<div dir="ltr"><div class="gmail_quote"><div dir="ltr"><div class="gmail_quote"><div dir="ltr"><div><div class="h5"><div><div>Hello FR Users,<br><br></div>I'm currently using 3.0.x via github on RHEL 7. My issue is that I'm unable to get the User-Name attribute out of the inner tunnel. My setup is very simple, I'm proxying my authentication requests to an NPS server. It appears that part of my issue is spawning from the fact that NPS replies *without* a User-Name attribute.<br><br>I've seen a couple of examples demonstrating how to update the reply or update outer.reply in the inner-tunnel post-auth section. After reading the debug output, that section doesn't seem to run. Instead, post-proxy is run which looks like a good alternative. This is what I've tried in the post-proxy section:<br><br> update {<br> &reply:User-Name += &User-Name<br> }<br><br></div><div>And this is what happens:<br><br>(8) # Executing section post-proxy from file /etc/raddb/sites-enabled/inner-tunnel<br>(8) post-proxy {<br>(8) update {<br>(8) &reply:User-Name += &User-Name -> 'mydomain\user000'<br>(8) } # update = noop<br><br></div><div>This is obviously wrong since it doesn't work.<br></div><div><br></div><div>Any help would be greatly appreciated.<br><br></div><div>Thanks,<br>Chris<br><br>---------------<br></div><div><b>raddb/mods-enabled/eap</b><br><br> peap {<br> tls = tls-common<br><br> default_eap_type = mschapv2<br><br> copy_request_to_tunnel = yes<br><br> use_tunneled_reply = no<br><br> proxy_tunneled_request_as_eap = no<br><br> virtual_server = "inner-tunnel"<br> }<br><br>---------------<br></div></div></div><div><b>raddb/sites-enabled/inner-tunnel</b><br><br>server inner-tunnel {<span class=""><br>authorize {<br> ntdomain<br> suffix<br> eap {<br> ok = return<br> }<br> expiration<br> logintime<br> pap<br>}<br><br>authenticate {<br> eap<br>}<br><br></span></div><div><span class="">post-auth {<br> update {<br> &outer.session-state: += &reply:<br> &outer.session-state:User-Name += &User-Name<br> }<br><br> Post-Auth-Type REJECT {<br> attr_filter.access_reject<br><br> update outer.session-state {<br> Module-Failure-Message := &request:Module-Failure-Message<br> }<br> }<br>}<br><br></span><span class="">post-proxy {<br> update {<br> &reply:User-Name += &User-Name<br> }<br> eap<br>}<br><br></span></div><div>---------------<br></div><div><b>raddb/sites-enabled/default</b><br><br></div><div>server default {<span class=""><br>authorize {<br> filter_username<br> preprocess<br> ntdomain<br> suffix<br> eap {<br> ok = return<br> }<br> -ldap<br> expiration<br> logintime<br>}<br><br><br><br>authenticate {<br> eap<br>}<br><br>preacct {<br> preprocess<br> acct_unique<br> suffix<br> files<br>}<br><br>accounting {<br> detail<br> unix<br> exec<br> attr_filter.accounting_response<br>}<br><br></span><span class="">post-auth {<br> update {<br> &reply: += &session-state:<br> }<br> exec<br> remove_reply_message_if_eap<br> Post-Auth-Type REJECT {<br> attr_filter.access_reject<br> eap<br> remove_reply_message_if_eap<br> }<br>}<br><br></span>post-proxy {<br> eap<br> }<br>}<br><br>---------------<br></div><div><b>DEBUG</b><div><div class="h5"><br><br>(7) Received Access-Request Id 28 from <a href="http://172.23.242.165:1645" target="_blank">172.23.242.165:1645</a> to <a href="http://192.168.244.230:1812" target="_blank">192.168.244.230:1812</a> length 276<br>(7) User-Name = 'anon1337'<br>(7) Service-Type = Framed-User<br>(7) Framed-IP-Address = 192.168.243.38<br>(7) Framed-MTU = 1500<br>(7) Called-Station-Id = '00-00-00-00-AA-AA'<br>(7) Calling-Station-Id = '00-00-00-00-BB-BB'<br>(7) EAP-Message = 0x026e0060190017030192.1680e6cb89aa98510fc404f1b7eb4933b8fc6042f461ca57ff5c3ac6d28f635e8367170301003003e93d2105ca95de4eb989a97f8beadb2ea20de1f5482dd4163a672bf875c413a29e3028b2e95d53c5b2856b29fe1deb<br>(7) Message-Authenticator = 0xd5950daf85b25b80689292da899bdd86<br>(7) NAS-Port-Type = Ethernet<br>(7) NAS-Port = 50002<br>(7) NAS-Port-Id = 'FastEthernet0/2'<br>(7) Called-Station-Id = '00-00-00-00-AA-AA'<br>(7) State = 0x2196d8c927f8c10ed58b5f9872208c8c<br>(7) NAS-IP-Address = 172.23.242.165<br>(7) session-state: No cached attributes<br>(7) # Executing section authorize from file /etc/raddb/sites-enabled/default<br>(7) authorize {<br>(7) policy filter_username {<br>(7) if (!&User-Name) {<br>(7) if (!&User-Name) -> FALSE<br>(7) if (&User-Name =~ / /) {<br>(7) if (&User-Name =~ / /) -> FALSE<br>(7) if (&User-Name =~ /@.*@/ ) {<br>(7) if (&User-Name =~ /@.*@/ ) -> FALSE<br>(7) if (&User-Name =~ /\.\./ ) {<br>(7) if (&User-Name =~ /\.\./ ) -> FALSE<br>(7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {<br>(7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE<br>(7) if (&User-Name =~ /\.$/) {<br>(7) if (&User-Name =~ /\.