(10) Cleaning up request packet ID 43 with timestamp +155 Ready to process requests Received Access-Request Id 227 from 131.104.45.66:32769 to 131.104.99.58:1812 length 328 User-Name = 'host/CCS-252.cfs.uoguelph.ca' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = 'c4-8e-8f-f8-96-33' Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' NAS-Port = 1 Cisco-AVPair = 'audit-session-id=83682d420000002156670fdc' Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 131.104.45.66 NAS-Identifier = 'WLC_TEST' Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '245' EAP-Message = 0x0202002101686f73742f4343532d3235322e6366732e756f6775656c70682e6361 Message-Authenticator = 0xea2c8cad96f7970655a878da4e164e56 (11) Received Access-Request packet from host 131.104.45.66 port 32769, id=227, length=328 (11) User-Name = 'host/CCS-252.cfs.uoguelph.ca' (11) Chargeable-User-Identity = 0x00 (11) Location-Capable = Civix-Location (11) Calling-Station-Id = 'c4-8e-8f-f8-96-33' (11) Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' (11) NAS-Port = 1 (11) Cisco-AVPair = 'audit-session-id=83682d420000002156670fdc' (11) Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' (11) Cisco-AVPair = 'mDNS=true' (11) NAS-IP-Address = 131.104.45.66 (11) NAS-Identifier = 'WLC_TEST' (11) Airespace-Wlan-Id = 7 (11) Service-Type = Framed-User (11) Framed-MTU = 1300 (11) NAS-Port-Type = Wireless-802.11 (11) Tunnel-Type:0 = VLAN (11) Tunnel-Medium-Type:0 = IEEE-802 (11) Tunnel-Private-Group-Id:0 = '245' (11) EAP-Message = 0x0202002101686f73742f4343532d3235322e6366732e756f6775656c70682e6361 (11) Message-Authenticator = 0xea2c8cad96f7970655a878da4e164e56 (11) # Executing section authorize from file /etc/raddb/sites-enabled/default (11) authorize { (11) filter_username filter_username { (11) if (!&User-Name) (11) if (!&User-Name) -> FALSE (11) if (&User-Name =~ / /) (11) if (&User-Name =~ / /) -> FALSE (11) if (&User-Name =~ /@.*@/ ) (11) if (&User-Name =~ /@.*@/ ) -> FALSE (11) if (&User-Name =~ /\\.\\./ ) (11) if (&User-Name =~ /\\.\\./ ) -> FALSE (11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (11) if (&User-Name =~ /\\.$/) (11) if (&User-Name =~ /\\.$/) -> FALSE (11) if (&User-Name =~ /@\\./) (11) if (&User-Name =~ /@\\./) -> FALSE (11) } # filter_username filter_username = notfound (11) [preprocess] = ok (11) [chap] = noop (11) [mschap] = noop (11) [digest] = noop (11) suffix : Checking for suffix after "@" (11) suffix : No '@' in User-Name = "host/CCS-252.cfs.uoguelph.ca", looking up realm NULL (11) suffix : Found realm "NULL" (11) suffix : Adding Stripped-User-Name = "host/CCS-252.cfs.uoguelph.ca" (11) suffix : Adding Realm = "NULL" (11) suffix : Authentication realm is LOCAL (11) [suffix] = ok (11) eap : Peer sent code Response (2) ID 2 length 33 (11) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (11) [eap] = ok (11) } # authorize = ok (11) Found Auth-Type = EAP (11) # Executing group from file /etc/raddb/sites-enabled/default (11) authenticate { (11) eap : Peer sent method Identity (1) (11) eap : Calling eap_peap to process EAP data (11) eap_peap : Initiate (11) eap_peap : Start returned 1 (11) eap : New EAP session, adding 'State' attribute to reply 0x2c8401da2c8718c6 (11) [eap] = handled (11) } # authenticate = handled (11) Sending Access-Challenge packet to host 131.104.45.66 port 32769, id=227, length=0 (11) EAP-Message = 0x010300061920 (11) Message-Authenticator = 0x00000000000000000000000000000000 (11) State = 0x2c8401da2c8718c6b5d190cb25d97c2a Sending Access-Challenge Id 227 from 131.104.99.58:1812 to 131.104.45.66:32769 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2c8401da2c8718c6b5d190cb25d97c2a (11) Finished request Waking up in 0.3 seconds. Received Access-Request Id 228 from 131.104.45.66:32769 to 131.104.99.58:1812 length 435 User-Name = 'host/CCS-252.cfs.uoguelph.ca' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = 'c4-8e-8f-f8-96-33' Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' NAS-Port = 1 Cisco-AVPair = 'audit-session-id=83682d420000002156670fdc' Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 131.104.45.66 NAS-Identifier = 'WLC_TEST' Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '245' EAP-Message = 0x0203007a198000000070160301006b01000067030156670fe2c3452986c757756c7d524f63d8f74ee79c75d49b6477066c192776cd000018c014c0130035002fc00ac00900380032000a00130005000401000026000500050100000000000a0006000400170018000b000201000023000000170000ff01000100 State = 0x2c8401da2c8718c6b5d190cb25d97c2a Message-Authenticator = 0xee1526dec96343a8448eeb68179e53a7 (12) Received Access-Request packet from host 131.104.45.66 port 32769, id=228, length=435 (12) User-Name = 'host/CCS-252.cfs.uoguelph.ca' (12) Chargeable-User-Identity = 0x00 (12) Location-Capable = Civix-Location (12) Calling-Station-Id = 'c4-8e-8f-f8-96-33' (12) Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' (12) NAS-Port = 1 (12) Cisco-AVPair = 'audit-session-id=83682d420000002156670fdc' (12) Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' (12) Cisco-AVPair = 'mDNS=true' (12) NAS-IP-Address = 131.104.45.66 (12) NAS-Identifier = 'WLC_TEST' (12) Airespace-Wlan-Id = 7 (12) Service-Type = Framed-User (12) Framed-MTU = 1300 (12) NAS-Port-Type = Wireless-802.11 (12) Tunnel-Type:0 = VLAN (12) Tunnel-Medium-Type:0 = IEEE-802 (12) Tunnel-Private-Group-Id:0 = '245' (12) EAP-Message = 0x0203007a198000000070160301006b01000067030156670fe2c3452986c757756c7d524f63d8f74ee79c75d49b6477066c192776cd000018c014c0130035002fc00ac00900380032000a00130005000401000026000500050100000000000a0006000400170018000b000201000023000000170000ff01000100 (12) State = 0x2c8401da2c8718c6b5d190cb25d97c2a (12) Message-Authenticator = 0xee1526dec96343a8448eeb68179e53a7 (12) # Executing section authorize from file /etc/raddb/sites-enabled/default (12) authorize { (12) filter_username filter_username { (12) if (!&User-Name) (12) if (!&User-Name) -> FALSE (12) if (&User-Name =~ / /) (12) if (&User-Name =~ / /) -> FALSE (12) if (&User-Name =~ /@.*@/ ) (12) if (&User-Name =~ /@.*@/ ) -> FALSE (12) if (&User-Name =~ /\\.\\./ ) (12) if (&User-Name =~ /\\.\\./ ) -> FALSE (12) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (12) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (12) if (&User-Name =~ /\\.$/) (12) if (&User-Name =~ /\\.$/) -> FALSE (12) if (&User-Name =~ /@\\./) (12) if (&User-Name =~ /@\\./) -> FALSE (12) } # filter_username filter_username = notfound (12) [preprocess] = ok (12) [chap] = noop (12) [mschap] = noop (12) [digest] = noop (12) suffix : Checking for suffix after "@" (12) suffix : No '@' in User-Name = "host/CCS-252.cfs.uoguelph.ca", looking up realm NULL (12) suffix : Found realm "NULL" (12) suffix : Adding Stripped-User-Name = "host/CCS-252.cfs.uoguelph.ca" (12) suffix : Adding Realm = "NULL" (12) suffix : Authentication realm is LOCAL (12) [suffix] = ok (12) eap : Peer sent code Response (2) ID 3 length 122 (12) eap : Continuing tunnel setup (12) [eap] = ok (12) } # authorize = ok (12) Found Auth-Type = EAP (12) # Executing group from file /etc/raddb/sites-enabled/default (12) authenticate { (12) eap : Expiring EAP session with state 0x2c8401da2c8718c6 (12) eap : Finished EAP session with state 0x2c8401da2c8718c6 (12) eap : Previous EAP request found for state 0x2c8401da2c8718c6, released from the list (12) eap : Peer sent method PEAP (25) (12) eap : EAP PEAP (25) (12) eap : Calling eap_peap to process EAP data (12) eap_peap : processing EAP-TLS TLS Length 112 (12) eap_peap : Length Included (12) eap_peap : eaptls_verify returned 11 (12) eap_peap : (other): before/accept initialization (12) eap_peap : TLS_accept: before/accept initialization (12) eap_peap : <<< TLS 1.0 Handshake [length 006b], ClientHello (12) eap_peap : TLS_accept: SSLv3 read client hello A (12) eap_peap : >>> TLS 1.0 Handshake [length 0059], ServerHello (12) eap_peap : TLS_accept: SSLv3 write server hello A (12) eap_peap : >>> TLS 1.0 Handshake [length 0d94], Certificate (12) eap_peap : TLS_accept: SSLv3 write certificate A (12) eap_peap : >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange (12) eap_peap : TLS_accept: SSLv3 write key exchange A (12) eap_peap : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone (12) eap_peap : TLS_accept: SSLv3 write server done A (12) eap_peap : TLS_accept: SSLv3 flush data (12) eap_peap : TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode (12) eap_peap : eaptls_process returned 13 (12) eap_peap : FR_TLS_HANDLED (12) eap : New EAP session, adding 'State' attribute to reply 0x2c8401da2d8018c6 (12) [eap] = handled (12) } # authenticate = handled (12) Sending Access-Challenge packet to host 131.104.45.66 port 32769, id=228, length=0 (12) EAP-Message = 0x010403ec19c000000f50160301005902000055030156670fa449207b55f3f238f9d94a2bfaad03e36d40a70419640cf9fd3a404d70201cf0efc93cff9d4e25539c81bfe8d90128a8d5612174baf065bd067930266212c01400000dff01000100000b0004030001021603010d940b000d90000d8d0004cb308204c7308203afa00302010202101a5d61cf10f4b2291c4c34b140f51f5f300d06092a864886f70d0101050500303c310b300906035504061302555331153013060355040a130c5468617774652c20496e632e311630140603550403130d5468617774652053534c204341301e170d3134313031363030303030305a170d3137313032323233353935395a308180310b30090603550406130243413110300e060355040813074f6e746172696f310f300d060355040714064775656c7068311d301b060355040a1414556e6976657273697479206f66204775656c7068310c300a060355040b14034343533121301f060355040314186163732d616e6e752e6e65742e756f6775656c70682e636130820122300d06092a864886f70d01010105000382010f003082010a0282010100d55b1ded54d87726964daa621a8e71b1c71cfd7c66c70fdeb8720e806b8bfefd53dee4384cf39c9b60764ad2cd5e17a67a867e783f81ac099efd53a2aaf2d6b338f8b0fd4b28f2aae11d084ad0632f74 (12) Message-Authenticator = 0x00000000000000000000000000000000 (12) State = 0x2c8401da2d8018c6b5d190cb25d97c2a Sending Access-Challenge Id 228 from 131.104.99.58:1812 to 131.104.45.66:32769 EAP-Message = 0x010403ec19c000000f50160301005902000055030156670fa449207b55f3f238f9d94a2bfaad03e36d40a70419640cf9fd3a404d70201cf0efc93cff9d4e25539c81bfe8d90128a8d5612174baf065bd067930266212c01400000dff01000100000b0004030001021603010d940b000d90000d8d0004cb308204c7308203afa00302010202101a5d61cf10f4b2291c4c34b140f51f5f300d06092a864886f70d0101050500303c310b300906035504061302555331153013060355040a130c5468617774652c20496e632e311630140603550403130d5468617774652053534c204341301e170d3134313031363030303030305a170d3137313032323233353935395a308180310b30090603550406130243413110300e060355040813074f6e746172696f310f300d060355040714064775656c7068311d301b060355040a1414556e6976657273697479206f66204775656c7068310c300a060355040b14034343533121301f060355040314186163732d616e6e752e6e65742e756f6775656c70682e636130820122300d06092a864886f70d01010105000382010f003082010a0282010100d55b1ded54d87726964daa621a8e71b1c71cfd7c66c70fdeb8720e806b8bfefd53dee4384cf39c9b60764ad2cd5e17a67a867e783f81ac099efd53a2aaf2d6b338f8b0fd4b28f2aae11d084ad0632f7 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2c8401da2d8018c6b5d190cb25d97c2a (12) Finished request Waking up in 0.3 seconds. Received Access-Request Id 229 from 131.104.45.66:32769 to 131.104.99.58:1812 length 319 User-Name = 'host/CCS-252.cfs.uoguelph.ca' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = 'c4-8e-8f-f8-96-33' Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' NAS-Port = 1 Cisco-AVPair = 'audit-session-id=83682d420000002156670fdc' Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 131.104.45.66 NAS-Identifier = 'WLC_TEST' Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '245' EAP-Message = 0x020400061900 State = 0x2c8401da2d8018c6b5d190cb25d97c2a Message-Authenticator = 0x547b39ebf98577643f74c64b8ed660df (13) Received Access-Request packet from host 131.104.45.66 port 32769, id=229, length=319 (13) User-Name = 'host/CCS-252.cfs.uoguelph.ca' (13) Chargeable-User-Identity = 0x00 (13) Location-Capable = Civix-Location (13) Calling-Station-Id = 'c4-8e-8f-f8-96-33' (13) Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' (13) NAS-Port = 1 (13) Cisco-AVPair = 'audit-session-id=83682d420000002156670fdc' (13) Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' (13) Cisco-AVPair = 'mDNS=true' (13) NAS-IP-Address = 131.104.45.66 (13) NAS-Identifier = 'WLC_TEST' (13) Airespace-Wlan-Id = 7 (13) Service-Type = Framed-User (13) Framed-MTU = 1300 (13) NAS-Port-Type = Wireless-802.11 (13) Tunnel-Type:0 = VLAN (13) Tunnel-Medium-Type:0 = IEEE-802 (13) Tunnel-Private-Group-Id:0 = '245' (13) EAP-Message = 0x020400061900 (13) State = 0x2c8401da2d8018c6b5d190cb25d97c2a (13) Message-Authenticator = 0x547b39ebf98577643f74c64b8ed660df (13) # Executing section authorize from file /etc/raddb/sites-enabled/default (13) authorize { (13) filter_username filter_username { (13) if (!&User-Name) (13) if (!&User-Name) -> FALSE (13) if (&User-Name =~ / /) (13) if (&User-Name =~ / /) -> FALSE (13) if (&User-Name =~ /@.*@/ ) (13) if (&User-Name =~ /@.*@/ ) -> FALSE (13) if (&User-Name =~ /\\.\\./ ) (13) if (&User-Name =~ /\\.\\./ ) -> FALSE (13) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (13) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (13) if (&User-Name =~ /\\.$/) (13) if (&User-Name =~ /\\.$/) -> FALSE (13) if (&User-Name =~ /@\\./) (13) if (&User-Name =~ /@\\./) -> FALSE (13) } # filter_username filter_username = notfound (13) [preprocess] = ok (13) [chap] = noop (13) [mschap] = noop (13) [digest] = noop (13) suffix : Checking for suffix after "@" (13) suffix : No '@' in User-Name = "host/CCS-252.cfs.uoguelph.ca", looking up realm NULL (13) suffix : Found realm "NULL" (13) suffix : Adding Stripped-User-Name = "host/CCS-252.cfs.uoguelph.ca" (13) suffix : Adding Realm = "NULL" (13) suffix : Authentication realm is LOCAL (13) [suffix] = ok (13) eap : Peer sent code Response (2) ID 4 length 6 (13) eap : Continuing tunnel setup (13) [eap] = ok (13) } # authorize = ok (13) Found Auth-Type = EAP (13) # Executing group from file /etc/raddb/sites-enabled/default (13) authenticate { (13) eap : Expiring EAP session with state 0x2c8401da2d8018c6 (13) eap : Finished EAP session with state 0x2c8401da2d8018c6 (13) eap : Previous EAP request found for state 0x2c8401da2d8018c6, released from the list (13) eap : Peer sent method PEAP (25) (13) eap : EAP PEAP (25) (13) eap : Calling eap_peap to process EAP data (13) eap_peap : processing EAP-TLS (13) eap_peap : Received TLS ACK (13) eap_peap : Received TLS ACK (13) eap_peap : ACK handshake fragment handler (13) eap_peap : eaptls_verify returned 1 (13) eap_peap : eaptls_process returned 13 (13) eap_peap : FR_TLS_HANDLED (13) eap : New EAP session, adding 'State' attribute to reply 0x2c8401da2e8118c6 (13) [eap] = handled (13) } # authenticate = handled (13) Sending Access-Challenge packet to host 131.104.45.66 port 32769, id=229, length=0 (13) EAP-Message = 0x010503e8194005050730018613687474703a2f2f74622e73796d63642e636f6d302606082b06010505073002861a687474703a2f2f74622e73796d63622e636f6d2f74622e637274300d06092a864886f70d01010505000382010100260c0abe1a9f6cfeba435c7b7fa42b5b601620b30473e98c93d4de01741e4167390d3d4f41a884b7860b8aaa6b0d3d7dd59f08e285636ae33d9c123d0bfb338b56693eafc0efcc517e5a10fcae8de210e569518dc8dde4ae728ff97f27091770124aa84a5034a5ef6ca14eb8e0bc27090bfb02960c71c9e3693f6200f450eb39cc98d9575dfb3d8002a30f0764bc182839e2c714bf4e509f065dc3687e4e2bb11b316c8406b786d98f8c84803c4a325cd5e01e0a4d8bc92288e86a6c3eada6d3389657d4927a08b392acdd36fef72752f68834421119244acc399509e1f5f539dcdcdee17cb65a4aa13b048d80800799fc65f260cc46a6997b81f80b7883e6e000044930820445308203aea00302010202103365500879ad73e230b9e01d0d7fac91300d06092a864886f70d01010505003081ce310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311d301b060355040a131454686177746520436f6e73756c74696e6720636331283026060355040b131f4365727469 (13) Message-Authenticator = 0x00000000000000000000000000000000 (13) State = 0x2c8401da2e8118c6b5d190cb25d97c2a Sending Access-Challenge Id 229 from 131.104.99.58:1812 to 131.104.45.66:32769 EAP-Message = 