<html><head><meta http-equiv='Content-Type' content='text/html; charset=UTF-8'></head><body><div style="FONT-FAMILY: Arial; COLOR: #000000; FONT-SIZE: 12px"><P>Hello,<BR> <BR>I am trying to authenticate using Freeradius different types of clients that include associates <BR>(or employees), guest users, devices like printers and VOIP phones as well as mobile devices. <BR>I have created a relocatable module (in C - my_module_auth) that parses the 802.1x string and looks up<BR>in a database to determine what type user has sent this request. Note this module is not <BR>thread-safe and I have built it with the "thread unsafe" flag. I am using a few global <BR>variables which are protected by a mutex.</P><DIV> </DIV><P>How is it supposed to work:</P><P> If the user is an employee then the authentication is proxied<BR>to the remote radius server that looks up an Active Directory. The client sends an EAP-PEAP <BR>request to the local Radius server which is then proxied to the remote radius server. If the <BR>user is authenticated by the remote Radius server it sends and Access-Accept to the local <BR>radius server. After the local radius server receives the Access-Accept it then looks up a local <BR>database for the VLAN and appends the correct VLAN to the Access-Accept and sends it to the NAS. <BR>The local radius server meanwhile is supposed to store the username/MAC and the time of authentication <BR>in a local database. This information is used to authenticate an employee locally if somehow the <BR>remote Radius server is offline or unreachable. For all other users, the authentication is done <BR>by the local radius server.</P><DIV> </DIV><P>Note that I have no control of the remote Radius server (attached to the Active Directory) but <BR>I do have control of the setup local Radius server. I also do not have control over associate PCs<BR>and the EAP protocol (here PEAP) that it uses for authentication.</P><DIV> </DIV><P>The current setup:</P><P>All works fine for the good cases, i.e. when the remote Radius server is available. For the case <BR>of the remote Radius server down, I have set it up to reject the incoming request once the <BR>Freeradius detects that the remote Radius (or proxy) server is down. So if the remote <BR>Radius server is down or not online the local Radius server would then try to send the request <BR>to the remote server a few times and declares it dead if no response if received within a <BR>certain period of time. It then sends a reject back to the client. </P><DIV> </DIV><P>In order to authenticate the client in my relocatable module, instead of sending the reject <BR>back to the client I force a challenge by returning RLM_MODULE_UPDATED. If, instead of challenge, <BR>I had looked up the local cache and sent an accept back to the client the switch or NAS would not <BR>open the port since it assumes that the other side is spoofed. Note this is the supposed behavior for <BR>EAP-PEAP (I assume). Hence I have to force a challenge to be sent to the client to send another <BR>Access-Request for which then I send an Access-Accept. </P><DIV> </DIV><P>The problems with the above approach are that sometimes the switch would open up the port and <BR>sometimes it doesn’t. Also, sometimes we see the local Radius server in the gateway gets into an <BR>unknown state, e.g. we force a challenge when the Radius server thinks it should be a reject. In <BR>other words, this method is unreliable.</P><DIV> </DIV><P>In order not to make the Radius server go into an unknown state and the NAS to believe that the <BR>Radius side is not spoofed, the remote radius failure scenario is implemented (currently) as follows. <BR>In this case I am not forcing a challenge to be sent to the client - instead I have configured the <BR>switch to send a MAC authentication request to the local Radius server instead of an EAP-PEAP request. <BR>A MAC request does not need to go through the full challenge-response cycle and hence an <BR>Access-Accept response can be sent immediately.</P><DIV> </DIV><P>With a Cisco switch this sometimes works but the entire process of authentication may take somewhere <BR>between 60 - 90 seconds. As a result the client PC may have timed out with the DHCP request. The <BR>client can get an IP address when the DHCP lease is renewed manually or waits for the next <BR>round of DHCP requests which could take as much as 5 minutes to get a DHCP request.</P><P>Unlike the Cisco NAS where 802.1x authentication is tried first and if that fails then <BR>MAC authentication is attempted, the HP switches sends the 802.1x and MAC authentication requests <BR>intermixed with no particular order. Also, we see that in HP switches the entire traffic may <BR>stop because a reject is sent to the switch.</P><DIV> </DIV><P>The questions I want to ask are as follows:</P><DIV> </DIV><P>1. Is this the right method to perform this operation or there could be a simpler way to do this, <BR>i.e. authenticate the request using backup cache or database when remote Radius server is down?</P><DIV> </DIV><P>2. Is there a way to know (by ping or other methods) if the remote radius server is down so <BR>that I can perform the local authentication right away when the 802.1x request is received <BR>instead of proxying the request a few times and then determining that the remote proxy Radius server <BR>is not alive or not available? </P><DIV> </DIV><P>3. If somehow I determine that the remote Radius server is unavailable and I get a 802.1x request <BR>(EAP-PEAP) can I verify the authenticity of the request using the local cache and send an <BR>Access-Accept somehow tricking the NAS to open the port? </P><DIV> </DIV><P>4. Is it possible to reduce the time for e.g. "Waking up in 119.8 seconds"?</P><DIV> </DIV><P>Note, I have tried different settings in the proxy.conf but did not get satisfactiry results.<BR> <BR>Any help will be greatly appreciated.</P><P>Thanks,</P><P>Jyoti.</P><P><BR>Here's the log:</P><P><BR>FreeRADIUS Version 2.1.9, for host i686-pc-linux-gnu, built on Aug 26 2010 at 00:17:16<BR>Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. <BR>There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A <BR>PARTICULAR PURPOSE. <BR>You may redistribute copies of FreeRADIUS under the terms of the <BR>GNU General Public License v2. <BR>Starting - reading configuration files ...