FreeRADIUS Version 3.0.13 Copyright (C) 1999-2017 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/local/radius/share/freeradius/dictionary including dictionary file /usr/local/radius/share/freeradius/dictionary.dhcp including dictionary file /usr/local/radius/share/freeradius/dictionary.vqp including dictionary file /usr/local/radius/etc/raddb/dictionary including configuration file /usr/local/radius/etc/raddb/radiusd.conf including configuration file /usr/local/radius/etc/raddb/proxy.conf including configuration file /usr/local/radius/etc/raddb/clients.conf including files in directory /usr/local/radius/etc/raddb/mods-enabled/ including configuration file /usr/local/radius/etc/raddb/mods-enabled/always including configuration file /usr/local/radius/etc/raddb/mods-enabled/attr_filter including configuration file /usr/local/radius/etc/raddb/mods-enabled/cache_eap including configuration file /usr/local/radius/etc/raddb/mods-enabled/chap including configuration file /usr/local/radius/etc/raddb/mods-enabled/detail including configuration file /usr/local/radius/etc/raddb/mods-enabled/detail.log including configuration file /usr/local/radius/etc/raddb/mods-enabled/digest including configuration file /usr/local/radius/etc/raddb/mods-enabled/dynamic_clients including configuration file /usr/local/radius/etc/raddb/mods-enabled/echo including configuration file /usr/local/radius/etc/raddb/mods-enabled/exec including configuration file /usr/local/radius/etc/raddb/mods-enabled/expiration including configuration file /usr/local/radius/etc/raddb/mods-enabled/expr including configuration file /usr/local/radius/etc/raddb/mods-enabled/files including configuration file /usr/local/radius/etc/raddb/mods-enabled/linelog including configuration file /usr/local/radius/etc/raddb/mods-enabled/logintime including configuration file /usr/local/radius/etc/raddb/mods-enabled/mschap including configuration file /usr/local/radius/etc/raddb/mods-enabled/ntlm_auth including configuration file /usr/local/radius/etc/raddb/mods-enabled/pap including configuration file /usr/local/radius/etc/raddb/mods-enabled/passwd including configuration file /usr/local/radius/etc/raddb/mods-enabled/preprocess including configuration file /usr/local/radius/etc/raddb/mods-enabled/radutmp including configuration file /usr/local/radius/etc/raddb/mods-enabled/realm including configuration file /usr/local/radius/etc/raddb/mods-enabled/replicate including configuration file /usr/local/radius/etc/raddb/mods-enabled/soh including configuration file /usr/local/radius/etc/raddb/mods-enabled/sradutmp including configuration file /usr/local/radius/etc/raddb/mods-enabled/unix including configuration file /usr/local/radius/etc/raddb/mods-enabled/unpack including configuration file /usr/local/radius/etc/raddb/mods-enabled/utf8 including files in directory /usr/local/radius/etc/raddb/policy.d/ including configuration file /usr/local/radius/etc/raddb/policy.d/accounting including configuration file /usr/local/radius/etc/raddb/policy.d/canonicalization including configuration file /usr/local/radius/etc/raddb/policy.d/control including configuration file /usr/local/radius/etc/raddb/policy.d/cui including configuration file /usr/local/radius/etc/raddb/policy.d/debug including configuration file /usr/local/radius/etc/raddb/policy.d/dhcp including configuration file /usr/local/radius/etc/raddb/policy.d/eap including configuration file /usr/local/radius/etc/raddb/policy.d/filter including configuration file /usr/local/radius/etc/raddb/policy.d/operator-name including files in directory /usr/local/radius/etc/raddb/sites-enabled/ including configuration file /usr/local/radius/etc/raddb/sites-enabled/hknet including configuration file /usr/local/radius/etc/raddb/sites-enabled/tls main { security { user = "radiusd" group = "radiusd" allow_core_dumps = no } name = "radiusd" prefix = "/usr/local/radius" localstatedir = "/var" logdir = "/var/log/radius" run_dir = "/var/run/radiusd" } main { name = "radiusd" prefix = "/usr/local/radius" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/radius" run_dir = "/var/run/radiusd" libdir = "/usr/local/radius/lib/" radacctdir = "/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 10 max_requests = 4096 pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = yes auth_badpass = no auth_goodpass = no colourise = yes msg_denied = "You are already logged in - access denied" } resources { } security { max_attributes = 200 reject_delay = 1.000000 status_server = yes allow_vulnerable_openssl = "CVE-2016-6304" } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = <<< secret >>> response_window = 15.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 120 limit { max_connections = 32 max_requests = 0 lifetime = 0 idle_timeout = 0 } coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server cuni-tls1 { ipaddr = 195.113.15.22 port = 2083 type = "auth" proto = "tcp" secret = <<< secret >>> response_window = 5.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period = 30 status_check = "none" ping_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 300 limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } tls { verify_depth = 0 pem_file_type = yes private_key_file = "/usr/local/radius/etc/raddb/certs/radius2.hknet.cz.key" certificate_file = "/usr/local/radius/etc/raddb/certs/radius2.hknet.cz.crt" ca_file = "/usr/local/radius/etc/raddb/certs/ca.pem" fragment_size = 8192 include_length = yes check_crl = no ecdh_curve = "prime256v1" } home_server cuni-tls2 { ipaddr = 195.113.44.19 port = 2083 type = "auth" proto = "tcp" secret = <<< secret >>> response_window = 5.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period = 30 status_check = "none" ping_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 300 limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } tls { verify_depth = 0 pem_file_type = yes private_key_file = "/usr/local/radius/etc/raddb/certs/radius2.hknet.cz.key" certificate_file = "/usr/local/radius/etc/raddb/certs/radius2.hknet.cz.crt" ca_file = "/usr/local/radius/etc/raddb/certs/ca.pem" fragment_size = 8192 include_length = yes check_crl = no ecdh_curve = "prime256v1" } home_server cesnet-tls1 { ipaddr = 195.113.187.22 port = 2083 type = "auth" proto = "tcp" secret = <<< secret >>> response_window = 30.000000 response_timeouts = 1000 max_outstanding = 65536 zombie_period = 120 status_check = "none" ping_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 60 limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } tls { verify_depth = 0 pem_file_type = yes private_key_file = "/usr/local/radius/etc/raddb/certs/radius2.hknet.cz.key" certificate_file = "/usr/local/radius/etc/raddb/certs/radius2.hknet.cz.crt" ca_file = "/usr/local/radius/etc/raddb/certs/ca.pem" fragment_size = 8192 include_length = yes check_crl = no ecdh_curve = "prime256v1" } realm LOCAL { } realm faf.cuni.cz { nostrip authhost = 195.113.116.7 secret = <<< secret >>> } realm faf.cuni.cz { authhost = 195.113.116.11 secret = <<< secret >>> } # realm faf.cuni.cz realm uhk.cz { nostrip authhost = 195.113.118.38 secret = <<< secret >>> } realm uhk.cz { authhost = 195.113.118.14 secret = <<< secret >>> } # realm uhk.cz realm NULL { virtual_server = auth-reject } home_server_pool cuni-tls { type = fail-over home_server = cuni-tls1 home_server = cuni-tls2 } realm uvtuk.cuni.cz { auth_pool = cuni-tls nostrip } realm ruk.cuni.cz { auth_pool = cuni-tls nostrip } realm jinonice.cuni.cz { auth_pool = cuni-tls nostrip } realm student.cuni.cz { auth_pool = cuni-tls nostrip } realm staff.cuni.cz { auth_pool = cuni-tls nostrip } realm cuni.cz { auth_pool = cuni-tls nostrip } realm ldap.cuni.cz { auth_pool = cuni-tls nostrip } realm prf.cuni.cz { auth_pool = cuni-tls nostrip } realm karlov.mff.cuni.cz { auth_pool = cuni-tls nostrip } realm ms.mff.cuni.cz { auth_pool = cuni-tls nostrip } home_server_pool cesnet-tls { type = fail-over home_server = cesnet-tls1 } realm ~.+$ { auth_pool = cesnet-tls nostrip } home_server_pool my_auth_failover { type = fail-over home_server = localhost } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client ermon.cesnet.cz { ipaddr = 195.113.233.246 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client wlc1 { ipaddr = 192.168.100.41 require_message_authenticator = no secret = <<< secret >>> shortname = "wlc1.hknet.cz" nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client wlc2 { ipaddr = 192.168.100.42 require_message_authenticator = no secret = <<< secret >>> shortname = "wlc2.hknet.cz" nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client wlc3 { ipaddr = 192.168.100.43 require_message_authenticator = no secret = <<< secret >>> shortname = "wlc3.hknet.cz" nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Debugger not attached # Creating Auth-Type = digest # Creating Auth-Type = PAP # Creating Auth-Type = CHAP # Creating Auth-Type = MS-CHAP radiusd: #### Instantiating modules #### modules { # Loaded module rlm_always # Loading module "reject" from file /usr/local/radius/etc/raddb/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Loading module "fail" from file /usr/local/radius/etc/raddb/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Loading module "ok" from file /usr/local/radius/etc/raddb/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Loading module "handled" from file /usr/local/radius/etc/raddb/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Loading module "invalid" from file /usr/local/radius/etc/raddb/mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Loading module "userlock" from file /usr/local/radius/etc/raddb/mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Loading module "notfound" from file /usr/local/radius/etc/raddb/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Loading module "noop" from file /usr/local/radius/etc/raddb/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Loading module "updated" from file /usr/local/radius/etc/raddb/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Loaded module rlm_attr_filter # Loading module "attr_filter.post-proxy" from file /usr/local/radius/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/usr/local/radius/etc/raddb/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.pre-proxy" from file /usr/local/radius/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/usr/local/radius/etc/raddb/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.access_reject" from file /usr/local/radius/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/usr/local/radius/etc/raddb/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.access_challenge" from file /usr/local/radius/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/usr/local/radius/etc/raddb/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.accounting_response" from file /usr/local/radius/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/usr/local/radius/etc/raddb/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } # Loaded module rlm_cache # Loading module "cache_eap" from file /usr/local/radius/etc/raddb/mods-enabled/cache_eap cache cache_eap { driver = "rlm_cache_rbtree" key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 0 epoch = 0 add_stats = no } # Loaded module rlm_chap # Loading module "chap" from file /usr/local/radius/etc/raddb/mods-enabled/chap # Loaded module rlm_detail # Loading module "detail" from file /usr/local/radius/etc/raddb/mods-enabled/detail detail { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "auth_log" from file /usr/local/radius/etc/raddb/mods-enabled/detail.log detail auth_log { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "reply_log" from file /usr/local/radius/etc/raddb/mods-enabled/detail.log detail reply_log { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "pre_proxy_log" from file /usr/local/radius/etc/raddb/mods-enabled/detail.log detail pre_proxy_log { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "post_proxy_log" from file /usr/local/radius/etc/raddb/mods-enabled/detail.log detail post_proxy_log { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loaded module rlm_digest # Loading module "digest" from file /usr/local/radius/etc/raddb/mods-enabled/digest # Loaded module rlm_dynamic_clients # Loading module "dynamic_clients" from file /usr/local/radius/etc/raddb/mods-enabled/dynamic_clients # Loaded module rlm_exec # Loading module "echo" from file /usr/local/radius/etc/raddb/mods-enabled/echo exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } # Loading module "exec" from file /usr/local/radius/etc/raddb/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loaded module rlm_expiration # Loading module "expiration" from file /usr/local/radius/etc/raddb/mods-enabled/expiration # Loaded module rlm_expr # Loading module "expr" from file /usr/local/radius/etc/raddb/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } # Loaded module rlm_files # Loading module "files" from file /usr/local/radius/etc/raddb/mods-enabled/files files { filename = "/usr/local/radius/etc/raddb/mods-config/files/authorize" usersfile = "/usr/local/radius/etc/raddb/mods-config/files/authorize" acctusersfile = "/usr/local/radius/etc/raddb/mods-config/files/accounting" preproxy_usersfile = "/usr/local/radius/etc/raddb/mods-config/files/pre-proxy" } # Loaded module rlm_linelog # Loading module "linelog" from file /usr/local/radius/etc/raddb/mods-enabled/linelog linelog { filename = "/var/log/radius/linelog" escape_filenames = no syslog_severity = "info" permissions = 384 format = "This is a log message for %{User-Name}" reference = "messages.%{%{Packet-Type}:-default}" } # Loading module "log_accounting" from file /usr/local/radius/etc/raddb/mods-enabled/linelog linelog log_accounting { filename = "/var/log/radius/linelog-accounting" escape_filenames = no syslog_severity = "info" permissions = 384 format = "" reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" } # Loaded module rlm_logintime # Loading module "logintime" from file /usr/local/radius/etc/raddb/mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_mschap # Loading module "mschap" from file /usr/local/radius/etc/raddb/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes winbind_retry_with_normalised_username = no } # Loading module "ntlm_auth" from file /usr/local/radius/etc/raddb/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_pap # Loading module "pap" from file /usr/local/radius/etc/raddb/mods-enabled/pap pap { normalise = yes } # Loaded module rlm_passwd # Loading module "etc_passwd" from file /usr/local/radius/etc/raddb/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } # Loaded module rlm_preprocess # Loading module "preprocess" from file /usr/local/radius/etc/raddb/mods-enabled/preprocess preprocess { huntgroups = "/usr/local/radius/etc/raddb/mods-config/preprocess/huntgroups" hints = "/usr/local/radius/etc/raddb/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } # Loaded module rlm_radutmp # Loading module "radutmp" from file /usr/local/radius/etc/raddb/mods-enabled/radutmp radutmp { filename = "/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Loaded module rlm_realm # Loading module "IPASS" from file /usr/local/radius/etc/raddb/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Loading module "suffix" from file /usr/local/radius/etc/raddb/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Loading module "realmpercent" from file /usr/local/radius/etc/raddb/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Loading module "ntdomain" from file /usr/local/radius/etc/raddb/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\" ignore_default = no ignore_null = no } # Loaded module rlm_replicate # Loading module "replicate" from file /usr/local/radius/etc/raddb/mods-enabled/replicate # Loaded module rlm_soh # Loading module "soh" from file /usr/local/radius/etc/raddb/mods-enabled/soh soh { dhcp = yes } # Loading module "sradutmp" from file /usr/local/radius/etc/raddb/mods-enabled/sradutmp radutmp sradutmp { filename = "/var/log/radius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Loaded module rlm_unix # Loading module "unix" from file /usr/local/radius/etc/raddb/mods-enabled/unix unix { radwtmp = "/var/log/radius/radwtmp" } Creating attribute Unix-Group # Loaded module rlm_unpack # Loading module "unpack" from file /usr/local/radius/etc/raddb/mods-enabled/unpack # Loaded module rlm_utf8 # Loading module "utf8" from file /usr/local/radius/etc/raddb/mods-enabled/utf8 instantiate { } # Instantiating module "reject" from file /usr/local/radius/etc/raddb/mods-enabled/always # Instantiating module "fail" from file /usr/local/radius/etc/raddb/mods-enabled/always # Instantiating module "ok" from file /usr/local/radius/etc/raddb/mods-enabled/always # Instantiating module "handled" from file /usr/local/radius/etc/raddb/mods-enabled/always # Instantiating module "invalid" from file /usr/local/radius/etc/raddb/mods-enabled/always # Instantiating module "userlock" from file /usr/local/radius/etc/raddb/mods-enabled/always # Instantiating module "notfound" from file /usr/local/radius/etc/raddb/mods-enabled/always # Instantiating module "noop" from file /usr/local/radius/etc/raddb/mods-enabled/always # Instantiating module "updated" from file /usr/local/radius/etc/raddb/mods-enabled/always # Instantiating module "attr_filter.post-proxy" from file /usr/local/radius/etc/raddb/mods-enabled/attr_filter reading pairlist file /usr/local/radius/etc/raddb/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /usr/local/radius/etc/raddb/mods-enabled/attr_filter reading pairlist file /usr/local/radius/etc/raddb/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /usr/local/radius/etc/raddb/mods-enabled/attr_filter reading pairlist file /usr/local/radius/etc/raddb/mods-config/attr_filter/access_reject # Instantiating module "attr_filter.access_challenge" from file /usr/local/radius/etc/raddb/mods-enabled/attr_filter reading pairlist file /usr/local/radius/etc/raddb/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /usr/local/radius/etc/raddb/mods-enabled/attr_filter reading pairlist file /usr/local/radius/etc/raddb/mods-config/attr_filter/accounting_response # Instantiating module "cache_eap" from file /usr/local/radius/etc/raddb/mods-enabled/cache_eap rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked # Instantiating module "detail" from file /usr/local/radius/etc/raddb/mods-enabled/detail # Instantiating module "auth_log" from file /usr/local/radius/etc/raddb/mods-enabled/detail.log rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /usr/local/radius/etc/raddb/mods-enabled/detail.log # Instantiating module "pre_proxy_log" from file /usr/local/radius/etc/raddb/mods-enabled/detail.log # Instantiating module "post_proxy_log" from file /usr/local/radius/etc/raddb/mods-enabled/detail.log # Instantiating module "expiration" from file /usr/local/radius/etc/raddb/mods-enabled/expiration # Instantiating module "files" from file /usr/local/radius/etc/raddb/mods-enabled/files reading pairlist file /usr/local/radius/etc/raddb/mods-config/files/authorize reading pairlist file /usr/local/radius/etc/raddb/mods-config/files/authorize reading pairlist file /usr/local/radius/etc/raddb/mods-config/files/accounting reading pairlist file /usr/local/radius/etc/raddb/mods-config/files/pre-proxy # Instantiating module "linelog" from file /usr/local/radius/etc/raddb/mods-enabled/linelog # Instantiating module "log_accounting" from file /usr/local/radius/etc/raddb/mods-enabled/linelog # Instantiating module "logintime" from file /usr/local/radius/etc/raddb/mods-enabled/logintime # Instantiating module "mschap" from file /usr/local/radius/etc/raddb/mods-enabled/mschap rlm_mschap (mschap): using internal authentication # Instantiating module "pap" from file /usr/local/radius/etc/raddb/mods-enabled/pap # Instantiating module "etc_passwd" from file /usr/local/radius/etc/raddb/mods-enabled/passwd rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Instantiating module "preprocess" from file /usr/local/radius/etc/raddb/mods-enabled/preprocess reading pairlist file /usr/local/radius/etc/raddb/mods-config/preprocess/huntgroups reading pairlist file /usr/local/radius/etc/raddb/mods-config/preprocess/hints # Instantiating module "IPASS" from file /usr/local/radius/etc/raddb/mods-enabled/realm # Instantiating module "suffix" from file /usr/local/radius/etc/raddb/mods-enabled/realm # Instantiating module "realmpercent" from file /usr/local/radius/etc/raddb/mods-enabled/realm # Instantiating module "ntdomain" from file /usr/local/radius/etc/raddb/mods-enabled/realm } # modules radiusd: #### Loading Virtual Servers #### server { # from file /usr/local/radius/etc/raddb/radiusd.conf } # server server default { # from file /usr/local/radius/etc/raddb/sites-enabled/hknet # Loading authenticate {...