EAP-FAST with FreeRADIUS 3.0.18
Sergio NNX
sfhacker at hotmail.com
Mon Mar 4 14:43:31 CET 2019
We have recently upgraded FR to 3.0.18 and, after that, EAP-FAST stopped working. Any pointers will be appreciated.
We are using exactly the same config files (or configuration) and username as for FR 3.0.16.
This is the debug output:
<snip>
Ready to process requests
(0) Received Access-Request Id 0 from 127.0.0.1:49204 to 0.0.0.0:1812 length 122
(0) User-Name = "1234"
(0) NAS-IP-Address = 127.0.0.1
(0) Calling-Station-Id = "02-00-00-00-00-01"
(0) Framed-MTU = 1400
(0) NAS-Port-Type = Wireless-802.11
(0) Service-Type = Framed-User
(0) Connect-Info = "CONNECT 11Mbps 802.11b"
(0) EAP-Message = 0x021c00090131323334
(0) Message-Authenticator = 0x9595390c5fd44a0ccce57a3fede5a6e1
(0) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(0) authorize {
(0) policy filter_username {
(0) if (&User-Name) {
(0) if (&User-Name) -> TRUE
(0) if (&User-Name) {
(0) if (&User-Name =~ / /) {
(0) if (&User-Name =~ / /) -> FALSE
(0) if (&User-Name =~ /@[^@]*@/ ) {
(0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(0) if (&User-Name =~ /\.\./ ) {
(0) if (&User-Name =~ /\.\./ ) -> FALSE
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(0) if (&User-Name =~ /\.$/) {
(0) if (&User-Name =~ /\.$/) -> FALSE
(0) if (&User-Name =~ /@\./) {
(0) if (&User-Name =~ /@\./) -> FALSE
(0) } # if (&User-Name) = notfound
(0) } # policy filter_username = notfound
(0) [preprocess] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "1234", looking up realm NULL
(0) suffix: No such realm "NULL"
(0) [suffix] = noop
(0) eap: Peer sent EAP Response (code 2) ID 28 length 9
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(0) [eap] = ok
(0) } # authorize = ok
(0) Found Auth-Type = eap
(0) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(0) authenticate {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Calling submodule eap_md5 to process data
(0) eap_md5: Issuing MD5 Challenge
(0) eap: Sending EAP Request (code 1) ID 29 length 22
(0) eap: EAP session adding &reply:State = 0xf540c2dff55dc67c
(0) [eap] = handled
(0) } # authenticate = handled
(0) Using Post-Auth-Type Challenge
(0) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(0) Challenge { ... } # empty sub-section is ignored
(0) Sent Access-Challenge Id 0 from 0.0.0.0:1812 to 127.0.0.1:49204 length 0
(0) EAP-Message = 0x011d00160410ac61f64094e18473ade4269472ec8adb
(0) Message-Authenticator = 0x00000000000000000000000000000000
(0) State = 0xf540c2dff55dc67c76779efebe71ec85
(0) Finished request
Waking up in 5.0 seconds.
(1) Received Access-Request Id 1 from 127.0.0.1:49204 to 0.0.0.0:1812 length 137
(1) User-Name = "1234"
(1) NAS-IP-Address = 127.0.0.1
(1) Calling-Station-Id = "02-00-00-00-00-01"
(1) Framed-MTU = 1400
(1) NAS-Port-Type = Wireless-802.11
(1) Service-Type = Framed-User
(1) Connect-Info = "CONNECT 11Mbps 802.11b"
(1) EAP-Message = 0x021d0006032b
(1) State = 0xf540c2dff55dc67c76779efebe71ec85
(1) Message-Authenticator = 0x4846d98467d5a0127cf502d55e85f521
(1) session-state: No cached attributes
(1) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(1) authorize {
(1) policy filter_username {
(1) if (&User-Name) {
(1) if (&User-Name) -> TRUE
(1) if (&User-Name) {
(1) if (&User-Name =~ / /) {
(1) if (&User-Name =~ / /) -> FALSE
(1) if (&User-Name =~ /@[^@]*@/ ) {
(1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(1) if (&User-Name =~ /\.\./ ) {
(1) if (&User-Name =~ /\.\./ ) -> FALSE
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(1) if (&User-Name =~ /\.$/) {
(1) if (&User-Name =~ /\.$/) -> FALSE
(1) if (&User-Name =~ /@\./) {
(1) if (&User-Name =~ /@\./) -> FALSE
(1) } # if (&User-Name) = notfound
(1) } # policy filter_username = notfound
(1) [preprocess] = ok
(1) [chap] = noop
(1) [mschap] = noop
(1) [digest] = noop
(1) suffix: Checking for suffix after "@"
(1) suffix: No '@' in User-Name = "1234", looking up realm NULL
(1) suffix: No such realm "NULL"
(1) [suffix] = noop
(1) eap: Peer sent EAP Response (code 2) ID 29 length 6
(1) eap: No EAP Start, assuming it's an on-going EAP conversation
(1) [eap] = updated
(1) [files] = noop
(1) [expiration] = noop
(1) [logintime] = noop
Not doing PAP as Auth-Type is already set.
(1) [pap] = noop
(1) } # authorize = updated
(1) Found Auth-Type = eap
(1) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(1) authenticate {
(1) eap: Expiring EAP session with state 0xf540c2dff55dc67c
(1) eap: Finished EAP session with state 0xf540c2dff55dc67c
(1) eap: Previous EAP request found for state 0xf540c2dff55dc67c, released from the list
(1) eap: Peer sent packet with method EAP NAK (3)
(1) eap: Found mutually acceptable type FAST (43)
(1) eap: Calling submodule eap_fast to process data
(1) eap_fast: Initiating new TLS session
(1) eap_fast: Over-riding main cipher list with 'ALL:!EXPORT:!eNULL:!SSLv2:@SECLEVEL=0'
(1) eap: Sending EAP Request (code 1) ID 30 length 26
(1) eap: EAP session adding &reply:State = 0xf540c2dff45ee97c
(1) [eap] = handled
(1) } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(1) Challenge { ... } # empty sub-section is ignored
(1) Sent Access-Challenge Id 1 from 0.0.0.0:1812 to 127.0.0.1:49204 length 0
(1) EAP-Message = 0x011e001a2b210004001081dc9bdb52d04dc20036dbd8313ed055
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0xf540c2dff45ee97c76779efebe71ec85
(1) Finished request
Waking up in 4.8 seconds.