<BR>including configuration file ./radiusd.conf<BR>including configuration file ./proxy.conf<BR>including configuration file ./proxy_realm.conf<BR>including configuration file ./clients.conf<BR>including files in directory ./modules/<BR>including configuration file ./modules/always<BR>including configuration file ./modules/expr<BR>including configuration file ./modules/example<BR>including configuration file ./modules/echo<BR>including configuration file ./modules/mac2vlan<BR>including configuration file ./modules/sradutmp<BR>including configuration file ./modules/wimax<BR>including configuration file ./modules/cui<BR>including configuration file ./modules/counter<BR>including configuration file ./modules/ldap<BR>including configuration file ./modules/smsotp<BR>including configuration file ./modules/attr_filter<BR>including configuration file ./modules/checkval<BR>including configuration file ./modules/ntlm_auth<BR>including configuration file ./modules/krb5<BR>including configuration file ./modules/mac2ip<BR>including configuration file ./modules/smbpasswd<BR>including configuration file ./modules/otp<BR>including configuration file ./modules/realm<BR>including configuration file ./modules/passwd<BR>including configuration file ./modules/attr_rewrite<BR>including configuration file ./modules/etc_group<BR>including configuration file ./modules/files<BR>including configuration file ./modules/sql_log<BR>including configuration file ./modules/chap<BR>including configuration file ./modules/mschap<BR>including configuration file ./modules/my_module_auth<BR>including configuration file ./modules/radutmp<BR>including configuration file ./modules/linelog<BR>including configuration file ./modules/pam<BR>including configuration file ./modules/detail<BR>including configuration file ./modules/logintime<BR>including configuration file ./modules/pap<BR>including configuration file ./modules/digest<BR>including configuration file ./modules/unix<BR>including configuration file ./modules/ippool<BR>including configuration file ./modules/perl<BR>including configuration file ./modules/detail.example.com<BR>including configuration file ./modules/sqlcounter_expire_on_login<BR>including configuration file ./modules/acct_unique<BR>including configuration file ./modules/expiration<BR>including configuration file ./modules/preprocess<BR>including configuration file ./modules/exec<BR>including configuration file ./modules/inner-eap<BR>including configuration file ./modules/policy<BR>including configuration file ./modules/detail.log<BR>including configuration file ./eap.conf<BR>including configuration file ./sql.conf<BR>including configuration file ./policy.conf<BR>including files in directory ./sites-enabled/<BR>including configuration file ./sites-enabled/control-socket<BR>including configuration file ./sites-enabled/inner-tunnel<BR>including configuration file ./sites-available/default<BR>main {<BR> allow_core_dumps = no<BR>}<BR>including dictionary file ./dictionary<BR>main {<BR> prefix = "/root/freeradius-2.1.9"<BR> localstatedir = "/root/freeradius-2.1.9/var"<BR> logdir = "/var/log/radius"<BR> libdir = "/root/freeradius-2.1.9/lib"<BR> radacctdir = "/var/log/radius/radacct"<BR> hostname_lookups = no<BR> max_request_time = 30<BR> cleanup_delay = 5<BR> max_requests = 1024<BR> pidfile = "/root/freeradius-2.1.9/var/run/radiusd/radiusd.pid"<BR> checkrad = "/root/freeradius-2.1.9/sbin/checkrad"<BR> debug_level = 0<BR> proxy_requests = yes<BR> log {<BR> stripped_names = yes<BR> auth = no<BR> auth_badpass = no<BR> auth_goodpass = no<BR> }<BR> security {<BR> max_attributes = 200<BR> reject_delay = 0<BR> status_server = yes<BR> }<BR>}<BR>radiusd: #### Loading Realms and Home Servers ####<BR> proxy server {<BR> retry_delay = 5<BR> retry_count = 3<BR> default_fallback = no<BR> dead_time = 120<BR> wake_all_if_all_dead = no<BR> }<BR> realm LOCAL {<BR> authhost = LOCAL<BR> accthost = LOCAL<BR> }<BR> realm NULL {<BR> }<BR> realm DEFAULT {<BR> authhost = LOCAL<BR> accthost = LOCAL<BR> }<BR> realm remote_proxy_ad {<BR> authhost = xxx.xxx.158.50:1812<BR> accthost = xxx.xxx.158.50:1813<BR> secret = xxxxxxx<BR> }<BR> realm server2 {<BR> authhost = xxx.xxx.222.172:1812<BR> accthost = xxx.xxx.222.172:1813<BR> secret = Secret<BR> }<BR> home_server localhost {<BR> ipaddr = 127.0.0.1<BR> port = 1812<BR> type = "auth"<BR> secret = "testing123"<BR> response_window = 10<BR> no_response_fail = yes<BR> max_outstanding = 65536<BR> require_message_authenticator = no<BR> zombie_period = 10<BR> status_check = "status-server"<BR> ping_interval = 30<BR> check_interval = 15<BR> num_answers_to_alive = 3<BR> num_pings_to_alive = 3<BR> revive_interval = 300<BR> status_check_timeout = 4<BR> irt = 2<BR> mrt = 16<BR> mrc = 5<BR> mrd = 30<BR> }<BR> home_server_pool my_auth_failover {<BR> type = fail-over<BR> home_server = localhost<BR> }<BR>radiusd: #### Loading Clients ####<BR> client localhost {<BR> ipaddr = 127.0.0.1<BR> require_message_authenticator = no<BR> secret = "xxxxxxx"<BR> shortname = "localhost"<BR> nastype = "other"<BR> }<BR> client xx.xx.35.130 {<BR> require_message_authenticator = no<BR> secret = "xxxxxxx"<BR> shortname = "dot1x"<BR> }<BR> client xx.xx.35.129 {<BR> require_message_authenticator = no<BR> secret = "xxxxxxx"<BR> shortname = "dot1x"<BR> }<BR> client xx.xx.35.140 {<BR> require_message_authenticator = no<BR> secret = "xxxxxxx"<BR> shortname = "wap"<BR> }<BR>radiusd: #### Instantiating modules ####<BR> instantiate {<BR> Module: Linked to module rlm_exec<BR> Module: Instantiating exec<BR> exec {<BR> wait = no<BR> input_pairs = "request"<BR> shell_escape = yes<BR> }<BR> Module: Linked to module rlm_expr<BR> Module: Instantiating expr<BR> Module: Linked to module rlm_sql<BR> Module: Instantiating sql<BR> sql {<BR> driver = "rlm_sql_mysql"<BR> server = "localhost"<BR> port = ""<BR> login = "root"<BR> password = "xxxxxxxxx"<BR> radius_db = "xxxxxxxxx"<BR> read_groups = yes<BR> sqltrace = no<BR> sqltracefile = "/var/log/radius/sqltrace.sql"<BR> readclients = no<BR> deletestalesessions = yes<BR> num_sql_socks = 5<BR> lifetime = 0<BR> max_queries = 0<BR> sql_user_name = "%{User-Name}"<BR> default_user_profile = ""<BR> nas_query = "SELECT id,nasname,shortname,type,secret FROM nas"<BR> connect_failure_retry_delay = 60<BR> simul_count_query = ""<BR> simul_verify_query = ""<BR> postauth_query = ""<BR> safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"<BR> }<BR>rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked<BR>rlm_sql (sql): Attempting to connect to <A href="mailto:root@localhost:/xxxxxxxxx">root@localhost:/xxxxxxxxx</A><BR>rlm_sql (sql): starting 0<BR>rlm_sql (sql): Attempting to connect rlm_sql_mysql #0<BR>rlm_sql_mysql: Starting connect to MySQL server for #0<BR>rlm_sql (sql): Connected new DB handle, #0<BR>rlm_sql (sql): starting 1<BR>rlm_sql (sql): Attempting to connect rlm_sql_mysql #1<BR>rlm_sql_mysql: Starting connect to MySQL server for #1<BR>rlm_sql (sql): Connected new DB handle, #1<BR>rlm_sql (sql): starting 2<BR>rlm_sql (sql): Attempting to connect rlm_sql_mysql #2<BR>rlm_sql_mysql: Starting connect to MySQL server for #2<BR>rlm_sql (sql): Connected new DB handle, #2<BR>rlm_sql (sql): starting 3<BR>rlm_sql (sql): Attempting to connect rlm_sql_mysql #3<BR>rlm_sql_mysql: Starting connect to MySQL server for #3<BR>rlm_sql (sql): Connected new DB handle, #3<BR>rlm_sql (sql): starting 4<BR>rlm_sql (sql): Attempting to connect rlm_sql_mysql #4<BR>rlm_sql_mysql: Starting connect to MySQL server for #4<BR>rlm_sql (sql): Connected new DB handle, #4<BR> Module: Linked to module rlm_my_module_auth<BR> Module: Instantiating my_module_auth<BR>------- MyModule instantiate module: rlm_my_module_auth <BR> my_module_auth {<BR> ad_query = 0<BR> postproxy = 0<BR> nasporttype = 0<BR> nasport = 0<BR> nasipaddr = 0<BR> }<BR>^^^^^^^ Initialized database successfully. <BR> }<BR>radiusd: #### Loading Virtual Servers ####<BR>server inner-tunnel {<BR> modules {<BR> Module: Checking authenticate {...