rad_recv: Access-Request packet from host 172.17.254.100 port 1645, id=126, length=188 User-Name = "host/neteng-sp1.gtcorp.com" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1D-E5-9C-29-04" Calling-Station-Id = "00-14-22-FD-DD-98" EAP-Message = 0x0201001f01686f73742f6e6574656e672d7370312e6774636f72702e636f6d Message-Authenticator = 0x2cdc1301e3132d89a4de120ea3d788bc NAS-Port-Type = Ethernet NAS-Port = 50102 NAS-Port-Id = "FastEthernet1/0/2" NAS-IP-Address = 172.17.254.100 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/neteng-sp1.gtcorp.com", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 31 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry host/neteng-sp1.gtcorp.com at line 69 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop ++- entering policy rewrite_calling_station_id {...} +++? if (request:Calling-Station-Id =~ /00-A0-08-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) ? Evaluating (request:Calling-Station-Id =~ /00-A0-08-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) -> FALSE +++? if (request:Calling-Station-Id =~ /00-A0-08-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) -> FALSE +++? elsif (request:Calling-Station-Id =~ /00-21-F8-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) ? Evaluating (request:Calling-Station-Id =~ /00-21-F8-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) -> FALSE +++? elsif (request:Calling-Station-Id =~ /00-21-F8-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) -> FALSE +++? elsif (request:Calling-Station-Id =~ /00-09-6E-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) ? Evaluating (request:Calling-Station-Id =~ /00-09-6E-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) -> FALSE +++? elsif (request:Calling-Station-Id =~ /00-09-6E-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) -> FALSE +++- entering else else {...} ++++[noop] returns noop +++- else else returns noop ++- policy rewrite_calling_station_id returns noop ++? if ((Service-Type == 'Call-Check') && (User-Name =~ /00a008([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) && (User-Name =~ /%{Calling-Station-ID}$/i)) ?? Evaluating (Service-Type == 'Call-Check') -> FALSE ?? Skipping (User-Name =~ /00a008([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) ?? Skipping (User-Name =~ /%{Calling-Station-ID}$/i) ++? if ((Service-Type == 'Call-Check') && (User-Name =~ /00a008([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) && (User-Name =~ /%{Calling-Station-ID}$/i)) -> FALSE ++? if ((Service-Type == 'Call-Check') && (User-Name =~ /0021f8([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) && (User-Name =~ /%{Calling-Station-ID}$/i)) ?? Evaluating (Service-Type == 'Call-Check') -> FALSE ?? Skipping (User-Name =~ /0021f8([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) ?? Skipping (User-Name =~ /%{Calling-Station-ID}$/i) ++? if ((Service-Type == 'Call-Check') && (User-Name =~ /0021f8([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) && (User-Name =~ /%{Calling-Station-ID}$/i)) -> FALSE ++? if ((Service-Type == 'Call-Check') && (User-Name =~ /00096e([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) && (User-Name =~ /%{Calling-Station-ID}$/i)) ?? Evaluating (Service-Type == 'Call-Check') -> FALSE ?? Skipping (User-Name =~ /00096e([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) ?? Skipping (User-Name =~ /%{Calling-Station-ID}$/i) ++? if ((Service-Type == 'Call-Check') && (User-Name =~ /00096e([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) && (User-Name =~ /%{Calling-Station-ID}$/i)) -> FALSE Found Auth-Type = Accept Auth-Type = Accept, accepting the user Login OK: [host/neteng-sp1.gtcorp.com/] (from client 172.17.0.0/16 port 50102 cli 00-14-22-FD-DD-98) +- entering group post-auth {...} ++[exec] returns noop ++? if (control:Auth-Type == 'Auth-NHSTB') ? Evaluating (control:Auth-Type == 'Auth-NHSTB') -> FALSE ++? if (control:Auth-Type == 'Auth-NHSTB') -> FALSE ++? if (control:Auth-Type == 'Auth-Enseo') ? Evaluating (control:Auth-Type == 'Auth-Enseo') -> FALSE ++? if (control:Auth-Type == 'Auth-Enseo') -> FALSE ++? if (control:Auth-Type == 'Auth-Avaya') ? Evaluating (control:Auth-Type == 'Auth-Avaya') -> FALSE ++? if (control:Auth-Type == 'Auth-Avaya') -> FALSE ++? if (request:User-Name == "host/neteng-sp1.gtcorp.com") ? Evaluating (request:User-Name == "host/neteng-sp1.gtcorp.com") -> TRUE ++? if (request:User-Name == "host/neteng-sp1.gtcorp.com") -> TRUE ++- entering if (request:User-Name == "host/neteng-sp1.gtcorp.com") {...