0x010503e8194005050730018613687474703a2f2f74622e73796d63642e636f6d302606082b06010505073002861a687474703a2f2f74622e73796d63622e636f6d2f74622e637274300d06092a864886f70d01010505000382010100260c0abe1a9f6cfeba435c7b7fa42b5b601620b30473e98c93d4de01741e4167390d3d4f41a884b7860b8aaa6b0d3d7dd59f08e285636ae33d9c123d0bfb338b56693eafc0efcc517e5a10fcae8de210e569518dc8dde4ae728ff97f27091770124aa84a5034a5ef6ca14eb8e0bc27090bfb02960c71c9e3693f6200f450eb39cc98d9575dfb3d8002a30f0764bc182839e2c714bf4e509f065dc3687e4e2bb11b316c8406b786d98f8c84803c4a325cd5e01e0a4d8bc92288e86a6c3eada6d3389657d4927a08b392acdd36fef72752f68834421119244acc399509e1f5f539dcdcdee17cb65a4aa13b048d80800799fc65f260cc46a6997b81f80b7883e6e000044930820445308203aea00302010202103365500879ad73e230b9e01d0d7fac91300d06092a864886f70d01010505003081ce310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311d301b060355040a131454686177746520436f6e73756c74696e6720636331283026060355040b131f436572746 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2c8401da2e8118c6b5d190cb25d97c2a (13) Finished request Waking up in 0.2 seconds. Received Access-Request Id 230 from 131.104.45.66:32769 to 131.104.99.58:1812 length 319 User-Name = 'host/CCS-252.cfs.uoguelph.ca' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = 'c4-8e-8f-f8-96-33' Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' NAS-Port = 1 Cisco-AVPair = 'audit-session-id=83682d420000002156670fdc' Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 131.104.45.66 NAS-Identifier = 'WLC_TEST' Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '245' EAP-Message = 0x020500061900 State = 0x2c8401da2e8118c6b5d190cb25d97c2a Message-Authenticator = 0xb09f779c60add5e608e6a502c8e92383 (14) Received Access-Request packet from host 131.104.45.66 port 32769, id=230, length=319 (14) User-Name = 'host/CCS-252.cfs.uoguelph.ca' (14) Chargeable-User-Identity = 0x00 (14) Location-Capable = Civix-Location (14) Calling-Station-Id = 'c4-8e-8f-f8-96-33' (14) Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' (14) NAS-Port = 1 (14) Cisco-AVPair = 'audit-session-id=83682d420000002156670fdc' (14) Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' (14) Cisco-AVPair = 'mDNS=true' (14) NAS-IP-Address = 131.104.45.66 (14) NAS-Identifier = 'WLC_TEST' (14) Airespace-Wlan-Id = 7 (14) Service-Type = Framed-User (14) Framed-MTU = 1300 (14) NAS-Port-Type = Wireless-802.11 (14) Tunnel-Type:0 = VLAN (14) Tunnel-Medium-Type:0 = IEEE-802 (14) Tunnel-Private-Group-Id:0 = '245' (14) EAP-Message = 0x020500061900 (14) State = 0x2c8401da2e8118c6b5d190cb25d97c2a (14) Message-Authenticator = 0xb09f779c60add5e608e6a502c8e92383 (14) # Executing section authorize from file /etc/raddb/sites-enabled/default (14) authorize { (14) filter_username filter_username { (14) if (!&User-Name) (14) if (!&User-Name) -> FALSE (14) if (&User-Name =~ / /) (14) if (&User-Name =~ / /) -> FALSE (14) if (&User-Name =~ /@.*@/ ) (14) if (&User-Name =~ /@.*@/ ) -> FALSE (14) if (&User-Name =~ /\\.\\./ ) (14) if (&User-Name =~ /\\.\\./ ) -> FALSE (14) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (14) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (14) if (&User-Name =~ /\\.$/) (14) if (&User-Name =~ /\\.$/) -> FALSE (14) if (&User-Name =~ /@\\./) (14) if (&User-Name =~ /@\\./) -> FALSE (14) } # filter_username filter_username = notfound (14) [preprocess] = ok (14) [chap] = noop (14) [mschap] = noop (14) [digest] = noop (14) suffix : Checking for suffix after "@" (14) suffix : No '@' in User-Name = "host/CCS-252.cfs.uoguelph.ca", looking up realm NULL (14) suffix : Found realm "NULL" (14) suffix : Adding Stripped-User-Name = "host/CCS-252.cfs.uoguelph.ca" (14) suffix : Adding Realm = "NULL" (14) suffix : Authentication realm is LOCAL (14) [suffix] = ok (14) eap : Peer sent code Response (2) ID 5 length 6 (14) eap : Continuing tunnel setup (14) [eap] = ok (14) } # authorize = ok (14) Found Auth-Type = EAP (14) # Executing group from file /etc/raddb/sites-enabled/default (14) authenticate { (14) eap : Expiring EAP session with state 0x2c8401da2e8118c6 (14) eap : Finished EAP session with state 0x2c8401da2e8118c6 (14) eap : Previous EAP request found for state 0x2c8401da2e8118c6, released from the list (14) eap : Peer sent method PEAP (25) (14) eap : EAP PEAP (25) (14) eap : Calling eap_peap to process EAP data (14) eap_peap : processing EAP-TLS (14) eap_peap : Received TLS ACK (14) eap_peap : Received TLS ACK (14) eap_peap : ACK handshake fragment handler (14) eap_peap : eaptls_verify returned 1 (14) eap_peap : eaptls_process returned 13 (14) eap_peap : FR_TLS_HANDLED (14) eap : New EAP session, adding 'State' attribute to reply 0x2c8401da2f8218c6 (14) [eap] = handled (14) } # authenticate = handled (14) Sending Access-Challenge packet to host 131.104.45.66 port 32769, id=230, length=0 (14) EAP-Message = 0x010603e81940c8d74ec14c641eddcf8758ba4a4fca68071d1c9d4ac6d52f91cc7c71721cc5c067eb32fdc9925c94da85c09bbf537d2b09f48c9d911f976a52cbde0936a477d87b875044d53e6e2969fb3949261e09a5807b402debe82785c9fe61fd7ee67c971dd59d0203010001a381c23081bf300f0603551d130101ff040530030101ff303b0603551d200434303230300604551d20003028302606082b06010505070201161a68747470733a2f2f7777772e7468617774652e636f6d2f637073300e0603551d0f0101ff040403020106301d0603551d0e041604147b5b45cfafcecb7afd31921a6ab6f346eb57485030400603551d1f043930373035a033a031862f687474703a2f2f63726c2e7468617774652e636f6d2f5468617774655072656d69756d53657276657243412e63726c300d06092a864886f70d01010505000381810084a84cc93e2abc9ae2cc8f0bb22577c4618989635ad4a31540d4fb5e3fb443ea63172b6b99749e09a8ddd456152e7a79315f6396531b34d915ea4f6d70cabef682a9edda8577cc761c6a810a21d841997f5e2e82c1e8aaf7938105aa92b41fb79ac00717f5cbc6b44c0ed756dc71207438d674c6d68f6baf8b8da06c290b61e00004703082046c30820354a00302010202104d5f2c3408b24c20cd6d507e244dc9ec300d06092a864886f70d0101050500 (14) Message-Authenticator = 0x00000000000000000000000000000000 (14) State = 0x2c8401da2f8218c6b5d190cb25d97c2a Sending Access-Challenge Id 230 from 131.104.99.58:1812 to 131.104.45.66:32769 EAP-Message = 0x010603e81940c8d74ec14c641eddcf8758ba4a4fca68071d1c9d4ac6d52f91cc7c71721cc5c067eb32fdc9925c94da85c09bbf537d2b09f48c9d911f976a52cbde0936a477d87b875044d53e6e2969fb3949261e09a5807b402debe82785c9fe61fd7ee67c971dd59d0203010001a381c23081bf300f0603551d130101ff040530030101ff303b0603551d200434303230300604551d20003028302606082b06010505070201161a68747470733a2f2f7777772e7468617774652e636f6d2f637073300e0603551d0f0101ff040403020106301d0603551d0e041604147b5b45cfafcecb7afd31921a6ab6f346eb57485030400603551d1f043930373035a033a031862f687474703a2f2f63726c2e7468617774652e636f6d2f5468617774655072656d69756d53657276657243412e63726c300d06092a864886f70d01010505000381810084a84cc93e2abc9ae2cc8f0bb22577c4618989635ad4a31540d4fb5e3fb443ea63172b6b99749e09a8ddd456152e7a79315f6396531b34d915ea4f6d70cabef682a9edda8577cc761c6a810a21d841997f5e2e82c1e8aaf7938105aa92b41fb79ac00717f5cbc6b44c0ed756dc71207438d674c6d68f6baf8b8da06c290b61e00004703082046c30820354a00302010202104d5f2c3408b24c20cd6d507e244dc9ec300d06092a864886f70d010105050 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2c8401da2f8218c6b5d190cb25d97c2a (14) Finished request Waking up in 0.2 seconds. Received Access-Request Id 231 from 131.104.45.66:32769 to 131.104.99.58:1812 length 319 User-Name = 'host/CCS-252.cfs.uoguelph.ca' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = 'c4-8e-8f-f8-96-33' Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' NAS-Port = 1 Cisco-AVPair = 'audit-session-id=83682d420000002156670fdc' Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 131.104.45.66 NAS-Identifier = 'WLC_TEST' Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '245' EAP-Message = 0x020600061900 State = 0x2c8401da2f8218c6b5d190cb25d97c2a Message-Authenticator = 0x09440f5ee5929961ef30310a1fea74bf (15) Received Access-Request packet from host 131.104.45.66 port 32769, id=231, length=319 (15) User-Name = 'host/CCS-252.cfs.uoguelph.ca' (15) Chargeable-User-Identity = 0x00 (15) Location-Capable = Civix-Location (15) Calling-Station-Id = 'c4-8e-8f-f8-96-33' (15) Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' (15) NAS-Port = 1 (15) Cisco-AVPair = 'audit-session-id=83682d420000002156670fdc' (15) Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' (15) Cisco-AVPair = 'mDNS=true' (15) NAS-IP-Address = 131.104.45.66 (15) NAS-Identifier = 'WLC_TEST' (15) Airespace-Wlan-Id = 7 (15) Service-Type = Framed-User (15) Framed-MTU = 1300 (15) NAS-Port-Type = Wireless-802.11 (15) Tunnel-Type:0 = VLAN (15) Tunnel-Medium-Type:0 = IEEE-802 (15) Tunnel-Private-Group-Id:0 = '245' (15) EAP-Message = 0x020600061900 (15) State = 0x2c8401da2f8218c6b5d190cb25d97c2a (15) Message-Authenticator = 0x09440f5ee5929961ef30310a1fea74bf (15) # Executing section authorize from file /etc/raddb/sites-enabled/default (15) authorize { (15) filter_username filter_username { (15) if (!