Script started on Di 25 Okt 2016 14:19:23 CEST xlan:/etc/freeradius.testing-3.0.12# /usr/local/radius-3.0.12/sbin/radiusd -X -d /etc/freeradius.testing-3.0.12/ FreeRADIUS Version 3.0.12 Copyright (C) 1999-2016 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/local/radius-3.0.12/share/freeradius/dictionary including dictionary file /usr/local/radius-3.0.12/share/freeradius/dictionary.dhcp including dictionary file /usr/local/radius-3.0.12/share/freeradius/dictionary.vqp including dictionary file /etc/freeradius.testing-3.0.12//dictionary including configuration file /etc/freeradius.testing-3.0.12//radiusd.conf including configuration file /etc/freeradius.testing-3.0.12//proxy.conf including configuration file /etc/freeradius.testing-3.0.12//clients.conf including files in directory /etc/freeradius.testing-3.0.12//mods-enabled/ including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/perl including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/attr_filter including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/pap including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/logintime including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/replicate including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/ntlm_auth including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/radutmp including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/files including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/realm including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/unix including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/eap including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/detail.log including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/sradutmp including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/mschap including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/exec including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/date including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/detail including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/cache_eap including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/always including configuration file /etc/freeradius.testing-3.0.12//mods-enabled/preprocess including files in directory /etc/freeradius.testing-3.0.12//policy.d/ including configuration file /etc/freeradius.testing-3.0.12//policy.d/debug including configuration file /etc/freeradius.testing-3.0.12//policy.d/cui including configuration file /etc/freeradius.testing-3.0.12//policy.d/accounting including configuration file /etc/freeradius.testing-3.0.12//policy.d/operator-name including configuration file /etc/freeradius.testing-3.0.12//policy.d/dhcp including configuration file /etc/freeradius.testing-3.0.12//policy.d/eap including configuration file /etc/freeradius.testing-3.0.12//policy.d/control including configuration file /etc/freeradius.testing-3.0.12//policy.d/moonshot-targeted-ids including configuration file /etc/freeradius.testing-3.0.12//policy.d/abfab-tr including configuration file /etc/freeradius.testing-3.0.12//policy.d/canonicalization including configuration file /etc/freeradius.testing-3.0.12//policy.d/filter including files in directory /etc/freeradius.testing-3.0.12//sites-enabled/ including configuration file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam-inner-tunnel including configuration file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam main { security { allow_core_dumps = no } name = "radiusd" prefix = "/usr/local/radius-3.0.12" localstatedir = "/usr/local/radius-3.0.12/var" logdir = "/usr/local/radius-3.0.12/var/log/radius" run_dir = "/usr/local/radius-3.0.12/var/run/radiusd" } main { name = "radiusd" prefix = "/usr/local/radius-3.0.12" localstatedir = "/usr/local/radius-3.0.12/var" sbindir = "/usr/local/radius-3.0.12/sbin" logdir = "/usr/local/radius-3.0.12/var/log/radius" run_dir = "/usr/local/radius-3.0.12/var/run/radiusd" libdir = "/usr/local/radius-3.0.12/lib" radacctdir = "/usr/local/radius-3.0.12/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 8 max_requests = 16384 pidfile = "/usr/local/radius-3.0.12/var/run/radiusd/radiusd.pid" checkrad = "/usr/local/radius-3.0.12/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = yes auth_goodpass = yes colourise = yes msg_denied = "You are already logged in - access denied" } resources { } security { max_attributes = 200 reject_delay = 1.000000 status_server = yes allow_vulnerable_openssl = "CVE-2016-6304" } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1820 type = "auth" secret = <<< secret >>> response_window = 20.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 120 limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } realm LOCAL { } realm NULL { authhost = 127.0.0.1:1812 accthost = 127.0.0.1:1813 secret = <<< secret >>> } realm ash-berlin.eu { } home_server_pool my_auth_failover { type = fail-over home_server = localhost } radiusd: #### Loading Clients #### client local { ipaddr = 192.168.11.50 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 192.168.11.246 { ipaddr = 192.168.11.246 require_message_authenticator = no secret = <<< secret >>> shortname = "sony" virtual_server = "eduroam" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 172.16.1.18 { ipaddr = 172.16.1.18 require_message_authenticator = no secret = <<< secret >>> shortname = "dd-wrt" virtual_server = "eduroam" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = <<< secret >>> shortname = "localhost" virtual_server = "eduroam" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 172.16.1.30 { ipaddr = 172.16.1.30 require_message_authenticator = no secret = <<< secret >>> shortname = "CISCO" virtual_server = "eduroam" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Debugger not attached # Creating Auth-Type = eap # Creating Auth-Type = PAP # Creating Auth-Type = MS-CHAP # Creating Auth-Type = Perl radiusd: #### Instantiating modules #### modules { # Loaded module rlm_perl # Loading module "perl" from file /etc/freeradius.testing-3.0.12//mods-enabled/perl perl { filename = "/etc/freeradius.testing-3.0.12//auth.pl" func_authorize = "authorize" func_authenticate = "authenticate" func_post_auth = "post_auth" func_accounting = "accounting" func_preacct = "preacct" func_checksimul = "checksimul" func_detach = "detach" func_xlat = "xlat" func_pre_proxy = "pre_proxy" func_post_proxy = "post_proxy" func_recv_coa = "recv_coa" func_send_coa = "send_coa" } # Loaded module rlm_attr_filter # Loading module "attr_filter.post-proxy" from file /etc/freeradius.testing-3.0.12//mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/etc/freeradius.testing-3.0.12//mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.pre-proxy" from file /etc/freeradius.testing-3.0.12//mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/etc/freeradius.testing-3.0.12//mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.access_reject" from file /etc/freeradius.testing-3.0.12//mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/etc/freeradius.testing-3.0.12//mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.access_challenge" from file /etc/freeradius.testing-3.0.12//mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/etc/freeradius.testing-3.0.12//mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.accounting_response" from file /etc/freeradius.testing-3.0.12//mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/etc/freeradius.testing-3.0.12//mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } # Loaded module rlm_pap # Loading module "pap" from file /etc/freeradius.testing-3.0.12//mods-enabled/pap pap { normalise = yes } # Loaded module rlm_logintime # Loading module "logintime" from file /etc/freeradius.testing-3.0.12//mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_replicate # Loading module "replicate" from file /etc/freeradius.testing-3.0.12//mods-enabled/replicate # Loaded module rlm_exec # Loading module "ntlm_auth" from file /etc/freeradius.testing-3.0.12//mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_radutmp # Loading module "radutmp" from file /etc/freeradius.testing-3.0.12//mods-enabled/radutmp radutmp { filename = "/usr/local/radius-3.0.12/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Loaded module rlm_files # Loading module "files" from file /etc/freeradius.testing-3.0.12//mods-enabled/files files { filename = "/etc/freeradius.testing-3.0.12//mods-config/files/authorize" acctusersfile = "/etc/freeradius.testing-3.0.12//mods-config/files/accounting" preproxy_usersfile = "/etc/freeradius.testing-3.0.12//mods-config/files/pre-proxy" } # Loaded module rlm_realm # Loading module "ash-berlin.eu" from file /etc/freeradius.testing-3.0.12//mods-enabled/realm realm ash-berlin.eu { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Loading module "suffix" from file /etc/freeradius.testing-3.0.12//mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Loading module "realmpercent" from file /etc/freeradius.testing-3.0.12//mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Loading module "ntdomain" from file /etc/freeradius.testing-3.0.12//mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\\" ignore_default = no ignore_null = no } # Loaded module rlm_unix # Loading module "unix" from file /etc/freeradius.testing-3.0.12//mods-enabled/unix unix { radwtmp = "/usr/local/radius-3.0.12/var/log/radius/radwtmp" } Creating attribute Unix-Group # Loaded module rlm_eap # Loading module "eap" from file /etc/freeradius.testing-3.0.12//mods-enabled/eap eap { default_eap_type = "ttls" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 16384 } # Loaded module rlm_detail # Loading module "auth_log" from file /etc/freeradius.testing-3.0.12//mods-enabled/detail.log detail auth_log { filename = "/usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "reply_log" from file /etc/freeradius.testing-3.0.12//mods-enabled/detail.log detail reply_log { filename = "/usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "pre_proxy_log" from file /etc/freeradius.testing-3.0.12//mods-enabled/detail.log detail pre_proxy_log { filename = "/usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "post_proxy_log" from file /etc/freeradius.testing-3.0.12//mods-enabled/detail.log detail post_proxy_log { filename = "/usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "sradutmp" from file /etc/freeradius.testing-3.0.12//mods-enabled/sradutmp radutmp sradutmp { filename = "/usr/local/radius-3.0.12/var/log/radius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Loaded module rlm_mschap # Loading module "mschap" from file /etc/freeradius.testing-3.0.12//mods-enabled/mschap mschap { use_mppe = yes require_encryption = yes require_strong = yes with_ntdomain_hack = yes passchange { } allow_retry = yes } # Loading module "exec" from file /etc/freeradius.testing-3.0.12//mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loaded module rlm_date # Loading module "date" from file /etc/freeradius.testing-3.0.12//mods-enabled/date date { format = "%b %e %Y %H:%M:%S %Z" } # Loading module "detail" from file /etc/freeradius.testing-3.0.12//mods-enabled/detail detail { filename = "/usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loaded module rlm_cache # Loading module "cache_eap" from file /etc/freeradius.testing-3.0.12//mods-enabled/cache_eap cache cache_eap { driver = "rlm_cache_rbtree" key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 0 epoch = 0 add_stats = no } # Loaded module rlm_always # Loading module "reject" from file /etc/freeradius.testing-3.0.12//mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Loading module "fail" from file /etc/freeradius.testing-3.0.12//mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Loading module "ok" from file /etc/freeradius.testing-3.0.12//mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Loading module "handled" from file /etc/freeradius.testing-3.0.12//mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Loading module "invalid" from file /etc/freeradius.testing-3.0.12//mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Loading module "userlock" from file /etc/freeradius.testing-3.0.12//mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Loading module "notfound" from file /etc/freeradius.testing-3.0.12//mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Loading module "noop" from file /etc/freeradius.testing-3.0.12//mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Loading module "updated" from file /etc/freeradius.testing-3.0.12//mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Loaded module rlm_preprocess # Loading module "preprocess" from file /etc/freeradius.testing-3.0.12//mods-enabled/preprocess preprocess { huntgroups = "/etc/freeradius.testing-3.0.12//mods-config/preprocess/huntgroups" hints = "/etc/freeradius.testing-3.0.12//mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } instantiate { } # Instantiating module "perl" from file /etc/freeradius.testing-3.0.12//mods-enabled/perl "my" variable $index_path masks earlier declaration in same scope at /etc/freeradius.testing-3.0.12//auth.pl line 254. # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius.testing-3.0.12//mods-enabled/attr_filter reading pairlist file /etc/freeradius.testing-3.0.12//mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius.testing-3.0.12//mods-enabled/attr_filter reading pairlist file /etc/freeradius.testing-3.0.12//mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /etc/freeradius.testing-3.0.12//mods-enabled/attr_filter reading pairlist file /etc/freeradius.testing-3.0.12//mods-config/attr_filter/access_reject [/etc/freeradius.testing-3.0.12//mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT". [/etc/freeradius.testing-3.0.12//mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT". # Instantiating module "attr_filter.access_challenge" from file /etc/freeradius.testing-3.0.12//mods-enabled/attr_filter reading pairlist file /etc/freeradius.testing-3.0.12//mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /etc/freeradius.testing-3.0.12//mods-enabled/attr_filter reading pairlist file /etc/freeradius.testing-3.0.12//mods-config/attr_filter/accounting_response # Instantiating module "pap" from file /etc/freeradius.testing-3.0.12//mods-enabled/pap # Instantiating module "logintime" from file /etc/freeradius.testing-3.0.12//mods-enabled/logintime # Instantiating module "files" from file /etc/freeradius.testing-3.0.12//mods-enabled/files reading pairlist file /etc/freeradius.testing-3.0.12//mods-config/files/authorize reading pairlist file /etc/freeradius.testing-3.0.12//mods-config/files/accounting reading pairlist file /etc/freeradius.testing-3.0.12//mods-config/files/pre-proxy # Instantiating module "ash-berlin.eu" from file /etc/freeradius.testing-3.0.12//mods-enabled/realm # Instantiating module "suffix" from file /etc/freeradius.testing-3.0.12//mods-enabled/realm # Instantiating module "realmpercent" from file /etc/freeradius.testing-3.0.12//mods-enabled/realm # Instantiating module "ntdomain" from file /etc/freeradius.testing-3.0.12//mods-enabled/realm # Instantiating module "eap" from file /etc/freeradius.testing-3.0.12//mods-enabled/eap # Linked to sub-module rlm_eap_md5 # Linked to sub-module rlm_eap_leap # Linked to sub-module rlm_eap_gtc gtc { challenge = "Password: " auth_type = "PAP" } # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { verify_depth = 0 ca_path = "/etc/freeradius.testing-3.0.12//certs" pem_file_type = yes private_key_file = "/etc/freeradius.testing-3.0.12//certs/server.key" certificate_file = "/etc/freeradius.testing-3.0.12//certs/server.pem" ca_file = "/etc/freeradius.testing-3.0.12//certs/ca.pem" private_key_password = <<< secret >>> dh_file = "/etc/freeradius.testing-3.0.12//certs/dh" fragment_size = 1024 include_length = yes auto_chain = yes check_crl = no check_all_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = yes lifetime = 24 max_entries = 255 } verify { skip_if_ocsp_ok = no } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes virtual_server = "eduroam-inner-tunnel" include_length = yes require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes proxy_tunneled_request_as_eap = yes virtual_server = "eduroam-inner-tunnel" soh = no require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Instantiating module "auth_log" from file /etc/freeradius.testing-3.0.12//mods-enabled/detail.log rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /etc/freeradius.testing-3.0.12//mods-enabled/detail.log # Instantiating module "pre_proxy_log" from file /etc/freeradius.testing-3.0.12//mods-enabled/detail.log # Instantiating module "post_proxy_log" from file /etc/freeradius.testing-3.0.12//mods-enabled/detail.log # Instantiating module "mschap" from file /etc/freeradius.testing-3.0.12//mods-enabled/mschap rlm_mschap (mschap): using internal authentication # Instantiating module "detail" from file /etc/freeradius.testing-3.0.12//mods-enabled/detail # Instantiating module "cache_eap" from file /etc/freeradius.testing-3.0.12//mods-enabled/cache_eap rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked # Instantiating module "reject" from file /etc/freeradius.testing-3.0.12//mods-enabled/always # Instantiating module "fail" from file /etc/freeradius.testing-3.0.12//mods-enabled/always # Instantiating module "ok" from file /etc/freeradius.testing-3.0.12//mods-enabled/always # Instantiating module "handled" from file /etc/freeradius.testing-3.0.12//mods-enabled/always # Instantiating module "invalid" from file /etc/freeradius.testing-3.0.12//mods-enabled/always # Instantiating module "userlock" from file /etc/freeradius.testing-3.0.12//mods-enabled/always # Instantiating module "notfound" from file /etc/freeradius.testing-3.0.12//mods-enabled/always # Instantiating module "noop" from file /etc/freeradius.testing-3.0.12//mods-enabled/always # Instantiating module "updated" from file /etc/freeradius.testing-3.0.12//mods-enabled/always # Instantiating module "preprocess" from file /etc/freeradius.testing-3.0.12//mods-enabled/preprocess reading pairlist file /etc/freeradius.testing-3.0.12//mods-config/preprocess/huntgroups reading pairlist file /etc/freeradius.testing-3.0.12//mods-config/preprocess/hints } # modules radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius.testing-3.0.12//radiusd.conf } # server server eduroam-inner-tunnel { # from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam-inner-tunnel # Loading authenticate {...} # Loading authorize {...} # Loading accounting {...} # Loading post-proxy {...} # Loading post-auth {...} } # server eduroam-inner-tunnel server eduroam { # from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam # Loading authenticate {...} # Loading authorize {...} # Loading preacct {...} # Loading accounting {...} # Loading pre-proxy {...} # Loading post-proxy {...} } # server eduroam /etc/freeradius.testing-3.0.12//sites-enabled/eduroam[6]: Please change "%{control:Proxy-To-Realm}" to &control:Proxy-To-Realm /etc/freeradius.testing-3.0.12//sites-enabled/eduroam[34]: Please change "%{control:Proxy-To-Realm}" to &control:Proxy-To-Realm radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 18200 } listen { type = "acct" ipaddr = * port = 18210 } Listening on auth address * port 18200 Listening on acct address * port 18210 Listening on proxy address * port 54517 Ready to process requests (0) Received Access-Request Id 1 from 172.16.1.18:1088 to 172.16.1.50:18200 length 159 (0) User-Name = "caemmerer@ash-berlin.eu" (0) NAS-IP-Address = 172.16.1.18 (0) Called-Station-Id = "0018f8eebabf" (0) Calling-Station-Id = "5c969d10d14b" (0) NAS-Identifier = "0018f8eebabf" (0) NAS-Port = 10 (0) Framed-MTU = 1400 (0) NAS-Port-Type = Wireless-802.11 (0) EAP-Message = 0x0200001c016361656d6d65726572406173682d6265726c696e2e6575 (0) Message-Authenticator = 0x5f31d6ff52cfccdf18ced98eba32a5b7 (0) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (0) authorize { (0) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (0) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (0) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (0) auth_log: EXPAND %t (0) auth_log: --> Tue Oct 25 14:20:56 2016 (0) [auth_log] = ok (0) suffix: Checking for suffix after "@" (0) suffix: Looking up realm "ash-berlin.eu" for User-Name = "caemmerer@ash-berlin.eu" (0) suffix: Found realm "ash-berlin.eu" (0) suffix: Adding Stripped-User-Name = "caemmerer" (0) suffix: Adding Realm = "ash-berlin.eu" (0) suffix: Authentication realm is LOCAL (0) [suffix] = ok (0) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (0) ERROR: Failed retrieving values required to evaluate condition (0) [preprocess] = ok (0) files: users: Matched entry DEFAULT at line 221 (0) [files] = ok (0) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'caemmerer@ash-berlin.eu' (0) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (0) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (0) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (0) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (0) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '5c969d10d14b' (0) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (0) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (0) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:20:56 CEST' (0) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x0200001c016361656d6d65726572406173682d6265726c696e2e6575' (0) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0x5f31d6ff52cfccdf18ced98eba32a5b7' (0) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'caemmerer' (0) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (0) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (0) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (0) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (0) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (0) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (0) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (0) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x0200001c016361656d6d65726572406173682d6265726c696e2e6575' (0) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'caemmerer@ash-berlin.eu' (0) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (0) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (0) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'caemmerer' (0) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (0) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (0) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '5c969d10d14b' (0) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (0) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0x5f31d6ff52cfccdf18ced98eba32a5b7' (0) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:20:56 CEST' (0) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (0) [perl] = ok (0) eap: Peer sent EAP Response (code 2) ID 0 length 28 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (0) pap: WARNING: Authentication will fail unless a "known good" password is available (0) [pap] = noop (0) [mschap] = noop (0) } # authorize = ok (0) Found Auth-Type = Perl (0) Found Auth-Type = eap (0) ERROR: Warning: Found 2 auth-types on request for user 'caemmerer@ash-berlin.eu' (0) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (0) authenticate { (0) eap: Peer sent packet with method EAP Identity (1) (0) eap: Calling submodule eap_ttls to process data (0) eap_ttls: Initiating new EAP-TLS session (0) eap_ttls: Flushing SSL sessions (of #0) (0) eap_ttls: [eaptls start] = request (0) eap: Sending EAP Request (code 1) ID 1 length 6 (0) eap: EAP session adding &reply:State = 0xd7f19134d7f084a3 (0) [eap] = handled (0) } # authenticate = handled (0) Using Post-Auth-Type Challenge (0) Post-Auth-Type sub-section not found. Ignoring. (0) Sent Access-Challenge Id 1 from 172.16.1.50:18200 to 172.16.1.18:1088 length 0 (0) EAP-Message = 0x010100061520 (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0xd7f19134d7f084a329196b284b94091c (0) Finished request Waking up in 7.9 seconds. (1) Received Access-Request Id 1 from 172.16.1.18:1090 to 172.16.1.50:18200 length 280 (1) User-Name = "caemmerer@ash-berlin.eu" (1) NAS-IP-Address = 172.16.1.18 (1) Called-Station-Id = "0018f8eebabf" (1) Calling-Station-Id = "5c969d10d14b" (1) NAS-Identifier = "0018f8eebabf" (1) NAS-Port = 10 (1) Framed-MTU = 1400 (1) State = 0xd7f19134d7f084a329196b284b94091c (1) NAS-Port-Type = Wireless-802.11 (1) EAP-Message = 0x020100831580000000791603010074010000700301580f4e28c93b9fcd5bd5b56dfa2e3e6a7517cbae84945d58854cd6a9c75d702600002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000ac007c011000500040100001f000a00080006001700180019000b0002010000 (1) Message-Authenticator = 0xfe5ea67fea46830506fe5670eb42d62c (1) session-state: No cached attributes (1) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (1) authorize { (1) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (1) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (1) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (1) auth_log: EXPAND %t (1) auth_log: --> Tue Oct 25 14:20:56 2016 (1) [auth_log] = ok (1) suffix: Checking for suffix after "@" (1) suffix: Looking up realm "ash-berlin.eu" for User-Name = "caemmerer@ash-berlin.eu" (1) suffix: Found realm "ash-berlin.eu" (1) suffix: Adding Stripped-User-Name = "caemmerer" (1) suffix: Adding Realm = "ash-berlin.eu" (1) suffix: Authentication realm is LOCAL (1) [suffix] = ok (1) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (1) ERROR: Failed retrieving values required to evaluate condition (1) [preprocess] = ok (1) files: users: Matched entry DEFAULT at line 221 (1) [files] = ok (1) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'caemmerer@ash-berlin.eu' (1) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (1) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (1) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (1) perl: $RAD_REQUEST{'State'} = &request:State -> '0xd7f19134d7f084a329196b284b94091c' (1) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (1) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '5c969d10d14b' (1) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (1) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (1) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:20:56 CEST' (1) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020100831580000000791603010074010000700301580f4e28c93b9fcd5bd5b56dfa2e3e6a7517cbae84945d58854cd6a9c75d702600002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000ac007c011000500040100001f000a00080006001700180019000b0002010000050005010000000000120000' (1) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0xfe5ea67fea46830506fe5670eb42d62c' (1) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'caemmerer' (1) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (1) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (1) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (1) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (1) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (1) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (1) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (1) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020100831580000000791603010074010000700301580f4e28c93b9fcd5bd5b56dfa2e3e6a7517cbae84945d58854cd6a9c75d702600002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000ac007c011000500040100001f000a00080006001700180019000b0002010000050005010000000000120000' (1) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'caemmerer@ash-berlin.eu' (1) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (1) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (1) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'caemmerer' (1) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (1) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (1) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '5c969d10d14b' (1) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (1) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0xfe5ea67fea46830506fe5670eb42d62c' (1) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:20:56 CEST' (1) perl: &request:State = $RAD_REQUEST{'State'} -> '0xd7f19134d7f084a329196b284b94091c' (1) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (1) [perl] = ok (1) eap: Peer sent EAP Response (code 2) ID 1 length 131 (1) eap: Continuing tunnel setup (1) [eap] = ok (1) [pap] = noop (1) [mschap] = noop (1) } # authorize = ok (1) Found Auth-Type = Perl (1) Found Auth-Type = eap (1) ERROR: Warning: Found 2 auth-types on request for user 'caemmerer@ash-berlin.eu' (1) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (1) authenticate { (1) eap: Expiring EAP session with state 0xd7f19134d7f084a3 (1) eap: Finished EAP session with state 0xd7f19134d7f084a3 (1) eap: Previous EAP request found for state 0xd7f19134d7f084a3, released from the list (1) eap: Peer sent packet with method EAP TTLS (21) (1) eap: Calling submodule eap_ttls to process data (1) eap_ttls: Authenticate (1) eap_ttls: Continuing EAP-TLS (1) eap_ttls: Peer indicated complete TLS record size will be 121 bytes (1) eap_ttls: Got complete TLS record (121 bytes) (1) eap_ttls: [eaptls verify] = length included (1) eap_ttls: (other): before/accept initialization (1) eap_ttls: TLS_accept: before/accept initialization (1) eap_ttls: <<< recv TLS 1.0 Handshake [length 0074], ClientHello (1) eap_ttls: TLS_accept: unknown state (1) eap_ttls: >>> send TLS 1.0 Handshake [length 0059], ServerHello (1) eap_ttls: TLS_accept: unknown state (1) eap_ttls: >>> send TLS 1.0 Handshake [length 144b], Certificate (1) eap_ttls: TLS_accept: unknown state (1) eap_ttls: >>> send TLS 1.0 Handshake [length 014b], ServerKeyExchange (1) eap_ttls: TLS_accept: unknown state (1) eap_ttls: >>> send TLS 1.0 Handshake [length 0004], ServerHelloDone (1) eap_ttls: TLS_accept: unknown state (1) eap_ttls: TLS_accept: unknown state (1) eap_ttls: TLS_accept: Need to read more data: unknown state (1) eap_ttls: TLS_accept: Need to read more data: unknown state (1) eap_ttls: In SSL Handshake Phase (1) eap_ttls: In SSL Accept mode (1) eap_ttls: [eaptls process] = handled (1) eap: Sending EAP Request (code 1) ID 2 length 1004 (1) eap: EAP session adding &reply:State = 0xd7f19134d6f384a3 (1) [eap] = handled (1) } # authenticate = handled (1) Using Post-Auth-Type Challenge (1) Post-Auth-Type sub-section not found. Ignoring. (1) Sent Access-Challenge Id 1 from 172.16.1.50:18200 to 172.16.1.18:1090 length 0 (1) EAP-Message = 0x010203ec15c00000160716030100590200005503010f2e07b3b8a0aa8a9c532f7e926c8236bc2f68b6b7f3d9254c47f8d133480c1820ca8e456ffd44694e8ee0709c37eaf8c5f588055c2db1b7d85c038f5186b9381fc01400000dff01000100000b000403000102160301144b0b00144700144400061e (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) State = 0xd7f19134d6f384a329196b284b94091c (1) Finished request Waking up in 7.9 seconds. (2) Received Access-Request Id 1 from 172.16.1.18:1092 to 172.16.1.50:18200 length 155 (2) User-Name = "caemmerer@ash-berlin.eu" (2) NAS-IP-Address = 172.16.1.18 (2) Called-Station-Id = "0018f8eebabf" (2) Calling-Station-Id = "5c969d10d14b" (2) NAS-Identifier = "0018f8eebabf" (2) NAS-Port = 10 (2) Framed-MTU = 1400 (2) State = 0xd7f19134d6f384a329196b284b94091c (2) NAS-Port-Type = Wireless-802.11 (2) EAP-Message = 0x020200061500 (2) Message-Authenticator = 0xeada51f8023b1e03f0ed0483dc0c89e6 (2) session-state: No