rad_recv: Access-Request packet from host 207.230.255.43 port 1645, id=125, length=158 User-Name = "GTCORP\\dzhao" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "EC-30-91-AD-28-82" Calling-Station-Id = "00-11-43-FE-80-19" EAP-Message = 0x02010011014754434f52505c647a68616f Message-Authenticator = 0x2ed3d2e16385e7d5226183633663f17c NAS-Port-Type = Ethernet NAS-Port = 50002 NAS-Port-Id = "FastEthernet0/2" NAS-IP-Address = 172.17.254.60 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "GTCORP\dzhao", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 17 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop [sql] expand: %{User-Name} -> GTCORP\dzhao [sql] sql_set_user escaped user --> 'GTCORP\dzhao' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'GTCORP=5Cdzhao' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'GTCORP=5Cdzhao' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'GTCORP=5Cdzhao' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 125 to 207.230.255.43 port 1645 Tunnel-Type:0 := VLAN Tunnel-Medium-Type:0 := IEEE-802 Tunnel-Private-Group-Id:0 := "3" Tunnel-Preference:0 := 0 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc5d7c069c5d5d925bfc9a54021651b76 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 207.230.255.43 port 1645, id=126, length=246 User-Name = "GTCORP\\dzhao" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "EC-30-91-AD-28-82" Calling-Station-Id = "00-11-43-FE-80-19" EAP-Message = 0x0202005719800000004d16030100480100004403014c8aa8c3bb5003761e89606041e23e7cdc1ae7d698dcd04f60a27241ada1d2c500001600040005000a0009006400620003000600130012006301000005ff01000100 Message-Authenticator = 0xdbc118e3fce352d35a250a534014091f NAS-Port-Type = Ethernet NAS-Port = 50002 NAS-Port-Id = "FastEthernet0/2" State = 0xc5d7c069c5d5d925bfc9a54021651b76 NAS-IP-Address = 172.17.254.60 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "GTCORP\dzhao", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 87 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 77 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0048], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0031], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 05a9], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 126 to 207.230.255.43 port 1645 EAP-Message = 0x0103040019c0000005ed16030100310200002d03014c8aa855ae3332d0a28bb3e910957f6916cafb4a70a9ff4248529167a74688b4000004000005ff0100010016030105a90b0005a50005a200028730820283308201eca003020102020101300d06092a864886f70d010105050030818f310b30090603550406130243413110300e06035504081307416c626572746131123010060355040a130947756573742d74656b311c301a060355040b0c134e6574776f726b5f456e67696e656572696e673113301106035504030c0a47544b5f5261646975733127302506092a864886f70d0109011618646966616e2e7a68616f4067756573742d74656b2e EAP-Message = 0x636f6d301e170d3130303930393139313231335a170d3131303930393139313231335a3066310b30090603550406130243413110300e06035504081307416c626572746131123010060355040a130947756573742d74656b311c301a060355040b0c134e6574776f726b5f456e67696e656572696e673113301106035504030c0a47544b5f52616469757330819f300d06092a864886f70d010101050003818d0030818902818100d9ec68a5e9fdb9db51d7a95cf388e397f5fd47df8f81e81d746da7022861d3e9a154f79317c0a0850786e369845b0c9bfa145c7cdff1f517736df18902ded7bb26631be053469c93bb38c90ae424db49a5ef2cb7f4 EAP-Message = 0x222727d0e171f050f800770841aa59b75e03ad7b6347c68f12ebe8c30aaff53b56545a5f4e8a115944cf5d0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010505000381810007ec54937b7de53cc833c748c542980d02b511b69d4672715125d48f8678ced5bd0b00f6f987b5776b3aa28132c73073e9d80426ca282f346a026dbcd2b48a94bed0965a5e42d95f90ae17a137cd7eb7b4d01dd0b089692045e46d8741804c412a417525bb5a04bd61f890399f4c8edeb928b28bd8e13d43fd1312cb3eb2deea000315308203113082027aa003020102020100300d06092a864886f70d01010505 