<div dir="ltr">> No.<br>> You have to look at the rest of the debug output to see what’s going on.<br>
> The update blocks don’t return any code. They just pass through the code which was there before the update block was run.<div class="gmail_extra"><br></div><div class="gmail_extra">Okay, that makes sense. <br><br>Quick overview of what I think/see is happening. I'm sure it's wrong so please correct me.<br><br></div><div class="gmail_extra">Packet 8 comes in. Post-Proxy is run and the update to outer.session-state happens. Access-Challenge is sent and the state is cached.<br>Packet 9 comes in. It's an Access-Request packet which triggers the previously cached information to be retrieved. This packet only gets to the authenticate section before a new Access-Challenge is sent causing the current state to be cached.<br></div><div class="gmail_extra">Packet 10 comes in. It's an Access-Request which retrieves the previous state information. Post-Auth in sites-enabled/default is ran which executes update for &reply: += &session-state:. This results in a No attributes updated because the previous state didn't have any.<br><br>(8) Received Access-Request Id 70 from <a href="http://172.23.242.165:1645">172.23.242.165:1645</a> to <a href="http://192.168.244.230:1812">192.168.244.230:1812</a> length 324<br>(8) User-Name = 'anon1337'<br>(8) Service-Type = Framed-User<br>(8) Framed-IP-Address = 192.168.243.38<br>(8) Framed-MTU = 1500<br>(8) Called-Station-Id = '00-00-00-00-AA-AA'<br>(8) Calling-Station-Id = '00-00-00-00-BB-BB'<br>(8) EAP-Message = 0x02850090190017030100202521e17eceb019efb0902fa8d72d8a2ab02ee389663711a72de20381703010060063a3571bfc98199485cf8b5551527d58e1b7a9a751e7038a60a127be872aeae13bd67e7a165c1c52406b3ee64c85566d8e621cbfb38969e243d9e34bae87fb1f5b<br>(8) Message-Authenticator = 0xe39116b3135152d0ee52e3258<br>(8) NAS-Port-Type = Ethernet<br>(8) NAS-Port = 50002<br>(8) NAS-Port-Id = 'FastEthernet0/2'<br>(8) Called-Station-Id = '00-00-00-00-AA-AA'<br>(8) State = 0x0fd7c6d30852dfc3c063e5767e205a4d<br>(8) NAS-IP-Address = 172.23.242.165<br>(8) session-state: No cached attributes<br>(8) # Executing section authorize from file /etc/raddb/sites-enabled/default<br>(8) authorize {<br>(8) ntdomain: Checking for prefix before "\"<br>(8) ntdomain: No '\' in User-Name = "anon1337", looking up realm NULL<br>(8) ntdomain: No such realm "NULL"<br>(8) [ntdomain] = noop<br>(8) suffix: Checking for suffix after "@"<br>(8) suffix: No '@' in User-Name = "anon1337", looking up realm NULL<br>(8) suffix: No such realm "NULL"<br>(8) [suffix] = noop<br>(8) eap: Peer sent code Response (2) ID 133 length 144<br>(8) eap: Continuing tunnel setup<br>(8) [eap] = ok<br>(8) } # authorize = ok<br>(8) Found Auth-Type = EAP<br>(8) # Executing group from file /etc/raddb/sites-enabled/default<br>(8) authenticate {<br>(8) eap: Expiring EAP session with state 0xd3877aa8d3026065<br>(8) eap: Finished EAP session with state 0x0fd7c6d30852dfc3<br>(8) eap: Previous EAP request found for state 0x0fd7c6d30852dfc3, released from the list<br>(8) eap: Peer sent method PEAP (25)<br>(8) eap: EAP PEAP (25)<br>(8) eap: Calling eap_peap to process EAP data<br>(8) eap_peap: processing EAP-TLS<br>(8) eap_peap: eaptls_verify returned 7 <br>(8) eap_peap: Done initial handshake<br>(8) eap_peap: eaptls_process returned 7 <br>(8) eap_peap: FR_TLS_OK<br>(8) eap_peap: Session established. Decoding tunneled attributes<br>(8) eap_peap: PEAP state phase2<br>(8) eap_peap: EAP type MSCHAPv2 (26)<br>(8) eap_peap: Got tunneled request<br>(8) eap_peap: EAP-Message = 0x028500481a02850043312e31704e23166e02ecec68b8b34d2e400000000000000000ed732d4aae8a94fa2b2afbfdd05b5c78e9dc7b3b9dbb99b400676c6f6<br>(8) eap_peap: Setting User-Name to mydomain\user000<br>(8) eap_peap: Sending tunneled request to inner-tunnel<br>(8) eap_peap: EAP-Message = 0x028500481a02850043312e31704e23166e02ecec68b8b34d2e400000000000000000ed732d4aae8a94fa2b2afbfdd05b5c78e9dc7b3b9dbb99b400676c6f6<br>(8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1<br>(8) eap_peap: User-Name = 'mydomain\user000'<br>(8) eap_peap: State = 0xd3877aa8d30260658703aed2f073d630<br>(8) eap_peap: Service-Type = Framed-User<br>(8) eap_peap: Framed-IP-Address = 192.168.243.38<br>(8) eap_peap: Framed-MTU = 1500<br>(8) eap_peap: Called-Station-Id = '00-00-00-00-AA-AA'<br>(8) eap_peap: Called-Station-Id = '00-00-00-00-AA-AA'<br>(8) eap_peap: Calling-Station-Id = '00-00-00-00-BB-BB'<br>(8) eap_peap: NAS-Port-Type = Ethernet<br>(8) eap_peap: NAS-Port = 50002<br>(8) eap_peap: NAS-Port-Id = 'FastEthernet0/2'<br>(8) eap_peap: NAS-IP-Address = 172.23.242.165<br>(8) eap_peap: Event-Timestamp = 'Dec 12 2014 11:27:58 EST'<br>(8) Virtual server received request<br>(8) EAP-Message = 0x028500481a02850043312e31704e23166e02ecec68b8b34d2e400000000000000000ed732d4aae8a94fa2b2afbfdd05b5c78e9dc7b3b9dbb99b400<br>(8) FreeRADIUS-Proxied-To = 127.0.0.1<br>(8) User-Name = 'mydomain\user000'<br>(8) State = 0xd3877aa8d30260658703aed2f073d630<br>(8) Service-Type = Framed-User<br>(8) Framed-IP-Address = 192.168.243.38<br>(8) Framed-MTU = 1500<br>(8) Called-Station-Id = '00-00-00-00-AA-AA'<br>(8) Called-Station-Id = '00-00-00-00-AA-AA'<br>(8) Calling-Station-Id = '00-00-00-00-BB-BB'<br>(8) NAS-Port-Type = Ethernet<br>(8) NAS-Port = 50002<br>(8) NAS-Port-Id = 'FastEthernet0/2'<br>(8) NAS-IP-Address = 172.23.242.165<br>(8) Event-Timestamp = 'Dec 12 2014 11:27:58 EST'<br>(8) server inner-tunnel {<br>(8) session-state: No cached attributes<br>(8) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel<br>(8) authorize {<br>(8) ntdomain: Checking for prefix before "\"<br>(8) ntdomain: Looking up realm "mydomain" for User-Name = "mydomain\user000"<br>(8) ntdomain: Found realm "mydomain"<br>(8) ntdomain: Adding Realm = "mydomain"<br>(8) ntdomain: Proxying request from user mydomain\user000 to realm mydomain<br>(8) ntdomain: Preparing to proxy authentication request to realm "mydomain" <br>(8) [ntdomain] = updated<br>(8) suffix: Request already has destination realm set. Ignoring<br>(8) [suffix] = noop<br>(8) eap: Request is supposed to be proxied to Realm mydomain. Not doing EAP.<br>(8) [eap] = noop<br>(8) [expiration] = noop<br>(8) [logintime] = noop<br>(8) [pap] = noop<br>(8) } # authorize = updated<br>(8) } # server inner-tunnel<br>(8) Virtual server sending reply<br>(8) eap_peap: Got tunneled reply code 0<br>(8) eap_peap: Calling authenticate in order to initiate tunneled EAP session<br>(8) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel<br>(8) authenticate {<br>(8) eap: Expiring EAP session with state 0xd3877aa8d3026065<br>(8) eap: Finished EAP session with state 