} +++[reply] returns noop ++- if (request:User-Name == "host/neteng-sp1.gtcorp.com") returns noop Sending Access-Accept of id 126 to 172.17.254.100 port 1645 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "3" Tunnel-Preference:0 = 0 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.17.254.100 port 1645, id=127, length=188 User-Name = "host/neteng-sp1.gtcorp.com" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1D-E5-9C-29-04" Calling-Station-Id = "00-14-22-FD-DD-98" EAP-Message = 0x0201001f01686f73742f6e6574656e672d7370312e6774636f72702e636f6d Message-Authenticator = 0x728cb19e4892e67caed6598174027ee7 NAS-Port-Type = Ethernet NAS-Port = 50102 NAS-Port-Id = "FastEthernet1/0/2" NAS-IP-Address = 172.17.254.100 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/neteng-sp1.gtcorp.com", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 31 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry host/neteng-sp1.gtcorp.com at line 69 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop ++- entering policy rewrite_calling_station_id {...} +++? if (request:Calling-Station-Id =~ /00-A0-08-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) ? Evaluating (request:Calling-Station-Id =~ /00-A0-08-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) -> FALSE +++? if (request:Calling-Station-Id =~ /00-A0-08-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) -> FALSE +++? elsif (request:Calling-Station-Id =~ /00-21-F8-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) ? Evaluating (request:Calling-Station-Id =~ /00-21-F8-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) -> FALSE +++? elsif (request:Calling-Station-Id =~ /00-21-F8-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) -> FALSE +++? elsif (request:Calling-Station-Id =~ /00-09-6E-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) ? Evaluating (request:Calling-Station-Id =~ /00-09-6E-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) -> FALSE +++? elsif (request:Calling-Station-Id =~ /00-09-6E-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) -> FALSE +++- entering else else {...} ++++[noop] returns noop +++- else else returns noop ++- policy rewrite_calling_station_id returns noop ++? if ((Service-Type == 'Call-Check') && (User-Name =~ /00a008([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) && (User-Name =~ /%{Calling-Station-ID}$/i)) ?? Evaluating (Service-Type == 'Call-Check') -> FALSE ?? Skipping (User-Name =~ /00a008([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) ?? Skipping (User-Name =~ /%{Calling-Station-ID}$/i) ++? if ((Service-Type == 'Call-Check') && (User-Name =~ /00a008([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) && (User-Name =~ /%{Calling-Station-ID}$/i)) -> FALSE ++? if ((Service-Type == 'Call-Check') && (User-Name =~ /0021f8([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) && (User-Name =~ /%{Calling-Station-ID}$/i)) ?? Evaluating (Service-Type == 'Call-Check') -> FALSE ?? Skipping (User-Name =~ /0021f8([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) ?? Skipping (User-Name =~ /%{Calling-Station-ID}$/i) ++? if ((Service-Type == 'Call-Check') && (User-Name =~ /0021f8([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) && (User-Name =~ /%{Calling-Station-ID}$/i)) -> FALSE ++? if ((Service-Type == 'Call-Check') && (User-Name =~ /00096e([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) && (User-Name =~ /%{Calling-Station-ID}$/i)) ?? Evaluating (Service-Type == 'Call-Check') -> FALSE ?? Skipping (User-Name =~ /00096e([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) ?? Skipping (User-Name =~ /%{Calling-Station-ID}$/i) ++? if ((Service-Type == 'Call-Check') && (User-Name =~ /00096e([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) && (User-Name =~ /%{Calling-Station-ID}$/i)) -> FALSE Found Auth-Type = Accept Auth-Type = Accept, accepting the user Login OK: [host/neteng-sp1.gtcorp.com/] (from client 172.17.0.0/16 port 50102 cli 00-14-22-FD-DD-98) +- entering group post-auth {...} ++[exec] returns noop ++? if (control:Auth-Type == 'Auth-NHSTB') ? Evaluating (control:Auth-Type == 'Auth-NHSTB') -> FALSE ++? if (control:Auth-Type == 'Auth-NHSTB') -> FALSE ++? if (control:Auth-Type == 'Auth-Enseo') ? Evaluating (control:Auth-Type == 'Auth-Enseo') -> FALSE ++? if (control:Auth-Type == 'Auth-Enseo') -> FALSE ++? if (control:Auth-Type == 'Auth-Avaya') ? Evaluating (control:Auth-Type == 'Auth-Avaya') -> FALSE ++? if (control:Auth-Type == 'Auth-Avaya') -> FALSE ++? if (request:User-Name == "host/neteng-sp1.gtcorp.com") ? Evaluating (request:User-Name == "host/neteng-sp1.gtcorp.com") -> TRUE ++? if (request:User-Name == "host/neteng-sp1.gtcorp.com") -> TRUE ++- entering if (request:User-Name == "host/neteng-sp1.gtcorp.com") {...