EAP-Message = 0x0030818f310b30090603550406130243413110300e06035504081307416c626572746131123010060355040a130947756573742d74656b311c301a060355040b0c134e6574776f726b5f456e67696e656572696e673113301106035504030c0a47544b5f5261646975733127302506092a864886f70d0109011618646966616e2e7a68616f4067756573742d74656b2e636f6d301e170d3130303930393138353531335a170d3133303930383138353531335a30818f310b30090603550406130243413110300e06035504081307416c626572746131123010060355040a130947756573742d74656b311c301a060355040b0c134e6574776f726b5f45 EAP-Message = 0x6e67696e656572696e673113 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc5d7c069c4d4d925bfc9a54021651b76 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 207.230.255.43 port 1645, id=127, length=165 User-Name = "GTCORP\\dzhao" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "EC-30-91-AD-28-82" Calling-Station-Id = "00-11-43-FE-80-19" EAP-Message = 0x020300061900 Message-Authenticator = 0xe86cf0a14287e82d9afc1fccc6353ca0 NAS-Port-Type = Ethernet NAS-Port = 50002 NAS-Port-Id = "FastEthernet0/2" State = 0xc5d7c069c4d4d925bfc9a54021651b76 NAS-IP-Address = 172.17.254.60 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "GTCORP\dzhao", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 127 to 207.230.255.43 port 1645 EAP-Message = 0x010401fd1900301106035504030c0a47544b5f5261646975733127302506092a864886f70d0109011618646966616e2e7a68616f4067756573742d74656b2e636f6d30819f300d06092a864886f70d010101050003818d00308189028181009f1ea17757b157a64e940ce6dea649e05cccda683d39dbe72c431a8a956b4643e934f3485a2181ef8e039c26f6588efb493e18386b766a1509a24d1763f769fe62ebcab959aca1be099e4a9fe2630dd1c00368aacbb6108ccf85ceda5d0312c4a7c2668cbd9aa7a76d7d5ca6045030d668998f522393cca1ff83ebe64a97764d0203010001a37b307930090603551d1304023000302c06096086480186f8 EAP-Message = 0x42010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e04160414a635b43f0bc0dc2d60e8fcd2d741acaa48cf9d46301f0603551d23041830168014a635b43f0bc0dc2d60e8fcd2d741acaa48cf9d46300d06092a864886f70d0101050500038181002cab32daa8379f6fa6bb750ff2cd371a621f73e4a83c123d72794a3b824f0ee2245ae88c28c8382ef9688801b13cd606412d9ee084776a9107d4ba990b121ee83f1280face592649e495303f9c0f5acde8e6ff02c7a27777eb1de9e24f9ae2a30126a5c65ddd9904c121f052e61214a2cb06ef6e36a9cd044afef1761414165b16030100040e EAP-Message = 0x000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc5d7c069c7d3d925bfc9a54021651b76 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 207.230.255.43 port 1645, id=128, length=351 User-Name = "GTCORP\\dzhao" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "EC-30-91-AD-28-82" Calling-Station-Id = "00-11-43-FE-80-19" EAP-Message = 0x020400c01980000000b61603010086100000820080acbf3ab25cd4405e58768e0bfb7d042e5d6fc9504dc65951240bd19c10944c2b0467c1c291cb82ecdf9482df400538c635058ec2dbd95963c7eb4245aba9a8b7030c29d72c4b7bf0c5dfc897bd56c619735cc2c56507fbe8e83e57ef2b56b258bf0def62ec85ede347ab76fd3e0f37cea70d0ac6a76cbaa53c9ec89dcc7bc9a7140301000101160301002063175e5c13d4c070784e7b6971343277835c2eeeb13d792dbd963c2971b01c1a Message-Authenticator = 0x0c2a127af5f39dfdf12067f6a29c54b8 NAS-Port-Type = Ethernet NAS-Port = 50002 NAS-Port-Id = "FastEthernet0/2" State = 0xc5d7c069c7d3d925bfc9a54021651b76 NAS-IP-Address = 172.17.254.60 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "GTCORP\dzhao", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 192 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 182 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 128 to 207.230.255.43 port 1645 EAP-Message = 