} # Loading authorize {...} # Loading preacct {...} # Loading accounting {...} # Loading post-proxy {...} # Loading post-auth {...} } # server default thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 cleanup_delay = 5 max_queue_size = 65536 auto_limit_acct = no } Thread spawned new child 1. Total threads in pool: 1 Thread spawned new child 2. Total threads in pool: 2 Thread spawned new child 3. Total threads in pool: 3 Thread spawned new child 4. Total threads in pool: 4 Thread spawned new child 5. Total threads in pool: 5 Thread pool initialized radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" virtual_server = "default" Thread 1 waiting to be assigned a request ipaddr = * port = 2083 proto = "tcp" tls { verify_depth = 0 ca_path = "/usr/local/radius/etc/raddb/certs" pem_file_type = yes private_key_file = "/usr/local/radius/etc/raddb/certs/radius2.hknet.cz.key" certificate_file = "/usr/local/radius/etc/raddb/certs/radius2.hknet.cz.crt" ca_file = "/usr/local/radius/etc/raddb/certs/ca.pem" dh_file = "/usr/local/radius/etc/raddb/certs/dh" fragment_size = 8192 include_length = yes auto_chain = yes check_crl = no check_all_crl = no cipher_list = "DEFAULT" require_client_cert = yes ecdh_curve = "prime256v1" cache { enable = no lifetime = 24 max_entries = 255 } verify { skip_if_ocsp_ok = no } ocsp { enable = no override_cert_url = no use_nonce = yes timeout = 0 softfail = no } } Thread 4 waiting to be assigned a request Thread 5 waiting to be assigned a request Thread 3 waiting to be assigned a request Thread 2 waiting to be assigned a request limit { max_connections = 32 lifetime = 0 idle_timeout = 30 } clients = "radsec" client radius1.eduroam.cuni.cz { ipaddr = 195.113.15.22 require_message_authenticator = no secret = <<< secret >>> proto = "tls" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client radius2.eduroam.cuni.cz { ipaddr = 195.113.44.19 require_message_authenticator = no secret = <<< secret >>> proto = "tls" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client radius1.eduroam.cz { ipaddr = 195.113.187.22 require_message_authenticator = no secret = <<< secret >>> proto = "tls" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } } listen { type = "auth" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipv6addr = :: port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipv6addr = :: port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Listening on auth proto tcp address * port 2083 (TLS) bound to server default Listening on auth address * port 1812 bound to server default Listening on acct address * port 1813 bound to server default Listening on auth address :: port 1812 bound to server default Listening on acct address :: port 1813 bound to server default Listening on proxy address * port 36391 Listening on proxy address :: port 50440 Ready to process requests Threads: total/active/spare threads = 5/0/5 Waking up in 0.3 seconds. Thread 5 got semaphore Thread 5 handling request 0, (1 handled so far) (0) Received Access-Request Id 0 from 127.0.0.1:42715 to 127.0.0.1:1812 length 163 (0) User-Name = "r-test-hknet@uvtuk.cuni.cz" (0) NAS-IP-Address = 127.0.0.1 (0) Calling-Station-Id = "70-6F-6C-69-73-68" (0) Framed-MTU = 1400 (0) NAS-Port-Type = Wireless-802.11 (0) Connect-Info = "rad_eap_test + eapol_test" (0) EAP-Message = 0x0200001f01722d746573742d686b6e657440757674756b2e63756e692e637a (0) Message-Authenticator = 0x19b4b73a9450fd4d6f50803bef1ba49a (0) # Executing section authorize from file /usr/local/radius/etc/raddb/sites-enabled/hknet (0) authorize { (0) policy filter_username { (0) if (!&User-Name) { (0) if (!&User-Name) -> FALSE (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@.*@/ ) { (0) if (&User-Name =~ /@.*@/ ) -> FALSE (0) if (&User-Name =~ /\\.\\./ ) { (0) if (&User-Name =~ /\\.\\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\\.$/) { (0) if (&User-Name =~ /\\.$/) -> FALSE (0) if (&User-Name =~ /@\\./) { (0) if (&User-Name =~ /@\\./) -> FALSE (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: Looking up realm "uvtuk.cuni.cz" for User-Name = "r-test-hknet@uvtuk.cuni.cz" (0) suffix: Found realm "uvtuk.cuni.cz" (0) suffix: Adding Realm = "uvtuk.cuni.cz" (0) suffix: Proxying request from user r-test-hknet@uvtuk.cuni.cz to realm uvtuk.cuni.cz (0) suffix: Preparing to proxy authentication request to realm "uvtuk.cuni.cz" (0) [suffix] = updated (0) [files] = noop (0) [expiration] = noop (0) [logintime] = noop (0) [pap] = noop (0) update request { (0) Operator-Name := "1hknet.cz" (0) } # update request = noop (0) policy operator-name.authorize { (0) if ("%{client:Operator-Name}") { (0) EXPAND %{client:Operator-Name} (0) --> (0) if ("%{client:Operator-Name}") -> FALSE (0) } # policy operator-name.authorize = updated (0) } # authorize = updated (0) Starting proxy to home server 195.113.15.22 port 2083 Trying SSL to port 2083 Requiring Server certificate (0) (other): before/connect initialization (0) TLS_connect: before/connect initialization (0) >>> send TLS 1.2 [length 00ee] (0) TLS_connect: SSLv2/v3 write client hello A (0) <<< recv TLS 1.0 Handshake [length 0051], ServerHello (0) TLS_connect: SSLv3 read server hello A (0) <<< recv TLS 1.0 Handshake [length 14b7], Certificate (0) Creating attributes from certificate OIDs (0) Creating attributes from certificate OIDs (0) Creating attributes from certificate OIDs (0) Creating attributes from certificate OIDs (0) TLS_connect: SSLv3 read server certificate A (0) <<< recv TLS 1.0 Handshake [length 4e22], CertificateRequest (0) TLS_connect: SSLv3 read server certificate request A (0) <<< recv TLS 1.0 Handshake [length 0004], ServerHelloDone (0) TLS_connect: SSLv3 read server done A (0) >>> send TLS 1.0 Handshake [length 04a8], Certificate (0) TLS_connect: SSLv3 write client certificate A (0) >>> send TLS 1.0 Handshake [length 0106], ClientKeyExchange (0) TLS_connect: SSLv3 write client key exchange A (0) >>> send TLS 1.0 Handshake [length 0106], CertificateVerify (0) TLS_connect: SSLv3 write certificate verify A (0) >>> send TLS 1.0 ChangeCipherSpec [length 0001] (0) TLS_connect: SSLv3 write change cipher spec A (0) >>> send TLS 1.0 Handshake [length 0010], Finished (0) TLS_connect: SSLv3 write finished A (0) TLS_connect: SSLv3 flush data (0) <<< recv TLS 1.0 ChangeCipherSpec [length 0001] (0) <<< recv TLS 1.0 Handshake [length 0010], Finished (0) TLS_connect: SSLv3 read finished A (0) (other): SSL negotiation finished successfully (0) Proxying request to home server 195.113.15.22 port 2083 (TLS) timeout 5.000000 (0) Sent Access-Request Id 69 from 195.113.115.166:48017 to 195.113.15.22:2083 length 183 (0) User-Name = "r-test-hknet@uvtuk.cuni.cz" (0) NAS-IP-Address = 127.0.0.1 (0) Calling-Station-Id = "70-6F-6C-69-73-68" (0) Framed-MTU = 1400 (0) NAS-Port-Type = Wireless-802.11 (0) Connect-Info = "rad_eap_test + eapol_test" (0) EAP-Message = 0x0200001f01722d746573742d686b6e657440757674756b2e63756e692e637a (0) Message-Authenticator = 0x19b4b73a9450fd4d6f50803bef1ba49a (0) Event-Timestamp = "May 23 2017 14:56:26 CEST" (0) Operator-Name := "1hknet.cz" (0) Proxy-State = 0x30 Thread 5 waiting to be assigned a request Listening on proxy (195.113.115.166, 48017) -> home_server (195.113.15.22, 2083) Waking up in 0.2 seconds. (0) Marking home server 195.113.15.22 port 2083 alive Waking up in 0.3 seconds. Thread 4 got semaphore Thread 4 handling request 0, (1 handled so far) (0) Clearing existing &reply: attributes (0) Received Access-Challenge Id 69 from 195.113.15.22:2083 to 195.113.115.166:48017 length 132 (0) User-Name = "r-test-hknet@uvtuk.cuni.cz" (0) Tunnel-Type:0 = VLAN (0) Tunnel-Medium-Type:0 = IEEE-802 (0) Tunnel-Private-Group-Id:0 = "948" (0) Cisco-AVPair = "ssid=eduroam" (0) EAP-Message = 0x010100061920 (0) Message-Authenticator = 0x4966a516125e82d2001f6ff589b7ad8a (0) State = 0x6aac2fcb6aad36ef783b4d4f7a3fb739 (0) Proxy-State = 0x30 (0) # Executing section post-proxy from file /usr/local/radius/etc/raddb/sites-enabled/hknet (0) post-proxy { (0) post_proxy_log: EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d (0) post_proxy_log: --> /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (0) post_proxy_log: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (0) post_proxy_log: EXPAND %t (0) post_proxy_log: --> Tue May 23 14:56:26 2017 (0) [post_proxy_log] = ok (0) attr_filter.post-proxy: EXPAND %{Realm} (0) attr_filter.post-proxy: --> uvtuk.cuni.cz (0) attr_filter.post-proxy: Matched entry DEFAULT at line 103 (0) attr_filter.post-proxy: Matched entry uvtuk.cuni.cz at line 146 (0) [attr_filter.post-proxy] = updated (0) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") { (0) EXPAND %{proxy-reply:Packet-Type} (0) --> Access-Challenge (0) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") -> FALSE (0) } # post-proxy = updated (0) Using Post-Auth-Type Challenge (0) Post-Auth-Type sub-section not found. Ignoring. (0) # Executing group from file /usr/local/radius/etc/raddb/sites-enabled/hknet (0) Sent Access-Challenge Id 0 from 127.0.0.1:1812 to 127.0.0.1:42715 length 0 (0) Tunnel-Type := VLAN (0) Tunnel-Medium-Type := IEEE-802 (0) EAP-Message = 0x010100061920 (0) Message-Authenticator = 0x4966a516125e82d2001f6ff589b7ad8a (0) State = 0x6aac2fcb6aad36ef783b4d4f7a3fb739 (0) Tunnel-Private-Group-Id := "34" (0) Finished request Thread 4 waiting to be assigned a request Waking up in 0.3 seconds. Thread 1 got semaphore Thread 1 handling request 1, (1 handled so far) (1) Received Access-Request Id 1 from 127.0.0.1:42715 to 127.0.0.1:1812 length 311 (1) User-Name = "r-test-hknet@uvtuk.cuni.cz" (1) NAS-IP-Address = 127.0.0.1 (1) Calling-Station-Id = "70-6F-6C-69-73-68" (1) Framed-MTU = 1400 (1) NAS-Port-Type = Wireless-802.11 (1) Connect-Info = "rad_eap_test + eapol_test" (1) EAP-Message = 0x020100a119800000009716030100920100008e03015924317a098a20e927cb3d8243ccaf6f05a84d9cebfbe8a2a839eeb8e6f11ccb00004cc014c00a0039003800880087c00fc00500350084c013c00900330032009a009900450044c00ec004002f00960041c012c00800160013c00dc003000a0007c0 (1) State = 0x6aac2fcb6aad36ef783b4d4f7a3fb739 (1) Message-Authenticator = 0x21224f5adab0e9b8fa7f66b8252058d7 (1) session-state: No cached attributes (1) # Executing section authorize from file /usr/local/radius/etc/raddb/sites-enabled/hknet (1) authorize { (1) policy filter_username { (1) if (!