} for more modules to load<BR> Module: Linked to module rlm_pap<BR> Module: Instantiating pap<BR> pap {<BR> encryption_scheme = "auto"<BR> auto_header = no<BR> }<BR> Module: Linked to module rlm_chap<BR> Module: Instantiating chap<BR> Module: Linked to module rlm_mschap<BR> Module: Instantiating mschap<BR> mschap {<BR> use_mppe = yes<BR> require_encryption = no<BR> require_strong = no<BR> with_ntdomain_hack = no<BR> }<BR> Module: Linked to module rlm_unix<BR> Module: Instantiating unix<BR> unix {<BR> radwtmp = "/var/log/radius/radwtmp"<BR> }<BR> Module: Linked to module rlm_eap<BR> Module: Instantiating eap<BR> eap {<BR> default_eap_type = "peap"<BR> timer_expire = 60<BR> ignore_unknown_eap_types = no<BR> cisco_accounting_username_bug = no<BR> max_sessions = 4096<BR> }<BR> Module: Linked to sub-module rlm_eap_md5<BR> Module: Instantiating eap-md5<BR> Module: Linked to sub-module rlm_eap_leap<BR> Module: Instantiating eap-leap<BR> Module: Linked to sub-module rlm_eap_gtc<BR> Module: Instantiating eap-gtc<BR> gtc {<BR> challenge = "Password: "<BR> auth_type = "PAP"<BR> }<BR> Module: Linked to sub-module rlm_eap_tls<BR> Module: Instantiating eap-tls<BR> tls {<BR> rsa_key_exchange = no<BR> dh_key_exchange = yes<BR> rsa_key_length = 512<BR> dh_key_length = 512<BR> verify_depth = 0<BR> pem_file_type = yes<BR> private_key_file = "/root/freeradius-2.1.9/etc/raddb/certs/server.key"<BR> certificate_file = "/root/freeradius-2.1.9/etc/raddb/certs/server.pem"<BR> CA_file = "/root/freeradius-2.1.9/etc/raddb/certs/ca.pem"<BR> private_key_password = "xxxxxx"<BR> dh_file = "/root/freeradius-2.1.9/etc/raddb/certs/dh"<BR> random_file = "/root/freeradius-2.1.9/etc/raddb/certs/.random"<BR> fragment_size = 1024<BR> include_length = yes<BR> check_crl = no<BR> cache {<BR> enable = no<BR> lifetime = 24<BR> max_entries = 255<BR> }<BR> }<BR> Module: Linked to sub-module rlm_eap_ttls<BR> Module: Instantiating eap-ttls<BR> ttls {<BR> default_eap_type = "md5"<BR> copy_request_to_tunnel = no<BR> use_tunneled_reply = no<BR> virtual_server = "inner-tunnel"<BR> include_length = yes<BR> }<BR> Module: Linked to sub-module rlm_eap_peap<BR> Module: Instantiating eap-peap<BR> peap {<BR> default_eap_type = "mschapv2"<BR> copy_request_to_tunnel = no<BR> use_tunneled_reply = no<BR> proxy_tunneled_request_as_eap = yes<BR> virtual_server = "inner-tunnel"<BR> }<BR> Module: Linked to sub-module rlm_eap_mschapv2<BR> Module: Instantiating eap-mschapv2<BR> mschapv2 {<BR> with_ntdomain_hack = no<BR> }<BR> Module: Checking authorize {...} for more modules to load<BR> Module: Linked to module rlm_realm<BR> Module: Instantiating suffix<BR> realm suffix {<BR> format = "suffix"<BR> delimiter = "@"<BR> ignore_default = no<BR> ignore_null = no<BR> }<BR> Module: Linked to module rlm_files<BR> Module: Instantiating files<BR> files {<BR> usersfile = "./users"<BR> acctusersfile = "./acct_users"<BR> preproxy_usersfile = "./preproxy_users"<BR> compat = "no"<BR> }<BR> Module: Linked to module rlm_expiration<BR> Module: Instantiating expiration<BR> expiration {<BR> reply-message = "Password Has Expired "<BR> }<BR> Module: Linked to module rlm_logintime<BR> Module: Instantiating logintime<BR> logintime {<BR> reply-message = "You are calling outside your allowed timespan "<BR> minimum-timeout = 60<BR> }<BR> Module: Checking session {...} for more modules to load<BR> Module: Linked to module rlm_radutmp<BR> Module: Instantiating radutmp<BR> radutmp {<BR> filename = "/var/log/radius/radutmp"<BR> username = "%{User-Name}"<BR> case_sensitive = yes<BR> check_with_nas = yes<BR> perm = 384<BR> callerid = yes<BR> }<BR> Module: Checking post-proxy {...} for more modules to load<BR> Module: Checking post-auth {...} for more modules to load<BR> Module: Linked to module rlm_attr_filter<BR> Module: Instantiating attr_filter.access_reject<BR> attr_filter attr_filter.access_reject {<BR> attrsfile = "./attrs.access_reject"<BR> key = "%{User-Name}"<BR> }<BR> } # modules<BR>} # server<BR>server {<BR> modules {<BR> Module: Checking authenticate {...} for more modules to load<BR> Module: Checking authorize {...} for more modules to load<BR> Module: Linked to module rlm_preprocess<BR> Module: Instantiating preprocess<BR> preprocess {<BR> huntgroups = "./huntgroups"<BR> hints = "./hints"<BR> with_ascend_hack = no<BR> ascend_channels_per_line = 23<BR> with_ntdomain_hack = no<BR> with_specialix_jetstream_hack = no<BR> with_cisco_vsa_hack = no<BR> with_alvarion_vsa_hack = no<BR> }<BR> Module: Linked to module rlm_detail<BR> Module: Instantiating auth_log<BR> detail auth_log {<BR> detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"<BR> header = "%t"<BR> detailperm = 384<BR> dirperm = 493<BR> locking = no<BR> log_packet_header = no<BR> }<BR> Module: Checking preacct {...} for more modules to load<BR> Module: Linked to module rlm_acct_unique<BR> Module: Instantiating acct_unique<BR> acct_unique {<BR> key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"<BR> }<BR> Module: Checking accounting {...} for more modules to load<BR> Module: Linked to module rlm_sql_log<BR> Module: Instantiating sql_log<BR> sql_log {<BR> path = "/var/log/radius/radacct/sql-relay"<BR> Post-Auth = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', '%S');"<BR> sql_user_name = "%{%{User-Name}:-DEFAULT}"<BR> utf8 = no<BR> safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"<BR> }<BR> Module: Checking session {...} for more modules to load<BR> Module: Checking pre-proxy {...} for more modules to load<BR> Module: Checking post-proxy {...} for more modules to load<BR> Module: Checking post-auth {...} for more modules to load<BR> } # modules<BR>} # server<BR>radiusd: #### Opening IP addresses and Ports ####<BR>listen {<BR> type = "auth"<BR> ipaddr = *<BR> port = 0<BR>}<BR>listen {<BR> type = "acct"<BR> ipaddr = *<BR> port = 0<BR>}<BR>listen {<BR> type = "control"<BR> listen {<BR> socket = "/root/freeradius-2.1.9/var/run/radiusd/radiusd.sock"<BR> }<BR>}<BR>Listening on authentication address * port 1812<BR>Listening on accounting address * port 1813<BR>Listening on command file /root/freeradius-2.1.9/var/run/radiusd/radiusd.sock<BR>Listening on proxy address * port 1814<BR>Ready to process requests.<BR>rad_recv: Access-Request packet from host xx.xx.35.130 port 1812, id=76, length=379<BR> Framed-MTU = 1480<BR> NAS-IP-Address = xx.xx.35.130<BR> NAS-Identifier = "HP-SwitchSW02-02"<BR> User-Name = "host/LAB_LTOP2.XXXXXX.com"<BR> Service-Type = Framed-User<BR> Framed-Protocol = PPP<BR> NAS-Port = 3<BR> NAS-Port-Type = Ethernet<BR> NAS-Port-Id = "3"<BR> Called-Station-Id = "xx-xx-34-d1-16-40"<BR> Calling-Station-Id = "xx-xx-38-08-f9-7f"<BR> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "1016"<BR> EAP-Message = 0x0201002301686f73742f53494d535f4c41425f4c544f50322e53505343534e2e636f6d<BR> Message-Authenticator = 0xa4ca1529d5920f12adb1f9787d05b0b9<BR> MS-RAS-Vendor = 11<BR> HP-Capability-Advert = 0x011a0000000b28<BR> HP-Capability-Advert = 0x011a0000000b2e<BR> HP-Capability-Advert = 0x011a0000000b30<BR> HP-Capability-Advert = 0x011a0000000b3d<BR> HP-Capability-Advert = 0x0138<BR> HP-Capability-Advert = 0x013a<BR> HP-Capability-Advert = 0x0140<BR> HP-Capability-Advert = 0x0141<BR> HP-Capability-Advert = 0x0151<BR>+- entering group authorize {...