FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Nov 14 2010 at 20:41:03 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/eduroam including configuration file /etc/freeradius/sites-enabled/eduroam-inner-tunnel including configuration file /etc/freeradius/eap.conf main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = yes auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } realm NULL { nostrip authhost = LOCAL accthost = LOCAL } realm LOCAL { authhost = LOCAL accthost = LOCAL } realm hs-furtwangen.de { authhost = LOCAL accthost = LOCAL } realm DEFAULT { nostrip authhost = accthost = secret = } radiusd: #### Loading Clients #### client radsecproxy { ipaddr = netmask = 24 require_message_authenticator = no secret = shortname = "proxy" nastype = "other" virtual_server = "eduroam" } client WLC-Tuttlingen { ipaddr = 141.28.214.180 netmask = 24 require_message_authenticator = no secret = shortname = "WLC-TUT" nastype = "other" virtual_server = "eduroam" } client radius-tut { ipaddr = netmask = 24 require_message_authenticator = no secret = shortname = "radius-tut" nastype = "other" virtual_server = "eduroam" } client Test { ipaddr = netmask = 24 require_message_authenticator = no secret = nastype = "other" virtual_server = "eduroam" } radiusd: #### Instantiating modules #### radiusd: #### Loading Virtual Servers #### server eduroam { # from file /etc/freeradius/sites-enabled/eduroam modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/freeradius/radiusd.conf mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/freeradius/eap.conf eap { default_eap_type = "peap" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 2048 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = "/etc/hostcertkey/roaming.key" certificate_file = "/etc/hostcertkey/roaming.pem" CA_file = "/etc/cacert/chain.txt" dh_file = "/etc/hostcertkey/dh" random_file = "/dev/urandom" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = no virtual_server = "eduroam-inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "eduroam-inner-tunnel" } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "auth_log" from file /etc/freeradius/radiusd.conf detail auth_log { detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /etc/freeradius/radiusd.conf realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Checking preacct {...} for more modules to load Module: Checking accounting {...} for more modules to load Module: Instantiating module "detail" from file /etc/freeradius/radiusd.conf detail { detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Checking post-auth {...} for more modules to load Module: Instantiating module "reply_log" from file /etc/freeradius/radiusd.conf detail reply_log { detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } } # modules } # server server eduroam-inner-tunnel { # from file /etc/freeradius/sites-enabled/eduroam-inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/freeradius/radiusd.conf pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/freeradius/radiusd.conf Module: Linked to module rlm_ldap Module: Instantiating module "ldap" from file /etc/freeradius/radiusd.conf ldap { server = "ldap.hs-furtwangen.de" port = 636 password = identity = "cn=radius,cn=services,ou=RZ,dc=hs-furtwangen,dc=de" net_timeout = 1 timeout = 5 timelimit = 3 tls_mode = no start_tls = no tls_require_cert = "allow" tls { start_tls = no cacertfile = "/etc/cacert/chain.txt" require_cert = "never" } basedn = "dc=hs-furtwangen,dc=de" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" base_filter = "(objectclass=radiusprofile)" auto_header = no access_attr_used_for_allow = yes groupname_attribute = "cn" groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" dictionary_mapping = "/etc/freeradius/ldap.tut.attrmap" ldap_debug = 0 ldap_connections_number = 5 compare_check_items = no do_xlat = yes edir_account_policy_check = yes set_auth_type = yes } rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.tut.attrmap rlm_ldap: LDAP userPassword mapped to RADIUS User-Password rlm_ldap: LDAP sambaNTPassword mapped to RADIUS NT-Password rlm_ldap: LDAP sambaLMPassword mapped to RADIUS LM-Password conns: 0x9bdc538 Module: Checking authorize {...} for more modules to load Module: Checking accounting {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server server { # from file /etc/freeradius/radiusd.conf modules { } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 1812 } listen { type = "acct" ipaddr = * port = 1813 } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 141.28.214.180 port 32769, id=43, length=161 User-Name = "radtest" Calling-Station-Id = "00-21-6a-5d-a3-08" Called-Station-Id = "00-23-eb-2d-c9-90:HFU Test" NAS-Port = 1 NAS-IP-Address = 141.28.214.180 NAS-Identifier = "T:WLC2125" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0202000c0172616474657374 Message-Authenticator = 0xbe5287fb99cd975133ddf9d088532784 server eduroam { # Executing section authorize from file /etc/freeradius/sites-enabled/eduroam +- entering group authorize {...