&User-Name) (15) if (!&User-Name) -> FALSE (15) if (&User-Name =~ / /) (15) if (&User-Name =~ / /) -> FALSE (15) if (&User-Name =~ /@.*@/ ) (15) if (&User-Name =~ /@.*@/ ) -> FALSE (15) if (&User-Name =~ /\\.\\./ ) (15) if (&User-Name =~ /\\.\\./ ) -> FALSE (15) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (15) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (15) if (&User-Name =~ /\\.$/) (15) if (&User-Name =~ /\\.$/) -> FALSE (15) if (&User-Name =~ /@\\./) (15) if (&User-Name =~ /@\\./) -> FALSE (15) } # filter_username filter_username = notfound (15) [preprocess] = ok (15) [chap] = noop (15) [mschap] = noop (15) [digest] = noop (15) suffix : Checking for suffix after "@" (15) suffix : No '@' in User-Name = "host/CCS-252.cfs.uoguelph.ca", looking up realm NULL (15) suffix : Found realm "NULL" (15) suffix : Adding Stripped-User-Name = "host/CCS-252.cfs.uoguelph.ca" (15) suffix : Adding Realm = "NULL" (15) suffix : Authentication realm is LOCAL (15) [suffix] = ok (15) eap : Peer sent code Response (2) ID 6 length 6 (15) eap : Continuing tunnel setup (15) [eap] = ok (15) } # authorize = ok (15) Found Auth-Type = EAP (15) # Executing group from file /etc/raddb/sites-enabled/default (15) authenticate { (15) eap : Expiring EAP session with state 0x2c8401da2f8218c6 (15) eap : Finished EAP session with state 0x2c8401da2f8218c6 (15) eap : Previous EAP request found for state 0x2c8401da2f8218c6, released from the list (15) eap : Peer sent method PEAP (25) (15) eap : EAP PEAP (25) (15) eap : Calling eap_peap to process EAP data (15) eap_peap : processing EAP-TLS (15) eap_peap : Received TLS ACK (15) eap_peap : Received TLS ACK (15) eap_peap : ACK handshake fragment handler (15) eap_peap : eaptls_verify returned 1 (15) eap_peap : eaptls_process returned 13 (15) eap_peap : FR_TLS_HANDLED (15) eap : New EAP session, adding 'State' attribute to reply 0x2c8401da288318c6 (15) [eap] = handled (15) } # authenticate = handled (15) Sending Access-Challenge packet to host 131.104.45.66 port 32769, id=231, length=0 (15) EAP-Message = 0x010703b01900a85257d711b4938be5999f5de77851e54df6b759b476b509374d0638137a1c08985cc4484acb52a0a9f8b19d8e7b79b0202f3c96a8116247bb110203010001a381fb3081f8303206082b0601050507010104263024302206082b060105050730018616687474703a2f2f6f6373702e7468617774652e636f6d30120603551d130101ff040830060101ff02010030340603551d1f042d302b3029a027a0258623687474703a2f2f63726c2e7468617774652e636f6d2f5468617774655043412e63726c300e0603551d0f0101ff04040302010630280603551d110421301fa41d301b3119301706035504031310566572695369676e4d504b492d322d39301d0603551d0e04160414a7a283bb3445403dfcd5304f12b93ea1019ff6db301f0603551d230418301680147b5b45cfafcecb7afd31921a6ab6f346eb574850300d06092a864886f70d01010505000382010100802280e06cc89516d7572687f37234dbc67256273ed396f62e2591a53e3397a74be52ffb257d2f0761fa6f83744c4c537220a47acf5151568188b06d1f362cc82bb18899c1fe44ab48517cd8f244642ad871a7fb1a2ff9198d34b223bfc44c551d8e44e8aa5d9add9ffd03c7ba24438d2d4744dbf6d898c8b2f9daefed295c6912fad123960fbf9c0df2794553379a562fe8571070f6ee890c49899ac123f5c2 (15) Message-Authenticator = 0x00000000000000000000000000000000 (15) State = 0x2c8401da288318c6b5d190cb25d97c2a Sending Access-Challenge Id 231 from 131.104.99.58:1812 to 131.104.45.66:32769 EAP-Message = 0x010703b01900a85257d711b4938be5999f5de77851e54df6b759b476b509374d0638137a1c08985cc4484acb52a0a9f8b19d8e7b79b0202f3c96a8116247bb110203010001a381fb3081f8303206082b0601050507010104263024302206082b060105050730018616687474703a2f2f6f6373702e7468617774652e636f6d30120603551d130101ff040830060101ff02010030340603551d1f042d302b3029a027a0258623687474703a2f2f63726c2e7468617774652e636f6d2f5468617774655043412e63726c300e0603551d0f0101ff04040302010630280603551d110421301fa41d301b3119301706035504031310566572695369676e4d504b492d322d39301d0603551d0e04160414a7a283bb3445403dfcd5304f12b93ea1019ff6db301f0603551d230418301680147b5b45cfafcecb7afd31921a6ab6f346eb574850300d06092a864886f70d01010505000382010100802280e06cc89516d7572687f37234dbc67256273ed396f62e2591a53e3397a74be52ffb257d2f0761fa6f83744c4c537220a47acf5151568188b06d1f362cc82bb18899c1fe44ab48517cd8f244642ad871a7fb1a2ff9198d34b223bfc44c551d8e44e8aa5d9add9ffd03c7ba24438d2d4744dbf6d898c8b2f9daefed295c6912fad123960fbf9c0df2794553379a562fe8571070f6ee890c49899ac123f5c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2c8401da288318c6b5d190cb25d97c2a (15) Finished request Waking up in 0.2 seconds. Received Access-Request Id 232 from 131.104.45.66:32769 to 131.104.99.58:1812 length 457 User-Name = 'host/CCS-252.cfs.uoguelph.ca' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = 'c4-8e-8f-f8-96-33' Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' NAS-Port = 1 Cisco-AVPair = 'audit-session-id=83682d420000002156670fdc' Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 131.104.45.66 NAS-Identifier = 'WLC_TEST' Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '245' EAP-Message = 0x020700901980000000861603010046100000424104c0e0fd8ee3b47b94109dbe6cf19424724b7aacb10c90f9551e3c4bd7882dcfbbedd8327fc0c59cb673778fdb1d517a9f8f007f159e252d708c74225770b107011403010001011603010030d8f16fe73e113897b32399e5831ceafd32f1f4d356a50a106de92a1dc5a70eac99736853a62d2da3eb64e5c6c6afe046 State = 0x2c8401da288318c6b5d190cb25d97c2a Message-Authenticator = 0x956ff5d6206024442dd0ff1baecc5ed3 (16) Received Access-Request packet from host 131.104.45.66 port 32769, id=232, length=457 (16) User-Name = 'host/CCS-252.cfs.uoguelph.ca' (16) Chargeable-User-Identity = 0x00 (16) Location-Capable = Civix-Location (16) Calling-Station-Id = 'c4-8e-8f-f8-96-33' (16) Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' (16) NAS-Port = 1 (16) Cisco-AVPair = 'audit-session-id=83682d420000002156670fdc' (16) Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' (16) Cisco-AVPair = 'mDNS=true' (16) NAS-IP-Address = 131.104.45.66 (16) NAS-Identifier = 'WLC_TEST' (16) Airespace-Wlan-Id = 7 (16) Service-Type = Framed-User (16) Framed-MTU = 1300 (16) NAS-Port-Type = Wireless-802.11 (16) Tunnel-Type:0 = VLAN (16) Tunnel-Medium-Type:0 = IEEE-802 (16) Tunnel-Private-Group-Id:0 = '245' (16) EAP-Message = 0x020700901980000000861603010046100000424104c0e0fd8ee3b47b94109dbe6cf19424724b7aacb10c90f9551e3c4bd7882dcfbbedd8327fc0c59cb673778fdb1d517a9f8f007f159e252d708c74225770b107011403010001011603010030d8f16fe73e113897b32399e5831ceafd32f1f4d356a50a106de92a1dc5a70eac99736853a62d2da3eb64e5c6c6afe046 (16) State = 0x2c8401da288318c6b5d190cb25d97c2a (16) Message-Authenticator = 0x956ff5d6206024442dd0ff1baecc5ed3 (16) # Executing section authorize from file /etc/raddb/sites-enabled/default (16) authorize { (16) filter_username filter_username { (16) if (!&User-Name) (16) if (!&User-Name) -> FALSE (16) if (&User-Name =~ / /) (16) if (&User-Name =~ / /) -> FALSE (16) if (&User-Name =~ /@.*@/ ) (16) if (&User-Name =~ /@.*@/ ) -> FALSE (16) if (&User-Name =~ /\\.\\./ ) (16) if (&User-Name =~ /\\.\\./ ) -> FALSE (16) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (16) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (16) if (&User-Name =~ /\\.$/) (16) if (&User-Name =~ /\\.