}<BR>++[preprocess] returns ok<BR>[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/xx.xx.35.130/auth-detail-20110604<BR>[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/xx.xx.35.130/auth-detail-20110604<BR>[auth_log] expand: %t -> Sat Jun 4 18:50:57 2011<BR>++[auth_log] returns ok<BR>++[chap] returns noop<BR>++[mschap] returns noop<BR>[sql] expand: %{User-Name} -> host/LAB_LTOP2.XXXXXX.com<BR>[sql] sql_set_user escaped user --> 'host/LAB_LTOP2.XXXXXX.com'<BR>rlm_sql (sql): Reserving sql socket id: 4<BR>[sql] expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'host/LAB_LTOP2.XXXXXX.com' ORDER BY id<BR>[sql] expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' -> SELECT GroupName FROM radusergroup WHERE UserName='host/LAB_LTOP2.XXXXXX.com'<BR>rlm_sql (sql): Released sql socket id: 4<BR>[sql] User host/LAB_LTOP2.XXXXXX.com not found<BR>++[sql] returns notfound<BR>[eap] EAP packet type response id 1 length 35<BR>[eap] No EAP Start, assuming it's an on-going EAP conversation<BR>++[eap] returns updated<BR>[files] users: Matched entry DEFAULT at line 172<BR>++[files] returns ok<BR>++[expiration] returns noop<BR>++[logintime] returns noop<BR>------- MyModule authorization module: rlm_my_module_authorize. <BR>------- MyModule authorization module: proxy_server_alive = 0 <BR>------- MyModule authorization module: proxy_sent_count = 0 <BR>------- MyModule authorization module: proxy_server_timeout = 0 <BR>------- Did not find state attribute. Proceed with normal handling. <BR>------- Mac address specified in this packet xx:xx:38:08:F9:7F <BR>------- NAS Port Type specified in this packet 15 <BR>------- NAS Port specified in this packet 3 <BR>------- NAS Port IP address specified in this packet 172434306 <BR>------- NAS Port ID specified in this packet 3 <BR>------- eap_header->code 2, eap_header->id 1, eap packet length 35, offset_to_data 5 <BR>------- EAP Identity received host/LAB_LTOP2.XXXXXX.com <BR>------- Username/device name in incoming Radius packet host/LAB_LTOP2.XXXXXX.com. <BR>[my_module_auth] ProxyRealmAuthorize: Preparing to proxy authentication request to realm "remote_proxy_ad" <BR>[my_module_auth] ---------- Username received host/LAB_LTOP2.XXXXXX.com<BR>[my_module_auth] ---------- Realmname is remote_proxy_ad<BR>[my_module_auth] ---------- Found realm "remote_proxy_ad"<BR>[my_module_auth] Adding Realm = "remote_proxy_ad"<BR>[my_module_auth] ---------- Proxying request from user host/LAB_LTOP2.XXXXXX.com to realm remote_proxy_ad<BR>[my_module_auth] Preparing to proxy authentication request to realm "remote_proxy_ad" <BR>++[my_module_auth] returns updated<BR>+- entering group pre-proxy {...}<BR>++[files] returns noop<BR>------- MyModule pre-proxy module: my_module_auth_preproxy <BR>++[my_module_auth] returns ok<BR>Sending Access-Request of id 21 to xxx.xxx.158.50 port 1812<BR> Framed-MTU = 1480<BR> NAS-IP-Address = xx.xx.35.130<BR> NAS-Identifier = "HP-SwitchSW02-02"<BR> User-Name = "host/LAB_LTOP2.XXXXXX.com"<BR> Service-Type = Framed-User<BR> Framed-Protocol = PPP<BR> NAS-Port = 3<BR> NAS-Port-Type = Ethernet<BR> NAS-Port-Id = "3"<BR> Called-Station-Id = "xx-xx-34-d1-16-40"<BR> Calling-Station-Id = "xx-xx-38-08-f9-7f"<BR> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "1016"<BR> EAP-Message = 0x0201002301686f73742f53494d535f4c41425f4c544f50322e53505343534e2e636f6d<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> MS-RAS-Vendor = 11<BR> HP-Capability-Advert = 0x011a0000000b28<BR> HP-Capability-Advert = 0x011a0000000b2e<BR> HP-Capability-Advert = 0x011a0000000b30<BR> HP-Capability-Advert = 0x011a0000000b3d<BR> HP-Capability-Advert = 0x0138<BR> HP-Capability-Advert = 0x013a<BR> HP-Capability-Advert = 0x0140<BR> HP-Capability-Advert = 0x0141<BR> HP-Capability-Advert = 0x0151<BR> Proxy-State = 0x3736<BR>Proxying request 0 to home server xxx.xxx.158.50 port 1812<BR>Sending Access-Request of id 21 to xxx.xxx.158.50 port 1812<BR> Framed-MTU = 1480<BR> NAS-IP-Address = xx.xx.35.130<BR> NAS-Identifier = "HP-SwitchSW02-02"<BR> User-Name = "host/LAB_LTOP2.XXXXXX.com"<BR> Service-Type = Framed-User<BR> Framed-Protocol = PPP<BR> NAS-Port = 3<BR> NAS-Port-Type = Ethernet<BR> NAS-Port-Id = "3"<BR> Called-Station-Id = "xx-xx-34-d1-16-40"<BR> Calling-Station-Id = "xx-xx-38-08-f9-7f"<BR> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "1016"<BR> EAP-Message = 0x0201002301686f73742f53494d535f4c41425f4c544f50322e53505343534e2e636f6d<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> MS-RAS-Vendor = 11<BR> HP-Capability-Advert = 0x011a0000000b28<BR> HP-Capability-Advert = 0x011a0000000b2e<BR> HP-Capability-Advert = 0x011a0000000b30<BR> HP-Capability-Advert = 0x011a0000000b3d<BR> HP-Capability-Advert = 0x0138<BR> HP-Capability-Advert = 0x013a<BR> HP-Capability-Advert = 0x0140<BR> HP-Capability-Advert = 0x0141<BR> HP-Capability-Advert = 0x0151<BR> Proxy-State = 0x3736<BR>Going to the next request<BR>Waking up in 0.9 seconds.<BR>rad_recv: Access-Request packet from host xx.xx.35.130 port 1812, id=77, length=343<BR> Framed-MTU = 3038<BR> NAS-IP-Address = xx.xx.35.130<BR> NAS-Identifier = "HP-SwitchSW02-02"<BR> User-Name = "xxxx3808f97f"<BR> Service-Type = Call-Check<BR> Framed-Protocol = PPP<BR> NAS-Port = 3<BR> NAS-Port-Type = Ethernet<BR> NAS-Port-Id = "3"<BR> Called-Station-Id = "xx-xx-34-d1-16-7d"<BR> Calling-Station-Id = "xx-xx-38-08-f9-7f"<BR> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "1016"<BR> EAP-Message = 0x0200001101303031623338303866393766<BR> Message-Authenticator = 0x2084d40026c95d354054c4cbbf4797b5<BR> MS-RAS-Vendor = 11<BR> HP-Capability-Advert = 0x011a0000000b28<BR> HP-Capability-Advert = 0x011a0000000b2e<BR> HP-Capability-Advert = 0x011a0000000b30<BR> HP-Capability-Advert = 0x011a0000000b3d<BR> HP-Capability-Advert = 0x0138<BR> HP-Capability-Advert = 0x013a<BR> HP-Capability-Advert = 0x0140<BR> HP-Capability-Advert = 0x0141<BR> HP-Capability-Advert = 0x0151<BR>+- entering group authorize {...}<BR>++[preprocess] returns ok<BR>[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/xx.xx.35.130/auth-detail-20110604<BR>[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/xx.xx.35.130/auth-detail-20110604<BR>[auth_log] expand: %t -> Sat Jun 4 18:50:57 2011<BR>++[auth_log] returns ok<BR>++[chap] returns noop<BR>++[mschap] returns noop<BR>[sql] expand: %{User-Name} -> xxxx3808f97f<BR>[sql] sql_set_user escaped user --> 'xxxx3808f97f'<BR>rlm_sql (sql): Reserving sql socket id: 3<BR>[sql] expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'xxxx3808f97f' ORDER BY id<BR>[sql] expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' -> SELECT GroupName FROM radusergroup WHERE UserName='xxxx3808f97f'<BR>rlm_sql (sql): Released sql socket id: 3<BR>[sql] User xxxx3808f97f not found<BR>++[sql] returns notfound<BR>[eap] EAP packet type response id 0 length 17<BR>[eap] No EAP Start, assuming it's an on-going EAP conversation<BR>++[eap] returns updated<BR>[files] users: Matched entry DEFAULT at line 172<BR>++[files] returns ok<BR>++[expiration] returns noop<BR>++[logintime] returns noop<BR>------- MyModule authorization module: rlm_my_module_authorize. <BR>------- MyModule authorization module: proxy_server_alive = 0 <BR>------- MyModule authorization module: proxy_sent_count = 1 <BR>------- MyModule authorization module: proxy_server_timeout = 0 <BR>------- Did not find state attribute. Proceed with normal handling. <BR>------- Mac address specified in this packet xx:xx:38:08:F9:7F <BR>------- NAS Port Type specified in this packet 15 <BR>------- NAS Port specified in this packet 3 <BR>------- NAS Port IP address specified in this packet 172434306 <BR>------- NAS Port ID specified in this packet 3 <BR>------- eap_header->code 2, eap_header->id 0, eap packet length 17, offset_to_data 5 <BR>------- EAP Identity received xxxx3808f97f <BR>------- Username/device name in incoming Radius packet xxxx3808f97f. <BR>++[my_module_auth] returns fail<BR>Using Post-Auth-Type Reject<BR>+- entering group REJECT {...