FreeRADIUS Version 2.1.12, for host x86_64-pc-linux-gnu, built on Aug 26 2015 at 14:47:03 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/opendirectory including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/replicate including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/dynamic_clients including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/soh including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/rediswho including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/redis including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/ntlm_auth including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/sql.conf including configuration file /etc/freeradius/sql/mysql/dialup.conf including configuration file /etc/freeradius/sql/mysql/counter.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/inner-tunnel main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { name = "freeradius" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "hptesting" nastype = "other" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /etc/freeradius/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/freeradius/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius/radiusd.conf modules { Module: Creating Auth-Type = digest Module: Creating Post-Auth-Type = REJECT Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/freeradius/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/freeradius/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap mschap { use_mppe = yes require_encryption = yes require_strong = yes with_ntdomain_hack = no allow_retry = yes } Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /etc/freeradius/modules/digest Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /etc/freeradius/modules/unix unix { radwtmp = "/var/log/freeradius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/freeradius/eap.conf eap { default_eap_type = "peap" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/etc/freeradius/certs" pem_file_type = yes private_key_file = "/etc/freeradius/certs/server.key" certificate_file = "/etc/freeradius/certs/server.pem" CA_file = "/etc/freeradius/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/freeradius/certs/dh" random_file = "/dev/urandom" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/etc/freeradius/certs/bootstrap" ecdh_curve = "prime256v1" cache { enable = no lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = yes proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess preprocess { huntgroups = "/etc/freeradius/huntgroups" hints = "/etc/freeradius/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Linked to module rlm_always Module: Instantiating module "ok" from file /etc/freeradius/modules/always always ok { rcode = "ok" simulcount = 0 mpp = no } Module: Instantiating module "reject" from file /etc/freeradius/modules/always always reject { rcode = "reject" simulcount = 0 mpp = no } Module: Linked to module rlm_sql Module: Instantiating module "sql" from file /etc/freeradius/sql.conf sql { driver = "rlm_sql_mysql" server = "localhost" port = "3306" login = "root" password = "root123" radius_db = "radius" read_groups = yes sqltrace = no sqltracefile = "/var/log/freeradius/sqltrace.sql" readclients = yes deletestalesessions = yes num_sql_socks = 5 lifetime = 0 max_queries = 0 sql_user_name = "%{User-Name}" default_user_profile = "" nas_query = "SELECT id, nasname, shortname, type, secret, server FROM nas" authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id" authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id" accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'" accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')" accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')" accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')" group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" connect_failure_retry_delay = 60 simul_count_query = "" simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL" postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to root@localhost:3306/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 rlm_sql (sql): Processing generate_sql_clients rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): Read entry nasname=10.225.251.10,shortname=aruba,secret=testing123 rlm_sql (sql): Adding client 10.225.251.10 (aruba, server=) to clients list rlm_sql (sql): Released sql socket id: 4 Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/freeradius/modules/files files { usersfile = "/etc/freeradius/users" acctusersfile = "/etc/freeradius/acct_users" preproxy_usersfile = "/etc/freeradius/preproxy_users" compat = "no" } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "detail" from file /etc/freeradius/modules/detail detail { detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/freeradius/attrs.accounting_response" key = "%{User-Name}" relaxed = no } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/freeradius/attrs.access_reject" key = "%{User-Name}" relaxed = no } } # modules } # server server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } ... adding new socket proxy address * port 49617 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. rad_recv: Accounting-Request packet from host 10.225.251.10 port 49172, id=218, length=248 Acct-Status-Type = Stop NAS-IP-Address = 10.225.251.10 User-Name = "eby" NAS-Port = 0 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Framed-IP-Address = 10.225.252.39 Acct-Multi-Session-Id = "E02A82E1AFBF-1463994002" Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DAF0" Acct-Delay-Time = 0 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-User-Vlan = 121 Class = 0x66756c6c5f616363657373 Acct-Input-Octets = 21010 Acct-Output-Octets = 1247 Acct-Input-Packets = 223 Acct-Output-Packets = 19 Acct-Terminate-Cause = Idle-Timeout Acct-Session-Time = 463 # Executing section preacct from file /etc/freeradius/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.225.251.10,NAS-IP-Address = 10.225.251.10,Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DAF0",User-Name = "eby"' [acct_unique] Acct-Unique-Session-ID = "71f47880422c8302". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /etc/freeradius/sites-enabled/default +- entering group accounting {...} [detail] expand: %{Packet-Src-IP-Address} -> 10.225.251.10 [detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] expand: %t -> Mon May 23 16:03:47 2016 ++[detail] returns ok ++[unix] returns ok [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} -> eby ++[radutmp] returns ok [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' [sql] expand: %{Acct-Input-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Input-Octets} -> 21010 [sql] expand: %{Acct-Output-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Output-Octets} -> 1247 [sql] expand: %{Acct-Delay-Time} -> 0 [sql] expand: UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}' -> UPDATE radacct SET acctstoptime = '2016-05-23 16:03:47', acctsessiontime = '463', acctinputoctets = '0' << 32 | '21010', acctoutputoctets = '0' << 32 | rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[exec] returns noop [attr_filter.accounting_response] expand: %{User-Name} -> eby attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 218 to 10.225.251.10 port 49172 Finished request 0. Cleaning up request 0 ID 218 with timestamp +64 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=219, length=177 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x020c000801656279 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0xb2bfdf396b163acb1ddee251ee6eae21 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 2 sql_xlat finished rlm_sql (sql): Released sql socket id: 2 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 1: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 12 length 8 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 219 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x010d00061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x13f4daf313f9c3f2d394d6772fafa472 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=220, length=193 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x020d00060315 State = 0x13f4daf313f9c3f2d394d6772fafa472 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0xbb543bd903f470cd4653db60334a7d87 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 0 sql_xlat finished rlm_sql (sql): Released sql socket id: 0 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 2: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 13 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/ttls [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 220 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x010e00061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x13f4daf312facff2d394d6772fafa472 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=221, length=392 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x020e00cd150016030100c2010000be030161d025c4f8e8a31c27f352fe2414f719ff831f806e5479da5b24e249518580ae000050c014c00a0039003800880087c00fc00500350084c012c00800160013c00dc003000ac013c00900330032009a009900450044c00ec004002f00960041c011c007c00cc0020005000400150012000900ff01000045000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011000f000101 State = 0x13f4daf312facff2d394d6772fafa472 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x47d0df73ea31578677bc3f48bb8189fe # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 3 sql_xlat finished rlm_sql (sql): Released sql socket id: 3 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 3: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 14 length 205 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< TLS 1.0 Handshake [length 00c2], ClientHello [ttls] TLS_accept: SSLv3 read client hello A [ttls] >>> TLS 1.0 Handshake [length 003e], ServerHello [ttls] TLS_accept: SSLv3 write server hello A [ttls] >>> TLS 1.0 Handshake [length 02c8], Certificate [ttls] TLS_accept: SSLv3 write certificate A [ttls] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange [ttls] TLS_accept: SSLv3 write key exchange A [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [ttls] TLS_accept: SSLv3 write server done A [ttls] TLS_accept: SSLv3 flush data [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 221 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x010f040015c000000469160301003e0200003a03011edb4fd992c59fe1cc0d6af4aa4203467564f44ef236de5c4ff3509a9cdd5e1b00c014000012ff01000100000b000403000102000f00010116030102c80b0002c40002c10002be308202ba308201a2a003020102020900bc9e6b8543e996d6300d06092a864886f70d01010b05003015311330110603550403130a5241444955532d535256301e170d3136303231363038343832315a170d3236303231333038343832315a3015311330110603550403130a5241444955532d53525630820122300d06092a864886f70d01010105000382010f003082010a0282010100bce094c9e71a01497e9692 EAP-Message = 0x96e9a4a9321ee1f673ef07a28face7f6972acefae10677146d2ebbbc7fbd13d23aab112f8f7ab72ea171d2ef4cc372b2bd3202f37303b308a41aae9ac3de612d40ffacd6b699b18d04c2c65f2d5347b35b7618e83eaa7344c742d0014c9ba3425c750f281fa74a8c7ebbbf2722fdb94fac39866b5f8a390df362669a1e333b3ac75cfde4b7727b76f841c347841d82869b5e9af73729cbeb717a7f52a804df6710de2af2f4b25f89882e59fb44f8f11fd94c5e507352cbcd0f60bf84fac4ced57977bdab80a46d96ea95cbdcd88bdc7473d2f04568a318fe1f90fdb54482b1c932c4916b19cdc3d4a2100cb762a03d7c804edc057f0203010001a30d30 EAP-Message = 0x0b30090603551d1304023000300d06092a864886f70d01010b05000382010100b6efd4ce83d519df8cec7ec84f682c8829db8c181078ca931c26f01a36a0fd8f05e4176f88efaef7a03a4d8bd3933adf59b134154c6a432f082a468345c1d182e64384c6d0916d65c36a15e63450e8d78a4389d2510121cb6a547654bd34612d7e1512fad6fb63dc67e50036f50d705b99683beddaa0ca659ceb071a9f4dcb1f2d47cac683ff1c235d8d5cfe5e020c80e1b07047f2a7a4bb6fdfc2e94b55320a931cb2f4b2a96f7fe68cf61115cec4ae3e7c7171095def905314bc98bb26ec0907ae3d1862a12ba37ff3aa6fd63374863004941fad6818803cf34bf04a EAP-Message = 0x66f742e485312f6f8cf6ec8ff71cd75b1e22e178f3496f49a80dca55af6d83097de7bc160301014b0c000147030017410476e4fec4e93131a8e93a45d044433c3752abe4ea5065e2a7a627909121febf94745302221739ca8ad8aaaf5749d6b771ff9c13ad72cd354432314e143a50d73b01007064e18a2cfe16a47bf20ff1a2f9b9af8995f8819fc1638c100a28d68c06489c111bd200eab726b4c762f6cf4346d7d4deb77cbaa091aff5a21621f2616319daa68f04d3283e8ed09b02532dcc2e1f1418ac7c6a571c3eee489518cfdbdfa73cb9cfc218b697d2746aea962b67203765f31ae02fb367e140cd550f600ffb357a7c739eac3656df4e947c EAP-Message = 0xfc4f3560560a5f05f08f1c8e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x13f4daf311fbcff2d394d6772fafa472 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=222, length=193 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x020f00061500 State = 0x13f4daf311fbcff2d394d6772fafa472 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x805bebbf84d532fa129c1ceb01779ba8 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 1 sql_xlat finished rlm_sql (sql): Released sql socket id: 1 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 4: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 0 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 15 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 222 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x0110007d158000000469229c719757e80abd5907b54f669d01d5963aa190aee0b6e0f7e51e3166763aa6ccd31aa63ee745a8efec0d3f501f65cd18adfa107504c7e3605cf8e4d4b46877cdb769ac8769379acf51b11a8bd2b8655156227c4cc439dba03e5fba0c7737fcdd47641ff39773fdf12c16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x13f4daf310e4cff2d394d6772fafa472 Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=223, length=327 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x0210008c150016030100461000004241045358d4b2fd09195191c18e1c2f4f483ff86859ea88a8b9d81c58933073c47d958ec5236b70125ae0c62198261b515f286c242c527f8c5ab559fdfab474f4e69a1403010001011603010030ac8cb8f99c98f7216ecef226761464502b04071aa6df58b232f7ca9e1c97a1d3b8bf71227e5884db93fc7691cc6d3c1b State = 0x13f4daf310e4cff2d394d6772fafa472 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0xbea08276ad23dcf9c05d87a2c13403c8 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 4 sql_xlat finished rlm_sql (sql): Released sql socket id: 4 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 5: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 16 length 140 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange [ttls] TLS_accept: SSLv3 read client key exchange A [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] [ttls] <<< TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 read finished A [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] [ttls] TLS_accept: SSLv3 write change cipher spec A [ttls] >>> TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 write finished A [ttls] TLS_accept: SSLv3 flush data [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 223 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x0111004515800000003b1403010001011603010030c9e19992bbfc752d6fdea7ab4760a76adec3c14cd235d8e8e6212e1c53178e100dfc096e35825c1493b6b2e759358225 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x13f4daf317e5cff2d394d6772fafa472 Finished request 5. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=224, length=363 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x021100b015001703010020b26883be9889c6739d99b6c5638cc93aaefc680f758dbbb28583a1ea7e8c71991703010080eeed73c03c495720afe4c8f3be7eb16450922934251b49cb91dff7f2ee07a9fa8be66f1903ead78008632eb54ad16c226d5c1b0433fb853ae20182de7a6cb14bfc0d03a2a92675d8c55f983e69b15d98294fa8e86dfff705da61205c7f5f4eef12db8f081aad4e364d713e23d455e91f6fd3cdf02c95ff38038dafb4d9d5a8f6 State = 0x13f4daf317e5cff2d394d6772fafa472 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0xa52dc7853bf3f473600f330317f3043c # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 2 sql_xlat finished rlm_sql (sql): Released sql socket id: 2 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 6: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 17 length 176 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Got tunneled request User-Name = "eby" MS-CHAP-Challenge = 0xd344b2ed65d1a9accf5d6db9672feabc MS-CHAP2-Response = 0xbe006040d717a420650032ba03f0d8f386eb000000000000000019c562d3f699873e825d84c7708a22a634355730355601bb FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = "eby" MS-CHAP-Challenge = 0xd344b2ed65d1a9accf5d6db9672feabc MS-CHAP2-Response = 0xbe006040d717a420650032ba03f0d8f386eb000000000000000019c562d3f699873e825d84c7708a22a634355730355601bb FreeRADIUS-Proxied-To = 127.0.0.1 server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 0 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = MSCHAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group MS-CHAP {...} [mschap] Creating challenge hash with username: eby [mschap] Told to do MS-CHAPv2 for eby with NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok WARNING: Empty post-auth section. Using default return values. # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel } # server inner-tunnel [ttls] Got tunneled reply code 2 Class = 0x66756c6c5f616363657373 MS-CHAP2-Success = 0xbe533d46374634363545313232334141363332424631443037353239453738303633443343333743304246 MS-MPPE-Recv-Key = 0xe0121a18e8cf30b055c53c007a313d02 MS-MPPE-Send-Key = 0x90cf5e07e0e480afb41a77d19fa69046 MS-MPPE-Encryption-Policy = 0x00000002 MS-MPPE-Encryption-Types = 0x00000004 [ttls] Got tunneled Access-Accept [ttls] Got MS-CHAP2-Success, tunneling it to the client in a challenge. ++[eap] returns handled Sending Access-Challenge of id 224 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x0112005f15800000005517030100505c11344415524a46ddb70c7112ae7f95e163d1ca9704dc6d879e41bf5f5fd34e00c1f5038943f4edcb84b8718ccdf440d6592cd3cd0685318e6f2300e56a27e897df4689058386c889928ec3e1204f6e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x13f4daf316e6cff2d394d6772fafa472 Finished request 6. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=225, length=193 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x021200061500 State = 0x13f4daf316e6cff2d394d6772fafa472 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0xd04fdbc64c81fdd203d6cf2a02328517 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 4 sql_xlat finished rlm_sql (sql): Released sql socket id: 4 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 7: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 18 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake is finished [ttls] eaptls_verify returned 3 [ttls] eaptls_process returned 3 [ttls] Using saved attributes from the original Access-Accept [eap] Freeing handler ++[eap] returns ok # Executing section post-auth from file /etc/freeradius/sites-enabled/default +- entering group post-auth {...} [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'eby', '', 'Access-Accept', '2016-05-23 16:03:47') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'eby', '', 'Access-Accept', '2016-05-23 16:03:47') rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[exec] returns noop Sending Access-Accept of id 225 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 MS-MPPE-Recv-Key = 0x7db53eb7e10d2e2584728f9347d2440acdd2fcf2134f8226db7af07bce4bd9a6 MS-MPPE-Send-Key = 0x56bebf35ac009c2559ac9008950ffa2982970be1b1dd106d8b844c4e112a4667 EAP-Message = 0x03120004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "eby" Finished request 7. Going to the next request Waking up in 4.8 seconds. rad_recv: Accounting-Request packet from host 10.225.251.10 port 49172, id=226, length=218 Acct-Status-Type = Start NAS-IP-Address = 10.225.251.10 User-Name = "eby" NAS-Port = 0 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Framed-IP-Address = 10.225.252.39 Acct-Multi-Session-Id = "E02A82E1AFBF-1463994002" Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DCBF" Acct-Delay-Time = 0 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-User-Vlan = 121 Class = 0x66756c6c5f616363657373 Acct-Authentic = 0 # Executing section preacct from file /etc/freeradius/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.225.251.10,NAS-IP-Address = 10.225.251.10,Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DCBF",User-Name = "eby"' [acct_unique] Acct-Unique-Session-ID = "529cc50f7d717d17". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /etc/freeradius/sites-enabled/default +- entering group accounting {...} [detail] expand: %{Packet-Src-IP-Address} -> 10.225.251.10 [detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] expand: %t -> Mon May 23 16:03:47 2016 ++[detail] returns ok ++[unix] returns ok [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} -> eby ++[radutmp] returns ok [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' [sql] expand: %{Acct-Delay-Time} -> 0 [sql] expand: INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', rlm_sql (sql): Reserving sql socket id: 1 rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[exec] returns noop [attr_filter.accounting_response] expand: %{User-Name} -> eby attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 226 to 10.225.251.10 port 49172 Finished request 8. Cleaning up request 8 ID 226 with timestamp +64 Going to the next request Waking up in 4.8 seconds. Cleaning up request 1 ID 219 with timestamp +64 Cleaning up request 2 ID 220 with timestamp +64 Cleaning up request 3 ID 221 with timestamp +64 Cleaning up request 4 ID 222 with timestamp +64 Cleaning up request 5 ID 223 with timestamp +64 Cleaning up request 6 ID 224 with timestamp +64 Cleaning up request 7 ID 225 with timestamp +64 Ready to process requests. rad_recv: Accounting-Request packet from host 10.225.251.10 port 49172, id=227, length=242 Acct-Status-Type = Interim-Update NAS-IP-Address = 10.225.251.10 User-Name = "eby" NAS-Port = 0 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Framed-IP-Address = 10.225.252.39 Acct-Multi-Session-Id = "E02A82E1AFBF-1463994002" Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DCBF" Acct-Delay-Time = 0 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-User-Vlan = 121 Class = 0x66756c6c5f616363657373 Acct-Input-Octets = 24271 Acct-Output-Octets = 1633 Acct-Input-Packets = 131 Acct-Output-Packets = 11 Acct-Session-Time = 9 # Executing section preacct from file /etc/freeradius/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.225.251.10,NAS-IP-Address = 10.225.251.10,Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DCBF",User-Name = "eby"' [acct_unique] Acct-Unique-Session-ID = "529cc50f7d717d17". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /etc/freeradius/sites-enabled/default +- entering group accounting {...} [detail] expand: %{Packet-Src-IP-Address} -> 10.225.251.10 [detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] expand: %t -> Mon May 23 16:03:56 2016 ++[detail] returns ok ++[unix] returns noop [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} -> eby ++[radutmp] returns ok [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' [sql] expand: %{Acct-Input-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Input-Octets} -> 24271 [sql] expand: %{Acct-Output-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Output-Octets} -> 1633 [sql] expand: UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}' -> UPDATE radacct SET framedipaddress = '10.225.252.39', acctsessiontime = '9', acctinputoctets = '0' << 32 | '24271', acctoutputoctets = '0' << 32 | '1633' WHERE acctsessionid = 'F05C1986E322-E02A82E1AFBF-5742DCBF' AND username = 'eb rlm_sql (sql): Reserving sql socket id: 0 rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok ++[exec] returns noop [attr_filter.accounting_response] expand: %{User-Name} -> eby attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 227 to 10.225.251.10 port 49172 Finished request 9. Cleaning up request 9 ID 227 with timestamp +73 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.225.251.10 port 49172, id=228, length=242 Acct-Status-Type = Interim-Update NAS-IP-Address = 10.225.251.10 User-Name = "eby" NAS-Port = 0 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Framed-IP-Address = 10.225.252.39 Acct-Multi-Session-Id = "E02A82E1AFBF-1463994002" Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DCBF" Acct-Delay-Time = 0 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-User-Vlan = 121 Class = 0x66756c6c5f616363657373 Acct-Input-Octets = 32006 Acct-Output-Octets = 1633 Acct-Input-Packets = 385 Acct-Output-Packets = 11 Acct-Session-Time = 189 # Executing section preacct from file /etc/freeradius/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.225.251.10,NAS-IP-Address = 10.225.251.10,Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DCBF",User-Name = "eby"' [acct_unique] Acct-Unique-Session-ID = "529cc50f7d717d17". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /etc/freeradius/sites-enabled/default +- entering group accounting {...} [detail] expand: %{Packet-Src-IP-Address} -> 10.225.251.10 [detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] expand: %t -> Mon May 23 16:06:56 2016 ++[detail] returns ok ++[unix] returns noop [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} -> eby ++[radutmp] returns ok [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' [sql] expand: %{Acct-Input-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Input-Octets} -> 32006 [sql] expand: %{Acct-Output-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Output-Octets} -> 1633 [sql] expand: UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}' -> UPDATE radacct SET framedipaddress = '10.225.252.39', acctsessiontime = '189', acctinputoctets = '0' << 32 | '32006', acctoutputoctets = '0' << 32 | '1633' WHERE acctsessionid = 'F05C1986E322-E02A82E1AFBF-5742DCBF' AND username = ' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[exec] returns noop [attr_filter.accounting_response] expand: %{User-Name} -> eby attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 228 to 10.225.251.10 port 49172 Finished request 10. Cleaning up request 10 ID 228 with timestamp +253 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=229, length=177 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x0214000801656279 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x9c3bd6ca4d9448ba8b9c5fd68e77cfa2 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 3 sql_xlat finished rlm_sql (sql): Released sql socket id: 3 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 11: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 20 length 8 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 229 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x011500061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xefd20b3cefc7129dbd538d55346ddc61 Finished request 11. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=230, length=193 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x021500060315 State = 0xefd20b3cefc7129dbd538d55346ddc61 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x822dfcc7e887772d34a54ce0d935828b # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 1 sql_xlat finished rlm_sql (sql): Released sql socket id: 1 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 12: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 0 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 21 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/ttls [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 230 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x011600061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xefd20b3ceec41e9dbd538d55346ddc61 Finished request 12. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=231, length=392 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x021600cd150016030100c2010000be0301918cb328e403f0c42002e6b4d33d280c37c9e80dad29f712f4dc63443191c47b000050c014c00a0039003800880087c00fc00500350084c012c00800160013c00dc003000ac013c00900330032009a009900450044c00ec004002f00960041c011c007c00cc0020005000400150012000900ff01000045000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011000f000101 State = 0xefd20b3ceec41e9dbd538d55346ddc61 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x6e8bdb9d9d77f9abddcf41dcc1f05fe4 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 4 sql_xlat finished rlm_sql (sql): Released sql socket id: 4 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 13: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 22 length 205 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< TLS 1.0 Handshake [length 00c2], ClientHello [ttls] TLS_accept: SSLv3 read client hello A [ttls] >>> TLS 1.0 Handshake [length 003e], ServerHello [ttls] TLS_accept: SSLv3 write server hello A [ttls] >>> TLS 1.0 Handshake [length 02c8], Certificate [ttls] TLS_accept: SSLv3 write certificate A [ttls] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange [ttls] TLS_accept: SSLv3 write key exchange A [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [ttls] TLS_accept: SSLv3 write server done A [ttls] TLS_accept: SSLv3 flush data [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 231 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x0117040015c000000469160301003e0200003a030160c229619bf607da8fd8f2a577afe27b5177580df0209cbe935cf3b642f43e4800c014000012ff01000100000b000403000102000f00010116030102c80b0002c40002c10002be308202ba308201a2a003020102020900bc9e6b8543e996d6300d06092a864886f70d01010b05003015311330110603550403130a5241444955532d535256301e170d3136303231363038343832315a170d3236303231333038343832315a3015311330110603550403130a5241444955532d53525630820122300d06092a864886f70d01010105000382010f003082010a0282010100bce094c9e71a01497e9692 EAP-Message = 0x96e9a4a9321ee1f673ef07a28face7f6972acefae10677146d2ebbbc7fbd13d23aab112f8f7ab72ea171d2ef4cc372b2bd3202f37303b308a41aae9ac3de612d40ffacd6b699b18d04c2c65f2d5347b35b7618e83eaa7344c742d0014c9ba3425c750f281fa74a8c7ebbbf2722fdb94fac39866b5f8a390df362669a1e333b3ac75cfde4b7727b76f841c347841d82869b5e9af73729cbeb717a7f52a804df6710de2af2f4b25f89882e59fb44f8f11fd94c5e507352cbcd0f60bf84fac4ced57977bdab80a46d96ea95cbdcd88bdc7473d2f04568a318fe1f90fdb54482b1c932c4916b19cdc3d4a2100cb762a03d7c804edc057f0203010001a30d30 EAP-Message = 0x0b30090603551d1304023000300d06092a864886f70d01010b05000382010100b6efd4ce83d519df8cec7ec84f682c8829db8c181078ca931c26f01a36a0fd8f05e4176f88efaef7a03a4d8bd3933adf59b134154c6a432f082a468345c1d182e64384c6d0916d65c36a15e63450e8d78a4389d2510121cb6a547654bd34612d7e1512fad6fb63dc67e50036f50d705b99683beddaa0ca659ceb071a9f4dcb1f2d47cac683ff1c235d8d5cfe5e020c80e1b07047f2a7a4bb6fdfc2e94b55320a931cb2f4b2a96f7fe68cf61115cec4ae3e7c7171095def905314bc98bb26ec0907ae3d1862a12ba37ff3aa6fd63374863004941fad6818803cf34bf04a EAP-Message = 0x66f742e485312f6f8cf6ec8ff71cd75b1e22e178f3496f49a80dca55af6d83097de7bc160301014b0c00014703001741042b328d54f8a36a473e227cc727efd487a2c71ffb25946dbbe296deedd1acbe1fd7aaf50753b3306095efdb1d51988ef919997ed796fadf756b9b616faf949f3601002a2db595bd483c5dcdc9a4e343ea50804ec2d6b989bd9fbf900f0cbcc9957e2806c7fb321aca54a2d4fef3dbe982784d3a069a854b86f7a4559092146752edb6fea376a4ab78b651dc2f0e0d15d41d19dab17cfec25cbcfb5bc86e0b13643148f4d88489a64ae917dec8055d8482b214bcb4b58f6ce864b7a5bbd3315ba6644aeee3a38786f42fa1ae51 EAP-Message = 0x21372a4939683501c809a03a Message-Authenticator = 0x00000000000000000000000000000000 State = 0xefd20b3cedc51e9dbd538d55346ddc61 Finished request 13. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=232, length=193 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x021700061500 State = 0xefd20b3cedc51e9dbd538d55346ddc61 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x9824d97d40eebcb7c424b4dc4598c763 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 2 sql_xlat finished rlm_sql (sql): Released sql socket id: 2 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 14: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 23 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 232 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x0118007d158000000469d8ad3de6ba07ebb5a5b8d22be548c81f783eb5c4447605c7e02ac3a1515e409a92d452d9e96b1c1d6a77ab5a45d4b7cbc1f65375fdbbc46d0c2a76ad4947db547efc76955ab94a0c3ec0b3eb2b396ad07ac3a519cf6e1e3c6b23a2ce0467d0c484d604e402c3ac22d49816030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xefd20b3cecca1e9dbd538d55346ddc61 Finished request 14. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=233, length=327 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x0218008c1500160301004610000042410466bc6438bcec0af5050627a0044303c17707f58e52bb0ba0cc324934a7af1f3507632a06f8f493aa8155dbbf9daf5df7b6c5b4fa002cf5e85f24ff610ef81492140301000101160301003073eecd65f50acb7a6cdf27c30d17cfea0762ca10e349a2d26ffc03cf07cba4619e98526a478c4625c0bd1abc49904a1b State = 0xefd20b3cecca1e9dbd538d55346ddc61 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x70169020eaa52dd2e5bda138f3b6af79 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 0 sql_xlat finished rlm_sql (sql): Released sql socket id: 0 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 15: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 24 length 140 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange [ttls] TLS_accept: SSLv3 read client key exchange A [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] [ttls] <<< TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 read finished A [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] [ttls] TLS_accept: SSLv3 write change cipher spec A [ttls] >>> TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 write finished A [ttls] TLS_accept: SSLv3 flush data [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 233 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x0119004515800000003b1403010001011603010030faab12380523c89f608a5a72962d36249563eedf0924592078c2a70ad51284fd88ef0dc6e30d05b5329cdceb85d65ada Message-Authenticator = 0x00000000000000000000000000000000 State = 0xefd20b3cebcb1e9dbd538d55346ddc61 Finished request 15. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=234, length=363 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x021900b015001703010020478e49feba8c0403a26f4af1e154703c5ea6943bf6b4608d8236946ce77d523a1703010080cc3592c84f77c9afe236fc3e86e64f1e8f8a495f599e31d3bcbebf375758cfacc7a8252d892231b4fe5e37da8a7e032556e28f3d4a0b015e2e7d2b4106206dae29102b8386f830cf81aabf14c7e854454425b86875ea48c6b134c0acf2afecd83cb3f4f6bf4fb0001a054cbbf35898b7f2a84824b9cb2df6fe87f9df2787d5e8 State = 0xefd20b3cebcb1e9dbd538d55346ddc61 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0xc1527f1e7753f0d666d0841f26e1cebf # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 3 sql_xlat finished rlm_sql (sql): Released sql socket id: 3 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 16: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 25 length 176 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Got tunneled request User-Name = "eby" MS-CHAP-Challenge = 0x8c1b5b7edae154bcd8c0993a78a6b093 MS-CHAP2-Response = 0xbf004ba3f72a46bfe57e633f0c134019b557000000000000000065846a418133941c5da3e153d39fea62364146af811fb4d5 FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = "eby" MS-CHAP-Challenge = 0x8c1b5b7edae154bcd8c0993a78a6b093 MS-CHAP2-Response = 0xbf004ba3f72a46bfe57e633f0c134019b557000000000000000065846a418133941c5da3e153d39fea62364146af811fb4d5 FreeRADIUS-Proxied-To = 127.0.0.1 server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = MSCHAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group MS-CHAP {...} [mschap] Creating challenge hash with username: eby [mschap] Told to do MS-CHAPv2 for eby with NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok WARNING: Empty post-auth section. Using default return values. # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel } # server inner-tunnel [ttls] Got tunneled reply code 2 Class = 0x66756c6c5f616363657373 MS-CHAP2-Success = 0xbf533d44384430413941424535424246313144384437393444354339443336453036333338444232323643 MS-MPPE-Recv-Key = 0x9ab75cf427468352b55a0b39a3137577 MS-MPPE-Send-Key = 0x44ccfad03e7e47f841a33894b3ce7e8a MS-MPPE-Encryption-Policy = 0x00000002 MS-MPPE-Encryption-Types = 0x00000004 [ttls] Got tunneled Access-Accept [ttls] Got MS-CHAP2-Success, tunneling it to the client in a challenge. ++[eap] returns handled Sending Access-Challenge of id 234 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x011a005f1580000000551703010050b18f5e44e29790477c7824d849e14729d46b730ea88a6974c6849c600ea78263017fc9daf563841ff62706e5608f5af4a9119f70ef2890109226d8174c869cdce73563283fd0ff843cdc07f0e8265c3f Message-Authenticator = 0x00000000000000000000000000000000 State = 0xefd20b3ceac81e9dbd538d55346ddc61 Finished request 16. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=235, length=193 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x021a00061500 State = 0xefd20b3ceac81e9dbd538d55346ddc61 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x8a2ffb505d0a87a951ebfff53f8b0377 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 0 sql_xlat finished rlm_sql (sql): Released sql socket id: 0 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 17: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 26 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake is finished [ttls] eaptls_verify returned 3 [ttls] eaptls_process returned 3 [ttls] Using saved attributes from the original Access-Accept [eap] Freeing handler ++[eap] returns ok # Executing section post-auth from file /etc/freeradius/sites-enabled/default +- entering group post-auth {...} [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'eby', '', 'Access-Accept', '2016-05-23 16:07:11') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'eby', '', 'Access-Accept', '2016-05-23 16:07:11') rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[exec] returns noop Sending Access-Accept of id 235 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 MS-MPPE-Recv-Key = 0xe737b04b754efd4475d1bd15c67c0c80dba7b42792e4dfcd0648e28c82795ca3 MS-MPPE-Send-Key = 0x3e2c3e32062ccab7aa7c5b11ccda53ff55d8973ec3c9c01fe9c70cfee2a87fb8 EAP-Message = 0x031a0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "eby" Finished request 17. Going to the next request Waking up in 4.7 seconds. Cleaning up request 11 ID 229 with timestamp +268 Cleaning up request 12 ID 230 with timestamp +268 Cleaning up request 13 ID 231 with timestamp +268 Waking up in 0.1 seconds. Cleaning up request 14 ID 232 with timestamp +268 Cleaning up request 15 ID 233 with timestamp +268 Cleaning up request 16 ID 234 with timestamp +268 Cleaning up request 17 ID 235 with timestamp +268 Ready to process requests. rad_recv: Accounting-Request packet from host 10.225.251.10 port 49172, id=236, length=242 Acct-Status-Type = Interim-Update NAS-IP-Address = 10.225.251.10 User-Name = "eby" NAS-Port = 0 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Framed-IP-Address = 10.225.252.39 Acct-Multi-Session-Id = "E02A82E1AFBF-1463994002" Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DCBF" Acct-Delay-Time = 0 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-User-Vlan = 121 Class = 0x66756c6c5f616363657373 Acct-Input-Octets = 33848 Acct-Output-Octets = 3495 Acct-Input-Packets = 680 Acct-Output-Packets = 21 Acct-Session-Time = 369 # Executing section preacct from file /etc/freeradius/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.225.251.10,NAS-IP-Address = 10.225.251.10,Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DCBF",User-Name = "eby"' [acct_unique] Acct-Unique-Session-ID = "529cc50f7d717d17". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /etc/freeradius/sites-enabled/default +- entering group accounting {...} [detail] expand: %{Packet-Src-IP-Address} -> 10.225.251.10 [detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] expand: %t -> Mon May 23 16:09:57 2016 ++[detail] returns ok ++[unix] returns noop [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} -> eby ++[radutmp] returns ok [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' [sql] expand: %{Acct-Input-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Input-Octets} -> 33848 [sql] expand: %{Acct-Output-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Output-Octets} -> 3495 [sql] expand: UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}' -> UPDATE radacct SET framedipaddress = '10.225.252.39', acctsessiontime = '369', acctinputoctets = '0' << 32 | '33848', acctoutputoctets = '0' << 32 | '3495' WHERE acctsessionid = 'F05C1986E322-E02A82E1AFBF-5742DCBF' AND username = ' rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[exec] returns noop [attr_filter.accounting_response] expand: %{User-Name} -> eby attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 236 to 10.225.251.10 port 49172 Finished request 18. Cleaning up request 18 ID 236 with timestamp +434 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=237, length=177 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x021c000801656279 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0xbaf2a0177d781145eae3f94a32ee2cd5 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 1 sql_xlat finished rlm_sql (sql): Released sql socket id: 1 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 19: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 0 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 28 length 8 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 237 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x011d00061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd859209fd84439ea8cceed41187434e3 Finished request 19. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=238, length=193 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x021d00060315 State = 0xd859209fd84439ea8cceed41187434e3 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0xcfb27e24dd073aa8ba2775bc0c9332b3 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 4 sql_xlat finished rlm_sql (sql): Released sql socket id: 4 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 20: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 29 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/ttls [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 238 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x011e00061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd859209fd94735ea8cceed41187434e3 Finished request 20. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=239, length=392 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x021e00cd150016030100c2010000be0301d65ddf4b083725e5ff0eb40367583d05dece472a74ff179e7d396e50d44198f8000050c014c00a0039003800880087c00fc00500350084c012c00800160013c00dc003000ac013c00900330032009a009900450044c00ec004002f00960041c011c007c00cc0020005000400150012000900ff01000045000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011000f000101 State = 0xd859209fd94735ea8cceed41187434e3 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x15162a4f4641603ba2f20f21b1358d77 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 2 sql_xlat finished rlm_sql (sql): Released sql socket id: 2 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 21: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 30 length 205 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< TLS 1.0 Handshake [length 00c2], ClientHello [ttls] TLS_accept: SSLv3 read client hello A [ttls] >>> TLS 1.0 Handshake [length 003e], ServerHello [ttls] TLS_accept: SSLv3 write server hello A [ttls] >>> TLS 1.0 Handshake [length 02c8], Certificate [ttls] TLS_accept: SSLv3 write certificate A [ttls] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange [ttls] TLS_accept: SSLv3 write key exchange A [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [ttls] TLS_accept: SSLv3 write server done A [ttls] TLS_accept: SSLv3 flush data [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 239 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x011f040015c000000469160301003e0200003a0301151da82ab6883d58c859d86f1b5e7e53df665af720d853f6eb6df1ffbdc52d1000c014000012ff01000100000b000403000102000f00010116030102c80b0002c40002c10002be308202ba308201a2a003020102020900bc9e6b8543e996d6300d06092a864886f70d01010b05003015311330110603550403130a5241444955532d535256301e170d3136303231363038343832315a170d3236303231333038343832315a3015311330110603550403130a5241444955532d53525630820122300d06092a864886f70d01010105000382010f003082010a0282010100bce094c9e71a01497e9692 EAP-Message = 0x96e9a4a9321ee1f673ef07a28face7f6972acefae10677146d2ebbbc7fbd13d23aab112f8f7ab72ea171d2ef4cc372b2bd3202f37303b308a41aae9ac3de612d40ffacd6b699b18d04c2c65f2d5347b35b7618e83eaa7344c742d0014c9ba3425c750f281fa74a8c7ebbbf2722fdb94fac39866b5f8a390df362669a1e333b3ac75cfde4b7727b76f841c347841d82869b5e9af73729cbeb717a7f52a804df6710de2af2f4b25f89882e59fb44f8f11fd94c5e507352cbcd0f60bf84fac4ced57977bdab80a46d96ea95cbdcd88bdc7473d2f04568a318fe1f90fdb54482b1c932c4916b19cdc3d4a2100cb762a03d7c804edc057f0203010001a30d30 EAP-Message = 0x0b30090603551d1304023000300d06092a864886f70d01010b05000382010100b6efd4ce83d519df8cec7ec84f682c8829db8c181078ca931c26f01a36a0fd8f05e4176f88efaef7a03a4d8bd3933adf59b134154c6a432f082a468345c1d182e64384c6d0916d65c36a15e63450e8d78a4389d2510121cb6a547654bd34612d7e1512fad6fb63dc67e50036f50d705b99683beddaa0ca659ceb071a9f4dcb1f2d47cac683ff1c235d8d5cfe5e020c80e1b07047f2a7a4bb6fdfc2e94b55320a931cb2f4b2a96f7fe68cf61115cec4ae3e7c7171095def905314bc98bb26ec0907ae3d1862a12ba37ff3aa6fd63374863004941fad6818803cf34bf04a EAP-Message = 0x66f742e485312f6f8cf6ec8ff71cd75b1e22e178f3496f49a80dca55af6d83097de7bc160301014b0c0001470300174104c80830dea6e204acbe8faf67d0f2f15b412e30989677e1ceae6d6814d8462ee93bcb9374146d6c75c72c668a61279b4bed19ec1c27f45f0329535f3f4329fd4a0100bab34d27c9a337a5d19b3a782083efeeea3c0b1da33a8947af38f54ce92581bf0251a299fe8a03669bbd592c372906db2b9ffc21b691ec828f8841f0b442977a986646d624d458f942b1891029799fcd9a661f423b5d96e2f14e5c0715f48f1aed1a3d1345708acf04ea58f5ace30769e4f6693172af44646b4bb88d36b43b85101b755b58cddd32b3f9 EAP-Message = 0x8edf9e3172db2194798ee876 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd859209fda4635ea8cceed41187434e3 Finished request 21. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=240, length=193 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x021f00061500 State = 0xd859209fda4635ea8cceed41187434e3 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0xc39e46e0ec6f06845a389801fad54f52 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 0 sql_xlat finished rlm_sql (sql): Released sql socket id: 0 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 22: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 31 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 240 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x0120007d158000000469e2c1db67474ce8f7abb9f0a0f3875aaff90ecf5c4f4c3ef123e656fc633e22809b1f3d6e144ef3685a2e5e28313ffe70502d0925c1967ceb61d81fbaca132d84499b842a3ce48c50639313b8fa56bcc3aab476bc61bec583577f679077e2400a8316b0229e551d90785716030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd859209fdb7935ea8cceed41187434e3 Finished request 22. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=241, length=327 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x0220008c15001603010046100000424104945b442593e9e03988e2c769b5d118c012d2e9b6ff835061d54b9616e95104b4b8439d5b1dfe032f329ca81f470502717ed6c2278541ecc595f2718fe1a9d8e814030100010116030100300b3d87deebb3fd5d0fac08c20d2f5a9d73dcfd22a02e9266ca1b5d7837989de4afab06229b95a9e15ba6bf21e068bf91 State = 0xd859209fdb7935ea8cceed41187434e3 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0xdebeb2fe9c4dacd9cb49ed05b731f278 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 3 sql_xlat finished rlm_sql (sql): Released sql socket id: 3 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 23: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 32 length 140 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange [ttls] TLS_accept: SSLv3 read client key exchange A [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] [ttls] <<< TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 read finished A [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] [ttls] TLS_accept: SSLv3 write change cipher spec A [ttls] >>> TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 write finished A [ttls] TLS_accept: SSLv3 flush data [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 241 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x0121004515800000003b1403010001011603010030472a5b11a844d92ec80947b80424cc1f7d50320f713686c02953c3169be15d247fe8301106953624ab28be06236c60d7 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd859209fdc7835ea8cceed41187434e3 Finished request 23. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=242, length=363 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x022100b015001703010020186e5224da57c0e2358b07a864050dacaadf2004c899560956e1513a9bea3a4b17030100805365256367b9efabef1ecc0b7a13c644fa089f66bc0e0e0e8fabe06e6e2e45f535fb395e3e0dd3bb48e6256d45333ece68c0273f9a4ba6a030f0c78eac2ed47d7e9ff8c234bcd105d20cb51f1bb97b9957b91e1a9f8bff4c2acf13f3e0867e41bf942c261bc5c679132dcd3f8c04c5cd57bab4d4ec575eb264ce38ef53aba651 State = 0xd859209fdc7835ea8cceed41187434e3 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x769ab9191c6e5e0111f380fd0fdf4e0b # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 1 sql_xlat finished rlm_sql (sql): Released sql socket id: 1 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 24: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 0 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 33 length 176 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Got tunneled request User-Name = "eby" MS-CHAP-Challenge = 0xa16a286ddcd637c9331f88d6de6d0a35 MS-CHAP2-Response = 0x65001ef4f0dac1112a8ebf5b1c7e4179cde00000000000000000414479ab2c10301838acddaf7fe5dd061d201ca0de44c6fd FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = "eby" MS-CHAP-Challenge = 0xa16a286ddcd637c9331f88d6de6d0a35 MS-CHAP2-Response = 0x65001ef4f0dac1112a8ebf5b1c7e4179cde00000000000000000414479ab2c10301838acddaf7fe5dd061d201ca0de44c6fd FreeRADIUS-Proxied-To = 127.0.0.1 server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = MSCHAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group MS-CHAP {...} [mschap] Creating challenge hash with username: eby [mschap] Told to do MS-CHAPv2 for eby with NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok WARNING: Empty post-auth section. Using default return values. # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel } # server inner-tunnel [ttls] Got tunneled reply code 2 Class = 0x66756c6c5f616363657373 MS-CHAP2-Success = 0x65533d42463041363636414638394239433944323038323330433932343831323946433834453531454644 MS-MPPE-Recv-Key = 0x228ad9fc732861d10ceed69a75a7431b MS-MPPE-Send-Key = 0x083c78f0183f54e525262bafc0a227d1 MS-MPPE-Encryption-Policy = 0x00000002 MS-MPPE-Encryption-Types = 0x00000004 [ttls] Got tunneled Access-Accept [ttls] Got MS-CHAP2-Success, tunneling it to the client in a challenge. ++[eap] returns handled Sending Access-Challenge of id 242 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x0122005f158000000055170301005039b7ea54eb90cc6e4fa257779532e96a3850b1dec2b9f5c3c8f5a76f323b91f67563db888962e108ab2e79f156452c36661d21222ef04045a2e6ed80be71cee13f70179e43c7989735dd7cb552dbeb3c Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd859209fdd7b35ea8cceed41187434e3 Finished request 24. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=243, length=193 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x022200061500 State = 0xd859209fdd7b35ea8cceed41187434e3 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x3de60260bf3890a68e9bf738f173669d # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 3 sql_xlat finished rlm_sql (sql): Released sql socket id: 3 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 25: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 34 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake is finished [ttls] eaptls_verify returned 3 [ttls] eaptls_process returned 3 [ttls] Using saved attributes from the original Access-Accept [eap] Freeing handler ++[eap] returns ok # Executing section post-auth from file /etc/freeradius/sites-enabled/default +- entering group post-auth {...} [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'eby', '', 'Access-Accept', '2016-05-23 16:10:11') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'eby', '', 'Access-Accept', '2016-05-23 16:10:11') rlm_sql (sql): Reserving sql socket id: 1 rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[exec] returns noop Sending Access-Accept of id 243 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 MS-MPPE-Recv-Key = 0xb79ac6436bff61090e2d28b84af2b3fb9b34cd98bfd392ded5c40947939c1212 MS-MPPE-Send-Key = 0xdfbadc13449d0687e0ad4956313e50fb80c86e077389624a01f31b7246c914ed EAP-Message = 0x03220004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "eby" Finished request 25. Going to the next request Waking up in 4.8 seconds. Cleaning up request 19 ID 237 with timestamp +448 Cleaning up request 20 ID 238 with timestamp +448 Cleaning up request 21 ID 239 with timestamp +448 Cleaning up request 22 ID 240 with timestamp +448 Cleaning up request 23 ID 241 with timestamp +448 Cleaning up request 24 ID 242 with timestamp +448 Cleaning up request 25 ID 243 with timestamp +448 Ready to process requests. rad_recv: Accounting-Request packet from host 10.225.251.10 port 49172, id=244, length=242 Acct-Status-Type = Interim-Update NAS-IP-Address = 10.225.251.10 User-Name = "eby" NAS-Port = 0 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Framed-IP-Address = 10.225.252.39 Acct-Multi-Session-Id = "E02A82E1AFBF-1463994002" Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DCBF" Acct-Delay-Time = 0 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-User-Vlan = 121 Class = 0x66756c6c5f616363657373 Acct-Input-Octets = 35363 Acct-Output-Octets = 5357 Acct-Input-Packets = 959 Acct-Output-Packets = 31 Acct-Session-Time = 550 # Executing section preacct from file /etc/freeradius/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.225.251.10,NAS-IP-Address = 10.225.251.10,Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DCBF",User-Name = "eby"' [acct_unique] Acct-Unique-Session-ID = "529cc50f7d717d17". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /etc/freeradius/sites-enabled/default +- entering group accounting {...} [detail] expand: %{Packet-Src-IP-Address} -> 10.225.251.10 [detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] expand: %t -> Mon May 23 16:12:57 2016 ++[detail] returns ok ++[unix] returns noop [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} -> eby ++[radutmp] returns ok [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' [sql] expand: %{Acct-Input-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Input-Octets} -> 35363 [sql] expand: %{Acct-Output-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Output-Octets} -> 5357 [sql] expand: UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}' -> UPDATE radacct SET framedipaddress = '10.225.252.39', acctsessiontime = '550', acctinputoctets = '0' << 32 | '35363', acctoutputoctets = '0' << 32 | '5357' WHERE acctsessionid = 'F05C1986E322-E02A82E1AFBF-5742DCBF' AND username = ' rlm_sql (sql): Reserving sql socket id: 0 rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok ++[exec] returns noop [attr_filter.accounting_response] expand: %{User-Name} -> eby attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 244 to 10.225.251.10 port 49172 Finished request 26. Cleaning up request 26 ID 244 with timestamp +614 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=245, length=177 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x0224000801656279 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0xf225e7ad86ecd300d3b49c8fb0d716fa # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 4 sql_xlat finished rlm_sql (sql): Released sql socket id: 4 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 27: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 36 length 8 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 245 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x012500061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe3508268e3759b25ef1a5243b190d5ef Finished request 27. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=246, length=193 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x022500060315 State = 0xe3508268e3759b25ef1a5243b190d5ef Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x51a1273ae4e109d98687861edd04855a # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 2 sql_xlat finished rlm_sql (sql): Released sql socket id: 2 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 28: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 37 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/ttls [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 246 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x012600061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe3508268e2769725ef1a5243b190d5ef Finished request 28. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=247, length=392 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x022600cd150016030100c2010000be030155405ea6c35530c1cd54d27d58c1f6eacc8430feafa080b4ad71a735a5265645000050c014c00a0039003800880087c00fc00500350084c012c00800160013c00dc003000ac013c00900330032009a009900450044c00ec004002f00960041c011c007c00cc0020005000400150012000900ff01000045000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011000f000101 State = 0xe3508268e2769725ef1a5243b190d5ef Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0xcdbf8c0843918db682a3fecf21d24182 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 0 sql_xlat finished rlm_sql (sql): Released sql socket id: 0 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 29: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 38 length 205 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< TLS 1.0 Handshake [length 00c2], ClientHello [ttls] TLS_accept: SSLv3 read client hello A [ttls] >>> TLS 1.0 Handshake [length 003e], ServerHello [ttls] TLS_accept: SSLv3 write server hello A [ttls] >>> TLS 1.0 Handshake [length 02c8], Certificate [ttls] TLS_accept: SSLv3 write certificate A [ttls] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange [ttls] TLS_accept: SSLv3 write key exchange A [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [ttls] TLS_accept: SSLv3 write server done A [ttls] TLS_accept: SSLv3 flush data [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 247 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x0127040015c000000469160301003e0200003a030112e6de4a189ebd1a85ca1110a8f703e4b7c959b1fbe5acfb1d0468a2a9771f1800c014000012ff01000100000b000403000102000f00010116030102c80b0002c40002c10002be308202ba308201a2a003020102020900bc9e6b8543e996d6300d06092a864886f70d01010b05003015311330110603550403130a5241444955532d535256301e170d3136303231363038343832315a170d3236303231333038343832315a3015311330110603550403130a5241444955532d53525630820122300d06092a864886f70d01010105000382010f003082010a0282010100bce094c9e71a01497e9692 EAP-Message = 0x96e9a4a9321ee1f673ef07a28face7f6972acefae10677146d2ebbbc7fbd13d23aab112f8f7ab72ea171d2ef4cc372b2bd3202f37303b308a41aae9ac3de612d40ffacd6b699b18d04c2c65f2d5347b35b7618e83eaa7344c742d0014c9ba3425c750f281fa74a8c7ebbbf2722fdb94fac39866b5f8a390df362669a1e333b3ac75cfde4b7727b76f841c347841d82869b5e9af73729cbeb717a7f52a804df6710de2af2f4b25f89882e59fb44f8f11fd94c5e507352cbcd0f60bf84fac4ced57977bdab80a46d96ea95cbdcd88bdc7473d2f04568a318fe1f90fdb54482b1c932c4916b19cdc3d4a2100cb762a03d7c804edc057f0203010001a30d30 EAP-Message = 0x0b30090603551d1304023000300d06092a864886f70d01010b05000382010100b6efd4ce83d519df8cec7ec84f682c8829db8c181078ca931c26f01a36a0fd8f05e4176f88efaef7a03a4d8bd3933adf59b134154c6a432f082a468345c1d182e64384c6d0916d65c36a15e63450e8d78a4389d2510121cb6a547654bd34612d7e1512fad6fb63dc67e50036f50d705b99683beddaa0ca659ceb071a9f4dcb1f2d47cac683ff1c235d8d5cfe5e020c80e1b07047f2a7a4bb6fdfc2e94b55320a931cb2f4b2a96f7fe68cf61115cec4ae3e7c7171095def905314bc98bb26ec0907ae3d1862a12ba37ff3aa6fd63374863004941fad6818803cf34bf04a EAP-Message = 0x66f742e485312f6f8cf6ec8ff71cd75b1e22e178f3496f49a80dca55af6d83097de7bc160301014b0c0001470300174104d95a3c08a4c4957dec91f9ee8161424a1e321ba2162457e763a0b6e6e1a6e97089f84ed1eb679a326e651fcf5331df96870a9ce0e6be631b88337366bc7b77a201009d5c8f78122ffe6fc80822547098c516f19aa558493ab49c564bbe808de27b9c2e9ad3dc0767a2a6e7228ffe552220108e422e35e16f24c6a81b297fac1042c91f4598badde7a2574b229d31e092563623148ed3b64b284beb2076fe8cec25b6b17945562d32e014dfd55ce5ec948083a08474870361d72a6ca051ac42f48d642484cc2d85bc4ced3c93 EAP-Message = 0xe60f490d1aba6f9b8ffca95e Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe3508268e1779725ef1a5243b190d5ef Finished request 29. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=248, length=193 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x022700061500 State = 0xe3508268e1779725ef1a5243b190d5ef Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x81a2ac5b723a387c0d0678e5c42b82ab # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 3 sql_xlat finished rlm_sql (sql): Released sql socket id: 3 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 30: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 39 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 248 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x0128007d1580000004696c8aa61ecafa0c8bc389d4f1626b9226ca6f83f8e8be0ab0a0ee6a3360e394560e9ea4d7f60b65c03f4fc3dc50a2792d5c98d4aea7c32ec62014e37bbb6181021e72ae217914e1f7b212ba680c75fb6b5f0ceb95dfbad089580df040388fb1f613b5752921884d821d1b16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe3508268e0789725ef1a5243b190d5ef Finished request 30. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=249, length=327 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x0228008c15001603010046100000424104032c91610b614c5a409d3a979e42ee230d612d206afc816cd44e75d964b1c5215787fffeff07405b240883001e7a87ea3fb52825ba6f06569a80fa465d88853c14030100010116030100300a561e725f81a44f9d3e7693201dd2b027340626ec182ee341bb5987c74a95a7fac0a2ffbdc4ee725de8520e58a5a4c9 State = 0xe3508268e0789725ef1a5243b190d5ef Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x3da41dcae07b19959ddd4b3052f5139a # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 1 sql_xlat finished rlm_sql (sql): Released sql socket id: 1 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 31: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 0 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 40 length 140 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange [ttls] TLS_accept: SSLv3 read client key exchange A [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] [ttls] <<< TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 read finished A [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] [ttls] TLS_accept: SSLv3 write change cipher spec A [ttls] >>> TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 write finished A [ttls] TLS_accept: SSLv3 flush data [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 249 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x0129004515800000003b14030100010116030100301a0785009640075a5ac732aff53c53eaaaf5b2c1ad9e8fc3666f4dd35c1d8bf687e95a02928cb7d187fa3137061d51bc Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe3508268e7799725ef1a5243b190d5ef Finished request 31. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=250, length=363 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x022900b01500170301002037ae2b671391ef42b1c4a72b267e47aaf20811dbfc90864042e72697057bab541703010080980292ca6db88570308e8bc4269074c425f118b762b68430beb6411c34ecdbbe165169e8335a2416c5d9c455538f54e207a8598b30eb8d72c4cfae3f5f5c3d8f4f2bea9a95f79056f23d9f64ab33763025fb3ecad4c794c4dac1bd2994536c36b436a53cf738c028b921f4347763c06c36d8eb5b3b8b2f0b974fdbe1032ac832 State = 0xe3508268e7799725ef1a5243b190d5ef Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x5896d045c72efa06cbcb0a5b9a6d772b # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 4 sql_xlat finished rlm_sql (sql): Released sql socket id: 4 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 32: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 41 length 176 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Got tunneled request User-Name = "eby" MS-CHAP-Challenge = 0x80384ef7f9b9695327bbf99a18d6b6d4 MS-CHAP2-Response = 0x32006a1f3d75a8743911e5c752818e54954500000000000000002aeab00cabdaa31bad0bbf21fb07f1aff21cd05a976d6ba9 FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = "eby" MS-CHAP-Challenge = 0x80384ef7f9b9695327bbf99a18d6b6d4 MS-CHAP2-Response = 0x32006a1f3d75a8743911e5c752818e54954500000000000000002aeab00cabdaa31bad0bbf21fb07f1aff21cd05a976d6ba9 FreeRADIUS-Proxied-To = 127.0.0.1 server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = MSCHAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group MS-CHAP {...} [mschap] Creating challenge hash with username: eby [mschap] Told to do MS-CHAPv2 for eby with NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok WARNING: Empty post-auth section. Using default return values. # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel } # server inner-tunnel [ttls] Got tunneled reply code 2 Class = 0x66756c6c5f616363657373 MS-CHAP2-Success = 0x32533d33313334323330363837413331323635463443443343423335343239333138383143444138323444 MS-MPPE-Recv-Key = 0x0fda2edf051c4992a84a04bc053ad72c MS-MPPE-Send-Key = 0xf8cb9302868e644b04ba50bc5b7de173 MS-MPPE-Encryption-Policy = 0x00000002 MS-MPPE-Encryption-Types = 0x00000004 [ttls] Got tunneled Access-Accept [ttls] Got MS-CHAP2-Success, tunneling it to the client in a challenge. ++[eap] returns handled Sending Access-Challenge of id 250 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x012a005f1580000000551703010050edae490c3aae2c4d02258ec89bf659087b20e1bf335d64f91a6f646b4f696c2f0e9d248d906c510f8c9de4deb3cb0ea6b3bd3d44c7678fa2686f19c918c38a58e03e9e85d6086e0734cbe29b859cf15e Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe3508268e67a9725ef1a5243b190d5ef Finished request 32. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=251, length=193 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x022a00061500 State = 0xe3508268e67a9725ef1a5243b190d5ef Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0xa72c758b40c15200c0cedf6c0d0f8c0a # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 1 sql_xlat finished rlm_sql (sql): Released sql socket id: 1 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 33: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 0 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 42 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake is finished [ttls] eaptls_verify returned 3 [ttls] eaptls_process returned 3 [ttls] Using saved attributes from the original Access-Accept [eap] Freeing handler ++[eap] returns ok # Executing section post-auth from file /etc/freeradius/sites-enabled/default +- entering group post-auth {...} [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'eby', '', 'Access-Accept', '2016-05-23 16:13:12') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'eby', '', 'Access-Accept', '2016-05-23 16:13:12') rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[exec] returns noop Sending Access-Accept of id 251 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 MS-MPPE-Recv-Key = 0xd6746ff88e60026424b3159e84030404c81b0a53694f972e36505f57849d78e2 MS-MPPE-Send-Key = 0x1a3cb2fa27c0ff04f5042b85c8291718d48adffa056a47cfe1034acd5ba89a82 EAP-Message = 0x032a0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "eby" Finished request 33. Going to the next request Waking up in 4.8 seconds. Cleaning up request 27 ID 245 with timestamp +629 Cleaning up request 28 ID 246 with timestamp +629 Cleaning up request 29 ID 247 with timestamp +629 Cleaning up request 30 ID 248 with timestamp +629 Cleaning up request 31 ID 249 with timestamp +629 Cleaning up request 32 ID 250 with timestamp +629 Cleaning up request 33 ID 251 with timestamp +629 Ready to process requests. rad_recv: Accounting-Request packet from host 10.225.251.10 port 49172, id=252, length=248 Acct-Status-Type = Stop NAS-IP-Address = 10.225.251.10 User-Name = "eby" NAS-Port = 0 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Framed-IP-Address = 10.225.252.39 Acct-Multi-Session-Id = "E02A82E1AFBF-1463994002" Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DCBF" Acct-Delay-Time = 0 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-User-Vlan = 121 Class = 0x66756c6c5f616363657373 Acct-Input-Octets = 38182 Acct-Output-Octets = 7219 Acct-Input-Packets = 1076 Acct-Output-Packets = 41 Acct-Terminate-Cause = Idle-Timeout Acct-Session-Time = 703 # Executing section preacct from file /etc/freeradius/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.225.251.10,NAS-IP-Address = 10.225.251.10,Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DCBF",User-Name = "eby"' [acct_unique] Acct-Unique-Session-ID = "529cc50f7d717d17". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /etc/freeradius/sites-enabled/default +- entering group accounting {...