_peap: TLS_accept: SSLv3 write finished A
Debug: (5) eap_peap: TLS_accept: SSLv3 flush data
Debug: (5) eap_peap: (other): SSL negotiation finished successfully
Debug: (5) eap_peap: SSL Connection Established
Debug: (5) eap_peap: [eaptls process] = handled
Debug: (5) eap: Sending EAP Request (code 1) ID 6 length 65
Debug: (5) eap: EAP session adding &reply:State = 0x2943cbb82c45d20f
Debug: (5) modsingle[authenticate]: returned from eap (rlm_eap)
Debug: (5) [eap] = handled
Debug: (5) } # authenticate = handled
Debug: (5) Using Post-Auth-Type Challenge
Debug: (5) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (5) Challenge { ... } # empty sub-section is ignored
Debug: (5) session-state: Nothing to cache
Debug: (5) Sent Access-Challenge Id 5 from 192.168.103.1:1812 to
192.168.103.4:35803 length 0
Debug: (5) EAP-Message =
0x0106004119001403010001011603010030c8541229c98ae3a82ffe682f2a345e23c6854b42d336ab462f41532bdc5c2379909fa148110f3fb23ebb217a3ef5ae37
Debug: (5) Message-Authenticator = 0x00000000000000000000000000000000
Debug: (5) State = 0x2943cbb82c45d20f1f4c032fd1862a21
Debug: (5) Finished request
Debug: Waking up in 4.9 seconds.
Debug: (6) Received Access-Request Id 6 from 192.168.103.4:35803 to
192.168.103.1:1812 length 134
Debug: (6) User-Name = "user001"
Debug: (6) NAS-IP-Address = 127.0.0.1
Debug: (6) Calling-Station-Id = "02-00-00-00-00-01"
Debug: (6) Framed-MTU = 1400
Debug: (6) NAS-Port-Type = Wireless-802.11
Debug: (6) Connect-Info = "CONNECT 11Mbps 802.11b"
Debug: (6) EAP-Message = 0x020600061900
Debug: (6) State = 0x2943cbb82c45d20f1f4c032fd1862a21
Debug: (6) Message-Authenticator = 0xc750e939d8ac2edf556f281b7839d5ed
Debug: (6) session-state: No cached attributes
Debug: (6) # Executing section authorize from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (6) authorize {
Debug: (6) policy filter_username {
Debug: (6) if (&User-Name) {
Debug: (6) if (&User-Name) -> TRUE
Debug: (6) if (&User-Name) {
Debug: (6) if (&User-Name =~ / /) {
Debug: No matches
Debug: (6) if (&User-Name =~ / /) -> FALSE
Debug: (6) if (&User-Name =~ /@[^@]*@/ ) {
Debug: No matches
Debug: (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
Debug: (6) if (&User-Name =~ /\.\./ ) {
Debug: No matches
Debug: (6) if (&User-Name =~ /\.\./ ) -> FALSE
Debug: (6) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) {
Debug: No matches
Debug: (6) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) -> FALSE
Debug: (6) if (&User-Name =~ /\.$/) {
Debug: No matches
Debug: (6) if (&User-Name =~ /\.$/) -> FALSE
Debug: (6) if (&User-Name =~ /@\./) {
Debug: No matches
Debug: (6) if (&User-Name =~ /@\./) -> FALSE
Debug: (6) } # if (&User-Name) = notfound
Debug: (6) } # policy filter_username = notfound
Debug: (6) modsingle[authorize]: calling preprocess (rlm_preprocess)
Debug: (6) modsingle[authorize]: returned from preprocess
(rlm_preprocess)
Debug: (6) [preprocess] = ok
Debug: (6) modsingle[authorize]: calling chap (rlm_chap)
Debug: (6) modsingle[authorize]: returned from chap (rlm_chap)
Debug: (6) [chap] = noop
Debug: (6) modsingle[authorize]: calling mschap (rlm_mschap)
Debug: (6) modsingle[authorize]: returned from mschap (rlm_mschap)
Debug: (6) [mschap] = noop
Debug: (6) modsingle[authorize]: calling digest (rlm_digest)
Debug: (6) modsingle[authorize]: returned from digest (rlm_digest)
Debug: (6) [digest] = noop
Debug: (6) modsingle[authorize]: calling suffix (rlm_realm)
Debug: (6) suffix: Checking for suffix after "@"
Debug: (6) suffix: No '@' in User-Name = "user001", looking up realm NULL
Debug: (6) suffix: Found realm "NULL"
Debug: (6) suffix: Adding Stripped-User-Name = "user001"
Debug: (6) suffix: Adding Realm = "NULL"
Debug: (6) suffix: Authentication realm is LOCAL
Debug: (6) modsingle[authorize]: returned from suffix (rlm_realm)
Debug: (6) [suffix] = ok
Debug: (6) modsingle[authorize]: calling eap (rlm_eap)
Debug: (6) eap: Peer sent EAP Response (code 2) ID 6 length 6
Debug: (6) eap: Continuing tunnel setup
Debug: (6) modsingle[authorize]: returned from eap (rlm_eap)
Debug: (6) [eap] = ok
Debug: (6) } # authorize = ok
Debug: (6) Found Auth-Type = eap
Debug: (6) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (6) authenticate {
Debug: (6) modsingle[authenticate]: calling eap (rlm_eap)
Debug: (6) eap: Expiring EAP session with state 0x2943cbb82c45d20f
Debug: (6) eap: Finished EAP session with state 0x2943cbb82c45d20f
Debug: (6) eap: Previous EAP request found for state 0x2943cbb82c45d20f,
released from the list
Debug: (6) eap: Peer sent packet with method EAP PEAP (25)
Debug: (6) eap: Calling submodule eap_peap to process data
Debug: (6) eap_peap: Continuing EAP-TLS
Debug: (6) eap_peap: Peer sent flags ---
Debug: (6) eap_peap: Peer ACKed our handshake fragment. handshake is
finished
Debug: (6) eap_peap: [eaptls verify] = success
Debug: (6) eap_peap: [eaptls process] = success
Debug: (6) eap_peap: Session established. Decoding tunneled attributes
Debug: (6) eap_peap: PEAP state TUNNEL ESTABLISHED
Debug: (6) eap: Sending EAP Request (code 1) ID 7 length 43
Debug: (6) eap: EAP session adding &reply:State = 0x2943cbb82f44d20f
Debug: (6) modsingle[authenticate]: returned from eap (rlm_eap)
Debug: (6) [eap] = handled
Debug: (6) } # authenticate = handled
Debug: (6) Using Post-Auth-Type Challenge
Debug: (6) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (6) Challenge { ... } # empty sub-section is ignored
Debug: (6) session-state: Nothing to cache
Debug: (6) Sent Access-Challenge Id 6 from 192.168.103.1:1812 to
192.168.103.4:35803 length 0
Debug: (6) EAP-Message =
0x0107002b1900170301002078872f0302529e6c1d0a38f6bba254fe118d1d83dedce3891239700f81903c4c
Debug: (6) Message-Authenticator = 0x00000000000000000000000000000000
Debug: (6) State = 0x2943cbb82f44d20f1f4c032fd1862a21
Debug: (6) Finished request
Debug: Waking up in 4.9 seconds.
