Script started on Di 25 Okt 2016 14:18:28 CEST xlan:/etc/freeradius.testing-3.0.12# /usr/local/radius-3.0.12/sbin/radiusd -X -d /etc/freeradius.testing-3.0.12/ FreeRADIUS Version 3.0.12 Copyright (C) 1999-2016 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/local/radius-3.0.12/share/freeradius/dictionary including dictionary file /usr/local/radius-3.0.12/share/freeradius/dictionary.dhcp including dictionary file /usr/local/radius-3.0.12/share/freeradius/dictionary.vqp including dictionary file /etc/freeradius.testing-3.0.12//dictionary including configuration file /etc/freeradius.testing-3.0.12//radiusd.conf including configuration file /etc/freeradius.testing-3.0.12//proxy.conf including configuration file /etc/freeradius.testing-3.0.12//clients.conf including files in directory /etc/freeradius.testing-3.0.12//mods-enabled/ including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/perl including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/attr_filter including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/pap including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/logintime including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/replicate including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/ntlm_auth including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/radutmp including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/files including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/realm including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/unix including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/eap including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/detail.log including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/sradutmp including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/mschap including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/exec including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/date including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/detail including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/cache_eap including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/always including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/preprocess including files in directory /etc/freeradius.testing-3.0.12//policy.d/ including configuration file /etc/freeradius.testing-3.0.12//policy.d/debug including configuration file /etc/freeradius.testing-3.0.12//policy.d/cui including configuration file /etc/freeradius.testing-3.0.12//policy.d/accounting including configuration file /etc/freeradius.testing-3.0.12//policy.d/operator-name including configuration file /etc/freeradius.testing-3.0.12//policy.d/dhcp including configuration file /etc/freeradius.testing-3.0.12//policy.d/eap including configuration file /etc/freeradius.testing-3.0.12//policy.d/control including configuration file /etc/freeradius.testing-3.0.12//policy.d/moonshot-targeted-ids including configuration file /etc/freeradius.testing-3.0.12//policy.d/abfab-tr including configuration file /etc/freeradius.testing-3.0.12//policy.d/canonicalization including configuration file /etc/freeradius.testing-3.0.12//policy.d/filter including files in directory /etc/freeradius.testing-3.0.12//sites-enabled/ including configuration file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam-inner-tunnel including configuration file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam main { security { allow_core_dumps = no } name = "radiusd" prefix = "/usr/local/radius-3.0.12" localstatedir = "/usr/local/radius-3.0.12/var" logdir = "/usr/local/radius-3.0.12/var/log/radius" run_dir = "/usr/local/radius-3.0.12/var/run/radiusd" } main { name = "radiusd" prefix = "/usr/local/radius-3.0.12" localstatedir = "/usr/local/radius-3.0.12/var" sbindir = "/usr/local/radius-3.0.12/sbin" logdir = "/usr/local/radius-3.0.12/var/log/radius" run_dir = "/usr/local/radius-3.0.12/var/run/radiusd" libdir = "/usr/local/radius-3.0.12/lib" radacctdir = "/usr/local/radius-3.0.12/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 8 max_requests = 16384 pidfile = "/usr/local/radius-3.0.12/var/run/radiusd/radiusd.pid" checkrad = "/usr/local/radius-3.0.12/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = yes auth_goodpass = yes colourise = yes msg_denied = "You are already logged in - access denied" } resources { } security { max_attributes = 200 reject_delay = 1.000000 status_server = yes allow_vulnerable_openssl = "CVE-2016-6304" } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1820 type = "auth" secret = <<< secret >>> response_window = 20.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 120 limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } realm LOCAL { } realm NULL { authhost = 127.0.0.1:1812 accthost = 127.0.0.1:1813 secret = <<< secret >>> } realm ash-berlin.eu { } home_server_pool my_auth_failover { type = fail-over home_server = localhost } radiusd: #### Loading Clients #### client local { ipaddr = 192.168.11.50 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 192.168.11.246 { ipaddr = 192.168.11.246 require_message_authenticator = no secret = <<< secret >>> shortname = "sony" virtual_server = "eduroam" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 172.16.1.18 { ipaddr = 172.16.1.18 require_message_authenticator = no secret = <<< secret >>> shortname = "dd-wrt" virtual_server = "eduroam" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = <<< secret >>> shortname = "localhost" virtual_server = "eduroam" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 172.16.1.30 { ipaddr = 172.16.1.30 require_message_authenticator = no secret = <<< secret >>> shortname = "CISCO" virtual_server = "eduroam" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Debugger not attached # Creating Auth-Type = eap # Creating Auth-Type = PAP # Creating Auth-Type = MS-CHAP # Creating Auth-Type = Perl radiusd: #### Instantiating modules #### modules { # Loaded module rlm_perl # Loading module "perl" from file /etc/freeradius.testing-3.0.12//mods-enabled/perl perl { filename = "/etc/freeradius.testing-3.0.12//auth.pl" func_authorize = "authorize" func_authenticate = "authenticate" func_post_auth = "post_auth" func_accounting = "accounting" func_preacct = "preacct" func_checksimul = "checksimul" func_detach = "detach" func_xlat = "xlat" func_pre_proxy = "pre_proxy" func_post_proxy = "post_proxy" func_recv_coa = "recv_coa" func_send_coa = "send_coa" } # Loaded module rlm_attr_filter # Loading module "attr_filter.post-proxy" from file /etc/freeradius.testing-3.0.12//mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/etc/freeradius.testing-3.0.12//mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.pre-proxy" from file /etc/freeradius.testing-3.0.12//mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/etc/freeradius.testing-3.0.12//mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.access_reject" from file /etc/freeradius.testing-3.0.12//mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/etc/freeradius.testing-3.0.12//mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.access_challenge" from file /etc/freeradius.testing-3.0.12//mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/etc/freeradius.testing-3.0.12//mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.accounting_response" from file /etc/freeradius.testing-3.0.12//mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/etc/freeradius.testing-3.0.12//mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } # Loaded module rlm_pap # Loading module "pap" from file /etc/freeradius.testing-3.0.12//mods-enabled/pap pap { normalise = yes } # Loaded module rlm_logintime # Loading module "logintime" from file /etc/freeradius.testing-3.0.12//mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_replicate # Loading module "replicate" from file /etc/freeradius.testing-3.0.12//mods-enabled/replicate # Loaded module rlm_exec # Loading module "ntlm_auth" from file /etc/freeradius.testing-3.0.12//mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_radutmp # Loading module "radutmp" from file /etc/freeradius.testing-3.0.12//mods-enabled/radutmp radutmp { filename = "/usr/local/radius-3.0.12/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Loaded module rlm_files # Loading module "files" from file /etc/freeradius.testing-3.0.12//mods-enabled/files files { filename = "/etc/freeradius.testing-3.0.12//mods-config/files/authorize" acctusersfile = "/etc/freeradius.testing-3.0.12//mods-config/files/accounting" preproxy_usersfile = "/etc/freeradius.testing-3.0.12//mods-config/files/pre-proxy" } # Loaded module rlm_realm # Loading module "ash-berlin.eu" from file /etc/freeradius.testing-3.0.12//mods-enabled/realm realm ash-berlin.eu { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Loading module "suffix" from file /etc/freeradius.testing-3.0.12//mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Loading module "realmpercent" from file /etc/freeradius.testing-3.0.12//mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Loading module "ntdomain" from file /etc/freeradius.testing-3.0.12//mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\\" ignore_default = no ignore_null = no } # Loaded module rlm_unix # Loading module "unix" from file /etc/freeradius.testing-3.0.12//mods-enabled/unix unix { radwtmp = "/usr/local/radius-3.0.12/var/log/radius/radwtmp" } Creating attribute Unix-Group # Loaded module rlm_eap # Loading module "eap" from file /etc/freeradius.testing-3.0.12//mods-enabled/eap eap { default_eap_type = "ttls" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 