}<BR>------- MyModule post-authentication module: my_module_auth_postauth <BR>++[my_module_auth] returns fail<BR>Sending Access-Reject of id 77 to xx.xx.35.130 port 1812<BR> Framed-Protocol = PPP<BR> Framed-Compression = Van-Jacobson-TCP-IP<BR>Finished request 1.<BR>Going to the next request<BR>Waking up in 0.9 seconds.<BR>Waking up in 4.0 seconds.<BR>rad_recv: Access-Request packet from host xx.xx.35.130 port 1812, id=76, length=379<BR>Sending duplicate proxied request to home server xxx.xxx.158.50 port 1812 - ID: 21<BR>Sending Access-Request of id 21 to xxx.xxx.158.50 port 1812<BR> Framed-MTU = 1480<BR> NAS-IP-Address = xx.xx.35.130<BR> NAS-Identifier = "HP-SwitchSW02-02"<BR> User-Name = "host/LAB_LTOP2.XXXXXX.com"<BR> Service-Type = Framed-User<BR> Framed-Protocol = PPP<BR> NAS-Port = 3<BR> NAS-Port-Type = Ethernet<BR> NAS-Port-Id = "3"<BR> Called-Station-Id = "xx-xx-34-d1-16-40"<BR> Calling-Station-Id = "xx-xx-38-08-f9-7f"<BR> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "1016"<BR> EAP-Message = 0x0201002301686f73742f53494d535f4c41425f4c544f50322e53505343534e2e636f6d<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> MS-RAS-Vendor = 11<BR> HP-Capability-Advert = 0x011a0000000b28<BR> HP-Capability-Advert = 0x011a0000000b2e<BR> HP-Capability-Advert = 0x011a0000000b30<BR> HP-Capability-Advert = 0x011a0000000b3d<BR> HP-Capability-Advert = 0x0138<BR> HP-Capability-Advert = 0x013a<BR> HP-Capability-Advert = 0x0140<BR> HP-Capability-Advert = 0x0141<BR> HP-Capability-Advert = 0x0151<BR> Proxy-State = 0x3736<BR>Cleaning up request 1 ID 77 with timestamp +9<BR>Waking up in 8.9 seconds.<BR>rad_recv: Access-Request packet from host xx.xx.35.130 port 1812, id=76, length=379<BR>Sending duplicate proxied request to home server xxx.xxx.158.50 port 1812 - ID: 21<BR>Sending Access-Request of id 21 to xxx.xxx.158.50 port 1812<BR> Framed-MTU = 1480<BR> NAS-IP-Address = xx.xx.35.130<BR> NAS-Identifier = "HP-SwitchSW02-02"<BR> User-Name = "host/LAB_LTOP2.XXXXXX.com"<BR> Service-Type = Framed-User<BR> Framed-Protocol = PPP<BR> NAS-Port = 3<BR> NAS-Port-Type = Ethernet<BR> NAS-Port-Id = "3"<BR> Called-Station-Id = "xx-xx-34-d1-16-40"<BR> Calling-Station-Id = "xx-xx-38-08-f9-7f"<BR> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "1016"<BR> EAP-Message = 0x0201002301686f73742f53494d535f4c41425f4c544f50322e53505343534e2e636f6d<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> MS-RAS-Vendor = 11<BR> HP-Capability-Advert = 0x011a0000000b28<BR> HP-Capability-Advert = 0x011a0000000b2e<BR> HP-Capability-Advert = 0x011a0000000b30<BR> HP-Capability-Advert = 0x011a0000000b3d<BR> HP-Capability-Advert = 0x0138<BR> HP-Capability-Advert = 0x013a<BR> HP-Capability-Advert = 0x0140<BR> HP-Capability-Advert = 0x0141<BR> HP-Capability-Advert = 0x0151<BR> Proxy-State = 0x3736<BR>Waking up in 4.0 seconds.<BR>Marking home server xxx.xxx.158.50 port 1812 as zombie (it looks like it is dead).<BR>Waking up in 1.4 seconds.<BR>rad_recv: Access-Request packet from host xx.xx.35.130 port 1812, id=76, length=379<BR>Discarding duplicate request from client dot1x port 1812 - ID: 76 due to unfinished request 0<BR>Waking up in 0.5 seconds.<BR>Waking up in 2.2 seconds.<BR>Waking up in 3.3 seconds.<BR>Waking up in 5.0 seconds.<BR>rad_recv: Access-Request packet from host xx.xx.35.130 port 1812, id=78, length=379<BR> Framed-MTU = 1480<BR> NAS-IP-Address = xx.xx.35.130<BR> NAS-Identifier = "HP-SwitchSW02-02"<BR> User-Name = "host/LAB_LTOP2.XXXXXX.com"<BR> Service-Type = Framed-User<BR> Framed-Protocol = PPP<BR> NAS-Port = 3<BR> NAS-Port-Type = Ethernet<BR> NAS-Port-Id = "3"<BR> Called-Station-Id = "xx-xx-34-d1-16-40"<BR> Calling-Station-Id = "xx-xx-38-08-f9-7f"<BR> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "1050"<BR> EAP-Message = 0x0205002301686f73742f53494d535f4c41425f4c544f50322e53505343534e2e636f6d<BR> Message-Authenticator = 0x93732e302ef448c5537bf1f603f41ce6<BR> MS-RAS-Vendor = 11<BR> HP-Capability-Advert = 0x011a0000000b28<BR> HP-Capability-Advert = 0x011a0000000b2e<BR> HP-Capability-Advert = 0x011a0000000b30<BR> HP-Capability-Advert = 0x011a0000000b3d<BR> HP-Capability-Advert = 0x0138<BR> HP-Capability-Advert = 0x013a<BR> HP-Capability-Advert = 0x0140<BR> HP-Capability-Advert = 0x0141<BR> HP-Capability-Advert = 0x0151<BR>+- entering group authorize {...}<BR>++[preprocess] returns ok<BR>[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/xx.xx.35.130/auth-detail-20110604<BR>[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/xx.xx.35.130/auth-detail-20110604<BR>[auth_log] expand: %t -> Sat Jun 4 18:51:20 2011<BR>++[auth_log] returns ok<BR>++[chap] returns noop<BR>++[mschap] returns noop<BR>[sql] expand: %{User-Name} -> host/LAB_LTOP2.XXXXXX.com<BR>[sql] sql_set_user escaped user --> 'host/LAB_LTOP2.XXXXXX.com'<BR>rlm_sql (sql): Reserving sql socket id: 2<BR>[sql] expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'host/LAB_LTOP2.XXXXXX.com' ORDER BY id<BR>[sql] expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' -> SELECT GroupName FROM radusergroup WHERE UserName='host/LAB_LTOP2.XXXXXX.com'<BR>rlm_sql (sql): Released sql socket id: 2<BR>[sql] User host/LAB_LTOP2.XXXXXX.com not found<BR>++[sql] returns notfound<BR>[eap] EAP packet type response id 5 length 35<BR>[eap] No EAP Start, assuming it's an on-going EAP conversation<BR>++[eap] returns updated<BR>[files] users: Matched entry DEFAULT at line 172<BR>++[files] returns ok<BR>++[expiration] returns noop<BR>++[logintime] returns noop<BR>------- MyModule authorization module: rlm_my_module_authorize. <BR>------- MyModule authorization module: proxy_server_alive = 0 <BR>------- MyModule authorization module: proxy_sent_count = 1 <BR>------- MyModule authorization module: proxy_server_timeout = 0 <BR>------- Did not find state attribute. Proceed with normal handling. <BR>------- Mac address specified in this packet xx:xx:38:08:F9:7F <BR>------- NAS Port Type specified in this packet 15 <BR>------- NAS Port specified in this packet 3 <BR>------- NAS Port IP address specified in this packet 172434306 <BR>------- NAS Port ID specified in this packet 3 <BR>------- eap_header->code 2, eap_header->id 5, eap packet length 35, offset_to_data 5 <BR>------- EAP Identity received host/LAB_LTOP2.XXXXXX.com <BR>------- Username/device name in incoming Radius packet host/LAB_LTOP2.XXXXXX.com. <BR>[my_module_auth] ProxyRealmAuthorize: Preparing to proxy authentication request to realm "remote_proxy_ad" <BR>[my_module_auth] ---------- Username received host/LAB_LTOP2.XXXXXX.com<BR>[my_module_auth] ---------- Realmname is remote_proxy_ad<BR>[my_module_auth] ---------- Found realm "remote_proxy_ad"<BR>[my_module_auth] Adding Realm = "remote_proxy_ad"<BR>[my_module_auth] ---------- Proxying request from user host/LAB_LTOP2.XXXXXX.com to realm remote_proxy_ad<BR>[my_module_auth] Preparing to proxy authentication request to realm "remote_proxy_ad" <BR>++[my_module_auth] returns updated<BR>+- entering group pre-proxy {...