} [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] expand: %t -> Tue Apr 5 11:33:20 2011 ++[auth_log] returns ok [suffix] No '@' in User-Name = "radtest", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Realm = "NULL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[mschap] returns noop [eap] EAP packet type response id 2 length 12 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/eduroam +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled } # server eduroam Sending Access-Challenge of id 43 to 141.28.214.180 port 32769 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0df48ea30df7978fcdc12a727210621f Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 43 with timestamp +1 WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: !! EAP session for state 0x0df48ea30df7978f did not finish! WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Ready to process requests. rad_recv: Access-Request packet from host 141.28.214.180 port 32769, id=44, length=161 User-Name = "radtest" Calling-Station-Id = "00-21-6a-5d-a3-08" Called-Station-Id = "00-23-eb-2d-c9-90:HFU Test" NAS-Port = 1 NAS-IP-Address = 141.28.214.180 NAS-Identifier = "T:WLC2125" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0202000c0172616474657374 Message-Authenticator = 0xc960b8472452121948a2202f69df4290 server eduroam { # Executing section authorize from file /etc/freeradius/sites-enabled/eduroam +- entering group authorize {...} [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] expand: %t -> Tue Apr 5 11:33:45 2011 ++[auth_log] returns ok [suffix] No '@' in User-Name = "radtest", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Realm = "NULL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[mschap] returns noop [eap] EAP packet type response id 2 length 12 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/eduroam +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled } # server eduroam Sending Access-Challenge of id 44 to 141.28.214.180 port 32769 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe83c2eb8e83f37bbd4e51a8e35d7b4a2 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 141.28.214.180 port 32769, id=45, length=254 User-Name = "radtest" Calling-Station-Id = "00-21-6a-5d-a3-08" Called-Station-Id = "00-23-eb-2d-c9-90:HFU Test" NAS-Port = 1 NAS-IP-Address = 141.28.214.180 NAS-Identifier = "T:WLC2125" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0203005719800000004d16030100480100004403014d9ae28af79949b7f17f61898f09c2fa10006733a9ccc9a7292b4be01f5e51f900001600040005000a0009006400620003000600130012006301000005ff01000100 State = 0xe83c2eb8e83f37bbd4e51a8e35d7b4a2 Message-Authenticator = 0x547bbf83bad7ae7c3f0d167c74013937 server eduroam { # Executing section authorize from file /etc/freeradius/sites-enabled/eduroam +- entering group authorize {...} [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] expand: %t -> Tue Apr 5 11:33:45 2011 ++[auth_log] returns ok [suffix] No '@' in User-Name = "radtest", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Realm = "NULL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[mschap] returns noop [eap] EAP packet type response id 3 length 87 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/eduroam +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 77 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0048], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0031], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 1204], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled } # server eduroam Sending Access-Challenge of id 45 to 141.28.214.180 port 32769 EAP-Message = 0x0104040019c00000124816030100310200002d03014d9ae1f9146b23e42a1f51863659900123bed87622c8121f0c67709769918d9a000004000005ff0100010016030112040b0012000011fd00050d30820509308203f1a00302010202041127fb4c300d06092a864886f70d0101050500308184310b3009060355040613024445311e301c060355040a1315486f6368736368756c65204675727477616e67656e31163014060355040b130d52656368656e7a656e7472756d311530130603550403130c484655204341202d204730313126302406092a864886f70d0109011617706b692d63614068732d6675727477616e67656e2e6465301e170d31 EAP-Message = 0x30313231353038333530395a170d3135313231343038333530395a3050310b3009060355040613024445311e301c060355040a1315486f6368736368756c65204675727477616e67656e3121301f06035504031318726f616d696e672e68732d6675727477616e67656e2e646530820122300d06092a864886f70d01010105000382010f003082010a0282010100c8549eea64c075f00ec1d5f6a1b85ddef03a831bcffbe2f6bc1deb9bcb46bd531a359cf5689bf81b025da1afa10340026012bcbcf0bfb76a78b9cf8413a375c257e5ba3f5857b389e2f45fbf845d0f7a5d3d03ee278ee73ee73b505b4843508bfcedbc580808bce894c0cd5c8ec3f5 EAP-Message = 0x16fa81c3bf8c9d2c442410e7d038dcaaefcb7d04cdb193ae4a54c090354c396456a4c83c8753cc770062d4b6ae7939b877d0d25f8c15034f10fc162813742e0a5e95028ded7f0fd1991acb32c845612052bee3d4c9d128e9cb0f9a83b3a109b387572823aec2a436649e4efbae5650f7d6f344fec3563b5513dacd451641e03e6f1cdec5f3338e416e131fd91919902c710203010001a38201b4308201b030090603551d1304023000300b0603551d0f0404030205e0301d0603551d250416301406082b0601050507030206082b06010505070301301d0603551d0e041604145fe0d5865c9629ac0b6f55d280ee9cc5f184245b301f0603551d230418 EAP-Message = 0x301680146870100dc92d7306f988183e9f8b8ced290016c730818d0603551d1f048185308182303fa03da03b8639687474703a2f2f636470312e7063612e64666e2e64652f68732d6675727477616e67656e2d63612f7075622f63726c2f636163726c2e63726c303fa03da03b8639687474703a2f2f636470322e7063612e64666e2e64652f68732d6675727477616e67656e2d63612f7075622f63726c2f636163726c2e63726c3081a606082b06010505070101048199308196304906082b06010505073002863d687474703a2f2f636470312e7063612e64666e2e64652f68732d6675727477616e67656e2d63612f7075622f6361636572742f63 EAP-Message = 0x61636572742e637274304906 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe83c2eb8e93837bbd4e51a8e35d7b4a2 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 141.28.214.180 port 32769, id=46, length=173 User-Name = "radtest" Calling-Station-Id = "00-21-6a-5d-a3-08" Called-Station-Id = "00-23-eb-2d-c9-90:HFU Test" NAS-Port = 1 NAS-IP-Address = 141.28.214.180 NAS-Identifier = "T:WLC2125" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020400061900 State = 0xe83c2eb8e93837bbd4e51a8e35d7b4a2 Message-Authenticator = 0x64c0861e6012487f8ed4c33974244ec8 server eduroam { # Executing section authorize from file /etc/freeradius/sites-enabled/eduroam +- entering group authorize {...