16384 } # Loaded module rlm_detail # Loading module "auth_log" from file /etc/freeradius.testing-3.0.12//mods-enabled/detail.log detail auth_log { filename = "/usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "reply_log" from file /etc/freeradius.testing-3.0.12//mods-enabled/detail.log detail reply_log { filename = "/usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "pre_proxy_log" from file /etc/freeradius.testing-3.0.12//mods-enabled/detail.log detail pre_proxy_log { filename = "/usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "post_proxy_log" from file /etc/freeradius.testing-3.0.12//mods-enabled/detail.log detail post_proxy_log { filename = "/usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "sradutmp" from file /etc/freeradius.testing-3.0.12//mods-enabled/sradutmp radutmp sradutmp { filename = "/usr/local/radius-3.0.12/var/log/radius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Loaded module rlm_mschap # Loading module "mschap" from file /etc/freeradius.testing-3.0.12//mods-enabled/mschap mschap { use_mppe = yes require_encryption = yes require_strong = yes with_ntdomain_hack = yes passchange { } allow_retry = yes } # Loading module "exec" from file /etc/freeradius.testing-3.0.12//mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loaded module rlm_date # Loading module "date" from file /etc/freeradius.testing-3.0.12//mods-enabled/date date { format = "%b %e %Y %H:%M:%S %Z" } # Loading module "detail" from file /etc/freeradius.testing-3.0.12//mods-enabled/detail detail { filename = "/usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loaded module rlm_cache # Loading module "cache_eap" from file /etc/freeradius.testing-3.0.12//mods-enabled/cache_eap cache cache_eap { driver = "rlm_cache_rbtree" key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 0 epoch = 0 add_stats = no } # Loaded module rlm_always # Loading module "reject" from file /etc/freeradius.testing-3.0.12//mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Loading module "fail" from file /etc/freeradius.testing-3.0.12//mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Loading module "ok" from file /etc/freeradius.testing-3.0.12//mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Loading module "handled" from file /etc/freeradius.testing-3.0.12//mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Loading module "invalid" from file /etc/freeradius.testing-3.0.12//mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Loading module "userlock" from file /etc/freeradius.testing-3.0.12//mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Loading module "notfound" from file /etc/freeradius.testing-3.0.12//mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Loading module "noop" from file /etc/freeradius.testing-3.0.12//mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Loading module "updated" from file /etc/freeradius.testing-3.0.12//mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Loaded module rlm_preprocess # Loading module "preprocess" from file /etc/freeradius.testing-3.0.12//mods-enabled/preprocess preprocess { huntgroups = "/etc/freeradius.testing-3.0.12//mods-config/preprocess/huntgroups" hints = "/etc/freeradius.testing-3.0.12//mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } instantiate { } # Instantiating module "perl" from file /etc/freeradius.testing-3.0.12//mods-enabled/perl "my" variable $index_path masks earlier declaration in same scope at /etc/freeradius.testing-3.0.12//auth.pl line 254. # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius.testing-3.0.12//mods-enabled/attr_filter reading pairlist file /etc/freeradius.testing-3.0.12//mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius.testing-3.0.12//mods-enabled/attr_filter reading pairlist file /etc/freeradius.testing-3.0.12//mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /etc/freeradius.testing-3.0.12//mods-enabled/attr_filter reading pairlist file /etc/freeradius.testing-3.0.12//mods-config/attr_filter/access_reject [/etc/freeradius.testing-3.0.12//mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT". [/etc/freeradius.testing-3.0.12//mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT". # Instantiating module "attr_filter.access_challenge" from file /etc/freeradius.testing-3.0.12//mods-enabled/attr_filter reading pairlist file /etc/freeradius.testing-3.0.12//mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /etc/freeradius.testing-3.0.12//mods-enabled/attr_filter reading pairlist file /etc/freeradius.testing-3.0.12//mods-config/attr_filter/accounting_response # Instantiating module "pap" from file /etc/freeradius.testing-3.0.12//mods-enabled/pap # Instantiating module "logintime" from file /etc/freeradius.testing-3.0.12//mods-enabled/logintime # Instantiating module "files" from file /etc/freeradius.testing-3.0.12//mods-enabled/files reading pairlist file /etc/freeradius.testing-3.0.12//mods-config/files/authorize reading pairlist file /etc/freeradius.testing-3.0.12//mods-config/files/accounting reading pairlist file /etc/freeradius.testing-3.0.12//mods-config/files/pre-proxy # Instantiating module "ash-berlin.eu" from file /etc/freeradius.testing-3.0.12//mods-enabled/realm # Instantiating module "suffix" from file /etc/freeradius.testing-3.0.12//mods-enabled/realm # Instantiating module "realmpercent" from file /etc/freeradius.testing-3.0.12//mods-enabled/realm # Instantiating module "ntdomain" from file /etc/freeradius.testing-3.0.12//mods-enabled/realm # Instantiating module "eap" from file /etc/freeradius.testing-3.0.12//mods-enabled/eap # Linked to sub-module rlm_eap_md5 # Linked to sub-module rlm_eap_leap # Linked to sub-module rlm_eap_gtc gtc { challenge = "Password: " auth_type = "PAP" } # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { verify_depth = 0 ca_path = "/etc/freeradius.testing-3.0.12//certs" pem_file_type = yes private_key_file = "/etc/freeradius.testing-3.0.12//certs/server.key" certificate_file = "/etc/freeradius.testing-3.0.12//certs/server.pem" ca_file = "/etc/freeradius.testing-3.0.12//certs/ca.pem" private_key_password = <<< secret >>> dh_file = "/etc/freeradius.testing-3.0.12//certs/dh" fragment_size = 1024 include_length = yes auto_chain = yes check_crl = no check_all_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = yes lifetime = 24 max_entries = 255 } verify { skip_if_ocsp_ok = no } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes virtual_server = "eduroam-inner-tunnel" include_length = yes require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes proxy_tunneled_request_as_eap = yes virtual_server = "eduroam-inner-tunnel" soh = no require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Instantiating module "auth_log" from file /etc/freeradius.testing-3.0.12//mods-enabled/detail.log rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /etc/freeradius.testing-3.0.12//mods-enabled/detail.log # Instantiating module "pre_proxy_log" from file /etc/freeradius.testing-3.0.12//mods-enabled/detail.log # Instantiating module "post_proxy_log" from file /etc/freeradius.testing-3.0.12//mods-enabled/detail.log # Instantiating module "mschap" from file /etc/freeradius.testing-3.0.12//mods-enabled/mschap rlm_mschap (mschap): using internal authentication # Instantiating module "detail" from file /etc/freeradius.testing-3.0.12//mods-enabled/detail # Instantiating module "cache_eap" from file /etc/freeradius.testing-3.0.12//mods-enabled/cache_eap rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked # Instantiating module "reject" from file /etc/freeradius.testing-3.0.12//mods-enabled/always # Instantiating module "fail" from file /etc/freeradius.testing-3.0.12//mods-enabled/always # Instantiating module "ok" from file /etc/freeradius.testing-3.0.12//mods-enabled/always # Instantiating module "handled" from file /etc/freeradius.testing-3.0.12//mods-enabled/always # Instantiating module "invalid" from file /etc/freeradius.testing-3.0.12//mods-enabled/always # Instantiating module "userlock" from file /etc/freeradius.testing-3.0.12//mods-enabled/always # Instantiating module "notfound" from file /etc/freeradius.testing-3.0.12//mods-enabled/always # Instantiating module "noop" from file /etc/freeradius.testing-3.0.12//mods-enabled/always # Instantiating module "updated" from file /etc/freeradius.testing-3.0.12//mods-enabled/always # Instantiating module "preprocess" from file /etc/freeradius.testing-3.0.12//mods-enabled/preprocess reading pairlist file /etc/freeradius.testing-3.0.12//mods-config/preprocess/huntgroups reading pairlist file /etc/freeradius.testing-3.0.12//mods-config/preprocess/hints } # modules radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius.testing-3.0.12//radiusd.conf } # server server eduroam-inner-tunnel { # from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam-inner-tunnel # Loading authenticate {...} # Loading authorize {...} # Loading accounting {...} # Loading post-proxy {...} # Loading post-auth {...} } # server eduroam-inner-tunnel server eduroam { # from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam # Loading authenticate {...} # Loading authorize {...} # Loading preacct {...} # Loading accounting {...} # Loading pre-proxy {...} # Loading post-proxy {...