cached attributes (2) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (2) authorize { (2) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (2) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (2) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (2) auth_log: EXPAND %t (2) auth_log: --> Tue Oct 25 14:20:56 2016 (2) [auth_log] = ok (2) suffix: Checking for suffix after "@" (2) suffix: Looking up realm "ash-berlin.eu" for User-Name = "caemmerer@ash-berlin.eu" (2) suffix: Found realm "ash-berlin.eu" (2) suffix: Adding Stripped-User-Name = "caemmerer" (2) suffix: Adding Realm = "ash-berlin.eu" (2) suffix: Authentication realm is LOCAL (2) [suffix] = ok (2) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (2) ERROR: Failed retrieving values required to evaluate condition (2) [preprocess] = ok (2) files: users: Matched entry DEFAULT at line 221 (2) [files] = ok (2) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'caemmerer@ash-berlin.eu' (2) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (2) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (2) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (2) perl: $RAD_REQUEST{'State'} = &request:State -> '0xd7f19134d6f384a329196b284b94091c' (2) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (2) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '5c969d10d14b' (2) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (2) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (2) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:20:56 CEST' (2) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020200061500' (2) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0xeada51f8023b1e03f0ed0483dc0c89e6' (2) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'caemmerer' (2) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (2) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (2) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (2) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (2) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (2) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (2) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (2) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020200061500' (2) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'caemmerer@ash-berlin.eu' (2) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (2) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (2) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'caemmerer' (2) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (2) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (2) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '5c969d10d14b' (2) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (2) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0xeada51f8023b1e03f0ed0483dc0c89e6' (2) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:20:56 CEST' (2) perl: &request:State = $RAD_REQUEST{'State'} -> '0xd7f19134d6f384a329196b284b94091c' (2) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (2) [perl] = ok (2) eap: Peer sent EAP Response (code 2) ID 2 length 6 (2) eap: Continuing tunnel setup (2) [eap] = ok (2) [pap] = noop (2) [mschap] = noop (2) } # authorize = ok (2) Found Auth-Type = Perl (2) Found Auth-Type = eap (2) ERROR: Warning: Found 2 auth-types on request for user 'caemmerer@ash-berlin.eu' (2) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (2) authenticate { (2) eap: Expiring EAP session with state 0xd7f19134d6f384a3 (2) eap: Finished EAP session with state 0xd7f19134d6f384a3 (2) eap: Previous EAP request found for state 0xd7f19134d6f384a3, released from the list (2) eap: Peer sent packet with method EAP TTLS (21) (2) eap: Calling submodule eap_ttls to process data (2) eap_ttls: Authenticate (2) eap_ttls: Continuing EAP-TLS (2) eap_ttls: Peer ACKed our handshake fragment (2) eap_ttls: [eaptls verify] = request (2) eap_ttls: [eaptls process] = handled (2) eap: Sending EAP Request (code 1) ID 3 length 1004 (2) eap: EAP session adding &reply:State = 0xd7f19134d5f284a3 (2) [eap] = handled (2) } # authenticate = handled (2) Using Post-Auth-Type Challenge (2) Post-Auth-Type sub-section not found. Ignoring. (2) Sent Access-Challenge Id 1 from 172.16.1.50:18200 to 172.16.1.18:1092 length 0 (2) EAP-Message = 0x010303ec15c0000016076e2e64652f6173682d6265726c696e2d63612f7075622f63726c2f636163726c2e63726c303ca03aa0388636687474703a2f2f636470322e7063612e64666e2e64652f6173682d6265726c696e2d63612f7075622f63726c2f636163726c2e63726c3081d506082b0601050507 (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0xd7f19134d5f284a329196b284b94091c (2) Finished request Waking up in 7.9 seconds. (3) Received Access-Request Id 1 from 172.16.1.18:1094 to 172.16.1.50:18200 length 155 (3) User-Name = "caemmerer@ash-berlin.eu" (3) NAS-IP-Address = 172.16.1.18 (3) Called-Station-Id = "0018f8eebabf" (3) Calling-Station-Id = "5c969d10d14b" (3) NAS-Identifier = "0018f8eebabf" (3) NAS-Port = 10 (3) Framed-MTU = 1400 (3) State = 0xd7f19134d5f284a329196b284b94091c (3) NAS-Port-Type = Wireless-802.11 (3) EAP-Message = 0x020300061500 (3) Message-Authenticator = 0x4a6a99807fc0e68892763ba531d8f267 (3) session-state: No cached attributes (3) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (3) authorize { (3) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (3) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (3) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (3) auth_log: EXPAND %t (3) auth_log: --> Tue Oct 25 14:20:56 2016 (3) [auth_log] = ok (3) suffix: Checking for suffix after "@" (3) suffix: Looking up realm "ash-berlin.eu" for User-Name = "caemmerer@ash-berlin.eu" (3) suffix: Found realm "ash-berlin.eu" (3) suffix: Adding Stripped-User-Name = "caemmerer" (3) suffix: Adding Realm = "ash-berlin.eu" (3) suffix: Authentication realm is LOCAL (3) [suffix] = ok (3) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (3) ERROR: Failed retrieving values required to evaluate condition (3) [preprocess] = ok (3) files: users: Matched entry DEFAULT at line 221 (3) [files] = ok (3) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'caemmerer@ash-berlin.eu' (3) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (3) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (3) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (3) perl: $RAD_REQUEST{'State'} = &request:State -> '0xd7f19134d5f284a329196b284b94091c' (3) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (3) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '5c969d10d14b' (3) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (3) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (3) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:20:56 CEST' (3) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020300061500' (3) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0x4a6a99807fc0e68892763ba531d8f267' (3) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'caemmerer' (3) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (3) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (3) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (3) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (3) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (3) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (3) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (3) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020300061500' (3) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'caemmerer@ash-berlin.eu' (3) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (3) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (3) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'caemmerer' (3) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (3) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (3) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '5c969d10d14b' (3) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (3) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0x4a6a99807fc0e68892763ba531d8f267' (3) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:20:56 CEST' (3) perl: &request:State = $RAD_REQUEST{'State'} -> '0xd7f19134d5f284a329196b284b94091c' (3) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (3) [perl] = ok (3) eap: Peer sent EAP Response (code 2) ID 3 length 6 (3) eap: Continuing tunnel setup (3) [eap] = ok (3) [pap] = noop (3) [mschap] = noop (3) } # authorize = ok (3) Found Auth-Type = Perl (3) Found Auth-Type = eap (3) ERROR: Warning: Found 2 auth-types on request for user 'caemmerer@ash-berlin.eu' (3) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (3) authenticate { (3) eap: Expiring EAP session with state 0xd7f19134d5f284a3 (3) eap: Finished EAP session with state 0xd7f19134d5f284a3 (3) eap: Previous EAP request found for state 0xd7f19134d5f284a3, released from the list (3) eap: Peer sent packet with method EAP TTLS (21) (3) eap: Calling submodule eap_ttls to process data (3) eap_ttls: Authenticate (3) eap_ttls: Continuing EAP-TLS (3) eap_ttls: Peer ACKed our handshake fragment (3) eap_ttls: [eaptls verify] = request (3) eap_ttls: [eaptls process] = handled (3) eap: Sending EAP Request (code 1) ID 4 length 1004 (3) eap: EAP session adding &reply:State = 0xd7f19134d4f584a3 (3) [eap] = handled (3) } # authenticate = handled (3) Using Post-Auth-Type Challenge (3) Post-Auth-Type sub-section not found. Ignoring. (3) Sent Access-Challenge Id 1 from 172.16.1.50:18200 to 172.16.1.18:1094 length 0 (3) EAP-Message = 0x010403ec15c00000160701090116106361406173682d6265726c696e2e657530820122300d06092a864886f70d01010105000382010f003082010a0282010100ad53771db4be88e9d154d793618b2b021a5f5566e84910b2e07600cf25e19c417a2d3bb78d31093aa77586abfc36eed19e340e25e5fe11 (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) State = 0xd7f19134d4f584a329196b284b94091c (3) Finished request Waking up in 7.9 seconds. (4) Received Access-Request Id 1 from 172.16.1.18:1096 to 172.16.1.50:18200 length 155 (4) User-Name = "caemmerer@ash-berlin.eu" (4) NAS-IP-Address = 172.16.1.18 (4) Called-Station-Id = "0018f8eebabf" (4) Calling-Station-Id = "5c969d10d14b" (4) NAS-Identifier = "0018f8eebabf" (4) NAS-Port = 10 (4) Framed-MTU = 1400 (4) State = 0xd7f19134d4f584a329196b284b94091c (4) NAS-Port-Type = Wireless-802.11 (4) EAP-Message = 0x020400061500 (4) Message-Authenticator = 0x036fd7e556384cf71f0a54cd44027d1c (4) session-state: No cached attributes (4) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (4) authorize { (4) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (4) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (4) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (4) auth_log: EXPAND %t (4) auth_log: --> Tue Oct 25 14:20:56 2016 (4) [auth_log] = ok (4) suffix: Checking for suffix after "@" (4) suffix: Looking up realm "ash-berlin.eu" for User-Name = "caemmerer@ash-berlin.eu" (4) suffix: Found realm "ash-berlin.eu" (4) suffix: Adding Stripped-User-Name = "caemmerer" (4) suffix: Adding Realm = "ash-berlin.eu" (4) suffix: Authentication realm is LOCAL (4) [suffix] = ok (4) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (4) ERROR: Failed retrieving values required to evaluate condition (4) [preprocess] = ok (4) files: users: Matched entry DEFAULT at line 221 (4) [files] = ok (4) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'caemmerer@ash-berlin.eu' (4) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (4) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (4) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (4) perl: $RAD_REQUEST{'State'} = &request:State -> '0xd7f19134d4f584a329196b284b94091c' (4) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (4) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '5c969d10d14b' (4) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (4) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (4) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:20:56 CEST' (4) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020400061500' (4) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0x036fd7e556384cf71f0a54cd44027d1c' (4) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'caemmerer' (4) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (4) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (4) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (4) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (4) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (4) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (4) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (4) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020400061500' (4) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'caemmerer@ash-berlin.eu' (4) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (4) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (4) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'caemmerer' (4) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (4) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (4) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '5c969d10d14b' (4) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (4) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0x036fd7e556384cf71f0a54cd44027d1c' (4) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:20:56 CEST' (4) perl: &request:State = $RAD_REQUEST{'State'} -> '0xd7f19134d4f584a329196b284b94091c' (4) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (4) [perl] = ok (4) eap: Peer sent EAP Response (code 2) ID 4 length 6 (4) eap: Continuing tunnel setup (4) [eap] = ok (4) [pap] = noop (4) [mschap] = noop (4) } # authorize = ok (4) Found Auth-Type = Perl (4) Found Auth-Type = eap (4) ERROR: Warning: Found 2 auth-types on request for user 'caemmerer@ash-berlin.eu' (4) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (4) authenticate { (4) eap: Expiring EAP session with state 0xd7f19134d4f584a3 (4) eap: Finished EAP session with state 0xd7f19134d4f584a3 (4) eap: Previous EAP request found for state 0xd7f19134d4f584a3, released from the list (4) eap: Peer sent packet with method EAP TTLS (21) (4) eap: Calling submodule eap_ttls to process data (4) eap_ttls: Authenticate (4) eap_ttls: Continuing EAP-TLS (4) eap_ttls: Peer ACKed our handshake fragment (4) eap_ttls: [eaptls verify] = request (4) eap_ttls: [eaptls process] = handled (4) eap: Sending EAP Request (code 1) ID 5 length 1004 (4) eap: EAP session adding &reply:State = 0xd7f19134d3f484a3 (4) [eap] = handled (4) } # authenticate = handled (4) Using Post-Auth-Type Challenge (4) Post-Auth-Type sub-section not found. Ignoring. (4) Sent Access-Challenge Id 1 from 172.16.1.50:18200 to 172.16.1.18:1096 length 0 (4) EAP-Message = 0x010503ec15c0000016076ec4f1382edb126aee240b8ec64dab8808b8fbc4a5ad8498f974ee1fedb0b4ec2ddb8940d2ce9182eefec98a3424e55224115096df91c024701ff1cef1b595de2f897b89866822f6b7c2ac53aca824b1031ec6e57be92b407c2ff2417c4e5fd6dfccd8c33e03fe115f8cc8502f (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0xd7f19134d3f484a329196b284b94091c (4) Finished request Waking up in 7.8 seconds. (5) Received Access-Request Id 1 from 172.16.1.18:1098 to 172.16.1.50:18200 length 155 (5) User-Name = "caemmerer@ash-berlin.eu" (5) NAS-IP-Address = 172.16.1.18 (5) Called-Station-Id = "0018f8eebabf" (5) Calling-Station-Id = "5c969d10d14b" (5) NAS-Identifier = "0018f8eebabf" (5) NAS-Port = 10 (5) Framed-MTU = 1400 (5) State = 0xd7f19134d3f484a329196b284b94091c (5) NAS-Port-Type = Wireless-802.11 (5) EAP-Message = 0x020500061500 (5) Message-Authenticator = 0x8166f312003e5b234e7a9de7cf8b162a (5) session-state: No cached attributes (5) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (5) authorize { (5) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (5) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (5) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (5) auth_log: EXPAND %t (5) auth_log: --> Tue Oct 25 14:20:56 2016 (5) [auth_log] = ok (5) suffix: Checking for suffix after "@" (5) suffix: Looking up realm "ash-berlin.eu" for User-Name = "caemmerer@ash-berlin.eu" (5) suffix: Found realm "ash-berlin.eu" (5) suffix: Adding Stripped-User-Name = "caemmerer" (5) suffix: Adding Realm = "ash-berlin.eu" (5) suffix: Authentication realm is LOCAL (5) [suffix] = ok (5) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (5) ERROR: Failed retrieving values required to evaluate condition (5) [preprocess] = ok (5) files: users: Matched entry DEFAULT at line 221 (5) [files] = ok (5) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'caemmerer@ash-berlin.eu' (5) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (5) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (5) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (5) perl: $RAD_REQUEST{'State'} = &request:State -> '0xd7f19134d3f484a329196b284b94091c' (5) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (5) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '5c969d10d14b' (5) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (5) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (5) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:20:56 CEST' (5) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020500061500' (5) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0x8166f312003e5b234e7a9de7cf8b162a' (5) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'caemmerer' (5) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (5) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (5) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (5) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (5) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (5) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (5) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (5) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020500061500' (5) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'caemmerer@ash-berlin.eu' (5) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (5) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (5) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'caemmerer' (5) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (5) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (5) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '5c969d10d14b' (5) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (5) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0x8166f312003e5b234e7a9de7cf8b162a' (5) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:20:56 CEST' (5) perl: &request:State = $RAD_REQUEST{'State'} -> '0xd7f19134d3f484a329196b284b94091c' (5) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (5) [perl] = ok (5) eap: Peer sent EAP Response (code 2) ID 5 length 6 (5) eap: Continuing tunnel setup (5) [eap] = ok (5) [pap] = noop (5) [mschap] = noop (5) } # authorize = ok (5) Found Auth-Type = Perl (5) Found Auth-Type = eap (5) ERROR: Warning: Found 2 auth-types on request for user 'caemmerer@ash-berlin.eu' (5) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (5) authenticate { (5) eap: Expiring EAP session with state 0xd7f19134d3f484a3 (5) eap: Finished EAP session with state 0xd7f19134d3f484a3 (5) eap: Previous EAP request found for state 0xd7f19134d3f484a3, released from the list (5) eap: Peer sent packet with method EAP TTLS (21) (5) eap: Calling submodule eap_ttls to process data (5) eap_ttls: Authenticate (5) eap_ttls: Continuing EAP-TLS (5) eap_ttls: Peer ACKed our handshake fragment (5) eap_ttls: [eaptls verify] = request (5) eap_ttls: [eaptls process] = handled (5) eap: Sending EAP Request (code 1) ID 6 length 1004 (5) eap: EAP session adding &reply:State = 0xd7f19134d2f784a3 (5) [eap] = handled (5) } # authenticate = handled (5) Using Post-Auth-Type Challenge (5) Post-Auth-Type sub-section not found. Ignoring. (5) Sent Access-Challenge Id 1 from 172.16.1.50:18200 to 172.16.1.18:1098 length 0 (5) EAP-Message = 0x010603ec15c000001607306a302c06082b060105050730018620687474703a2f2f6f637370303333362e74656c657365632e64652f6f63737072303a06082b06010505073002862e687474703a2f2f706b69303333362e74656c657365632e64652f6372742f44545f524f4f545f43415f322e63657230 (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) State = 0xd7f19134d2f784a329196b284b94091c (5) Finished request Waking up in 7.8 seconds. (6) Received Access-Request Id 1 from 172.16.1.18:1100 to 172.16.1.50:18200 length 155 (6) User-Name = "caemmerer@ash-berlin.eu" (6) NAS-IP-Address = 172.16.1.18 (6) Called-Station-Id = "0018f8eebabf" (6) Calling-Station-Id = "5c969d10d14b" (6) NAS-Identifier = "0018f8eebabf" (6) NAS-Port = 10 (6) Framed-MTU = 1400 (6) State = 0xd7f19134d2f784a329196b284b94091c (6) NAS-Port-Type = Wireless-802.11 (6) EAP-Message = 0x020600061500 (6) Message-Authenticator = 0x918e7951e542d53da28e569cd6776178 (6) session-state: No cached attributes (6) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (6) authorize { (6) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (6) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (6) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (6) auth_log: EXPAND %t (6) auth_log: --> Tue Oct 25 14:20:56 2016 (6) [auth_log] = ok (6) suffix: Checking for suffix after "@" (6) suffix: Looking up realm "ash-berlin.eu" for User-Name = "caemmerer@ash-berlin.eu" (6) suffix: Found realm "ash-berlin.eu" (6) suffix: Adding Stripped-User-Name = "caemmerer" (6) suffix: Adding Realm = "ash-berlin.eu" (6) suffix: Authentication realm is LOCAL (6) [suffix] = ok (6) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (6) ERROR: Failed retrieving values required to evaluate condition (6) [preprocess] = ok (6) files: users: Matched entry DEFAULT at line 221 (6) [files] = ok (6) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'caemmerer@ash-berlin.eu' (6) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (6) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (6) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (6) perl: $RAD_REQUEST{'State'} = &request:State -> '0xd7f19134d2f784a329196b284b94091c' (6) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (6) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '5c969d10d14b' (6) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (6) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (6) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:20:56 CEST' (6) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020600061500' (6) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0x918e7951e542d53da28e569cd6776178' (6) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'caemmerer' (6) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (6) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (6) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (6) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (6) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (6) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (6) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (6) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020600061500' (6) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'caemmerer@ash-berlin.eu' (6) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (6) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (6) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'caemmerer' (6) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (6) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (6) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '5c969d10d14b' (6) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (6) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0x918e7951e542d53da28e569cd6776178' (6) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:20:56 CEST' (6) perl: &request:State = $RAD_REQUEST{'State'} -> '0xd7f19134d2f784a329196b284b94091c' (6) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (6) [perl] = ok (6) eap: Peer sent EAP Response (code 2) ID 6 length 6 (6) eap: Continuing tunnel setup (6) [eap] = ok (6) [pap] = noop (6) [mschap] = noop (6) } # authorize = ok (6) Found Auth-Type = Perl (6) Found Auth-Type = eap (6) ERROR: Warning: Found 2 auth-types on request for user 'caemmerer@ash-berlin.eu' (6) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (6) authenticate { (6) eap: Expiring EAP session with state 0xd7f19134d2f784a3 (6) eap: Finished EAP session with state 0xd7f19134d2f784a3 (6) eap: Previous EAP request found for state 0xd7f19134d2f784a3, released from the list (6) eap: Peer sent packet with method EAP TTLS (21) (6) eap: Calling submodule eap_ttls to process data (6) eap_ttls: Authenticate (6) eap_ttls: Continuing EAP-TLS (6) eap_ttls: Peer ACKed our handshake fragment (6) eap_ttls: [eaptls verify] = request (6) eap_ttls: [eaptls process] = handled (6) eap: Sending EAP Request (code 1) ID 7 length 679 (6) eap: EAP session adding &reply:State = 0xd7f19134d1f684a3 (6) [eap] = handled (6) } # authenticate = handled (6) Using Post-Auth-Type Challenge (6) Post-Auth-Type sub-section not found. Ignoring. (6) Sent Access-Challenge Id 1 from 172.16.1.50:18200 to 172.16.1.18:1100 length 0 (6) EAP-Message = 0x010702a7158000001607f553d717e0897a2d176c0ab32b9d33300f0603551d13040830060101ff020105300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100946459ad3964e729eb13fe5ac38b1357c80424f07477c060e367fbe989a683bf96827c6ed4c33def9e (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0xd7f19134d1f684a329196b284b94091c (6) Finished request Waking up in 7.8 seconds. (0) Cleaning up request packet ID 1 with timestamp +89 (1) Cleaning up request packet ID 1 with timestamp +89 (2) Cleaning up request packet ID 1 with timestamp +89 (3) Cleaning up request packet ID 1 with timestamp +89 (4) Cleaning up request packet ID 1 with timestamp +89 (5) Cleaning up request packet ID 1 with timestamp +89 (6) Cleaning up request packet ID 1 with timestamp +89 Ready to process requests (7) Received Access-Request Id 1 from 172.16.1.18:1102 to 172.16.1.50:18200 length 159 (7) User-Name = "caemmerer@ash-berlin.eu" (7) NAS-IP-Address = 172.16.1.18 (7) Called-Station-Id = "0018f8eebabf" (7) Calling-Station-Id = "5c969d10d14b" (7) NAS-Identifier = "0018f8eebabf" (7) NAS-Port = 10 (7) Framed-MTU = 1400 (7) NAS-Port-Type = Wireless-802.11 (7) EAP-Message = 0x0200001c016361656d6d65726572406173682d6265726c696e2e6575 (7) Message-Authenticator = 0x2d957b6e456cf1dee4327025e8cfc725 (7) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (7) authorize { (7) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (7) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (7) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (7) auth_log: EXPAND %t (7) auth_log: --> Tue Oct 25 14:21:09 2016 (7) [auth_log] = ok (7) suffix: Checking for suffix after "@" (7) suffix: Looking up realm "ash-berlin.eu" for User-Name = "caemmerer@ash-berlin.eu" (7) suffix: Found realm "ash-berlin.eu" (7) suffix: Adding Stripped-User-Name = "caemmerer" (7) suffix: Adding Realm = "ash-berlin.eu" (7) suffix: Authentication realm is LOCAL (7) [suffix] = ok (7) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (7) ERROR: Failed retrieving values required to evaluate condition (7) [preprocess] = ok (7) files: users: Matched entry DEFAULT at line 221 (7) [files] = ok (7) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'caemmerer@ash-berlin.eu' (7) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (7) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (7) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (7) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (7) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '5c969d10d14b' (7) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (7) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (7) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:21:09 CEST' (7) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x0200001c016361656d6d65726572406173682d6265726c696e2e6575' (7) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0x2d957b6e456cf1dee4327025e8cfc725' (7) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'caemmerer' (7) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (7) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (7) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (7) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (7) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (7) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (7) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (7) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x0200001c016361656d6d65726572406173682d6265726c696e2e6575' (7) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'caemmerer@ash-berlin.eu' (7) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (7) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (7) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'caemmerer' (7) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (7) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (7) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '5c969d10d14b' (7) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (7) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0x2d957b6e456cf1dee4327025e8cfc725' (7) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:21:09 CEST' (7) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (7) [perl] = ok (7) eap: Peer sent EAP Response (code 2) ID 0 length 28 (7) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (7) [eap] = ok (7) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (7) pap: WARNING: Authentication will fail unless a "known good" password is available (7) [pap] = noop (7) [mschap] = noop (7) } # authorize = ok (7) Found Auth-Type = Perl (7) Found Auth-Type = eap (7) ERROR: Warning: Found 2 auth-types on request for user 'caemmerer@ash-berlin.eu' (7) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (7) authenticate { (7) eap: Peer sent packet with method EAP Identity (1) (7) eap: Calling submodule eap_ttls to process data (7) eap_ttls: Initiating new EAP-TLS session (7) eap_ttls: [eaptls start] = request (7) eap: Sending EAP Request (code 1) ID 1 length 6 (7) eap: EAP session adding &reply:State = 0xe2b2f2cde2b3e797 (7) [eap] = handled (7) } # authenticate = handled (7) Using Post-Auth-Type Challenge (7) Post-Auth-Type sub-section not found. Ignoring. (7) Sent Access-Challenge Id 1 from 172.16.1.50:18200 to 172.16.1.18:1102 length 0 (7) EAP-Message = 0x010100061520 (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0xe2b2f2cde2b3e79709e6d8acf43661e4 (7) Finished request Waking up in 7.9 seconds. (8) Received Access-Request Id 1 from 172.16.1.18:1104 to 172.16.1.50:18200 length 280 (8) User-Name = "caemmerer@ash-berlin.eu" (8) NAS-IP-Address = 172.16.1.18 (8) Called-Station-Id = "0018f8eebabf" (8) Calling-Station-Id = "5c969d10d14b" (8) NAS-Identifier = "0018f8eebabf" (8) NAS-Port = 10 (8) Framed-MTU = 1400 (8) State = 0xe2b2f2cde2b3e79709e6d8acf43661e4 (8) NAS-Port-Type = Wireless-802.11 (8) EAP-Message = 0x020100831580000000791603010074010000700301580f4e351745491546ce922fbe65420a77604a150868085d99047932bde2c15600002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000ac007c011000500040100001f000a00080006001700180019000b0002010000 (8) Message-Authenticator = 0x8f62f139ddfd8f6308dd7e0ce9215191 (8) session-state: No cached attributes (8) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (8) authorize { (8) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (8) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (8) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (8) auth_log: EXPAND %t (8) auth_log: --> Tue Oct 25 14:21:09 2016 (8) [auth_log] = ok (8) suffix: Checking for suffix after "@" (8) suffix: Looking up realm "ash-berlin.eu" for User-Name = "caemmerer@ash-berlin.eu" (8) suffix: Found realm "ash-berlin.eu" (8) suffix: Adding Stripped-User-Name = "caemmerer" (8) suffix: Adding Realm = "ash-berlin.eu" (8) suffix: Authentication realm is LOCAL (8) [suffix] = ok (8) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (8) ERROR: Failed retrieving values required to evaluate condition (8) [preprocess] = ok (8) files: users: Matched entry DEFAULT at line 221 (8) [files] = ok (8) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'caemmerer@ash-berlin.eu' (8) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (8) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (8) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (8) perl: $RAD_REQUEST{'State'} = &request:State -> '0xe2b2f2cde2b3e79709e6d8acf43661e4' (8) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (8) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '5c969d10d14b' (8) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (8) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (8) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:21:09 CEST' (8) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020100831580000000791603010074010000700301580f4e351745491546ce922fbe65420a77604a150868085d99047932bde2c15600002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000ac007c011000500040100001f000a00080006001700180019000b0002010000050005010000000000120000' (8) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0x8f62f139ddfd8f6308dd7e0ce9215191' (8) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'caemmerer' (8) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (8) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (8) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (8) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (8) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (8) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (8) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (8) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020100831580000000791603010074010000700301580f4e351745491546ce922fbe65420a77604a150868085d99047932bde2c15600002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000ac007c011000500040100001f000a00080006001700180019000b0002010000050005010000000000120000' (8) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'caemmerer@ash-berlin.eu' (8) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (8) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (8) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'caemmerer' (8) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (8) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (8) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '5c969d10d14b' (8) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (8) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0x8f62f139ddfd8f6308dd7e0ce9215191' (8) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:21:09 CEST' (8) perl: &request:State = $RAD_REQUEST{'State'} -> '0xe2b2f2cde2b3e79709e6d8acf43661e4' (8) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (8) [perl] = ok (8) eap: Peer sent EAP Response (code 2) ID 1 length 131 (8) eap: Continuing tunnel setup (8) [eap] = ok (8) [pap] = noop (8) [mschap] = noop (8) } # authorize = ok (8) Found Auth-Type = Perl (8) Found Auth-Type = eap (8) ERROR: Warning: Found 2 auth-types on request for user 'caemmerer@ash-berlin.eu' (8) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (8) authenticate { (8) eap: Expiring EAP session with state 0xd7f19134d1f684a3 (8) eap: Finished EAP session with state 0xe2b2f2cde2b3e797 (8) eap: Previous EAP request found for state 0xe2b2f2cde2b3e797, released from the list (8) eap: Peer sent packet with method EAP TTLS (21) (8) eap: Calling submodule eap_ttls to process data (8) eap_ttls: Authenticate (8) eap_ttls: Continuing EAP-TLS (8) eap_ttls: Peer indicated complete TLS record size will be 121 bytes (8) eap_ttls: Got complete TLS record (121 bytes) (8) eap_ttls: [eaptls verify] = length included (8) eap_ttls: (other): before/accept initialization (8) eap_ttls: TLS_accept: before/accept initialization (8) eap_ttls: <<< recv TLS 1.0 Handshake [length 0074], ClientHello (8) eap_ttls: TLS_accept: unknown state (8) eap_ttls: >>> send TLS 1.0 Handshake [length 0059], ServerHello (8) eap_ttls: TLS_accept: unknown state (8) eap_ttls: >>> send TLS 1.0 Handshake [length 144b], Certificate (8) eap_ttls: TLS_accept: unknown state (8) eap_ttls: >>> send TLS 1.0 Handshake [length 014b], ServerKeyExchange (8) eap_ttls: TLS_accept: unknown state (8) eap_ttls: >>> send TLS 1.0 Handshake [length 0004], ServerHelloDone (8) eap_ttls: TLS_accept: unknown state (8) eap_ttls: TLS_accept: unknown state (8) eap_ttls: TLS_accept: Need to read more data: unknown state (8) eap_ttls: TLS_accept: Need to read more data: unknown state (8) eap_ttls: In SSL Handshake Phase (8) eap_ttls: In SSL Accept mode (8) eap_ttls: [eaptls process] = handled (8) eap: Sending EAP Request (code 1) ID 2 length 1004 (8) eap: EAP session adding &reply:State = 0xe2b2f2cde3b0e797 (8) [eap] = handled (8) } # authenticate = handled (8) Using Post-Auth-Type Challenge (8) Post-Auth-Type sub-section not found. Ignoring. (8) Sent Access-Challenge Id 1 from 172.16.1.50:18200 to 172.16.1.18:1104 length 0 (8) EAP-Message = 0x010203ec15c00000160716030100590200005503012cd8cbf9501aa7eecfefdef71dfa1c865bf24167c022afe3553af96ba2ffe2ce208bf72e8956dbbdc8d2450eed412ac212af5422d5249c2554c5636fcc1fc90471c01400000dff01000100000b000403000102160301144b0b00144700144400061e (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) State = 0xe2b2f2cde3b0e79709e6d8acf43661e4 (8) Finished request Waking up in 7.9 seconds. (9) Received Access-Request Id 1 from 172.16.1.18:1106 to 172.16.1.50:18200 length 155 (9) User-Name = "caemmerer@ash-berlin.eu" (9) NAS-IP-Address = 172.16.1.18 (9) Called-Station-Id = "0018f8eebabf" (9) Calling-Station-Id = "5c969d10d14b" (9) NAS-Identifier = "0018f8eebabf" (9) NAS-Port = 10 (9) Framed-MTU = 1400 (9) State = 0xe2b2f2cde3b0e79709e6d8acf43661e4 (9) NAS-Port-Type = Wireless-802.11 (9) EAP-Message = 0x020200061500 (9) Message-Authenticator = 0x828d0e477997527ac250f9261154c4e2 (9) session-state: No cached attributes (9) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (9) authorize { (9) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (9) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (9) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (9) auth_log: EXPAND %t (9) auth_log: --> Tue Oct 25 14:21:09 2016 (9) [auth_log] = ok (9) suffix: Checking for suffix after "@" (9) suffix: Looking up realm "ash-berlin.eu" for User-Name = "caemmerer@ash-berlin.eu" (9) suffix: Found realm "ash-berlin.eu" (9) suffix: Adding Stripped-User-Name = "caemmerer" (9) suffix: Adding Realm = "ash-berlin.eu" (9) suffix: Authentication realm is LOCAL (9) [suffix] = ok (9) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (9) ERROR: Failed retrieving values required to evaluate condition (9) [preprocess] = ok (9) files: users: Matched entry DEFAULT at line 221 (9) [files] = ok (9) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'caemmerer@ash-berlin.eu' (9) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (9) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (9) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (9) perl: $RAD_REQUEST{'State'} = &request:State -> '0xe2b2f2cde3b0e79709e6d8acf43661e4' (9) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (9) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '5c969d10d14b' (9) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (9) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (9) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:21:09 CEST' (9) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020200061500' (9) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0x828d0e477997527ac250f9261154c4e2' (9) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'caemmerer' (9) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (9) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (9) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (9) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (9) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (9) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (9) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (9) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020200061500' (9) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'caemmerer@ash-berlin.eu' (9) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (9) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (9) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'caemmerer' (9) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (9) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (9) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '5c969d10d14b' (9) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (9) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0x828d0e477997527ac250f9261154c4e2' (9) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:21:09 CEST' (9) perl: &request:State = $RAD_REQUEST{'State'} -> '0xe2b2f2cde3b0e79709e6d8acf43661e4' (9) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (9) [perl] = ok (9) eap: Peer sent EAP Response (code 2) ID 2 length 6 (9) eap: Continuing tunnel setup (9) [eap] = ok (9) [pap] = noop (9) [mschap] = noop (9) } # authorize = ok (9) Found Auth-Type = Perl (9) Found Auth-Type = eap (9) ERROR: Warning: Found 2 auth-types on request for user 'caemmerer@ash-berlin.eu' (9) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (9) authenticate { (9) eap: Expiring EAP session with state 0xd7f19134d1f684a3 (9) eap: Finished EAP session with state 0xe2b2f2cde3b0e797 (9) eap: Previous EAP request found for state 0xe2b2f2cde3b0e797, released from the list (9) eap: Peer sent packet with method EAP TTLS (21) (9) eap: Calling submodule eap_ttls to process data (9) eap_ttls: Authenticate (9) eap_ttls: Continuing EAP-TLS (9) eap_ttls: Peer ACKed our handshake fragment (9) eap_ttls: [eaptls verify] = request (9) eap_ttls: [eaptls process] = handled (9) eap: Sending EAP Request (code 1) ID 3 length 1004 (9) eap: EAP session adding &reply:State = 0xe2b2f2cde0b1e797 (9) [eap] = handled (9) } # authenticate = handled (9) Using Post-Auth-Type Challenge (9) Post-Auth-Type sub-section not found. Ignoring. (9) Sent Access-Challenge Id 1 from 172.16.1.50:18200 to 172.16.1.18:1106 length 0 (9) EAP-Message = 0x010303ec15c0000016076e2e64652f6173682d6265726c696e2d63612f7075622f63726c2f636163726c2e63726c303ca03aa0388636687474703a2f2f636470322e7063612e64666e2e64652f6173682d6265726c696e2d63612f7075622f63726c2f636163726c2e63726c3081d506082b0601050507 (9) Message-Authenticator = 0x00000000000000000000000000000000 (9) State = 0xe2b2f2cde0b1e79709e6d8acf43661e4 (9) Finished request Waking up in 7.9 seconds. (10) Received Access-Request Id 1 from 172.16.1.18:1108 to 172.16.1.50:18200 length 155 (10) User-Name = "caemmerer@ash-berlin.eu" (10) NAS-IP-Address = 172.16.1.18 (10) Called-Station-Id = "0018f8eebabf" (10) Calling-Station-Id = "5c969d10d14b" (10) NAS-Identifier = "0018f8eebabf" (10) NAS-Port = 10 (10) Framed-MTU = 1400 (10) State = 0xe2b2f2cde0b1e79709e6d8acf43661e4 (10) NAS-Port-Type = Wireless-802.11 (10) EAP-Message = 0x020300061500 (10) Message-Authenticator = 0xc6132d8e117152f938ef37d55b9b0163 (10) session-state: No cached attributes (10) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (10) authorize { (10) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (10) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (10) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (10) auth_log: EXPAND %t (10) auth_log: --> Tue Oct 25 14:21:09 2016 (10) [auth_log] = ok (10) suffix: Checking for suffix after "@" (10) suffix: Looking up realm "ash-berlin.eu" for User-Name = "caemmerer@ash-berlin.eu" (10) suffix: Found realm "ash-berlin.eu" (10) suffix: Adding Stripped-User-Name = "caemmerer" (10) suffix: Adding Realm = "ash-berlin.eu" (10) suffix: Authentication realm is LOCAL (10) [suffix] = ok (10) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (10) ERROR: Failed retrieving values required to evaluate condition (10) [preprocess] = ok (10) files: users: Matched entry DEFAULT at line 221 (10) [files] = ok (10) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'caemmerer@ash-berlin.eu' (10) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (10) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (10) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (10) perl: $RAD_REQUEST{'State'} = &request:State -> '0xe2b2f2cde0b1e79709e6d8acf43661e4' (10) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (10) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '5c969d10d14b' (10) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (10) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (10) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:21:09 CEST' (10) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020300061500' (10) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0xc6132d8e117152f938ef37d55b9b0163' (10) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'caemmerer' (10) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (10) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (10) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (10) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (10) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (10) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (10) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (10) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020300061500' (10) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'caemmerer@ash-berlin.eu' (10) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (10) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (10) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'caemmerer' (10) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (10) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (10) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '5c969d10d14b' (10) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (10) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0xc6132d8e117152f938ef37d55b9b0163' (10) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:21:09 CEST' (10) perl: &request:State = $RAD_REQUEST{'State'} -> '0xe2b2f2cde0b1e79709e6d8acf43661e4' (10) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (10) [perl] = ok (10) eap: Peer sent EAP Response (code 2) ID 3 length 6 (10) eap: Continuing tunnel setup (10) [eap] = ok (10) [pap] = noop (10) [mschap] = noop (10) } # authorize = ok (10) Found Auth-Type = Perl (10) Found Auth-Type = eap (10) ERROR: Warning: Found 2 auth-types on request for user 'caemmerer@ash-berlin.eu' (10) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (10) authenticate { (10) eap: Expiring EAP session with state 0xd7f19134d1f684a3 (10) eap: Finished EAP session with state 0xe2b2f2cde0b1e797 (10) eap: Previous EAP request found for state 0xe2b2f2cde0b1e797, released from the list (10) eap: Peer sent packet with method EAP TTLS (21) (10) eap: Calling submodule eap_ttls to process data (10) eap_ttls: Authenticate (10) eap_ttls: Continuing EAP-TLS (10) eap_ttls: Peer ACKed our handshake fragment (10) eap_ttls: [eaptls verify] = request (10) eap_ttls: [eaptls process] = handled (10) eap: Sending EAP Request (code 1) ID 4 length 1004 (10) eap: EAP session adding &reply:State = 0xe2b2f2cde1b6e797 (10) [eap] = handled (10) } # authenticate = handled (10) Using Post-Auth-Type Challenge (10) Post-Auth-Type sub-section not found. Ignoring. (10) Sent Access-Challenge Id 1 from 172.16.1.50:18200 to 172.16.1.18:1108 length 0 (10) EAP-Message = 0x010403ec15c00000160701090116106361406173682d6265726c696e2e657530820122300d06092a864886f70d01010105000382010f003082010a0282010100ad53771db4be88e9d154d793618b2b021a5f5566e84910b2e07600cf25e19c417a2d3bb78d31093aa77586abfc36eed19e340e25e5fe11 (10) Message-Authenticator = 0x00000000000000000000000000000000 (10) State = 0xe2b2f2cde1b6e79709e6d8acf43661e4 (10) Finished request Waking up in 7.9 seconds. (11) Received Access-Request Id 1 from 172.16.1.18:1110 to 172.16.1.50:18200 length 155 (11) User-Name = "caemmerer@ash-berlin.eu" (11) NAS-IP-Address = 172.16.1.18 (11) Called-Station-Id = "0018f8eebabf" (11) Calling-Station-Id = "5c969d10d14b" (11) NAS-Identifier = "0018f8eebabf" (11) NAS-Port = 10 (11) Framed-MTU = 1400 (11) State = 0xe2b2f2cde1b6e79709e6d8acf43661e4 (11) NAS-Port-Type = Wireless-802.11 (11) EAP-Message = 0x020400061500 (11) Message-Authenticator = 0x7250960d5308872e9ccb572d92c7ef1e (11) session-state: No cached attributes (11) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (11) authorize { (11) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (11) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (11) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (11) auth_log: EXPAND %t (11) auth_log: --> Tue Oct 25 14:21:09 2016 (11) [auth_log] = ok (11) suffix: Checking for suffix after "@" (11) suffix: Looking up realm "ash-berlin.eu" for User-Name = "caemmerer@ash-berlin.eu" (11) suffix: Found realm "ash-berlin.eu" (11) suffix: Adding Stripped-User-Name = "caemmerer" (11) suffix: Adding Realm = "ash-berlin.eu" (11) suffix: Authentication realm is LOCAL (11) [suffix] = ok (11) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (11) ERROR: Failed retrieving values required to evaluate condition (11) [preprocess] = ok (11) files: users: Matched entry DEFAULT at line 221 (11) [files] = ok (11) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'caemmerer@ash-berlin.eu' (11) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (11) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (11) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (11) perl: $RAD_REQUEST{'State'} = &request:State -> '0xe2b2f2cde1b6e79709e6d8acf43661e4' (11) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (11) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '5c969d10d14b' (11) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (11) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (11) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:21:09 CEST' (11) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020400061500' (11) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0x7250960d5308872e9ccb572d92c7ef1e' (11) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'caemmerer' (11) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (11) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (11) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (11) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (11) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (11) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (11) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (11) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020400061500' (11) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'caemmerer@ash-berlin.eu' (11) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (11) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (11) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'caemmerer' (11) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (11) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (11) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '5c969d10d14b' (11) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (11) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0x7250960d5308872e9ccb572d92c7ef1e' (11) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:21:09 CEST' (11) perl: &request:State = $RAD_REQUEST{'State'} -> '0xe2b2f2cde1b6e79709e6d8acf43661e4' (11) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (11) [perl] = ok (11) eap: Peer sent EAP Response (code 2) ID 4 length 6 (11) eap: Continuing tunnel setup (11) [eap] = ok (11) [pap] = noop (11) [mschap] = noop (11) } # authorize = ok (11) Found Auth-Type = Perl (11) Found Auth-Type = eap (11) ERROR: Warning: Found 2 auth-types on request for user 'caemmerer@ash-berlin.eu' (11) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (11) authenticate { (11) eap: Expiring EAP session with state 0xd7f19134d1f684a3 (11) eap: Finished EAP session with state 0xe2b2f2cde1b6e797 (11) eap: Previous EAP request found for state 0xe2b2f2cde1b6e797, released from the list (11) eap: Peer sent packet with method EAP TTLS (21) (11) eap: Calling submodule eap_ttls to process data (11) eap_ttls: Authenticate (11) eap_ttls: Continuing EAP-TLS (11) eap_ttls: Peer ACKed our handshake fragment (11) eap_ttls: [eaptls verify] = request (11) eap_ttls: [eaptls process] = handled (11) eap: Sending EAP Request (code 1) ID 5 length 1004 (11) eap: EAP session adding &reply:State = 0xe2b2f2cde6b7e797 (11) [eap] = handled (11) } # authenticate = handled (11) Using Post-Auth-Type Challenge (11) Post-Auth-Type sub-section not found. Ignoring. (11) Sent Access-Challenge Id 1 from 172.16.1.50:18200 to 172.16.1.18:1110 length 0 (11) EAP-Message = 0x010503ec15c0000016076ec4f1382edb126aee240b8ec64dab8808b8fbc4a5ad8498f974ee1fedb0b4ec2ddb8940d2ce9182eefec98a3424e55224115096df91c024701ff1cef1b595de2f897b89866822f6b7c2ac53aca824b1031ec6e57be92b407c2ff2417c4e5fd6dfccd8c33e03fe115f8cc8502f (11) Message-Authenticator = 0x00000000000000000000000000000000 (11) State = 0xe2b2f2cde6b7e79709e6d8acf43661e4 (11) Finished request Waking up in 7.9 seconds. (12) Received Access-Request Id 1 from 172.16.1.18:1112 to 172.16.1.50:18200 length 155 (12) User-Name = "caemmerer@ash-berlin.eu" (12) NAS-IP-Address = 172.16.1.18 (12) Called-Station-Id = "0018f8eebabf" (12) Calling-Station-Id = "5c969d10d14b" (12) NAS-Identifier = "0018f8eebabf" (12) NAS-Port = 10 (12) Framed-MTU = 1400 (12) State = 0xe2b2f2cde6b7e79709e6d8acf43661e4 (12) NAS-Port-Type = Wireless-802.11 (12) EAP-Message = 0x020500061500 (12) Message-Authenticator = 0x236f43ca155522c5b173212b4feaa536 (12) session-state: No cached attributes (12) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (12) authorize { (12) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (12) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (12) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (12) auth_log: EXPAND %t (12) auth_log: --> Tue Oct 25 14:21:09 2016 (12) [auth_log] = ok (12) suffix: Checking for suffix after "@" (12) suffix: Looking up realm "ash-berlin.eu" for User-Name = "caemmerer@ash-berlin.eu" (12) suffix: Found realm "ash-berlin.eu" (12) suffix: Adding Stripped-User-Name = "caemmerer" (12) suffix: Adding Realm = "ash-berlin.eu" (12) suffix: Authentication realm is LOCAL (12) [suffix] = ok (12) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (12) ERROR: Failed retrieving values required to evaluate condition (12) [preprocess] = ok (12) files: users: Matched entry DEFAULT at line 221 (12) [files] = ok (12) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'caemmerer@ash-berlin.eu' (12) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (12) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (12) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (12) perl: $RAD_REQUEST{'State'} = &request:State -> '0xe2b2f2cde6b7e79709e6d8acf43661e4' (12) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (12) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '5c969d10d14b' (12) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (12) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (12) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:21:09 CEST' (12) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020500061500' (12) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0x236f43ca155522c5b173212b4feaa536' (12) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'caemmerer' (12) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (12) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (12) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (12) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (12) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (12) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (12) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (12) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020500061500' (12) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'caemmerer@ash-berlin.eu' (12) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (12) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (12) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'caemmerer' (12) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (12) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (12) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '5c969d10d14b' (12) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (12) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0x236f43ca155522c5b173212b4feaa536' (12) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:21:09 CEST' (12) perl: &request:State = $RAD_REQUEST{'State'} -> '0xe2b2f2cde6b7e79709e6d8acf43661e4' (12) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (12) [perl] = ok (12) eap: Peer sent EAP Response (code 2) ID 5 length 6 (12) eap: Continuing tunnel setup (12) [eap] = ok (12) [pap] = noop (12) [mschap] = noop (12) } # authorize = ok (12) Found Auth-Type = Perl (12) Found Auth-Type = eap (12) ERROR: Warning: Found 2 auth-types on request for user 'caemmerer@ash-berlin.eu' (12) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (12) authenticate { (12) eap: Expiring EAP session with state 0xd7f19134d1f684a3 (12) eap: Finished EAP session with state 0xe2b2f2cde6b7e797 (12) eap: Previous EAP request found for state 0xe2b2f2cde6b7e797, released from the list (12) eap: Peer sent packet with method EAP TTLS (21) (12) eap: Calling submodule eap_ttls to process data (12) eap_ttls: Authenticate (12) eap_ttls: Continuing EAP-TLS (12) eap_ttls: Peer ACKed our handshake fragment (12) eap_ttls: [eaptls verify] = request (12) eap_ttls: [eaptls process] = handled (12) eap: Sending EAP Request (code 1) ID 6 length 1004 (12) eap: EAP session adding &reply:State = 0xe2b2f2cde7b4e797 (12) [eap] = handled (12) } # authenticate = handled (12) Using Post-Auth-Type Challenge (12) Post-Auth-Type sub-section not found. Ignoring. (12) Sent Access-Challenge Id 1 from 172.16.1.50:18200 to 172.16.1.18:1112 length 0 (12) EAP-Message = 0x010603ec15c000001607306a302c06082b060105050730018620687474703a2f2f6f637370303333362e74656c657365632e64652f6f63737072303a06082b06010505073002862e687474703a2f2f706b69303333362e74656c657365632e64652f6372742f44545f524f4f545f43415f322e63657230 (12) Message-Authenticator = 0x00000000000000000000000000000000 (12) State = 0xe2b2f2cde7b4e79709e6d8acf43661e4 (12) Finished request Waking up in 7.9 seconds. (13) Received Access-Request Id 1 from 172.16.1.18:1114 to 172.16.1.50:18200 length 155 (13) User-Name = "caemmerer@ash-berlin.eu" (13) NAS-IP-Address = 172.16.1.18 (13) Called-Station-Id = "0018f8eebabf" (13) Calling-Station-Id = "5c969d10d14b" (13) NAS-Identifier = "0018f8eebabf" (13) NAS-Port = 10 (13) Framed-MTU = 1400 (13) State = 0xe2b2f2cde7b4e79709e6d8acf43661e4 (13) NAS-Port-Type = Wireless-802.11 (13) EAP-Message = 0x020600061500 (13) Message-Authenticator = 0x8a1716c023dcd3b604f54e3f560b1b86 (13) session-state: No cached attributes (13) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (13) authorize { (13) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (13) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (13) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (13) auth_log: EXPAND %t (13) auth_log: --> Tue Oct 25 14:21:09 2016 (13) [auth_log] = ok (13) suffix: Checking for suffix after "@" (13) suffix: Looking up realm "ash-berlin.eu" for User-Name = "caemmerer@ash-berlin.eu" (13) suffix: Found realm "ash-berlin.eu" (13) suffix: Adding Stripped-User-Name = "caemmerer" (13) suffix: Adding Realm = "ash-berlin.eu" (13) suffix: Authentication realm is LOCAL (13) [suffix] = ok (13) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (13) ERROR: Failed retrieving values required to evaluate condition (13) [preprocess] = ok (13) files: users: Matched entry DEFAULT at line 221 (13) [files] = ok (13) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'caemmerer@ash-berlin.eu' (13) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (13) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (13) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (13) perl: $RAD_REQUEST{'State'} = &request:State -> '0xe2b2f2cde7b4e79709e6d8acf43661e4' (13) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (13) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '5c969d10d14b' (13) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (13) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (13) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:21:09 CEST' (13) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020600061500' (13) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0x8a1716c023dcd3b604f54e3f560b1b86' (13) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'caemmerer' (13) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (13) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (13) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (13) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (13) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (13) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (13) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (13) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020600061500' (13) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'caemmerer@ash-berlin.eu' (13) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (13) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (13) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'caemmerer' (13) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (13) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (13) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '5c969d10d14b' (13) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (13) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0x8a1716c023dcd3b604f54e3f560b1b86' (13) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:21:09 CEST' (13) perl: &request:State = $RAD_REQUEST{'State'} -> '0xe2b2f2cde7b4e79709e6d8acf43661e4' (13) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (13) [perl] = ok (13) eap: Peer sent EAP Response (code 2) ID 6 length 6 (13) eap: Continuing tunnel setup (13) [eap] = ok (13) [pap] = noop (13) [mschap] = noop (13) } # authorize = ok (13) Found Auth-Type = Perl (13) Found Auth-Type = eap (13) ERROR: Warning: Found 2 auth-types on request for user 'caemmerer@ash-berlin.eu' (13) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (13) authenticate { (13) eap: Expiring EAP session with state 0xd7f19134d1f684a3 (13) eap: Finished EAP session with state 0xe2b2f2cde7b4e797 (13) eap: Previous EAP request found for state 0xe2b2f2cde7b4e797, released from the list (13) eap: Peer sent packet with method EAP TTLS (21) (13) eap: Calling submodule eap_ttls to process data (13) eap_ttls: Authenticate (13) eap_ttls: Continuing EAP-TLS (13) eap_ttls: Peer ACKed our handshake fragment (13) eap_ttls: [eaptls verify] = request (13) eap_ttls: [eaptls process] = handled (13) eap: Sending EAP Request (code 1) ID 7 length 679 (13) eap: EAP session adding &reply:State = 0xe2b2f2cde4b5e797 (13) [eap] = handled (13) } # authenticate = handled (13) Using Post-Auth-Type Challenge (13) Post-Auth-Type sub-section not found. Ignoring. (13) Sent Access-Challenge Id 1 from 172.16.1.50:18200 to 172.16.1.18:1114 length 0 (13) EAP-Message = 0x010702a7158000001607f553d717e0897a2d176c0ab32b9d33300f0603551d13040830060101ff020105300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100946459ad3964e729eb13fe5ac38b1357c80424f07477c060e367fbe989a683bf96827c6ed4c33def9e (13) Message-Authenticator = 0x00000000000000000000000000000000 (13) State = 0xe2b2f2cde4b5e79709e6d8acf43661e4 (13) Finished request Waking up in 7.9 seconds. (14) Received Access-Request Id 1 from 172.16.1.18:1116 to 172.16.1.50:18200 length 293 (14) User-Name = "caemmerer@ash-berlin.eu" (14) NAS-IP-Address = 172.16.1.18 (14) Called-Station-Id = "0018f8eebabf" (14) Calling-Station-Id = "5c969d10d14b" (14) NAS-Identifier = "0018f8eebabf" (14) NAS-Port = 10 (14) Framed-MTU = 1400 (14) State = 0xe2b2f2cde4b5e79709e6d8acf43661e4 (14) NAS-Port-Type = Wireless-802.11 (14) EAP-Message = 0x0207009015800000008616030100461000004241044607bd0e80d169d7b52c35d24326f32b2b82603860194e45c1d56d2b451a2a4fb4be86fde2dcd37d0f7d5be53bd178b373c03e323fd24c487a7e65bc9e9a5d031403010001011603010030b6b80dab8e2382e7c8af73a28e039eff546852414e8032 (14) Message-Authenticator = 0xba9982394cf850a163334433fb32075f (14) session-state: No cached attributes (14) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (14) authorize { (14) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (14) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (14) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (14) auth_log: EXPAND %t (14) auth_log: --> Tue Oct 25 14:21:09 2016 (14) [auth_log] = ok (14) suffix: Checking for suffix after "@" (14) suffix: Looking up realm "ash-berlin.eu" for User-Name = "caemmerer@ash-berlin.eu" (14) suffix: Found realm "ash-berlin.eu" (14) suffix: Adding Stripped-User-Name = "caemmerer" (14) suffix: Adding Realm = "ash-berlin.eu" (14) suffix: Authentication realm is LOCAL (14) [suffix] = ok (14) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (14) ERROR: Failed retrieving values required to evaluate condition (14) [preprocess] = ok (14) files: users: Matched entry DEFAULT at line 221 (14) [files] = ok (14) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'caemmerer@ash-berlin.eu' (14) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (14) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (14) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (14) perl: $RAD_REQUEST{'State'} = &request:State -> '0xe2b2f2cde4b5e79709e6d8acf43661e4' (14) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (14) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '5c969d10d14b' (14) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (14) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (14) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:21:09 CEST' (14) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x0207009015800000008616030100461000004241044607bd0e80d169d7b52c35d24326f32b2b82603860194e45c1d56d2b451a2a4fb4be86fde2dcd37d0f7d5be53bd178b373c03e323fd24c487a7e65bc9e9a5d031403010001011603010030b6b80dab8e2382e7c8af73a28e039eff546852414e80325832e28f45e6e4ba8f96ddccff65b780f52d482e6c62e49e86' (14) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0xba9982394cf850a163334433fb32075f' (14) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'caemmerer' (14) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (14) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (14) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (14) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (14) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (14) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (14) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (14) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x0207009015800000008616030100461000004241044607bd0e80d169d7b52c35d24326f32b2b82603860194e45c1d56d2b451a2a4fb4be86fde2dcd37d0f7d5be53bd178b373c03e323fd24c487a7e65bc9e9a5d031403010001011603010030b6b80dab8e2382e7c8af73a28e039eff546852414e80325832e28f45e6e4ba8f96ddccff65b780f52d482e6c62e49e86' (14) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'caemmerer@ash-berlin.eu' (14) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (14) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (14) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'caemmerer' (14) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (14) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (14) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '5c969d10d14b' (14) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (14) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0xba9982394cf850a163334433fb32075f' (14) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:21:09 CEST' (14) perl: &request:State = $RAD_REQUEST{'State'} -> '0xe2b2f2cde4b5e79709e6d8acf43661e4' (14) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (14) [perl] = ok (14) eap: Peer sent EAP Response (code 2) ID 7 length 144 (14) eap: Continuing tunnel setup (14) [eap] = ok (14) [pap] = noop (14) [mschap] = noop (14) } # authorize = ok (14) Found Auth-Type = Perl (14) Found Auth-Type = eap (14) ERROR: Warning: Found 2 auth-types on request for user 'caemmerer@ash-berlin.eu' (14) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (14) authenticate { (14) eap: Expiring EAP session with state 0xd7f19134d1f684a3 (14) eap: Finished EAP session with state 0xe2b2f2cde4b5e797 (14) eap: Previous EAP request found for state 0xe2b2f2cde4b5e797, released from the list (14) eap: Peer sent packet with method EAP TTLS (21) (14) eap: Calling submodule eap_ttls to process data (14) eap_ttls: Authenticate (14) eap_ttls: Continuing EAP-TLS (14) eap_ttls: Peer indicated complete TLS record size will be 134 bytes (14) eap_ttls: Got complete TLS record (134 bytes) (14) eap_ttls: [eaptls verify] = length included (14) eap_ttls: <<< recv TLS 1.0 Handshake [length 0046], ClientKeyExchange (14) eap_ttls: TLS_accept: unknown state (14) eap_ttls: TLS_accept: unknown state (14) eap_ttls: <<< recv TLS 1.0 ChangeCipherSpec [length 0001] (14) eap_ttls: <<< recv TLS 1.0 Handshake [length 0010], Finished (14) eap_ttls: TLS_accept: unknown state (14) eap_ttls: >>> send TLS 1.0 ChangeCipherSpec [length 0001] (14) eap_ttls: TLS_accept: unknown state (14) eap_ttls: >>> send TLS 1.0 Handshake [length 0010], Finished (14) eap_ttls: TLS_accept: unknown state (14) eap_ttls: TLS_accept: unknown state (14) eap_ttls: (other): SSL negotiation finished successfully (14) eap_ttls: SSL Connection Established (14) eap_ttls: [eaptls process] = handled (14) eap: Sending EAP Request (code 1) ID 8 length 69 (14) eap: EAP session adding &reply:State = 0xe2b2f2cde5bae797 (14) [eap] = handled (14) } # authenticate = handled (14) Using Post-Auth-Type Challenge (14) Post-Auth-Type sub-section not found. Ignoring. (14) Sent Access-Challenge Id 1 from 172.16.1.50:18200 to 172.16.1.18:1116 length 0 (14) EAP-Message = 0x0108004515800000003b1403010001011603010030bfb66eb83c597e18e995cb9ac175d2ea8697c55ea3d40e5e0810953bc2beb4248e2c0d3f6fc38175e33b9e27d7fe1a88 (14) Message-Authenticator = 0x00000000000000000000000000000000 (14) State = 0xe2b2f2cde5bae79709e6d8acf43661e4 (14) Finished request Waking up in 7.8 seconds. (15) Received Access-Request Id 1 from 172.16.1.18:1118 to 172.16.1.50:18200 length 228 (15) User-Name = "caemmerer@ash-berlin.eu" (15) NAS-IP-Address = 172.16.1.18 (15) Called-Station-Id = "0018f8eebabf" (15) Calling-Station-Id = "5c969d10d14b" (15) NAS-Identifier = "0018f8eebabf" (15) NAS-Port = 10 (15) Framed-MTU = 1400 (15) State = 0xe2b2f2cde5bae79709e6d8acf43661e4 (15) NAS-Port-Type = Wireless-802.11 (15) EAP-Message = 0x0208004f1580000000451703010040160c8f262c810b8ebdbac12900b137e28a4b4223a438c9803edb370343e7c34f8527140db671f2f3f21b30c661cb53d0e861bfbeaebeb8ce06f2a334e0639cc1 (15) Message-Authenticator = 0xa2a320e7524dad9b7d1eb1ab25d02a97 (15) session-state: No cached attributes (15) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (15) authorize { (15) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (15) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (15) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (15) auth_log: EXPAND %t (15) auth_log: --> Tue Oct 25 14:21:09 2016 (15) [auth_log] = ok (15) suffix: Checking for suffix after "@" (15) suffix: Looking up realm "ash-berlin.eu" for User-Name = "caemmerer@ash-berlin.eu" (15) suffix: Found realm "ash-berlin.eu" (15) suffix: Adding Stripped-User-Name = "caemmerer" (15) suffix: Adding Realm = "ash-berlin.eu" (15) suffix: Authentication realm is LOCAL (15) [suffix] = ok (15) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (15) ERROR: Failed retrieving values required to evaluate condition (15) [preprocess] = ok (15) files: users: Matched entry DEFAULT at line 221 (15) [files] = ok (15) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'caemmerer@ash-berlin.eu' (15) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (15) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (15) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (15) perl: $RAD_REQUEST{'State'} = &request:State -> '0xe2b2f2cde5bae79709e6d8acf43661e4' (15) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (15) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '5c969d10d14b' (15) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (15) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (15) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:21:09 CEST' (15) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x0208004f1580000000451703010040160c8f262c810b8ebdbac12900b137e28a4b4223a438c9803edb370343e7c34f8527140db671f2f3f21b30c661cb53d0e861bfbeaebeb8ce06f2a334e0639cc1' (15) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0xa2a320e7524dad9b7d1eb1ab25d02a97' (15) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'caemmerer' (15) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (15) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (15) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (15) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (15) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (15) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (15) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (15) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x0208004f1580000000451703010040160c8f262c810b8ebdbac12900b137e28a4b4223a438c9803edb370343e7c34f8527140db671f2f3f21b30c661cb53d0e861bfbeaebeb8ce06f2a334e0639cc1' (15) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'caemmerer@ash-berlin.eu' (15) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (15) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (15) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'caemmerer' (15) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (15) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (15) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '5c969d10d14b' (15) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (15) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0xa2a320e7524dad9b7d1eb1ab25d02a97' (15) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:21:09 CEST' (15) perl: &request:State = $RAD_REQUEST{'State'} -> '0xe2b2f2cde5bae79709e6d8acf43661e4' (15) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (15) [perl] = ok (15) eap: Peer sent EAP Response (code 2) ID 8 length 79 (15) eap: Continuing tunnel setup (15) [eap] = ok (15) [pap] = noop (15) [mschap] = noop (15) } # authorize = ok (15) Found Auth-Type = Perl (15) Found Auth-Type = eap (15) ERROR: Warning: Found 2 auth-types on request for user 'caemmerer@ash-berlin.eu' (15) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (15) authenticate { (15) eap: Expiring EAP session with state 0xd7f19134d1f684a3 (15) eap: Finished EAP session with state 0xe2b2f2cde5bae797 (15) eap: Previous EAP request found for state 0xe2b2f2cde5bae797, released from the list (15) eap: Peer sent packet with method EAP TTLS (21) (15) eap: Calling submodule eap_ttls to process data (15) eap_ttls: Authenticate (15) eap_ttls: Continuing EAP-TLS (15) eap_ttls: Peer indicated complete TLS record size will be 69 bytes (15) eap_ttls: Got complete TLS record (69 bytes) (15) eap_ttls: [eaptls verify] = length included (15) eap_ttls: [eaptls process] = ok (15) eap_ttls: Session established. Proceeding to decode tunneled attributes (15) eap_ttls: Got tunneled request (15) eap_ttls: EAP-Message = 0x0200001c016361656d6d65726572406173682d6265726c696e2e6575 (15) eap_ttls: FreeRADIUS-Proxied-To = 127.0.0.1 (15) eap_ttls: Got tunneled identity of caemmerer@ash-berlin.eu (15) eap_ttls: Setting default EAP type for tunneled EAP session (15) eap_ttls: Sending tunneled request (15) Virtual server eduroam-inner-tunnel received request (15) EAP-Message = 0x0200001c016361656d6d65726572406173682d6265726c696e2e6575 (15) FreeRADIUS-Proxied-To = 127.0.0.1 (15) User-Name = "caemmerer@ash-berlin.eu" (15) Called-Station-Id = "0018f8eebabf" (15) Framed-MTU = 1400 (15) NAS-IP-Address = 172.16.1.18 (15) NAS-Port-Type = Wireless-802.11 (15) NAS-Port = 10 (15) Calling-Station-Id = "5c969d10d14b" (15) NAS-Identifier = "0018f8eebabf" (15) Event-Timestamp = "Jan 1 1970 01:00:00 CET" (15) WARNING: Outer and inner identities are the same. User privacy is compromised. (15) server eduroam-inner-tunnel { (15) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam-inner-tunnel (15) authorize { (15) [preprocess] = ok (15) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (15) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (15) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (15) auth_log: EXPAND %t (15) auth_log: --> Tue Oct 25 14:21:09 2016 (15) [auth_log] = ok (15) files: users: Matched entry DEFAULT at line 221 (15) [files] = ok (15) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'caemmerer@ash-berlin.eu' (15) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (15) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (15) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (15) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (15) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '5c969d10d14b' (15) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (15) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (15) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Jan 1 1970 01:00:00 CET' (15) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x0200001c016361656d6d65726572406173682d6265726c696e2e6575' (15) perl: $RAD_REQUEST{'FreeRADIUS-Proxied-To'} = &request:FreeRADIUS-Proxied-To -> '127.0.0.1' (15) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (15) perl: $RAD_CHECK{'EAP-Type'} = &control:EAP-Type -> 'MSCHAPv2' (15) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (15) perl: $RAD_CONFIG{'EAP-Type'} = &control:EAP-Type -> 'MSCHAPv2' (15) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (15) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (15) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (15) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x0200001c016361656d6d65726572406173682d6265726c696e2e6575' (15) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'caemmerer@ash-berlin.eu' (15) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (15) perl: &request:FreeRADIUS-Proxied-To = $RAD_REQUEST{'FreeRADIUS-Proxied-To'} -> '127.0.0.1' (15) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (15) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '5c969d10d14b' (15) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (15) perl: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Jan 