} [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] expand: %t -> Tue Apr 5 11:33:45 2011 ++[auth_log] returns ok [suffix] No '@' in User-Name = "radtest", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Realm = "NULL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[mschap] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/eduroam +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled } # server eduroam Sending Access-Challenge of id 46 to 141.28.214.180 port 32769 EAP-Message = 0x010503fc1940082b06010505073002863d687474703a2f2f636470322e7063612e64666e2e64652f68732d6675727477616e67656e2d63612f7075622f6361636572742f6361636572742e637274300d06092a864886f70d01010505000382010100a28b6030d5a8144fd3e32c1fe1197116678f159fecb847d4c1cf98602690541bb1bc10710518745c547b95beba23463334626175e4069f788eb17c523a3659687e123176c11822631c9bbeed5c25d6f0694f140b256c8516ed7ee1a15b13250caa0aacf5a2ec1ae4d61ccf6ed6947e1cdc80db8b98b2bae6f7d31e3a4cef578f8e0679d24a598641e59b140318d6a56b7d144137af064eb3db7868 EAP-Message = 0x1cafe8d7338ceb057465719780f3e281310d63bf766a6fc048495cca0d6e9bc90a4e31158959cbcc93687c2e7a7c48500207594685389d4e4937d05dd0852eeb4a76d6bd275d1c03c1ddb28a2c408413532fcc9956ef90f6ef29e016d1729dc758b063846800051c3082051830820400a00302010202040d65ae5f300d06092a864886f70d0101050500305a310b300906035504061302444531133011060355040a130a44464e2d56657265696e3110300e060355040b130744464e2d504b49312430220603550403131b44464e2d56657265696e2050434120476c6f62616c202d20473031301e170d3038313231353130323632345a170d31393036 EAP-Message = 0x33303030303030305a308184310b3009060355040613024445311e301c060355040a1315486f6368736368756c65204675727477616e67656e31163014060355040b130d52656368656e7a656e7472756d311530130603550403130c484655204341202d204730313126302406092a864886f70d0109011617706b692d63614068732d6675727477616e67656e2e646530820122300d06092a864886f70d01010105000382010f003082010a0282010100d7c167db2fa042072f16272a1e3f8303e897ef042728f0cc3d33baeeedce56c06a07177cf342ec9a45749e44e17b29e6b14de868de065c3c87981cf127b763a6e67cb8d27963a216111f5fc4 EAP-Message = 0x98b931cde9e21248604feead578f840b0ea4f8049363c221bf6e5968d9dff06d7a8e79ad5521012109568d1dac939e6ee251da42b5f20835e19a049f11aabea1a34877b91d4f79dcd51d2872312c5e61838d809137e57e384d740078fdf15db7e38bb612924f8bcf808c6f340b96db906b51aaec8fbd52d8c4b43a317c10bf7610988892a3310bfce9f8881a795955557632fb8d5f2e0d87ebcfd083de3970e56893979a41aa036b42674ce3eba89076a4a546090203010001a38201b9308201b530120603551d130101ff040830060101ff020101300b0603551d0f040403020106301d0603551d0e041604146870100dc92d7306f988183e9f8b8ced EAP-Message = 0x290016c7301f0603 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe83c2eb8ea3937bbd4e51a8e35d7b4a2 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 141.28.214.180 port 32769, id=47, length=173 User-Name = "radtest" Calling-Station-Id = "00-21-6a-5d-a3-08" Called-Station-Id = "00-23-eb-2d-c9-90:HFU Test" NAS-Port = 1 NAS-IP-Address = 141.28.214.180 NAS-Identifier = "T:WLC2125" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020500061900 State = 0xe83c2eb8ea3937bbd4e51a8e35d7b4a2 Message-Authenticator = 0x3acd2b1e5ea2944551e62092a1b8c745 server eduroam { # Executing section authorize from file /etc/freeradius/sites-enabled/eduroam +- entering group authorize {...} [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] expand: %t -> Tue Apr 5 11:33:45 2011 ++[auth_log] returns ok [suffix] No '@' in User-Name = "radtest", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Realm = "NULL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[mschap] returns noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/eduroam +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled } # server eduroam Sending Access-Challenge of id 47 to 141.28.214.180 port 32769 EAP-Message = 0x010603fc1940551d2304183016801449b7c6cfe83d1f7fea447b1329f7f10a703ede6430220603551d11041b30198117706b692d63614068732d6675727477616e67656e2e64653081880603551d1f048180307e303da03ba0398637687474703a2f2f636470312e7063612e64666e2e64652f676c6f62616c2d726f6f742d63612f7075622f63726c2f636163726c2e63726c303da03ba0398637687474703a2f2f636470322e7063612e64666e2e64652f676c6f62616c2d726f6f742d63612f7075622f63726c2f636163726c2e63726c3081a206082b06010505070101048195308192304706082b06010505073002863b687474703a2f2f636470 EAP-Message = 0x312e7063612e64666e2e64652f676c6f62616c2d726f6f742d63612f7075622f6361636572742f6361636572742e637274304706082b06010505073002863b687474703a2f2f636470322e7063612e64666e2e64652f676c6f62616c2d726f6f742d63612f7075622f6361636572742f6361636572742e637274300d06092a864886f70d0101050500038201010066b6d7674d132640bc5a577fb591857aa186921985ba7f66e3cb33d909d74a8aa51e1761a3341797aa9eab529751f2b94edf3c7fdcca04daf379b26e121cccd8496d7baf379a19dded35a3530a41c4ab6d215c3a28970f70a6f4be1333953d6c310e6cd09350935569903a02cf3eb0 EAP-Message = 0xa21f7a1b4c2ed599dca835750533e08d084ebcbafa687e7dbb5eccabac200694836ad69aab2e78d59e1bf0b6783a05249552cb2624bc0aa918a923c5d5df8887f885a6aa722c02d38f1b58ddbf69bfbb167feb3b028b104f5bc46dbef112556696a98ebfd4d53227a9e366cec32a2c5c4d10eb1e2ee00e73c0a0863ca430dcffc703ef9e2ea8b2b7676a13d84710c6fee30004253082042130820309a003020102020200c7300d06092a864886f70d01010505003071310b3009060355040613024445311c301a060355040a131344657574736368652054656c656b6f6d204147311f301d060355040b1316542d54656c655365632054727573742043 