(2) Received Access-Request Id 2 from 127.0.0.1:49204 to 0.0.0.0:1812 length 251
(2) User-Name = "1234"
(2) NAS-IP-Address = 127.0.0.1
(2) Calling-Station-Id = "02-00-00-00-00-01"
(2) Framed-MTU = 1400
(2) NAS-Port-Type = Wireless-802.11
(2) Service-Type = Framed-User
(2) Connect-Info = "CONNECT 11Mbps 802.11b"
(2) EAP-Message = 0x021e00782b01160301006d0100006903038acbcbfc969276fb0e0518c403095b1be72236a7ef8f58e712ba57da668c1135000004003400ff0100003c0016000000170000000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602
(2) State = 0xf540c2dff45ee97c76779efebe71ec85
(2) Message-Authenticator = 0x6859a98df1727d3af2c5ef58574ca780
(2) session-state: No cached attributes
(2) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(2) authorize {
(2) policy filter_username {
(2) if (&User-Name) {
(2) if (&User-Name) -> TRUE
(2) if (&User-Name) {
(2) if (&User-Name =~ / /) {
(2) if (&User-Name =~ / /) -> FALSE
(2) if (&User-Name =~ /@[^@]*@/ ) {
(2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(2) if (&User-Name =~ /\.\./ ) {
(2) if (&User-Name =~ /\.\./ ) -> FALSE
(2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(2) if (&User-Name =~ /\.$/) {
(2) if (&User-Name =~ /\.$/) -> FALSE
(2) if (&User-Name =~ /@\./) {
(2) if (&User-Name =~ /@\./) -> FALSE
(2) } # if (&User-Name) = notfound
(2) } # policy filter_username = notfound
(2) [preprocess] = ok
(2) [chap] = noop
(2) [mschap] = noop
(2) [digest] = noop
(2) suffix: Checking for suffix after "@"
(2) suffix: No '@' in User-Name = "1234", looking up realm NULL
(2) suffix: No such realm "NULL"
(2) [suffix] = noop
(2) eap: Peer sent EAP Response (code 2) ID 30 length 120
(2) eap: No EAP Start, assuming it's an on-going EAP conversation
(2) [eap] = updated
(2) [files] = noop
(2) [expiration] = noop
(2) [logintime] = noop
Not doing PAP as Auth-Type is already set.
(2) [pap] = noop
(2) } # authorize = updated
(2) Found Auth-Type = eap
(2) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(2) authenticate {
(2) eap: Expiring EAP session with state 0xf540c2dff45ee97c
(2) eap: Finished EAP session with state 0xf540c2dff45ee97c
(2) eap: Previous EAP request found for state 0xf540c2dff45ee97c, released from the list
(2) eap: Peer sent packet with method EAP FAST (43)
(2) eap: Calling submodule eap_fast to process data
(2) eap_fast: Authenticate
(2) eap_fast: Continuing EAP-TLS
(2) eap_fast: [eaptls verify] = ok
(2) eap_fast: Done initial handshake
(2) eap_fast: (other): before SSL initialization
(2) eap_fast: TLS_accept: before SSL initialization
(2) eap_fast: TLS_accept: before SSL initialization
(2) eap_fast: <<< recv TLS 1.3 [length 006d]
(2) eap_fast: TLS_accept: SSLv3/TLS read client hello
(2) eap_fast: >>> send TLS 1.1 [length 0039]
(2) eap_fast: TLS_accept: SSLv3/TLS write server hello
(2) eap_fast: >>> send TLS 1.1 [length 010b]
(2) eap_fast: TLS_accept: SSLv3/TLS write key exchange
(2) eap_fast: >>> send TLS 1.1 [length 0004]
(2) eap_fast: TLS_accept: SSLv3/TLS write server done
(2) eap_fast: TLS_accept: Need to read more data: SSLv3/TLS write server done
(2) eap_fast: TLS - In Handshake Phase
(2) eap_fast: TLS - got 343 bytes of data
(2) eap_fast: [eaptls process] = handled
(2) eap: Sending EAP Request (code 1) ID 31 length 349
(2) eap: EAP session adding &reply:State = 0xf540c2dff75fe97c
(2) [eap] = handled
(2) } # authenticate = handled
(2) Using Post-Auth-Type Challenge
(2) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(2) Challenge { ... } # empty sub-section is ignored
(2) Sent Access-Challenge Id 2 from 0.0.0.0:1812 to 127.0.0.1:49204 length 0
(2) EAP-Message = 0x011f015d2b011603020039020000350302cc8669f3184b48d3359ecb19037cd7a9e200e7e379a2850c22188448c3b64fe900003400000dff010001000016000000170000160302010b0c0001070080c8ddbb8a072e74a5ca13d31d8db294878ca03afa611f23c7e8be9b6a1619282a498d7a01c0e5756ffff663dbde2046394f48f1affa990ccd08a181e013f81968e4bfc93019d0228dff8cdea67cb8dbaae69885ed3dd29914cb1fe36797fca043f27da21cc9a7b08a7dee3abeacae9d280a6ff78d26de8a3fb9e1a4bef720e1fb000102008035af77841ab14f4fc4fc02d2c47fae7ea00ec9684e2bdf117c0c767e5ceb382a2bfdda9376cc70a19df58549a03aa128d546ebeae2d59f00c9ee0f6a9909706dc1f02ead0089f02afb66fba38d0ab519dadadabfdd6b0ad34e95560e94078f5d1501276f6173f6f8317ca4ec521fdb3f5f66671d2c010f5d97b6426eb84195ba16030200040e000000
(2) Message-Authenticator = 0x00000000000000000000000000000000
(2) State = 0xf540c2dff75fe97c76779efebe71ec85
(2) Finished request
Waking up in 4.7 seconds.