} } # server eduroam /etc/freeradius.testing-3.0.12//sites-enabled/eduroam[6]: Please change "%{control:Proxy-To-Realm}" to &control:Proxy-To-Realm /etc/freeradius.testing-3.0.12//sites-enabled/eduroam[34]: Please change "%{control:Proxy-To-Realm}" to &control:Proxy-To-Realm radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 18200 } listen { type = "acct" ipaddr = * port = 18210 } Listening on auth address * port 18200 Listening on acct address * port 18210 Listening on proxy address * port 60085 Ready to process requests (0) Received Access-Request Id 0 from 172.16.1.18:1059 to 172.16.1.50:18200 length 159 (0) User-Name = "anonymous@ash-berlin.eu" (0) NAS-IP-Address = 172.16.1.18 (0) Called-Station-Id = "0018f8eebabf" (0) Calling-Station-Id = "b88687a27e96" (0) NAS-Identifier = "0018f8eebabf" (0) NAS-Port = 10 (0) Framed-MTU = 1400 (0) NAS-Port-Type = Wireless-802.11 (0) EAP-Message = 0x0200001c01616e6f6e796d6f7573406173682d6265726c696e2e6575 (0) Message-Authenticator = 0x5f065cb3719391a7aad3c651f01d1b19 (0) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (0) authorize { (0) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (0) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (0) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (0) auth_log: EXPAND %t (0) auth_log: --> Tue Oct 25 14:18:43 2016 (0) [auth_log] = ok (0) suffix: Checking for suffix after "@" (0) suffix: Looking up realm "ash-berlin.eu" for User-Name = "anonymous@ash-berlin.eu" (0) suffix: Found realm "ash-berlin.eu" (0) suffix: Adding Stripped-User-Name = "anonymous" (0) suffix: Adding Realm = "ash-berlin.eu" (0) suffix: Authentication realm is LOCAL (0) [suffix] = ok (0) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (0) ERROR: Failed retrieving values required to evaluate condition (0) [preprocess] = ok (0) files: users: Matched entry DEFAULT at line 221 (0) [files] = ok (0) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'anonymous@ash-berlin.eu' (0) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (0) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (0) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (0) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (0) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> 'b88687a27e96' (0) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (0) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (0) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:18:43 CEST' (0) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x0200001c01616e6f6e796d6f7573406173682d6265726c696e2e6575' (0) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0x5f065cb3719391a7aad3c651f01d1b19' (0) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'anonymous' (0) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (0) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (0) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (0) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (0) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'anonymous@ash-berlin.eu' (0) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (0) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (0) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (0) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> 'b88687a27e96' (0) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0x5f065cb3719391a7aad3c651f01d1b19' (0) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:18:43 CEST' (0) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x0200001c01616e6f6e796d6f7573406173682d6265726c696e2e6575' (0) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (0) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (0) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (0) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (0) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (0) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'anonymous' (0) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (0) [perl] = ok (0) eap: Peer sent EAP Response (code 2) ID 0 length 28 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (0) pap: WARNING: Authentication will fail unless a "known good" password is available (0) [pap] = noop (0) [mschap] = noop (0) } # authorize = ok (0) Found Auth-Type = Perl (0) Found Auth-Type = eap (0) ERROR: Warning: Found 2 auth-types on request for user 'anonymous@ash-berlin.eu' (0) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (0) authenticate { (0) eap: Peer sent packet with method EAP Identity (1) (0) eap: Calling submodule eap_ttls to process data (0) eap_ttls: Initiating new EAP-TLS session (0) eap_ttls: Flushing SSL sessions (of #0) (0) eap_ttls: [eaptls start] = request (0) eap: Sending EAP Request (code 1) ID 1 length 6 (0) eap: EAP session adding &reply:State = 0xe7c7e95ae7c6fc4b (0) [eap] = handled (0) } # authenticate = handled (0) Using Post-Auth-Type Challenge (0) Post-Auth-Type sub-section not found. Ignoring. (0) Sent Access-Challenge Id 0 from 172.16.1.50:18200 to 172.16.1.18:1059 length 0 (0) EAP-Message = 0x010100061520 (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0xe7c7e95ae7c6fc4b27ee651e2846f5b3 (0) Finished request Waking up in 7.9 seconds. (1) Received Access-Request Id 0 from 172.16.1.18:1061 to 172.16.1.50:18200 length 322 (1) User-Name = "anonymous@ash-berlin.eu" (1) NAS-IP-Address = 172.16.1.18 (1) Called-Station-Id = "0018f8eebabf" (1) Calling-Station-Id = "b88687a27e96" (1) NAS-Identifier = "0018f8eebabf" (1) NAS-Port = 10 (1) Framed-MTU = 1400 (1) State = 0xe7c7e95ae7c6fc4b27ee651e2846f5b3 (1) NAS-Port-Type = Wireless-802.11 (1) EAP-Message = 0x020100ad1580000000a3160303009e0100009a0303580f4da338a88639ed878c16975c8b89020a39b992b4fe98f813dc62b39d8aa400003cc02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c01300390033009d009c003d003c0035002f000a006a004000380032001300050004010000 (1) Message-Authenticator = 0x9d237d6791747ed41db142ecca9ffff7 (1) session-state: No cached attributes (1) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (1) authorize { (1) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (1) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (1) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (1) auth_log: EXPAND %t (1) auth_log: --> Tue Oct 25 14:18:43 2016 (1) [auth_log] = ok (1) suffix: Checking for suffix after "@" (1) suffix: Looking up realm "ash-berlin.eu" for User-Name = "anonymous@ash-berlin.eu" (1) suffix: Found realm "ash-berlin.eu" (1) suffix: Adding Stripped-User-Name = "anonymous" (1) suffix: Adding Realm = "ash-berlin.eu" (1) suffix: Authentication realm is LOCAL (1) [suffix] = ok (1) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (1) ERROR: Failed retrieving values required to evaluate condition (1) [preprocess] = ok (1) files: users: Matched entry DEFAULT at line 221 (1) [files] = ok (1) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'anonymous@ash-berlin.eu' (1) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (1) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (1) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (1) perl: $RAD_REQUEST{'State'} = &request:State -> '0xe7c7e95ae7c6fc4b27ee651e2846f5b3' (1) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (1) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> 'b88687a27e96' (1) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (1) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (1) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:18:43 CEST' (1) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020100ad1580000000a3160303009e0100009a0303580f4da338a88639ed878c16975c8b89020a39b992b4fe98f813dc62b39d8aa400003cc02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c01300390033009d009c003d003c0035002f000a006a00400038003200130005000401000035000a0006000400170018000b00020100000d001400120601060304010501020104030503020302020023000000170000ff01000100' (1) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0x9d237d6791747ed41db142ecca9ffff7' (1) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'anonymous' (1) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (1) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (1) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (1) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (1) perl: &request:State = $RAD_REQUEST{'State'} -> '0xe7c7e95ae7c6fc4b27ee651e2846f5b3' (1) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'anonymous@ash-berlin.eu' (1) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (1) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (1) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (1) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> 'b88687a27e96' (1) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0x9d237d6791747ed41db142ecca9ffff7' (1) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:18:43 CEST' (1) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020100ad1580000000a3160303009e0100009a0303580f4da338a88639ed878c16975c8b89020a39b992b4fe98f813dc62b39d8aa400003cc02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c01300390033009d009c003d003c0035002f000a006a00400038003200130005000401000035000a0006000400170018000b00020100000d001400120601060304010501020104030503020302020023000000170000ff01000100' (1) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (1) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (1) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (1) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (1) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (1) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'anonymous' (1) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (1) [perl] = ok (1) eap: Peer sent EAP Response (code 2) ID 1 length 173 (1) eap: Continuing tunnel setup (1) [eap] = ok (1) [pap] = noop (1) [mschap] = noop (1) } # authorize = ok (1) Found Auth-Type = Perl (1) Found Auth-Type = eap (1) ERROR: Warning: Found 2 auth-types on request for user 'anonymous@ash-berlin.eu' (1) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (1) authenticate { (1) eap: Expiring EAP session with state 0xe7c7e95ae7c6fc4b (1) eap: Finished EAP session with state 0xe7c7e95ae7c6fc4b (1) eap: Previous EAP request found for state 0xe7c7e95ae7c6fc4b, released from the list (1) eap: Peer sent packet with method EAP TTLS (21) (1) eap: Calling submodule eap_ttls to process data (1) eap_ttls: Authenticate (1) eap_ttls: Continuing EAP-TLS (1) eap_ttls: Peer indicated complete TLS record size will be 163 bytes (1) eap_ttls: Got complete TLS record (163 bytes) (1) eap_ttls: [eaptls verify] = length included (1) eap_ttls: (other): before/accept initialization (1) eap_ttls: TLS_accept: before/accept initialization (1) eap_ttls: <<< recv TLS 1.2 [length 009e] (1) eap_ttls: TLS_accept: unknown state (1) eap_ttls: >>> send TLS 1.2 [length 0059] (1) eap_ttls: TLS_accept: unknown state (1) eap_ttls: >>> send TLS 1.2 [length 144b] (1) eap_ttls: TLS_accept: unknown state (1) eap_ttls: >>> send TLS 1.2 [length 014d] (1) eap_ttls: TLS_accept: unknown state (1) eap_ttls: >>> send TLS 1.2 [length 0004] (1) eap_ttls: TLS_accept: unknown state (1) eap_ttls: TLS_accept: unknown state (1) eap_ttls: TLS_accept: Need to read more data: unknown state (1) eap_ttls: TLS_accept: Need to read more data: unknown state (1) eap_ttls: In SSL Handshake Phase (1) eap_ttls: In SSL Accept mode (1) eap_ttls: [eaptls process] = handled (1) eap: Sending EAP Request (code 1) ID 2 length 1004 (1) eap: EAP session adding &reply:State = 0xe7c7e95ae6c5fc4b (1) [eap] = handled (1) } # authenticate = handled (1) Using Post-Auth-Type Challenge (1) Post-Auth-Type sub-section not found. Ignoring. (1) Sent Access-Challenge Id 0 from 172.16.1.50:18200 to 172.16.1.18:1061 length 0 (1) EAP-Message = 0x010203ec15c000001609160303005902000055030357eb426c79f5e95e8d37b3a7fee90cf65d693b7708efee29362a3679d533c11d20da746e929b0f52354b17e6e4655f5c7a4c45746cf88eb47ae5d82d0e5269cb6ac03000000dff01000100000b000403000102160303144b0b00144700144400061e (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) State = 0xe7c7e95ae6c5fc4b27ee651e2846f5b3 (1) Finished request Waking up in 7.9 seconds. (2) Received Access-Request Id 0 from 172.16.1.18:1063 to 172.16.1.50:18200 length 155 (2) User-Name = "anonymous@ash-berlin.eu" (2) NAS-IP-Address = 172.16.1.18 (2) Called-Station-Id = "0018f8eebabf" (2) Calling-Station-Id = "b88687a27e96" (2) NAS-Identifier = "0018f8eebabf" (2) NAS-Port = 10 (2) Framed-MTU = 1400 (2) State = 0xe7c7e95ae6c5fc4b27ee651e2846f5b3 (2) NAS-Port-Type = Wireless-802.11 (2) EAP-Message = 0x020200061500 (2) Message-Authenticator = 0xb0dab238fb521cf4a728f291617b15f2 (2) session-state: No cached attributes (2) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (2) authorize { (2) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (2) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (2) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (2) auth_log: EXPAND %t (2) auth_log: --> Tue Oct 25 14:18:43 2016 (2) [auth_log] = ok (2) suffix: Checking for suffix after "@" (2) suffix: Looking up realm "ash-berlin.eu" for User-Name = "anonymous@ash-berlin.eu" (2) suffix: Found realm "ash-berlin.eu" (2) suffix: Adding Stripped-User-Name = "anonymous" (2) suffix: Adding Realm = "ash-berlin.eu" (2) suffix: Authentication realm is LOCAL (2) [suffix] = ok (2) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (2) ERROR: Failed retrieving values required to evaluate condition (2) [preprocess] = ok (2) files: users: Matched entry DEFAULT at line 221 (2) [files] = ok (2) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'anonymous@ash-berlin.eu' (2) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (2) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (2) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (2) perl: $RAD_REQUEST{'State'} = &request:State -> '0xe7c7e95ae6c5fc4b27ee651e2846f5b3' (2) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (2) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> 'b88687a27e96' (2) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (2) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (2) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:18:43 CEST' (2) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020200061500' (2) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0xb0dab238fb521cf4a728f291617b15f2' (2) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'anonymous' (2) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (2) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (2) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (2) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (2) perl: &request:State = $RAD_REQUEST{'State'} -> '0xe7c7e95ae6c5fc4b27ee651e2846f5b3' (2) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'anonymous@ash-berlin.eu' (2) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (2) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (2) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (2) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> 'b88687a27e96' (2) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0xb0dab238fb521cf4a728f291617b15f2' (2) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:18:43 CEST' (2) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020200061500' (2) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (2) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (2) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (2) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (2) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (2) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'anonymous' (2) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (2) [perl] = ok (2) eap: Peer sent EAP Response (code 2) ID 2 length 6 (2) eap: Continuing tunnel setup (2) [eap] = ok (2) [pap] = noop (2) [mschap] = noop (2) } # authorize = ok (2) Found Auth-Type = Perl (2) Found Auth-Type = eap (2) ERROR: Warning: Found 2 auth-types on request for user 'anonymous@ash-berlin.eu' (2) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (2) authenticate { (2) eap: Expiring EAP session with state 0xe7c7e95ae6c5fc4b (2) eap: Finished EAP session with state 0xe7c7e95ae6c5fc4b (2) eap: Previous EAP request found for state 0xe7c7e95ae6c5fc4b, released from the list (2) eap: Peer sent packet with method EAP TTLS (21) (2) eap: Calling submodule eap_ttls to process data (2) eap_ttls: Authenticate (2) eap_ttls: Continuing EAP-TLS (2) eap_ttls: Peer ACKed our handshake fragment (2) eap_ttls: [eaptls verify] = request (2) eap_ttls: [eaptls process] = handled (2) eap: Sending EAP Request (code 1) ID 3 length 1004 (2) eap: EAP session adding &reply:State = 0xe7c7e95ae5c4fc4b (2) [eap] = handled (2) } # authenticate = handled (2) Using Post-Auth-Type Challenge (2) Post-Auth-Type sub-section not found. Ignoring. (2) Sent Access-Challenge Id 0 from 172.16.1.50:18200 to 172.16.1.18:1063 length 0 (2) EAP-Message = 0x010303ec15c0000016096e2e64652f6173682d6265726c696e2d63612f7075622f63726c2f636163726c2e63726c303ca03aa0388636687474703a2f2f636470322e7063612e64666e2e64652f6173682d6265726c696e2d63612f7075622f63726c2f636163726c2e63726c3081d506082b0601050507 (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0xe7c7e95ae5c4fc4b27ee651e2846f5b3 (2) Finished request Waking up in 7.9 seconds. (3) Received Access-Request Id 0 from 172.16.1.18:1065 to 172.16.1.50:18200 length 155 (3) User-Name = "anonymous@ash-berlin.eu" (3) NAS-IP-Address = 172.16.1.18 (3) Called-Station-Id = "0018f8eebabf" (3) Calling-Station-Id = "b88687a27e96" (3) NAS-Identifier = "0018f8eebabf" (3) NAS-Port = 10 (3) Framed-MTU = 1400 (3) State = 0xe7c7e95ae5c4fc4b27ee651e2846f5b3 (3) NAS-Port-Type = Wireless-802.11 (3) EAP-Message = 0x020300061500 (3) Message-Authenticator = 0x4d58f0f8dab4d53cb2393b70499823e4 (3) session-state: No cached attributes (3) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (3) authorize { (3) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (3) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (3) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (3) auth_log: EXPAND %t (3) auth_log: --> Tue Oct 25 14:18:43 2016 (3) [auth_log] = ok (3) suffix: Checking for suffix after "@" (3) suffix: Looking up realm "ash-berlin.eu" for User-Name = "anonymous@ash-berlin.eu" (3) suffix: Found realm "ash-berlin.eu" (3) suffix: Adding Stripped-User-Name = "anonymous" (3) suffix: Adding Realm = "ash-berlin.eu" (3) suffix: Authentication realm is LOCAL (3) [suffix] = ok (3) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (3) ERROR: Failed retrieving values required to evaluate condition (3) [preprocess] = ok (3) files: users: Matched entry DEFAULT at line 221 (3) [files] = ok (3) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'anonymous@ash-berlin.eu' (3) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (3) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (3) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (3) perl: $RAD_REQUEST{'State'} = &request:State -> '0xe7c7e95ae5c4fc4b27ee651e2846f5b3' (3) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (3) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> 'b88687a27e96' (3) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (3) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (3) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:18:43 CEST' (3) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020300061500' (3) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0x4d58f0f8dab4d53cb2393b70499823e4' (3) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'anonymous' (3) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (3) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (3) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (3) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (3) perl: &request:State = $RAD_REQUEST{'State'} -> '0xe7c7e95ae5c4fc4b27ee651e2846f5b3' (3) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'anonymous@ash-berlin.eu' (3) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (3) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (3) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (3) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> 'b88687a27e96' (3) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0x4d58f0f8dab4d53cb2393b70499823e4' (3) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:18:43 CEST' (3) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020300061500' (3) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (3) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (3) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (3) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (3) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (3) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'anonymous' (3) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (3) [perl] = ok (3) eap: Peer sent EAP Response (code 2) ID 3 length 6 (3) eap: Continuing tunnel setup (3) [eap] = ok (3) [pap] = noop (3) [mschap] = noop (3) } # authorize = ok (3) Found Auth-Type = Perl (3) Found Auth-Type = eap (3) ERROR: Warning: Found 2 auth-types on request for user 'anonymous@ash-berlin.eu' (3) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (3) authenticate { (3) eap: Expiring EAP session with state 0xe7c7e95ae5c4fc4b (3) eap: Finished EAP session with state 0xe7c7e95ae5c4fc4b (3) eap: Previous EAP request found for state 0xe7c7e95ae5c4fc4b, released from the list (3) eap: Peer sent packet with method EAP TTLS (21) (3) eap: Calling submodule eap_ttls to process data (3) eap_ttls: Authenticate (3) eap_ttls: Continuing EAP-TLS (3) eap_ttls: Peer ACKed our handshake fragment (3) eap_ttls: [eaptls verify] = request (3) eap_ttls: [eaptls process] = handled (3) eap: Sending EAP Request (code 1) ID 4 length 1004 (3) eap: EAP session adding &reply:State = 0xe7c7e95ae4c3fc4b (3) [eap] = handled (3) } # authenticate = handled (3) Using Post-Auth-Type Challenge (3) Post-Auth-Type sub-section not found. Ignoring. (3) Sent Access-Challenge Id 0 from 172.16.1.50:18200 to 172.16.1.18:1065 length 0 (3) EAP-Message = 0x010403ec15c00000160901090116106361406173682d6265726c696e2e657530820122300d06092a864886f70d01010105000382010f003082010a0282010100ad53771db4be88e9d154d793618b2b021a5f5566e84910b2e07600cf25e19c417a2d3bb78d31093aa77586abfc36eed19e340e25e5fe11 (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) State = 0xe7c7e95ae4c3fc4b27ee651e2846f5b3 (3) Finished request Waking up in 7.9 seconds. (4) Received Access-Request Id 0 from 172.16.1.18:1067 to 172.16.1.50:18200 length 155 (4) User-Name = "anonymous@ash-berlin.eu" (4) NAS-IP-Address = 172.16.1.18 (4) Called-Station-Id = "0018f8eebabf" (4) Calling-Station-Id = "b88687a27e96" (4) NAS-Identifier = "0018f8eebabf" (4) NAS-Port = 10 (4) Framed-MTU = 1400 (4) State = 0xe7c7e95ae4c3fc4b27ee651e2846f5b3 (4) NAS-Port-Type = Wireless-802.11 (4) EAP-Message = 0x020400061500 (4) Message-Authenticator = 0x850d1f1bf4a72e42c06a59e9c783d9c6 (4) session-state: No cached attributes (4) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (4) authorize { (4) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (4) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (4) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (4) auth_log: EXPAND %t (4) auth_log: --> Tue Oct 25 14:18:43 2016 (4) [auth_log] = ok (4) suffix: Checking for suffix after "@" (4) suffix: Looking up realm "ash-berlin.eu" for User-Name = "anonymous@ash-berlin.eu" (4) suffix: Found realm "ash-berlin.eu" (4) suffix: Adding Stripped-User-Name = "anonymous" (4) suffix: Adding Realm = "ash-berlin.eu" (4) suffix: Authentication realm is LOCAL (4) [suffix] = ok (4) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (4) ERROR: Failed retrieving values required to evaluate condition (4) [preprocess] = ok (4) files: users: Matched entry DEFAULT at line 221 (4) [files] = ok (4) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'anonymous@ash-berlin.eu' (4) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (4) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (4) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (4) perl: $RAD_REQUEST{'State'} = &request:State -> '0xe7c7e95ae4c3fc4b27ee651e2846f5b3' (4) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (4) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> 'b88687a27e96' (4) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (4) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (4) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:18:43 CEST' (4) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020400061500' (4) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0x850d1f1bf4a72e42c06a59e9c783d9c6' (4) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'anonymous' (4) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (4) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (4) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (4) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (4) perl: &request:State = $RAD_REQUEST{'State'} -> '0xe7c7e95ae4c3fc4b27ee651e2846f5b3' (4) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'anonymous@ash-berlin.eu' (4) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (4) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (4) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (4) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> 'b88687a27e96' (4) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0x850d1f1bf4a72e42c06a59e9c783d9c6' (4) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:18:43 CEST' (4) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020400061500' (4) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (4) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (4) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (4) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (4) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (4) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'anonymous' (4) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (4) [perl] = ok (4) eap: Peer sent EAP Response (code 2) ID 4 length 6 (4) eap: Continuing tunnel setup (4) [eap] = ok (4) [pap] = noop (4) [mschap] = noop (4) } # authorize = ok (4) Found Auth-Type = Perl (4) Found Auth-Type = eap (4) ERROR: Warning: Found 2 auth-types on request for user 'anonymous@ash-berlin.eu' (4) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (4) authenticate { (4) eap: Expiring EAP session with state 0xe7c7e95ae4c3fc4b (4) eap: Finished EAP session with state 0xe7c7e95ae4c3fc4b (4) eap: Previous EAP request found for state 0xe7c7e95ae4c3fc4b, released from the list (4) eap: Peer sent packet with method EAP TTLS (21) (4) eap: Calling submodule eap_ttls to process data (4) eap_ttls: Authenticate (4) eap_ttls: Continuing EAP-TLS (4) eap_ttls: Peer ACKed our handshake fragment (4) eap_ttls: [eaptls verify] = request (4) eap_ttls: [eaptls process] = handled (4) eap: Sending EAP Request (code 1) ID 5 length 1004 (4) eap: EAP session adding &reply:State = 0xe7c7e95ae3c2fc4b (4) [eap] = handled (4) } # authenticate = handled (4) Using Post-Auth-Type Challenge (4) Post-Auth-Type sub-section not found. Ignoring. (4) Sent Access-Challenge Id 0 from 172.16.1.50:18200 to 172.16.1.18:1067 length 0 (4) EAP-Message = 0x010503ec15c0000016096ec4f1382edb126aee240b8ec64dab8808b8fbc4a5ad8498f974ee1fedb0b4ec2ddb8940d2ce9182eefec98a3424e55224115096df91c024701ff1cef1b595de2f897b89866822f6b7c2ac53aca824b1031ec6e57be92b407c2ff2417c4e5fd6dfccd8c33e03fe115f8cc8502f (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0xe7c7e95ae3c2fc4b27ee651e2846f5b3 (4) Finished request Waking up in 7.9 seconds. (5) Received Access-Request Id 0 from 172.16.1.18:1069 to 172.16.1.50:18200 length 155 (5) User-Name = "anonymous@ash-berlin.eu" (5) NAS-IP-Address = 172.16.1.18 (5) Called-Station-Id = "0018f8eebabf" (5) Calling-Station-Id = "b88687a27e96" (5) NAS-Identifier = "0018f8eebabf" (5) NAS-Port = 10 (5) Framed-MTU = 1400 (5) State = 0xe7c7e95ae3c2fc4b27ee651e2846f5b3 (5) NAS-Port-Type = Wireless-802.11 (5) EAP-Message = 0x020500061500 (5) Message-Authenticator = 0x558e1f3618c7f4bd672bd4fa27650147 (5) session-state: No cached attributes (5) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (5) authorize { (5) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (5) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (5) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (5) auth_log: EXPAND %t (5) auth_log: --> Tue Oct 25 14:18:43 2016 (5) [auth_log] = ok (5) suffix: Checking for suffix after "@" (5) suffix: Looking up realm "ash-berlin.eu" for User-Name = "anonymous@ash-berlin.eu" (5) suffix: Found realm "ash-berlin.eu" (5) suffix: Adding Stripped-User-Name = "anonymous" (5) suffix: Adding Realm = "ash-berlin.eu" (5) suffix: Authentication realm is LOCAL (5) [suffix] = ok (5) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (5) ERROR: Failed retrieving values required to evaluate condition (5) [preprocess] = ok (5) files: users: Matched entry DEFAULT at line 221 (5) [files] = ok (5) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'anonymous@ash-berlin.eu' (5) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (5) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (5) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (5) perl: $RAD_REQUEST{'State'} = &request:State -> '0xe7c7e95ae3c2fc4b27ee651e2846f5b3' (5) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (5) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> 'b88687a27e96' (5) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (5) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (5) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:18:43 CEST' (5) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020500061500' (5) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0x558e1f3618c7f4bd672bd4fa27650147' (5) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'anonymous' (5) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (5) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (5) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (5) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (5) perl: &request:State = $RAD_REQUEST{'State'} -> '0xe7c7e95ae3c2fc4b27ee651e2846f5b3' (5) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'anonymous@ash-berlin.eu' (5) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (5) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (5) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (5) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> 'b88687a27e96' (5) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0x558e1f3618c7f4bd672bd4fa27650147' (5) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:18:43 CEST' (5) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020500061500' (5) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (5) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (5) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (5) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (5) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (5) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'anonymous' (5) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (5) [perl] = ok (5) eap: Peer sent EAP Response (code 2) ID 5 length 6 (5) eap: Continuing tunnel setup (5) [eap] = ok (5) [pap] = noop (5) [mschap] = noop (5) } # authorize = ok (5) Found Auth-Type = Perl (5) Found Auth-Type = eap (5) ERROR: Warning: Found 2 auth-types on request for user 'anonymous@ash-berlin.eu' (5) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (5) authenticate { (5) eap: Expiring EAP session with state 0xe7c7e95ae3c2fc4b (5) eap: Finished EAP session with state 0xe7c7e95ae3c2fc4b (5) eap: Previous EAP request found for state 0xe7c7e95ae3c2fc4b, released from the list (5) eap: Peer sent packet with method EAP TTLS (21) (5) eap: Calling submodule eap_ttls to process data (5) eap_ttls: Authenticate (5) eap_ttls: Continuing EAP-TLS (5) eap_ttls: Peer ACKed our handshake fragment (5) eap_ttls: [eaptls verify] = request (5) eap_ttls: [eaptls process] = handled (5) eap: Sending EAP Request (code 1) ID 6 length 1004 (5) eap: EAP session adding &reply:State = 0xe7c7e95ae2c1fc4b (5) [eap] = handled (5) } # authenticate = handled (5) Using Post-Auth-Type Challenge (5) Post-Auth-Type sub-section not found. Ignoring. (5) Sent Access-Challenge Id 0 from 172.16.1.50:18200 to 172.16.1.18:1069 length 0 (5) EAP-Message = 0x010603ec15c000001609306a302c06082b060105050730018620687474703a2f2f6f637370303333362e74656c657365632e64652f6f63737072303a06082b06010505073002862e687474703a2f2f706b69303333362e74656c657365632e64652f6372742f44545f524f4f545f43415f322e63657230 (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) State = 0xe7c7e95ae2c1fc4b27ee651e2846f5b3 (5) Finished request Waking up in 7.9 seconds. (6) Received Access-Request Id 0 from 172.16.1.18:1071 to 172.16.1.50:18200 length 155 (6) User-Name = "anonymous@ash-berlin.eu" (6) NAS-IP-Address = 172.16.1.18 (6) Called-Station-Id = "0018f8eebabf" (6) Calling-Station-Id = "b88687a27e96" (6) NAS-Identifier = "0018f8eebabf" (6) NAS-Port = 10 (6) Framed-MTU = 1400 (6) State = 0xe7c7e95ae2c1fc4b27ee651e2846f5b3 (6) NAS-Port-Type = Wireless-802.11 (6) EAP-Message = 0x020600061500 (6) Message-Authenticator = 0x630b58b7d7adda5e0aea9dd79223ab29 (6) session-state: No cached attributes (6) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (6) authorize { (6) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (6) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (6) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (6) auth_log: EXPAND %t (6) auth_log: --> Tue Oct 25 14:18:43 2016 (6) [auth_log] = ok (6) suffix: Checking for suffix after "@" (6) suffix: Looking up realm "ash-berlin.eu" for User-Name = "anonymous@ash-berlin.eu" (6) suffix: Found realm "ash-berlin.eu" (6) suffix: Adding Stripped-User-Name = "anonymous" (6) suffix: Adding Realm = "ash-berlin.eu" (6) suffix: Authentication realm is LOCAL (6) [suffix] = ok (6) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (6) ERROR: Failed retrieving values required to evaluate condition (6) [preprocess] = ok (6) files: users: Matched entry DEFAULT at line 221 (6) [files] = ok (6) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'anonymous@ash-berlin.eu' (6) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (6) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (6) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (6) perl: $RAD_REQUEST{'State'} = &request:State -> '0xe7c7e95ae2c1fc4b27ee651e2846f5b3' (6) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (6) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> 'b88687a27e96' (6) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (6) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (6) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:18:43 CEST' (6) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020600061500' (6) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0x630b58b7d7adda5e0aea9dd79223ab29' (6) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'anonymous' (6) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (6) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (6) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (6) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (6) perl: &request:State = $RAD_REQUEST{'State'} -> '0xe7c7e95ae2c1fc4b27ee651e2846f5b3' (6) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'anonymous@ash-berlin.eu' (6) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (6) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (6) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (6) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> 'b88687a27e96' (6) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0x630b58b7d7adda5e0aea9dd79223ab29' (6) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:18:43 CEST' (6) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020600061500' (6) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (6) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (6) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (6) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (6) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (6) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'anonymous' (6) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (6) [perl] = ok (6) eap: Peer sent EAP Response (code 2) ID 6 length 6 (6) eap: Continuing tunnel setup (6) [eap] = ok (6) [pap] = noop (6) [mschap] = noop (6) } # authorize = ok (6) Found Auth-Type = Perl (6) Found Auth-Type = eap (6) ERROR: Warning: Found 2 auth-types on request for user 'anonymous@ash-berlin.eu' (6) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (6) authenticate { (6) eap: Expiring EAP session with state 0xe7c7e95ae2c1fc4b (6) eap: Finished EAP session with state 0xe7c7e95ae2c1fc4b (6) eap: Previous EAP request found for state 0xe7c7e95ae2c1fc4b, released from the list (6) eap: Peer sent packet with method EAP TTLS (21) (6) eap: Calling submodule eap_ttls to process data (6) eap_ttls: Authenticate (6) eap_ttls: Continuing EAP-TLS (6) eap_ttls: Peer ACKed our handshake fragment (6) eap_ttls: [eaptls verify] = request (6) eap_ttls: [eaptls process] = handled (6) eap: Sending EAP Request (code 1) ID 7 length 681 (6) eap: EAP session adding &reply:State = 0xe7c7e95ae1c0fc4b (6) [eap] = handled (6) } # authenticate = handled (6) Using Post-Auth-Type Challenge (6) Post-Auth-Type sub-section not found. Ignoring. (6) Sent Access-Challenge Id 0 from 172.16.1.50:18200 to 172.16.1.18:1071 length 0 (6) EAP-Message = 0x010702a9158000001609f553d717e0897a2d176c0ab32b9d33300f0603551d13040830060101ff020105300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100946459ad3964e729eb13fe5ac38b1357c80424f07477c060e367fbe989a683bf96827c6ed4c33def9e (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0xe7c7e95ae1c0fc4b27ee651e2846f5b3 (6) Finished request Waking up in 7.9 seconds. (7) Received Access-Request Id 0 from 172.16.1.18:1073 to 172.16.1.50:18200 length 285 (7) User-Name = "anonymous@ash-berlin.eu" (7) NAS-IP-Address = 172.16.1.18 (7) Called-Station-Id = "0018f8eebabf" (7) Calling-Station-Id = "b88687a27e96" (7) NAS-Identifier = "0018f8eebabf" (7) NAS-Port = 10 (7) Framed-MTU = 1400 (7) State = 0xe7c7e95ae1c0fc4b27ee651e2846f5b3 (7) NAS-Port-Type = Wireless-802.11 (7) EAP-Message = 0x0207008815800000007e1603030046100000424104bdc697ad1e55a42fcf88ecd3e4356e139d6860fb9669e6ab0335105053a96092f8731b9e287f4e0ecbf27fe5145206bf73241560572337d1c44363757527b5771403030001011603030028000000000000000094e4b4e07ff58ea469086eb688b16c (7) Message-Authenticator = 0xf679755c718648d241a1d6ab118d2f22 (7) session-state: No cached attributes (7) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (7) authorize { (7) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (7) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (7) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (7) auth_log: EXPAND %t (7) auth_log: --> Tue Oct 25 14:18:43 2016 (7) [auth_log] = ok (7) suffix: Checking for suffix after "@" (7) suffix: Looking up realm "ash-berlin.eu" for User-Name = "anonymous@ash-berlin.eu" (7) suffix: Found realm "ash-berlin.eu" (7) suffix: Adding Stripped-User-Name = "anonymous" (7) suffix: Adding Realm = "ash-berlin.eu" (7) suffix: Authentication realm is LOCAL (7) [suffix] = ok (7) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (7) ERROR: Failed retrieving values required to evaluate condition (7) [preprocess] = ok (7) files: users: Matched entry DEFAULT at line 221 (7) [files] = ok (7) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'anonymous@ash-berlin.eu' (7) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (7) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (7) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (7) perl: $RAD_REQUEST{'State'} = &request:State -> '0xe7c7e95ae1c0fc4b27ee651e2846f5b3' (7) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (7) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> 'b88687a27e96' (7) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (7) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (7) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:18:43 CEST' (7) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x0207008815800000007e1603030046100000424104bdc697ad1e55a42fcf88ecd3e4356e139d6860fb9669e6ab0335105053a96092f8731b9e287f4e0ecbf27fe5145206bf73241560572337d1c44363757527b5771403030001011603030028000000000000000094e4b4e07ff58ea469086eb688b16c42ccace85ebf504dc78fec465a7bfcf2dd' (7) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0xf679755c718648d241a1d6ab118d2f22' (7) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'anonymous' (7) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (7) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (7) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (7) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (7) perl: &request:State = $RAD_REQUEST{'State'} -> '0xe7c7e95ae1c0fc4b27ee651e2846f5b3' (7) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'anonymous@ash-berlin.eu' (7) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (7) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (7) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (7) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> 'b88687a27e96' (7) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0xf679755c718648d241a1d6ab118d2f22' (7) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:18:43 CEST' (7) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x0207008815800000007e1603030046100000424104bdc697ad1e55a42fcf88ecd3e4356e139d6860fb9669e6ab0335105053a96092f8731b9e287f4e0ecbf27fe5145206bf73241560572337d1c44363757527b5771403030001011603030028000000000000000094e4b4e07ff58ea469086eb688b16c42ccace85ebf504dc78fec465a7bfcf2dd' (7) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (7) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (7) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (7) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (7) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (7) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'anonymous' (7) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (7) [perl] = ok (7) eap: Peer sent EAP Response (code 2) ID 7 length 136 (7) eap: Continuing tunnel setup (7) [eap] = ok (7) [pap] = noop (7) [mschap] = noop (7) } # authorize = ok (7) Found Auth-Type = Perl (7) Found Auth-Type = eap (7) ERROR: Warning: Found 2 auth-types on request for user 'anonymous@ash-berlin.eu' (7) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (7) authenticate { (7) eap: Expiring EAP session with state 0xe7c7e95ae1c0fc4b (7) eap: Finished EAP session with state 0xe7c7e95ae1c0fc4b (7) eap: Previous EAP request found for state 0xe7c7e95ae1c0fc4b, released from the list (7) eap: Peer sent packet with method EAP TTLS (21) (7) eap: Calling submodule eap_ttls to process data (7) eap_ttls: Authenticate (7) eap_ttls: Continuing EAP-TLS (7) eap_ttls: Peer indicated complete TLS record size will be 126 bytes (7) eap_ttls: Got complete TLS record (126 bytes) (7) eap_ttls: [eaptls verify] = length included (7) eap_ttls: <<< recv TLS 1.2 [length 0046] (7) eap_ttls: TLS_accept: unknown state (7) eap_ttls: TLS_accept: unknown state (7) eap_ttls: <<< recv TLS 1.2 [length 0001] (7) eap_ttls: <<< recv TLS 1.2 [length 0010] (7) eap_ttls: TLS_accept: unknown state (7) eap_ttls: >>> send TLS 1.2 [length 0001] (7) eap_ttls: TLS_accept: unknown state (7) eap_ttls: >>> send TLS 1.2 [length 0010] (7) eap_ttls: TLS_accept: unknown state (7) eap_ttls: TLS_accept: unknown state (7) eap_ttls: (other): SSL negotiation finished successfully (7) eap_ttls: SSL Connection Established (7) eap_ttls: [eaptls process] = handled (7) eap: Sending EAP Request (code 1) ID 8 length 61 (7) eap: EAP session adding &reply:State = 0xe7c7e95ae0cffc4b (7) [eap] = handled (7) } # authenticate = handled (7) Using Post-Auth-Type Challenge (7) Post-Auth-Type sub-section not found. Ignoring. (7) Sent Access-Challenge Id 0 from 172.16.1.50:18200 to 172.16.1.18:1073 length 0 (7) EAP-Message = 0x0108003d15800000003314030300010116030300287a75b327945033e080524a0bf36250d8f6f3edfd8e088f87fac004479307129af794be9914f5dc52 (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0xe7c7e95ae0cffc4b27ee651e2846f5b3 (7) Finished request Waking up in 7.9 seconds. (8) Received Access-Request Id 0 from 172.16.1.18:1075 to 172.16.1.50:18200 length 236 (8) User-Name = "anonymous@ash-berlin.eu" (8) NAS-IP-Address = 172.16.1.18 (8) Called-Station-Id = "0018f8eebabf" (8) Calling-Station-Id = "b88687a27e96" (8) NAS-Identifier = "0018f8eebabf" (8) NAS-Port = 10 (8) Framed-MTU = 1400 (8) State = 0xe7c7e95ae0cffc4b27ee651e2846f5b3 (8) NAS-Port-Type = Wireless-802.11 (8) EAP-Message = 0x0208005715800000004d1703030048000000000000000125f1f3350f5125e4910af247dc041dc1784172b0b6b9b87185ff1363331d508b03d735cc08ecf6aa2cf9ce86db0bf6a718f4f7347ab1e85a20d72a1bde5b8943 (8) Message-Authenticator = 0x575f6861f599df90a2de4ab840157262 (8) session-state: No cached attributes (8) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (8) authorize { (8) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (8) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (8) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (8) auth_log: EXPAND %t (8) auth_log: --> Tue Oct 25 14:18:43 2016 (8) [auth_log] = ok (8) suffix: Checking for suffix after "@" (8) suffix: Looking up realm "ash-berlin.eu" for User-Name = "anonymous@ash-berlin.eu" (8) suffix: Found realm "ash-berlin.eu" (8) suffix: Adding Stripped-User-Name = "anonymous" (8) suffix: Adding Realm = "ash-berlin.eu" (8) suffix: Authentication realm is LOCAL (8) [suffix] = ok (8) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (8) ERROR: Failed retrieving values required to evaluate condition (8) [preprocess] = ok (8) files: users: Matched entry DEFAULT at line 221 (8) [files] = ok (8) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'anonymous@ash-berlin.eu' (8) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (8) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (8) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (8) perl: $RAD_REQUEST{'State'} = &request:State -> '0xe7c7e95ae0cffc4b27ee651e2846f5b3' (8) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (8) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> 'b88687a27e96' (8) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (8) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (8) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:18:43 CEST' (8) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x0208005715800000004d1703030048000000000000000125f1f3350f5125e4910af247dc041dc1784172b0b6b9b87185ff1363331d508b03d735cc08ecf6aa2cf9ce86db0bf6a718f4f7347ab1e85a20d72a1bde5b8943' (8) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0x575f6861f599df90a2de4ab840157262' (8) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'anonymous' (8) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (8) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (8) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (8) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (8) perl: &request:State = $RAD_REQUEST{'State'} -> '0xe7c7e95ae0cffc4b27ee651e2846f5b3' (8) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'anonymous@ash-berlin.eu' (8) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (8) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (8) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (8) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> 'b88687a27e96' (8) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0x575f6861f599df90a2de4ab840157262' (8) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:18:43 CEST' (8) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x0208005715800000004d1703030048000000000000000125f1f3350f5125e4910af247dc041dc1784172b0b6b9b87185ff1363331d508b03d735cc08ecf6aa2cf9ce86db0bf6a718f4f7347ab1e85a20d72a1bde5b8943' (8) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (8) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (8) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (8) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (8) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (8) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'anonymous' (8) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (8) [perl] = ok (8) eap: Peer sent EAP Response (code 2) ID 8 length 87 (8) eap: Continuing tunnel setup (8) [eap] = ok (8) [pap] = noop (8) [mschap] = noop (8) } # authorize = ok (8) Found Auth-Type = Perl (8) Found Auth-Type = eap (8) ERROR: Warning: Found 2 auth-types on request for user 'anonymous@ash-berlin.eu' (8) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (8) authenticate { (8) eap: Expiring EAP session with state 0xe7c7e95ae0cffc4b (8) eap: Finished EAP session with state 0xe7c7e95ae0cffc4b (8) eap: Previous EAP request found for state 0xe7c7e95ae0cffc4b, released from the list (8) eap: Peer sent packet with method EAP TTLS (21) (8) eap: Calling submodule eap_ttls to process data (8) eap_ttls: Authenticate (8) eap_ttls: Continuing EAP-TLS (8) eap_ttls: Peer indicated complete TLS record size will be 77 bytes (8) eap_ttls: Got complete TLS record (77 bytes) (8) eap_ttls: [eaptls verify] = length included (8) eap_ttls: [eaptls process] = ok (8) eap_ttls: Session established. Proceeding to decode tunneled attributes (8) eap_ttls: Got tunneled request (8) eap_ttls: User-Name = "caemmerer@ash-berlin.eu" (8) eap_ttls: User-Password = "" (8) eap_ttls: FreeRADIUS-Proxied-To = 127.0.0.1 (8) eap_ttls: Sending tunneled request (8) Virtual server eduroam-inner-tunnel received request (8) User-Name = "caemmerer@ash-berlin.eu" (8) User-Password = "" (8) FreeRADIUS-Proxied-To = 127.0.0.1 (8) Framed-MTU = 1400 (8) NAS-Port = 10 (8) Calling-Station-Id = "b88687a27e96" (8) Event-Timestamp = "Jan 1 1970 01:00:00 CET" (8) NAS-Identifier = "0018f8eebabf" (8) NAS-Port-Type = Wireless-802.11 (8) NAS-IP-Address = 172.16.1.18 (8) Called-Station-Id = "0018f8eebabf" (8) server eduroam-inner-tunnel { (8) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam-inner-tunnel (8) authorize { (8) [preprocess] = ok (8) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (8) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (8) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (8) auth_log: EXPAND %t (8) auth_log: --> Tue Oct 25 14:18:43 2016 (8) [auth_log] = ok (8) files: users: Matched entry DEFAULT at line 221 (8) [files] = ok (8) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'caemmerer@ash-berlin.eu' (8) perl: $RAD_REQUEST{'User-Password'} = &request:User-Password -> '' (8) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (8) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (8) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (8) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (8) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> 'b88687a27e96' (8) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (8) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (8) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Jan 1 1970 01:00:00 CET' (8) perl: $RAD_REQUEST{'FreeRADIUS-Proxied-To'} = &request:FreeRADIUS-Proxied-To -> '127.0.0.1' (8) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (8) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (8) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'caemmerer@ash-berlin.eu' (8) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (8) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (8) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> 'b88687a27e96' (8) perl: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Jan 1 1970 01:00:00 CET' (8) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (8) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (8) perl: &request:User-Password = $RAD_REQUEST{'User-Password'} -> '' (8) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (8) perl: &request:FreeRADIUS-Proxied-To = $RAD_REQUEST{'FreeRADIUS-Proxied-To'} -> '127.0.0.1' (8) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (8) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (8) [perl] = ok (8) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (8) pap: WARNING: Authentication will fail unless a "known good" password is available (8) [pap] = noop (8) [mschap] = noop (8) eap: No EAP-Message, not doing EAP (8) [eap] = noop (8) } # authorize = ok (8) Found Auth-Type = Perl (8) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam-inner-tunnel (8) Auth-Type Perl { (8) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'caemmerer@ash-berlin.eu' (8) perl: $RAD_REQUEST{'User-Password'} = &request:User-Password -> '' (8) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (8) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (8) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (8) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (8) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> 'b88687a27e96' (8) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (8) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (8) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Jan 1 1970 01:00:00 CET' (8) perl: $RAD_REQUEST{'FreeRADIUS-Proxied-To'} = &request:FreeRADIUS-Proxied-To -> '127.0.0.1' (8) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (8) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' rlm_perl: login via password for caemmerer (8) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'caemmerer@ash-berlin.eu' (8) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (8) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (8) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> 'b88687a27e96' (8) perl: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Jan 1 1970 01:00:00 CET' (8) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (8) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (8) perl: &request:User-Password = $RAD_REQUEST{'User-Password'} -> '' (8) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (8) perl: &request:FreeRADIUS-Proxied-To = $RAD_REQUEST{'FreeRADIUS-Proxied-To'} -> '127.0.0.1' (8) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (8) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (8) [perl] = ok (8) } # Auth-Type Perl = ok (8) # Executing section post-auth from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam-inner-tunnel (8) post-auth { (8) if (!request:Calling-Station-Id ) { (8) if (!request:Calling-Station-Id ) -> FALSE (8) reply_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d (8) reply_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/reply-detail-20161025 (8) reply_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/reply-detail-20161025 (8) reply_log: EXPAND %t (8) reply_log: --> Tue Oct 25 14:18:43 2016 (8) [reply_log] = ok (8) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'caemmerer@ash-berlin.eu' (8) perl: $RAD_REQUEST{'User-Password'} = &request:User-Password -> '' (8) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (8) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (8) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (8) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (8) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> 'b88687a27e96' (8) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (8) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (8) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Jan 1 1970 01:00:00 CET' (8) perl: $RAD_REQUEST{'FreeRADIUS-Proxied-To'} = &request:FreeRADIUS-Proxied-To -> '127.0.0.1' (8) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (8) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (8) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'caemmerer@ash-berlin.eu' (8) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (8) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (8) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> 'b88687a27e96' (8) perl: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Jan 1 1970 01:00:00 CET' (8) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (8) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (8) perl: &request:User-Password = $RAD_REQUEST{'User-Password'} -> '' (8) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (8) perl: &request:FreeRADIUS-Proxied-To = $RAD_REQUEST{'FreeRADIUS-Proxied-To'} -> '127.0.0.1' (8) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (8) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (8) [perl] = ok (8) } # post-auth = ok (8) } # server eduroam-inner-tunnel (8) Virtual server sending reply (8) eap_ttls: Got tunneled Access-Accept (8) eap_ttls: caching Stripped-User-Name = "anonymous" (8) eap_ttls: Failed to find 'persist_dir' in TLS configuration. Session will not be cached on disk. (8) eap: Sending EAP Success (code 3) ID 8 length 4 (8) eap: Freeing handler (8) [eap] = ok (8) } # authenticate = ok (8) Sent Access-Accept Id 0 from 172.16.1.50:18200 to 172.16.1.18:1075 length 0 (8) MS-MPPE-Recv-Key = 0x063affc9e62fbb6ea473d60e073f916ffa2af71dd6d18ac82ff13b9d4023300b (8) MS-MPPE-Send-Key = 0x243b81f88271e19c8077b7d96b65a112c56ab3bbb7c5de10148bb0541442f674 (8) EAP-Message = 0x03080004 (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) User-Name = "anonymous@ash-berlin.eu" (8) Finished request Waking up in 7.8 seconds. (0) Cleaning up request packet ID 0 with timestamp +12 (1) Cleaning up request packet ID 0 with timestamp +12 (2) Cleaning up request packet ID 0 with timestamp +12 (3) Cleaning up request packet ID 0 with timestamp +12 (4) Cleaning up request packet ID 0 with timestamp +12 (5) Cleaning up request packet ID 0 with timestamp +12 (6) Cleaning up request packet ID 0 with timestamp +12 (7) Cleaning up request packet ID 0 with timestamp +12 (8) Cleaning up request packet ID 0 with timestamp +12 Ready to process requests ^C xlan:/etc/freeradius.testing-3.0.12# exit Script done on Di 25 Okt 2016 14:19:18 CEST