}<BR>++[files] returns noop<BR>------- MyModule pre-proxy module: my_module_auth_preproxy <BR>++[my_module_auth] returns ok<BR>Sending Access-Request of id 146 to xxx.xxx.158.50 port 1812<BR> Framed-MTU = 1480<BR> NAS-IP-Address = xx.xx.35.130<BR> NAS-Identifier = "HP-SwitchSW02-02"<BR> User-Name = "host/LAB_LTOP2.XXXXXX.com"<BR> Service-Type = Framed-User<BR> Framed-Protocol = PPP<BR> NAS-Port = 3<BR> NAS-Port-Type = Ethernet<BR> NAS-Port-Id = "3"<BR> Called-Station-Id = "xx-xx-34-d1-16-40"<BR> Calling-Station-Id = "xx-xx-38-08-f9-7f"<BR> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "1050"<BR> EAP-Message = 0x0205002301686f73742f53494d535f4c41425f4c544f50322e53505343534e2e636f6d<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> MS-RAS-Vendor = 11<BR> HP-Capability-Advert = 0x011a0000000b28<BR> HP-Capability-Advert = 0x011a0000000b2e<BR> HP-Capability-Advert = 0x011a0000000b30<BR> HP-Capability-Advert = 0x011a0000000b3d<BR> HP-Capability-Advert = 0x0138<BR> HP-Capability-Advert = 0x013a<BR> HP-Capability-Advert = 0x0140<BR> HP-Capability-Advert = 0x0141<BR> HP-Capability-Advert = 0x0151<BR> Proxy-State = 0x3738<BR>Proxying request 2 to home server xxx.xxx.158.50 port 1812<BR>Sending Access-Request of id 146 to xxx.xxx.158.50 port 1812<BR> Framed-MTU = 1480<BR> NAS-IP-Address = xx.xx.35.130<BR> NAS-Identifier = "HP-SwitchSW02-02"<BR> User-Name = "host/LAB_LTOP2.XXXXXX.com"<BR> Service-Type = Framed-User<BR> Framed-Protocol = PPP<BR> NAS-Port = 3<BR> NAS-Port-Type = Ethernet<BR> NAS-Port-Id = "3"<BR> Called-Station-Id = "xx-xx-34-d1-16-40"<BR> Calling-Station-Id = "xx-xx-38-08-f9-7f"<BR> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "1050"<BR> EAP-Message = 0x0205002301686f73742f53494d535f4c41425f4c544f50322e53505343534e2e636f6d<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> MS-RAS-Vendor = 11<BR> HP-Capability-Advert = 0x011a0000000b28<BR> HP-Capability-Advert = 0x011a0000000b2e<BR> HP-Capability-Advert = 0x011a0000000b30<BR> HP-Capability-Advert = 0x011a0000000b3d<BR> HP-Capability-Advert = 0x0138<BR> HP-Capability-Advert = 0x013a<BR> HP-Capability-Advert = 0x0140<BR> HP-Capability-Advert = 0x0141<BR> HP-Capability-Advert = 0x0151<BR> Proxy-State = 0x3738<BR>Going to the next request<BR>Waking up in 0.9 seconds.<BR>Waking up in 2.1 seconds.<BR>Waking up in 7.5 seconds.<BR>rad_recv: Access-Request packet from host xx.xx.35.130 port 1812, id=78, length=379<BR>Sending duplicate proxied request to home server xxx.xxx.158.50 port 1812 - ID: 146<BR>Sending Access-Request of id 146 to xxx.xxx.158.50 port 1812<BR> Framed-MTU = 1480<BR> NAS-IP-Address = xx.xx.35.130<BR> NAS-Identifier = "HP-SwitchSW02-02"<BR> User-Name = "host/LAB_LTOP2.XXXXXX.com"<BR> Service-Type = Framed-User<BR> Framed-Protocol = PPP<BR> NAS-Port = 3<BR> NAS-Port-Type = Ethernet<BR> NAS-Port-Id = "3"<BR> Called-Station-Id = "xx-xx-34-d1-16-40"<BR> Calling-Station-Id = "xx-xx-38-08-f9-7f"<BR> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "1050"<BR> EAP-Message = 0x0205002301686f73742f53494d535f4c41425f4c544f50322e53505343534e2e636f6d<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> MS-RAS-Vendor = 11<BR> HP-Capability-Advert = 0x011a0000000b28<BR> HP-Capability-Advert = 0x011a0000000b2e<BR> HP-Capability-Advert = 0x011a0000000b30<BR> HP-Capability-Advert = 0x011a0000000b3d<BR> HP-Capability-Advert = 0x0138<BR> HP-Capability-Advert = 0x013a<BR> HP-Capability-Advert = 0x0140<BR> HP-Capability-Advert = 0x0141<BR> HP-Capability-Advert = 0x0151<BR> Proxy-State = 0x3738<BR>Waking up in 5.7 seconds.<BR>rad_recv: Access-Request packet from host xx.xx.35.130 port 1812, id=78, length=379<BR>Marking home server xxx.xxx.158.50 port 1812 as dead.<BR>Failed to find live home server for request 2<BR> Found Post-Proxy-Type <BR>+- entering group Fail {...}<BR>------- MyModule post-proxy module: my_module_auth_postproxy host/LAB_LTOP2.XXXXXX.com <BR>++[my_module_auth] returns ok<BR>ERROR: Failed to find live home server for realm remote_proxy_ad<BR> Found Post-Proxy-Type <BR>+- entering group Fail {...}<BR>------- MyModule post-proxy module: my_module_auth_postproxy host/LAB_LTOP2.XXXXXX.com <BR>++[my_module_auth] returns ok<BR>There was no response configured: rejecting request 2<BR>Using Post-Auth-Type Reject<BR>+- entering group REJECT {...}<BR>------- MyModule post-authentication module: my_module_auth_postauth <BR>++[my_module_auth] returns fail<BR>Sending Access-Reject of id 78 to xx.xx.35.130 port 1812<BR>Finished request 2.<BR>Going to the next request<BR>Waking up in 0.7 seconds.<BR>Cleaning up request 0 ID 76 with timestamp +9<BR>Waking up in 4.2 seconds.<BR>Cleaning up request 2 ID 78 with timestamp +32<BR>Waking up in 119.0 seconds.<BR>Marking home server xxx.xxx.158.50 port 1812 alive again... we have no idea if it really is alive or not.<BR>Ready to process requests.<BR>rad_recv: Access-Request packet from host xx.xx.35.130 port 1812, id=79, length=379<BR> Framed-MTU = 1480<BR> NAS-IP-Address = xx.xx.35.130<BR> NAS-Identifier = "HP-SwitchSW02-02"<BR> User-Name = "host/LAB_LTOP2.XXXXXX.com"<BR> Service-Type = Framed-User<BR> Framed-Protocol = PPP<BR> NAS-Port = 3<BR> NAS-Port-Type = Ethernet<BR> NAS-Port-Id = "3"<BR> Called-Station-Id = "xx-xx-34-d1-16-40"<BR> Calling-Station-Id = "xx-xx-38-08-f9-7f"<BR> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "1050"<BR> EAP-Message = 0x0214002301686f73742f53494d535f4c41425f4c544f50322e53505343534e2e636f6d<BR> Message-Authenticator = 0x54c6272b8e58a7ec3514e410142ab23c<BR> MS-RAS-Vendor = 11<BR> HP-Capability-Advert = 0x011a0000000b28<BR> HP-Capability-Advert = 0x011a0000000b2e<BR> HP-Capability-Advert = 0x011a0000000b30<BR> HP-Capability-Advert = 0x011a0000000b3d<BR> HP-Capability-Advert = 0x0138<BR> HP-Capability-Advert = 0x013a<BR> HP-Capability-Advert = 0x0140<BR> HP-Capability-Advert = 0x0141<BR> HP-Capability-Advert = 0x0151<BR>+- entering group authorize {...}<BR>++[preprocess] returns ok<BR>[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/xx.xx.35.130/auth-detail-20110604<BR>[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/xx.xx.35.130/auth-detail-20110604<BR>[auth_log] expand: %t -> Sat Jun 4 19:11:30 2011<BR>++[auth_log] returns ok<BR>++[chap] returns noop<BR>++[mschap] returns noop<BR>[sql] expand: %{User-Name} -> host/LAB_LTOP2.XXXXXX.com<BR>[sql] sql_set_user escaped user --> 'host/LAB_LTOP2.XXXXXX.com'<BR>rlm_sql (sql): Reserving sql socket id: 1<BR>[sql] expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'host/LAB_LTOP2.XXXXXX.com' ORDER BY id<BR>[sql] expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' -> SELECT GroupName FROM radusergroup WHERE UserName='host/LAB_LTOP2.XXXXXX.com'<BR>rlm_sql (sql): Released sql socket id: 1<BR>[sql] User host/LAB_LTOP2.XXXXXX.com not found<BR>++[sql] returns notfound<BR>[eap] EAP packet type response id 20 length 35<BR>[eap] No EAP Start, assuming it's an on-going EAP conversation<BR>++[eap] returns updated<BR>[files] users: Matched entry DEFAULT at line 172<BR>++[files] returns ok<BR>++[expiration] returns noop<BR>++[logintime] returns noop<BR>------- MyModule authorization module: rlm_my_module_authorize. <BR>------- MyModule authorization module: proxy_server_alive = 1 <BR>------- MyModule authorization module: proxy_sent_count = 0 <BR>------- MyModule authorization module: proxy_server_timeout = 0 <BR>------- Did not find state attribute. Proceed with normal handling. <BR>------- Mac address specified in this packet xx:xx:38:08:F9:7F <BR>------- NAS Port Type specified in this packet 15 <BR>------- NAS Port specified in this packet 3 <BR>------- NAS Port IP address specified in this packet 172434306 <BR>------- NAS Port ID specified in this packet 3 <BR>------- eap_header->code 2, eap_header->id 20, eap packet length 35, offset_to_data 5 <BR>------- EAP Identity received host/LAB_LTOP2.XXXXXX.com <BR>------- Username/device name in incoming Radius packet host/LAB_LTOP2.XXXXXX.com. <BR>[my_module_auth] ProxyRealmAuthorize: Preparing to proxy authentication request to realm "remote_proxy_ad" <BR>[my_module_auth] ---------- Username received host/LAB_LTOP2.XXXXXX.com<BR>[my_module_auth] ---------- Realmname is remote_proxy_ad<BR>[my_module_auth] ---------- Found realm "remote_proxy_ad"<BR>[my_module_auth] Adding Realm = "remote_proxy_ad"<BR>[my_module_auth] ---------- Proxying request from user host/LAB_LTOP2.XXXXXX.com to realm remote_proxy_ad<BR>[my_module_auth] Preparing to proxy authentication request to realm "remote_proxy_ad" <BR>++[my_module_auth] returns updated<BR>+- entering group pre-proxy {...