Received Access-Request Id 245 from 192.168.45.66:32769 to 192.168.99.58:1812 length 331 User-Name = 'abc' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = 'c4-8e-8f-f8-96-33' Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' NAS-Port = 1 Cisco-AVPair = 'audit-session-id=83682d420000001656606e07' Acct-Session-Id = '56606e07/c4:8e:8f:f8:96:33/22' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 192.168.45.66 NAS-Identifier = 'WLC_TEST' Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '245' EAP-Message = 0x020a002b190017030100209d64de09cffa9f8c299495e02ce79581a9e8777300882ebc280bf9959543093a State = 0xa2a24404a5a85d7646a56139fd1d402c Message-Authenticator = 0xd11f3c6d9c700584e8dc6724a734c991 (16) Received Access-Request packet from host 192.168.45.66 port 32769, id=245, length=331 (16) User-Name = 'abc' (16) Chargeable-User-Identity = 0x00 (16) Location-Capable = Civix-Location (16) Calling-Station-Id = 'c4-8e-8f-f8-96-33' (16) Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' (16) NAS-Port = 1 (16) Cisco-AVPair = 'audit-session-id=83682d420000001656606e07' (16) Acct-Session-Id = '56606e07/c4:8e:8f:f8:96:33/22' (16) Cisco-AVPair = 'mDNS=true' (16) NAS-IP-Address = 192.168.45.66 (16) NAS-Identifier = 'WLC_TEST' (16) Airespace-Wlan-Id = 7 (16) Service-Type = Framed-User (16) Framed-MTU = 1300 (16) NAS-Port-Type = Wireless-802.11 (16) Tunnel-Type:0 = VLAN (16) Tunnel-Medium-Type:0 = IEEE-802 (16) Tunnel-Private-Group-Id:0 = '245' (16) EAP-Message = 0x020a002b190017030100209d64de09cffa9f8c299495e02ce79581a9e8777300882ebc280bf9959543093a (16) State = 0xa2a24404a5a85d7646a56139fd1d402c (16) Message-Authenticator = 0xd11f3c6d9c700584e8dc6724a734c991 (16) # Executing section authorize from file /etc/raddb/sites-enabled/default (16) authorize { (16) filter_username filter_username { (16) if (!&User-Name) (16) if (!&User-Name) -> FALSE (16) if (&User-Name =~ / /) (16) if (&User-Name =~ / /) -> FALSE (16) if (&User-Name =~ /@.*@/ ) (16) if (&User-Name =~ /@.*@/ ) -> FALSE (16) if (&User-Name =~ /\\.\\./ ) (16) if (&User-Name =~ /\\.\\./ ) -> FALSE (16) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (16) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (16) if (&User-Name =~ /\\.$/) (16) if (&User-Name =~ /\\.$/) -> FALSE (16) if (&User-Name =~ /@\\./) (16) if (&User-Name =~ /@\\./) -> FALSE (16) } # filter_username filter_username = notfound (16) [preprocess] = ok (16) [chap] = noop (16) [mschap] = noop (16) [digest] = noop (16) suffix : Checking for suffix after "@" (16) suffix : No '@' in User-Name = "abc", looking up realm NULL (16) suffix : Found realm "NULL" (16) suffix : Adding Stripped-User-Name = "abc" (16) suffix : Adding Realm = "NULL" (16) suffix : Authentication realm is LOCAL (16) [suffix] = ok (16) eap : Peer sent code Response (2) ID 10 length 43 (16) eap : Continuing tunnel setup (16) [eap] = ok (16) } # authorize = ok (16) Found Auth-Type = EAP (16) # Executing group from file /etc/raddb/sites-enabled/default (16) authenticate { (16) eap : Expiring EAP session with state 0xa2a24404a5a85d76 (16) eap : Finished EAP session with state 0xa2a24404a5a85d76 (16) eap : Previous EAP request found for state 0xa2a24404a5a85d76, released from the list (16) eap : Peer sent method PEAP (25) (16) eap : EAP PEAP (25) (16) eap : Calling eap_peap to process EAP data (16) eap_peap : processing EAP-TLS (16) eap_peap : eaptls_verify returned 7 (16) eap_peap : Done initial handshake (16) eap_peap : eaptls_process returned 7 (16) eap_peap : FR_TLS_OK (16) eap_peap : Session established. Decoding tunneled attributes (16) eap_peap : Peap state send tlv success (16) eap_peap : Received EAP-TLV response (16) eap_peap : Success (16) eap_peap : Using saved attributes from the original Access-Accept Stripped-User-Name = 'abc' (16) eap_peap : Saving session 4cfb86761316cdcb61f4f5a20e43ea6ad182ef73bc06f48abd41cd6a898901c5 vps 0x7fcddc592220 in the cache (16) eap : Freeing handler (16) [eap] = ok (16) } # authenticate = ok (16) Login OK: [abc] (from client WLC2504 port 1 cli c4-8e-8f-f8-96-33) (16) # Executing section post-auth from file /etc/raddb/sites-enabled/default (16) post-auth { (16) [exec] = noop (16) remove_reply_message_if_eap remove_reply_message_if_eap { (16) if (&reply:EAP-Message && &reply:Reply-Message) (16) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (16) else else { (16) [noop] = noop (16) } # else else = noop (16) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop (16) } # post-auth = noop (16) Sending Access-Accept packet to host 192.168.45.66 port 32769, id=245, length=0 (16) Stripped-User-Name = 'abc' (16) MS-MPPE-Recv-Key = 0x888436e9ed1d1687dd57f1ea7dbfb37e571b70198a607cbfafc65172ed169bae (16) MS-MPPE-Send-Key = 0xec7c3567be6d64f08c3e03a92e9e29bbae4f9f3f14d0c80ce96af57ae87d27a0 (16) EAP-MSK = 0x888436e9ed1d1687dd57f1ea7dbfb37e571b70198a607cbfafc65172ed169baeec7c3567be6d64f08c3e03a92e9e29bbae4f9f3f14d0c80ce96af57ae87d27a0 (16) EAP-EMSK = 0x66986dcbc23699849fca2775a4f7b4b8ed4cbe6c420a07f796aea352e77aace71ab5f58224fbc353fcd835cd70fa5457e0587807c0fd8fb9d46f4bb397de3749 (16) EAP-Session-Id = 0x1956606e22c4d306e2ff3a8384a9751c3a937a08729936e5d4d68511c69ca5d86556606de61d6715fccf8e5db89606123a957726c358c418ad6ca424e910939289 (16) EAP-Message = 0x030a0004 (16) Message-Authenticator = 0x00000000000000000000000000000000 (16) Stripped-User-Name = 'abc' Sending Access-Accept Id 245 from 192.168.99.58:1812 to 192.168.45.66:32769 MS-MPPE-Recv-Key = 0x888436e9ed1d1687dd57f1ea7dbfb37e571b70198a607cbfafc65172ed169bae MS-MPPE-Send-Key = 0xec7c3567be6d64f08c3e03a92e9e29bbae4f9f3f14d0c80ce96af57ae87d27a0 EAP-Message = 0x030a0004 Message-Authenticator = 0x00000000000000000000000000000000 (16) Finished request Waking up in 0.2 seconds. Waking up in 2.3 seconds. Received Accounting-Request Id 34 from 192.168.45.66:32769 to 192.168.99.58:1813 length 236 User-Name = 'abc' NAS-Port = 1 NAS-IP-Address = 192.168.45.66 Framed-IP-Address = 192.168.45.85 Framed-IPv6-Prefix = fe80::/64 NAS-Identifier = 'WLC_TEST' Airespace-Wlan-Id = 7 Acct-Session-Id = '56606e07/c4:8e:8f:f8:96:33/22' NAS-Port-Type = Wireless-802.11 Cisco-AVPair = 'audit-session-id=83682d420000001656606e07' Acct-Authentic = RADIUS Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '245' Event-Timestamp = 'Dec 3 2015 11:30:24 EST' Acct-Status-Type = Start Calling-Station-Id = '192.168.45.85' Called-Station-Id = '192.168.45.66' (17) Received Accounting-Request packet from host 192.168.45.66 