} [detail] expand: %{Packet-Src-IP-Address} -> 10.225.251.10 [detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] expand: %t -> Mon May 23 16:15:30 2016 ++[detail] returns ok ++[unix] returns ok [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} -> eby ++[radutmp] returns ok [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' [sql] expand: %{Acct-Input-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Input-Octets} -> 38182 [sql] expand: %{Acct-Output-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Output-Octets} -> 7219 [sql] expand: %{Acct-Delay-Time} -> 0 [sql] expand: UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}' -> UPDATE radacct SET acctstoptime = '2016-05-23 16:15:30', acctsessiontime = '703', acctinputoctets = '0' << 32 | '38182', acctoutputoctets = '0' << 32 | rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[exec] returns noop [attr_filter.accounting_response] expand: %{User-Name} -> eby attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 252 to 10.225.251.10 port 49172 Finished request 34. Cleaning up request 34 ID 252 with timestamp +767 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.225.251.10 port 49172, id=253, length=218 Acct-Status-Type = Start NAS-IP-Address = 10.225.251.10 User-Name = "eby" NAS-Port = 0 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Framed-IP-Address = 10.225.252.39 Acct-Multi-Session-Id = "E02A82E1AFBF-1463994002" Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DF7E" Acct-Delay-Time = 0 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-User-Vlan = 121 Class = 0x66756c6c5f616363657373 Acct-Authentic = 0 # Executing section preacct from file /etc/freeradius/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.225.251.10,NAS-IP-Address = 10.225.251.10,Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DF7E",User-Name = "eby"' [acct_unique] Acct-Unique-Session-ID = "956ef0a63664e0ee". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /etc/freeradius/sites-enabled/default +- entering group accounting {...} [detail] expand: %{Packet-Src-IP-Address} -> 10.225.251.10 [detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] expand: %t -> Mon May 23 16:15:30 2016 ++[detail] returns ok ++[unix] returns ok [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} -> eby ++[radutmp] returns ok [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' [sql] expand: %{Acct-Delay-Time} -> 0 [sql] expand: INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[exec] returns noop [attr_filter.accounting_response] expand: %{User-Name} -> eby attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 253 to 10.225.251.10 port 49172 Finished request 35. Cleaning up request 35 ID 253 with timestamp +767 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.225.251.10 port 49172, id=254, length=242 Acct-Status-Type = Interim-Update NAS-IP-Address = 10.225.251.10 User-Name = "eby" NAS-Port = 0 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Framed-IP-Address = 10.225.252.39 Acct-Multi-Session-Id = "E02A82E1AFBF-1463994002" Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DF7E" Acct-Delay-Time = 0 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-User-Vlan = 121 Class = 0x66756c6c5f616363657373 Acct-Input-Octets = 314 Acct-Output-Octets = 320 Acct-Input-Packets = 2 Acct-Output-Packets = 2 Acct-Session-Time = 27 # Executing section preacct from file /etc/freeradius/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.225.251.10,NAS-IP-Address = 10.225.251.10,Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DF7E",User-Name = "eby"' [acct_unique] Acct-Unique-Session-ID = "956ef0a63664e0ee". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /etc/freeradius/sites-enabled/default +- entering group accounting {...} [detail] expand: %{Packet-Src-IP-Address} -> 10.225.251.10 [detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] expand: %t -> Mon May 23 16:15:57 2016 ++[detail] returns ok ++[unix] returns noop [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} -> eby ++[radutmp] returns ok [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' [sql] expand: %{Acct-Input-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Input-Octets} -> 314 [sql] expand: %{Acct-Output-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Output-Octets} -> 320 [sql] expand: UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}' -> UPDATE radacct SET framedipaddress = '10.225.252.39', acctsessiontime = '27', acctinputoctets = '0' << 32 | '314', acctoutputoctets = '0' << 32 | '320' WHERE acctsessionid = 'F05C1986E322-E02A82E1AFBF-5742DF7E' AND username = 'eby' rlm_sql (sql): Reserving sql socket id: 1 rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[exec] returns noop [attr_filter.accounting_response] expand: %{User-Name} -> eby attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 254 to 10.225.251.10 port 49172 Finished request 36. Cleaning up request 36 ID 254 with timestamp +794 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.225.251.10 port 49172, id=255, length=248 Acct-Status-Type = Stop NAS-IP-Address = 10.225.251.10 User-Name = "eby" NAS-Port = 0 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Framed-IP-Address = 10.225.252.39 Acct-Multi-Session-Id = "E02A82E1AFBF-1463994002" Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DF7E" Acct-Delay-Time = 0 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-User-Vlan = 121 Class = 0x66756c6c5f616363657373 Acct-Input-Octets = 314 Acct-Output-Octets = 320 Acct-Input-Packets = 57 Acct-Output-Packets = 2 Acct-Terminate-Cause = Idle-Timeout Acct-Session-Time = 35 # Executing section preacct from file /etc/freeradius/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.225.251.10,NAS-IP-Address = 10.225.251.10,Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DF7E",User-Name = "eby"' [acct_unique] Acct-Unique-Session-ID = "956ef0a63664e0ee". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /etc/freeradius/sites-enabled/default +- entering group accounting {...} [detail] expand: %{Packet-Src-IP-Address} -> 10.225.251.10 [detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] expand: %t -> Mon May 23 16:16:05 2016 ++[detail] returns ok ++[unix] returns ok [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} -> eby ++[radutmp] returns ok [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' [sql] expand: %{Acct-Input-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Input-Octets} -> 314 [sql] expand: %{Acct-Output-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Output-Octets} -> 320 [sql] expand: %{Acct-Delay-Time} -> 0 [sql] expand: UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}' -> UPDATE radacct SET acctstoptime = '2016-05-23 16:16:05', acctsessiontime = '35', acctinputoctets = '0' << 32 | '314', acctoutputoctets = '0' << 32 | rlm_sql (sql): Reserving sql socket id: 0 rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok ++[exec] returns noop [attr_filter.accounting_response] expand: %{User-Name} -> eby attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 255 to 10.225.251.10 port 49172 Finished request 37. Cleaning up request 37 ID 255 with timestamp +802 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.225.251.10 port 49172, id=1, length=218 Acct-Status-Type = Start NAS-IP-Address = 10.225.251.10 User-Name = "eby" NAS-Port = 0 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Framed-IP-Address = 10.225.252.39 Acct-Multi-Session-Id = "E02A82E1AFBF-1463994002" Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DFA1" Acct-Delay-Time = 0 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-User-Vlan = 121 Class = 0x66756c6c5f616363657373 Acct-Authentic = 0 # Executing section preacct from file /etc/freeradius/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.225.251.10,NAS-IP-Address = 10.225.251.10,Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DFA1",User-Name = "eby"' [acct_unique] Acct-Unique-Session-ID = "52741beaac574fe7". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /etc/freeradius/sites-enabled/default +- entering group accounting {...} [detail] expand: %{Packet-Src-IP-Address} -> 10.225.251.10 [detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] expand: %t -> Mon May 23 16:16:05 2016 ++[detail] returns ok ++[unix] returns ok [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} -> eby ++[radutmp] returns ok [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' [sql] expand: %{Acct-Delay-Time} -> 0 [sql] expand: INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[exec] returns noop [attr_filter.accounting_response] expand: %{User-Name} -> eby attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 1 to 10.225.251.10 port 49172 Finished request 38. Cleaning up request 38 ID 1 with timestamp +802 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.225.251.10 port 49172, id=2, length=242 Acct-Status-Type = Interim-Update NAS-IP-Address = 10.225.251.10 User-Name = "eby" NAS-Port = 0 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Framed-IP-Address = 10.225.252.39 Acct-Multi-Session-Id = "E02A82E1AFBF-1463994002" Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DFA1" Acct-Delay-Time = 0 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-User-Vlan = 121 Class = 0x66756c6c5f616363657373 Acct-Input-Octets = 804 Acct-Output-Octets = 320 Acct-Input-Packets = 331 Acct-Output-Packets = 2 Acct-Session-Time = 172 # Executing section preacct from file /etc/freeradius/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.225.251.10,NAS-IP-Address = 10.225.251.10,Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DFA1",User-Name = "eby"' [acct_unique] Acct-Unique-Session-ID = "52741beaac574fe7". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /etc/freeradius/sites-enabled/default +- entering group accounting {...} [detail] expand: %{Packet-Src-IP-Address} -> 10.225.251.10 [detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] expand: %t -> Mon May 23 16:18:58 2016 ++[detail] returns ok ++[unix] returns noop [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} -> eby ++[radutmp] returns ok [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' [sql] expand: %{Acct-Input-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Input-Octets} -> 804 [sql] expand: %{Acct-Output-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Output-Octets} -> 320 [sql] expand: UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}' -> UPDATE radacct SET framedipaddress = '10.225.252.39', acctsessiontime = '172', acctinputoctets = '0' << 32 | '804', acctoutputoctets = '0' << 32 | '320' WHERE acctsessionid = 'F05C1986E322-E02A82E1AFBF-5742DFA1' AND username = 'eby rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[exec] returns noop [attr_filter.accounting_response] expand: %{User-Name} -> eby attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 2 to 10.225.251.10 port 49172 Finished request 39. Cleaning up request 39 ID 2 with timestamp +975 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=3, length=177 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x022e000801656279 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x9bf113c60afec04914527d3a99097bd2 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 2 sql_xlat finished rlm_sql (sql): Released sql socket id: 2 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 40: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 46 length 8 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 3 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x012f00061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f9afd454fb5e4c3f5fb72291d893445 Finished request 40. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=4, length=193 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x022f00060315 State = 0x4f9afd454fb5e4c3f5fb72291d893445 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x743e3abdc31bc99a7395ee654256b231 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 0 sql_xlat finished rlm_sql (sql): Released sql socket id: 0 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 41: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 47 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/ttls [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 4 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x013000061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f9afd454eaae8c3f5fb72291d893445 Finished request 41. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=5, length=392 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x023000cd150016030100c2010000be0301efd8723e2ed37a051960eff8e9ba9a5c1e64c3bdf607b8a760f541ed213c0fea000050c014c00a0039003800880087c00fc00500350084c012c00800160013c00dc003000ac013c00900330032009a009900450044c00ec004002f00960041c011c007c00cc0020005000400150012000900ff01000045000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011000f000101 State = 0x4f9afd454eaae8c3f5fb72291d893445 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x31768039ca0ac080771e424ec2262980 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 3 sql_xlat finished rlm_sql (sql): Released sql socket id: 3 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 42: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 48 length 205 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< TLS 1.0 Handshake [length 00c2], ClientHello [ttls] TLS_accept: SSLv3 read client hello A [ttls] >>> TLS 1.0 Handshake [length 003e], ServerHello [ttls] TLS_accept: SSLv3 write server hello A [ttls] >>> TLS 1.0 Handshake [length 02c8], Certificate [ttls] TLS_accept: SSLv3 write certificate A [ttls] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange [ttls] TLS_accept: SSLv3 write key exchange A [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [ttls] TLS_accept: SSLv3 write server done A [ttls] TLS_accept: SSLv3 flush data [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 5 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x0131040015c000000469160301003e0200003a0301c7e8467b800d073f75d8ef2594a25a13ec67e659393ea7bc195798a10f8457de00c014000012ff01000100000b000403000102000f00010116030102c80b0002c40002c10002be308202ba308201a2a003020102020900bc9e6b8543e996d6300d06092a864886f70d01010b05003015311330110603550403130a5241444955532d535256301e170d3136303231363038343832315a170d3236303231333038343832315a3015311330110603550403130a5241444955532d53525630820122300d06092a864886f70d01010105000382010f003082010a0282010100bce094c9e71a01497e9692 EAP-Message = 0x96e9a4a9321ee1f673ef07a28face7f6972acefae10677146d2ebbbc7fbd13d23aab112f8f7ab72ea171d2ef4cc372b2bd3202f37303b308a41aae9ac3de612d40ffacd6b699b18d04c2c65f2d5347b35b7618e83eaa7344c742d0014c9ba3425c750f281fa74a8c7ebbbf2722fdb94fac39866b5f8a390df362669a1e333b3ac75cfde4b7727b76f841c347841d82869b5e9af73729cbeb717a7f52a804df6710de2af2f4b25f89882e59fb44f8f11fd94c5e507352cbcd0f60bf84fac4ced57977bdab80a46d96ea95cbdcd88bdc7473d2f04568a318fe1f90fdb54482b1c932c4916b19cdc3d4a2100cb762a03d7c804edc057f0203010001a30d30 EAP-Message = 0x0b30090603551d1304023000300d06092a864886f70d01010b05000382010100b6efd4ce83d519df8cec7ec84f682c8829db8c181078ca931c26f01a36a0fd8f05e4176f88efaef7a03a4d8bd3933adf59b134154c6a432f082a468345c1d182e64384c6d0916d65c36a15e63450e8d78a4389d2510121cb6a547654bd34612d7e1512fad6fb63dc67e50036f50d705b99683beddaa0ca659ceb071a9f4dcb1f2d47cac683ff1c235d8d5cfe5e020c80e1b07047f2a7a4bb6fdfc2e94b55320a931cb2f4b2a96f7fe68cf61115cec4ae3e7c7171095def905314bc98bb26ec0907ae3d1862a12ba37ff3aa6fd63374863004941fad6818803cf34bf04a EAP-Message = 0x66f742e485312f6f8cf6ec8ff71cd75b1e22e178f3496f49a80dca55af6d83097de7bc160301014b0c00014703001741043421f5dea973cacd11b0ac94437c945c288cca3e77838511ae5c194da1895e64dff1473ce3ebf33dbd038f27daca3c41b88019d597c7624f80e8e35e64ad069601000f73734d48a1598dc58cc945b40bf10505ca0a8b71e5f802622058ce9b717d9c31b38a4a88b17450e462936fa1aad553ebd174628e0e3de8bbff3d4d75b25b6daf2724e442e733e2bc0310600808d8e8dc25852eb4de8008059f74df52fc666484a994f4ec1bb1d130b90e215120e4f86ff0d780133d38c8bb5d593c5e3b699693422046c449ad12b2f2 EAP-Message = 0xa3a12f5fb4cf468611cd4204 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f9afd454dabe8c3f5fb72291d893445 Finished request 42. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=6, length=193 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x023100061500 State = 0x4f9afd454dabe8c3f5fb72291d893445 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0xd239e7ccd7842542de4ffccfd7c89262 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 1 sql_xlat finished rlm_sql (sql): Released sql socket id: 1 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 43: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 0 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 49 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 6 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x0132007d1580000004696a0f02f8034ef2dea6e97b49c18a4f2e51890e87c89d542be53d9f7041455c7a2f7c03d8333bfdf6162d4cd5d416e008c14a619f6d78cc886ca97bd11340a7dca6312f751a89c549c5acc2d10cb1ed28156dedf6b30a6ac95acf91d65cb390b555fcd29501d4055e8f4516030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f9afd454ca8e8c3f5fb72291d893445 Finished request 43. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=7, length=327 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x0232008c15001603010046100000424104a557e48802d05096f28568dc0da15c45b11ceede6bea8e6e1c04ab08166ad1c80931fe28cf3bd895c07a2b04f70f19a7f18a47b1963ec1b69564e189d1b16eeb1403010001011603010030798b1fbc91d644b91af56f7e4bbe632fca32deb8e27af3a2cfd2df41c6cf70961ab2a85e6629cc7725a61e1d986c9aaf State = 0x4f9afd454ca8e8c3f5fb72291d893445 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0xcb1b3ab3d314f814999177cedc39af74 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 4 sql_xlat finished rlm_sql (sql): Released sql socket id: 4 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 44: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 50 length 140 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange [ttls] TLS_accept: SSLv3 read client key exchange A [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] [ttls] <<< TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 read finished A [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] [ttls] TLS_accept: SSLv3 write change cipher spec A [ttls] >>> TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 write finished A [ttls] TLS_accept: SSLv3 flush data [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 7 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x0133004515800000003b1403010001011603010030758d2dbd2f75b58e34429a69afee2288566ad5e263965dead7452b9c46efab79def507d888cbe624b3971ce6a3b8d486 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f9afd454ba9e8c3f5fb72291d893445 Finished request 44. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=8, length=363 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x023300b015001703010020190cb085228f7e8cbfbd34177afdfaadbc03097f41ffde2fd02dcc004b0e77521703010080167177310ff419d25c653ae301e6cf90c29715711d006529b643f17f0a49df5581d9bf7450655c7251cff35d324129fb5c95f5285c4193c4c208a098f5dae18f68d8a6dff18095557df13248ebda701e1541b59412acbdbe030814dce1d91fbc30c20fa07d9841b803e379da75792559014590fe6e99bcb86539a6eaaf5483a0 State = 0x4f9afd454ba9e8c3f5fb72291d893445 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x1c83cc314dfda02b7fe13fba3eb571f3 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 2 sql_xlat finished rlm_sql (sql): Released sql socket id: 2 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 45: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 51 length 176 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Got tunneled request User-Name = "eby" MS-CHAP-Challenge = 0x40fcc79302546a343dede835c6b408cb MS-CHAP2-Response = 0x6700abc95cb4a35aa5e141093d8356ddeb220000000000000000832302d5a546ad14b4a40608eab094a53e75b781b1af3e6a FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = "eby" MS-CHAP-Challenge = 0x40fcc79302546a343dede835c6b408cb MS-CHAP2-Response = 0x6700abc95cb4a35aa5e141093d8356ddeb220000000000000000832302d5a546ad14b4a40608eab094a53e75b781b1af3e6a FreeRADIUS-Proxied-To = 127.0.0.1 server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 0 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = MSCHAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group MS-CHAP {...} [mschap] Creating challenge hash with username: eby [mschap] Told to do MS-CHAPv2 for eby with NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok WARNING: Empty post-auth section. Using default return values. # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel } # server inner-tunnel [ttls] Got tunneled reply code 2 Class = 0x66756c6c5f616363657373 MS-CHAP2-Success = 0x67533d44363434313736413933334130444338413244453645393441463830414131414145413734333931 MS-MPPE-Recv-Key = 0x9964767d1d13f2b92d440333c2696643 MS-MPPE-Send-Key = 0xcd44b2af5256388e48777c1b840ec2df MS-MPPE-Encryption-Policy = 0x00000002 MS-MPPE-Encryption-Types = 0x00000004 [ttls] Got tunneled Access-Accept [ttls] Got MS-CHAP2-Success, tunneling it to the client in a challenge. ++[eap] returns handled Sending Access-Challenge of id 8 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x0134005f1580000000551703010050b1bc334676b4d59d817ea98b85fa056e96955f81bab3d360bfa1feaff5d094fc47e6014f65edb3a3fbe7d69025e12f6b1492cd552acec756b2d8a911503a29862b5fb7cfd721144c323187b99c046e7c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f9afd454aaee8c3f5fb72291d893445 Finished request 45. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=9, length=193 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x023400061500 State = 0x4f9afd454aaee8c3f5fb72291d893445 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x96eb33e8d36ec4bfc8bf86dc29e3b434 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 4 sql_xlat finished rlm_sql (sql): Released sql socket id: 4 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 46: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 52 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake is finished [ttls] eaptls_verify returned 3 [ttls] eaptls_process returned 3 [ttls] Using saved attributes from the original Access-Accept [eap] Freeing handler ++[eap] returns ok # Executing section post-auth from file /etc/freeradius/sites-enabled/default +- entering group post-auth {...} [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'eby', '', 'Access-Accept', '2016-05-23 16:19:13') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'eby', '', 'Access-Accept', '2016-05-23 16:19:13') rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[exec] returns noop Sending Access-Accept of id 9 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 MS-MPPE-Recv-Key = 0xb8cff624528d30b7d4b50fbafec58edeb0934b08e684c1a4471928e0c7aa8fea MS-MPPE-Send-Key = 0x923d86bddf85c75c0c97891ea411634e7775b4196b6996b7ec695bee8af79fea EAP-Message = 0x03340004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "eby" Finished request 46. Going to the next request Waking up in 4.6 seconds. Cleaning up request 40 ID 3 with timestamp +990 Cleaning up request 41 ID 4 with timestamp +990 Cleaning up request 42 ID 5 with timestamp +990 Cleaning up request 43 ID 6 with timestamp +990 Cleaning up request 44 ID 7 with timestamp +990 Cleaning up request 45 ID 8 with timestamp +990 Waking up in 0.1 seconds. Cleaning up request 46 ID 9 with timestamp +990 Ready to process requests. rad_recv: Accounting-Request packet from host 10.225.251.10 port 49172, id=10, length=242 Acct-Status-Type = Interim-Update NAS-IP-Address = 10.225.251.10 User-Name = "eby" NAS-Port = 0 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Framed-IP-Address = 10.225.252.39 Acct-Multi-Session-Id = "E02A82E1AFBF-1463994002" Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DFA1" Acct-Delay-Time = 0 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-User-Vlan = 121 Class = 0x66756c6c5f616363657373 Acct-Input-Octets = 2828 Acct-Output-Octets = 2182 Acct-Input-Packets = 636 Acct-Output-Packets = 12 Acct-Session-Time = 353 # Executing section preacct from file /etc/freeradius/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.225.251.10,NAS-IP-Address = 10.225.251.10,Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DFA1",User-Name = "eby"' [acct_unique] Acct-Unique-Session-ID = "52741beaac574fe7". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /etc/freeradius/sites-enabled/default +- entering group accounting {...} [detail] expand: %{Packet-Src-IP-Address} -> 10.225.251.10 [detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] expand: %t -> Mon May 23 16:21:58 2016 ++[detail] returns ok ++[unix] returns noop [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} -> eby ++[radutmp] returns ok [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' [sql] expand: %{Acct-Input-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Input-Octets} -> 2828 [sql] expand: %{Acct-Output-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Output-Octets} -> 2182 [sql] expand: UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}' -> UPDATE radacct SET framedipaddress = '10.225.252.39', acctsessiontime = '353', acctinputoctets = '0' << 32 | '2828', acctoutputoctets = '0' << 32 | '2182' WHERE acctsessionid = 'F05C1986E322-E02A82E1AFBF-5742DFA1' AND username = 'e rlm_sql (sql): Reserving sql socket id: 1 rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[exec] returns noop [attr_filter.accounting_response] expand: %{User-Name} -> eby attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 10 to 10.225.251.10 port 49172 Finished request 47. Cleaning up request 47 ID 10 with timestamp +1155 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=11, length=177 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x0236000801656279 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x1d0da3086fe67c5555f5c46244574e5b # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 0 sql_xlat finished rlm_sql (sql): Released sql socket id: 0 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 48: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 54 length 8 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 11 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x013700061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x766a0ffd765d16b3d6dd6ec9127151fb Finished request 48. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=12, length=193 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x023700060315 State = 0x766a0ffd765d16b3d6dd6ec9127151fb Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x71475024bb3c70c61cfd415c25ca4b81 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 3 sql_xlat finished rlm_sql (sql): Released sql socket id: 3 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 49: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 55 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/ttls [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 12 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x013800061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x766a0ffd77521ab3d6dd6ec9127151fb Finished request 49. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=13, length=392 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x023800cd150016030100c2010000be03016a0f75613b269ffc38b2afe8f241bf646af2b4bc9dbbc212d031cc183b786f1f000050c014c00a0039003800880087c00fc00500350084c012c00800160013c00dc003000ac013c00900330032009a009900450044c00ec004002f00960041c011c007c00cc0020005000400150012000900ff01000045000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011000f000101 State = 0x766a0ffd77521ab3d6dd6ec9127151fb Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0xd91740397ce09731f22741fa36b76888 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 1 sql_xlat finished rlm_sql (sql): Released sql socket id: 1 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 50: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 0 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 56 length 205 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< TLS 1.0 Handshake [length 00c2], ClientHello [ttls] TLS_accept: SSLv3 read client hello A [ttls] >>> TLS 1.0 Handshake [length 003e], ServerHello [ttls] TLS_accept: SSLv3 write server hello A [ttls] >>> TLS 1.0 Handshake [length 02c8], Certificate [ttls] TLS_accept: SSLv3 write certificate A [ttls] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange [ttls] TLS_accept: SSLv3 write key exchange A [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [ttls] TLS_accept: SSLv3 write server done A [ttls] TLS_accept: SSLv3 flush data [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 13 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x0139040015c000000469160301003e0200003a03018db66e7987c86963ef1fc41bdf23f9efea39cf3b4d33879d7db290f919e8c17200c014000012ff01000100000b000403000102000f00010116030102c80b0002c40002c10002be308202ba308201a2a003020102020900bc9e6b8543e996d6300d06092a864886f70d01010b05003015311330110603550403130a5241444955532d535256301e170d3136303231363038343832315a170d3236303231333038343832315a3015311330110603550403130a5241444955532d53525630820122300d06092a864886f70d01010105000382010f003082010a0282010100bce094c9e71a01497e9692 EAP-Message = 0x96e9a4a9321ee1f673ef07a28face7f6972acefae10677146d2ebbbc7fbd13d23aab112f8f7ab72ea171d2ef4cc372b2bd3202f37303b308a41aae9ac3de612d40ffacd6b699b18d04c2c65f2d5347b35b7618e83eaa7344c742d0014c9ba3425c750f281fa74a8c7ebbbf2722fdb94fac39866b5f8a390df362669a1e333b3ac75cfde4b7727b76f841c347841d82869b5e9af73729cbeb717a7f52a804df6710de2af2f4b25f89882e59fb44f8f11fd94c5e507352cbcd0f60bf84fac4ced57977bdab80a46d96ea95cbdcd88bdc7473d2f04568a318fe1f90fdb54482b1c932c4916b19cdc3d4a2100cb762a03d7c804edc057f0203010001a30d30 EAP-Message = 0x0b30090603551d1304023000300d06092a864886f70d01010b05000382010100b6efd4ce83d519df8cec7ec84f682c8829db8c181078ca931c26f01a36a0fd8f05e4176f88efaef7a03a4d8bd3933adf59b134154c6a432f082a468345c1d182e64384c6d0916d65c36a15e63450e8d78a4389d2510121cb6a547654bd34612d7e1512fad6fb63dc67e50036f50d705b99683beddaa0ca659ceb071a9f4dcb1f2d47cac683ff1c235d8d5cfe5e020c80e1b07047f2a7a4bb6fdfc2e94b55320a931cb2f4b2a96f7fe68cf61115cec4ae3e7c7171095def905314bc98bb26ec0907ae3d1862a12ba37ff3aa6fd63374863004941fad6818803cf34bf04a EAP-Message = 0x66f742e485312f6f8cf6ec8ff71cd75b1e22e178f3496f49a80dca55af6d83097de7bc160301014b0c000147030017410494e68706c6aeb636dacaee34deb2408ff85d97e2f459be5d4adbf83b656575b571f73f0c9a896be2f104fccce2d8fadc8bbe8ee6cded919630857fd1f5521633010076f60dfb7c1d89f7fc5c2045b9d46cb4ee4f5f0d380f298e88677a4a28e2459df70e7865cc329f7fdb780ede40750ebe6b7e72083f4c6f996a662dd36aead5d59b91ab94427fb7f51896d38d77e8e472c2dbe40cf6ee865123ba56999826c39735b3fa7847477625841848056bbcbb34a11c1bfbdcd906381bc8063f2adc5c52627f9e4779597d3e3537 EAP-Message = 0xb4805cca715e980a6892d972 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x766a0ffd74531ab3d6dd6ec9127151fb Finished request 50. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=14, length=193 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x023900061500 State = 0x766a0ffd74531ab3d6dd6ec9127151fb Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x7c831bb5c1e546bcbf018a478e3c823e # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 4 sql_xlat finished rlm_sql (sql): Released sql socket id: 4 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 51: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 57 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 14 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x013a007d158000000469eb8a84641c0bb56052f5225a604090df840cac059603716d5ac26082721d220a9cb8b02bb952f308ac9158b1837e9e9637b5b665756897edacb85831f30905bcbf08a27b908c1aeb9e96fb3be63b3ae91520a08ba03f9f1b374344e5de8e873bf8a378e743d21f4b892316030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x766a0ffd75501ab3d6dd6ec9127151fb Finished request 51. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=15, length=327 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x023a008c150016030100461000004241041d85cd55b050b4c217af4595c556e2eac8f26c02553729551dc3b9e3f6d7bc3572a82394b72fc18ad797c4963bc2a397b54a5620a244ce6b59c042ae29787f311403010001011603010030e14998b9feeac17ca56292f4cd083f3b519f951d413b67bb8e514387124b57c46aefa5f84966fbe31f602add005eabc6 State = 0x766a0ffd75501ab3d6dd6ec9127151fb Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0xa7f5e214283307619264e62cb8a08b87 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 2 sql_xlat finished rlm_sql (sql): Released sql socket id: 2 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 52: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 58 length 140 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange [ttls] TLS_accept: SSLv3 read client key exchange A [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] [ttls] <<< TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 read finished A [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] [ttls] TLS_accept: SSLv3 write change cipher spec A [ttls] >>> TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 write finished A [ttls] TLS_accept: SSLv3 flush data [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 15 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x013b004515800000003b140301000101160301003086b2d778b7941d0bfc4dec3fab8d09b19fad06991d618fe52720375fc26bc90c455c4239511d5cd13ad9a0ce3807328b Message-Authenticator = 0x00000000000000000000000000000000 State = 0x766a0ffd72511ab3d6dd6ec9127151fb Finished request 52. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=16, length=363 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x023b00b01500170301002002ac8055ac916b43438fb299115aedd28e01a6df7cf369e50c23f2056ac1c0421703010080318f054f81067dcb64b4d936602f3282566f7b19ce3a08dc6c7df33321420f474024ed4db4d3b336e68da95760d8bee6f629dfc4956b89ccfd969d6b5e58e88664e86a21329dbc474494f3503240f9e47b2337ee719290220240c8ce5e12780124c964985f25c6ebb11a379df470da60c54c5559cc20380566b3026c0738d994 State = 0x766a0ffd72511ab3d6dd6ec9127151fb Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x3df012b0e8c0c852d31385637244cf75 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 0 sql_xlat finished rlm_sql (sql): Released sql socket id: 0 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 53: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 59 length 176 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Got tunneled request User-Name = "eby" MS-CHAP-Challenge = 0x6d5bb91c9efd933b74181194018950ef MS-CHAP2-Response = 0x39009c6068006cfa1c9d05cadcdf0cfa5188000000000000000047a97ef524a19d4f59843c6b4a2a09ccafc027f605facd4b FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = "eby" MS-CHAP-Challenge = 0x6d5bb91c9efd933b74181194018950ef MS-CHAP2-Response = 0x39009c6068006cfa1c9d05cadcdf0cfa5188000000000000000047a97ef524a19d4f59843c6b4a2a09ccafc027f605facd4b FreeRADIUS-Proxied-To = 127.0.0.1 server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = MSCHAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group MS-CHAP {...} [mschap] Creating challenge hash with username: eby [mschap] Told to do MS-CHAPv2 for eby with NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok WARNING: Empty post-auth section. Using default return values. # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel } # server inner-tunnel [ttls] Got tunneled reply code 2 Class = 0x66756c6c5f616363657373 MS-CHAP2-Success = 0x39533d36344430423446333442343135413539343142443645333844384437374537394134453541414436 MS-MPPE-Recv-Key = 0x07f8b4f929fe85ca9d383a7bcb2d5d05 MS-MPPE-Send-Key = 0xe4933902acfbeee32e63895a53b913e6 MS-MPPE-Encryption-Policy = 0x00000002 MS-MPPE-Encryption-Types = 0x00000004 [ttls] Got tunneled Access-Accept [ttls] Got MS-CHAP2-Success, tunneling it to the client in a challenge. ++[eap] returns handled Sending Access-Challenge of id 16 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 EAP-Message = 0x013c005f15800000005517030100506b63b98969e25c2d9e15fb492e0ea12701f97469d6b50120009071499c2970833a8c2500ebfb57d97f681894f30cf4a49410501508f055ee4881a20d84eae077ce94d80d9b855495365a739bdb1ab647 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x766a0ffd73561ab3d6dd6ec9127151fb Finished request 53. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.225.251.10 port 49172, id=17, length=193 User-Name = "eby" NAS-IP-Address = 10.225.251.10 NAS-Port = 0 NAS-Identifier = "172.16.7.101" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x023c00061500 State = 0x766a0ffd73561ab3d6dd6ec9127151fb Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-Attr-10 = 0x436c7573746572 Message-Authenticator = 0x2742f4043676005479d1c1a61ab3371b # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") sql_xlat expand: %{User-Name} -> eby sql_set_user escaped user --> 'eby' expand: SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}' -> SELECT COUNT(*) FROM userinfo WHERE userinfo.username = 'eby' AND userinfo.address = 'sales' rlm_sql (sql): Reserving sql socket id: 2 sql_xlat finished rlm_sql (sql): Released sql socket id: 2 expand: %{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0 -> 0 >0 ? Evaluating ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++? if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") -> TRUE ++- entering if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") {...} +++[ok] returns ok ++- if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username = '%{User-Name}' AND userinfo.address = '%{Aruba-Essid-Name}'} >0") returns ok ++ ... skipping else for request 54: Preceding "if" was taken [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eby' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eby' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eby' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'fullAccess' ORDER BY id [sql] User found in group fullAccess [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'fullAccess' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 60 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake is finished [ttls] eaptls_verify returned 3 [ttls] eaptls_process returned 3 [ttls] Using saved attributes from the original Access-Accept [eap] Freeing handler ++[eap] returns ok # Executing section post-auth from file /etc/freeradius/sites-enabled/default +- entering group post-auth {...} [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'eby', '', 'Access-Accept', '2016-05-23 16:22:14') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'eby', '', 'Access-Accept', '2016-05-23 16:22:14') rlm_sql (sql): Reserving sql socket id: 0 rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok ++[exec] returns noop Sending Access-Accept of id 17 to 10.225.251.10 port 49172 Class = 0x66756c6c5f616363657373 MS-MPPE-Recv-Key = 0x3a24c94ea6eb97cb54edaee1b97fa5771faa747e791dd4efb150fb0fb9e6de28 MS-MPPE-Send-Key = 0x226b015accfb0191b0485051854c796e4d38f48edd1391598b7b8ca497e3bccf EAP-Message = 0x033c0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "eby" Finished request 54. Going to the next request Waking up in 4.8 seconds. Cleaning up request 48 ID 11 with timestamp +1171 Cleaning up request 49 ID 12 with timestamp +1171 Cleaning up request 50 ID 13 with timestamp +1171 Cleaning up request 51 ID 14 with timestamp +1171 Cleaning up request 52 ID 15 with timestamp +1171 Cleaning up request 53 ID 16 with timestamp +1171 Cleaning up request 54 ID 17 with timestamp +1171 Ready to process requests. rad_recv: Accounting-Request packet from host 10.225.251.10 port 49172, id=18, length=242 Acct-Status-Type = Interim-Update NAS-IP-Address = 10.225.251.10 User-Name = "eby" NAS-Port = 0 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "e02a82e1afbf" Called-Station-Id = "f05c19c06e32" Framed-IP-Address = 10.225.252.39 Acct-Multi-Session-Id = "E02A82E1AFBF-1463994002" Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DFA1" Acct-Delay-Time = 0 Aruba-Essid-Name = "sales" Aruba-Location-Id = "f0:5c:19:c0:6e:32" Aruba-User-Vlan = 121 Class = 0x66756c6c5f616363657373 Acct-Input-Octets = 4726 Acct-Output-Octets = 4044 Acct-Input-Packets = 846 Acct-Output-Packets = 22 Acct-Session-Time = 533 # Executing section preacct from file /etc/freeradius/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.225.251.10,NAS-IP-Address = 10.225.251.10,Acct-Session-Id = "F05C1986E322-E02A82E1AFBF-5742DFA1",User-Name = "eby"' [acct_unique] Acct-Unique-Session-ID = "52741beaac574fe7". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "eby", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /etc/freeradius/sites-enabled/default +- entering group accounting {...} [detail] expand: %{Packet-Src-IP-Address} -> 10.225.251.10 [detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.225.251.10/detail-20160523 [detail] expand: %t -> Mon May 23 16:24:58 2016 ++[detail] returns ok ++[unix] returns noop [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} -> eby ++[radutmp] returns ok [sql] expand: %{User-Name} -> eby [sql] sql_set_user escaped user --> 'eby' [sql] expand: %{Acct-Input-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Input-Octets} -> 4726 [sql] expand: %{Acct-Output-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Output-Octets} -> 4044 [sql] expand: UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}' -> UPDATE radacct SET framedipaddress = '10.225.252.39', acctsessiontime = '533', acctinputoctets = '0' << 32 | '4726', acctoutputoctets = '0' << 32 | '4044' WHERE acctsessionid = 'F05C1986E322-E02A82E1AFBF-5742DFA1' AND username = 'e rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[exec] returns noop [attr_filter.accounting_response] expand: %{User-Name} -> eby attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 18 to 10.225.251.10 port 49172 Finished request 55. Cleaning up request 55 ID 18 with timestamp +1335 Going to the next request Ready to process requests.