0xd3877aa8d3026065<br>(8) eap: Previous EAP request found for state 0xd3877aa8d3026065, released from the list<br>(8) eap: Peer sent method MSCHAPv2 (26)<br>(8) eap: EAP MSCHAPv2 (26)<br>(8) eap: Calling eap_mschapv2 to process EAP data<br>(8) eap_mschapv2: cancelling authentication and letting it be proxied<br>(8) eap: No EAP proxy set. Not composing EAP<br>(8) [eap] = handled<br>(8) } # authenticate = handled<br>(8) eap_peap: Tunnelled authentication will be proxied to mydomain<br>(8) eap_peap: Remembering to do EAP-MS-CHAP-V2 post-proxy<br>(8) eap: Tunneled session will be proxied. Not doing EAP<br>(8) [eap] = handled<br>(8) } # authenticate = handled<br>Opening new proxy socket 'proxy address * port 0'<br>Listening on proxy address * port 57020<br>(8) Proxying request to home server 192.168.1.103 port 1812 timeout 30.000000<br>(8) Sent Access-Request Id 247 from <a href="http://0.0.0.0:57020">0.0.0.0:57020</a> to <a href="http://192.168.1.103:1812">192.168.1.103:1812</a> length 255<br>(8) User-Name = 'mydomain\user000'<br>(8) Service-Type = Framed-User<br>(8) Framed-IP-Address = 192.168.243.38<br>(8) Framed-MTU = 1500<br>(8) Called-Station-Id = '00-00-00-00-AA-AA'<br>(8) Called-Station-Id = '00-00-00-00-AA-AA'<br>(8) Calling-Station-Id = '00-00-00-00-BB-BB'<br>(8) NAS-Port-Type = Ethernet<br>(8) NAS-Port = 50002<br>(8) NAS-Port-Id = 'FastEthernet0/2'<br>(8) NAS-IP-Address = 172.23.242.165<br>(8) Event-Timestamp = 'Dec 12 2014 11:27:58 EST'<br>(8) MS-CHAP-Challenge = 0xc3ecc897daed3f010d860fe7ae1331c3<br>(8) MS-CHAP2-Response = 0x856c2e31704e23166e02ecec68b8b34d2e400000000000000000ed732d4aae8a94fa2b2afbfdd05b5c78e9dc7b3b9dbb99b4<br>(8) Message-Authenticator := 0x00<br>(8) Proxy-State = 0x3730<br>(8) Received Access-Accept Id 247 from <a href="http://192.168.1.103:1812">192.168.1.103:1812</a> to <a href="http://192.168.244.230:57020">192.168.244.230:57020</a> length 256<br>(8) Proxy-State = 0x3730<br>(8) Framed-Protocol = PPP<br>(8) Service-Type = Framed-User<br>(8) Class = 0x3e5d044100000137000102000a02016700000000000000000000000001d006be3dc74c5b0000000000054507<br>(8) MS-MPPE-Recv-Key = 0x6f6da555aa52c08a69f1d40ab379f27d<br>(8) MS-MPPE-Send-Key = 0xd848d864c43408713a143c15f3c9344c<br>(8) MS-CHAP2-Success = 0x85533d43323141433136344334303733393138383343353235354643414645363330314630384133343839<br>(8) MS-CHAP-Domain = '\205MYDOMAIN'<br>(8) MS-Link-Utilization-Threshold = 50<br>(8) MS-Link-Drop-Time-Limit = 120<br>(8) # Executing section post-proxy from file /etc/raddb/sites-enabled/default<br>(8) post-proxy {<br>(8) eap: Doing post-proxy callback<br>(8) eap: Passing reply from proxy back into the tunnel<br>server inner-tunnel {<br>(8) eap: Passing reply back for EAP-MS-CHAP-V2<br>(8) # Executing section post-proxy from file /etc/raddb/sites-enabled/inner-tunnel<br>(8) post-proxy {<br>(8) update {<br>(8) &outer.session-state:Proxy-State += &reply:Proxy-State -> 0x3730<br>(8) &outer.session-state:Framed-Protocol += &reply:Framed-Protocol -> PPP<br>(8) &outer.session-state:Service-Type += &reply:Service-Type -> Framed-User<br>(8) &outer.session-state:Class += &reply:Class -> 0x3e5d044100000137000102000a02016700000000000000000000000001d006be3dc<br>(8) &outer.session-state:MS-MPPE-Recv-Key += &reply:MS-MPPE-Recv-Key -> 0x6f6da555aa52c08a69<br>(8) &outer.session-state:MS-MPPE-Send-Key += &reply:MS-MPPE-Send-Key -> 0xd848d864c4340871<br>(8) &outer.session-state:MS-CHAP2-Success += &reply:MS-CHAP2-Success -> 0x85533d433231414331363443343037333931383833433532353546434146453<br>(8) &outer.session-state:MS-CHAP-Domain += &reply:MS-CHAP-Domain -> '\205MYDOMAIN'<br>(8) &outer.session-state:MS-Link-Utilization-Threshold += &reply:MS-Link-Utilization-Threshold -> 50<br>(8) &outer.session-state:MS-Link-Drop-Time-Limit += &reply:MS-Link-Drop-Time-Limit -> 120<br>(8) } # update = noop<br>(8) eap: Doing post-proxy callback<br>(8) eap: Passing reply from proxy back into the tunnel 2.<br>(8) eap: Proxied authentication succeeded<br>MSCHAP Success <br>(8) eap: EAP session adding &reply:State = 0xd3877aa8d2016065<br>(8) [eap] = ok<br>(8) } # post-proxy = ok<br>} # server inner-tunnel<br>(8) eap: Final reply from tunneled session code 11<br>(8) eap: Proxy-State = 0x3730<br>(8) eap: Framed-Protocol = PPP<br>(8) eap: Service-Type = Framed-User<br>(8) eap: Class = 0x3e5d044100000137000102000a02016700000000000000000000000001d006be3dc74c5b<br>(8) eap: MS-CHAP-Domain = '\205MYDOMAIN'<br>(8) eap: MS-Link-Utilization-Threshold = 50<br>(8) eap: MS-Link-Drop-Time-Limit = 120<br>(8) eap: EAP-Message = 0x018600331a0385002e533d4332314143313634433430373339313838334335323535464341464536333<br>(8) eap: Message-Authenticator = 0x00000000000000000000000000000000<br>(8) eap: State = 0xd3877aa8d20160658703aed2f073d630<br>(8) eap: Got reply 11<br>(8) eap: Got tunneled reply RADIUS code 11<br>(8) eap: Proxy-State = 0x3730<br>(8) eap: Framed-Protocol = PPP<br>(8) eap: Service-Type = Framed-User<br>(8) eap: Class = 0x3e5d044100000137000102000a02016700000000000000000000000001d006be3dc74c5b<br>(8) eap: MS-CHAP-Domain = '\205MYDOMAIN'<br>(8) eap: MS-Link-Utilization-Threshold = 50<br>(8) eap: MS-Link-Drop-Time-Limit = 120<br>(8) eap: EAP-Message = 0x018600331a0385002e533d4332314143313634433430373339313838334335323535464341464536<br>(8) eap: Message-Authenticator = 0x00000000000000000000000000000000<br>(8) eap: State = 0xd3877aa8d20160658703aed2f073d630<br>(8) eap: Got tunneled Access-Challenge<br>(8) eap: Reply was handled<br>(8) eap: EAP session adding &reply:State = 0x0fd7c6d30751dfc3<br>(8) [eap] = ok<br>(8) } # post-proxy = ok<br>(8) Sent Access-Challenge Id 70 from <a href="http://192.168.244.230:1812">192.168.244.230:1812</a> to <a href="http://172.23.242.165:1645">172.23.242.165:1645</a> length 149<br>(8) EAP-Message = 0x0186005b19001703010050d842dac4be474e61feb49b428f0dc15cb5b2dea5ae2a1d770b9905700a90190eb47cb97044cfadb837fc0e4cccfa20ac359de5e222fed03aa7a55e7e283d600dbe28cd55d6d9cde6cc552d7a571665b4<br>(8) Message-Authenticator = 0x00000000000000000000000000000000<br>(8) State = 0x0fd7c6d30751dfc3c063e5767e205a4d<br>(8) Finished request<br>Waking up in 0.2 seconds.<br>Waking up in 3.3 seconds.