Debug: (7) Received Access-Request Id 7 from 192.168.103.4:35803 to
192.168.103.1:1812 length 208
Debug: (7) User-Name = "user001"
Debug: (7) NAS-IP-Address = 127.0.0.1
Debug: (7) Calling-Station-Id = "02-00-00-00-00-01"
Debug: (7) Framed-MTU = 1400
Debug: (7) NAS-Port-Type = Wireless-802.11
Debug: (7) Connect-Info = "CONNECT 11Mbps 802.11b"
Debug: (7) EAP-Message =
0x02070050190017030100204fb3b96911243fd0144b333b148cc3620d6191104852ebc0d4e1387637fcc114170301002038fc888ef05140c952536d48b0dbdf74fec7d4db064c8d4d5e1839854df72468
Debug: (7) State = 0x2943cbb82f44d20f1f4c032fd1862a21
Debug: (7) Message-Authenticator = 0x29b362e5abb7a5dce7a730b7fcbafb68
Debug: (7) session-state: No cached attributes
Debug: (7) # Executing section authorize from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (7) authorize {
Debug: (7) policy filter_username {
Debug: (7) if (&User-Name) {
Debug: (7) if (&User-Name) -> TRUE
Debug: (7) if (&User-Name) {
Debug: (7) if (&User-Name =~ / /) {
Debug: No matches
Debug: (7) if (&User-Name =~ / /) -> FALSE
Debug: (7) if (&User-Name =~ /@[^@]*@/ ) {
Debug: No matches
Debug: (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
Debug: (7) if (&User-Name =~ /\.\./ ) {
Debug: No matches
Debug: (7) if (&User-Name =~ /\.\./ ) -> FALSE
Debug: (7) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) {
Debug: No matches
Debug: (7) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) -> FALSE
Debug: (7) if (&User-Name =~ /\.$/) {
Debug: No matches
Debug: (7) if (&User-Name =~ /\.$/) -> FALSE
Debug: (7) if (&User-Name =~ /@\./) {
Debug: No matches
Debug: (7) if (&User-Name =~ /@\./) -> FALSE
Debug: (7) } # if (&User-Name) = notfound
Debug: (7) } # policy filter_username = notfound
Debug: (7) modsingle[authorize]: calling preprocess (rlm_preprocess)
Debug: (7) modsingle[authorize]: returned from preprocess
(rlm_preprocess)
Debug: (7) [preprocess] = ok
Debug: (7) modsingle[authorize]: calling chap (rlm_chap)
Debug: (7) modsingle[authorize]: returned from chap (rlm_chap)
Debug: (7) [chap] = noop
Debug: (7) modsingle[authorize]: calling mschap (rlm_mschap)
Debug: (7) modsingle[authorize]: returned from mschap (rlm_mschap)
Debug: (7) [mschap] = noop
Debug: (7) modsingle[authorize]: calling digest (rlm_digest)
Debug: (7) modsingle[authorize]: returned from digest (rlm_digest)
Debug: (7) [digest] = noop
Debug: (7) modsingle[authorize]: calling suffix (rlm_realm)
Debug: (7) suffix: Checking for suffix after "@"
Debug: (7) suffix: No '@' in User-Name = "user001", looking up realm NULL
Debug: (7) suffix: Found realm "NULL"
Debug: (7) suffix: Adding Stripped-User-Name = "user001"
Debug: (7) suffix: Adding Realm = "NULL"
Debug: (7) suffix: Authentication realm is LOCAL
Debug: (7) modsingle[authorize]: returned from suffix (rlm_realm)
Debug: (7) [suffix] = ok
Debug: (7) modsingle[authorize]: calling eap (rlm_eap)
Debug: (7) eap: Peer sent EAP Response (code 2) ID 7 length 80
Debug: (7) eap: Continuing tunnel setup
Debug: (7) modsingle[authorize]: returned from eap (rlm_eap)
Debug: (7) [eap] = ok
Debug: (7) } # authorize = ok
Debug: (7) Found Auth-Type = eap
Debug: (7) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (7) authenticate {
Debug: (7) modsingle[authenticate]: calling eap (rlm_eap)
Debug: (7) eap: Expiring EAP session with state 0x2943cbb82f44d20f
Debug: (7) eap: Finished EAP session with state 0x2943cbb82f44d20f
Debug: (7) eap: Previous EAP request found for state 0x2943cbb82f44d20f,
released from the list
Debug: (7) eap: Peer sent packet with method EAP PEAP (25)
Debug: (7) eap: Calling submodule eap_peap to process data
Debug: (7) eap_peap: Continuing EAP-TLS
Debug: (7) eap_peap: Peer sent flags ---
Debug: (7) eap_peap: [eaptls verify] = ok
Debug: (7) eap_peap: Done initial handshake
Debug: (7) eap_peap: [eaptls process] = ok
Debug: (7) eap_peap: Session established. Decoding tunneled attributes
Debug: (7) eap_peap: PEAP state WAITING FOR INNER IDENTITY
Debug: (7) eap_peap: Identity - user001
Debug: (7) eap_peap: Got inner identity 'user001'
Debug: (7) eap_peap: Setting default EAP type for tunneled EAP session
Debug: (7) eap_peap: Got tunneled request
Debug: (7) eap_peap: EAP-Message = 0x0207000c0175736572303031
Debug: (7) eap_peap: Setting User-Name to user001
Debug: (7) eap_peap: Sending tunneled request to inner-tunnel
Debug: (7) eap_peap: EAP-Message = 0x0207000c0175736572303031
Debug: (7) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
Debug: (7) eap_peap: User-Name = "user001"
Debug: (7) Virtual server inner-tunnel received request
Debug: (7) EAP-Message = 0x0207000c0175736572303031
Debug: (7) FreeRADIUS-Proxied-To = 127.0.0.1
Debug: (7) User-Name = "user001"
WARNING: (7) Outer and inner identities are the same. User privacy is
compromised.