&User-Name) { (1) if (!&User-Name) -> FALSE (1) if (&User-Name =~ / /) { (1) if (&User-Name =~ / /) -> FALSE (1) if (&User-Name =~ /@.*@/ ) { (1) if (&User-Name =~ /@.*@/ ) -> FALSE (1) if (&User-Name =~ /\\.\\./ ) { (1) if (&User-Name =~ /\\.\\./ ) -> FALSE (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) { (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (1) if (&User-Name =~ /\\.$/) { (1) if (&User-Name =~ /\\.$/) -> FALSE (1) if (&User-Name =~ /@\\./) { (1) if (&User-Name =~ /@\\./) -> FALSE (1) } # policy filter_username = notfound (1) [preprocess] = ok (1) [chap] = noop (1) [mschap] = noop (1) [digest] = noop (1) suffix: Checking for suffix after "@" (1) suffix: Looking up realm "uvtuk.cuni.cz" for User-Name = "r-test-hknet@uvtuk.cuni.cz" (1) suffix: Found realm "uvtuk.cuni.cz" (1) suffix: Adding Realm = "uvtuk.cuni.cz" (1) suffix: Proxying request from user r-test-hknet@uvtuk.cuni.cz to realm uvtuk.cuni.cz (1) suffix: Preparing to proxy authentication request to realm "uvtuk.cuni.cz" (1) [suffix] = updated (1) [files] = noop (1) [expiration] = noop (1) [logintime] = noop (1) [pap] = noop (1) update request { (1) Operator-Name := "1hknet.cz" (1) } # update request = noop (1) policy operator-name.authorize { (1) if ("%{client:Operator-Name}") { (1) EXPAND %{client:Operator-Name} (1) --> (1) if ("%{client:Operator-Name}") -> FALSE (1) } # policy operator-name.authorize = updated (1) } # authorize = updated (1) Starting proxy to home server 195.113.15.22 port 2083 (1) Proxying request to home server 195.113.15.22 port 2083 (TLS) timeout 5.000000 (1) Sent Access-Request Id 87 from 195.113.115.166:48017 to 195.113.15.22:2083 length 331 (1) User-Name = "r-test-hknet@uvtuk.cuni.cz" (1) NAS-IP-Address = 127.0.0.1 (1) Calling-Station-Id = "70-6F-6C-69-73-68" (1) Framed-MTU = 1400 (1) NAS-Port-Type = Wireless-802.11 (1) Connect-Info = "rad_eap_test + eapol_test" (1) EAP-Message = 0x020100a119800000009716030100920100008e03015924317a098a20e927cb3d8243ccaf6f05a84d9cebfbe8a2a839eeb8e6f11ccb00004cc014c00a0039003800880087c00fc00500350084c013c00900330032009a009900450044c00ec004002f00960041c012c00800160013c00dc003000a0007c0 (1) State = 0x6aac2fcb6aad36ef783b4d4f7a3fb739 (1) Message-Authenticator = 0x21224f5adab0e9b8fa7f66b8252058d7 (1) Event-Timestamp = "May 23 2017 14:56:26 CEST" (1) Operator-Name := "1hknet.cz" (1) Proxy-State = 0x31 Thread 1 waiting to be assigned a request Waking up in 0.3 seconds. Thread 3 got semaphore Thread 3 handling request 1, (1 handled so far) (1) Clearing existing &reply: attributes (1) Received Access-Challenge Id 87 from 195.113.15.22:2083 to 195.113.115.166:48017 length 1158 (1) User-Name = "r-test-hknet@uvtuk.cuni.cz" (1) Tunnel-Type:0 = VLAN (1) Tunnel-Medium-Type:0 = IEEE-802 (1) Tunnel-Private-Group-Id:0 = "948" (1) Cisco-AVPair = "ssid=eduroam" (1) EAP-Message = 0x0102040019c0000013d016030100310200002d03015924317aa596046de12bbfbd05eb9b8daeb85782a6a157df73154bb66d271066000039000005ff01000100160301107a0b0010760010730004f2308204ee308203d6a003020102021100e56c9889fe0f71b98c1ff42e8a1de2f2300d06092a864886 (1) Message-Authenticator = 0x66a387e72fcdee7677544da4821a12b6 (1) State = 0x6aac2fcb6bae36ef783b4d4f7a3fb739 (1) Proxy-State = 0x31 (1) # Executing section post-proxy from file /usr/local/radius/etc/raddb/sites-enabled/hknet (1) post-proxy { (1) post_proxy_log: EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d (1) post_proxy_log: --> /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (1) post_proxy_log: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (1) post_proxy_log: EXPAND %t (1) post_proxy_log: --> Tue May 23 14:56:26 2017 (1) [post_proxy_log] = ok (1) attr_filter.post-proxy: EXPAND %{Realm} (1) attr_filter.post-proxy: --> uvtuk.cuni.cz (1) attr_filter.post-proxy: Matched entry DEFAULT at line 103 (1) attr_filter.post-proxy: Matched entry uvtuk.cuni.cz at line 146 (1) [attr_filter.post-proxy] = updated (1) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") { (1) EXPAND %{proxy-reply:Packet-Type} (1) --> Access-Challenge (1) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") -> FALSE (1) } # post-proxy = updated (1) Using Post-Auth-Type Challenge (1) Post-Auth-Type sub-section not found. Ignoring. (1) # Executing group from file /usr/local/radius/etc/raddb/sites-enabled/hknet (1) Sent Access-Challenge Id 1 from 127.0.0.1:1812 to 127.0.0.1:42715 length 0 (1) Tunnel-Type := VLAN (1) Tunnel-Medium-Type := IEEE-802 (1) EAP-Message = 0x0102040019c0000013d016030100310200002d03015924317aa596046de12bbfbd05eb9b8daeb85782a6a157df73154bb66d271066000039000005ff01000100160301107a0b0010760010730004f2308204ee308203d6a003020102021100e56c9889fe0f71b98c1ff42e8a1de2f2300d06092a864886 (1) Message-Authenticator = 0x66a387e72fcdee7677544da4821a12b6 (1) State = 0x6aac2fcb6bae36ef783b4d4f7a3fb739 (1) Tunnel-Private-Group-Id := "34" (1) Finished request Thread 3 waiting to be assigned a request Waking up in 0.3 seconds. Thread 2 got semaphore Thread 2 handling request 2, (1 handled so far) (2) Received Access-Request Id 2 from 127.0.0.1:42715 to 127.0.0.1:1812 length 156 (2) User-Name = "r-test-hknet@uvtuk.cuni.cz" (2) NAS-IP-Address = 127.0.0.1 (2) Calling-Station-Id = "70-6F-6C-69-73-68" (2) Framed-MTU = 1400 (2) NAS-Port-Type = Wireless-802.11 (2) Connect-Info = "rad_eap_test + eapol_test" (2) EAP-Message = 0x020200061900 (2) State = 0x6aac2fcb6bae36ef783b4d4f7a3fb739 (2) Message-Authenticator = 0xf205ee23448eb57e8a1767ac801cba1a (2) session-state: No cached attributes (2) # Executing section authorize from file /usr/local/radius/etc/raddb/sites-enabled/hknet (2) authorize { (2) policy filter_username { (2) if (!&User-Name) { (2) if (!&User-Name) -> FALSE (2) if (&User-Name =~ / /) { (2) if (&User-Name =~ / /) -> FALSE (2) if (&User-Name =~ /@.*@/ ) { (2) if (&User-Name =~ /@.*@/ ) -> FALSE (2) if (&User-Name =~ /\\.\\./ ) { (2) if (&User-Name =~ /\\.\\./ ) -> FALSE (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) { (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (2) if (&User-Name =~ /\\.$/) { (2) if (&User-Name =~ /\\.$/) -> FALSE (2) if (&User-Name =~ /@\\./) { (2) if (&User-Name =~ /@\\./) -> FALSE (2) } # policy filter_username = notfound (2) [preprocess] = ok (2) [chap] = noop (2) [mschap] = noop (2) [digest] = noop (2) suffix: Checking for suffix after "@" (2) suffix: Looking up realm "uvtuk.cuni.cz" for User-Name = "r-test-hknet@uvtuk.cuni.cz" (2) suffix: Found realm "uvtuk.cuni.cz" (2) suffix: Adding Realm = "uvtuk.cuni.cz" (2) suffix: Proxying request from user r-test-hknet@uvtuk.cuni.cz to realm uvtuk.cuni.cz (2) suffix: Preparing to proxy authentication request to realm "uvtuk.cuni.cz" (2) [suffix] = updated (2) [files] = noop (2) [expiration] = noop (2) [logintime] = noop (2) [pap] = noop (2) update request { (2) Operator-Name := "1hknet.cz" (2) } # update request = noop (2) policy operator-name.authorize { (2) if ("%{client:Operator-Name}") { (2) EXPAND %{client:Operator-Name} (2) --> (2) if ("%{client:Operator-Name}") -> FALSE (2) } # policy operator-name.authorize = updated (2) } # authorize = updated (2) Starting proxy to home server 195.113.15.22 port 2083 (2) Proxying request to home server 195.113.15.22 port 2083 (TLS) timeout 5.000000 (2) Sent Access-Request Id 206 from 195.113.115.166:48017 to 195.113.15.22:2083 length 176 (2) User-Name = "r-test-hknet@uvtuk.cuni.cz" (2) NAS-IP-Address = 127.0.0.1 (2) Calling-Station-Id = "70-6F-6C-69-73-68" (2) Framed-MTU = 1400 (2) NAS-Port-Type = Wireless-802.11 (2) Connect-Info = "rad_eap_test + eapol_test" (2) EAP-Message = 0x020200061900 (2) State = 0x6aac2fcb6bae36ef783b4d4f7a3fb739 (2) Message-Authenticator = 0xf205ee23448eb57e8a1767ac801cba1a (2) Event-Timestamp = "May 23 2017 14:56:26 CEST" (2) Operator-Name := "1hknet.cz" (2) Proxy-State = 0x32 Thread 2 waiting to be assigned a request Waking up in 0.2 seconds. Thread 5 got semaphore Thread 5 handling request 2, (2 handled so far) (2) Clearing existing &reply: attributes (2) Received Access-Challenge Id 206 from 195.113.15.22:2083 to 195.113.115.166:48017 length 1154 (2) User-Name = "r-test-hknet@uvtuk.cuni.cz" (2) Tunnel-Type:0 = VLAN (2) Tunnel-Medium-Type:0 = IEEE-802 (2) Tunnel-Private-Group-Id:0 = "948" (2) Cisco-AVPair = "ssid=eduroam" (2) EAP-Message = 0x010303fc1940637a821172616431652e72756b2e63756e692e637a82167261646975732e656475726f616d2e63756e692e637a300d06092a864886f70d01010b050003820101005a0c5f1436d88f864a653f2f5a5f134c06517d9a40975b08c32528d5d6835e5c9d89111fd5de35cfd6243a00f848e691 (2) Message-Authenticator = 0x0f1eccfdb4603212c6fa17927369e92b (2) State = 0x6aac2fcb68af36ef783b4d4f7a3fb739 (2) Proxy-State = 0x32 (2) # Executing section post-proxy from file /usr/local/radius/etc/raddb/sites-enabled/hknet (2) post-proxy { (2) post_proxy_log: EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d (2) post_proxy_log: --> /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (2) post_proxy_log: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (2) post_proxy_log: EXPAND %t (2) post_proxy_log: --> Tue May 23 14:56:26 2017 (2) [post_proxy_log] = ok (2) attr_filter.post-proxy: EXPAND %{Realm} (2) attr_filter.post-proxy: --> uvtuk.cuni.cz (2) attr_filter.post-proxy: Matched entry DEFAULT at line 103 (2) attr_filter.post-proxy: Matched entry uvtuk.cuni.cz at line 146 (2) [attr_filter.post-proxy] = updated (2) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") { (2) EXPAND %{proxy-reply:Packet-Type} (2) --> Access-Challenge (2) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") -> FALSE (2) } # post-proxy = updated (2) Using Post-Auth-Type Challenge (2) Post-Auth-Type sub-section not found. Ignoring. (2) # Executing group from file /usr/local/radius/etc/raddb/sites-enabled/hknet (2) Sent Access-Challenge Id 2 from 127.0.0.1:1812 to 127.0.0.1:42715 length 0 (2) Tunnel-Type := VLAN (2) Tunnel-Medium-Type := IEEE-802 (2) EAP-Message = 0x010303fc1940637a821172616431652e72756b2e63756e692e637a82167261646975732e656475726f616d2e63756e692e637a300d06092a864886f70d01010b050003820101005a0c5f1436d88f864a653f2f5a5f134c06517d9a40975b08c32528d5d6835e5c9d89111fd5de35cfd6243a00f848e691 (2) Message-Authenticator = 0x0f1eccfdb4603212c6fa17927369e92b (2) State = 0x6aac2fcb68af36ef783b4d4f7a3fb739 (2) Tunnel-Private-Group-Id := "34" (2) Finished request Thread 5 waiting to be assigned a request Waking up in 0.2 seconds. Thread 4 got semaphore Thread 4 handling request 3, (2 handled so far) (3) Received Access-Request Id 3 from 127.0.0.1:42715 to 127.0.0.1:1812 length 156 (3) User-Name = "r-test-hknet@uvtuk.cuni.cz" (3) NAS-IP-Address = 127.0.0.1 (3) Calling-Station-Id = "70-6F-6C-69-73-68" (3) Framed-MTU = 1400 (3) NAS-Port-Type = Wireless-802.11 (3) Connect-Info = "rad_eap_test + eapol_test" (3) EAP-Message = 0x020300061900 (3) State = 0x6aac2fcb68af36ef783b4d4f7a3fb739 (3) Message-Authenticator = 0x93d600c2306d52b1d1a67bbf6bf94f59 (3) session-state: No cached attributes (3) # Executing section authorize from file /usr/local/radius/etc/raddb/sites-enabled/hknet (3) authorize { (3) policy filter_username { (3) if (!&User-Name) { (3) if (!&User-Name) -> FALSE (3) if (&User-Name =~ / /) { (3) if (&User-Name =~ / /) -> FALSE (3) if (&User-Name =~ /@.*@/ ) { (3) if (&User-Name =~ /@.*@/ ) -> FALSE (3) if (&User-Name =~ /\\.\\./ ) { (3) if (&User-Name =~ /\\.\\./ ) -> FALSE (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) { (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (3) if (&User-Name =~ /\\.$/) { (3) if (&User-Name =~ /\\.$/) -> FALSE (3) if (&User-Name =~ /@\\./) { (3) if (&User-Name =~ /@\\./) -> FALSE (3) } # policy filter_username = notfound (3) [preprocess] = ok (3) [chap] = noop (3) [mschap] = noop (3) [digest] = noop (3) suffix: Checking for suffix after "@" (3) suffix: Looking up realm "uvtuk.cuni.cz" for User-Name = "r-test-hknet@uvtuk.cuni.cz" (3) suffix: Found realm "uvtuk.cuni.cz" (3) suffix: Adding Realm = "uvtuk.cuni.cz" (3) suffix: Proxying request from user r-test-hknet@uvtuk.cuni.cz to realm uvtuk.cuni.cz (3) suffix: Preparing to proxy authentication request to realm "uvtuk.cuni.cz" (3) [suffix] = updated (3) [files] = noop (3) [expiration] = noop (3) [logintime] = noop (3) [pap] = noop (3) update request { (3) Operator-Name := "1hknet.cz" (3) } # update request = noop (3) policy operator-name.authorize { (3) if ("%{client:Operator-Name}") { (3) EXPAND %{client:Operator-Name} (3) --> (3) if ("%{client:Operator-Name}") -> FALSE (3) } # policy operator-name.authorize = updated (3) } # authorize = updated (3) Starting proxy to home server 195.113.15.22 port 2083 (3) Proxying request to home server 195.113.15.22 port 2083 (TLS) timeout 5.000000 (3) Sent Access-Request Id 174 from 195.113.115.166:48017 to 195.113.15.22:2083 length 176 (3) User-Name = "r-test-hknet@uvtuk.cuni.cz" (3) NAS-IP-Address = 127.0.0.1 (3) Calling-Station-Id = "70-6F-6C-69-73-68" (3) Framed-MTU = 1400 (3) NAS-Port-Type = Wireless-802.11 (3) Connect-Info = "rad_eap_test + eapol_test" (3) EAP-Message = 0x020300061900 (3) State = 0x6aac2fcb68af36ef783b4d4f7a3fb739 (3) Message-Authenticator = 0x93d600c2306d52b1d1a67bbf6bf94f59 (3) Event-Timestamp = "May 23 2017 14:56:26 CEST" (3) Operator-Name := "1hknet.cz" (3) Proxy-State = 0x33 Thread 4 waiting to be assigned a request Waking up in 0.2 seconds. Thread 1 got semaphore Thread 1 handling request 3, (2 handled so far) (3) Clearing existing &reply: attributes (3) Received Access-Challenge Id 174 from 195.113.15.22:2083 to 195.113.115.166:48017 length 1154 (3) User-Name = "r-test-hknet@uvtuk.cuni.cz" (3) Tunnel-Type:0 = VLAN (3) Tunnel-Medium-Type:0 = IEEE-802 (3) Tunnel-Private-Group-Id:0 = "948" (3) Cisco-AVPair = "ssid=eduroam" (3) EAP-Message = 0x010403fc1940551d0f0101ff04040302018630120603551d130101ff040830060101ff020100301d0603551d250416301406082b0601050507030106082b06010505070302302c0603551d2004253023300d060b2b06010401b2310102021d3008060667810c0102013008060667810c01020230500603 (3) Message-Authenticator = 0x8f5a4b3e805bc2d1ca7fb6b296ae746d (3) State = 0x6aac2fcb69a836ef783b4d4f7a3fb739 (3) Proxy-State = 0x33 (3) # Executing section post-proxy from file /usr/local/radius/etc/raddb/sites-enabled/hknet (3) post-proxy { (3) post_proxy_log: EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d (3) post_proxy_log: --> /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (3) post_proxy_log: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (3) post_proxy_log: EXPAND %t (3) post_proxy_log: --> Tue May 23 14:56:26 2017 (3) [post_proxy_log] = ok (3) attr_filter.post-proxy: EXPAND %{Realm} (3) attr_filter.post-proxy: --> uvtuk.cuni.cz (3) attr_filter.post-proxy: Matched entry DEFAULT at line 103 (3) attr_filter.post-proxy: Matched entry uvtuk.cuni.cz at line 146 (3) [attr_filter.post-proxy] = updated (3) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") { (3) EXPAND %{proxy-reply:Packet-Type} (3) --> Access-Challenge (3) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") -> FALSE (3) } # post-proxy = updated (3) Using Post-Auth-Type Challenge (3) Post-Auth-Type sub-section not found. Ignoring. (3) # Executing group from file /usr/local/radius/etc/raddb/sites-enabled/hknet (3) Sent Access-Challenge Id 3 from 127.0.0.1:1812 to 127.0.0.1:42715 length 0 (3) Tunnel-Type := VLAN (3) Tunnel-Medium-Type := IEEE-802 (3) EAP-Message = 0x010403fc1940551d0f0101ff04040302018630120603551d130101ff040830060101ff020100301d0603551d250416301406082b0601050507030106082b06010505070302302c0603551d2004253023300d060b2b06010401b2310102021d3008060667810c0102013008060667810c01020230500603 (3) Message-Authenticator = 0x8f5a4b3e805bc2d1ca7fb6b296ae746d (3) State = 0x6aac2fcb69a836ef783b4d4f7a3fb739 (3) Tunnel-Private-Group-Id := "34" (3) Finished request Thread 1 waiting to be assigned a request Waking up in 0.2 seconds. Thread 3 got semaphore Thread 3 handling request 4, (2 handled so far) (4) Received Access-Request Id 4 from 127.0.0.1:42715 to 127.0.0.1:1812 length 156 (4) User-Name = "r-test-hknet@uvtuk.cuni.cz" (4) NAS-IP-Address = 127.0.0.1 (4) Calling-Station-Id = "70-6F-6C-69-73-68" (4) Framed-MTU = 1400 (4) NAS-Port-Type = Wireless-802.11 (4) Connect-Info = "rad_eap_test + eapol_test" (4) EAP-Message = 0x020400061900 (4) State = 0x6aac2fcb69a836ef783b4d4f7a3fb739 (4) Message-Authenticator = 0x8dd7683a9da9434e06a78a364528a046 (4) session-state: No cached attributes (4) # Executing section authorize from file /usr/local/radius/etc/raddb/sites-enabled/hknet (4) authorize { (4) policy filter_username { (4) if (!&User-Name) { (4) if (!&User-Name) -> FALSE (4) if (&User-Name =~ / /) { (4) if (&User-Name =~ / /) -> FALSE (4) if (&User-Name =~ /@.*@/ ) { (4) if (&User-Name =~ /@.*@/ ) -> FALSE (4) if (&User-Name =~ /\\.\\./ ) { (4) if (&User-Name =~ /\\.\\./ ) -> FALSE (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) { (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (4) if (&User-Name =~ /\\.$/) { (4) if (&User-Name =~ /\\.$/) -> FALSE (4) if (&User-Name =~ /@\\./) { (4) if (&User-Name =~ /@\\./) -> FALSE (4) } # policy filter_username = notfound (4) [preprocess] = ok (4) [chap] = noop (4) [mschap] = noop (4) [digest] = noop (4) suffix: Checking for suffix after "@" (4) suffix: Looking up realm "uvtuk.cuni.cz" for User-Name = "r-test-hknet@uvtuk.cuni.cz" (4) suffix: Found realm "uvtuk.cuni.cz" (4) suffix: Adding Realm = "uvtuk.cuni.cz" (4) suffix: Proxying request from user r-test-hknet@uvtuk.cuni.cz to realm uvtuk.cuni.cz (4) suffix: Preparing to proxy authentication request to realm "uvtuk.cuni.cz" (4) [suffix] = updated (4) [files] = noop (4) [expiration] = noop (4) [logintime] = noop (4) [pap] = noop (4) update request { (4) Operator-Name := "1hknet.cz" (4) } # update request = noop (4) policy operator-name.authorize { (4) if ("%{client:Operator-Name}") { (4) EXPAND %{client:Operator-Name} (4) --> (4) if ("%{client:Operator-Name}") -> FALSE (4) } # policy operator-name.authorize = updated (4) } # authorize = updated (4) Starting proxy to home server 195.113.15.22 port 2083 (4) Proxying request to home server 195.113.15.22 port 2083 (TLS) timeout 5.000000 (4) Sent Access-Request Id 100 from 195.113.115.166:48017 to 195.113.15.22:2083 length 176 (4) User-Name = "r-test-hknet@uvtuk.cuni.cz" (4) NAS-IP-Address = 127.0.0.1 (4) Calling-Station-Id = "70-6F-6C-69-73-68" (4) Framed-MTU = 1400 (4) NAS-Port-Type = Wireless-802.11 (4) Connect-Info = "rad_eap_test + eapol_test" (4) EAP-Message = 0x020400061900 (4) State = 0x6aac2fcb69a836ef783b4d4f7a3fb739 (4) Message-Authenticator = 0x8dd7683a9da9434e06a78a364528a046 (4) Event-Timestamp = "May 23 2017 14:56:26 CEST" (4) Operator-Name := "1hknet.cz" (4) Proxy-State = 0x34 Thread 3 waiting to be assigned a request Waking up in 0.2 seconds. Thread 2 got semaphore Thread 2 handling request 4, (2 handled so far) (4) Clearing existing &reply: attributes (4) Received Access-Challenge Id 100 from 195.113.15.22:2083 to 195.113.115.166:48017 length 1154 (4) User-Name = "r-test-hknet@uvtuk.cuni.cz" (4) Tunnel-Type:0 = VLAN (4) Tunnel-Medium-Type:0 = IEEE-802 (4) Tunnel-Private-Group-Id:0 = "948" (4) Cisco-AVPair = "ssid=eduroam" (4) EAP-Message = 0x010503fc1940303130343833385a170d3230303533303130343833385a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f72 (4) Message-Authenticator = 0x1d90d410481460e6ce55afe9c7ad716f (4) State = 0x6aac2fcb6ea936ef783b4d4f7a3fb739 (4) Proxy-State = 0x34 (4) # Executing section post-proxy from file /usr/local/radius/etc/raddb/sites-enabled/hknet (4) post-proxy { (4) post_proxy_log: EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d (4) post_proxy_log: --> /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (4) post_proxy_log: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (4) post_proxy_log: EXPAND %t (4) post_proxy_log: --> Tue May 23 14:56:26 2017 (4) [post_proxy_log] = ok (4) attr_filter.post-proxy: EXPAND %{Realm} (4) attr_filter.post-proxy: --> uvtuk.cuni.cz (4) attr_filter.post-proxy: Matched entry DEFAULT at line 103 (4) attr_filter.post-proxy: Matched entry uvtuk.cuni.cz at line 146 (4) [attr_filter.post-proxy] = updated (4) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") { (4) EXPAND %{proxy-reply:Packet-Type} (4) --> Access-Challenge (4) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") -> FALSE (4) } # post-proxy = updated (4) Using Post-Auth-Type Challenge (4) Post-Auth-Type sub-section not found. Ignoring. (4) # Executing group from file /usr/local/radius/etc/raddb/sites-enabled/hknet (4) Sent Access-Challenge Id 4 from 127.0.0.1:1812 to 127.0.0.1:42715 length 0 (4) Tunnel-Type := VLAN (4) Tunnel-Medium-Type := IEEE-802 (4) EAP-Message = 0x010503fc1940303130343833385a170d3230303533303130343833385a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f72 (4) Message-Authenticator = 0x1d90d410481460e6ce55afe9c7ad716f (4) State = 0x6aac2fcb6ea936ef783b4d4f7a3fb739 (4) Tunnel-Private-Group-Id := "34" (4) Finished request Thread 2 waiting to be assigned a request Waking up in 0.2 seconds. Thread 5 got semaphore Thread 5 handling request 5, (3 handled so far) (5) Received Access-Request Id 5 from 127.0.0.1:42715 to 127.0.0.1:1812 length 156 (5) User-Name = "r-test-hknet@uvtuk.cuni.cz" (5) NAS-IP-Address = 127.0.0.1 (5) Calling-Station-Id = "70-6F-6C-69-73-68" (5) Framed-MTU = 1400 (5) NAS-Port-Type = Wireless-802.11 (5) Connect-Info = "rad_eap_test + eapol_test" (5) EAP-Message = 0x020500061900 (5) State = 0x6aac2fcb6ea936ef783b4d4f7a3fb739 (5) Message-Authenticator = 0x5484c6debcc7df9b4b5d6cf32db198c4 (5) session-state: No cached attributes (5) # Executing section authorize from file /usr/local/radius/etc/raddb/sites-enabled/hknet (5) authorize { (5) policy filter_username { (5) if (!&User-Name) { (5) if (!&User-Name) -> FALSE (5) if (&User-Name =~ / /) { (5) if (&User-Name =~ / /) -> FALSE (5) if (&User-Name =~ /@.*@/ ) { (5) if (&User-Name =~ /@.*@/ ) -> FALSE (5) if (&User-Name =~ /\\.\\./ ) { (5) if (&User-Name =~ /\\.\\./ ) -> FALSE (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) { (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (5) if (&User-Name =~ /\\.$/) { (5) if (&User-Name =~ /\\.$/) -> FALSE (5) if (&User-Name =~ /@\\./) { (5) if (&User-Name =~ /@\\./) -> FALSE (5) } # policy filter_username = notfound (5) [preprocess] = ok (5) [chap] = noop (5) [mschap] = noop (5) [digest] = noop (5) suffix: Checking for suffix after "@" (5) suffix: Looking up realm "uvtuk.cuni.cz" for User-Name = "r-test-hknet@uvtuk.cuni.cz" (5) suffix: Found realm "uvtuk.cuni.cz" (5) suffix: Adding Realm = "uvtuk.cuni.cz" (5) suffix: Proxying request from user r-test-hknet@uvtuk.cuni.cz to realm uvtuk.cuni.cz (5) suffix: Preparing to proxy authentication request to realm "uvtuk.cuni.cz" (5) [suffix] = updated (5) [files] = noop (5) [expiration] = noop (5) [logintime] = noop (5) [pap] = noop (5) update request { (5) Operator-Name := "1hknet.cz" (5) } # update request = noop (5) policy operator-name.authorize { (5) if ("%{client:Operator-Name}") { (5) EXPAND %{client:Operator-Name} (5) --> (5) if ("%{client:Operator-Name}") -> FALSE (5) } # policy operator-name.authorize = updated (5) } # authorize = updated (5) Starting proxy to home server 195.113.15.22 port 2083 (5) Proxying request to home server 195.113.15.22 port 2083 (TLS) timeout 5.000000 (5) Sent Access-Request Id 224 from 195.113.115.166:48017 to 195.113.15.22:2083 length 176 (5) User-Name = "r-test-hknet@uvtuk.cuni.cz" (5) NAS-IP-Address = 127.0.0.1 (5) Calling-Station-Id = "70-6F-6C-69-73-68" (5) Framed-MTU = 1400 (5) NAS-Port-Type = Wireless-802.11 (5) Connect-Info = "rad_eap_test + eapol_test" (5) EAP-Message = 0x020500061900 (5) State = 0x6aac2fcb6ea936ef783b4d4f7a3fb739 (5) Message-Authenticator = 0x5484c6debcc7df9b4b5d6cf32db198c4 (5) Event-Timestamp = "May 23 2017 14:56:26 CEST" (5) Operator-Name := "1hknet.cz" (5) Proxy-State = 0x35 Thread 5 waiting to be assigned a request Waking up in 0.2 seconds. Thread 4 got semaphore Thread 4 handling request 5, (3 handled so far) (5) Clearing existing &reply: attributes (5) Received Access-Challenge Id 224 from 195.113.15.22:2083 to 195.113.115.166:48017 length 1154 (5) User-Name = "r-test-hknet@uvtuk.cuni.cz" (5) Tunnel-Type:0 = VLAN (5) Tunnel-Medium-Type:0 = IEEE-802 (5) Tunnel-Private-Group-Id:0 = "948" (5) Cisco-AVPair = "ssid=eduroam" (5) EAP-Message = 0x010603fc194060c829120ef0ad03d609c476dfe5a68195a746da8257a99592c5b68f03226c3377c17b32176e07ce5a14413a05241bf614063ba825240ebbcc2a75ddb970413f7cd0633621071f46ff60a491e167bcde1f7e1914c9636791ea67076bb48f8bc06e437dc3a1806cb21ebc53857ddc90a1a4 (5) Message-Authenticator = 0xd70685632d19ad2adbbb296616642f79 (5) State = 0x6aac2fcb6faa36ef783b4d4f7a3fb739 (5) Proxy-State = 0x35 (5) # Executing section post-proxy from file /usr/local/radius/etc/raddb/sites-enabled/hknet (5) post-proxy { (5) post_proxy_log: EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d (5) post_proxy_log: --> /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (5) post_proxy_log: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (5) post_proxy_log: EXPAND %t (5) post_proxy_log: --> Tue May 23 14:56:26 2017 (5) [post_proxy_log] = ok (5) attr_filter.post-proxy: EXPAND %{Realm} (5) attr_filter.post-proxy: --> uvtuk.cuni.cz (5) attr_filter.post-proxy: Matched entry DEFAULT at line 103 (5) attr_filter.post-proxy: Matched entry uvtuk.cuni.cz at line 146 (5) [attr_filter.post-proxy] = updated (5) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") { (5) EXPAND %{proxy-reply:Packet-Type} (5) --> Access-Challenge (5) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") -> FALSE (5) } # post-proxy = updated (5) Using Post-Auth-Type Challenge (5) Post-Auth-Type sub-section not found. Ignoring. (5) # Executing group from file /usr/local/radius/etc/raddb/sites-enabled/hknet (5) Sent Access-Challenge Id 5 from 127.0.0.1:1812 to 127.0.0.1:42715 length 0 (5) Tunnel-Type := VLAN (5) Tunnel-Medium-Type := IEEE-802 (5) EAP-Message = 0x010603fc194060c829120ef0ad03d609c476dfe5a68195a746da8257a99592c5b68f03226c3377c17b32176e07ce5a14413a05241bf614063ba825240ebbcc2a75ddb970413f7cd0633621071f46ff60a491e167bcde1f7e1914c9636791ea67076bb48f8bc06e437dc3a1806cb21ebc53857ddc90a1a4 (5) Message-Authenticator = 0xd70685632d19ad2adbbb296616642f79 (5) State = 0x6aac2fcb6faa36ef783b4d4f7a3fb739 (5) Tunnel-Private-Group-Id := "34" (5) Finished request Thread 4 waiting to be assigned a request Waking up in 0.2 seconds. Thread 1 got semaphore Thread 1 handling request 6, (3 handled so far) (6) Received Access-Request Id 6 from 127.0.0.1:42715 to 127.0.0.1:1812 length 156 (6) User-Name = "r-test-hknet@uvtuk.cuni.cz" (6) NAS-IP-Address = 127.0.0.1 (6) Calling-Station-Id = "70-6F-6C-69-73-68" (6) Framed-MTU = 1400 (6) NAS-Port-Type = Wireless-802.11 (6) Connect-Info = "rad_eap_test + eapol_test" (6) EAP-Message = 0x020600061900 (6) State = 0x6aac2fcb6faa36ef783b4d4f7a3fb739 (6) Message-Authenticator = 0x1ccce4b8e1394a11a5057770cc6991d4 (6) session-state: No cached attributes (6) # Executing section authorize from file /usr/local/radius/etc/raddb/sites-enabled/hknet (6) authorize { (6) policy filter_username { (6) if (!&User-Name) { (6) if (!&User-Name) -> FALSE (6) if (&User-Name =~ / /) { (6) if (&User-Name =~ / /) -> FALSE (6) if (&User-Name =~ /@.*@/ ) { (6) if (&User-Name =~ /@.*@/ ) -> FALSE (6) if (&User-Name =~ /\\.\\./ ) { (6) if (&User-Name =~ /\\.\\./ ) -> FALSE (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) { (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (6) if (&User-Name =~ /\\.$/) { (6) if (&User-Name =~ /\\.$/) -> FALSE (6) if (&User-Name =~ /@\\./) { (6) if (&User-Name =~ /@\\./) -> FALSE (6) } # policy filter_username = notfound (6) [preprocess] = ok (6) [chap] = noop (6) [mschap] = noop (6) [digest] = noop (6) suffix: Checking for suffix after "@" (6) suffix: Looking up realm "uvtuk.cuni.cz" for User-Name = "r-test-hknet@uvtuk.cuni.cz" (6) suffix: Found realm "uvtuk.cuni.cz" (6) suffix: Adding Realm = "uvtuk.cuni.cz" (6) suffix: Proxying request from user r-test-hknet@uvtuk.cuni.cz to realm uvtuk.cuni.cz (6) suffix: Preparing to proxy authentication request to realm "uvtuk.cuni.cz" (6) [suffix] = updated (6) [files] = noop (6) [expiration] = noop (6) [logintime] = noop (6) [pap] = noop (6) update request { (6) Operator-Name := "1hknet.cz" (6) } # update request = noop (6) policy operator-name.authorize { (6) if ("%{client:Operator-Name}") { (6) EXPAND %{client:Operator-Name} (6) --> (6) if ("%{client:Operator-Name}") -> FALSE (6) } # policy operator-name.authorize = updated (6) } # authorize = updated (6) Starting proxy to home server 195.113.15.22 port 2083 (6) Proxying request to home server 195.113.15.22 port 2083 (TLS) timeout 5.000000 (6) Sent Access-Request Id 150 from 195.113.115.166:48017 to 195.113.15.22:2083 length 176 (6) User-Name = "r-test-hknet@uvtuk.cuni.cz" (6) NAS-IP-Address = 127.0.0.1 (6) Calling-Station-Id = "70-6F-6C-69-73-68" (6) Framed-MTU = 1400 (6) NAS-Port-Type = Wireless-802.11 (6) Connect-Info = "rad_eap_test + eapol_test" (6) EAP-Message = 0x020600061900 (6) State = 0x6aac2fcb6faa36ef783b4d4f7a3fb739 (6) Message-Authenticator = 0x1ccce4b8e1394a11a5057770cc6991d4 (6) Event-Timestamp = "May 23 2017 14:56:26 CEST" (6) Operator-Name := "1hknet.cz" (6) Proxy-State = 0x36 Thread 1 waiting to be assigned a request Waking up in 0.2 seconds. Thread 3 got semaphore Thread 3 handling request 6, (3 handled so far) (6) Clearing existing &reply: attributes (6) Received