<br>(9) Received Access-Request Id 71 from <a href="http://172.23.242.165:1645">172.23.242.165:1645</a> to <a href="http://192.168.244.230:1812">192.168.244.230:1812</a> length 260<br>(9) User-Name = 'anon1337'<br>(9) Service-Type = Framed-User<br>(9) Framed-IP-Address = 192.168.243.38<br>(9) Framed-MTU = 1500<br>(9) Called-Station-Id = '00-00-00-00-AA-AA'<br>(9) Calling-Station-Id = '00-00-00-00-BB-BB'<br>(9) EAP-Message = 0x0286005019001703010020942518f712e6644f26f85fbfe31548d38134a0beeddd00eda1355955a6524eba17030100201e10596c0804a765b2a43e3d627d6c0c87a8d524dd6e100d373d45e0a172046f<br>(9) Message-Authenticator = 0x5cf80e7b5e5a27c09ad086ac15db2aac<br>(9) NAS-Port-Type = Ethernet<br>(9) NAS-Port = 50002<br>(9) NAS-Port-Id = 'FastEthernet0/2'<br>(9) Called-Station-Id = '00-00-00-00-AA-AA'<br>(9) State = 0x0fd7c6d30751dfc3c063e5767e205a4d<br>(9) NAS-IP-Address = 172.23.242.165<br>(9) session-state: No cached attributes<br>(9) # Executing section authorize from file /etc/raddb/sites-enabled/default<br>(9) authorize {<br>(9) [preprocess] = ok<br>(9) ntdomain: Checking for prefix before "\"<br>(9) ntdomain: No '\' in User-Name = "anon1337", looking up realm NULL<br>(9) ntdomain: No such realm "NULL"<br>(9) [ntdomain] = noop<br>(9) suffix: Checking for suffix after "@"<br>(9) suffix: No '@' in User-Name = "anon1337", looking up realm NULL<br>(9) suffix: No such realm "NULL"<br>(9) [suffix] = noop<br>(9) eap: Peer sent code Response (2) ID 134 length 80<br>(9) eap: Continuing tunnel setup<br>(9) [eap] = ok<br>(9) } # authorize = ok<br>(9) Found Auth-Type = EAP<br>(9) # Executing group from file /etc/raddb/sites-enabled/default<br>(9) authenticate {<br>(9) eap: Expiring EAP session with state 0xd3877aa8d2016065<br>(9) eap: Finished EAP session with state 0x0fd7c6d30751dfc3<br>(9) eap: Previous EAP request found for state 0x0fd7c6d30751dfc3, released from the list<br>(9) eap: Peer sent method PEAP (25)<br>(9) eap: EAP PEAP (25)<br>(9) eap: Calling eap_peap to process EAP data<br>(9) eap_peap: processing EAP-TLS<br>(9) eap_peap: eaptls_verify returned 7 <br>(9) eap_peap: Done initial handshake<br>(9) eap_peap: eaptls_process returned 7 <br>(9) eap_peap: FR_TLS_OK<br>(9) eap_peap: Session established. Decoding tunneled attributes<br>(9) eap_peap: PEAP state phase2<br>(9) eap_peap: EAP type MSCHAPv2 (26)<br>(9) eap_peap: Got tunneled request<br>(9) eap_peap: EAP-Message = 0x028600061a03<br>(9) eap_peap: Setting User-Name to mydomain\user000<br>(9) eap_peap: Sending tunneled request to inner-tunnel<br>(9) eap_peap: EAP-Message = 0x028600061a03<br>(9) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1<br>(9) eap_peap: User-Name = 'mydomain\user000'<br>(9) eap_peap: State = 0xd3877aa8d20160658703aed2f073d630<br>(9) eap_peap: Service-Type = Framed-User<br>(9) eap_peap: Framed-IP-Address = 192.168.243.38<br>(9) eap_peap: Framed-MTU = 1500<br>(9) eap_peap: Called-Station-Id = '00-00-00-00-AA-AA'<br>(9) eap_peap: Called-Station-Id = '00-00-00-00-AA-AA'<br>(9) eap_peap: Calling-Station-Id = '00-00-00-00-BB-BB'<br>(9) eap_peap: NAS-Port-Type = Ethernet<br>(9) eap_peap: NAS-Port = 50002<br>(9) eap_peap: NAS-Port-Id = 'FastEthernet0/2'<br>(9) eap_peap: NAS-IP-Address = 172.23.242.165<br>(9) eap_peap: Event-Timestamp = 'Dec 12 2014 11:27:59 EST'<br>(9) Virtual server received request<br>(9) EAP-Message = 0x028600061a03<br>(9) FreeRADIUS-Proxied-To = 127.0.0.1<br>(9) User-Name = 'mydomain\user000'<br>(9) State = 0xd3877aa8d20160658703aed2f073d630<br>(9) Service-Type = Framed-User<br>(9) Framed-IP-Address = 192.168.243.38<br>(9) Framed-MTU = 1500<br>(9) Called-Station-Id = '00-00-00-00-AA-AA'<br>(9) Called-Station-Id = '00-00-00-00-AA-AA'<br>(9) Calling-Station-Id = '00-00-00-00-BB-BB'<br>(9) NAS-Port-Type = Ethernet<br>(9) NAS-Port = 50002<br>(9) NAS-Port-Id = 