EAP-Message = 0x656e746572312330210603550403131a44657574736368652054656c656b6f6d20526f6f742043412032301e170d3036313231393130323930305a170d3139303633303233353930305a305a310b300906035504061302444531133011060355040a130a44464e2d56657265696e3110300e060355040b130744464e2d504b49312430220603550403131b44464e2d56657265696e2050434120476c6f62616c202d2047303130820122300d06092a864886f70d01010105000382010f003082010a0282010100e99bc36785f90daef58d54c39650353d62e96e4ced94d7005b952274d420eb348fd6ecc031040b9981e2a614d252a02823848b748904 EAP-Message = 0x5e5be0e278c178cb Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe83c2eb8eb3a37bbd4e51a8e35d7b4a2 Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 141.28.214.180 port 32769, id=48, length=173 User-Name = "radtest" Calling-Station-Id = "00-21-6a-5d-a3-08" Called-Station-Id = "00-23-eb-2d-c9-90:HFU Test" NAS-Port = 1 NAS-IP-Address = 141.28.214.180 NAS-Identifier = "T:WLC2125" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020600061900 State = 0xe83c2eb8eb3a37bbd4e51a8e35d7b4a2 Message-Authenticator = 0xbd0545a2cdd211e55cfa7f92ec9df58d server eduroam { # Executing section authorize from file /etc/freeradius/sites-enabled/eduroam +- entering group authorize {...} [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] expand: %t -> Tue Apr 5 11:33:45 2011 ++[auth_log] returns ok [suffix] No '@' in User-Name = "radtest", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Realm = "NULL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[mschap] returns noop [eap] EAP packet type response id 6 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/eduroam +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled } # server eduroam Sending Access-Challenge of id 48 to 141.28.214.180 port 32769 EAP-Message = 0x010703fc194016cb2835397b2d9045d0eda0007a7cbf4a0e1b00c386e95c2b31117b0cf38224438c1c388b6a68009aeedc4f78abd2c6139b76adeede26e8ef01af740fc109a2f66bcebdd3cd14304ff5e5e3a4c8629b821a0327300d0265604dedd109232a96355827d376c671b6901dc4edff35867d6f33b3db0fc511c28a83a1945d416bd8d210f54cfdca51acd9bdef9283bbdaeb8b16565643cfe1d5133da61f2730cd4954dbc913349a7175c56ceaa70b98f9219d27af3ea33939486a8cadc999fbc312f2bd0203010001a381d93081d630700603551d1f046930673065a063a061865f687474703a2f2f706b692e74656c657365632e64652f63 EAP-Message = 0x67692d62696e2f736572766963652f61665f446f776e6c6f616441524c2e63726c3f2d63726c5f666f726d61743d585f353039262d6973737565723d44545f524f4f545f43415f32301d0603551d0e0416041449b7c6cfe83d1f7fea447b1329f7f10a703ede64301f0603551d2304183016801431c3791bbaf553d717e0897a2d176c0ab32b9d33300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020102300d06092a864886f70d010105050003820101003be15a77c04817dca918ec81af5a89f0bd2892a6ca59181270ec28f2e7ae7f962ce7f25d1931f6132b74bdbd80b2b9f767c939a2793be11111ee6b7891 EAP-Message = 0x337e3b5f26277553658e3363eecf73c3b092234921507523a11f18e294853d3f33e977208da2bde6a1852940f63f7332580d096ba6da856cc03fbb8d666456244eae0d3f3235015be98c82d972594fb18685f1748556e5c3f85cf38dee47b3530570e7e54d8a698328e11309869e5ec8ea581e0c1ff9a4d45a0468fd283e8b02b658b5f6a12c37570067ab23688d63a5ef996b5cfd4b56f6ab408734d411926cec87c50a0b073372b46f0c1d542cd851c7ccbf30d34372f132bf8cce4963a800f7f21c0003a33082039f30820287a003020102020126300d06092a864886f70d01010505003071310b3009060355040613024445311c301a060355040a EAP-Message = 0x131344657574736368652054656c656b6f6d204147311f301d060355040b1316542d54656c655365632054727573742043656e746572312330210603550403131a44657574736368652054656c656b6f6d20526f6f742043412032301e170d3939303730393132313130305a170d3139303730393233353930305a3071310b3009060355040613024445311c301a060355040a131344657574736368652054656c656b6f6d204147311f301d060355040b1316542d54656c655365632054727573742043656e746572312330210603550403131a44657574736368652054656c656b6f6d20526f6f74204341203230820122300d06092a864886f70d01 EAP-Message = 0x010105000382010f Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe83c2eb8ec3b37bbd4e51a8e35d7b4a2 Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 141.28.214.180 port 32769, id=49, length=173 User-Name = "radtest" Calling-Station-Id = "00-21-6a-5d-a3-08" Called-Station-Id = "00-23-eb-2d-c9-90:HFU Test" NAS-Port = 1 NAS-IP-Address = 141.28.214.180 NAS-Identifier = "T:WLC2125" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020700061900 State = 0xe83c2eb8ec3b37bbd4e51a8e35d7b4a2 Message-Authenticator = 0x846e938a7405518336605d2c45865006 server eduroam { # Executing section authorize from file /etc/freeradius/sites-enabled/eduroam +- entering group authorize {...} [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] expand: %t -> Tue Apr 5 11:33:45 2011 ++[auth_log] returns ok [suffix] No '@' in User-Name = "radtest", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Realm = "NULL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[mschap] returns noop [eap] EAP packet type response id 7 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/eduroam +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled } # server eduroam Sending Access-Challenge of id 49 to 141.28.214.180 port 32769 EAP-Message = 0x010802761900003082010a0282010100ab0ba335e08b2914b11485af3c10e4396f355d4aaeddea618d9549f46f64a31a6066a4a9402284d9d4a5e578930e6801adb94d5c3aced3b8a84240dfcfa3ba82596a921bac1c9ada082b2527f9692347f1e0eb2c7a9bf51302d07e347cc29e3c0059abf5da0cf5323c2bac50dad6c3de8394caa80c99320e0848565b6afbdae1585801495f72413c1506018e5dadaab893b4cd9eeba7e86a2d5234db3aef5c7551dadbf331f9ee719832c45415440cf99b55edaddf1808a0a3868a49ee53058f194cd5de58799bd26a1c42abc5d5a7cf680f96e4e161987661c8917cd63e00e2915087e19d0ae6ad97d21dc63a