}<BR>++[files] returns noop<BR>------- MyModule pre-proxy module: my_module_auth_preproxy <BR>++[my_module_auth] returns ok<BR>Sending Access-Request of id 58 to xxx.xxx.158.50 port 1812<BR> Framed-MTU = 1480<BR> NAS-IP-Address = xx.xx.35.130<BR> NAS-Identifier = "HP-SwitchSW02-02"<BR> User-Name = "host/LAB_LTOP2.XXXXXX.com"<BR> Service-Type = Framed-User<BR> Framed-Protocol = PPP<BR> NAS-Port = 3<BR> NAS-Port-Type = Ethernet<BR> NAS-Port-Id = "3"<BR> Called-Station-Id = "xx-xx-34-d1-16-40"<BR> Calling-Station-Id = "xx-xx-38-08-f9-7f"<BR> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "1050"<BR> EAP-Message = 0x0214002301686f73742f53494d535f4c41425f4c544f50322e53505343534e2e636f6d<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> MS-RAS-Vendor = 11<BR> HP-Capability-Advert = 0x011a0000000b28<BR> HP-Capability-Advert = 0x011a0000000b2e<BR> HP-Capability-Advert = 0x011a0000000b30<BR> HP-Capability-Advert = 0x011a0000000b3d<BR> HP-Capability-Advert = 0x0138<BR> HP-Capability-Advert = 0x013a<BR> HP-Capability-Advert = 0x0140<BR> HP-Capability-Advert = 0x0141<BR> HP-Capability-Advert = 0x0151<BR> Proxy-State = 0x3739<BR>Proxying request 3 to home server xxx.xxx.158.50 port 1812<BR>Sending Access-Request of id 58 to xxx.xxx.158.50 port 1812<BR> Framed-MTU = 1480<BR> NAS-IP-Address = xx.xx.35.130<BR> NAS-Identifier = "HP-SwitchSW02-02"<BR> User-Name = "host/LAB_LTOP2.XXXXXX.com"<BR> Service-Type = Framed-User<BR> Framed-Protocol = PPP<BR> NAS-Port = 3<BR> NAS-Port-Type = Ethernet<BR> NAS-Port-Id = "3"<BR> Called-Station-Id = "xx-xx-34-d1-16-40"<BR> Calling-Station-Id = "xx-xx-38-08-f9-7f"<BR> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "1050"<BR> EAP-Message = 0x0214002301686f73742f53494d535f4c41425f4c544f50322e53505343534e2e636f6d<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> MS-RAS-Vendor = 11<BR> HP-Capability-Advert = 0x011a0000000b28<BR> HP-Capability-Advert = 0x011a0000000b2e<BR> HP-Capability-Advert = 0x011a0000000b30<BR> HP-Capability-Advert = 0x011a0000000b3d<BR> HP-Capability-Advert = 0x0138<BR> HP-Capability-Advert = 0x013a<BR> HP-Capability-Advert = 0x0140<BR> HP-Capability-Advert = 0x0141<BR> HP-Capability-Advert = 0x0151<BR> Proxy-State = 0x3739<BR>Going to the next request<BR>Waking up in 0.9 seconds.<BR>Waking up in 12.9 seconds.<BR>rad_recv: Access-Request packet from host xx.xx.35.130 port 1812, id=79, length=379<BR>Sending duplicate proxied request to home server xxx.xxx.158.50 port 1812 - ID: 58<BR>Sending Access-Request of id 58 to xxx.xxx.158.50 port 1812<BR> Framed-MTU = 1480<BR> NAS-IP-Address = xx.xx.35.130<BR> NAS-Identifier = "HP-SwitchSW02-02"<BR> User-Name = "host/LAB_LTOP2.XXXXXX.com"<BR> Service-Type = Framed-User<BR> Framed-Protocol = PPP<BR> NAS-Port = 3<BR> NAS-Port-Type = Ethernet<BR> NAS-Port-Id = "3"<BR> Called-Station-Id = "xx-xx-34-d1-16-40"<BR> Calling-Station-Id = "xx-xx-38-08-f9-7f"<BR> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "1050"<BR> EAP-Message = 0x0214002301686f73742f53494d535f4c41425f4c544f50322e53505343534e2e636f6d<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> MS-RAS-Vendor = 11<BR> HP-Capability-Advert = 0x011a0000000b28<BR> HP-Capability-Advert = 0x011a0000000b2e<BR> HP-Capability-Advert = 0x011a0000000b30<BR> HP-Capability-Advert = 0x011a0000000b3d<BR> HP-Capability-Advert = 0x0138<BR> HP-Capability-Advert = 0x013a<BR> HP-Capability-Advert = 0x0140<BR> HP-Capability-Advert = 0x0141<BR> HP-Capability-Advert = 0x0151<BR> Proxy-State = 0x3739<BR>Waking up in 9.0 seconds.<BR>rad_recv: Access-Request packet from host xx.xx.35.130 port 1812, id=79, length=379<BR>Sending duplicate proxied request to home server xxx.xxx.158.50 port 1812 - ID: 58<BR>Sending Access-Request of id 58 to xxx.xxx.158.50 port 1812<BR> Framed-MTU = 1480<BR> NAS-IP-Address = xx.xx.35.130<BR> NAS-Identifier = "HP-SwitchSW02-02"<BR> User-Name = "host/LAB_LTOP2.XXXXXX.com"<BR> Service-Type = Framed-User<BR> Framed-Protocol = PPP<BR> NAS-Port = 3<BR> NAS-Port-Type = Ethernet<BR> NAS-Port-Id = "3"<BR> Called-Station-Id = "xx-xx-34-d1-16-40"<BR> Calling-Station-Id = "xx-xx-38-08-f9-7f"<BR> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "1050"<BR> EAP-Message = 0x0214002301686f73742f53494d535f4c41425f4c544f50322e53505343534e2e636f6d<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> MS-RAS-Vendor = 11<BR> HP-Capability-Advert = 0x011a0000000b28<BR> HP-Capability-Advert = 0x011a0000000b2e<BR> HP-Capability-Advert = 0x011a0000000b30<BR> HP-Capability-Advert = 0x011a0000000b3d<BR> HP-Capability-Advert = 0x0138<BR> HP-Capability-Advert = 0x013a<BR> HP-Capability-Advert = 0x0140<BR> HP-Capability-Advert = 0x0141<BR> HP-Capability-Advert = 0x0151<BR> Proxy-State = 0x3739<BR>Waking up in 4.0 seconds.<BR>Marking home server xxx.xxx.158.50 port 1812 as zombie (it looks like it is dead).<BR>Waking up in 1.4 seconds.<BR>rad_recv: Access-Request packet from host xx.xx.35.130 port 1812, id=79, length=379<BR>Discarding duplicate request from client dot1x port 1812 - ID: 79 due to unfinished request 3<BR>Waking up in 0.5 seconds.<BR>Waking up in 2.2 seconds.<BR>Waking up in 3.3 seconds.<BR>Waking up in 5.0 seconds.<BR>rad_recv: Access-Request packet from host xx.xx.35.130 port 1812, id=80, length=379<BR> Framed-MTU = 1480<BR> NAS-IP-Address = xx.xx.35.130<BR> NAS-Identifier = "HP-SwitchSW02-02"<BR> User-Name = "host/LAB_LTOP2.XXXXXX.com"<BR> Service-Type = Framed-User<BR> Framed-Protocol = PPP<BR> NAS-Port = 3<BR> NAS-Port-Type = Ethernet<BR> NAS-Port-Id = "3"<BR> Called-Station-Id = "xx-xx-34-d1-16-40"<BR> Calling-Station-Id = "xx-xx-38-08-f9-7f"<BR> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "1050"<BR> EAP-Message = 0x0218002301686f73742f53494d535f4c41425f4c544f50322e53505343534e2e636f6d<BR> Message-Authenticator = 0xa21cb7ee63d23dc167a84a61b2f1d6c7<BR> MS-RAS-Vendor = 11<BR> HP-Capability-Advert = 0x011a0000000b28<BR> HP-Capability-Advert = 0x011a0000000b2e<BR> HP-Capability-Advert = 0x011a0000000b30<BR> HP-Capability-Advert = 0x011a0000000b3d<BR> HP-Capability-Advert = 0x0138<BR> HP-Capability-Advert = 0x013a<BR> HP-Capability-Advert = 0x0140<BR> HP-Capability-Advert = 0x0141<BR> HP-Capability-Advert = 0x0151<BR>+- entering group authorize {...