(22) Received Access-Request packet from host 131.104.45.66 port 32769, id=152, length=356 (22) User-Name = 'host/CCS-252.cfs.uoguelph.ca' (22) Chargeable-User-Identity = 0x00 (22) Location-Capable = Civix-Location (22) Calling-Station-Id = 'c4-8e-8f-f8-96-33' (22) Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' (22) NAS-Port = 1 (22) Cisco-AVPair = 'audit-session-id=83682d4200000020566700aa' (22) Acct-Session-Id = '566700aa/c4:8e:8f:f8:96:33/32' (22) Cisco-AVPair = 'mDNS=true' (22) NAS-IP-Address = 131.104.45.66 (22) NAS-Identifier = 'WLC_TEST' (22) Airespace-Wlan-Id = 7 (22) Service-Type = Framed-User (22) Framed-MTU = 1300 (22) NAS-Port-Type = Wireless-802.11 (22) Tunnel-Type:0 = VLAN (22) Tunnel-Medium-Type:0 = IEEE-802 (22) Tunnel-Private-Group-Id:0 = '245' (22) EAP-Message = 0x020c002b19001703010020046df70617e7c42db1e9bacd676289982e532fa0d5fda47b2202cee73542fd86 (22) State = 0x3fc2c97636ced05b0ef13597f946d927 (22) Message-Authenticator = 0x0178845f2781f28992cceae1e5b5165b (22) # Executing section authorize from file /etc/raddb/sites-enabled/default (22) authorize { (22) filter_username filter_username { (22) if (!&User-Name) (22) if (!&User-Name) -> FALSE (22) if (&User-Name =~ / /) (22) if (&User-Name =~ / /) -> FALSE (22) if (&User-Name =~ /@.*@/ ) (22) if (&User-Name =~ /@.*@/ ) -> FALSE (22) if (&User-Name =~ /\\.\\./ ) (22) if (&User-Name =~ /\\.\\./ ) -> FALSE (22) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (22) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (22) if (&User-Name =~ /\\.$/) (22) if (&User-Name =~ /\\.$/) -> FALSE (22) if (&User-Name =~ /@\\./) (22) if (&User-Name =~ /@\\./) -> FALSE (22) } # filter_username filter_username = notfound (22) [preprocess] = ok (22) [chap] = noop (22) [mschap] = noop (22) [digest] = noop (22) suffix : Checking for suffix after "@" (22) suffix : No '@' in User-Name = "host/CCS-252.cfs.uoguelph.ca", looking up realm NULL (22) suffix : Found realm "NULL" (22) suffix : Adding Stripped-User-Name = "host/CCS-252.cfs.uoguelph.ca" (22) suffix : Adding Realm = "NULL" (22) suffix : Authentication realm is LOCAL (22) [suffix] = ok (22) eap : Peer sent code Response (2) ID 12 length 43 (22) eap : Continuing tunnel setup (22) [eap] = ok (22) } # authorize = ok (22) Found Auth-Type = EAP (22) # Executing group from file /etc/raddb/sites-enabled/default (22) authenticate { (22) eap : Expiring EAP session with state 0x3fc2c97636ced05b (22) eap : Finished EAP session with state 0x3fc2c97636ced05b (22) eap : Previous EAP request found for state 0x3fc2c97636ced05b, released from the list (22) eap : Peer sent method PEAP (25) (22) eap : EAP PEAP (25) (22) eap : Calling eap_peap to process EAP data (22) eap_peap : processing EAP-TLS (22) eap_peap : eaptls_verify returned 7 (22) eap_peap : Done initial handshake (22) eap_peap : eaptls_process returned 7 (22) eap_peap : FR_TLS_OK (22) eap_peap : Session established. Decoding tunneled attributes (22) eap_peap : Peap state send tlv failure (22) eap_peap : Received EAP-TLV response (22) eap_peap : The users session was previously rejected: returning reject (again.) (22) eap_peap : *** This means you need to read the PREVIOUS messages in the debug output (22) eap_peap : *** to find out the reason why the user was rejected (22) eap_peap : *** Look for "reject" or "fail". Those earlier messages will tell you (22) eap_peap : *** what went wrong, and how to fix the problem SSL: Removing session f8a48183d8a872ff45b7783267ac59b7c46d8a7c26bd72ee7c26e985207d30cf from the cache (22) ERROR: eap : Failed continuing EAP PEAP (25) session. EAP sub-module failed (22) eap : Failed in EAP select (22) [eap] = invalid (22) } # authenticate = invalid (22) Failed to authenticate the user (22) Login incorrect (eap: Failed continuing EAP PEAP (25) session. EAP sub-module failed): [host/CCS-252.cfs.uoguelph.ca] (from client WLC2504 port 1 cli c4-8e-8f-f8-96-33) (22) Using Post-Auth-Type Reject (22) # Executing group from file /etc/raddb/sites-enabled/default (22) Post-Auth-Type REJECT { (22) attr_filter.access_reject : EXPAND %{User-Name} (22) attr_filter.access_reject : --> host/CCS-252.cfs.uoguelph.ca (22) attr_filter.access_reject : Matched entry DEFAULT at line 11 (22) [attr_filter.access_reject] = updated (22) eap : Reply already contained an EAP-Message, not inserting EAP-Failure (22) [eap] = noop (22) remove_reply_message_if_eap remove_reply_message_if_eap { (22) if (&reply:EAP-Message && &reply:Reply-Message) (22) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (22) else else { (22) [noop] = noop (22) } # else else = noop (22) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop (22) } # Post-Auth-Type REJECT = updated (22) Delaying response for 1 seconds Waking up in 0.2 seconds. Waking up in 0.5 seconds. (12) Cleaning up request packet ID 142 with timestamp +118 (13) Cleaning up request packet ID 143 with timestamp +118 (14) Cleaning up request packet ID 144 with timestamp +118 (15) Cleaning up request packet ID 145 with timestamp +118 (16) Cleaning up request packet ID 146 with timestamp +118 (17) Cleaning up request packet ID 147 with timestamp +118 (18) Cleaning up request packet ID 148 with timestamp +118 (22) Sending delayed response (22) Sending Access-Reject packet to host 131.104.45.66 port 32769, id=152, length=0 (22) EAP-Message = 0x040c0004 (22) Message-Authenticator = 0x00000000000000000000000000000000 Sending Access-Reject Id 152 from 131.104.99.58:1812 to 131.104.45.66:32769 EAP-Message = 0x040c0004 Message-Authenticator = 0x00000000000000000000000000000000