Debug: (7) server inner-tunnel {
Debug: (7) session-state: No State attribute
Debug: (7) # Executing section authorize from file
/usr/local/radius316/etc/raddb/sites-enabled/inner-tunnel
Debug: (7) authorize {
Debug: (7) policy filter_username {
Debug: (7) if (&User-Name) {
Debug: (7) if (&User-Name) -> TRUE
Debug: (7) if (&User-Name) {
Debug: (7) if (&User-Name =~ / /) {
Debug: No matches
Debug: (7) if (&User-Name =~ / /) -> FALSE
Debug: (7) if (&User-Name =~ /@[^@]*@/ ) {
Debug: No matches
Debug: (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
Debug: (7) if (&User-Name =~ /\.\./ ) {
Debug: No matches
Debug: (7) if (&User-Name =~ /\.\./ ) -> FALSE
Debug: (7) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) {
Debug: No matches
Debug: (7) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) -> FALSE
Debug: (7) if (&User-Name =~ /\.$/) {
Debug: No matches
Debug: (7) if (&User-Name =~ /\.$/) -> FALSE
Debug: (7) if (&User-Name =~ /@\./) {
Debug: No matches
Debug: (7) if (&User-Name =~ /@\./) -> FALSE
Debug: (7) } # if (&User-Name) = notfound
Debug: (7) } # policy filter_username = notfound
Debug: (7) modsingle[authorize]: calling chap (rlm_chap)
Debug: (7) modsingle[authorize]: returned from chap (rlm_chap)
Debug: (7) [chap] = noop
Debug: (7) modsingle[authorize]: calling mschap (rlm_mschap)
Debug: (7) modsingle[authorize]: returned from mschap (rlm_mschap)
Debug: (7) [mschap] = noop
Debug: (7) modsingle[authorize]: calling suffix (rlm_realm)
Debug: (7) suffix: Checking for suffix after "@"
Debug: (7) suffix: No '@' in User-Name = "user001", looking up realm NULL
Debug: (7) suffix: Found realm "NULL"
Debug: (7) suffix: Adding Stripped-User-Name = "user001"
Debug: (7) suffix: Adding Realm = "NULL"
Debug: (7) suffix: Authentication realm is LOCAL
Debug: (7) modsingle[authorize]: returned from suffix (rlm_realm)
Debug: (7) [suffix] = ok
Debug: (7) update control {
Debug: (7) &Proxy-To-Realm := LOCAL
Debug: (7) } # update control = noop
Debug: (7) modsingle[authorize]: calling eap (rlm_eap)
Debug: (7) eap: Peer sent EAP Response (code 2) ID 7 length 12
Debug: (7) eap: EAP-Identity reply, returning 'ok' so we can short-circuit
the rest of authorize
Debug: (7) modsingle[authorize]: returned from eap (rlm_eap)
Debug: (7) [eap] = ok
Debug: (7) } # authorize = ok
Debug: (7) Found Auth-Type = eap
Debug: (7) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/inner-tunnel
Debug: (7) authenticate {
Debug: (7) modsingle[authenticate]: calling eap (rlm_eap)
Debug: (7) eap: Peer sent packet with method EAP Identity (1)
Debug: (7) eap: Calling submodule eap_mschapv2 to process data
Debug: (7) eap_mschapv2: Issuing Challenge
Debug: (7) eap: Sending EAP Request (code 1) ID 8 length 43
Debug: (7) eap: EAP session adding &reply:State = 0xdd839a9add8b801f
Debug: (7) modsingle[authenticate]: returned from eap (rlm_eap)
Debug: (7) [eap] = handled
Debug: (7) } # authenticate = handled
Debug: (7) } # server inner-tunnel
Debug: (7) Virtual server sending reply
Debug: (7) EAP-Message =
0x0108002b1a0108002610434844dc565ffd451886618b17851d1d667265657261646975732d332e302e3136
Debug: (7) Message-Authenticator = 0x00000000000000000000000000000000
Debug: (7) State = 0xdd839a9add8b801f0849ec4832efac1b
Debug: (7) eap_peap: Got tunneled reply code 11
Debug: (7) eap_peap: EAP-Message =
0x0108002b1a0108002610434844dc565ffd451886618b17851d1d667265657261646975732d332e302e3136
Debug: (7) eap_peap: Message-Authenticator =
0x00000000000000000000000000000000
Debug: (7) eap_peap: State = 0xdd839a9add8b801f0849ec4832efac1b
Debug: (7) eap_peap: Got tunneled reply RADIUS code 11
Debug: (7) eap_peap: EAP-Message =
0x0108002b1a0108002610434844dc565ffd451886618b17851d1d667265657261646975732d332e302e3136
Debug: (7) eap_peap: Message-Authenticator =
0x00000000000000000000000000000000
Debug: (7) eap_peap: State = 0xdd839a9add8b801f0849ec4832efac1b
Debug: (7) eap_peap: Got tunneled Access-Challenge
Debug: (7) eap: Sending EAP Request (code 1) ID 8 length 75
Debug: (7) eap: EAP session adding &reply:State = 0x2943cbb82e4bd20f
Debug: (7) modsingle[authenticate]: returned from eap (rlm_eap)
Debug: (7) [eap] = handled
Debug: (7) } # authenticate = handled
Debug: (7) Using Post-Auth-Type Challenge
Debug: (7) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (7) Challenge { ... } # empty sub-section is ignored
Debug: (7) session-state: Nothing to cache
Debug: (7) Sent Access-Challenge Id 7 from 192.168.103.1:1812 to
192.168.103.4:35803 length 0
Debug: (7) EAP-Message =
0x0108004b190017030100408edc3ae6efbc07c472cfc542e9857e9bd52f0e4b3ae3cd7abffcb7a8622de78cf914f2f0598e189bf606db0a07a4c7b175a44d8c640b7a2b0a073470f7989d82
Debug: (7) Message-Authenticator = 0x00000000000000000000000000000000
Debug: (7) State = 0x2943cbb82e4bd20f1f4c032fd1862a21
Debug: (7) Finished request
Debug: Waking up in 4.9 seconds.