$/) -> FALSE<br>(7) if (&User-Name =~ /@\./) {<br>(7) if (&User-Name =~ /@\./) -> FALSE<br>(7) } # policy filter_username = notfound<br>(7) [preprocess] = ok<br>(7) ntdomain: Checking for prefix before "\"<br>(7) ntdomain: No '\' in User-Name = "anon1337", looking up realm NULL<br>(7) ntdomain: No such realm "NULL"<br>(7) [ntdomain] = noop<br>(7) suffix: Checking for suffix after "@"<br>(7) suffix: No '@' in User-Name = "anon1337", looking up realm NULL<br>(7) suffix: No such realm "NULL"<br>(7) [suffix] = noop<br>(7) eap: Peer sent code Response (2) ID 110 length 96<br>(7) eap: Continuing tunnel setup<br>(7) [eap] = ok<br>(7) } # authorize = ok<br>(7) Found Auth-Type = EAP<br>(7) # Executing group from file /etc/raddb/sites-enabled/default<br>(7) authenticate {<br>(7) eap: Expiring EAP session with state 0x2196d8c927f8c10e<br>(7) eap: Finished EAP session with state 0x2196d8c927f8c10e<br>(7) eap: Previous EAP request found for state 0x2196d8c927f8c10e, released from the list<br>(7) eap: Peer sent method PEAP (25)<br>(7) eap: EAP PEAP (25)<br>(7) eap: Calling eap_peap to process EAP data<br>(7) eap_peap: processing EAP-TLS<br>(7) eap_peap: eaptls_verify returned 7 <br>(7) eap_peap: Done initial handshake<br>(7) eap_peap: eaptls_process returned 7 <br>(7) eap_peap: FR_TLS_OK<br>(7) eap_peap: Session established. Decoding tunneled attributes<br>(7) eap_peap: PEAP state WAITING FOR INNER IDENTITY<br>(7) eap_peap: Identity - mydomain\user000<br>(7) eap_peap: Got inner identity 'mydomain\user000'<br>(7) eap_peap: Setting default EAP type for tunneled EAP session<br>(7) eap_peap: Got tunneled request<br>(7) eap_peap: EAP-Message = 0x026e001201676c6f62616c5c636872697361<br>(7) eap_peap: Setting User-Name to mydomain\user000<br>(7) eap_peap: Sending tunneled request to inner-tunnel<br>(7) eap_peap: EAP-Message = 0x026e001201676c6f62616c5c636872697361<br>(7) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1<br>(7) eap_peap: User-Name = 'mydomain\user000'<br>(7) eap_peap: Service-Type = Framed-User<br>(7) eap_peap: Framed-IP-Address = 192.168.243.38<br>(7) eap_peap: Framed-MTU = 1500<br>(7) eap_peap: Called-Station-Id = '00-00-00-00-AA-AA'<br>(7) eap_peap: Called-Station-Id = '00-00-00-00-AA-AA'<br>(7) eap_peap: Calling-Station-Id = '00-00-00-00-BB-BB'<br>(7) eap_peap: NAS-Port-Type = Ethernet<br>(7) eap_peap: NAS-Port = 50002<br>(7) eap_peap: NAS-Port-Id = 'FastEthernet0/2'<br>(7) eap_peap: NAS-IP-Address = 172.23.242.165<br>(7) eap_peap: Event-Timestamp = 'Dec 11 2014 16:55:38 EST'<br>(7) Virtual server received request<br>(7) EAP-Message = 0x026e001201676c6f62616c5c636872697361<br>(7) FreeRADIUS-Proxied-To = 127.0.0.1<br>(7) User-Name = 'mydomain\user000'<br>(7) Service-Type = Framed-User<br>(7) Framed-IP-Address = 192.168.243.38<br>(7) Framed-MTU = 1500<br>(7) Called-Station-Id = '00-00-00-00-AA-AA'<br>(7) Called-Station-Id = '00-00-00-00-AA-AA'<br>(7) Calling-Station-Id = '00-00-00-00-BB-BB'<br>(7) NAS-Port-Type = Ethernet<br>(7) NAS-Port = 50002<br>(7) NAS-Port-Id = 'FastEthernet0/2'<br>(7) NAS-IP-Address = 172.23.242.165<br>(7) Event-Timestamp = 'Dec 11 2014 16:55:38 EST'<br>(7) server inner-tunnel {<br>(7) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel<br>(7) authorize {<br>(7) ntdomain: Checking for prefix before "\"<br>(7) ntdomain: Looking up realm "mydomain" for User-Name = "mydomain\user000"<br>(7) ntdomain: Found realm "mydomain"<br>(7) ntdomain: Adding Realm = "mydomain"<br>(7) ntdomain: Proxying request from user mydomain\user000 to realm mydomain<br>(7) ntdomain: Preparing to proxy authentication request to realm "mydomain" <br>(7) [ntdomain] = updated<br>(7) suffix: Request already has destination realm set. Ignoring<br>(7) [suffix] = noop<br>(7) eap: Request is supposed to be proxied to Realm mydomain. Not doing EAP.<br>(7) [eap] = noop<br>(7) [expiration] = noop<br>(7) [logintime] = noop<br>(7) [pap] = noop<br>(7) } # authorize = updated<br>(7) } # server inner-tunnel<br>(7) Virtual server sending reply<br>(7) eap_peap: Got tunneled reply code 0<br>(7) eap_peap: Calling authenticate in order to initiate tunneled EAP session<br>(7) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel<br>(7) authenticate {<br>(7) eap: Peer sent method Identity (1)<br>(7) eap: Calling eap_mschapv2 to process EAP data<br>(7) eap_mschapv2: Issuing Challenge<br>(7) eap: EAP session adding &reply:State = 0xd948b86bd927a2af<br>(7) [eap] = handled<br>(7) } # authenticate = handled<br>(7) eap_peap: Cancelling proxy to realm mydomain until the tunneled EAP session has been established<br>(7) eap_peap: Got tunneled reply RADIUS code 11<br>(7) eap_peap: EAP-Message = 0x016f00271a016f002210909415ffc9c1692d6de6f744d7a31428676c6f62616c5c636872697361<br>(7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000<br>(7) eap_peap: State = 0xd948b86bd927a2af4aa0b84f98aa7925<br>(7) eap_peap: Got tunneled Access-Challenge<br>(7) eap: EAP session adding &reply:State = 0x2196d8c926f9c10e<br>(7) [eap] = handled<br>(7) } # authenticate = handled<br>(7) Sent Access-Challenge Id 28 from <a href="http://192.168.244.230:1812" target="_blank">192.168.244.230:1812</a> to <a href="http://172.23.242.165:1645" target="_blank">172.23.242.165:1645</a> length 133<br>(7) EAP-Message = 0x016f004b190017030100401cc068f51a055ef75f0322d45ae7db44e69bc57efebdde94cc83224d0ddc8f49c26e121d7bee4c248be63d944a02d3802b6e51e1c040b12040c57ef3e03ef1ff<br>(7) Message-Authenticator = 0x00000000000000000000000000000000<br>(7) State = 0x2196d8c926f9c10ed58b5f9872208c8c<br>(7) Finished request<br>Waking up in 0.2 seconds.<br>(8) Received Access-Request Id 29 from <a href="http://172.23.242.165:1645" target="_blank">172.23.242.165:1645</a> to <a href="http://192.168.244.230:1812" target="_blank">192.168.244.230:1812</a> length 324<br>(8) User-Name = 'anon1337'<br>(8) Service-Type = Framed-User<br>(8) Framed-IP-Address = 192.168.243.38<br>(8) Framed-MTU = 1500<br>(8) Called-Station-Id = '00-00-00-00-AA-AA'<br>(8) Calling-Station-Id = '00-00-00-00-BB-BB'<br>(8) EAP-Message = 0x026f0090190017030192.16805f6aa95b7c5dff8199c9f7ea839908b524917466ca42abdd8169c148bb2fad7d17030100609e65f129d587f058f9ad84b662ab933e21f1fdc8b1d06fc07a353ac69160d38fa1cea74279db7816d337173b79c195d37433626c4ed7aa543ade8ef91f341da2ddb4d7425c5173<br>(8) Message-Authenticator = 0xae08a4251146eef68e6aef5915fb17cb<br>(8) NAS-Port-Type = Ethernet<br>(8) NAS-Port = 50002<br>(8) NAS-Port-Id = 'FastEthernet0/2'<br>(8) Called-Station-Id = '00-00-00-00-AA-AA'<br>(8) State = 0x2196d8c926f9c10ed58b5f9872208c8c<br>(8) NAS-IP-Address = 172.23.242.165<br>(8) session-state: No cached attributes<br>(8) # Executing section authorize from file /etc/raddb/sites-enabled/default<br>(8) authorize {<br>(8) policy filter_username {<br>(8) if (!&User-Name) {<br>(8) if (!&User-Name) -> FALSE<br>(8) if (&User-Name =~ / /) {<br>(8) if (&User-Name =~ / /) -> FALSE<br>(8) if (&User-Name =~ /@.*@/ ) {<br>(8) if (&User-Name =~ /@.*@/ ) -> FALSE<br>(8) if (&User-Name =~ /\.\./ ) {<br>(8) if (&User-Name =~ /\.\./ ) -> FALSE<br>(8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {<br>(8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE<br>(8) if (&User-Name =~ /\.$/) {<br>(8) if (&User-Name =~ /\.$/) -> FALSE<br>(8) if (&User-Name =~ /@\./) {<br>(8) if (&User-Name =~ /@\./) -> FALSE<br>(8) } # policy filter_username = notfound<br>(8) [preprocess] = ok<br>(8) ntdomain: Checking for prefix before "\"<br>(8) ntdomain: No '\' in User-Name = "anon1337", looking up realm NULL<br>(8) ntdomain: No such realm "NULL"<br>(8) [ntdomain] = noop<br>(8) suffix: Checking for suffix after "@"<br>(8) suffix: No '@' in User-Name = "anon1337", looking up realm NULL<br>(8) suffix: No such realm "NULL"<br>(8) [suffix] = noop<br>(8) eap: Peer sent code Response (2) ID 111 length 144<br>(8) eap: Continuing tunnel setup<br>(8) [eap] = ok<br>(8) } # authorize = ok<br>(8) Found Auth-Type = EAP<br>(8) # Executing group from file /etc/raddb/sites-enabled/default<br>(8) authenticate {<br>(8) eap: Expiring EAP session with state 0xd948b86bd927a2af<br>(8) eap: Finished EAP session with state 0x2196d8c926f9c10e<br>(8) eap: Previous EAP request found for state 0x2196d8c926f9c10e, released from the list<br>(8) eap: Peer sent method PEAP (25)<br>(8) eap: EAP PEAP (25)<br>(8) eap: Calling eap_peap to process EAP data<br>(8) eap_peap: processing EAP-TLS<br>(8) eap_peap: eaptls_verify returned 7 <br>(8) eap_peap: Done initial handshake<br>(8) eap_peap: eaptls_process returned 7 <br>(8) eap_peap: FR_TLS_OK<br>(8) eap_peap: Session established. Decoding tunneled attributes<br>(8) eap_peap: PEAP state phase2<br>(8) eap_peap: EAP type MSCHAPv2 (26)<br>(8) eap_peap: Got tunneled request<br>(8) eap_peap: EAP-Message = 0x026f00481a026f004331bce4b4548870ee6a96268e682a0e42560000000000000000f418c2cd895d3b885d533428bcd934bf8ebeadb11a9e889b00676c6f62616c5c636872697361<br>(8) eap_peap: Setting User-Name to mydomain\user000<br>(8) eap_peap: Sending tunneled request to inner-tunnel<br>(8) eap_peap: EAP-Message = 0x026f00481a026f004331bce4b4548870ee6a96268e682a0e42560000000000000000f418c2cd895d3b885d533428bcd934bf8ebeadb11a9e889b00676c6f62616c5c636872697361<br>(8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1<br>(8) eap_peap: User-Name = 'mydomain\user000'<br>(8) eap_peap: State = 0xd948b86bd927a2af4aa0b84f98aa7925<br>(8) eap_peap: Service-Type = Framed-User<br>(8) eap_peap: Framed-IP-Address = 192.168.243.38<br>(8) eap_peap: Framed-MTU = 1500<br>(8) eap_peap: Called-Station-Id = '00-00-00-00-AA-AA'<br>(8) eap_peap: Called-Station-Id = '00-00-00-00-AA-AA'<br>(8) eap_peap: Calling-Station-Id = '00-00-00-00-BB-BB'<br>(8) eap_peap: NAS-Port-Type = Ethernet<br>(8) eap_peap: NAS-Port = 50002<br>(8) eap_peap: NAS-Port-Id = 'FastEthernet0/2'<br>(8) eap_peap: NAS-IP-Address = 172.23.242.165<br>(8) eap_peap: Event-Timestamp = 'Dec 11 2014 16:55:38 EST'<br>(8) Virtual server received request<br>(8) EAP-Message = 0x026f00481a026f004331bce4b4548870ee6a96268e682a0e42560000000000000000f418c2cd895d3b885d533428bcd934bf8ebeadb11a9e889b00676c6f62616c5c636872697361<br>(8) FreeRADIUS-Proxied-To = 127.0.0.1<br>(8) User-Name = 'mydomain\user000'<br>(8) State = 0xd948b86bd927a2af4aa0b84f98aa7925<br>(8) Service-Type = Framed-User<br>(8) Framed-IP-Address = 192.168.243.38<br>(8) Framed-MTU = 1500<br>(8) Called-Station-Id = '00-00-00-00-AA-AA'<br>(8) Called-Station-Id = '00-00-00-00-AA-AA'<br>(8) Calling-Station-Id = '00-00-00-00-BB-BB'<br>(8) NAS-Port-Type = Ethernet<br>(8) NAS-Port = 50002<br>(8) NAS-Port-Id = 'FastEthernet0/2'<br>(8) NAS-IP-Address = 172.23.242.165<br>(8) Event-Timestamp = 'Dec 11 2014 16:55:38 EST'<br>(8) server inner-tunnel {<br>(8) session-state: No cached attributes<br>(8) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel<br>(8) authorize {<br>(8) ntdomain: Checking for prefix before "\"<br>(8) ntdomain: Looking up realm "mydomain" for User-Name = "mydomain\user000"<br>(8) ntdomain: Found realm "mydomain"<br>(8) ntdomain: Adding Realm = "mydomain"<br>(8) ntdomain: Proxying request from user mydomain\user000 to realm mydomain<br>(8) ntdomain: Preparing to proxy authentication request to realm "mydomain" <br>(8) [ntdomain] = updated<br>(8) suffix: Request already has destination realm set. Ignoring<br>(8) [suffix] = noop<br>(8) eap: Request is supposed to be proxied to Realm mydomain. Not doing EAP.<br>(8) [eap] = noop<br>(8) [expiration] = noop<br>(8) [logintime] = noop<br>(8) [pap] = noop<br>(8) } # authorize = updated<br>(8) } # server inner-tunnel<br>(8) Virtual server sending reply<br>(8) eap_peap: Got tunneled reply code 0<br>(8) eap_peap: Calling authenticate in order to initiate tunneled EAP session<br>(8) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel<br>(8) authenticate {<br>(8) eap: Expiring EAP session with state 0xd948b86bd927a2af<br>(8) eap: Finished EAP session with state 0xd948b86bd927a2af<br>(8) eap: Previous EAP request found for state 0xd948b86bd927a2af, released from the list<br>(8) eap: Peer sent method MSCHAPv2 (26)<br>(8) eap: EAP MSCHAPv2 (26)<br>(8) eap: Calling eap_mschapv2 to process EAP data<br>(8) eap_mschapv2: cancelling authentication and letting it be proxied<br>(8) eap: No EAP proxy set. Not composing EAP<br>(8) [eap] = handled<br>(8) } # authenticate = handled<br>(8) eap_peap: Tunnelled authentication will be proxied to mydomain<br>(8) eap_peap: Remembering to do EAP-MS-CHAP-V2 post-proxy<br>(8) eap: Tunneled session will be proxied. Not doing EAP<br>(8) [eap] = handled<br>(8) } # authenticate = handled<br>Opening new proxy socket 'proxy address * port 0'<br>Listening on proxy address * port 48355<br>(8) Proxying request to home server 192.168.1.103 port 1812 timeout 30.000000<br>(8) Sent Access-Request Id 198 from <a href="http://0.0.0.0:48355" target="_blank">0.0.0.0:48355</a> to <a href="http://192.168.1.103:1812" target="_blank">192.168.1.103:1812</a> length 255<br>(8) User-Name = 'mydomain\user000'<br>(8) Service-Type = Framed-User<br>(8) Framed-IP-Address = 192.168.243.38<br>(8) Framed-MTU = 1500<br>(8) Called-Station-Id = '00-00-00-00-AA-AA'<br>(8) Called-Station-Id = '00-00-00-00-AA-AA'<br>(8) Calling-Station-Id = '00-00-00-00-BB-BB'<br>(8) NAS-Port-Type = Ethernet<br>(8) NAS-Port = 50002<br>(8) NAS-Port-Id = 'FastEthernet0/2'<br>(8) NAS-IP-Address = 172.23.242.165<br>(8) Event-Timestamp = 'Dec 11 2014 16:55:38 EST'<br>(8) MS-CHAP-Challenge = 0x909415ffc9c1692d6de6f744d7a31428<br>(8) MS-CHAP2-Response = 0x6f6cbce4b4548870ee6a96268e682a0e42560000000000000000f418c2cd895d3b885d533428bcd934bf8ebeadb11a9e889b<br>(8) Message-Authenticator := 0x00<br>(8) Proxy-State = 0x3239<br>(8) Received Access-Accept Id 198 from <a href="http://192.168.1.103:1812" target="_blank">192.168.1.103:1812</a> to <a href="http://192.168.244.230:48355" target="_blank">192.168.244.230:48355</a> length 256<br>(8) Proxy-State = 0x3239<br>(8) Framed-Protocol = PPP<br>(8) Service-Type = Framed-User<br>(8) Class = 0x3fc704f900000137000102000a02016700000000000000000000000001d006be3dc74c5b000000000004f90c<br>(8) MS-MPPE-Recv-Key = 0xc91f6a04dccbaf84f7c206510152cae5<br>(8) MS-MPPE-Send-Key = 0xf2de36fbd643948f1f803fc4e177494f<br>(8) MS-CHAP2-Success = 0x6f533d32453435313836344430354331393343313530383231384636304635433738463535413139383035<br>(8) MS-CHAP-Domain = 'oMYDOMAIN'<br>(8) MS-Link-Utilization-Threshold = 50<br>(8) MS-Link-Drop-Time-Limit = 120<br>(8) # Executing section post-proxy from file /etc/raddb/sites-enabled/default<br>(8) post-proxy {<br>(8) eap: Doing post-proxy callback<br>(8) eap: Passing reply from proxy back into the tunnel<br>server inner-tunnel {<br>(8) eap: Passing reply back for EAP-MS-CHAP-V2<br>(8) # Executing section post-proxy from file /etc/raddb/sites-enabled/inner-tunnel<br>(8) post-proxy {<br>(8) update {<br>(8) &reply:User-Name += &User-Name -> 'mydomain\user000'<br>(8) } # update = noop<br>(8) eap: Doing post-proxy callback<br>(8) eap: Passing reply from proxy back into the tunnel 2.