1 1970 01:00:00 CET' (15) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (15) perl: &control:EAP-Type = $RAD_CHECK{'EAP-Type'} -> 'MSCHAPv2' (15) [perl] = ok (15) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (15) pap: WARNING: Authentication will fail unless a "known good" password is available (15) [pap] = noop (15) [mschap] = noop (15) eap: Peer sent EAP Response (code 2) ID 0 length 28 (15) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (15) [eap] = ok (15) } # authorize = ok (15) Found Auth-Type = Perl (15) Found Auth-Type = eap (15) ERROR: Warning: Found 2 auth-types on request for user 'caemmerer@ash-berlin.eu' (15) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam-inner-tunnel (15) authenticate { (15) eap: Peer sent packet with method EAP Identity (1) (15) eap: Calling submodule eap_mschapv2 to process data (15) eap_mschapv2: Issuing Challenge (15) eap: Sending EAP Request (code 1) ID 1 length 43 (15) eap: EAP session adding &reply:State = 0xf161f8b2f160e206 (15) [eap] = handled (15) } # authenticate = handled (15) } # server eduroam-inner-tunnel (15) Virtual server sending reply (15) EAP-Message = 0x0101002b1a01010026104353b2ee277ea9061416acc8ab61605f667265657261646975732d332e302e3132 (15) Message-Authenticator = 0x00000000000000000000000000000000 (15) State = 0xf161f8b2f160e2062595a49c796ae496 (15) eap_ttls: Got tunneled Access-Challenge (15) eap: Sending EAP Request (code 1) ID 9 length 95 (15) eap: EAP session adding &reply:State = 0xe2b2f2cdeabbe797 (15) [eap] = handled (15) } # authenticate = handled (15) Using Post-Auth-Type Challenge (15) Post-Auth-Type sub-section not found. Ignoring. (15) Sent Access-Challenge Id 1 from 172.16.1.50:18200 to 172.16.1.18:1118 length 0 (15) EAP-Message = 0x0109005f15800000005517030100509df08a7c99ff559b93fb69ac5369b12f6c318a029fadd5cd58d697ce778440c0467ab56977f997e4886337a556525b24fd7346f5c9b57738c0fae72f110628b06122948135da15854c9e70701d96c46a (15) Message-Authenticator = 0x00000000000000000000000000000000 (15) State = 0xe2b2f2cdeabbe79709e6d8acf43661e4 (15) Finished request Waking up in 7.7 seconds. (16) Received Access-Request Id 1 from 172.16.1.18:1120 to 172.16.1.50:18200 length 292 (16) User-Name = "caemmerer@ash-berlin.eu" (16) NAS-IP-Address = 172.16.1.18 (16) Called-Station-Id = "0018f8eebabf" (16) Calling-Station-Id = "5c969d10d14b" (16) NAS-Identifier = "0018f8eebabf" (16) NAS-Port = 10 (16) Framed-MTU = 1400 (16) State = 0xe2b2f2cdeabbe79709e6d8acf43661e4 (16) NAS-Port-Type = Wireless-802.11 (16) EAP-Message = 0x0209008f1580000000851703010080bbcd67ebb99738b73f2d26cd268d94b41a0cc23ba76218bc889f44373e9231411789381b347e68a95d985f378ca1c926fc3f374e393aea5189714929321c710ad3e2d5a11606293015de0640ee906aee583c2ad056908f5a7c8caa3f4666dc067df66b64dd306467 (16) Message-Authenticator = 0x195212ee28cdb26d71890da370225a1f (16) session-state: No cached attributes (16) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (16) authorize { (16) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (16) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (16) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (16) auth_log: EXPAND %t (16) auth_log: --> Tue Oct 25 14:21:09 2016 (16) [auth_log] = ok (16) suffix: Checking for suffix after "@" (16) suffix: Looking up realm "ash-berlin.eu" for User-Name = "caemmerer@ash-berlin.eu" (16) suffix: Found realm "ash-berlin.eu" (16) suffix: Adding Stripped-User-Name = "caemmerer" (16) suffix: Adding Realm = "ash-berlin.eu" (16) suffix: Authentication realm is LOCAL (16) [suffix] = ok (16) if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~ /.*@ash-berlin.eu$/)) { (16) ERROR: Failed retrieving values required to evaluate condition (16) [preprocess] = ok (16) files: users: Matched entry DEFAULT at line 221 (16) [files] = ok (16) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'caemmerer@ash-berlin.eu' (16) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (16) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (16) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (16) perl: $RAD_REQUEST{'State'} = &request:State -> '0xe2b2f2cdeabbe79709e6d8acf43661e4' (16) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (16) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '5c969d10d14b' (16) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (16) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (16) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Okt 25 2016 14:21:09 CEST' (16) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x0209008f1580000000851703010080bbcd67ebb99738b73f2d26cd268d94b41a0cc23ba76218bc889f44373e9231411789381b347e68a95d985f378ca1c926fc3f374e393aea5189714929321c710ad3e2d5a11606293015de0640ee906aee583c2ad056908f5a7c8caa3f4666dc067df66b64dd306467225e4be661f825dd138d1af204dbf15ce506893efb155198' (16) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0x195212ee28cdb26d71890da370225a1f' (16) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'caemmerer' (16) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'ash-berlin.eu' (16) perl: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (16) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (16) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (16) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (16) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (16) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (16) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x0209008f1580000000851703010080bbcd67ebb99738b73f2d26cd268d94b41a0cc23ba76218bc889f44373e9231411789381b347e68a95d985f378ca1c926fc3f374e393aea5189714929321c710ad3e2d5a11606293015de0640ee906aee583c2ad056908f5a7c8caa3f4666dc067df66b64dd306467225e4be661f825dd138d1af204dbf15ce506893efb155198' (16) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'caemmerer@ash-berlin.eu' (16) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (16) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'ash-berlin.eu' (16) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'caemmerer' (16) perl: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (16) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (16) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '5c969d10d14b' (16) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (16) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0x195212ee28cdb26d71890da370225a1f' (16) perl: ERROR: Failed to create pair &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Okt 25 2016 14:21:09 CEST' (16) perl: &request:State = $RAD_REQUEST{'State'} -> '0xe2b2f2cdeabbe79709e6d8acf43661e4' (16) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (16) [perl] = ok (16) eap: Peer sent EAP Response (code 2) ID 9 length 143 (16) eap: Continuing tunnel setup (16) [eap] = ok (16) [pap] = noop (16) [mschap] = noop (16) } # authorize = ok (16) Found Auth-Type = Perl (16) Found Auth-Type = eap (16) ERROR: Warning: Found 2 auth-types on request for user 'caemmerer@ash-berlin.eu' (16) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam (16) authenticate { (16) eap: Expiring EAP session with state 0xd7f19134d1f684a3 (16) eap: Finished EAP session with state 0xe2b2f2cdeabbe797 (16) eap: Previous EAP request found for state 0xe2b2f2cdeabbe797, released from the list (16) eap: Peer sent packet with method EAP TTLS (21) (16) eap: Calling submodule eap_ttls to process data (16) eap_ttls: Authenticate (16) eap_ttls: Continuing EAP-TLS (16) eap_ttls: Peer indicated complete TLS record size will be 133 bytes (16) eap_ttls: Got complete TLS record (133 bytes) (16) eap_ttls: [eaptls verify] = length included (16) eap_ttls: [eaptls process] = ok (16) eap_ttls: Session established. Proceeding to decode tunneled attributes (16) eap_ttls: Got tunneled request (16) eap_ttls: EAP-Message = 0x020100521a0201004d31e96406a5efb766f5b416d263662c0a2f000000000000000070d30d223b13f57f56f7dfde83dad9613b91fec509962e2a006361656d6d65726572406173682d6265726c696e2e6575 (16) eap_ttls: FreeRADIUS-Proxied-To = 127.0.0.1 (16) eap_ttls: Sending tunneled request (16) Virtual server eduroam-inner-tunnel received request (16) EAP-Message = 0x020100521a0201004d31e96406a5efb766f5b416d263662c0a2f000000000000000070d30d223b13f57f56f7dfde83dad9613b91fec509962e2a006361656d6d65726572406173682d6265726c696e2e6575 (16) FreeRADIUS-Proxied-To = 127.0.0.1 (16) User-Name = "caemmerer@ash-berlin.eu" (16) State = 0xf161f8b2f160e2062595a49c796ae496 (16) Called-Station-Id = "0018f8eebabf" (16) Framed-MTU = 1400 (16) NAS-IP-Address = 172.16.1.18 (16) NAS-Port-Type = Wireless-802.11 (16) NAS-Port = 10 (16) Calling-Station-Id = "5c969d10d14b" (16) NAS-Identifier = "0018f8eebabf" (16) Event-Timestamp = "Jan 1 1970 01:00:00 CET" (16) WARNING: Outer and inner identities are the same. User privacy is compromised. (16) server eduroam-inner-tunnel { (16) session-state: No cached attributes (16) # Executing section authorize from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam-inner-tunnel (16) authorize { (16) [preprocess] = ok (16) auth_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (16) auth_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (16) auth_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/auth-detail-20161025 (16) auth_log: EXPAND %t (16) auth_log: --> Tue Oct 25 14:21:09 2016 (16) [auth_log] = ok (16) files: users: Matched entry DEFAULT at line 221 (16) [files] = ok (16) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'caemmerer@ash-berlin.eu' (16) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.16.1.18' (16) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '10' (16) perl: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (16) perl: $RAD_REQUEST{'State'} = &request:State -> '0xf161f8b2f160e2062595a49c796ae496' (16) perl: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '0018f8eebabf' (16) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '5c969d10d14b' (16) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '0018f8eebabf' (16) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (16) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Jan 1 1970 01:00:00 CET' (16) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020100521a0201004d31e96406a5efb766f5b416d263662c0a2f000000000000000070d30d223b13f57f56f7dfde83dad9613b91fec509962e2a006361656d6d65726572406173682d6265726c696e2e6575' (16) perl: $RAD_REQUEST{'FreeRADIUS-Proxied-To'} = &request:FreeRADIUS-Proxied-To -> '127.0.0.1' (16) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl' (16) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl' (16) perl: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '0018f8eebabf' (16) perl: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (16) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.16.1.18' (16) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020100521a0201004d31e96406a5efb766f5b416d263662c0a2f000000000000000070d30d223b13f57f56f7dfde83dad9613b91fec509962e2a006361656d6d65726572406173682d6265726c696e2e6575' (16) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'caemmerer@ash-berlin.eu' (16) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (16) perl: &request:FreeRADIUS-Proxied-To = $RAD_REQUEST{'FreeRADIUS-Proxied-To'} -> '127.0.0.1' (16) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '10' (16) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '5c969d10d14b' (16) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '0018f8eebabf' (16) perl: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Jan 1 1970 01:00:00 CET' (16) perl: &request:State = $RAD_REQUEST{'State'} -> '0xf161f8b2f160e2062595a49c796ae496' (16) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl' (16) [perl] = ok (16) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (16) pap: WARNING: Authentication will fail unless a "known good" password is available (16) [pap] = noop (16) [mschap] = noop (16) eap: Peer sent EAP Response (code 2) ID 1 length 82 (16) eap: No EAP Start, assuming it's an on-going EAP conversation (16) [eap] = updated (16) } # authorize = updated (16) Found Auth-Type = Perl (16) Found Auth-Type = eap (16) ERROR: Warning: Found 2 auth-types on request for user 'caemmerer@ash-berlin.eu' (16) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam-inner-tunnel (16) authenticate { (16) eap: Expiring EAP session with state 0xd7f19134d1f684a3 (16) eap: Finished EAP session with state 0xf161f8b2f160e206 (16) eap: Previous EAP request found for state 0xf161f8b2f160e206, released from the list (16) eap: Peer sent packet with method EAP MSCHAPv2 (26) (16) eap: Calling submodule eap_mschapv2 to process data (16) eap_mschapv2: # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam-inner-tunnel (16) eap_mschapv2: Auth-Type MS-CHAP { (16) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password (16) mschap: WARNING: No Cleartext-Password configured. Cannot create LM-Password (16) mschap: Creating challenge hash with username: caemmerer@ash-berlin.eu (16) mschap: Client is using MS-CHAPv2 (16) mschap: ERROR: FAILED: No NT/LM-Password. Cannot perform authentication (16) mschap: ERROR: MS-CHAP2-Response is incorrect (16) [mschap] = reject (16) } # Auth-Type MS-CHAP = reject (16) eap: Sending EAP Failure (code 4) ID 1 length 4 (16) eap: Freeing handler (16) [eap] = reject (16) } # authenticate = reject (16) Failed to authenticate the user (16) Using Post-Auth-Type Reject (16) # Executing group from file /etc/freeradius.testing-3.0.12//sites-enabled/eduroam-inner-tunnel (16) Post-Auth-Type REJECT { (16) reply_log: EXPAND /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d (16) reply_log: --> /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/reply-detail-20161025 (16) reply_log: /usr/local/radius-3.0.12/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d expands to /usr/local/radius-3.0.12/var/log/radius/radacct/172.16.1.18/reply-detail-20161025 (16) reply_log: EXPAND %t (16) reply_log: --> Tue Oct 25 14:21:09 2016 (16) [reply_log] = ok (16) } # Post-Auth-Type REJECT = ok (16) } # server eduroam-inner-tunnel (16) Virtual server sending reply (16) MS-CHAP-Error = "\001E=691 R=1 C=4177170a1287b230bb11d80e3b2c8e1d V=3 M=Authentication failed" (16) EAP-Message = 0x04010004 (16) Message-Authenticator = 0x00000000000000000000000000000000 (16) eap_ttls: Got tunneled Access-Reject (16) eap: ERROR: Failed continuing EAP TTLS (21) session. EAP sub-module failed (16) eap: Sending EAP Failure (code 4) ID 9 length 4 (16) eap: Failed in EAP select (16) [eap] = invalid (16) } # authenticate = invalid (16) Failed to authenticate the user (16) Using Post-Auth-Type Reject (16) Post-Auth-Type sub-section not found. Ignoring. (16) Delaying response for 1.000000 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (16) Sending delayed response (16) Sent Access-Reject Id 1 from 172.16.1.50:18200 to 172.16.1.18:1120 length 44 (16) EAP-Message = 0x04090004 (16) Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 6.7 seconds. (7) Cleaning up request packet ID 1 with timestamp +102 (8) Cleaning up request packet ID 1 with timestamp +102 (9) Cleaning up request packet ID 1 with timestamp +102 (10) Cleaning up request packet ID 1 with timestamp +102 (11) Cleaning up request packet ID 1 with timestamp +102 (12) Cleaning up request packet ID 1 with timestamp +102 (13) Cleaning up request packet ID 1 with timestamp +102 (14) Cleaning up request packet ID 1 with timestamp +102 (15) Cleaning up request packet ID 1 with timestamp +102 (16) Cleaning up request packet ID 1 with timestamp +102 Ready to process requests ^C xlan:/etc/freeradius.testing-3.0.12# exit Script done on Di 25 Okt 2016 14:21:52 CEST