$/) -> FALSE (16) if (&User-Name =~ /@\\./) (16) if (&User-Name =~ /@\\./) -> FALSE (16) } # filter_username filter_username = notfound (16) [preprocess] = ok (16) [chap] = noop (16) [mschap] = noop (16) [digest] = noop (16) suffix : Checking for suffix after "@" (16) suffix : No '@' in User-Name = "host/CCS-252.cfs.uoguelph.ca", looking up realm NULL (16) suffix : Found realm "NULL" (16) suffix : Adding Stripped-User-Name = "host/CCS-252.cfs.uoguelph.ca" (16) suffix : Adding Realm = "NULL" (16) suffix : Authentication realm is LOCAL (16) [suffix] = ok (16) eap : Peer sent code Response (2) ID 7 length 144 (16) eap : Continuing tunnel setup (16) [eap] = ok (16) } # authorize = ok (16) Found Auth-Type = EAP (16) # Executing group from file /etc/raddb/sites-enabled/default (16) authenticate { (16) eap : Expiring EAP session with state 0x2c8401da288318c6 (16) eap : Finished EAP session with state 0x2c8401da288318c6 (16) eap : Previous EAP request found for state 0x2c8401da288318c6, released from the list (16) eap : Peer sent method PEAP (25) (16) eap : EAP PEAP (25) (16) eap : Calling eap_peap to process EAP data (16) eap_peap : processing EAP-TLS TLS Length 134 (16) eap_peap : Length Included (16) eap_peap : eaptls_verify returned 11 (16) eap_peap : <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange (16) eap_peap : TLS_accept: SSLv3 read client key exchange A (16) eap_peap : <<< TLS 1.0 ChangeCipherSpec [length 0001] (16) eap_peap : <<< TLS 1.0 Handshake [length 0010], Finished (16) eap_peap : TLS_accept: SSLv3 read finished A (16) eap_peap : >>> TLS 1.0 ChangeCipherSpec [length 0001] (16) eap_peap : TLS_accept: SSLv3 write change cipher spec A (16) eap_peap : >>> TLS 1.0 Handshake [length 0010], Finished (16) eap_peap : TLS_accept: SSLv3 write finished A (16) eap_peap : TLS_accept: SSLv3 flush data SSL: adding session 1cf0efc93cff9d4e25539c81bfe8d90128a8d5612174baf065bd067930266212 to cache (16) eap_peap : (other): SSL negotiation finished successfully SSL Connection Established (16) eap_peap : eaptls_process returned 13 (16) eap_peap : FR_TLS_HANDLED (16) eap : New EAP session, adding 'State' attribute to reply 0x2c8401da298c18c6 (16) [eap] = handled (16) } # authenticate = handled (16) Sending Access-Challenge packet to host 131.104.45.66 port 32769, id=232, length=0 (16) EAP-Message = 0x0108004119001403010001011603010030542d803d5cd1da3e430cc6dbd259c14fcc20a14f5a7b5eb98147c5b488d5c1981fd366ac46be75ea5ebe430927c526b7 (16) Message-Authenticator = 0x00000000000000000000000000000000 (16) State = 0x2c8401da298c18c6b5d190cb25d97c2a Sending Access-Challenge Id 232 from 131.104.99.58:1812 to 131.104.45.66:32769 EAP-Message = 0x0108004119001403010001011603010030542d803d5cd1da3e430cc6dbd259c14fcc20a14f5a7b5eb98147c5b488d5c1981fd366ac46be75ea5ebe430927c526b7 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2c8401da298c18c6b5d190cb25d97c2a (16) Finished request Waking up in 0.2 seconds. Waking up in 4.5 seconds. Received Access-Request Id 233 from 131.104.45.66:32769 to 131.104.99.58:1812 length 319 User-Name = 'host/CCS-252.cfs.uoguelph.ca' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = 'c4-8e-8f-f8-96-33' Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' NAS-Port = 1 Cisco-AVPair = 'audit-session-id=83682d420000002156670fdc' Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 131.104.45.66 NAS-Identifier = 'WLC_TEST' Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '245' EAP-Message = 0x020800061900 State = 0x2c8401da298c18c6b5d190cb25d97c2a Message-Authenticator = 0x61ff63d998e2627c9123aa9a5f75c5a2 (17) Received Access-Request packet from host 131.104.45.66 port 32769, id=233, length=319 (17) User-Name = 'host/CCS-252.cfs.uoguelph.ca' (17) Chargeable-User-Identity = 0x00 (17) Location-Capable = Civix-Location (17) Calling-Station-Id = 'c4-8e-8f-f8-96-33' (17) Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' (17) NAS-Port = 1 (17) Cisco-AVPair = 'audit-session-id=83682d420000002156670fdc' (17) Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' (17) Cisco-AVPair = 'mDNS=true' (17) NAS-IP-Address = 131.104.45.66 (17) NAS-Identifier = 'WLC_TEST' (17) Airespace-Wlan-Id = 7 (17) Service-Type = Framed-User (17) Framed-MTU = 1300 (17) NAS-Port-Type = Wireless-802.11 (17) Tunnel-Type:0 = VLAN (17) Tunnel-Medium-Type:0 = IEEE-802 (17) Tunnel-Private-Group-Id:0 = '245' (17) EAP-Message = 0x020800061900 (17) State = 0x2c8401da298c18c6b5d190cb25d97c2a (17) Message-Authenticator = 0x61ff63d998e2627c9123aa9a5f75c5a2 (17) # Executing section authorize from file /etc/raddb/sites-enabled/default (17) authorize { (17) filter_username filter_username { (17) if (!&User-Name) (17) if (!&User-Name) -> FALSE (17) if (&User-Name =~ / /) (17) if (&User-Name =~ / /) -> FALSE (17) if (&User-Name =~ /@.*@/ ) (17) if (&User-Name =~ /@.*@/ ) -> FALSE (17) if (&User-Name =~ /\\.\\./ ) (17) if (&User-Name =~ /\\.\\./ ) -> FALSE (17) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (17) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (17) if (&User-Name =~ /\\.$/) (17) if (&User-Name =~ /\\.$/) -> FALSE (17) if (&User-Name =~ /@\\./) (17) if (&User-Name =~ /@\\./) -> FALSE (17) } # filter_username filter_username = notfound (17) [preprocess] = ok (17) [chap] = noop (17) [mschap] = noop (17) [digest] = noop (17) suffix : Checking for suffix after "@" (17) suffix : No '@' in User-Name = "host/CCS-252.cfs.uoguelph.ca", looking up realm NULL (17) suffix : Found realm "NULL" (17) suffix : Adding Stripped-User-Name = "host/CCS-252.cfs.uoguelph.ca" (17) suffix : Adding Realm = "NULL" (17) suffix : Authentication realm is LOCAL (17) [suffix] = ok (17) eap : Peer sent code Response (2) ID 8 length 6 (17) eap : Continuing tunnel setup (17) [eap] = ok (17) } # authorize = ok (17) Found Auth-Type = EAP (17) # Executing group from file /etc/raddb/sites-enabled/default (17) authenticate { (17) eap : Expiring EAP session with state 0x2c8401da298c18c6 (17) eap : Finished EAP session with state 0x2c8401da298c18c6 (17) eap : Previous EAP request found for state 0x2c8401da298c18c6, released from the list (17) eap : Peer sent method PEAP (25) (17) eap : EAP PEAP (25) (17) eap : Calling eap_peap to process EAP data (17) eap_peap : processing EAP-TLS (17) eap_peap : Received TLS ACK (17) eap_peap : Received TLS ACK (17) eap_peap : ACK handshake is finished (17) eap_peap : eaptls_verify returned 3 (17) eap_peap : eaptls_process returned 3 (17) eap_peap : FR_TLS_SUCCESS (17) eap_peap : Session established. Decoding tunneled attributes (17) eap_peap : Peap state TUNNEL ESTABLISHED (17) eap : New EAP session, adding 'State' attribute to reply 0x2c8401da2a8d18c6 (17) [eap] = handled (17) } # authenticate = handled (17) Sending Access-Challenge packet to host 131.104.45.66 port 32769, id=233, length=0 (17) EAP-Message = 0x0109002b190017030100207f2e4ea211f9b81fc6010cda3820cc354b3199d6acdeb12827a9bced32054256 (17) Message-Authenticator = 0x00000000000000000000000000000000 (17) State = 0x2c8401da2a8d18c6b5d190cb25d97c2a Sending Access-Challenge Id 233 from 131.104.99.58:1812 to 131.104.45.66:32769 EAP-Message = 0x0109002b190017030100207f2e4ea211f9b81fc6010cda3820cc354b3199d6acdeb12827a9bced32054256 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2c8401da2a8d18c6b5d190cb25d97c2a (17) Finished request Waking up in 0.3 seconds. Received Access-Request Id 234 from 131.104.45.66:32769 to 131.104.99.58:1812 length 388 User-Name = 'host/CCS-252.cfs.uoguelph.ca' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = 'c4-8e-8f-f8-96-33' Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' NAS-Port = 1 Cisco-AVPair = 'audit-session-id=83682d420000002156670fdc' Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 131.104.45.66 NAS-Identifier = 'WLC_TEST' Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '245' EAP-Message = 0x0209004b190017030100404be7826033ea78700eb476de0c23f995e44ddde7904750b2bcfe87fe932b8a2bdd7527b451763fd480f7a76b1091f7257f1c9d0eafcde5816b3f42dac5aef214 State = 0x2c8401da2a8d18c6b5d190cb25d97c2a Message-Authenticator = 0x15c5feac6cfffb140b603cad31eec357 (18) Received Access-Request packet from host 131.104.45.66 port 32769, id=234, length=388 (18) User-Name = 'host/CCS-252.cfs.uoguelph.ca' (18) Chargeable-User-Identity = 0x00 (18) Location-Capable = Civix-Location (18) Calling-Station-Id = 'c4-8e-8f-f8-96-33' (18) Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' (18) NAS-Port = 1 (18) Cisco-AVPair = 'audit-session-id=83682d420000002156670fdc' (18) Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' (18) Cisco-AVPair = 'mDNS=true' (18) NAS-IP-Address = 131.104.45.66 (18) NAS-Identifier = 'WLC_TEST' (18) Airespace-Wlan-Id = 7 (18) Service-Type = Framed-User (18) Framed-MTU = 1300 (18) NAS-Port-Type = Wireless-802.11 (18) Tunnel-Type:0 = VLAN (18) Tunnel-Medium-Type:0 = IEEE-802 (18) Tunnel-Private-Group-Id:0 = '245' (18) EAP-Message = 0x0209004b190017030100404be7826033ea78700eb476de0c23f995e44ddde7904750b2bcfe87fe932b8a2bdd7527b451763fd480f7a76b1091f7257f1c9d0eafcde5816b3f42dac5aef214 (18) State = 0x2c8401da2a8d18c6b5d190cb25d97c2a (18) Message-Authenticator = 0x15c5feac6cfffb140b603cad31eec357 (18) # Executing section authorize from file /etc/raddb/sites-enabled/default (18) authorize { (18) filter_username filter_username { (18) if (!