} +++[reply] returns noop ++- if (request:User-Name == "host/neteng-sp1.gtcorp.com") returns noop Sending Access-Accept of id 127 to 172.17.254.100 port 1645 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "3" Tunnel-Preference:0 = 0 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.17.254.100 port 1645, id=128, length=188 User-Name = "host/neteng-sp1.gtcorp.com" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1D-E5-9C-29-04" Calling-Station-Id = "00-14-22-FD-DD-98" EAP-Message = 0x0201001f01686f73742f6e6574656e672d7370312e6774636f72702e636f6d Message-Authenticator = 0x5f4eb9af301be90e0a6258ce7aea48d9 NAS-Port-Type = Ethernet NAS-Port = 50102 NAS-Port-Id = "FastEthernet1/0/2" NAS-IP-Address = 172.17.254.100 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/neteng-sp1.gtcorp.com", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 31 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry host/neteng-sp1.gtcorp.com at line 69 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop ++- entering policy rewrite_calling_station_id {...} +++? if (request:Calling-Station-Id =~ /00-A0-08-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) ? Evaluating (request:Calling-Station-Id =~ /00-A0-08-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) -> FALSE +++? if (request:Calling-Station-Id =~ /00-A0-08-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) -> FALSE +++? elsif (request:Calling-Station-Id =~ /00-21-F8-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) ? Evaluating (request:Calling-Station-Id =~ /00-21-F8-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) -> FALSE +++? elsif (request:Calling-Station-Id =~ /00-21-F8-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) -> FALSE +++? elsif (request:Calling-Station-Id =~ /00-09-6E-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) ? Evaluating (request:Calling-Station-Id =~ /00-09-6E-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) -> FALSE +++? elsif (request:Calling-Station-Id =~ /00-09-6E-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) -> FALSE +++- entering else else {...} ++++[noop] returns noop +++- else else returns noop ++- policy rewrite_calling_station_id returns noop ++? if ((Service-Type == 'Call-Check') && (User-Name =~ /00a008([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) && (User-Name =~ /%{Calling-Station-ID}$/i)) ?? Evaluating (Service-Type == 'Call-Check') -> FALSE ?? Skipping (User-Name =~ /00a008([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) ?? Skipping (User-Name =~ /%{Calling-Station-ID}$/i) ++? if ((Service-Type == 'Call-Check') && (User-Name =~ /00a008([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) && (User-Name =~ /%{Calling-Station-ID}$/i)) -> FALSE ++? if ((Service-Type == 'Call-Check') && (User-Name =~ /0021f8([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) && (User-Name =~ /%{Calling-Station-ID}$/i)) ?? Evaluating (Service-Type == 'Call-Check') -> FALSE ?? Skipping (User-Name =~ /0021f8([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) ?? Skipping (User-Name =~ /%{Calling-Station-ID}$/i) ++? if ((Service-Type == 'Call-Check') && (User-Name =~ /0021f8([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) && (User-Name =~ /%{Calling-Station-ID}$/i)) -> FALSE ++? if ((Service-Type == 'Call-Check') && (User-Name =~ /00096e([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) && (User-Name =~ /%{Calling-Station-ID}$/i)) ?? Evaluating (Service-Type == 'Call-Check') -> FALSE ?? Skipping (User-Name =~ /00096e([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) ?? Skipping (User-Name =~ /%{Calling-Station-ID}$/i) ++? if ((Service-Type == 'Call-Check') && (User-Name =~ /00096e([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) && (User-Name =~ /%{Calling-Station-ID}$/i)) -> FALSE Found Auth-Type = Accept Auth-Type = Accept, accepting the user Login OK: [host/neteng-sp1.gtcorp.com/] (from client 172.17.0.0/16 port 50102 cli 00-14-22-FD-DD-98) +- entering group post-auth {...} ++[exec] returns noop ++? if (control:Auth-Type == 'Auth-NHSTB') ? Evaluating (control:Auth-Type == 'Auth-NHSTB') -> FALSE ++? if (control:Auth-Type == 'Auth-NHSTB') -> FALSE ++? if (control:Auth-Type == 'Auth-Enseo') ? Evaluating (control:Auth-Type == 'Auth-Enseo') -> FALSE ++? if (control:Auth-Type == 'Auth-Enseo') -> FALSE ++? if (control:Auth-Type == 'Auth-Avaya') ? Evaluating (control:Auth-Type == 'Auth-Avaya') -> FALSE ++? if (control:Auth-Type == 'Auth-Avaya') -> FALSE ++? if (request:User-Name == "host/neteng-sp1.gtcorp.com") ? Evaluating (request:User-Name == "host/neteng-sp1.gtcorp.com") -> TRUE ++? if (request:User-Name == "host/neteng-sp1.gtcorp.com") -> TRUE ++- entering if (request:User-Name == "host/neteng-sp1.gtcorp.com") {...} +++[reply] returns noop ++- if (request:User-Name == "host/neteng-sp1.gtcorp.com") returns noop Sending Access-Accept of id 128 to 172.17.254.100 port 1645 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "3" Tunnel-Preference:0 = 0 Finished request 2. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 126 with timestamp +96 Cleaning up request 1 ID 127 with timestamp +96 Cleaning up request 2 ID 128 with timestamp +96 Ready to process requests.