0x0105003119001403010001011603010020ed08b451d33b062eaa0f4138c46b4184bcf861918920c3ff9dbd52becf855eab Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc5d7c069c6d2d925bfc9a54021651b76 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 207.230.255.43 port 1645, id=129, length=165 User-Name = "GTCORP\\dzhao" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "EC-30-91-AD-28-82" Calling-Station-Id = "00-11-43-FE-80-19" EAP-Message = 0x020500061900 Message-Authenticator = 0x8af3df1074ea7222fcc8ca154e6149e7 NAS-Port-Type = Ethernet NAS-Port = 50002 NAS-Port-Id = "FastEthernet0/2" State = 0xc5d7c069c6d2d925bfc9a54021651b76 NAS-IP-Address = 172.17.254.60 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "GTCORP\dzhao", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 129 to 207.230.255.43 port 1645 EAP-Message = 0x010600201900170301001586151898fc619e37133fa5524113f315b9909231f3 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc5d7c069c1d1d925bfc9a54021651b76 Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 207.230.255.43 port 1645, id=130, length=199 User-Name = "GTCORP\\dzhao" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "EC-30-91-AD-28-82" Calling-Station-Id = "00-11-43-FE-80-19" EAP-Message = 0x020600281900170301001dd82409d045e32890644aa130af428082c229291c73b6dc7ebbc4979c56 Message-Authenticator = 0x0a3a374b89550d7e263b455d3a83dadc NAS-Port-Type = Ethernet NAS-Port = 50002 NAS-Port-Id = "FastEthernet0/2" State = 0xc5d7c069c1d1d925bfc9a54021651b76 NAS-IP-Address = 172.17.254.60 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "GTCORP\dzhao", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 40 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - GTCORP\dzhao [peap] Got tunneled request EAP-Message = 0x02060011014754434f52505c647a68616f server { PEAP: Got tunneled identity of GTCORP\dzhao PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to GTCORP\dzhao Sending tunneled request EAP-Message = 0x02060011014754434f52505c647a68616f FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "GTCORP\\dzhao" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "GTCORP\dzhao", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 6 length 17 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop [sql] expand: %{User-Name} -> GTCORP\dzhao [sql] sql_set_user escaped user --> 'GTCORP\dzhao' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'GTCORP=5Cdzhao' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'GTCORP=5Cdzhao' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'GTCORP=5Cdzhao' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 Tunnel-Type:0 := VLAN Tunnel-Medium-Type:0 := IEEE-802 Tunnel-Private-Group-Id:0 := "3" Tunnel-Preference:0 := 0 EAP-Message = 0x010700261a0107002110259601ce9c1b153e5746871afe79ded94754434f52505c647a68616f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x983c80d5983b9aa7da9c1891755af34d [peap] Got tunneled reply RADIUS code 11 Tunnel-Type:0 := VLAN Tunnel-Medium-Type:0 := IEEE-802 Tunnel-Private-Group-Id:0 := "3" Tunnel-Preference:0 := 0 EAP-Message = 0x010700261a0107002110259601ce9c1b153e5746871afe79ded94754434f52505c647a68616f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x983c80d5983b9aa7da9c1891755af34d [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 130 to 207.230.255.43 port 1645 EAP-Message = 0x0107003d190017030100324d7490ba5edc60d0484f4fbd74796615cdb64c1da05fa54d00f6e5ce5fc06a84e8a63158c1623f6bcaa5179d9cf203c213b4 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc5d7c069c0d0d925bfc9a54021651b76 Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 207.230.255.43 port 1645, id=131, length=253 User-Name = "GTCORP\\dzhao" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "EC-30-91-AD-28-82" Calling-Station-Id = "00-11-43-FE-80-19" EAP-Message = 0x0207005e19001703010053f3ff1815950256ebc46baae1f37834aabcb5e283ce933a84a1f3a020b4a6a0db3e6e175f971544d6be83ca3319ef6a63831cb1e188cfc151c68ff329c312de316a5fec33dffb937ecc3f4939d2a558bbb8253f Message-Authenticator = 0xf4013e56d196f77ec1b34a86b46086d4 NAS-Port-Type = Ethernet NAS-Port = 50002 NAS-Port-Id = "FastEthernet0/2" State = 0xc5d7c069c0d0d925bfc9a54021651b76 NAS-IP-Address = 172.17.254.60 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "GTCORP\dzhao", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 94 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020700471a020700423127e39126e0fcfcdd6a6a6407712ec0d70000000000000000670633ecd838186ac41ed9b2d1ab0892367adc9ff6138ae6004754434f52505c647a68616f server { PEAP: Setting User-Name to GTCORP\dzhao Sending tunneled request EAP-Message = 0x020700471a020700423127e39126e0fcfcdd6a6a6407712ec0d70000000000000000670633ecd838186ac41ed9b2d1ab0892367adc9ff6138ae6004754434f52505c647a68616f FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "GTCORP\\dzhao" State = 0x983c80d5983b9aa7da9c1891755af34d server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "GTCORP\dzhao", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 7 length 71 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop [sql] expand: %{User-Name} -> GTCORP\dzhao [sql] sql_set_user escaped user --> 'GTCORP\dzhao' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'GTCORP=5Cdzhao' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'GTCORP=5Cdzhao' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'GTCORP=5Cdzhao' ORDER BY priority rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] Told to do MS-CHAPv2 for dzhao with NT-Password [mschap] expand: --domain=%{mschap:NT-Domain} -> --domain=GTCORP [mschap] expand: --username=%{mschap:User-Name} -> --username=dzhao [mschap] mschap2: 25 [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=dbbf328ee17a89cd [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=670633ecd838186ac41ed9b2d1ab0892367adc9ff6138ae6 Exec-Program output: NT_KEY: 02B2BD96DDD6E534622928F2A97A80FA Exec-Program-Wait: plaintext: NT_KEY: 02B2BD96DDD6E534622928F2A97A80FA Exec-Program: returned: 0 [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 Tunnel-Type:0 := VLAN Tunnel-Medium-Type:0 := IEEE-802 Tunnel-Private-Group-Id:0 := "3" Tunnel-Preference:0 := 0 EAP-Message = 0x010800331a0307002e533d46433739423541424130363446453135384430453633463232444545413946394341334637383534 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x983c80d599349aa7da9c1891755af34d [peap] Got tunneled reply RADIUS code 11 Tunnel-Type:0 := VLAN Tunnel-Medium-Type:0 := IEEE-802 Tunnel-Private-Group-Id:0 := "3" Tunnel-Preference:0 := 0 EAP-Message = 0x010800331a0307002e533d46433739423541424130363446453135384430453633463232444545413946394341334637383534 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x983c80d599349aa7da9c1891755af34d [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 131 to 207.230.255.43 port 1645 EAP-Message = 0x0108004a1900170301003f571ba5ed89409188fc534651414fad4f14b96fedecf1b633412f8c2311905c53130db2aefe1dd1751559546fb46e31010550f256dc87a90dde3346c925147d Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc5d7c069c3dfd925bfc9a54021651b76 Finished request 6. Going to the next request Waking up in 4.8 seconds. Cleaning up request 0 ID 125 with timestamp +13 Cleaning up request 1 ID 126 with timestamp +13 Cleaning up request 2 ID 127 with timestamp +13 Cleaning up request 3 ID 128 with timestamp +13 Cleaning up request 4 ID 129 with timestamp +13 Cleaning up request 5 ID 130 with timestamp +13 Cleaning up request 6 ID 131 with timestamp +13 Ready to process requests.