&User-Name) (18) if (!&User-Name) -> FALSE (18) if (&User-Name =~ / /) (18) if (&User-Name =~ / /) -> FALSE (18) if (&User-Name =~ /@.*@/ ) (18) if (&User-Name =~ /@.*@/ ) -> FALSE (18) if (&User-Name =~ /\\.\\./ ) (18) if (&User-Name =~ /\\.\\./ ) -> FALSE (18) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (18) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (18) if (&User-Name =~ /\\.$/) (18) if (&User-Name =~ /\\.$/) -> FALSE (18) if (&User-Name =~ /@\\./) (18) if (&User-Name =~ /@\\./) -> FALSE (18) } # filter_username filter_username = notfound (18) [preprocess] = ok (18) [chap] = noop (18) [mschap] = noop (18) [digest] = noop (18) suffix : Checking for suffix after "@" (18) suffix : No '@' in User-Name = "host/CCS-252.cfs.uoguelph.ca", looking up realm NULL (18) suffix : Found realm "NULL" (18) suffix : Adding Stripped-User-Name = "host/CCS-252.cfs.uoguelph.ca" (18) suffix : Adding Realm = "NULL" (18) suffix : Authentication realm is LOCAL (18) [suffix] = ok (18) eap : Peer sent code Response (2) ID 9 length 75 (18) eap : Continuing tunnel setup (18) [eap] = ok (18) } # authorize = ok (18) Found Auth-Type = EAP (18) # Executing group from file /etc/raddb/sites-enabled/default (18) authenticate { (18) eap : Expiring EAP session with state 0x2c8401da2a8d18c6 (18) eap : Finished EAP session with state 0x2c8401da2a8d18c6 (18) eap : Previous EAP request found for state 0x2c8401da2a8d18c6, released from the list (18) eap : Peer sent method PEAP (25) (18) eap : EAP PEAP (25) (18) eap : Calling eap_peap to process EAP data (18) eap_peap : processing EAP-TLS (18) eap_peap : eaptls_verify returned 7 (18) eap_peap : Done initial handshake (18) eap_peap : eaptls_process returned 7 (18) eap_peap : FR_TLS_OK (18) eap_peap : Session established. Decoding tunneled attributes (18) eap_peap : Peap state WAITING FOR INNER IDENTITY (18) eap_peap : Identity - host/CCS-252.cfs.uoguelph.ca (18) eap_peap : Got inner identity 'host/CCS-252.cfs.uoguelph.ca' (18) eap_peap : Setting default EAP type for tunneled EAP session (18) eap_peap : Got tunneled request EAP-Message = 0x0209002101686f73742f4343532d3235322e6366732e756f6775656c70682e6361 server default { (18) eap_peap : Setting User-Name to host/CCS-252.cfs.uoguelph.ca Sending tunneled request EAP-Message = 0x0209002101686f73742f4343532d3235322e6366732e756f6775656c70682e6361 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = 'host/CCS-252.cfs.uoguelph.ca' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = 'c4-8e-8f-f8-96-33' Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' NAS-Port = 1 Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' NAS-IP-Address = 131.104.45.66 NAS-Identifier = 'WLC_TEST' Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Event-Timestamp = 'Dec 8 2015 12:13:11 EST' server inner-tunnel { (18) server inner-tunnel { (18) Request: EAP-Message = 0x0209002101686f73742f4343532d3235322e6366732e756f6775656c70682e6361 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = 'host/CCS-252.cfs.uoguelph.ca' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = 'c4-8e-8f-f8-96-33' Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' NAS-Port = 1 Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' NAS-IP-Address = 131.104.45.66 NAS-Identifier = 'WLC_TEST' Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Event-Timestamp = 'Dec 8 2015 12:13:11 EST' (18) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (18) authorize { (18) [chap] = noop (18) [mschap] = noop (18) suffix : Checking for suffix after "@" (18) suffix : No '@' in User-Name = "host/CCS-252.cfs.uoguelph.ca", looking up realm NULL (18) suffix : Found realm "NULL" (18) suffix : Adding Stripped-User-Name = "host/CCS-252.cfs.uoguelph.ca" (18) suffix : Adding Realm = "NULL" (18) suffix : Authentication realm is LOCAL (18) [suffix] = ok (18) update control { (18) Proxy-To-Realm := 'LOCAL' (18) } # update control = noop (18) eap : Peer sent code Response (2) ID 9 length 33 (18) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (18) [eap] = ok (18) } # authorize = ok (18) Found Auth-Type = EAP (18) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (18) authenticate { (18) eap : Peer sent method Identity (1) (18) eap : Calling eap_mschapv2 to process EAP data (18) eap_mschapv2 : Issuing Challenge (18) eap : New EAP session, adding 'State' attribute to reply 0x15592fca1553350c (18) [eap] = handled (18) } # authenticate = handled (18) Reply: EAP-Message = 0x010a00361a010a003110fe3dc8ee3a16a0a5a28ec10069445fa5686f73742f4343532d3235322e6366732e756f6775656c70682e6361 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x15592fca1553350cf54c5fb896507c1b (18) } # server inner-tunnel } # server inner-tunnel (18) eap_peap : Got tunneled reply code 11 EAP-Message = 0x010a00361a010a003110fe3dc8ee3a16a0a5a28ec10069445fa5686f73742f4343532d3235322e6366732e756f6775656c70682e6361 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x15592fca1553350cf54c5fb896507c1b (18) eap_peap : Got tunneled reply RADIUS code 11 EAP-Message = 0x010a00361a010a003110fe3dc8ee3a16a0a5a28ec10069445fa5686f73742f4343532d3235322e6366732e756f6775656c70682e6361 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x15592fca1553350cf54c5fb896507c1b (18) eap_peap : Got tunneled Access-Challenge (18) eap : New EAP session, adding 'State' attribute to reply 0x2c8401da2b8e18c6 (18) [eap] = handled (18) } # authenticate = handled (18) Sending Access-Challenge packet to host 131.104.45.66 port 32769, id=234, length=0 (18) EAP-Message = 0x010a005b19001703010050c5a1146e926ad9c2f61394845c5e1171e3026dfb83dddedb56d1c1f7b7913bacdf68cf9cd6a9fa916d31c7551ff615297070e900ebe8ab6fd0874557ad69cc711f0986e22de349ab49ed3802676a8d8a (18) Message-Authenticator = 0x00000000000000000000000000000000 (18) State = 0x2c8401da2b8e18c6b5d190cb25d97c2a Sending Access-Challenge Id 234 from 131.104.99.58:1812 to 131.104.45.66:32769 EAP-Message = 0x010a005b19001703010050c5a1146e926ad9c2f61394845c5e1171e3026dfb83dddedb56d1c1f7b7913bacdf68cf9cd6a9fa916d31c7551ff615297070e900ebe8ab6fd0874557ad69cc711f0986e22de349ab49ed3802676a8d8a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2c8401da2b8e18c6b5d190cb25d97c2a (18) Finished request Waking up in 0.3 seconds. Received Access-Request Id 235 from 131.104.45.66:32769 to 131.104.99.58:1812 length 436 User-Name = 'host/CCS-252.cfs.uoguelph.ca' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = 'c4-8e-8f-f8-96-33' Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' NAS-Port = 1 Cisco-AVPair = 'audit-session-id=83682d420000002156670fdc' Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 131.104.45.66 NAS-Identifier = 'WLC_TEST' Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '245' EAP-Message = 0x020a007b19001703010070a019f9d179ba0f4730e3f72146c752c28f9cfca6b0a4e6c7d8585687421fcbc9412187fd872ca6e3224305b735df9493e8bf1f80bec7e1c8c27b14b951619bd7d67a65ac544d30916a38353ff1a62f6af422be3f42a4f861991f75e3cbe542233e14d26da7fbdac508eb0c5e5225f7c7 State = 0x2c8401da2b8e18c6b5d190cb25d97c2a