(3) Received Access-Request Id 3 from 127.0.0.1:49204 to 0.0.0.0:1812 length 355
(3) User-Name = "1234"
(3) NAS-IP-Address = 127.0.0.1
(3) Calling-Station-Id = "02-00-00-00-00-01"
(3) Framed-MTU = 1400
(3) NAS-Port-Type = Wireless-802.11
(3) Service-Type = Framed-User
(3) Connect-Info = "CONNECT 11Mbps 802.11b"
(3) EAP-Message = 0x021f00e02b01160302008610000082008091b1bc9afe7f5e45ca9ab808449356e28927ad7abc9f7d564819aa3ef72df210f2832bcb4633ed299e2107e7a6dc83580269ec749f0be3053bf5dea1bcbb2f29ee3ce23ae1ab45535238ca7af7b4157768ca9abec4470c42aa0c3d5bc74d2da819a905675ca4a0eda4f722b30d3529335531d21a0d3ec7fbfbcf6d1a82c4a3c51403020001011603020044043eb85621fe819171d4c29f9a166af39d50a603c363f204df4a2005587f397671e5cba5df33955be39c1d819de9931e6486e85328887ba91e7b5217e7ce00183cee0151
(3) State = 0xf540c2dff75fe97c76779efebe71ec85
(3) Message-Authenticator = 0x516e989840b0744b250186295665cef0
(3) session-state: No cached attributes
(3) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(3) authorize {
(3) policy filter_username {
(3) if (&User-Name) {
(3) if (&User-Name) -> TRUE
(3) if (&User-Name) {
(3) if (&User-Name =~ / /) {
(3) if (&User-Name =~ / /) -> FALSE
(3) if (&User-Name =~ /@[^@]*@/ ) {
(3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(3) if (&User-Name =~ /\.\./ ) {
(3) if (&User-Name =~ /\.\./ ) -> FALSE
(3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(3) if (&User-Name =~ /\.$/) {
(3) if (&User-Name =~ /\.$/) -> FALSE
(3) if (&User-Name =~ /@\./) {
(3) if (&User-Name =~ /@\./) -> FALSE
(3) } # if (&User-Name) = notfound
(3) } # policy filter_username = notfound
(3) [preprocess] = ok
(3) [chap] = noop
(3) [mschap] = noop
(3) [digest] = noop
(3) suffix: Checking for suffix after "@"
(3) suffix: No '@' in User-Name = "1234", looking up realm NULL
(3) suffix: No such realm "NULL"
(3) [suffix] = noop
(3) eap: Peer sent EAP Response (code 2) ID 31 length 224
(3) eap: No EAP Start, assuming it's an on-going EAP conversation
(3) [eap] = updated
(3) [files] = noop
(3) [expiration] = noop
(3) [logintime] = noop
Not doing PAP as Auth-Type is already set.
(3) [pap] = noop
(3) } # authorize = updated
(3) Found Auth-Type = eap
(3) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(3) authenticate {
(3) eap: Expiring EAP session with state 0xf540c2dff75fe97c
(3) eap: Finished EAP session with state 0xf540c2dff75fe97c
(3) eap: Previous EAP request found for state 0xf540c2dff75fe97c, released from the list
(3) eap: Peer sent packet with method EAP FAST (43)
(3) eap: Calling submodule eap_fast to process data
(3) eap_fast: Authenticate
(3) eap_fast: Continuing EAP-TLS
(3) eap_fast: [eaptls verify] = ok
(3) eap_fast: Done initial handshake
(3) eap_fast: TLS_accept: SSLv3/TLS write server done
(3) eap_fast: <<< recv TLS 1.1 [length 0086]
(3) eap_fast: TLS_accept: SSLv3/TLS read client key exchange
(3) eap_fast: TLS_accept: SSLv3/TLS read change cipher spec
(3) eap_fast: <<< recv TLS 1.1 [length 0010]
(3) eap_fast: TLS_accept: SSLv3/TLS read finished
(3) eap_fast: >>> send TLS 1.1 [length 0001]
(3) eap_fast: TLS_accept: SSLv3/TLS write change cipher spec
(3) eap_fast: >>> send TLS 1.1 [length 0010]
(3) eap_fast: TLS_accept: SSLv3/TLS write finished
(3) eap_fast: (other): SSL negotiation finished successfully
(3) eap_fast: TLS - Connection Established
(3) eap_fast: TLS-Session-Cipher-Suite = "ADH-AES128-SHA"
(3) eap_fast: TLS-Session-Version = "TLS 1.1"
(3) eap_fast: TLS - got 79 bytes of data
(3) eap_fast: [eaptls process] = handled
(3) eap: Sending EAP Request (code 1) ID 32 length 85
(3) eap: EAP session adding &reply:State = 0xf540c2dff660e97c
(3) [eap] = handled
(3) } # authenticate = handled
(3) Using Post-Auth-Type Challenge
(3) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(3) Challenge { ... } # empty sub-section is ignored
(3) session-state: Saving cached attributes
(3) TLS-Session-Cipher-Suite = "ADH-AES128-SHA"
(3) TLS-Session-Version = "TLS 1.1"
(3) Sent Access-Challenge Id 3 from 0.0.0.0:1812 to 127.0.0.1:49204 length 0
(3) EAP-Message = 0x012000552b01140302000101160302004494f4be804a16f041b8a6f6f4830f84159464d08067d76207e52cf37eeae1b419fc7f0551d2d1f1ec263c6143c3c1052dd3444fe39f6de6e27a57f98b9ea02db1ba223dc7
(3) Message-Authenticator = 0x00000000000000000000000000000000
(3) State = 0xf540c2dff660e97c76779efebe71ec85
(3) Finished request
Waking up in 4.4 seconds.