}<BR>++[preprocess] returns ok<BR>[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/xx.xx.35.130/auth-detail-20110604<BR>[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/xx.xx.35.130/auth-detail-20110604<BR>[auth_log] expand: %t -> Sat Jun 4 19:11:53 2011<BR>++[auth_log] returns ok<BR>++[chap] returns noop<BR>++[mschap] returns noop<BR>[sql] expand: %{User-Name} -> host/LAB_LTOP2.XXXXXX.com<BR>[sql] sql_set_user escaped user --> 'host/LAB_LTOP2.XXXXXX.com'<BR>rlm_sql (sql): Reserving sql socket id: 0<BR>[sql] expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'host/LAB_LTOP2.XXXXXX.com' ORDER BY id<BR>[sql] expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' -> SELECT GroupName FROM radusergroup WHERE UserName='host/LAB_LTOP2.XXXXXX.com'<BR>rlm_sql (sql): Released sql socket id: 0<BR>[sql] User host/LAB_LTOP2.XXXXXX.com not found<BR>++[sql] returns notfound<BR>[eap] EAP packet type response id 24 length 35<BR>[eap] No EAP Start, assuming it's an on-going EAP conversation<BR>++[eap] returns updated<BR>[files] users: Matched entry DEFAULT at line 172<BR>++[files] returns ok<BR>++[expiration] returns noop<BR>++[logintime] returns noop<BR>------- MyModule authorization module: rlm_my_module_authorize. <BR>------- MyModule authorization module: proxy_server_alive = 0 <BR>------- MyModule authorization module: proxy_sent_count = 1 <BR>------- MyModule authorization module: proxy_server_timeout = 0 <BR>------- Did not find state attribute. Proceed with normal handling. <BR>------- Mac address specified in this packet xx:xx:38:08:F9:7F <BR>------- NAS Port Type specified in this packet 15 <BR>------- NAS Port specified in this packet 3 <BR>------- NAS Port IP address specified in this packet 172434306 <BR>------- NAS Port ID specified in this packet 3 <BR>------- eap_header->code 2, eap_header->id 24, eap packet length 35, offset_to_data 5 <BR>------- EAP Identity received host/LAB_LTOP2.XXXXXX.com <BR>------- Username/device name in incoming Radius packet host/LAB_LTOP2.XXXXXX.com. <BR>[my_module_auth] ProxyRealmAuthorize: Preparing to proxy authentication request to realm "remote_proxy_ad" <BR>[my_module_auth] ---------- Username received host/LAB_LTOP2.XXXXXX.com<BR>[my_module_auth] ---------- Realmname is remote_proxy_ad<BR>[my_module_auth] ---------- Found realm "remote_proxy_ad"<BR>[my_module_auth] Adding Realm = "remote_proxy_ad"<BR>[my_module_auth] ---------- Proxying request from user host/LAB_LTOP2.XXXXXX.com to realm remote_proxy_ad<BR>[my_module_auth] Preparing to proxy authentication request to realm "remote_proxy_ad" <BR>++[my_module_auth] returns updated<BR>+- entering group pre-proxy {...}<BR>++[files] returns noop<BR>------- MyModule pre-proxy module: my_module_auth_preproxy <BR>++[my_module_auth] returns ok<BR>Sending Access-Request of id 168 to xxx.xxx.158.50 port 1812<BR> Framed-MTU = 1480<BR> NAS-IP-Address = xx.xx.35.130<BR> NAS-Identifier = "HP-SwitchSW02-02"<BR> User-Name = "host/LAB_LTOP2.XXXXXX.com"<BR> Service-Type = Framed-User<BR> Framed-Protocol = PPP<BR> NAS-Port = 3<BR> NAS-Port-Type = Ethernet<BR> NAS-Port-Id = "3"<BR> Called-Station-Id = "xx-xx-34-d1-16-40"<BR> Calling-Station-Id = "xx-xx-38-08-f9-7f"<BR> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "1050"<BR> EAP-Message = 0x0218002301686f73742f53494d535f4c41425f4c544f50322e53505343534e2e636f6d<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> MS-RAS-Vendor = 11<BR> HP-Capability-Advert = 0x011a0000000b28<BR> HP-Capability-Advert = 0x011a0000000b2e<BR> HP-Capability-Advert = 0x011a0000000b30<BR> HP-Capability-Advert = 0x011a0000000b3d<BR> HP-Capability-Advert = 0x0138<BR> HP-Capability-Advert = 0x013a<BR> HP-Capability-Advert = 0x0140<BR> HP-Capability-Advert = 0x0141<BR> HP-Capability-Advert = 0x0151<BR> Proxy-State = 0x3830<BR>Proxying request 4 to home server xxx.xxx.158.50 port 1812<BR>Sending Access-Request of id 168 to xxx.xxx.158.50 port 1812<BR> Framed-MTU = 1480<BR> NAS-IP-Address = xx.xx.35.130<BR> NAS-Identifier = "HP-SwitchSW02-02"<BR> User-Name = "host/LAB_LTOP2.XXXXXX.com"<BR> Service-Type = Framed-User<BR> Framed-Protocol = PPP<BR> NAS-Port = 3<BR> NAS-Port-Type = Ethernet<BR> NAS-Port-Id = "3"<BR> Called-Station-Id = "xx-xx-34-d1-16-40"<BR> Calling-Station-Id = "xx-xx-38-08-f9-7f"<BR> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "1050"<BR> EAP-Message = 0x0218002301686f73742f53494d535f4c41425f4c544f50322e53505343534e2e636f6d<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> MS-RAS-Vendor = 11<BR> HP-Capability-Advert = 0x011a0000000b28<BR> HP-Capability-Advert = 0x011a0000000b2e<BR> HP-Capability-Advert = 0x011a0000000b30<BR> HP-Capability-Advert = 0x011a0000000b3d<BR> HP-Capability-Advert = 0x0138<BR> HP-Capability-Advert = 0x013a<BR> HP-Capability-Advert = 0x0140<BR> HP-Capability-Advert = 0x0141<BR> HP-Capability-Advert = 0x0151<BR> Proxy-State = 0x3830<BR>Going to the next request<BR>Waking up in 0.9 seconds.<BR>Waking up in 2.1 seconds.<BR>Waking up in 7.5 seconds.<BR>rad_recv: Access-Request packet from host xx.xx.35.130 port 1812, id=80, length=379<BR>Sending duplicate proxied request to home server xxx.xxx.158.50 port 1812 - ID: 168<BR>Sending Access-Request of id 168 to xxx.xxx.158.50 port 1812<BR> Framed-MTU = 1480<BR> NAS-IP-Address = xx.xx.35.130<BR> NAS-Identifier = "HP-SwitchSW02-02"<BR> User-Name = "host/LAB_LTOP2.XXXXXX.com"<BR> Service-Type = Framed-User<BR> Framed-Protocol = PPP<BR> NAS-Port = 3<BR> NAS-Port-Type = Ethernet<BR> NAS-Port-Id = "3"<BR> Called-Station-Id = "xx-xx-34-d1-16-40"<BR> Calling-Station-Id = "xx-xx-38-08-f9-7f"<BR> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "1050"<BR> EAP-Message = 0x0218002301686f73742f53494d535f4c41425f4c544f50322e53505343534e2e636f6d<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> MS-RAS-Vendor = 11<BR> HP-Capability-Advert = 0x011a0000000b28<BR> HP-Capability-Advert = 0x011a0000000b2e<BR> HP-Capability-Advert = 0x011a0000000b30<BR> HP-Capability-Advert = 0x011a0000000b3d<BR> HP-Capability-Advert = 0x0138<BR> HP-Capability-Advert = 0x013a<BR> HP-Capability-Advert = 0x0140<BR> HP-Capability-Advert = 0x0141<BR> HP-Capability-Advert = 0x0151<BR> Proxy-State = 0x3830<BR>Waking up in 5.7 seconds.<BR>rad_recv: Access-Request packet from host xx.xx.35.130 port 1812, id=80, length=379<BR>Marking home server xxx.xxx.158.50 port 1812 as dead.<BR>Failed to find live home server for request 4<BR> Found Post-Proxy-Type <BR>+- entering group Fail {...}<BR>------- MyModule post-proxy module: my_module_auth_postproxy host/LAB_LTOP2.XXXXXX.com <BR>++[my_module_auth] returns ok<BR>ERROR: Failed to find live home server for realm remote_proxy_ad<BR> Found Post-Proxy-Type <BR>+- entering group Fail {...}<BR>------- MyModule post-proxy module: my_module_auth_postproxy host/LAB_LTOP2.XXXXXX.com <BR>++[my_module_auth] returns ok<BR>There was no response configured: rejecting request 4<BR>Using Post-Auth-Type Reject<BR>+- entering group REJECT {...}<BR>------- MyModule post-authentication module: my_module_auth_postauth <BR>++[my_module_auth] returns fail<BR>Sending Access-Reject of id 80 to xx.xx.35.130 port 1812<BR>Finished request 4.<BR>Going to the next request<BR>Waking up in 0.7 seconds.<BR>Cleaning up request 3 ID 79 with timestamp +1242<BR>Waking up in 4.2 seconds.<BR>Cleaning up request 4 ID 80 with timestamp +1265<BR>Waking up in 118.9 seconds.<BR>Marking home server xxx.xxx.158.50 port 1812 alive again... we have no idea if it really is alive or not.<BR>Ready to process requests.</P><P> </P></div><body></html>