port 32769, id=34, length=236 (17) User-Name = 'abc' (17) NAS-Port = 1 (17) NAS-IP-Address = 192.168.45.66 (17) Framed-IP-Address = 192.168.45.85 (17) Framed-IPv6-Prefix = fe80::/64 (17) NAS-Identifier = 'WLC_TEST' (17) Airespace-Wlan-Id = 7 (17) Acct-Session-Id = '56606e07/c4:8e:8f:f8:96:33/22' (17) NAS-Port-Type = Wireless-802.11 (17) Cisco-AVPair = 'audit-session-id=83682d420000001656606e07' (17) Acct-Authentic = RADIUS (17) Tunnel-Type:0 = VLAN (17) Tunnel-Medium-Type:0 = IEEE-802 (17) Tunnel-Private-Group-Id:0 = '245' (17) Event-Timestamp = 'Dec 3 2015 11:30:24 EST' (17) Acct-Status-Type = Start (17) Calling-Station-Id = '192.168.45.85' (17) Called-Station-Id = '192.168.45.66' (17) # Executing section preacct from file /etc/raddb/sites-enabled/default (17) preacct { (17) [preprocess] = ok (17) acct_unique acct_unique { (17) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) (17) EXPAND %{string:Class} (17) --> (17) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) -> FALSE (17) else else { (17) update request { (17) EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} (17) --> fa41400a73425f0bb9da0b4eba3bb452 (17) Acct-Unique-Session-Id := "fa41400a73425f0bb9da0b4eba3bb452" (17) } # update request = noop (17) } # else else = noop (17) } # acct_unique acct_unique = noop (17) suffix : Checking for suffix after "@" (17) suffix : No '@' in User-Name = "abc", looking up realm NULL (17) suffix : Found realm "NULL" (17) suffix : Adding Stripped-User-Name = "abc" (17) suffix : Adding Realm = "NULL" (17) suffix : Accounting realm is LOCAL (17) [suffix] = ok (17) [files] = noop (17) } # preacct = ok (17) # Executing section accounting from file /etc/raddb/sites-enabled/default (17) accounting { (17) detail : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d (17) detail : --> /var/log/radius/radacct/192.168.45.66/detail-20151203 (17) detail : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/radius/radacct/192.168.45.66/detail-20151203 (17) detail : EXPAND %t (17) detail : --> Thu Dec 3 11:29:30 2015 (17) [detail] = ok (17) [unix] = ok (17) [exec] = noop (17) attr_filter.accounting_response : EXPAND %{User-Name} (17) attr_filter.accounting_response : --> abc (17) attr_filter.accounting_response : Matched entry DEFAULT at line 12 (17) [attr_filter.accounting_response] = updated (17) } # accounting = updated (17) Sending Accounting-Response packet to host 192.168.45.66 port 32769, id=34, length=0 Sending Accounting-Response Id 34 from 192.168.99.58:1813 to 192.168.45.66:32769 (17) Finished request Waking up in 0.3 seconds. (17) Cleaning up request packet ID 34 with timestamp +252 Waking up in 0.1 seconds. (8) Cleaning up request packet ID 237 with timestamp +248 (9) Cleaning up request packet ID 238 with timestamp +248 (10) Cleaning up request packet ID 239 with timestamp +248 (11) Cleaning up request packet ID 240 with timestamp +248 Waking up in 2.2 seconds. (12) Cleaning up request packet ID 241 with timestamp +250 (13) Cleaning up request packet ID 242 with timestamp +250 (14) Cleaning up request packet ID 243 with timestamp +250 (15) Cleaning up request packet ID 244 with timestamp +250 (16) Cleaning up request packet ID 245 with timestamp +250 Ready to process requests