(4) Received Access-Request Id 4 from 127.0.0.1:49204 to 0.0.0.0:1812 length 137
(4) User-Name = "1234"
(4) NAS-IP-Address = 127.0.0.1
(4) Calling-Station-Id = "02-00-00-00-00-01"
(4) Framed-MTU = 1400
(4) NAS-Port-Type = Wireless-802.11
(4) Service-Type = Framed-User
(4) Connect-Info = "CONNECT 11Mbps 802.11b"
(4) EAP-Message = 0x022000062b01
(4) State = 0xf540c2dff660e97c76779efebe71ec85
(4) Message-Authenticator = 0xda6392c49454b58b4a593412381f07dc
(4) Restoring &session-state
(4) &session-state:TLS-Session-Cipher-Suite = "ADH-AES128-SHA"
(4) &session-state:TLS-Session-Version = "TLS 1.1"
(4) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(4) authorize {
(4) policy filter_username {
(4) if (&User-Name) {
(4) if (&User-Name) -> TRUE
(4) if (&User-Name) {
(4) if (&User-Name =~ / /) {
(4) if (&User-Name =~ / /) -> FALSE
(4) if (&User-Name =~ /@[^@]*@/ ) {
(4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(4) if (&User-Name =~ /\.\./ ) {
(4) if (&User-Name =~ /\.\./ ) -> FALSE
(4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(4) if (&User-Name =~ /\.$/) {
(4) if (&User-Name =~ /\.$/) -> FALSE
(4) if (&User-Name =~ /@\./) {
(4) if (&User-Name =~ /@\./) -> FALSE
(4) } # if (&User-Name) = notfound
(4) } # policy filter_username = notfound
(4) [preprocess] = ok
(4) [chap] = noop
(4) [mschap] = noop
(4) [digest] = noop
(4) suffix: Checking for suffix after "@"
(4) suffix: No '@' in User-Name = "1234", looking up realm NULL
(4) suffix: No such realm "NULL"
(4) [suffix] = noop
(4) eap: Peer sent EAP Response (code 2) ID 32 length 6
(4) eap: No EAP Start, assuming it's an on-going EAP conversation
(4) [eap] = updated
(4) [files] = noop
(4) [expiration] = noop
(4) [logintime] = noop
Not doing PAP as Auth-Type is already set.
(4) [pap] = noop
(4) } # authorize = updated
(4) Found Auth-Type = eap
(4) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(4) authenticate {
(4) eap: Expiring EAP session with state 0xf540c2dff660e97c
(4) eap: Finished EAP session with state 0xf540c2dff660e97c
(4) eap: Previous EAP request found for state 0xf540c2dff660e97c, released from the list
(4) eap: Peer sent packet with method EAP FAST (43)
(4) eap: Calling submodule eap_fast to process data
(4) eap_fast: Authenticate
(4) eap_fast: Continuing EAP-TLS
(4) eap_fast: Peer ACKed our handshake fragment. handshake is finished
(4) eap_fast: [eaptls verify] = success
(4) eap_fast: [eaptls process] = success
(4) eap_fast: Session established. Proceeding to decode tunneled attributes
(4) eap_fast: Using anonymous provisioning
(4) eap_fast: Deriving EAP-FAST keys
(4) eap_fast: OpenSSL: cipher nid 419 digest nid 64
(4) eap_fast: OpenSSL: keyblock size: key_len=16 MD_size=20 IV_len=16
(4) eap_fast: Sending EAP-Identity
(4) eap_fast: Challenge
(4) eap: Sending EAP Request (code 1) ID 33 length 63
(4) eap: EAP session adding &reply:State = 0xf540c2dff161e97c
(4) [eap] = handled
(4) } # authenticate = handled
(4) Using Post-Auth-Type Challenge
(4) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(4) Challenge { ... } # empty sub-section is ignored
(4) session-state: Saving cached attributes
(4) TLS-Session-Cipher-Suite = "ADH-AES128-SHA"
(4) TLS-Session-Version = "TLS 1.1"
(4) Sent Access-Challenge Id 4 from 0.0.0.0:1812 to 127.0.0.1:49204 length 0
(4) EAP-Message = 0x0121003f2b011703020034d629443eefc4591552544c471ba204bad095da78bd2efdc76ff173e118037b617b0d71500de53c9d4826fda67b7c182f37f1e98d
(4) Message-Authenticator = 0x00000000000000000000000000000000
(4) State = 0xf540c2dff161e97c76779efebe71ec85
(4) Finished request
Waking up in 4.3 seconds.
(5) Received Access-Request Id 5 from 127.0.0.1:49204 to 0.0.0.0:1812 length 194
(5) User-Name = "1234"
(5) NAS-IP-Address = 127.0.0.1
(5) Calling-Station-Id = "02-00-00-00-00-01"
(5) Framed-MTU = 1400
(5) NAS-Port-Type = Wireless-802.11
(5) Service-Type = Framed-User
(5) Connect-Info = "CONNECT 11Mbps 802.11b"
(5) EAP-Message = 0x0221003f2b011703020034c86484807adb72db9f79883ad2451d0a2c4ac2c8040d70371fd228857acae9e45320b7cb2bb35eaa1e8b42d114788db234561606
(5) State = 0xf540c2dff161e97c76779efebe71ec85
(5) Message-Authenticator = 0x83af6cbabd67c8118afc616ff6d80030
(5) Restoring &session-state
(5) &session-state:TLS-Session-Cipher-Suite = "ADH-AES128-SHA"
(5) &session-state:TLS-Session-Version = "TLS 1.1"
(5) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(5) authorize {
(5) policy filter_username {
(5) if (&User-Name) {
(5) if (&User-Name) -> TRUE
(5) if (&User-Name) {
(5) if (&User-Name =~ / /) {
(5) if (&User-Name =~ / /) -> FALSE
(5) if (&User-Name =~ /@[^@]*@/ ) {
(5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(5) if (&User-Name =~ /\.\./ ) {
(5) if (&User-Name =~ /\.\./ ) -> FALSE
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(5) if (&User-Name =~ /\.$/) {
(5) if (&User-Name =~ /\.$/) -> FALSE
(5) if (&User-Name =~ /@\./) {
(5) if (&User-Name =~ /@\./) -> FALSE
(5) } # if (&User-Name) = notfound
(5) } # policy filter_username = notfound
(5) [preprocess] = ok
(5) [chap] = noop
(5) [mschap] = noop
(5) [digest] = noop
(5) suffix: Checking for suffix after "@"
(5) suffix: No '@' in User-Name = "1234", looking up realm NULL
(5) suffix: No such realm "NULL"
(5) [suffix] = noop
(5) eap: Peer sent EAP Response (code 2) ID 33 length 63
(5) eap: No EAP Start, assuming it's an on-going EAP conversation
(5) [eap] = updated
(5) [files] = noop
(5) [expiration] = noop
(5) [logintime] = noop
Not doing PAP as Auth-Type is already set.