Debug: (8) Received Access-Request Id 8 from 192.168.103.4:35803 to
192.168.103.1:1812 length 272
Debug: (8) User-Name = "user001"
Debug: (8) NAS-IP-Address = 127.0.0.1
Debug: (8) Calling-Station-Id = "02-00-00-00-00-01"
Debug: (8) Framed-MTU = 1400
Debug: (8) NAS-Port-Type = Wireless-802.11
Debug: (8) Connect-Info = "CONNECT 11Mbps 802.11b"
Debug: (8) EAP-Message =
0x020800901900170301002016909a115395a0323d9563e5781f2b4db697d4638c88ee7172b3cd9c91bbd3931703010060f3b4652d82b1d03fbedfd9fc7454f767f07084c0aacaa49946245c4501d58aa79c876f482f594bd93bb33b3597457ab70c75f31dd6a92bfcfaca9a43d85a03f44047bb39d0a9f6
Debug: (8) State = 0x2943cbb82e4bd20f1f4c032fd1862a21
Debug: (8) Message-Authenticator = 0x6fb7e37d968169ea17e83c1f74376fe3
Debug: (8) session-state: No cached attributes
Debug: (8) # Executing section authorize from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (8) authorize {
Debug: (8) policy filter_username {
Debug: (8) if (&User-Name) {
Debug: (8) if (&User-Name) -> TRUE
Debug: (8) if (&User-Name) {
Debug: (8) if (&User-Name =~ / /) {
Debug: No matches
Debug: (8) if (&User-Name =~ / /) -> FALSE
Debug: (8) if (&User-Name =~ /@[^@]*@/ ) {
Debug: No matches
Debug: (8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
Debug: (8) if (&User-Name =~ /\.\./ ) {
Debug: No matches
Debug: (8) if (&User-Name =~ /\.\./ ) -> FALSE
Debug: (8) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) {
Debug: No matches
Debug: (8) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) -> FALSE
Debug: (8) if (&User-Name =~ /\.$/) {
Debug: No matches
Debug: (8) if (&User-Name =~ /\.$/) -> FALSE
Debug: (8) if (&User-Name =~ /@\./) {
Debug: No matches
Debug: (8) if (&User-Name =~ /@\./) -> FALSE
Debug: (8) } # if (&User-Name) = notfound
Debug: (8) } # policy filter_username = notfound
Debug: (8) modsingle[authorize]: calling preprocess (rlm_preprocess)
Debug: (8) modsingle[authorize]: returned from preprocess
(rlm_preprocess)
Debug: (8) [preprocess] = ok
Debug: (8) modsingle[authorize]: calling chap (rlm_chap)
Debug: (8) modsingle[authorize]: returned from chap (rlm_chap)
Debug: (8) [chap] = noop
Debug: (8) modsingle[authorize]: calling mschap (rlm_mschap)
Debug: (8) modsingle[authorize]: returned from mschap (rlm_mschap)
Debug: (8) [mschap] = noop
Debug: (8) modsingle[authorize]: calling digest (rlm_digest)
Debug: (8) modsingle[authorize]: returned from digest (rlm_digest)
Debug: (8) [digest] = noop
Debug: (8) modsingle[authorize]: calling suffix (rlm_realm)
Debug: (8) suffix: Checking for suffix after "@"
Debug: (8) suffix: No '@' in User-Name = "user001", looking up realm NULL
Debug: (8) suffix: Found realm "NULL"
Debug: (8) suffix: Adding Stripped-User-Name = "user001"
Debug: (8) suffix: Adding Realm = "NULL"
Debug: (8) suffix: Authentication realm is LOCAL
Debug: (8) modsingle[authorize]: returned from suffix (rlm_realm)
Debug: (8) [suffix] = ok
Debug: (8) modsingle[authorize]: calling eap (rlm_eap)
Debug: (8) eap: Peer sent EAP Response (code 2) ID 8 length 144
Debug: (8) eap: Continuing tunnel setup
Debug: (8) modsingle[authorize]: returned from eap (rlm_eap)
Debug: (8) [eap] = ok
Debug: (8) } # authorize = ok
Debug: (8) Found Auth-Type = eap
Debug: (8) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (8) authenticate {
Debug: (8) modsingle[authenticate]: calling eap (rlm_eap)
Debug: (8) eap: Expiring EAP session with state 0xdd839a9add8b801f
Debug: (8) eap: Finished EAP session with state 0x2943cbb82e4bd20f
Debug: (8) eap: Previous EAP request found for state 0x2943cbb82e4bd20f,
released from the list
Debug: (8) eap: Peer sent packet with method EAP PEAP (25)
Debug: (8) eap: Calling submodule eap_peap to process data
Debug: (8) eap_peap: Continuing EAP-TLS
Debug: (8) eap_peap: Peer sent flags ---
Debug: (8) eap_peap: [eaptls verify] = ok
Debug: (8) eap_peap: Done initial handshake
Debug: (8) eap_peap: [eaptls process] = ok
Debug: (8) eap_peap: Session established. Decoding tunneled attributes
Debug: (8) eap_peap: PEAP state phase2
Debug: (8) eap_peap: EAP method MSCHAPv2 (26)
Debug: (8) eap_peap: Got tunneled request
Debug: (8) eap_peap: EAP-Message =
0x020800421a0208003d31dffbe084cb63e78ecccf21e28bbe241800000000000000007b30af8fc9faff7be191756ab68d7dfa78db08c808f4ba4c0075736572303031
Debug: (8) eap_peap: Setting User-Name to user001
Debug: (8) eap_peap: Sending tunneled request to inner-tunnel
Debug: (8) eap_peap: EAP-Message =
0x020800421a0208003d31dffbe084cb63e78ecccf21e28bbe241800000000000000007b30af8fc9faff7be191756ab68d7dfa78db08c808f4ba4c0075736572303031
Debug: (8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
Debug: (8) eap_peap: User-Name = "user001"
Debug: (8) eap_peap: State = 0xdd839a9add8b801f0849ec4832efac1b
Debug: (8) Virtual server inner-tunnel received request
Debug: (8) EAP-Message =
0x020800421a0208003d31dffbe084cb63e78ecccf21e28bbe241800000000000000007b30af8fc9faff7be191756ab68d7dfa78db08c808f4ba4c0075736572303031
Debug: (8) FreeRADIUS-Proxied-To = 127.0.0.1
Debug: (8) User-Name = "user001"
Debug: (8) State = 0xdd839a9add8b801f0849ec4832efac1b
WARNING: (8) Outer and inner identities are the same. User privacy is
compromised.
Debug: (8) server inner-tunnel {
Debug: (8) session-state: No cached attributes
Debug: (8) # Executing section authorize from file
/usr/local/radius316/etc/raddb/sites-enabled/inner-tunnel
Debug: (8) authorize {
Debug: (8) policy filter_username {
Debug: (8) if (&User-Name) {
Debug: (8) if (&User-Name) -> TRUE
Debug: (8) if (&User-Name) {
Debug: (8) if (&User-Name =~ / /) {
Debug: No matches
Debug: (8) if (&User-Name =~ / /) -> FALSE
Debug: (8) if (&User-Name =~ /@[^@]*@/ ) {
Debug: No matches
Debug: (8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
Debug: (8) if (&User-Name =~ /\.\./ ) {
Debug: No matches
Debug: (8) if (&User-Name =~ /\.\./ ) -> FALSE
Debug: (8) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) {
Debug: No matches
Debug: (8) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) -> FALSE
Debug: (8) if (&User-Name =~ /\.$/) {
Debug: No matches
Debug: (8) if (&User-Name =~ /\.$/) -> FALSE
Debug: (8) if (&User-Name =~ /@\./) {