'FastEthernet0/2'<br>(9) NAS-IP-Address = 172.23.242.165<br>(9) Event-Timestamp = 'Dec 12 2014 11:27:59 EST'<br>(9) server inner-tunnel {<br>(9) session-state: No cached attributes<br>(9) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel<br>(9) authorize {<br>(9) ntdomain: Checking for prefix before "\"<br>(9) ntdomain: Looking up realm "mydomain" for User-Name = "mydomain\user000"<br>(9) ntdomain: Found realm "mydomain"<br>(9) ntdomain: Adding Realm = "mydomain"<br>(9) ntdomain: Proxying request from user mydomain\user000 to realm mydomain<br>(9) ntdomain: Preparing to proxy authentication request to realm "mydomain" <br>(9) [ntdomain] = updated<br>(9) suffix: Request already has destination realm set. Ignoring<br>(9) [suffix] = noop<br>(9) eap: Request is supposed to be proxied to Realm mydomain. Not doing EAP.<br>(9) [eap] = noop<br>(9) [expiration] = noop<br>(9) [logintime] = noop<br>(9) [pap] = noop<br>(9) } # authorize = updated<br>(9) } # server inner-tunnel<br>(9) Virtual server sending reply<br>(9) eap_peap: Got tunneled reply code 0<br>(9) eap_peap: Calling authenticate in order to initiate tunneled EAP session<br>(9) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel<br>(9) authenticate {<br>(9) eap: Expiring EAP session with state 0xd3877aa8d2016065<br>(9) eap: Finished EAP session with state 0xd3877aa8d2016065<br>(9) eap: Previous EAP request found for state 0xd3877aa8d2016065, released from the list<br>(9) eap: Peer sent method MSCHAPv2 (26)<br>(9) eap: EAP MSCHAPv2 (26)<br>(9) eap: Calling eap_mschapv2 to process EAP data<br>(9) eap: Freeing handler<br>(9) [eap] = ok<br>(9) } # authenticate = ok<br>(9) eap_peap: Got tunneled reply RADIUS code 2<br>(9) eap_peap: MS-MPPE-Send-Key = 0xd848d864c43408713a143c15f3c9344c<br>(9) eap_peap: MS-MPPE-Recv-Key = 0x6f6da555aa52c08a69f1d40ab379f27d<br>(9) eap_peap: Proxy-State = 0x3730<br>(9) eap_peap: Framed-Protocol = PPP<br>(9) eap_peap: Service-Type = Framed-User<br>(9) eap_peap: Class = 0x3e5d044100000137000102000a02016700000000000000000000000001d006be3dc74c<br>5b0000000000054507<br>(9) eap_peap: MS-CHAP-Domain = '\205MYDOMAIN'<br>(9) eap_peap: MS-Link-Utilization-Threshold = 50<br>(9) eap_peap: MS-Link-Drop-Time-Limit = 120<br>(9) eap_peap: EAP-Message = 0x03860004<br>(9) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000<br>(9) eap_peap: User-Name = 'mydomain\user000'<br>(9) eap_peap: Tunneled authentication was successful<br>(9) eap_peap: SUCCESS<br>(9) eap: EAP session adding &reply:State = 0x0fd7c6d30650dfc3<br>(9) [eap] = handled<br>(9) } # authenticate = handled<br>(9) Sent Access-Challenge Id 71 from <a href="http://192.168.244.230:1812">192.168.244.230:1812</a> to <a href="http://172.23.242.165:1645">172.23.242.165:1645</a> length 101<br>(9) EAP-Message = 0x0187002b19001703010020b3abef85cebb3db0803d642e026b9f7004abecc69886888bb234<br>ec4bb9f1dfbf<br>(9) Message-Authenticator = 0x00000000000000000000000000000000<br>(9) State = 0x0fd7c6d30650dfc3c063e5767e205a4d<br>(9) Finished request<br>Waking up in 0.3 seconds.