Access-Challenge Id 150 from 195.113.15.22:2083 to 195.113.115.166:48017 length 134 (6) User-Name = "r-test-hknet@uvtuk.cuni.cz" (6) Tunnel-Type:0 = VLAN (6) Tunnel-Medium-Type:0 = IEEE-802 (6) Tunnel-Private-Group-Id:0 = "948" (6) Cisco-AVPair = "ssid=eduroam" (6) EAP-Message = 0x0107000819000000 (6) Message-Authenticator = 0x7b57d43dbf2a0bb60b6348d762d43dc3 (6) State = 0x6aac2fcb6cab36ef783b4d4f7a3fb739 (6) Proxy-State = 0x36 (6) # Executing section post-proxy from file /usr/local/radius/etc/raddb/sites-enabled/hknet (6) post-proxy { (6) post_proxy_log: EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d (6) post_proxy_log: --> /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (6) post_proxy_log: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (6) post_proxy_log: EXPAND %t (6) post_proxy_log: --> Tue May 23 14:56:26 2017 (6) [post_proxy_log] = ok (6) attr_filter.post-proxy: EXPAND %{Realm} (6) attr_filter.post-proxy: --> uvtuk.cuni.cz (6) attr_filter.post-proxy: Matched entry DEFAULT at line 103 (6) attr_filter.post-proxy: Matched entry uvtuk.cuni.cz at line 146 (6) [attr_filter.post-proxy] = updated (6) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") { (6) EXPAND %{proxy-reply:Packet-Type} (6) --> Access-Challenge (6) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") -> FALSE (6) } # post-proxy = updated (6) Using Post-Auth-Type Challenge (6) Post-Auth-Type sub-section not found. Ignoring. (6) # Executing group from file /usr/local/radius/etc/raddb/sites-enabled/hknet (6) Sent Access-Challenge Id 6 from 127.0.0.1:1812 to 127.0.0.1:42715 length 0 (6) Tunnel-Type := VLAN (6) Tunnel-Medium-Type := IEEE-802 (6) EAP-Message = 0x0107000819000000 (6) Message-Authenticator = 0x7b57d43dbf2a0bb60b6348d762d43dc3 (6) State = 0x6aac2fcb6cab36ef783b4d4f7a3fb739 (6) Tunnel-Private-Group-Id := "34" (6) Finished request Thread 3 waiting to be assigned a request Waking up in 0.2 seconds. Thread 2 got semaphore Thread 2 handling request 7, (3 handled so far) (7) Received Access-Request Id 7 from 127.0.0.1:42715 to 127.0.0.1:1812 length 488 (7) User-Name = "r-test-hknet@uvtuk.cuni.cz" (7) NAS-IP-Address = 127.0.0.1 (7) Calling-Station-Id = "70-6F-6C-69-73-68" (7) Framed-MTU = 1400 (7) NAS-Port-Type = Wireless-802.11 (7) Connect-Info = "rad_eap_test + eapol_test" (7) EAP-Message = 0x0207015019800000014616030101061000010201002e410127f877df7466348774c6093dfdd7d6336b22e5a0f739cf7149cbb47fe7cbb174ddc568d542fb9b0da9cc178eef62c9b7a7544c39fe59847b7083a25490e15df67522cafdeb2ae4b7420f04c134ab4012104e47231aa67b798ee362db7ddc30 (7) State = 0x6aac2fcb6cab36ef783b4d4f7a3fb739 (7) Message-Authenticator = 0x4ca9833c2e38ac79873e84a07f45c4dd (7) session-state: No cached attributes (7) # Executing section authorize from file /usr/local/radius/etc/raddb/sites-enabled/hknet (7) authorize { (7) policy filter_username { (7) if (!&User-Name) { (7) if (!&User-Name) -> FALSE (7) if (&User-Name =~ / /) { (7) if (&User-Name =~ / /) -> FALSE (7) if (&User-Name =~ /@.*@/ ) { (7) if (&User-Name =~ /@.*@/ ) -> FALSE (7) if (&User-Name =~ /\\.\\./ ) { (7) if (&User-Name =~ /\\.\\./ ) -> FALSE (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) { (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (7) if (&User-Name =~ /\\.$/) { (7) if (&User-Name =~ /\\.$/) -> FALSE (7) if (&User-Name =~ /@\\./) { (7) if (&User-Name =~ /@\\./) -> FALSE (7) } # policy filter_username = notfound (7) [preprocess] = ok (7) [chap] = noop (7) [mschap] = noop (7) [digest] = noop (7) suffix: Checking for suffix after "@" (7) suffix: Looking up realm "uvtuk.cuni.cz" for User-Name = "r-test-hknet@uvtuk.cuni.cz" (7) suffix: Found realm "uvtuk.cuni.cz" (7) suffix: Adding Realm = "uvtuk.cuni.cz" (7) suffix: Proxying request from user r-test-hknet@uvtuk.cuni.cz to realm uvtuk.cuni.cz (7) suffix: Preparing to proxy authentication request to realm "uvtuk.cuni.cz" (7) [suffix] = updated (7) [files] = noop (7) [expiration] = noop (7) [logintime] = noop (7) [pap] = noop (7) update request { (7) Operator-Name := "1hknet.cz" (7) } # update request = noop (7) policy operator-name.authorize { (7) if ("%{client:Operator-Name}") { (7) EXPAND %{client:Operator-Name} (7) --> (7) if ("%{client:Operator-Name}") -> FALSE (7) } # policy operator-name.authorize = updated (7) } # authorize = updated (7) Starting proxy to home server 195.113.15.22 port 2083 (7) Proxying request to home server 195.113.15.22 port 2083 (TLS) timeout 5.000000 (7) Sent Access-Request Id 179 from 195.113.115.166:48017 to 195.113.15.22:2083 length 508 (7) User-Name = "r-test-hknet@uvtuk.cuni.cz" (7) NAS-IP-Address = 127.0.0.1 (7) Calling-Station-Id = "70-6F-6C-69-73-68" (7) Framed-MTU = 1400 (7) NAS-Port-Type = Wireless-802.11 (7) Connect-Info = "rad_eap_test + eapol_test" (7) EAP-Message = 0x0207015019800000014616030101061000010201002e410127f877df7466348774c6093dfdd7d6336b22e5a0f739cf7149cbb47fe7cbb174ddc568d542fb9b0da9cc178eef62c9b7a7544c39fe59847b7083a25490e15df67522cafdeb2ae4b7420f04c134ab4012104e47231aa67b798ee362db7ddc30 (7) State = 0x6aac2fcb6cab36ef783b4d4f7a3fb739 (7) Message-Authenticator = 0x4ca9833c2e38ac79873e84a07f45c4dd (7) Event-Timestamp = "May 23 2017 14:56:27 CEST" (7) Operator-Name := "1hknet.cz" (7) Proxy-State = 0x37 Thread 2 waiting to be assigned a request Waking up in 0.2 seconds. Thread 5 got semaphore Thread 5 handling request 7, (4 handled so far) (7) Clearing existing &reply: attributes (7) Received Access-Challenge Id 179 from 195.113.15.22:2083 to 195.113.115.166:48017 length 191 (7) User-Name = "r-test-hknet@uvtuk.cuni.cz" (7) Tunnel-Type:0 = VLAN (7) Tunnel-Medium-Type:0 = IEEE-802 (7) Tunnel-Private-Group-Id:0 = "948" (7) Cisco-AVPair = "ssid=eduroam" (7) EAP-Message = 0x0108004119001403010001011603010030025ec1ec22889351645031930e93691c9327e50078b50875a71be787d68b8b6130a8f4e09ec06666359ee77a357d3b64 (7) Message-Authenticator = 0xf76be8b453985ee1605040572a533281 (7) State = 0x6aac2fcb6da436ef783b4d4f7a3fb739 (7) Proxy-State = 0x37 (7) # Executing section post-proxy from file /usr/local/radius/etc/raddb/sites-enabled/hknet (7) post-proxy { (7) post_proxy_log: EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d (7) post_proxy_log: --> /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (7) post_proxy_log: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (7) post_proxy_log: EXPAND %t (7) post_proxy_log: --> Tue May 23 14:56:27 2017 (7) [post_proxy_log] = ok (7) attr_filter.post-proxy: EXPAND %{Realm} (7) attr_filter.post-proxy: --> uvtuk.cuni.cz (7) attr_filter.post-proxy: Matched entry DEFAULT at line 103 (7) attr_filter.post-proxy: Matched entry uvtuk.cuni.cz at line 146 (7) [attr_filter.post-proxy] = updated (7) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") { (7) EXPAND %{proxy-reply:Packet-Type} (7) --> Access-Challenge (7) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") -> FALSE (7) } # post-proxy = updated (7) Using Post-Auth-Type Challenge (7) Post-Auth-Type sub-section not found. Ignoring. (7) # Executing group from file /usr/local/radius/etc/raddb/sites-enabled/hknet (7) Sent Access-Challenge Id 7 from 127.0.0.1:1812 to 127.0.0.1:42715 length 0 (7) Tunnel-Type := VLAN (7) Tunnel-Medium-Type := IEEE-802 (7) EAP-Message = 0x0108004119001403010001011603010030025ec1ec22889351645031930e93691c9327e50078b50875a71be787d68b8b6130a8f4e09ec06666359ee77a357d3b64 (7) Message-Authenticator = 0xf76be8b453985ee1605040572a533281 (7) State = 0x6aac2fcb6da436ef783b4d4f7a3fb739 (7) Tunnel-Private-Group-Id := "34" (7) Finished request Thread 5 waiting to be assigned a request Waking up in 0.2 seconds. Thread 4 got semaphore Thread 4 handling request 8, (4 handled so far) (8) Received Access-Request Id 8 from 127.0.0.1:42715 to 127.0.0.1:1812 length 156 (8) User-Name = "r-test-hknet@uvtuk.cuni.cz" (8) NAS-IP-Address = 127.0.0.1 (8) Calling-Station-Id = "70-6F-6C-69-73-68" (8) Framed-MTU = 1400 (8) NAS-Port-Type = Wireless-802.11 (8) Connect-Info = "rad_eap_test + eapol_test" (8) EAP-Message = 0x020800061900 (8) State = 0x6aac2fcb6da436ef783b4d4f7a3fb739 (8) Message-Authenticator = 0x6e032cef8b3e1ce410ddb284b9b5d614 (8) session-state: No cached attributes (8) # Executing section authorize from file /usr/local/radius/etc/raddb/sites-enabled/hknet (8) authorize { (8) policy filter_username { (8) if (!&User-Name) { (8) if (!&User-Name) -> FALSE (8) if (&User-Name =~ / /) { (8) if (&User-Name =~ / /) -> FALSE (8) if (&User-Name =~ /@.*@/ ) { (8) if (&User-Name =~ /@.*@/ ) -> FALSE (8) if (&User-Name =~ /\\.\\./ ) { (8) if (&User-Name =~ /\\.\\./ ) -> FALSE (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) { (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (8) if (&User-Name =~ /\\.$/) { (8) if (&User-Name =~ /\\.