Debug: No matches
Debug: (8) if (&User-Name =~ /@\./) -> FALSE
Debug: (8) } # if (&User-Name) = notfound
Debug: (8) } # policy filter_username = notfound
Debug: (8) modsingle[authorize]: calling chap (rlm_chap)
Debug: (8) modsingle[authorize]: returned from chap (rlm_chap)
Debug: (8) [chap] = noop
Debug: (8) modsingle[authorize]: calling mschap (rlm_mschap)
Debug: (8) modsingle[authorize]: returned from mschap (rlm_mschap)
Debug: (8) [mschap] = noop
Debug: (8) modsingle[authorize]: calling suffix (rlm_realm)
Debug: (8) suffix: Checking for suffix after "@"
Debug: (8) suffix: No '@' in User-Name = "user001", looking up realm NULL
Debug: (8) suffix: Found realm "NULL"
Debug: (8) suffix: Adding Stripped-User-Name = "user001"
Debug: (8) suffix: Adding Realm = "NULL"
Debug: (8) suffix: Authentication realm is LOCAL
Debug: (8) modsingle[authorize]: returned from suffix (rlm_realm)
Debug: (8) [suffix] = ok
Debug: (8) update control {
Debug: (8) &Proxy-To-Realm := LOCAL
Debug: (8) } # update control = noop
Debug: (8) modsingle[authorize]: calling eap (rlm_eap)
Debug: (8) eap: Peer sent EAP Response (code 2) ID 8 length 66
Debug: (8) eap: No EAP Start, assuming it's an on-going EAP conversation
Debug: (8) modsingle[authorize]: returned from eap (rlm_eap)
Debug: (8) [eap] = updated
Debug: (8) modsingle[authorize]: calling files (rlm_files)
Debug: (8) files: users: Matched entry user001 at line 221
Debug: (8) files: ::: FROM 1 TO 0 MAX 1
Debug: (8) files: ::: Examining Reply-Message
Debug: Hello, %{User-Name}
Debug: Parsed xlat tree:
Debug: literal --> Hello,
Debug: attribute --> User-Name
Debug: (8) files: EXPAND Hello, %{User-Name}
Debug: (8) files: --> Hello, user001
Debug: (8) files: ::: APPENDING Reply-Message FROM 0 TO 0
Debug: (8) files: ::: TO in 0 out 0
Debug: (8) modsingle[authorize]: returned from files (rlm_files)
Debug: (8) [files] = ok
Debug: (8) modsingle[authorize]: calling expiration (rlm_expiration)
Debug: (8) modsingle[authorize]: returned from expiration
(rlm_expiration)
Debug: (8) [expiration] = noop
Debug: (8) modsingle[authorize]: calling logintime (rlm_logintime)
Debug: (8) modsingle[authorize]: returned from logintime
(rlm_logintime)
Debug: (8) [logintime] = noop
Debug: (8) modsingle[authorize]: calling pap (rlm_pap)
WARNING: (8) pap: Auth-Type already set. Not setting to PAP
Debug: (8) modsingle[authorize]: returned from pap (rlm_pap)
Debug: (8) [pap] = noop
Debug: (8) } # authorize = updated
Debug: (8) Found Auth-Type = eap
Debug: (8) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/inner-tunnel
Debug: (8) authenticate {
Debug: (8) modsingle[authenticate]: calling eap (rlm_eap)
Debug: (8) eap: Expiring EAP session with state 0xdd839a9add8b801f
Debug: (8) eap: Finished EAP session with state 0xdd839a9add8b801f
Debug: (8) eap: Previous EAP request found for state 0xdd839a9add8b801f,
released from the list
Debug: (8) eap: Peer sent packet with method EAP MSCHAPv2 (26)
Debug: (8) eap: Calling submodule eap_mschapv2 to process data
Debug: (8) eap_mschapv2: # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/inner-tunnel
Debug: (8) eap_mschapv2: authenticate {
Debug: (8) eap_mschapv2: modsingle[authenticate]: calling mschap
(rlm_mschap)
Debug: (8) mschap: Found Cleartext-Password, hashing to create NT-Password
Debug: (8) mschap: Found Cleartext-Password, hashing to create LM-Password
Debug: (8) mschap: Creating challenge hash with username: user001
Debug: (8) mschap: Client is using MS-CHAPv2
Debug: (8) mschap: Adding MS-CHAPv2 MPPE keys
Debug: (8) modsingle[authenticate]: returned from mschap (rlm_mschap)
Debug: (8) [mschap] = ok
Debug: (8) } # authenticate = ok
Debug: (8) MSCHAP Success
Debug: (8) eap: Sending EAP Request (code 1) ID 9 length 51
Debug: (8) eap: EAP session adding &reply:State = 0xdd839a9adc8a801f
Debug: (8) modsingle[authenticate]: returned from eap (rlm_eap)
Debug: (8) [eap] = handled
Debug: (8) } # authenticate = handled
Debug: (8) } # server inner-tunnel
Debug: (8) Virtual server sending reply
Debug: (8) Reply-Message = "Hello, user001"
Debug: (8) EAP-Message =
0x010900331a0308002e533d46424134344533344236334434394632443445344338433338374144443936303438353030423942
Debug: (8) Message-Authenticator = 0x00000000000000000000000000000000
Debug: (8) State = 0xdd839a9adc8a801f0849ec4832efac1b
Debug: (8) eap_peap: Got tunneled reply code 11
Debug: (8) eap_peap: Reply-Message = "Hello, user001"
Debug: (8) eap_peap: EAP-Message =
0x010900331a0308002e533d46424134344533344236334434394632443445344338433338374144443936303438353030423942
Debug: (8) eap_peap: Message-Authenticator =
0x00000000000000000000000000000000
Debug: (8) eap_peap: State = 0xdd839a9adc8a801f0849ec4832efac1b
Debug: (8) eap_peap: Got tunneled reply RADIUS code 11
Debug: (8) eap_peap: Reply-Message = "Hello, user001"
Debug: (8) eap_peap: EAP-Message =
0x010900331a0308002e533d46424134344533344236334434394632443445344338433338374144443936303438353030423942
Debug: (8) eap_peap: Message-Authenticator =
0x00000000000000000000000000000000
Debug: (8) eap_peap: State = 0xdd839a9adc8a801f0849ec4832efac1b
Debug: (8) eap_peap: Got tunneled Access-Challenge
Debug: (8) eap: Sending EAP Request (code 1) ID 9 length 91
Debug: (8) eap: EAP session adding &reply:State = 0x2943cbb8214ad20f
Debug: (8) modsingle[authenticate]: returned from eap (rlm_eap)
Debug: (8) [eap] = handled
Debug: (8) } # authenticate = handled
Debug: (8) Using Post-Auth-Type Challenge
Debug: (8) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (8) Challenge { ... } # empty sub-section is ignored
Debug: (8) session-state: Nothing to cache
Debug: (8) Sent Access-Challenge Id 8 from 192.168.103.1:1812 to
192.168.103.4:35803 length 0
Debug: (8) EAP-Message =
0x0109005b19001703010050026c4b63f2767496800d97e7d870ddb7a23d111ad9512d7286ce85a42d24e5637ea21a5ffff590bd27160c8991e24c7b7f081024cadd8bb0924ae5a41ad73c6e2df7cd2a7fe51c4b97b9ba41cb1ea438
Debug: (8) Message-Authenticator = 0x00000000000000000000000000000000
Debug: (8) State = 0x2943cbb8214ad20f1f4c032fd1862a21
Debug: (8) Finished request
Debug: Waking up in 4.9 seconds.