<br>(8) eap: Proxied authentication succeeded<br>MSCHAP Success <br>(8) eap: EAP session adding &reply:State = 0xd948b86bd838a2af<br>(8) [eap] = ok<br>(8) } # post-proxy = ok<br>} # server inner-tunnel<br>(8) eap: Final reply from tunneled session code 11<br>(8) eap: Proxy-State = 0x3239<br>(8) eap: Framed-Protocol = PPP<br>(8) eap: Service-Type = Framed-User<br>(8) eap: Class = 0x3fc704f900000137000102000a02016700000000000000000000000001d006be3dc74c5b000000000004f90c<br>(8) eap: MS-CHAP-Domain = 'oMYDOMAIN'<br>(8) eap: MS-Link-Utilization-Threshold = 50<br>(8) eap: MS-Link-Drop-Time-Limit = 120<br>(8) eap: User-Name += 'mydomain\user000'<br>(8) eap: EAP-Message = 0x017000331a036f002e533d32453435313836344430354331393343313530383231384636304635433738463535413139383035<br>(8) eap: Message-Authenticator = 0x00000000000000000000000000000000<br>(8) eap: State = 0xd948b86bd838a2af4aa0b84f98aa7925<br>(8) eap: Got reply 11<br>(8) eap: Got tunneled reply RADIUS code 11<br>(8) eap: Proxy-State = 0x3239<br>(8) eap: Framed-Protocol = PPP<br>(8) eap: Service-Type = Framed-User<br>(8) eap: Class = 0x3fc704f900000137000102000a02016700000000000000000000000001d006be3dc74c5b000000000004f90c<br>(8) eap: MS-CHAP-Domain = 'oMYDOMAIN'<br>(8) eap: MS-Link-Utilization-Threshold = 50<br>(8) eap: MS-Link-Drop-Time-Limit = 120<br>(8) eap: User-Name += 'mydomain\user000'<br>(8) eap: EAP-Message = 0x017000331a036f002e533d32453435313836344430354331393343313530383231384636304635433738463535413139383035<br>(8) eap: Message-Authenticator = 0x00000000000000000000000000000000<br>(8) eap: State = 0xd948b86bd838a2af4aa0b84f98aa7925<br>(8) eap: Got tunneled Access-Challenge<br>(8) eap: Reply was handled<br>(8) eap: EAP session adding &reply:State = 0x2196d8c929e6c10e<br>(8) [eap] = ok<br>(8) } # post-proxy = ok<br>(8) Sent Access-Challenge Id 29 from <a href="http://192.168.244.230:1812" target="_blank">192.168.244.230:1812</a> to <a href="http://172.23.242.165:1645" target="_blank">172.23.242.165:1645</a> length 149<br>(8) EAP-Message = 0x0170005b19001703010050e4af81c9ecf1135b817b48ffecdbdfedb6922e5cfe1d463f7e8ef93564a8bdc26e5ae1ef16598d2dfa622c69a1408d9be0a0ddc629ee1dc6c28f94be0e7342f5bba962637645ef95bdec9fb40ad5f6ab<br>(8) Message-Authenticator = 0x00000000000000000000000000000000<br>(8) State = 0x2196d8c929e6c10ed58b5f9872208c8c<br>(8) Finished request<br>Waking up in 0.2 seconds.<br>Waking up in 3.7 seconds.<br>(9) Received Access-Request Id 30 from <a href="http://172.23.242.165:1645" target="_blank">172.23.242.165:1645</a> to <a href="http://192.168.244.230:1812" target="_blank">192.168.244.230:1812</a> length 260<br>(9) User-Name = 'anon1337'<br>(9) Service-Type = Framed-User<br>(9) Framed-IP-Address = 192.168.243.38<br>(9) Framed-MTU = 1500<br>(9) Called-Station-Id = '00-00-00-00-AA-AA'<br>(9) Calling-Station-Id = '00-00-00-00-BB-BB'<br>(9) EAP-Message = 0x02700050190017030192.1680ceb524c34f543d34a2114a5dc0162c1506dcb23023b799d1a6b01fd094a36bbe17030192.1680ac40f2c24559bd0245d1add229486b46e0ddc7e84ece128eed9af83704914517<br>(9) Message-Authenticator = 0x2db32972e884849ee872929fee306127<br>(9) NAS-Port-Type = Ethernet<br>(9) NAS-Port = 50002<br>(9) NAS-Port-Id = 'FastEthernet0/2'<br>(9) Called-Station-Id = '00-00-00-00-AA-AA'<br>(9) State = 0x2196d8c929e6c10ed58b5f9872208c8c<br>(9) NAS-IP-Address = 172.23.242.165<br>(9) session-state: No cached attributes<br>(9) # Executing section authorize from file /etc/raddb/sites-enabled/default<br>(9) authorize {<br>(9) policy filter_username {<br>(9) if (!&User-Name) {<br>(9) if (!&User-Name) -> FALSE<br>(9) if (&User-Name =~ / /) {<br>(9) if (&User-Name =~ / /) -> FALSE<br>(9) if (&User-Name =~ /@.*@/ ) {<br>(9) if (&User-Name =~ /@.*@/ ) -> FALSE<br>(9) if (&User-Name =~ /\.\./ ) {<br>(9) if (&User-Name =~ /\.\./ ) -> FALSE<br>(9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {<br>(9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE<br>(9) if (&User-Name =~ /\.$/) {<br>(9) if (&User-Name =~ /\.