EAP-Message = 0x7dcbbcda0334d58e5b01f56a07b716b66e4a7f0203010001a3423040301d0603551d0e0416041431c3791bbaf553d717e0897a2d176c0ab32b9d33300f0603551d13040830060101ff020105300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100946459ad3964e729eb13fe5ac38b1357c80424f07477c060e367fbe989a683bf96827c6ed4c33def9e806ebb29b4987ab13b54eb3917477e1a8e0bfc1f31593104b2ce17f32cc7623655e222d88955b49848aa64fad61c36d844785a5a233a5797f57a304fae9f6a4c4b2b8ea003e33ee0a9d4d27bd2b3a8e2723cad9eff8059e49b45b4f63bb0cd39199832e5 EAP-Message = 0xea216190e431218e34b1f72f354a8510dae78a3721be5963e0f285883153d45414857079f42e067727752f1fb88af9fec5bad836e483ece765b7bf635af346af819437d4418cd623d61ecff5681b4463a25abaa73559a1e570059b0e235799940a6dba3963288692f31884d8fbd1cf0556645716030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe83c2eb8ed3437bbd4e51a8e35d7b4a2 Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 141.28.214.180 port 32769, id=50, length=489 User-Name = "radtest" Calling-Station-Id = "00-21-6a-5d-a3-08" Called-Station-Id = "00-23-eb-2d-c9-90:HFU Test" NAS-Port = 1 NAS-IP-Address = 141.28.214.180 NAS-Identifier = "T:WLC2125" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0208014019800000013616030101061000010201004db81b4a0093308d7e31abc62a7f8c5bbf911adc129084ca70fedce3986c8374fbcbc7457b8530cd629ff472609cebc8a18d754a022ef2aa8996e48e5dab390f52f9aae7ca57acf9f4359ad2f1677a6dfac405cac9c006cb45537e0564839966a7d16ca6504587951d78ee42a5790433011caccc90529e45e90adbdee707104887b48103d26a4079f12461a1aac69b0b39c56892839fdf7c2dfe2da42f160cc2f20db9d0467f50c0a70c638a15dd5e1ec5f0e6137ee17ead480a952b6205c2d0e536a2126cfa16f16a1f9132d9277cfb74c22b0bff8215b201b77097195d56b2b028d2e84fd6cf01 EAP-Message = 0xa2f6002cef0802e817e4346f10ef6f25027d7d4919b31c4014030100010116030100204cd8468f2e9a931a9cdf61a3fe78008189be4dda5ee2b6374849cdcd9f4a67dd State = 0xe83c2eb8ed3437bbd4e51a8e35d7b4a2 Message-Authenticator = 0xe5b71591469382ea6b9b95d5603671ff server eduroam { # Executing section authorize from file /etc/freeradius/sites-enabled/eduroam +- entering group authorize {...} [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] expand: %t -> Tue Apr 5 11:33:45 2011 ++[auth_log] returns ok [suffix] No '@' in User-Name = "radtest", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Realm = "NULL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[mschap] returns noop [eap] EAP packet type response id 8 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/eduroam +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 310 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled } # server eduroam Sending Access-Challenge of id 50 to 141.28.214.180 port 32769 EAP-Message = 0x0109003119001403010001011603010020f0ec5a7a4591b1164e546736ddb3b4049f4ed6c86c8578209764237c951370f2 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe83c2eb8ee3537bbd4e51a8e35d7b4a2 Finished request 7. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 141.28.214.180 port 32769, id=51, length=173 User-Name = "radtest" Calling-Station-Id = "00-21-6a-5d-a3-08" Called-Station-Id = "00-23-eb-2d-c9-90:HFU Test" NAS-Port = 1 NAS-IP-Address = 141.28.214.180 NAS-Identifier = "T:WLC2125" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020900061900 State = 0xe83c2eb8ee3537bbd4e51a8e35d7b4a2 Message-Authenticator = 0x37a52f766e82aa67d4da7db63f932a89 server eduroam { # Executing section authorize from file /etc/freeradius/sites-enabled/eduroam +- entering group authorize {...} [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] expand: %t -> Tue Apr 5 11:33:45 2011 ++[auth_log] returns ok [suffix] No '@' in User-Name = "radtest", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Realm = "NULL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[mschap] returns noop [eap] EAP packet type response id 9 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/eduroam +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] returns handled } # server eduroam Sending Access-Challenge of id 51 to 141.28.214.180 port 32769 EAP-Message = 0x010a002019001703010015ddcf53d9ffbbf9b84964035a9c7e2ac182c93e5808 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe83c2eb8ef3637bbd4e51a8e35d7b4a2 Finished request 8. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 141.28.214.180 port 32769, id=52, length=202 User-Name = "radtest" Calling-Station-Id = "00-21-6a-5d-a3-08" Called-Station-Id = "00-23-eb-2d-c9-90:HFU Test" NAS-Port = 1 NAS-IP-Address = 141.28.214.180 NAS-Identifier = "T:WLC2125" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020a0023190017030100188ec9582e4aa210e61067b9fa4692ff9f2290c5ab0b80cbcc State = 0xe83c2eb8ef3637bbd4e51a8e35d7b4a2 Message-Authenticator = 0xb4997c7c7b29ca1cd073e7677e6c2902 server eduroam { # Executing section authorize from file /etc/freeradius/sites-enabled/eduroam +- entering group authorize {...} [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] expand: %t -> Tue Apr 5 11:33:45 2011 ++[auth_log] returns ok [suffix] No '@' in User-Name = "radtest", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Realm = "NULL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[mschap] returns noop [eap] EAP packet type response id 10 length 35 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/eduroam +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - radtest [peap] Got inner identity 'radtest' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x020a000c0172616474657374 server eduroam { PEAP: Setting User-Name to radtest Sending tunneled request EAP-Message = 0x020a000c0172616474657374 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "radtest" Calling-Station-Id = "00-21-6a-5d-a3-08" Called-Station-Id = "00-23-eb-2d-c9-90:HFU Test" NAS-Port = 1 NAS-IP-Address = 141.28.214.180 NAS-Identifier = "T:WLC2125" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 server eduroam-inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/eduroam-inner-tunnel +- entering group authorize {...