<br>(10) Received Access-Request Id 72 from <a href="http://172.23.242.165:1645">172.23.242.165:1645</a> to <a href="http://192.168.244.230:1812">192.168.244.230:1812</a> length 260<br>(10) User-Name = 'anon1337'<br>(10) Service-Type = Framed-User<br>(10) Framed-IP-Address = 192.168.243.38<br>(10) Framed-MTU = 1500<br>(10) Called-Station-Id = '00-00-00-00-AA-AA'<br>(10) Calling-Station-Id = '00-00-00-00-BB-BB'<br>(10) EAP-Message = 0x028700501900170301002027b611569c3ac21656ebff7c931c6330b260d9c7685df6afe4d<br>631e191ef65641703010020277137daef7aa622436b04c068134830a1cf8c671d81b6c743bea4f440ebd25d<br>(10) Message-Authenticator = 0xcae72c0f0b1bf4edc223132d46c7f042<br>(10) NAS-Port-Type = Ethernet<br>(10) NAS-Port = 50002<br>(10) NAS-Port-Id = 'FastEthernet0/2'<br>(10) Called-Station-Id = '00-00-00-00-AA-AA'<br>(10) State = 0x0fd7c6d30650dfc3c063e5767e205a4d<br>(10) NAS-IP-Address = 172.23.242.165<br>(10) session-state: No cached attributes<br>(10) # Executing section authorize from file /etc/raddb/sites-enabled/default<br>(10) authorize {<br>(10) suffix: Checking for suffix after "@"<br>(10) suffix: No '@' in User-Name = "anon1337", looking up realm NULL<br>(10) suffix: No such realm "NULL"<br>(10) [suffix] = noop<br>(10) eap: Peer sent code Response (2) ID 135 length 80<br>(10) eap: Continuing tunnel setup<br>(10) [eap] = ok<br>(10) } # authorize = ok<br>(10) Found Auth-Type = EAP<br>(10) # Executing group from file /etc/raddb/sites-enabled/default<br>(10) authenticate {<br>(10) eap: Expiring EAP session with state 0x0fd7c6d30650dfc3<br>(10) eap: Finished EAP session with state 0x0fd7c6d30650dfc3<br>(10) eap: Previous EAP request found for state 0x0fd7c6d30650dfc3, released from the list<br>(10) eap: Peer sent method PEAP (25)<br>(10) eap: EAP PEAP (25)<br>(10) eap: Calling eap_peap to process EAP data<br>(10) eap_peap: processing EAP-TLS<br>(10) eap_peap: eaptls_verify returned 7 <br>(10) eap_peap: Done initial handshake<br>(10) eap_peap: eaptls_process returned 7 <br>(10) eap_peap: FR_TLS_OK<br>(10) eap_peap: Session established. Decoding tunneled attributes<br>(10) eap_peap: PEAP state send tlv success<br>(10) eap_peap: Received EAP-TLV response<br>(10) eap_peap: Success<br>(10) eap_peap: No information to cache: session caching will be disabled for session 7f3018ef052<br>364931aa2fc8b559a5cac5f8c7f4d7c81fa96d7848f7fa3ac77b3<br> SSL: Removing session 7f3018ef052364931aa2fc8b559a5cac5f8c7f4d7c81fa96d7848f7fa3ac77b3 from th<br>e cache<br>(10) eap: Freeing handler<br>(10) [eap] = ok<br>(10) } # authenticate = ok<br>(10) # Executing section post-auth from file /etc/raddb/sites-enabled/default<br>(10) post-auth {<br>(10) update {<br>(10) No attributes updated<br>(10) } # update = noop<br>(10) [exec] = noop<br>(10) policy remove_reply_message_if_eap {<br>(10) if (&reply:EAP-Message && &reply:Reply-Message) {<br>(10) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE<br>(10) else {<br>(10) [noop] = noop<br>(10) } # else = noop<br>(10) } # policy remove_reply_message_if_eap = noop<br>(10) } # post-auth = noop<br>(10) Sent Access-Accept Id 72 from <a href="http://192.168.244.230:1812">192.168.244.230:1812</a> to <a href="http://172.23.242.165:1645">172.23.242.165:1645</a> length 170<br>(10) MS-MPPE-Recv-Key = 0xffe49f5506d33369f1e22b38cd618e47ef03fbc24<br>(10) MS-MPPE-Send-Key = 0xefc13185a69d26a600f7da511b76ef00c6d5d6ac5<br>(10) EAP-Message = 0x03870004<br>(10) Message-Authenticator = 0x00000000000000000000000000000000<br>(10) User-Name = 'anon1337'<br>(10) Finished request<br><br></div><div class="gmail_extra"><div class="gmail_quote"></div><br></div></div>