Debug: (9) Received Access-Request Id 9 from 192.168.103.4:35803 to
192.168.103.1:1812 length 208
Debug: (9) User-Name = "user001"
Debug: (9) NAS-IP-Address = 127.0.0.1
Debug: (9) Calling-Station-Id = "02-00-00-00-00-01"
Debug: (9) Framed-MTU = 1400
Debug: (9) NAS-Port-Type = Wireless-802.11
Debug: (9) Connect-Info = "CONNECT 11Mbps 802.11b"
Debug: (9) EAP-Message =
0x0209005019001703010020e6b2cca18ea3e00655346abc1915d85ffa1fed44d57777ab5ffeb345848ca06f1703010020a4d333dc756b3fc6597302e21839dc5d42345f8a4b5ac4fa592edbc5f427e4d5
Debug: (9) State = 0x2943cbb8214ad20f1f4c032fd1862a21
Debug: (9) Message-Authenticator = 0x989fa5998f7dc32799916347db85c2f0
Debug: (9) session-state: No cached attributes
Debug: (9) # Executing section authorize from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (9) authorize {
Debug: (9) policy filter_username {
Debug: (9) if (&User-Name) {
Debug: (9) if (&User-Name) -> TRUE
Debug: (9) if (&User-Name) {
Debug: (9) if (&User-Name =~ / /) {
Debug: No matches
Debug: (9) if (&User-Name =~ / /) -> FALSE
Debug: (9) if (&User-Name =~ /@[^@]*@/ ) {
Debug: No matches
Debug: (9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
Debug: (9) if (&User-Name =~ /\.\./ ) {
Debug: No matches
Debug: (9) if (&User-Name =~ /\.\./ ) -> FALSE
Debug: (9) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) {
Debug: No matches
Debug: (9) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) -> FALSE
Debug: (9) if (&User-Name =~ /\.$/) {
Debug: No matches
Debug: (9) if (&User-Name =~ /\.$/) -> FALSE
Debug: (9) if (&User-Name =~ /@\./) {
Debug: No matches
Debug: (9) if (&User-Name =~ /@\./) -> FALSE
Debug: (9) } # if (&User-Name) = notfound
Debug: (9) } # policy filter_username = notfound
Debug: (9) modsingle[authorize]: calling preprocess (rlm_preprocess)
Debug: (9) modsingle[authorize]: returned from preprocess
(rlm_preprocess)
Debug: (9) [preprocess] = ok
Debug: (9) modsingle[authorize]: calling chap (rlm_chap)
Debug: (9) modsingle[authorize]: returned from chap (rlm_chap)
Debug: (9) [chap] = noop
Debug: (9) modsingle[authorize]: calling mschap (rlm_mschap)
Debug: (9) modsingle[authorize]: returned from mschap (rlm_mschap)
Debug: (9) [mschap] = noop
Debug: (9) modsingle[authorize]: calling digest (rlm_digest)
Debug: (9) modsingle[authorize]: returned from digest (rlm_digest)
Debug: (9) [digest] = noop
Debug: (9) modsingle[authorize]: calling suffix (rlm_realm)
Debug: (9) suffix: Checking for suffix after "@"
Debug: (9) suffix: No '@' in User-Name = "user001", looking up realm NULL
Debug: (9) suffix: Found realm "NULL"
Debug: (9) suffix: Adding Stripped-User-Name = "user001"
Debug: (9) suffix: Adding Realm = "NULL"
Debug: (9) suffix: Authentication realm is LOCAL
Debug: (9) modsingle[authorize]: returned from suffix (rlm_realm)
Debug: (9) [suffix] = ok
Debug: (9) modsingle[authorize]: calling eap (rlm_eap)
Debug: (9) eap: Peer sent EAP Response (code 2) ID 9 length 80
Debug: (9) eap: Continuing tunnel setup
Debug: (9) modsingle[authorize]: returned from eap (rlm_eap)
Debug: (9) [eap] = ok
Debug: (9) } # authorize = ok
Debug: (9) Found Auth-Type = eap
Debug: (9) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (9) authenticate {
Debug: (9) modsingle[authenticate]: calling eap (rlm_eap)
Debug: (9) eap: Expiring EAP session with state 0xdd839a9adc8a801f
Debug: (9) eap: Finished EAP session with state 0x2943cbb8214ad20f
Debug: (9) eap: Previous EAP request found for state 0x2943cbb8214ad20f,
released from the list
Debug: (9) eap: Peer sent packet with method EAP PEAP (25)
Debug: (9) eap: Calling submodule eap_peap to process data
Debug: (9) eap_peap: Continuing EAP-TLS
Debug: (9) eap_peap: Peer sent flags ---
Debug: (9) eap_peap: [eaptls verify] = ok
Debug: (9) eap_peap: Done initial handshake
Debug: (9) eap_peap: [eaptls process] = ok
Debug: (9) eap_peap: Session established. Decoding tunneled attributes
Debug: (9) eap_peap: PEAP state phase2
Debug: (9) eap_peap: EAP method MSCHAPv2 (26)
Debug: (9) eap_peap: Got tunneled request
Debug: (9) eap_peap: EAP-Message = 0x020900061a03
Debug: (9) eap_peap: Setting User-Name to user001
Debug: (9) eap_peap: Sending tunneled request to inner-tunnel
Debug: (9) eap_peap: EAP-Message = 0x020900061a03
Debug: (9) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
Debug: (9) eap_peap: User-Name = "user001"
Debug: (9) eap_peap: State = 0xdd839a9adc8a801f0849ec4832efac1b
Debug: (9) Virtual server inner-tunnel received request
Debug: (9) EAP-Message = 0x020900061a03
Debug: (9) FreeRADIUS-Proxied-To = 127.0.0.1
Debug: (9) User-Name = "user001"
Debug: (9) State = 0xdd839a9adc8a801f0849ec4832efac1b
WARNING: (9) Outer and inner identities are the same. User privacy is
compromised.