$/) -> FALSE<br>(9) if (&User-Name =~ /@\./) {<br>(9) if (&User-Name =~ /@\./) -> FALSE<br>(9) } # policy filter_username = notfound<br>(9) [preprocess] = ok<br>(9) ntdomain: Checking for prefix before "\"<br>(9) ntdomain: No '\' in User-Name = "anon1337", looking up realm NULL<br>(9) ntdomain: No such realm "NULL"<br>(9) [ntdomain] = noop<br>(9) suffix: Checking for suffix after "@"<br>(9) suffix: No '@' in User-Name = "anon1337", looking up realm NULL<br>(9) suffix: No such realm "NULL"<br>(9) [suffix] = noop<br>(9) eap: Peer sent code Response (2) ID 112 length 80<br>(9) eap: Continuing tunnel setup<br>(9) [eap] = ok<br>(9) } # authorize = ok<br>(9) Found Auth-Type = EAP<br>(9) # Executing group from file /etc/raddb/sites-enabled/default<br>(9) authenticate {<br>(9) eap: Expiring EAP session with state 0xd948b86bd838a2af<br>(9) eap: Finished EAP session with state 0x2196d8c929e6c10e<br>(9) eap: Previous EAP request found for state 0x2196d8c929e6c10e, released from the list<br>(9) eap: Peer sent method PEAP (25)<br>(9) eap: EAP PEAP (25)<br>(9) eap: Calling eap_peap to process EAP data<br>(9) eap_peap: processing EAP-TLS<br>(9) eap_peap: eaptls_verify returned 7 <br>(9) eap_peap: Done initial handshake<br>(9) eap_peap: eaptls_process returned 7 <br>(9) eap_peap: FR_TLS_OK<br>(9) eap_peap: Session established. Decoding tunneled attributes<br>(9) eap_peap: PEAP state phase2<br>(9) eap_peap: EAP type MSCHAPv2 (26)<br>(9) eap_peap: Got tunneled request<br>(9) eap_peap: EAP-Message = 0x027000061a03<br>(9) eap_peap: Setting User-Name to mydomain\user000<br>(9) eap_peap: Sending tunneled request to inner-tunnel<br>(9) eap_peap: EAP-Message = 0x027000061a03<br>(9) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1<br>(9) eap_peap: User-Name = 'mydomain\user000'<br>(9) eap_peap: State = 0xd948b86bd838a2af4aa0b84f98aa7925<br>(9) eap_peap: Service-Type = Framed-User<br>(9) eap_peap: Framed-IP-Address = 192.168.243.38<br>(9) eap_peap: Framed-MTU = 1500<br>(9) eap_peap: Called-Station-Id = '00-00-00-00-AA-AA'<br>(9) eap_peap: Called-Station-Id = '00-00-00-00-AA-AA'<br>(9) eap_peap: Calling-Station-Id = '00-00-00-00-BB-BB'<br>(9) eap_peap: NAS-Port-Type = Ethernet<br>(9) eap_peap: NAS-Port = 50002<br>(9) eap_peap: NAS-Port-Id = 'FastEthernet0/2'<br>(9) eap_peap: NAS-IP-Address = 172.23.242.165<br>(9) eap_peap: Event-Timestamp = 'Dec 11 2014 16:55:39 EST'<br>(9) Virtual server received request<br>(9) EAP-Message = 0x027000061a03<br>(9) FreeRADIUS-Proxied-To = 127.0.0.1<br>(9) User-Name = 'mydomain\user000'<br>(9) State = 0xd948b86bd838a2af4aa0b84f98aa7925<br>(9) Service-Type = Framed-User<br>(9) Framed-IP-Address = 192.168.243.38<br>(9) Framed-MTU = 1500<br>(9) Called-Station-Id = '00-00-00-00-AA-AA'<br>(9) Called-Station-Id = '00-00-00-00-AA-AA'<br>(9) Calling-Station-Id = '00-00-00-00-BB-BB'<br>(9) NAS-Port-Type = Ethernet<br>(9) NAS-Port = 50002<br>(9) NAS-Port-Id = 'FastEthernet0/2'<br>(9) NAS-IP-Address = 172.23.242.165<br>(9) Event-Timestamp = 'Dec 11 2014 16:55:39 EST'<br>(9) server inner-tunnel {<br>(9) session-state: No cached attributes<br>(9) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel<br>(9) authorize {<br>(9) ntdomain: Checking for prefix before "\"<br>(9) ntdomain: Looking up realm "mydomain" for User-Name = "mydomain\user000"<br>(9) ntdomain: Found realm "mydomain"<br>(9) ntdomain: Adding Realm = "mydomain"<br>(9) ntdomain: Proxying request from user mydomain\user000 to realm mydomain<br>(9) ntdomain: Preparing to proxy authentication request to realm "mydomain" <br>(9) [ntdomain] = updated<br>(9) suffix: Request already has destination realm set. Ignoring<br>(9) [suffix] = noop<br>(9) eap: Request is supposed to be proxied to Realm mydomain. Not doing EAP.<br>(9) [eap] = noop<br>(9) [expiration] = noop<br>(9) [logintime] = noop<br>(9) [pap] = noop<br>(9) } # authorize = updated<br>(9) } # server inner-tunnel<br>(9) Virtual server sending reply<br>(9) eap_peap: Got tunneled reply code 0<br>(9) eap_peap: Calling authenticate in order to initiate tunneled EAP session<br>(9) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel<br>(9) authenticate {<br>(9) eap: Expiring EAP session with state 0xd948b86bd838a2af<br>(9) eap: Finished EAP session with state 0xd948b86bd838a2af<br>(9) eap: Previous EAP request found for state 0xd948b86bd838a2af, released from the list<br>(9) eap: Peer sent method MSCHAPv2 (26)<br>(9) eap: EAP MSCHAPv2 (26)<br>(9) eap: Calling eap_mschapv2 to process EAP data<br>(9) eap: Freeing handler<br>(9) [eap] = ok<br>(9) } # authenticate = ok<br>(9) eap_peap: Got tunneled reply RADIUS code 2<br>(9) eap_peap: MS-MPPE-Send-Key = 0xf2de36fbd643948f1f803fc4e177494f<br>(9) eap_peap: MS-MPPE-Recv-Key = 0xc91f6a04dccbaf84f7c206510152cae5<br>(9) eap_peap: Proxy-State = 0x3239<br>(9) eap_peap: Framed-Protocol = PPP<br>(9) eap_peap: Service-Type = Framed-User<br>(9) eap_peap: Class = 0x3fc704f900000137000102000a02016700000000000000000000000001d006be3dc74c5b000000000004f90c<br>(9) eap_peap: MS-CHAP-Domain = 'oMYDOMAIN'<br>(9) eap_peap: MS-Link-Utilization-Threshold = 50<br>(9) eap_peap: MS-Link-Drop-Time-Limit = 120<br>(9) eap_peap: User-Name += 'mydomain\user000'<br>(9) eap_peap: EAP-Message = 0x03700004<br>(9) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000<br>(9) eap_peap: Tunneled authentication was successful<br>(9) eap_peap: SUCCESS<br>(9) eap: EAP session adding &reply:State = 0x2196d8c928e7c10e<br>(9) [eap] = handled<br>(9) } # authenticate = handled<br>(9) Sent Access-Challenge Id 30 from <a href="http://192.168.244.230:1812" target="_blank">192.168.244.230:1812</a> to <a href="http://172.23.242.165:1645" target="_blank">172.23.242.165:1645</a> length 101<br>(9) EAP-Message = 0x017192.168b190017030192.1680c6fab14adc6c0ced5f0317c798fa57aff8a040ecf4384af7e1490a42279ff4f7<br>(9) Message-Authenticator = 0x00000000000000000000000000000000<br>(9) State = 0x2196d8c928e7c10ed58b5f9872208c8c<br>(9) Finished request<br>Waking up in 0.3 seconds.<br>(10) Received Access-Request Id 31 from <a href="http://172.23.242.165:1645" target="_blank">172.23.242.165:1645</a> to <a href="http://192.168.244.230:1812" target="_blank">192.168.244.230:1812</a> length 260<br>(10) User-Name = 'anon1337'<br>(10) Service-Type = Framed-User<br>(10) Framed-IP-Address = 192.168.243.38<br>(10) Framed-MTU = 1500<br>(10) Called-Station-Id = '00-00-00-00-AA-AA'<br>(10) Calling-Station-Id = '00-00-00-00-BB-BB'<br>(10) EAP-Message = 0x02710050190017030192.1680247750954f15ab3e1370c5f04879ba432f948b0645cc5fc91dc71a56f3a9023a17030192.168073c995b596d5ba2ad25adc110c3ab7125de7738c7273a6e7533fb295d897bc9b<br>(10) Message-Authenticator = 0xabddfb24ce3d43a042ea662e5ac514ef<br>(10) NAS-Port-Type = Ethernet<br>(10) NAS-Port = 50002<br>(10) NAS-Port-Id = 'FastEthernet0/2'<br>(10) Called-Station-Id = '00-00-00-00-AA-AA'<br></div></div>(10) State = 0x2196d8c928e7c10ed58b5f9872208c8c<br>(10) NAS-IP-Address = 172.23.242.165<br>(10) session-state: No cached attributes<br>(10) # Executing section authorize from file /etc/raddb/sites-enabled/default<br>(10) authorize {<br>(10) policy filter_username {<br>(10) if (!&User-Name) {<br>(10) if (!&User-Name) -> FALSE<br>(10) if (&User-Name =~ / /) {<br>(10) if (&User-Name =~ / /) -> FALSE<br>(10) if (&User-Name =~ /@.*@/ ) {<br>(10) if (&User-Name =~ /@.*@/ ) -> FALSE<br>(10) if (&User-Name =~ /\.\./ ) {<br>(10) if (&User-Name =~ /\.\./ ) -> FALSE<br>(10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {<br>(10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE<br>(10) if (&User-Name =~ /\.$/) {<br>(10) if (&User-Name =~ /\.$/) -> FALSE<br>(10) if (&User-Name =~ /@\./) {<br>(10) if (&User-Name =~ /@\./) -> FALSE<br>(10) } # policy filter_username = notfound<br>(10) [preprocess] = ok<br>(10) ntdomain: Checking for prefix before "\"<br>(10) ntdomain: No '\' in User-Name = "anon1337", looking up realm NULL<br>(10) ntdomain: No such realm "NULL"<br>(10) [ntdomain] = noop<br>(10) suffix: Checking for suffix after "@"<br>(10) suffix: No '@' in User-Name = "anon1337", looking up realm NULL<br>(10) suffix: No such realm "NULL"<br>(10) [suffix] = noop<br>(10) eap: Peer sent code Response (2) ID 113 length 80<br>(10) eap: Continuing tunnel setup<br>(10) [eap] = ok<br>(10) } # authorize = ok<br>(10) Found Auth-Type = EAP<br>(10) # Executing group from file /etc/raddb/sites-enabled/default<br>(10) authenticate {<br>(10) eap: Expiring EAP session with state 0x2196d8c928e7c10e<br>(10) eap: Finished EAP session with state 0x2196d8c928e7c10e<br>(10) eap: Previous EAP request found for state 0x2196d8c928e7c10e, released from the list<br>(10) eap: Peer sent method PEAP (25)<br>(10) eap: EAP PEAP (25)<br>(10) eap: Calling eap_peap to process EAP data<br>(10) eap_peap: processing EAP-TLS<br>(10) eap_peap: eaptls_verify returned 7 <br>(10) eap_peap: Done initial handshake<br>(10) eap_peap: eaptls_process returned 7 <br>(10) eap_peap: FR_TLS_OK<br>(10) eap_peap: Session established. Decoding tunneled attributes<br>(10) eap_peap: PEAP state send tlv success<br>(10) eap_peap: Received EAP-TLV response<br>(10) eap_peap: Success<br>(10) eap_peap: No information to cache: session caching will be disabled for session 092599a5df0926e3e9440ae53c451e4b253e8e1516b2447e289ce1b5904239c5<br> SSL: Removing session 092599a5df0926e3e9440ae53c451e4b253e8e1516b2447e289ce1b5904239c5 from the cache<br>(10) eap: Freeing handler<br>(10) [eap] = ok<br>(10) } # authenticate = ok<br>(10) # Executing section post-auth from file /etc/raddb/sites-enabled/default<br>(10) post-auth {<br>(10) update {<br>(10) No attributes updated<br>(10) } # update = noop<br>(10) [exec] = noop<br>(10) policy remove_reply_message_if_eap {<br>(10) if (&reply:EAP-Message && &reply:Reply-Message) {<br>(10) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE<br>(10) else {<br>(10) [noop] = noop<br>(10) } # else = noop<br>(10) } # policy remove_reply_message_if_eap = noop<br>(10) } # post-auth = noop<br>(10) Sent Access-Accept Id 31 from <a href="http://192.168.244.230:1812" target="_blank">192.168.244.230:1812</a> to <a href="http://172.23.242.165:1645" target="_blank">172.23.242.165:1645</a> length 170<br>(10) MS-MPPE-Recv-Key = 0xb5c9941fdf7d63b2f617b2faafb5552e075691a9b617df1da24c2cd77e86cbaa<br>(10) MS-MPPE-Send-Key = 0xdd5153f339ed2bc1e6c3fd7b68b36d9070688f4700dda0170c2086fc24f99e8a<br>(10) EAP-Message = 0x03710004<br>(10) Message-Authenticator = 0x00000000000000000000000000000000<br>(10) User-Name = 'anon1337'<br>(10) Finished request<span class=""><br>Waking up in 0.3 seconds.<br></span>Waking up in 2.7 seconds.<br>(11) Received Accounting-Request Id 186 from <a href="http://172.23.242.165:1646" target="_blank">172.23.242.165:1646</a> to <a href="http://192.168.244.230:1813" target="_blank">192.168.244.230:1813</a> length 173<br>(11) Acct-Session-Id = '00018AE4'<br>(11) Calling-Station-Id = '00-00-00-00-BB-BB'<br>(11) Framed-IP-Address = 192.168.243.38<br>(11) User-Name = 'anon1337'<br>(11) Acct-Session-Time = 6124<br>(11) Acct-Input-Octets = 572933<br>(11) Acct-Output-Octets = 1640076<br>(11) Acct-Input-Packets = 4773<br>(11) Acct-Output-Packets = 16442<br>(11) Acct-Authentic = RADIUS<br>(11) Acct-Status-Type = Interim-Update<br>(11) NAS-Port-Type = Ethernet<br>(11) NAS-Port = 50002<br>(11) NAS-Port-Id = 'FastEthernet0/2'<br>(11) Called-Station-Id = '00-00-00-00-AA-AA'<br>(11) Service-Type = Framed-User<br>(11) NAS-IP-Address = 172.23.242.165<br>(11) Acct-Delay-Time = 0<br>(11) # Executing section preacct from file /etc/raddb/sites-enabled/default<br>(11) preacct {<br>(11) [preprocess] = ok<br>(11) policy acct_unique {<br>(11) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) {<br>(11) EXPAND %{string:Class}<br>(11) --> <br>(11) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) -> FALSE<br>(11) else {<br>(11) Acct-Session-Id = '00018AE4'<br>(11) Calling-Station-Id = '00-00-00-00-BB-BB'<br>(11) Framed-IP-Address = 192.168.243.38<br>(11) User-Name = 'anon1337'<br>(11) Acct-Session-Time = 6124<br>(11) Acct-Input-Octets = 572933<br>(11) Acct-Output-Octets = 1640076<br>(11) Acct-Input-Packets = 4773<br>(11) Acct-Output-Packets = 16442<br>(11) Acct-Authentic = RADIUS<br>(11) Acct-Status-Type = Interim-Update<br>(11) NAS-Port-Type = Ethernet<br>(11) NAS-Port = 50002<br>(11) NAS-Port-Id = 'FastEthernet0/2'<br>(11) Called-Station-Id = '00-00-00-00-AA-AA'<br>(11) Service-Type = Framed-User<br>(11) NAS-IP-Address = 172.23.242.165<br>(11) Acct-Delay-Time = 0<br>(11) # Executing section preacct from file /etc/raddb/sites-enabled/default<br>(11) preacct {<br>(11) [preprocess] = ok<br>(11) policy acct_unique {<br>(11) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) {<br>(11) EXPAND %{string:Class}<br>(11) --> <br>(11) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) -> FALSE<br>(11) else {<br>(11) update request {<br>(11) EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}<br>(11) --> 38f99589b6e9b39e24fcf277e9459a58<br>(11) &Acct-Unique-Session-Id := "38f99589b6e9b39e24fcf277e9459a58"<br>(11) } # update request = noop<br>(11) } # else = noop<br>(11) } # policy acct_unique = noop<br>(11) suffix: Checking for suffix after "@"<br>(11) suffix: No '@' in User-Name = "anon1337", looking up realm NULL<br>(11) suffix: No such realm "NULL"<br>(11) [suffix] = noop<br>(11) [files] = noop<br>(11) } # preacct = ok<br>(11) # Executing section accounting from file /etc/raddb/sites-enabled/default<br>(11) accounting {<br>(11) detail: EXPAND /var/log/radiusd/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d<br>(11) detail: --> /var/log/radiusd/radacct/<a href="http://172.23.242.165/detail-20141211" target="_blank">172.23.242.165/detail-20141211</a><br>(11) detail: /var/log/radiusd/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/radiusd/radacct/<a href="http://172.23.242.165/detail-20141211" target="_blank">172.23.242.165/detail-20141211</a><br>(11) detail: EXPAND %t<br>(11) detail: --> Thu Dec 11 16:55:40 2014<br>(11) [detail] = ok<br>(11) [unix] = noop<br>(11) [exec] = noop<br>(11) attr_filter.accounting_response: EXPAND %{User-Name}<br>(11) attr_filter.accounting_response: --> anon1337<br>(11) attr_filter.accounting_response: Matched entry DEFAULT at line 12<br>(11) [attr_filter.accounting_response] = updated<br>(11) } # accounting = updated<br>(11) Sent Accounting-Response Id 186 from <a href="http://192.168.244.230:1813" target="_blank">192.168.244.230:1813</a> to <a href="http://172.23.242.165:1646" target="_blank">172.23.242.165:1646</a> length 20<br>(11) Finished request<br></div></div>
</div></div>
</div><br></div>