(5) [pap] = noop
(5) } # authorize = updated
(5) Found Auth-Type = eap
(5) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(5) authenticate {
(5) eap: Expiring EAP session with state 0xf540c2dff161e97c
(5) eap: Finished EAP session with state 0xf540c2dff161e97c
(5) eap: Previous EAP request found for state 0xf540c2dff161e97c, released from the list
(5) eap: Peer sent packet with method EAP FAST (43)
(5) eap: Calling submodule eap_fast to process data
(5) eap_fast: Authenticate
(5) eap_fast: Continuing EAP-TLS
(5) eap_fast: [eaptls verify] = ok
(5) eap_fast: Done initial handshake
(5) eap_fast: [eaptls process] = ok
(5) eap_fast: Session established. Proceeding to decode tunneled attributes
(5) eap_fast: Got Tunneled FAST TLVs
(5) eap_fast: FreeRADIUS-EAP-FAST-EAP-Payload = 0x02210008016d6777
(5) eap_fast: Processing received EAP Payload
(5) eap_fast: Got tunneled request
(5) eap_fast: EAP-Message = 0x02210008016d6777
(5) eap_fast: Got tunneled identity of mgw
(5) eap_fast: AUTHENTICATION
(5) Virtual server inner-tunnel received request
(5) EAP-Message = 0x02210008016d6777
(5) FreeRADIUS-Proxied-To = 127.0.0.1
(5) User-Name = "mgw"
(5) WARNING: Outer User-Name is not anonymized. User privacy is compromised.
(5) server inner-tunnel {
(5) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(5) authorize {
(5) policy filter_username {
(5) if (&User-Name) {
(5) if (&User-Name) -> TRUE
(5) if (&User-Name) {
(5) if (&User-Name =~ / /) {
(5) if (&User-Name =~ / /) -> FALSE
(5) if (&User-Name =~ /@[^@]*@/ ) {
(5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(5) if (&User-Name =~ /\.\./ ) {
(5) if (&User-Name =~ /\.\./ ) -> FALSE
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(5) if (&User-Name =~ /\.$/) {
(5) if (&User-Name =~ /\.$/) -> FALSE
(5) if (&User-Name =~ /@\./) {
(5) if (&User-Name =~ /@\./) -> FALSE
(5) } # if (&User-Name) = notfound
(5) } # policy filter_username = notfound
(5) [chap] = noop
(5) [mschap] = noop
(5) suffix: Checking for suffix after "@"
(5) suffix: No '@' in User-Name = "mgw", looking up realm NULL
(5) suffix: No such realm "NULL"
(5) [suffix] = noop
(5) update control {
(5) &Proxy-To-Realm := LOCAL
(5) } # update control = noop
(5) eap: Peer sent EAP Response (code 2) ID 33 length 8
(5) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(5) [eap] = ok
(5) } # authorize = ok
(5) Found Auth-Type = eap
(5) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(5) authenticate {
(5) eap: Peer sent packet with method EAP Identity (1)
(5) eap: Calling submodule eap_mschapv2 to process data
(5) eap_mschapv2: Issuing Challenge
(5) eap: Sending EAP Request (code 1) ID 34 length 43
(5) eap: EAP session adding &reply:State = 0x07f19ece07d38470
(5) [eap] = handled
(5) } # authenticate = handled
(5) } # server inner-tunnel
(5) Virtual server sending reply
(5) EAP-Message = 0x0122002b1a0122002610ddcd742c8b24135c123a2f200a7cad0e667265657261646975732d332e302e3138
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0x07f19ece07d38470fa0d479343028091
(5) eap_fast: Got tunneled Access-Challenge
(5) eap_fast: Challenge
(5) eap: Sending EAP Request (code 1) ID 34 length 95
(5) eap: EAP session adding &reply:State = 0xf540c2dff062e97c
(5) [eap] = handled
(5) } # authenticate = handled
(5) Using Post-Auth-Type Challenge
(5) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(5) Challenge { ... } # empty sub-section is ignored
(5) session-state: Saving cached attributes
(5) TLS-Session-Cipher-Suite = "ADH-AES128-SHA"
(5) TLS-Session-Version = "TLS 1.1"
(5) Sent Access-Challenge Id 5 from 0.0.0.0:1812 to 127.0.0.1:49204 length 0
(5) EAP-Message = 0x0122005f2b011703020054478b902e23448fc14e95749d81654e35f87d372ca1b3fca3114f4842892b1a47dc54a8cf5d092e9c8bb622085cd1de16f35bbc338e5d6c7eed5ed56c77518075fccc66865917f5822ae28092fbdf65f5aa8c16ef
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0xf540c2dff062e97c76779efebe71ec85
(5) Finished request
Waking up in 4.1 seconds.