} [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] expand: %t -> Tue Apr 5 11:33:45 2011 ++[auth_log] returns ok [suffix] No '@' in User-Name = "radtest", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Realm = "NULL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [ldap] performing user authorization for radtest [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [ldap] ... expanding second conditional [ldap] expand: %{User-Name} -> radtest [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=radtest) [ldap] expand: dc=hs-furtwangen,dc=de -> dc=hs-furtwangen,dc=de [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] attempting LDAP reconnection [ldap] (re)connect to ldap.hs-furtwangen.de:636, authentication 0 [ldap] setting TLS mode to 1 [ldap] setting TLS CACert File to /etc/cacert/chain.txt [ldap] setting TLS Require Cert to never [ldap] bind as cn=radius,cn=services,ou=RZ,dc=hs-furtwangen,dc=de/ to ldap.hs-furtwangen.de:636 [ldap] waiting for bind result ... [ldap] Bind was successful [ldap] performing search in dc=hs-furtwangen,dc=de, with filter (uid=radtest) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] sambaLMPassword -> LM-Password == 0x3632344141433431333739354344433141414433423433354235313430344545 [ldap] sambaNTPassword -> NT-Password == 0x4335413233374237453944384537303844383433364236313438413235464131 [ldap] userPassword -> User-Password == "{CRYPT}Yc/faQ1cq/1m6" [ldap] looking for reply items in directory... [ldap] user radtest authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 10 length 12 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # Executing group from file /etc/freeradius/sites-enabled/eduroam-inner-tunnel +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server eduroam-inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010b00211a010b001c10170d27179e985265e26a79c4a1acfe8e72616474657374 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb06020c8b06b3a5c6a850d7a3361c48a [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010b00211a010b001c10170d27179e985265e26a79c4a1acfe8e72616474657374 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb06020c8b06b3a5c6a850d7a3361c48a [peap] Got tunneled Access-Challenge ++[eap] returns handled } # server eduroam Sending Access-Challenge of id 52 to 141.28.214.180 port 32769 EAP-Message = 0x010b00381900170301002d23e706c6c89630750236707494c3200887d4af602452af6a9adced2c7b4345d0ef96f87e93afe28663d01b0b83 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe83c2eb8e03737bbd4e51a8e35d7b4a2 Finished request 9. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 141.28.214.180 port 32769, id=53, length=256 User-Name = "radtest" Calling-Station-Id = "00-21-6a-5d-a3-08" Called-Station-Id = "00-23-eb-2d-c9-90:HFU Test" NAS-Port = 1 NAS-IP-Address = 141.28.214.180 NAS-Identifier = "T:WLC2125" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020b00591900170301004eb04da48c8d2af2b693a564d9d1c139665c35b5f72f99c127dfbb288e89042ef544cfada47d8c3a341ede949728138ec6ddb25fa88e6670969c3f638e04786c37e1dfbbf6f8abf8aa21bf9e594dd9 State = 0xe83c2eb8e03737bbd4e51a8e35d7b4a2 Message-Authenticator = 0xcbe2c1feea27623b802620825dd4ac8e server eduroam { # Executing section authorize from file /etc/freeradius/sites-enabled/eduroam +- entering group authorize {...} [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] expand: %t -> Tue Apr 5 11:33:45 2011 ++[auth_log] returns ok [suffix] No '@' in User-Name = "radtest", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Realm = "NULL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[mschap] returns noop [eap] EAP packet type response id 11 length 89 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/eduroam +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020b00421a020b003d31c139a390c9b94f1b8ba860edde53f7bf0000000000000000017f6d846cf996e4677cce5a24b8c2f1fb652d0bd9894be30072616474657374 server eduroam { PEAP: Setting User-Name to radtest Sending tunneled request EAP-Message = 0x020b00421a020b003d31c139a390c9b94f1b8ba860edde53f7bf0000000000000000017f6d846cf996e4677cce5a24b8c2f1fb652d0bd9894be30072616474657374 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "radtest" State = 0xb06020c8b06b3a5c6a850d7a3361c48a Calling-Station-Id = "00-21-6a-5d-a3-08" Called-Station-Id = "00-23-eb-2d-c9-90:HFU Test" NAS-Port = 1 NAS-IP-Address = 141.28.214.180 NAS-Identifier = "T:WLC2125" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 server eduroam-inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/eduroam-inner-tunnel +- entering group authorize {...