Debug: (9) server inner-tunnel {
Debug: (9) session-state: No cached attributes
Debug: (9) # Executing section authorize from file
/usr/local/radius316/etc/raddb/sites-enabled/inner-tunnel
Debug: (9) authorize {
Debug: (9) policy filter_username {
Debug: (9) if (&User-Name) {
Debug: (9) if (&User-Name) -> TRUE
Debug: (9) if (&User-Name) {
Debug: (9) if (&User-Name =~ / /) {
Debug: No matches
Debug: (9) if (&User-Name =~ / /) -> FALSE
Debug: (9) if (&User-Name =~ /@[^@]*@/ ) {
Debug: No matches
Debug: (9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
Debug: (9) if (&User-Name =~ /\.\./ ) {
Debug: No matches
Debug: (9) if (&User-Name =~ /\.\./ ) -> FALSE
Debug: (9) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) {
Debug: No matches
Debug: (9) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) -> FALSE
Debug: (9) if (&User-Name =~ /\.$/) {
Debug: No matches
Debug: (9) if (&User-Name =~ /\.$/) -> FALSE
Debug: (9) if (&User-Name =~ /@\./) {
Debug: No matches
Debug: (9) if (&User-Name =~ /@\./) -> FALSE
Debug: (9) } # if (&User-Name) = notfound
Debug: (9) } # policy filter_username = notfound
Debug: (9) modsingle[authorize]: calling chap (rlm_chap)
Debug: (9) modsingle[authorize]: returned from chap (rlm_chap)
Debug: (9) [chap] = noop
Debug: (9) modsingle[authorize]: calling mschap (rlm_mschap)
Debug: (9) modsingle[authorize]: returned from mschap (rlm_mschap)
Debug: (9) [mschap] = noop
Debug: (9) modsingle[authorize]: calling suffix (rlm_realm)
Debug: (9) suffix: Checking for suffix after "@"
Debug: (9) suffix: No '@' in User-Name = "user001", looking up realm NULL
Debug: (9) suffix: Found realm "NULL"
Debug: (9) suffix: Adding Stripped-User-Name = "user001"
Debug: (9) suffix: Adding Realm = "NULL"
Debug: (9) suffix: Authentication realm is LOCAL
Debug: (9) modsingle[authorize]: returned from suffix (rlm_realm)
Debug: (9) [suffix] = ok
Debug: (9) update control {
Debug: (9) &Proxy-To-Realm := LOCAL
Debug: (9) } # update control = noop
Debug: (9) modsingle[authorize]: calling eap (rlm_eap)
Debug: (9) eap: Peer sent EAP Response (code 2) ID 9 length 6
Debug: (9) eap: No EAP Start, assuming it's an on-going EAP conversation
Debug: (9) modsingle[authorize]: returned from eap (rlm_eap)
Debug: (9) [eap] = updated
Debug: (9) modsingle[authorize]: calling files (rlm_files)
Debug: (9) files: users: Matched entry user001 at line 221
Debug: (9) files: ::: FROM 1 TO 0 MAX 1
Debug: (9) files: ::: Examining Reply-Message
Debug: Hello, %{User-Name}
Debug: Parsed xlat tree:
Debug: literal --> Hello,
Debug: attribute --> User-Name
Debug: (9) files: EXPAND Hello, %{User-Name}
Debug: (9) files: --> Hello, user001
Debug: (9) files: ::: APPENDING Reply-Message FROM 0 TO 0
Debug: (9) files: ::: TO in 0 out 0
Debug: (9) modsingle[authorize]: returned from files (rlm_files)
Debug: (9) [files] = ok
Debug: (9) modsingle[authorize]: calling expiration (rlm_expiration)
Debug: (9) modsingle[authorize]: returned from expiration
(rlm_expiration)
Debug: (9) [expiration] = noop
Debug: (9) modsingle[authorize]: calling logintime (rlm_logintime)
Debug: (9) modsingle[authorize]: returned from logintime
(rlm_logintime)
Debug: (9) [logintime] = noop
Debug: (9) modsingle[authorize]: calling pap (rlm_pap)
WARNING: (9) pap: Auth-Type already set. Not setting to PAP
Debug: (9) modsingle[authorize]: returned from pap (rlm_pap)
Debug: (9) [pap] = noop
Debug: (9) } # authorize = updated
Debug: (9) Found Auth-Type = eap
Debug: (9) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/inner-tunnel
Debug: (9) authenticate {
Debug: (9) modsingle[authenticate]: calling eap (rlm_eap)
Debug: (9) eap: Expiring EAP session with state 0xdd839a9adc8a801f
Debug: (9) eap: Finished EAP session with state 0xdd839a9adc8a801f
Debug: (9) eap: Previous EAP request found for state 0xdd839a9adc8a801f,
released from the list
Debug: (9) eap: Peer sent packet with method EAP MSCHAPv2 (26)
Debug: (9) eap: Calling submodule eap_mschapv2 to process data
Debug: (9) eap: Sending EAP Success (code 3) ID 9 length 4
Debug: (9) eap: Freeing handler
Debug: (9) modsingle[authenticate]: returned from eap (rlm_eap)
Debug: (9) [eap] = ok
Debug: (9) } # authenticate = ok
Debug: (9) # Executing section post-auth from file
/usr/local/radius316/etc/raddb/sites-enabled/inner-tunnel
Debug: (9) post-auth {
Debug: (9) if (0) {
Debug: (9) if (0) -> FALSE
Debug: (9) } # post-auth = noop
Debug: (9) } # server inner-tunnel
Debug: (9) Virtual server sending reply
Debug: (9) Reply-Message = "Hello, user001"
Debug: (9) MS-MPPE-Encryption-Policy = Encryption-Allowed
Debug: (9) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
Debug: (9) MS-MPPE-Send-Key = 0x52f0a4d62c799846cb66b0c4b9facf46
Debug: (9) MS-MPPE-Recv-Key = 0x85e293c68203953767f28f443264f752
Debug: (9) EAP-Message = 0x03090004
Debug: (9) Message-Authenticator = 0x00000000000000000000000000000000
Debug: (9) Stripped-User-Name = "user001"
Debug: (9) eap_peap: Got tunneled reply code 2
Debug: (9) eap_peap: Reply-Message = "Hello, user001"
Debug: (9) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed
Debug: (9) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
Debug: (9) eap_peap: MS-MPPE-Send-Key = 0x52f0a4d62c799846cb66b0c4b9facf46
Debug: (9) eap_peap: MS-MPPE-Recv-Key = 0x85e293c68203953767f28f443264f752
Debug: (9) eap_peap: EAP-Message = 0x03090004
Debug: (9) eap_peap: Message-Authenticator =
0x00000000000000000000000000000000
Debug: (9) eap_peap: Stripped-User-Name = "user001"
Debug: (9) eap_peap: Got tunneled reply RADIUS code 2
Debug: (9) eap_peap: Reply-Message = "Hello, user001"
Debug: (9) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed
Debug: (9) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
Debug: (9) eap_peap: MS-MPPE-Send-Key = 0x52f0a4d62c799846cb66b0c4b9facf46
Debug: (9) eap_peap: MS-MPPE-Recv-Key = 0x85e293c68203953767f28f443264f752
Debug: (9) eap_peap: EAP-Message = 0x03090004
Debug: (9) eap_peap: Message-Authenticator =
0x00000000000000000000000000000000
Debug: (9) eap_peap: Stripped-User-Name = "user001"
Debug: (9) eap_peap: Tunneled authentication was successful
Debug: (9) eap_peap: SUCCESS
Debug: (9) eap: Sending EAP Request (code 1) ID 10 length 43
Debug: (9) eap: EAP session adding &reply:State = 0x2943cbb82049d20f
Debug: (9) modsingle[authenticate]: returned from eap (rlm_eap)
Debug: (9) [eap] = handled
Debug: (9) } # authenticate = handled
Debug: (9) Using Post-Auth-Type Challenge
Debug: (9) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (9) Challenge { ... } # empty sub-section is ignored
Debug: (9) session-state: Nothing to cache
Debug: (9) Sent Access-Challenge Id 9 from 192.168.103.1:1812 to
192.168.103.4:35803 length 0
Debug: (9) EAP-Message =
0x010a002b19001703010020233db118534b880c9726d364a32d21a9fe91b240bf59d137d9031d058232679b
Debug: (9) Message-Authenticator = 0x00000000000000000000000000000000
Debug: (9) State = 0x2943cbb82049d20f1f4c032fd1862a21
Debug: (9) Finished request
Debug: Waking up in 4.9 seconds.