(6) Received Access-Request Id 6 from 127.0.0.1:49204 to 0.0.0.0:1812 length 258
(6) User-Name = "1234"
(6) NAS-IP-Address = 127.0.0.1
(6) Calling-Station-Id = "02-00-00-00-00-01"
(6) Framed-MTU = 1400
(6) NAS-Port-Type = Wireless-802.11
(6) Service-Type = Framed-User
(6) Connect-Info = "CONNECT 11Mbps 802.11b"
(6) EAP-Message = 0x0222007f2b011703020074bfd7109dd1f74f44a31b87c9e4e17d2e58350d73040b02920bcbcbcedbb66014a7dc0f15bd1ddad6867988ee068de96ffec417720e1f22d3379725dbd15640a96e5fba5664bc2ee459bff67223281f4b8a66d1473af065f6eea9f69a333ee2af98adf369846a052784d975f6c451bd4737c91c2a
(6) State = 0xf540c2dff062e97c76779efebe71ec85
(6) Message-Authenticator = 0xfc6a058256cad438f3f03e0beae59b62
(6) Restoring &session-state
(6) &session-state:TLS-Session-Cipher-Suite = "ADH-AES128-SHA"
(6) &session-state:TLS-Session-Version = "TLS 1.1"
(6) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(6) authorize {
(6) policy filter_username {
(6) if (&User-Name) {
(6) if (&User-Name) -> TRUE
(6) if (&User-Name) {
(6) if (&User-Name =~ / /) {
(6) if (&User-Name =~ / /) -> FALSE
(6) if (&User-Name =~ /@[^@]*@/ ) {
(6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(6) if (&User-Name =~ /\.\./ ) {
(6) if (&User-Name =~ /\.\./ ) -> FALSE
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(6) if (&User-Name =~ /\.$/) {
(6) if (&User-Name =~ /\.$/) -> FALSE
(6) if (&User-Name =~ /@\./) {
(6) if (&User-Name =~ /@\./) -> FALSE
(6) } # if (&User-Name) = notfound
(6) } # policy filter_username = notfound
(6) [preprocess] = ok
(6) [chap] = noop
(6) [mschap] = noop
(6) [digest] = noop
(6) suffix: Checking for suffix after "@"
(6) suffix: No '@' in User-Name = "1234", looking up realm NULL
(6) suffix: No such realm "NULL"
(6) [suffix] = noop
(6) eap: Peer sent EAP Response (code 2) ID 34 length 127
(6) eap: No EAP Start, assuming it's an on-going EAP conversation
(6) [eap] = updated
(6) [files] = noop
(6) [expiration] = noop
(6) [logintime] = noop
Not doing PAP as Auth-Type is already set.
(6) [pap] = noop
(6) } # authorize = updated
(6) Found Auth-Type = eap
(6) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(6) authenticate {
(6) eap: Expiring EAP session with state 0x07f19ece07d38470
(6) eap: Finished EAP session with state 0xf540c2dff062e97c
(6) eap: Previous EAP request found for state 0xf540c2dff062e97c, released from the list
(6) eap: Peer sent packet with method EAP FAST (43)
(6) eap: Calling submodule eap_fast to process data
(6) eap_fast: Authenticate
(6) eap_fast: Continuing EAP-TLS
(6) eap_fast: [eaptls verify] = ok
(6) eap_fast: Done initial handshake
(6) eap_fast: [eaptls process] = ok
(6) eap_fast: Session established. Proceeding to decode tunneled attributes
(6) eap_fast: Got Tunneled FAST TLVs
(6) eap_fast: FreeRADIUS-EAP-FAST-EAP-Payload = 0x0222003e1a022200393100000000000000000000000000000000000000000000000055aa671c53b32f8297f5c46c8231a5e75b67987b94f1ad46006d6777
(6) eap_fast: Processing received EAP Payload
(6) eap_fast: Got tunneled request
(6) eap_fast: EAP-Message = 0x0222003e1a022200393100000000000000000000000000000000000000000000000055aa671c53b32f8297f5c46c8231a5e75b67987b94f1ad46006d6777
(6) eap_fast: AUTHENTICATION
(6) Virtual server inner-tunnel received request
(6) EAP-Message = 0x0222003e1a022200393100000000000000000000000000000000000000000000000055aa671c53b32f8297f5c46c8231a5e75b67987b94f1ad46006d6777
(6) FreeRADIUS-Proxied-To = 127.0.0.1
(6) User-Name = "mgw"
(6) State = 0x07f19ece07d38470fa0d479343028091
(6) WARNING: Outer User-Name is not anonymized. User privacy is compromised.