} [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] expand: %t -> Tue Apr 5 11:33:45 2011 ++[auth_log] returns ok [suffix] No '@' in User-Name = "radtest", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Realm = "NULL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [ldap] performing user authorization for radtest [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [ldap] ... expanding second conditional [ldap] expand: %{User-Name} -> radtest [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=radtest) [ldap] expand: dc=hs-furtwangen,dc=de -> dc=hs-furtwangen,dc=de [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=hs-furtwangen,dc=de, with filter (uid=radtest) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] sambaLMPassword -> LM-Password == 0x3632344141433431333739354344433141414433423433354235313430344545 [ldap] sambaNTPassword -> NT-Password == 0x4335413233374237453944384537303844383433364236313438413235464131 [ldap] userPassword -> User-Password == "{CRYPT}Yc/faQ1cq/1m6" [ldap] looking for reply items in directory... [ldap] user radtest authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 11 length 66 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # Executing group from file /etc/freeradius/sites-enabled/eduroam-inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/eduroam-inner-tunnel [mschapv2] +- entering group MS-CHAP {...} [mschap] Found LM-Password [mschap] Found NT-Password [mschap] Creating challenge hash with username: radtest [mschap] Told to do MS-CHAPv2 for radtest with NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server eduroam-inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010c00331a030b002e533d46414243374142344541323530383736383644413332383844413346383839363446353545383841 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb06020c8b16c3a5c6a850d7a3361c48a [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010c00331a030b002e533d46414243374142344541323530383736383644413332383844413346383839363446353545383841 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb06020c8b16c3a5c6a850d7a3361c48a [peap] Got tunneled Access-Challenge ++[eap] returns handled } # server eduroam Sending Access-Challenge of id 53 to 141.28.214.180 port 32769 EAP-Message = 0x010c004a1900170301003fe211d54e4d7e92d7a2e91e9ce78da793b9d8af1513eb722658b6dbb48b70e356ababc13c807017aa9199b72291841df9ceccf1ab43f90d988016cb2657f8ba Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe83c2eb8e13037bbd4e51a8e35d7b4a2 Finished request 10. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 141.28.214.180 port 32769, id=54, length=196 User-Name = "radtest" Calling-Station-Id = "00-21-6a-5d-a3-08" Called-Station-Id = "00-23-eb-2d-c9-90:HFU Test" NAS-Port = 1 NAS-IP-Address = 141.28.214.180 NAS-Identifier = "T:WLC2125" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020c001d19001703010012fa53e9f7f9f2df4d88fedaf0ad946ad07013 State = 0xe83c2eb8e13037bbd4e51a8e35d7b4a2 Message-Authenticator = 0x8618791417ae8e0b2ed54c53c268e883 server eduroam { # Executing section authorize from file /etc/freeradius/sites-enabled/eduroam +- entering group authorize {...} [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] expand: %t -> Tue Apr 5 11:33:45 2011 ++[auth_log] returns ok [suffix] No '@' in User-Name = "radtest", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Realm = "NULL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[mschap] returns noop [eap] EAP packet type response id 12 length 29 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/eduroam +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020c00061a03 server eduroam { PEAP: Setting User-Name to radtest Sending tunneled request EAP-Message = 0x020c00061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "radtest" State = 0xb06020c8b16c3a5c6a850d7a3361c48a Calling-Station-Id = "00-21-6a-5d-a3-08" Called-Station-Id = "00-23-eb-2d-c9-90:HFU Test" NAS-Port = 1 NAS-IP-Address = 141.28.214.180 NAS-Identifier = "T:WLC2125" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 server eduroam-inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/eduroam-inner-tunnel +- entering group authorize {...} [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] expand: %t -> Tue Apr 5 11:33:45 2011 ++[auth_log] returns ok [suffix] No '@' in User-Name = "radtest", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Realm = "NULL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [ldap] performing user authorization for radtest [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [ldap] ... expanding second conditional [ldap] expand: %{User-Name} -> radtest [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=radtest) [ldap] expand: dc=hs-furtwangen,dc=de -> dc=hs-furtwangen,dc=de [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=hs-furtwangen,dc=de, with filter (uid=radtest) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] sambaLMPassword -> LM-Password == 0x3632344141433431333739354344433141414433423433354235313430344545 [ldap] sambaNTPassword -> NT-Password == 0x4335413233374237453944384537303844383433364236313438413235464131 [ldap] userPassword -> User-Password == "{CRYPT}Yc/faQ1cq/1m6" [ldap] looking for reply items in directory... [ldap] user radtest authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 12 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # Executing group from file /etc/freeradius/sites-enabled/eduroam-inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Freeing handler ++[eap] returns ok Login OK: [radtest] (from client WLC-TUT port 1 cli 00-21-6a-5d-a3-08 via TLS tunnel) # Executing section post-auth from file /etc/freeradius/sites-enabled/eduroam-inner-tunnel +- entering group post-auth {...