Debug: (10) Received Access-Request Id 10 from 192.168.103.4:35803 to
192.168.103.1:1812 length 208
Debug: (10) User-Name = "user001"
Debug: (10) NAS-IP-Address = 127.0.0.1
Debug: (10) Calling-Station-Id = "02-00-00-00-00-01"
Debug: (10) Framed-MTU = 1400
Debug: (10) NAS-Port-Type = Wireless-802.11
Debug: (10) Connect-Info = "CONNECT 11Mbps 802.11b"
Debug: (10) EAP-Message =
0x020a0050190017030100209f98e0fbaed989b14b18056301932f1fccb40f29ee0f24c7040aecb0c411d5d11703010020cefc95176eada8f429f4fd2a60ea5fd3cd9367e7d28bfe8f5de5368909ab46eb
Debug: (10) State = 0x2943cbb82049d20f1f4c032fd1862a21
Debug: (10) Message-Authenticator = 0x60fb779e75a1882a2076f91a7d3b9aa1
Debug: (10) session-state: No cached attributes
Debug: (10) # Executing section authorize from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (10) authorize {
Debug: (10) policy filter_username {
Debug: (10) if (&User-Name) {
Debug: (10) if (&User-Name) -> TRUE
Debug: (10) if (&User-Name) {
Debug: (10) if (&User-Name =~ / /) {
Debug: No matches
Debug: (10) if (&User-Name =~ / /) -> FALSE
Debug: (10) if (&User-Name =~ /@[^@]*@/ ) {
Debug: No matches
Debug: (10) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
Debug: (10) if (&User-Name =~ /\.\./ ) {
Debug: No matches
Debug: (10) if (&User-Name =~ /\.\./ ) -> FALSE
Debug: (10) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) {
Debug: No matches
Debug: (10) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) -> FALSE
Debug: (10) if (&User-Name =~ /\.$/) {
Debug: No matches
Debug: (10) if (&User-Name =~ /\.$/) -> FALSE
Debug: (10) if (&User-Name =~ /@\./) {
Debug: No matches
Debug: (10) if (&User-Name =~ /@\./) -> FALSE
Debug: (10) } # if (&User-Name) = notfound
Debug: (10) } # policy filter_username = notfound
Debug: (10) modsingle[authorize]: calling preprocess (rlm_preprocess)
Debug: (10) modsingle[authorize]: returned from preprocess
(rlm_preprocess)
Debug: (10) [preprocess] = ok
Debug: (10) modsingle[authorize]: calling chap (rlm_chap)
Debug: (10) modsingle[authorize]: returned from chap (rlm_chap)
Debug: (10) [chap] = noop
Debug: (10) modsingle[authorize]: calling mschap (rlm_mschap)
Debug: (10) modsingle[authorize]: returned from mschap (rlm_mschap)
Debug: (10) [mschap] = noop
Debug: (10) modsingle[authorize]: calling digest (rlm_digest)
Debug: (10) modsingle[authorize]: returned from digest (rlm_digest)
Debug: (10) [digest] = noop
Debug: (10) modsingle[authorize]: calling suffix (rlm_realm)
Debug: (10) suffix: Checking for suffix after "@"
Debug: (10) suffix: No '@' in User-Name = "user001", looking up realm NULL
Debug: (10) suffix: Found realm "NULL"
Debug: (10) suffix: Adding Stripped-User-Name = "user001"
Debug: (10) suffix: Adding Realm = "NULL"
Debug: (10) suffix: Authentication realm is LOCAL
Debug: (10) modsingle[authorize]: returned from suffix (rlm_realm)
Debug: (10) [suffix] = ok
Debug: (10) modsingle[authorize]: calling eap (rlm_eap)
Debug: (10) eap: Peer sent EAP Response (code 2) ID 10 length 80
Debug: (10) eap: Continuing tunnel setup
Debug: (10) modsingle[authorize]: returned from eap (rlm_eap)
Debug: (10) [eap] = ok
Debug: (10) } # authorize = ok
Debug: (10) Found Auth-Type = eap
Debug: (10) # Executing group from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (10) authenticate {
Debug: (10) modsingle[authenticate]: calling eap (rlm_eap)
Debug: (10) eap: Expiring EAP session with state 0x2943cbb82049d20f
Debug: (10) eap: Finished EAP session with state 0x2943cbb82049d20f
Debug: (10) eap: Previous EAP request found for state 0x2943cbb82049d20f,
released from the list
Debug: (10) eap: Peer sent packet with method EAP PEAP (25)
Debug: (10) eap: Calling submodule eap_peap to process data
Debug: (10) eap_peap: Continuing EAP-TLS
Debug: (10) eap_peap: Peer sent flags ---
Debug: (10) eap_peap: [eaptls verify] = ok
Debug: (10) eap_peap: Done initial handshake
Debug: (10) eap_peap: [eaptls process] = ok
Debug: (10) eap_peap: Session established. Decoding tunneled attributes
Debug: (10) eap_peap: PEAP state send tlv success
Debug: (10) eap_peap: Received EAP-TLV response
Debug: (10) eap_peap: Success
Debug: (10) eap: Sending EAP Success (code 3) ID 10 length 4
Debug: (10) eap: Freeing handler
Debug: (10) modsingle[authenticate]: returned from eap (rlm_eap)
Debug: (10) [eap] = ok
Debug: (10) } # authenticate = ok
Debug: (10) # Executing section post-auth from file
/usr/local/radius316/etc/raddb/sites-enabled/default
Debug: (10) post-auth {
Debug: (10) update {
Debug: (10) No attributes updated
Debug: (10) } # update = noop
Debug: (10) modsingle[post-auth]: calling exec (rlm_exec)
Debug: (10) modsingle[post-auth]: returned from exec (rlm_exec)
Debug: (10) [exec] = noop
Debug: (10) policy remove_reply_message_if_eap {
Debug: (10) if (&reply:EAP-Message && &reply:Reply-Message) {
Debug: (10) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
Debug: (10) else {
Debug: (10) modsingle[post-auth]: calling noop (rlm_always)
Debug: (10) modsingle[post-auth]: returned from noop (rlm_always)
Debug: (10) [noop] = noop
Debug: (10) } # else = noop
Debug: (10) } # policy remove_reply_message_if_eap = noop
Debug: (10) } # post-auth = noop
Debug: (10) Sent Access-Accept Id 10 from 192.168.103.1:1812 to
192.168.103.4:35803 length 0
Debug: (10) MS-MPPE-Recv-Key =
0x944325c05f97f4830c134ea2d9a743585de3623d6cba3c41f5f1905d1f7d3bfb
Debug: (10) MS-MPPE-Send-Key =
0xafdf7f18840c908f1f8a10d22abb6a50375a288c13751155ab0f94042c84886e
Debug: (10) EAP-Message = 0x030a0004
Debug: (10) Message-Authenticator = 0x00000000000000000000000000000000
Debug: (10) Finished request
Debug: Waking up in 4.6 seconds.
----------------------------------------
etokaoru
More information about the Freeradius-Users
mailing list