(6) server inner-tunnel {
(6) session-state: No cached attributes
(6) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(6) authorize {
(6) policy filter_username {
(6) if (&User-Name) {
(6) if (&User-Name) -> TRUE
(6) if (&User-Name) {
(6) if (&User-Name =~ / /) {
(6) if (&User-Name =~ / /) -> FALSE
(6) if (&User-Name =~ /@[^@]*@/ ) {
(6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(6) if (&User-Name =~ /\.\./ ) {
(6) if (&User-Name =~ /\.\./ ) -> FALSE
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(6) if (&User-Name =~ /\.$/) {
(6) if (&User-Name =~ /\.$/) -> FALSE
(6) if (&User-Name =~ /@\./) {
(6) if (&User-Name =~ /@\./) -> FALSE
(6) } # if (&User-Name) = notfound
(6) } # policy filter_username = notfound
(6) [chap] = noop
(6) [mschap] = noop
(6) suffix: Checking for suffix after "@"
(6) suffix: No '@' in User-Name = "mgw", looking up realm NULL
(6) suffix: No such realm "NULL"
(6) [suffix] = noop
(6) update control {
(6) &Proxy-To-Realm := LOCAL
(6) } # update control = noop
(6) eap: Peer sent EAP Response (code 2) ID 34 length 62
(6) eap: No EAP Start, assuming it's an on-going EAP conversation
(6) [eap] = updated
(6) files: users: Matched entry mgw at line 68
(6) [files] = ok
(6) [expiration] = noop
(6) [logintime] = noop
(6) pap: WARNING: Auth-Type already set. Not setting to PAP
(6) [pap] = noop
(6) } # authorize = updated
(6) Found Auth-Type = eap
(6) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(6) authenticate {
(6) eap: Expiring EAP session with state 0x07f19ece07d38470
(6) eap: Finished EAP session with state 0x07f19ece07d38470
(6) eap: Previous EAP request found for state 0x07f19ece07d38470, released from the list
(6) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(6) eap: Calling submodule eap_mschapv2 to process data
(6) eap_mschapv2: # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(6) eap_mschapv2: authenticate {
(6) mschap: Found Cleartext-Password, hashing to create NT-Password
(6) mschap: Found Cleartext-Password, hashing to create LM-Password
(6) mschap: Overriding peer challenge
(6) mschap: Creating challenge hash with username: mgw
(6) mschap: Client is using MS-CHAPv2
(6) mschap: Adding MS-CHAPv2 MPPE keys
(6) [mschap] = ok
(6) } # authenticate = ok
(6) MSCHAP Success
(6) eap: Sending EAP Request (code 1) ID 35 length 51
(6) eap: EAP session adding &reply:State = 0x07f19ece06d28470
(6) [eap] = handled
(6) } # authenticate = handled
(6) } # server inner-tunnel
(6) Virtual server sending reply
(6) EAP-Message = 0x012300331a0322002e533d41383643464332354243453044384342463742423842413942453638463842353741434542394636
(6) Message-Authenticator = 0x00000000000000000000000000000000
(6) State = 0x07f19ece06d28470fa0d479343028091
(6) eap_fast: Got tunneled Access-Challenge
(6) eap_fast: Challenge
(6) eap: Sending EAP Request (code 1) ID 35 length 111
(6) eap: EAP session adding &reply:State = 0xf540c2dff363e97c
(6) [eap] = handled
(6) } # authenticate = handled
(6) Using Post-Auth-Type Challenge
(6) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(6) Challenge { ... } # empty sub-section is ignored
(6) session-state: Saving cached attributes
(6) TLS-Session-Cipher-Suite = "ADH-AES128-SHA"
(6) TLS-Session-Version = "TLS 1.1"
(6) Sent Access-Challenge Id 6 from 0.0.0.0:1812 to 127.0.0.1:49204 length 0
(6) EAP-Message = 0x0123006f2b011703020064184b7e2dc0e6bc0b99e7a64ef85e0bede16cf06db067012bd9b02ca01abaafccc651dd505153b179bec63e89174ee79373221eb40818dd8b0a7fd8274e29900cb31e9315d95afcb4ccb3c041e1d44bbd0f9f856bd2a69888324911195a9c7e775ba503ef
(6) Message-Authenticator = 0x00000000000000000000000000000000
(6) State = 0xf540c2dff363e97c76779efebe71ec85
(6) Finished request
Waking up in 3.8 seconds.
(7) Received Access-Request Id 7 from 127.0.0.1:49204 to 0.0.0.0:1812 length 194
(7) User-Name = "1234"
(7) NAS-IP-Address = 127.0.0.1
(7) Calling-Station-Id = "02-00-00-00-00-01"
(7) Framed-MTU = 1400
(7) NAS-Port-Type = Wireless-802.11
(7) Service-Type = Framed-User
(7) Connect-Info = "CONNECT 11Mbps 802.11b"
(7) EAP-Message = 0x0223003f2b011703020034a6802a5acca406ebdca8770f57606d91dd04fee78c7992c6dc19c79213fb7347d0176cb26f76207c6c630dcd5acb52e2664f618c
(7) State = 0xf540c2dff363e97c76779efebe71ec85
(7) Message-Authenticator = 0xa776d76668ce413ef33a80ada3722757
(7) Restoring &session-state
(7) &session-state:TLS-Session-Cipher-Suite = "ADH-AES128-SHA"
(7) &session-state:TLS-Session-Version = "TLS 1.1"
(7) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(7) authorize {
(7) policy filter_username {
(7) if (&User-Name) {
(7) if (&User-Name) -> TRUE
(7) if (&User-Name) {
(7) if (&User-Name =~ / /) {
(7) if (&User-Name =~ / /) -> FALSE
(7) if (&User-Name =~ /@[^@]*@/ ) {
(7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(7) if (&User-Name =~ /\.\./ ) {
(7) if (&User-Name =~ /\.\./ ) -> FALSE
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(7) if (&User-Name =~ /\.$/) {
(7) if (&User-Name =~ /\.$/) -> FALSE
(7) if (&User-Name =~ /@\./) {
(7) if (&User-Name =~ /@\./) -> FALSE
(7) } # if (&User-Name) = notfound
(7) } # policy filter_username = notfound
(7) [preprocess] = ok
(7) [chap] = noop
(7) [mschap] = noop
(7) [digest] = noop
(7) suffix: Checking for suffix after "@"
(7) suffix: No '@' in User-Name = "1234", looking up realm NULL
(7) suffix: No such realm "NULL"
(7) [suffix] = noop
(7) eap: Peer sent EAP Response (code 2) ID 35 length 63
(7) eap: No EAP Start, assuming it's an on-going EAP conversation
(7) [eap] = updated
(7) [files] = noop
(7) [expiration] = noop
(7) [logintime] = noop
Not doing PAP as Auth-Type is already set.