} [reply_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /var/log/freeradius/radacct/141.28.214.180/reply-detail-20110405 [reply_log] /var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/freeradius/radacct/141.28.214.180/reply-detail-20110405 [reply_log] expand: %t -> Tue Apr 5 11:33:45 2011 ++[reply_log] returns ok } # server eduroam-inner-tunnel [peap] Got tunneled reply code 2 MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 MS-MPPE-Send-Key = 0x62c69f956753443530a820a4aad71e59 MS-MPPE-Recv-Key = 0x708f7e79bd84ef323efe066639d68609 EAP-Message = 0x030c0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "radtest" [peap] Got tunneled reply RADIUS code 2 MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 MS-MPPE-Send-Key = 0x62c69f956753443530a820a4aad71e59 MS-MPPE-Recv-Key = 0x708f7e79bd84ef323efe066639d68609 EAP-Message = 0x030c0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "radtest" [peap] Tunneled authentication was successful. [peap] SUCCESS ++[eap] returns handled } # server eduroam Sending Access-Challenge of id 54 to 141.28.214.180 port 32769 EAP-Message = 0x010d00261900170301001bdb9d9c94da55b96cc4a2b2ea02cd86c4508b001cbfdf42e52d3266 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe83c2eb8e23137bbd4e51a8e35d7b4a2 Finished request 11. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 141.28.214.180 port 32769, id=55, length=205 User-Name = "radtest" Calling-Station-Id = "00-21-6a-5d-a3-08" Called-Station-Id = "00-23-eb-2d-c9-90:HFU Test" NAS-Port = 1 NAS-IP-Address = 141.28.214.180 NAS-Identifier = "T:WLC2125" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020d00261900170301001b31987c1588cd29159abc960e9bcb48ba810cc2f7052765e88e93d7 State = 0xe83c2eb8e23137bbd4e51a8e35d7b4a2 Message-Authenticator = 0x4540cc66475f032672da12c850ea20ec server eduroam { # Executing section authorize from file /etc/freeradius/sites-enabled/eduroam +- entering group authorize {...} [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/141.28.214.180/auth-detail-20110405 [auth_log] expand: %t -> Tue Apr 5 11:33:45 2011 ++[auth_log] returns ok [suffix] No '@' in User-Name = "radtest", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Realm = "NULL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[mschap] returns noop [eap] EAP packet type response id 13 length 38 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/eduroam +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv success [peap] Received EAP-TLV response. [peap] Success [eap] Freeing handler ++[eap] returns ok Login OK: [radtest] (from client WLC-TUT port 1 cli 00-21-6a-5d-a3-08) # Executing section post-auth from file /etc/freeradius/sites-enabled/eduroam +- entering group post-auth {...} [reply_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /var/log/freeradius/radacct/141.28.214.180/reply-detail-20110405 [reply_log] /var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/freeradius/radacct/141.28.214.180/reply-detail-20110405 [reply_log] expand: %t -> Tue Apr 5 11:33:45 2011 ++[reply_log] returns ok ++? if ("%{reply:User-Name}" !~ /.*@.*/) expand: %{reply:User-Name} -> radtest ? Evaluating ("%{reply:User-Name}" !~ /.*@.*/) -> TRUE ++? if ("%{reply:User-Name}" !~ /.*@.*/) -> TRUE ++- entering if ("%{reply:User-Name}" !~ /.*@.*/) {...} +++? if ("%{request:User-Name}" =~ /(.*)@(.*)/) expand: %{request:User-Name} -> radtest ? Evaluating ("%{request:User-Name}" =~ /(.*)@(.*)/) -> FALSE +++? if ("%{request:User-Name}" =~ /(.*)@(.*)/) -> FALSE ++- if ("%{reply:User-Name}" !~ /.*@.*/) returns ok } # server eduroam Sending Access-Accept of id 55 to 141.28.214.180 port 32769 MS-MPPE-Recv-Key = 0xce4d1dc2f73c2c7257d3925a24228b09ba94de6da1d2082f60f15b33efe15d74 MS-MPPE-Send-Key = 0xa6e1ad69f5045515dbac4e3e3d13db7faf2b347f5180ef2a7d4084eefebc3c0b EAP-Message = 0x030d0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "radtest" Finished request 12. Going to the next request Waking up in 4.7 seconds. rad_recv: Accounting-Request packet from host 141.28.214.180 port 32769, id=83, length=147 User-Name = "radtest" NAS-Port = 1 NAS-IP-Address = 141.28.214.180 Framed-IP-Address = 141.28.197.99 NAS-Identifier = "T:WLC2125" Airespace-Wlan-Id = 3 Acct-Session-Id = "4d9ae280/00:21:6a:5d:a3:08/26017" Acct-Authentic = RADIUS Acct-Status-Type = Start Calling-Station-Id = "141.28.197.99" Called-Station-Id = "141.28.214.180" server eduroam { # Executing section preacct from file /etc/freeradius/sites-enabled/eduroam +- entering group preacct {...} [suffix] No '@' in User-Name = "radtest", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Realm = "NULL" [suffix] Accounting realm is LOCAL. ++[suffix] returns ok # Executing section accounting from file /etc/freeradius/sites-enabled/eduroam +- entering group accounting {...} [detail] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/141.28.214.180/detail-20110405 [detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/141.28.214.180/detail-20110405 [detail] expand: %t -> Tue Apr 5 11:33:49 2011 ++[detail] returns ok } # server eduroam Sending Accounting-Response of id 83 to 141.28.214.180 port 32769 Finished request 13. Cleaning up request 13 ID 83 with timestamp +30 Going to the next request Waking up in 0.8 seconds. Cleaning up request 1 ID 44 with timestamp +26 Cleaning up request 2 ID 45 with timestamp +26 Cleaning up request 3 ID 46 with timestamp +26 Cleaning up request 4 ID 47 with timestamp +26 Cleaning up request 5 ID 48 with timestamp +26 Cleaning up request 6 ID 49 with timestamp +26 Cleaning up request 7 ID 50 with timestamp +26 Cleaning up request 8 ID 51 with timestamp +26 Cleaning up request 9 ID 52 with timestamp +26 Cleaning up request 10 ID 53 with timestamp +26 Cleaning up request 11 ID 54 with timestamp +26 Cleaning up request 12 ID 55 with timestamp +26 Ready to process requests.