Message-Authenticator = 0x2d7a7892a11c814caae1817b5ce5653e (19) Received Access-Request packet from host 131.104.45.66 port 32769, id=235, length=436 (19) User-Name = 'host/CCS-252.cfs.uoguelph.ca' (19) Chargeable-User-Identity = 0x00 (19) Location-Capable = Civix-Location (19) Calling-Station-Id = 'c4-8e-8f-f8-96-33' (19) Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' (19) NAS-Port = 1 (19) Cisco-AVPair = 'audit-session-id=83682d420000002156670fdc' (19) Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' (19) Cisco-AVPair = 'mDNS=true' (19) NAS-IP-Address = 131.104.45.66 (19) NAS-Identifier = 'WLC_TEST' (19) Airespace-Wlan-Id = 7 (19) Service-Type = Framed-User (19) Framed-MTU = 1300 (19) NAS-Port-Type = Wireless-802.11 (19) Tunnel-Type:0 = VLAN (19) Tunnel-Medium-Type:0 = IEEE-802 (19) Tunnel-Private-Group-Id:0 = '245' (19) EAP-Message = 0x020a007b19001703010070a019f9d179ba0f4730e3f72146c752c28f9cfca6b0a4e6c7d8585687421fcbc9412187fd872ca6e3224305b735df9493e8bf1f80bec7e1c8c27b14b951619bd7d67a65ac544d30916a38353ff1a62f6af422be3f42a4f861991f75e3cbe542233e14d26da7fbdac508eb0c5e5225f7c7 (19) State = 0x2c8401da2b8e18c6b5d190cb25d97c2a (19) Message-Authenticator = 0x2d7a7892a11c814caae1817b5ce5653e (19) # Executing section authorize from file /etc/raddb/sites-enabled/default (19) authorize { (19) filter_username filter_username { (19) if (!&User-Name) (19) if (!&User-Name) -> FALSE (19) if (&User-Name =~ / /) (19) if (&User-Name =~ / /) -> FALSE (19) if (&User-Name =~ /@.*@/ ) (19) if (&User-Name =~ /@.*@/ ) -> FALSE (19) if (&User-Name =~ /\\.\\./ ) (19) if (&User-Name =~ /\\.\\./ ) -> FALSE (19) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (19) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (19) if (&User-Name =~ /\\.$/) (19) if (&User-Name =~ /\\.$/) -> FALSE (19) if (&User-Name =~ /@\\./) (19) if (&User-Name =~ /@\\./) -> FALSE (19) } # filter_username filter_username = notfound (19) [preprocess] = ok (19) [chap] = noop (19) [mschap] = noop (19) [digest] = noop (19) suffix : Checking for suffix after "@" (19) suffix : No '@' in User-Name = "host/CCS-252.cfs.uoguelph.ca", looking up realm NULL (19) suffix : Found realm "NULL" (19) suffix : Adding Stripped-User-Name = "host/CCS-252.cfs.uoguelph.ca" (19) suffix : Adding Realm = "NULL" (19) suffix : Authentication realm is LOCAL (19) [suffix] = ok (19) eap : Peer sent code Response (2) ID 10 length 123 (19) eap : Continuing tunnel setup (19) [eap] = ok (19) } # authorize = ok (19) Found Auth-Type = EAP (19) # Executing group from file /etc/raddb/sites-enabled/default (19) authenticate { (19) eap : Expiring EAP session with state 0x15592fca1553350c (19) eap : Finished EAP session with state 0x2c8401da2b8e18c6 (19) eap : Previous EAP request found for state 0x2c8401da2b8e18c6, released from the list (19) eap : Peer sent method PEAP (25) (19) eap : EAP PEAP (25) (19) eap : Calling eap_peap to process EAP data (19) eap_peap : processing EAP-TLS (19) eap_peap : eaptls_verify returned 7 (19) eap_peap : Done initial handshake (19) eap_peap : eaptls_process returned 7 (19) eap_peap : FR_TLS_OK (19) eap_peap : Session established. Decoding tunneled attributes (19) eap_peap : Peap state phase2 (19) eap_peap : EAP type MSCHAPv2 (26) (19) eap_peap : Got tunneled request EAP-Message = 0x020a00571a020a005231cefbd81899767ebf0c27a4ddca815a640000000000000000c1ee140e5d85a62db9d4dd943a841a0f317a77521e0c26e000686f73742f4343532d3235322e6366732e756f6775656c70682e6361 server default { (19) eap_peap : Setting User-Name to host/CCS-252.cfs.uoguelph.ca Sending tunneled request EAP-Message = 0x020a00571a020a005231cefbd81899767ebf0c27a4ddca815a640000000000000000c1ee140e5d85a62db9d4dd943a841a0f317a77521e0c26e000686f73742f4343532d3235322e6366732e756f6775656c70682e6361 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = 'host/CCS-252.cfs.uoguelph.ca' State = 0x15592fca1553350cf54c5fb896507c1b Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = 'c4-8e-8f-f8-96-33' Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' NAS-Port = 1 Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' NAS-IP-Address = 131.104.45.66 NAS-Identifier = 'WLC_TEST' Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Event-Timestamp = 'Dec 8 2015 12:13:11 EST' server inner-tunnel { (19) server inner-tunnel { (19) Request: EAP-Message = 0x020a00571a020a005231cefbd81899767ebf0c27a4ddca815a640000000000000000c1ee140e5d85a62db9d4dd943a841a0f317a77521e0c26e000686f73742f4343532d3235322e6366732e756f6775656c70682e6361 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = 'host/CCS-252.cfs.uoguelph.ca' State = 0x15592fca1553350cf54c5fb896507c1b Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = 'c4-8e-8f-f8-96-33' Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' NAS-Port = 1 Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' NAS-IP-Address = 131.104.45.66 NAS-Identifier = 'WLC_TEST' Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Event-Timestamp = 'Dec 8 2015 12:13:11 EST' (19) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (19) authorize { (19) [chap] = noop (19) [mschap] = noop (19) suffix : Checking for suffix after "@" (19) suffix : No '@' in User-Name = "host/CCS-252.cfs.uoguelph.ca", looking up realm NULL (19) suffix : Found realm "NULL" (19) suffix : Adding Stripped-User-Name = "host/CCS-252.cfs.uoguelph.ca" (19) suffix : Adding Realm = "NULL" (19) suffix : Authentication realm is LOCAL (19) [suffix] = ok (19) update control { (19) Proxy-To-Realm := 'LOCAL' (19) } # update control = noop (19) eap : Peer sent code Response (2) ID 10 length 87 (19) eap : No EAP Start, assuming it's an on-going EAP conversation (19) [eap] = updated (19) [files] = noop (19) [expiration] = noop (19) [logintime] = noop (19) [pap] = noop (19) } # authorize = updated (19) Found Auth-Type = EAP (19) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (19) authenticate { (19) eap : Expiring EAP session with state 0x15592fca1553350c (19) eap : Finished EAP session with state 0x15592fca1553350c (19) eap : Previous EAP request found for state 0x15592fca1553350c, released from the list (19) eap : Peer sent method MSCHAPv2 (26) (19) eap : EAP MSCHAPv2 (26) (19) eap : Calling eap_mschapv2 to process EAP data (19) eap_mschapv2 : # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (19) eap_mschapv2 : Auth-Type MS-CHAP { (19) mschap : Creating challenge hash with username: host/CCS-252.cfs.uoguelph.ca (19) mschap : Client is using MS-CHAPv2 Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{%{mschap:User-Name}:-00} --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --domain=%{%{mschap:NT-Domain}:-CFS.UOGUELPH.CA} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}: (19) mschap : EXPAND --username=%{%{mschap:User-Name}:-00} (19) mschap : --> --username=CCS-252$ (19) mschap : EXPAND --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} (19) mschap : --> --username=host/CCS-252.cfs.uoguelph.ca (19) mschap : EXPAND --domain=%{%{mschap:NT-Domain}:-CFS.UOGUELPH.CA} (19) mschap : --> --domain=cfs (19) mschap : Creating challenge hash with username: host/CCS-252.cfs.uoguelph.ca (19) mschap : EXPAND --challenge=%{%{mschap:Challenge}:-00} (19) mschap : --> --challenge=9845f8f1049eec1c (19) mschap : EXPAND --nt-response=%{%{mschap:NT-Response}:-00} (19) mschap : --> --nt-response=c1ee140e5d85a62db9d4dd943a841a0f317a77521e0c26e0 Program returned code (1) and output 'Logon failure (0xc000006d)' (19) mschap : External script failed (19) ERROR: mschap : External script says: Logon failure (0xc000006d) (19) ERROR: mschap : MS-CHAP2-Response is incorrect (19) [mschap] = reject (19) } # Auth-Type MS-CHAP = reject (19) eap : Freeing handler (19) [eap] = reject (19) } # authenticate = reject (19) Failed to authenticate the user (19) Login incorrect (mschap: External script says: Logon failure (0xc000006d)): [host/CCS-252.cfs.uoguelph.ca] (from client WLC2504 port 1 cli c4-8e-8f-f8-96-33 via TLS tunnel) (19) Using Post-Auth-Type Reject (19) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (19) Post-Auth-Type