(7) [pap] = noop
(7) } # authorize = updated
(7) Found Auth-Type = eap
(7) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(7) authenticate {
(7) eap: Expiring EAP session with state 0x07f19ece06d28470
(7) eap: Finished EAP session with state 0xf540c2dff363e97c
(7) eap: Previous EAP request found for state 0xf540c2dff363e97c, released from the list
(7) eap: Peer sent packet with method EAP FAST (43)
(7) eap: Calling submodule eap_fast to process data
(7) eap_fast: Authenticate
(7) eap_fast: Continuing EAP-TLS
(7) eap_fast: [eaptls verify] = ok
(7) eap_fast: Done initial handshake
(7) eap_fast: [eaptls process] = ok
(7) eap_fast: Session established. Proceeding to decode tunneled attributes
(7) eap_fast: Got Tunneled FAST TLVs
(7) eap_fast: FreeRADIUS-EAP-FAST-EAP-Payload = 0x022300061a03
(7) eap_fast: Processing received EAP Payload
(7) eap_fast: Got tunneled request
(7) eap_fast: EAP-Message = 0x022300061a03
(7) eap_fast: AUTHENTICATION
(7) Virtual server inner-tunnel received request
(7) EAP-Message = 0x022300061a03
(7) FreeRADIUS-Proxied-To = 127.0.0.1
(7) User-Name = "mgw"
(7) State = 0x07f19ece06d28470fa0d479343028091
(7) WARNING: Outer User-Name is not anonymized. User privacy is compromised.
(7) server inner-tunnel {
(7) session-state: No cached attributes
(7) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(7) authorize {
(7) policy filter_username {
(7) if (&User-Name) {
(7) if (&User-Name) -> TRUE
(7) if (&User-Name) {
(7) if (&User-Name =~ / /) {
(7) if (&User-Name =~ / /) -> FALSE
(7) if (&User-Name =~ /@[^@]*@/ ) {
(7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(7) if (&User-Name =~ /\.\./ ) {
(7) if (&User-Name =~ /\.\./ ) -> FALSE
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(7) if (&User-Name =~ /\.$/) {
(7) if (&User-Name =~ /\.$/) -> FALSE
(7) if (&User-Name =~ /@\./) {
(7) if (&User-Name =~ /@\./) -> FALSE
(7) } # if (&User-Name) = notfound
(7) } # policy filter_username = notfound
(7) [chap] = noop
(7) [mschap] = noop
(7) suffix: Checking for suffix after "@"
(7) suffix: No '@' in User-Name = "mgw", looking up realm NULL
(7) suffix: No such realm "NULL"
(7) [suffix] = noop
(7) update control {
(7) &Proxy-To-Realm := LOCAL
(7) } # update control = noop
(7) eap: Peer sent EAP Response (code 2) ID 35 length 6
(7) eap: No EAP Start, assuming it's an on-going EAP conversation
(7) [eap] = updated
(7) files: users: Matched entry mgw at line 68
(7) [files] = ok
(7) [expiration] = noop
(7) [logintime] = noop
(7) pap: WARNING: Auth-Type already set. Not setting to PAP
(7) [pap] = noop
(7) } # authorize = updated
(7) Found Auth-Type = eap
(7) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(7) authenticate {
(7) eap: Expiring EAP session with state 0x07f19ece06d28470
(7) eap: Finished EAP session with state 0x07f19ece06d28470
(7) eap: Previous EAP request found for state 0x07f19ece06d28470, released from the list
(7) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(7) eap: Calling submodule eap_mschapv2 to process data
(7) eap: Sending EAP Success (code 3) ID 35 length 4
(7) eap: Freeing handler
(7) [eap] = ok
(7) } # authenticate = ok
(7) # Executing section post-auth from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(7) post-auth {
(7) if (0) {
(7) if (0) -> FALSE
(7) } # post-auth = noop
(7) } # server inner-tunnel
(7) Virtual server sending reply
(7) MS-MPPE-Encryption-Policy = Encryption-Allowed
(7) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(7) MS-MPPE-Send-Key = 0x22cc5b6ea129122966c0d5f8fde4321d
(7) MS-MPPE-Recv-Key = 0xc732209c6264f5d1e4aef598f57c6ee3
(7) EAP-Message = 0x03230004
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) User-Name = "mgw"
(7) eap_fast: Got tunneled Access-Accept
(7) eap_fast: ERROR: Found CHAP-Challenge with incorrect length. Expected 16, got 4
(7) eap_fast: Reject
(7) eap: ERROR: Failed continuing EAP FAST (43) session. EAP sub-module failed
(7) eap: Sending EAP Failure (code 4) ID 35 length 4
(7) eap: Failed in EAP select
(7) [eap] = invalid
(7) } # authenticate = invalid
(7) Failed to authenticate the user
(7) Using Post-Auth-Type Reject
(7) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(7) Post-Auth-Type REJECT {
(7) attr_filter.access_reject: EXPAND %{User-Name}
(7) attr_filter.access_reject: --> 1234
(7) attr_filter.access_reject: Matched entry DEFAULT at line 11
(7) [attr_filter.access_reject] = updated
(7) [eap] = noop
(7) policy remove_reply_message_if_eap {
(7) if (&reply:EAP-Message && &reply:Reply-Message) {
(7) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(7) else {
(7) [noop] = noop
(7) } # else = noop
(7) } # policy remove_reply_message_if_eap = noop
(7) } # Post-Auth-Type REJECT = updated
(7) Delaying response for 1.000000 seconds
Waking up in 0.2 seconds.
Waking up in 0.7 seconds.
(7) Sending delayed response
(7) Sent Access-Reject Id 7 from 0.0.0.0:1812 to 127.0.0.1:49204 length 44
(7) EAP-Message = 0x04230004
(7) Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 2.6 seconds.
(0) Cleaning up request packet ID 0 with timestamp +10
(1) Cleaning up request packet ID 1 with timestamp +10
Waking up in 0.1 seconds.
(2) Cleaning up request packet ID 2 with timestamp +10
Waking up in 0.2 seconds.
(3) Cleaning up request packet ID 3 with timestamp +10
Waking up in 0.1 seconds.
(4) Cleaning up request packet ID 4 with timestamp +11
Waking up in 0.1 seconds.
(5) Cleaning up request packet ID 5 with timestamp +11
Waking up in 0.2 seconds.
(6) Cleaning up request packet ID 6 with timestamp +11
Waking up in 0.2 seconds.
(7) Cleaning up request packet ID 7 with timestamp +11
Ready to process requests
More information about the Freeradius-Users
mailing list