REJECT { (19) attr_filter.access_reject : EXPAND %{User-Name} (19) attr_filter.access_reject : --> host/CCS-252.cfs.uoguelph.ca (19) attr_filter.access_reject : Matched entry DEFAULT at line 11 (19) [attr_filter.access_reject] = updated (19) } # Post-Auth-Type REJECT = updated (19) Reply: MS-CHAP-Error = '\nE=691 R=1' EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 (19) } # server inner-tunnel } # server inner-tunnel (19) eap_peap : Got tunneled reply code 3 MS-CHAP-Error = '\nE=691 R=1' EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 (19) eap_peap : Got tunneled reply RADIUS code 3 MS-CHAP-Error = '\nE=691 R=1' EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 (19) eap_peap : Tunneled authentication was rejected (19) eap_peap : FAILURE (19) eap : New EAP session, adding 'State' attribute to reply 0x2c8401da248f18c6 (19) [eap] = handled (19) } # authenticate = handled (19) Sending Access-Challenge packet to host 131.104.45.66 port 32769, id=235, length=0 (19) EAP-Message = 0x010b002b19001703010020177abf54205c6701962bd4601c45773331b8edc3743d5248eda4378128a8efac (19) Message-Authenticator = 0x00000000000000000000000000000000 (19) State = 0x2c8401da248f18c6b5d190cb25d97c2a Sending Access-Challenge Id 235 from 131.104.99.58:1812 to 131.104.45.66:32769 EAP-Message = 0x010b002b19001703010020177abf54205c6701962bd4601c45773331b8edc3743d5248eda4378128a8efac Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2c8401da248f18c6b5d190cb25d97c2a (19) Finished request Waking up in 0.2 seconds. Received Access-Request Id 236 from 131.104.45.66:32769 to 131.104.99.58:1812 length 356 User-Name = 'host/CCS-252.cfs.uoguelph.ca' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = 'c4-8e-8f-f8-96-33' Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' NAS-Port = 1 Cisco-AVPair = 'audit-session-id=83682d420000002156670fdc' Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 131.104.45.66 NAS-Identifier = 'WLC_TEST' Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '245' EAP-Message = 0x020b002b19001703010020d2ea9655e2c33c9dad4486a3724925ffc05746f4f1ab8d1898a3fb6a4ccf51d2 State = 0x2c8401da248f18c6b5d190cb25d97c2a Message-Authenticator = 0x1398ba3031edff6b77e6799ec8e42bdc (20) Received Access-Request packet from host 131.104.45.66 port 32769, id=236, length=356 (20) User-Name = 'host/CCS-252.cfs.uoguelph.ca' (20) Chargeable-User-Identity = 0x00 (20) Location-Capable = Civix-Location (20) Calling-Station-Id = 'c4-8e-8f-f8-96-33' (20) Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' (20) NAS-Port = 1 (20) Cisco-AVPair = 'audit-session-id=83682d420000002156670fdc' (20) Acct-Session-Id = '56670fdc/c4:8e:8f:f8:96:33/33' (20) Cisco-AVPair = 'mDNS=true' (20) NAS-IP-Address = 131.104.45.66 (20) NAS-Identifier = 'WLC_TEST' (20) Airespace-Wlan-Id = 7 (20) Service-Type = Framed-User (20) Framed-MTU = 1300 (20) NAS-Port-Type = Wireless-802.11 (20) Tunnel-Type:0 = VLAN (20) Tunnel-Medium-Type:0 = IEEE-802 (20) Tunnel-Private-Group-Id:0 = '245' (20) EAP-Message = 0x020b002b19001703010020d2ea9655e2c33c9dad4486a3724925ffc05746f4f1ab8d1898a3fb6a4ccf51d2 (20) State = 0x2c8401da248f18c6b5d190cb25d97c2a (20) Message-Authenticator = 0x1398ba3031edff6b77e6799ec8e42bdc (20) # Executing section authorize from file /etc/raddb/sites-enabled/default (20) authorize { (20) filter_username filter_username { (20) if (!&User-Name) (20) if (!&User-Name) -> FALSE (20) if (&User-Name =~ / /) (20) if (&User-Name =~ / /) -> FALSE (20) if (&User-Name =~ /@.*@/ ) (20) if (&User-Name =~ /@.*@/ ) -> FALSE (20) if (&User-Name =~ /\\.\\./ ) (20) if (&User-Name =~ /\\.\\./ ) -> FALSE (20) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (20) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (20) if (&User-Name =~ /\\.$/) (20) if (&User-Name =~ /\\.$/) -> FALSE (20) if (&User-Name =~ /@\\./) (20) if (&User-Name =~ /@\\./) -> FALSE (20) } # filter_username filter_username = notfound (20) [preprocess] = ok (20) [chap] = noop (20) [mschap] = noop (20) [digest] = noop (20) suffix : Checking for suffix after "@" (20) suffix : No '@' in User-Name = "host/CCS-252.cfs.uoguelph.ca", looking up realm NULL (20) suffix : Found realm "NULL" (20) suffix : Adding Stripped-User-Name = "host/CCS-252.cfs.uoguelph.ca" (20) suffix : Adding Realm = "NULL" (20) suffix : Authentication realm is LOCAL (20) [suffix] = ok (20) eap : Peer sent code Response (2) ID 11 length 43 (20) eap : Continuing tunnel setup (20) [eap] = ok (20) } # authorize = ok (20) Found Auth-Type = EAP (20) # Executing group from file /etc/raddb/sites-enabled/default (20) authenticate { (20) eap : Expiring EAP session with state 0x2c8401da248f18c6 (20) eap : Finished EAP session with state 0x2c8401da248f18c6 (20) eap : Previous EAP request found for state 0x2c8401da248f18c6, released from the list (20) eap : Peer sent method PEAP (25) (20) eap : EAP PEAP (25) (20) eap : Calling eap_peap to process EAP data (20) eap_peap : processing EAP-TLS (20) eap_peap : eaptls_verify returned 7 (20) eap_peap : Done initial handshake (20) eap_peap : eaptls_process returned 7 (20) eap_peap : FR_TLS_OK (20) eap_peap : Session established. Decoding tunneled attributes (20) eap_peap : Peap state send tlv failure (20) eap_peap : Received EAP-TLV response (20) eap_peap : The users session was previously rejected: returning reject (again.) (20) eap_peap : *** This means you need to read the PREVIOUS messages in the debug output (20) eap_peap : *** to find out the reason why the user was rejected (20) eap_peap : *** Look for "reject" or "fail". Those earlier messages will tell you (20) eap_peap : *** what went wrong, and how to fix the problem SSL: Removing session 1cf0efc93cff9d4e25539c81bfe8d90128a8d5612174baf065bd067930266212 from the cache (20) ERROR: eap : Failed continuing EAP PEAP (25) session. EAP sub-module failed (20) eap : Failed in EAP select (20) [eap] = invalid (20) } # authenticate = invalid (20) Failed to authenticate the user (20) Login incorrect (eap: Failed continuing EAP PEAP (25) session. EAP sub-module failed): [host/CCS-252.cfs.uoguelph.ca] (from client WLC2504 port 1 cli c4-8e-8f-f8-96-33) (20) Using Post-Auth-Type Reject (20) # Executing group from file /etc/raddb/sites-enabled/default (20) Post-Auth-Type REJECT { (20) attr_filter.access_reject : EXPAND %{User-Name} (20) attr_filter.access_reject : --> host/CCS-252.cfs.uoguelph.ca (20) attr_filter.access_reject : Matched entry DEFAULT at line 11 (20) [attr_filter.access_reject] = updated (20) eap : Reply already contained an EAP-Message, not inserting EAP-Failure (20) [eap] = noop (20) remove_reply_message_if_eap remove_reply_message_if_eap { (20) if (&reply:EAP-Message && &reply:Reply-Message) (20) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (20) else else { (20) [noop] = noop (20) } # else else = noop (20) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop (20) } # Post-Auth-Type REJECT = updated (20) Delaying response for 1 seconds Waking up in 0.2 seconds. Waking up in 0.6 seconds. (20) Sending delayed response (20) Sending Access-Reject packet to host 131.104.45.66 port 32769, id=236, length=0 (20) EAP-Message = 0x040b0004 (20) Message-Authenticator = 0x00000000000000000000000000000000 Sending Access-Reject Id 236 from 131.104.99.58:1812 to 131.104.45.66:32769 EAP-Message = 0x040b0004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 1.4 seconds. (11) Cleaning up request packet ID 227 with timestamp +2371 (12) Cleaning up request packet ID 228 with timestamp +2371 (13) Cleaning up request packet ID 229 with timestamp +2371 (14) Cleaning up request packet ID 230 with timestamp +2371 (15) Cleaning up request packet ID 231 with timestamp +2371 (16) Cleaning up request packet ID 232 with timestamp +2371 Waking up in 2.3 seconds. (17) Cleaning up request packet ID 233 with timestamp +2374 (18) Cleaning up request packet ID 234 with timestamp +2374 (19) Cleaning up request packet ID 235 with timestamp +2374 (20) Cleaning up request packet ID 236 with timestamp +2374 Ready to process requests