$/) -> FALSE (8) if (&User-Name =~ /@\\./) { (8) if (&User-Name =~ /@\\./) -> FALSE (8) } # policy filter_username = notfound (8) [preprocess] = ok (8) [chap] = noop (8) [mschap] = noop (8) [digest] = noop (8) suffix: Checking for suffix after "@" (8) suffix: Looking up realm "uvtuk.cuni.cz" for User-Name = "r-test-hknet@uvtuk.cuni.cz" (8) suffix: Found realm "uvtuk.cuni.cz" (8) suffix: Adding Realm = "uvtuk.cuni.cz" (8) suffix: Proxying request from user r-test-hknet@uvtuk.cuni.cz to realm uvtuk.cuni.cz (8) suffix: Preparing to proxy authentication request to realm "uvtuk.cuni.cz" (8) [suffix] = updated (8) [files] = noop (8) [expiration] = noop (8) [logintime] = noop (8) [pap] = noop (8) update request { (8) Operator-Name := "1hknet.cz" (8) } # update request = noop (8) policy operator-name.authorize { (8) if ("%{client:Operator-Name}") { (8) EXPAND %{client:Operator-Name} (8) --> (8) if ("%{client:Operator-Name}") -> FALSE (8) } # policy operator-name.authorize = updated (8) } # authorize = updated (8) Starting proxy to home server 195.113.15.22 port 2083 (8) Proxying request to home server 195.113.15.22 port 2083 (TLS) timeout 5.000000 (8) Sent Access-Request Id 144 from 195.113.115.166:48017 to 195.113.15.22:2083 length 176 (8) User-Name = "r-test-hknet@uvtuk.cuni.cz" (8) NAS-IP-Address = 127.0.0.1 (8) Calling-Station-Id = "70-6F-6C-69-73-68" (8) Framed-MTU = 1400 (8) NAS-Port-Type = Wireless-802.11 (8) Connect-Info = "rad_eap_test + eapol_test" (8) EAP-Message = 0x020800061900 (8) State = 0x6aac2fcb6da436ef783b4d4f7a3fb739 (8) Message-Authenticator = 0x6e032cef8b3e1ce410ddb284b9b5d614 (8) Event-Timestamp = "May 23 2017 14:56:27 CEST" (8) Operator-Name := "1hknet.cz" (8) Proxy-State = 0x38 Thread 4 waiting to be assigned a request Waking up in 0.2 seconds. Thread 1 got semaphore Thread 1 handling request 8, (4 handled so far) (8) Clearing existing &reply: attributes (8) Received Access-Challenge Id 144 from 195.113.15.22:2083 to 195.113.115.166:48017 length 169 (8) User-Name = "r-test-hknet@uvtuk.cuni.cz" (8) Tunnel-Type:0 = VLAN (8) Tunnel-Medium-Type:0 = IEEE-802 (8) Tunnel-Private-Group-Id:0 = "948" (8) Cisco-AVPair = "ssid=eduroam" (8) EAP-Message = 0x0109002b190017030100208f4ee2847b67c9056b98fb69c84a7265f7e70b4e87cbf8bcfa3a866a8d5182a1 (8) Message-Authenticator = 0xfdd0ee51bd8ee63cc359ff99ef98d4ad (8) State = 0x6aac2fcb62a536ef783b4d4f7a3fb739 (8) Proxy-State = 0x38 (8) # Executing section post-proxy from file /usr/local/radius/etc/raddb/sites-enabled/hknet (8) post-proxy { (8) post_proxy_log: EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d (8) post_proxy_log: --> /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (8) post_proxy_log: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (8) post_proxy_log: EXPAND %t (8) post_proxy_log: --> Tue May 23 14:56:27 2017 (8) [post_proxy_log] = ok (8) attr_filter.post-proxy: EXPAND %{Realm} (8) attr_filter.post-proxy: --> uvtuk.cuni.cz (8) attr_filter.post-proxy: Matched entry DEFAULT at line 103 (8) attr_filter.post-proxy: Matched entry uvtuk.cuni.cz at line 146 (8) [attr_filter.post-proxy] = updated (8) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") { (8) EXPAND %{proxy-reply:Packet-Type} (8) --> Access-Challenge (8) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") -> FALSE (8) } # post-proxy = updated (8) Using Post-Auth-Type Challenge (8) Post-Auth-Type sub-section not found. Ignoring. (8) # Executing group from file /usr/local/radius/etc/raddb/sites-enabled/hknet (8) Sent Access-Challenge Id 8 from 127.0.0.1:1812 to 127.0.0.1:42715 length 0 (8) Tunnel-Type := VLAN (8) Tunnel-Medium-Type := IEEE-802 (8) EAP-Message = 0x0109002b190017030100208f4ee2847b67c9056b98fb69c84a7265f7e70b4e87cbf8bcfa3a866a8d5182a1 (8) Message-Authenticator = 0xfdd0ee51bd8ee63cc359ff99ef98d4ad (8) State = 0x6aac2fcb62a536ef783b4d4f7a3fb739 (8) Tunnel-Private-Group-Id := "34" (8) Finished request Thread 1 waiting to be assigned a request Waking up in 0.2 seconds. Thread 3 got semaphore Thread 3 handling request 9, (4 handled so far) (9) Received Access-Request Id 9 from 127.0.0.1:42715 to 127.0.0.1:1812 length 246 (9) User-Name = "r-test-hknet@uvtuk.cuni.cz" (9) NAS-IP-Address = 127.0.0.1 (9) Calling-Station-Id = "70-6F-6C-69-73-68" (9) Framed-MTU = 1400 (9) NAS-Port-Type = Wireless-802.11 (9) Connect-Info = "rad_eap_test + eapol_test" (9) EAP-Message = 0x0209006019001703010020478a5968357e347b8272d4c5a1362e0433440250f471c7118041a294e61ea78e17030100308bc4b0e3dced1f724bee4782f6fd67514fa2c9152ad0576d3b83699cb8c76e2e3c1c68e897d771032df0b44e8c987da0 (9) State = 0x6aac2fcb62a536ef783b4d4f7a3fb739 (9) Message-Authenticator = 0x6e84e4bfcbcaa1bd81ce1da1a76effcc (9) session-state: No cached attributes (9) # Executing section authorize from file /usr/local/radius/etc/raddb/sites-enabled/hknet (9) authorize { (9) policy filter_username { (9) if (!&User-Name) { (9) if (!&User-Name) -> FALSE (9) if (&User-Name =~ / /) { (9) if (&User-Name =~ / /) -> FALSE (9) if (&User-Name =~ /@.*@/ ) { (9) if (&User-Name =~ /@.*@/ ) -> FALSE (9) if (&User-Name =~ /\\.\\./ ) { (9) if (&User-Name =~ /\\.\\./ ) -> FALSE (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) { (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (9) if (&User-Name =~ /\\.$/) { (9) if (&User-Name =~ /\\.$/) -> FALSE (9) if (&User-Name =~ /@\\./) { (9) if (&User-Name =~ /@\\./) -> FALSE (9) } # policy filter_username = notfound (9) [preprocess] = ok (9) [chap] = noop (9) [mschap] = noop (9) [digest] = noop (9) suffix: Checking for suffix after "@" (9) suffix: Looking up realm "uvtuk.cuni.cz" for User-Name = "r-test-hknet@uvtuk.cuni.cz" (9) suffix: Found realm "uvtuk.cuni.cz" (9) suffix: Adding Realm = "uvtuk.cuni.cz" (9) suffix: Proxying request from user r-test-hknet@uvtuk.cuni.cz to realm uvtuk.cuni.cz (9) suffix: Preparing to proxy authentication request to realm "uvtuk.cuni.cz" (9) [suffix] = updated (9) [files] = noop (9) [expiration] = noop (9) [logintime] = noop (9) [pap] = noop (9) update request { (9) Operator-Name := "1hknet.cz" (9) } # update request = noop (9) policy operator-name.authorize { (9) if ("%{client:Operator-Name}") { (9) EXPAND %{client:Operator-Name} (9) --> (9) if ("%{client:Operator-Name}") -> FALSE (9) } # policy operator-name.authorize = updated (9) } # authorize = updated (9) Starting proxy to home server 195.113.15.22 port 2083 (9) Proxying request to home server 195.113.15.22 port 2083 (TLS) timeout 5.000000 (9) Sent Access-Request Id 244 from 195.113.115.166:48017 to 195.113.15.22:2083 length 266 (9) User-Name = "r-test-hknet@uvtuk.cuni.cz" (9) NAS-IP-Address = 127.0.0.1 (9) Calling-Station-Id = "70-6F-6C-69-73-68" (9) Framed-MTU = 1400 (9) NAS-Port-Type = Wireless-802.11 (9) Connect-Info = "rad_eap_test + eapol_test" (9) EAP-Message = 0x0209006019001703010020478a5968357e347b8272d4c5a1362e0433440250f471c7118041a294e61ea78e17030100308bc4b0e3dced1f724bee4782f6fd67514fa2c9152ad0576d3b83699cb8c76e2e3c1c68e897d771032df0b44e8c987da0 (9) State = 0x6aac2fcb62a536ef783b4d4f7a3fb739 (9) Message-Authenticator = 0x6e84e4bfcbcaa1bd81ce1da1a76effcc (9) Event-Timestamp = "May 23 2017 14:56:27 CEST" (9) Operator-Name := "1hknet.cz" (9) Proxy-State = 0x39 Thread 3 waiting to be assigned a request Waking up in 0.2 seconds. Thread 2 got semaphore Thread 2 handling request 9, (4 handled so far) (9) Clearing existing &reply: attributes (9) Received Access-Challenge Id 244 from 195.113.15.22:2083 to 195.113.115.166:48017 length 217 (9) User-Name = "r-test-hknet@uvtuk.cuni.cz" (9) Tunnel-Type:0 = VLAN (9) Tunnel-Medium-Type:0 = IEEE-802 (9) Tunnel-Private-Group-Id:0 = "948" (9) Cisco-AVPair = "ssid=eduroam" (9) EAP-Message = 0x010a005b190017030100505534eb8d7be6b0163a87fcd6a47e816e7acf91ffa0b39438f9c3d006a9ab7bc90ca49768489b5dceedb23413a7c8305ace3d5adfc662425d5fb82ea12dcbfbea0e29a964d4fce4a79f7b0420810932dd (9) Message-Authenticator = 0x327c1632e44a3f32182fe33e9a38c905 (9) State = 0x6aac2fcb63a636ef783b4d4f7a3fb739 (9) Proxy-State = 0x39 (9) # Executing section post-proxy from file /usr/local/radius/etc/raddb/sites-enabled/hknet (9) post-proxy { (9) post_proxy_log: EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d (9) post_proxy_log: --> /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (9) post_proxy_log: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (9) post_proxy_log: EXPAND %t (9) post_proxy_log: --> Tue May 23 14:56:27 2017 (9) [post_proxy_log] = ok (9) attr_filter.post-proxy: EXPAND %{Realm} (9) attr_filter.post-proxy: --> uvtuk.cuni.cz (9) attr_filter.post-proxy: Matched entry DEFAULT at line 103 (9) attr_filter.post-proxy: Matched entry uvtuk.cuni.cz at line 146 (9) [attr_filter.post-proxy] = updated (9) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") { (9) EXPAND %{proxy-reply:Packet-Type} (9) --> Access-Challenge (9) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") -> FALSE (9) } # post-proxy = updated (9) Using Post-Auth-Type Challenge (9) Post-Auth-Type sub-section not found. Ignoring. (9) # Executing group from file /usr/local/radius/etc/raddb/sites-enabled/hknet (9) Sent Access-Challenge Id 9 from 127.0.0.1:1812 to 127.0.0.1:42715 length 0 (9) Tunnel-Type := VLAN (9) Tunnel-Medium-Type := IEEE-802 (9) EAP-Message = 0x010a005b190017030100505534eb8d7be6b0163a87fcd6a47e816e7acf91ffa0b39438f9c3d006a9ab7bc90ca49768489b5dceedb23413a7c8305ace3d5adfc662425d5fb82ea12dcbfbea0e29a964d4fce4a79f7b0420810932dd (9) Message-Authenticator = 0x327c1632e44a3f32182fe33e9a38c905 (9) State = 0x6aac2fcb63a636ef783b4d4f7a3fb739 (9) Tunnel-Private-Group-Id := "34" (9) Finished request Thread 2 waiting to be assigned a request Waking up in 0.2 seconds. Thread 5 got semaphore Thread 5 handling request 10, (5 handled so far) (10) Received Access-Request Id 10 from 127.0.0.1:42715 to 127.0.0.1:1812 length 310 (10) User-Name = "r-test-hknet@uvtuk.cuni.cz" (10) NAS-IP-Address = 127.0.0.1 (10) Calling-Station-Id = "70-6F-6C-69-73-68" (10) Framed-MTU = 1400 (10) NAS-Port-Type = Wireless-802.11 (10) Connect-Info = "rad_eap_test + eapol_test" (10) EAP-Message = 0x020a00a019001703010020a2cbf96f4317bc337a11f4f216731e6c7e3798705f0368f973aceb40f30ffbf4170301007058240a51ada878b5165014ec4ae57a0b5d6aeffc0955070d5201663d090a34066d7d4e9940fafe02e38c44a3845c91bf20c6c49c022e62f01dbddb4c7f78851b011e0e3f4b4516 (10) State = 0x6aac2fcb63a636ef783b4d4f7a3fb739 (10) Message-Authenticator = 0x7b9b14340b5c62dbee784de197e8d0c0 (10) session-state: No cached attributes (10) # Executing section authorize from file /usr/local/radius/etc/raddb/sites-enabled/hknet (10) authorize { (10) policy filter_username { (10) if (!&User-Name) { (10) if (!&User-Name) -> FALSE (10) if (&User-Name =~ / /) { (10) if (&User-Name =~ / /) -> FALSE (10) if (&User-Name =~ /@.*@/ ) { (10) if (&User-Name =~ /@.*@/ ) -> FALSE (10) if (&User-Name =~ /\\.\\./ ) { (10) if (&User-Name =~ /\\.\\./ ) -> FALSE (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) { (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (10) if (&User-Name =~ /\\.$/) { (10) if (&User-Name =~ /\\.$/) -> FALSE (10) if (&User-Name =~ /@\\./) { (10) if (&User-Name =~ /@\\./) -> FALSE (10) } # policy filter_username = notfound (10) [preprocess] = ok (10) [chap] = noop (10) [mschap] = noop (10) [digest] = noop (10) suffix: Checking for suffix after "@" (10) suffix: Looking up realm "uvtuk.cuni.cz" for User-Name = "r-test-hknet@uvtuk.cuni.cz" (10) suffix: Found realm "uvtuk.cuni.cz" (10) suffix: Adding Realm = "uvtuk.cuni.cz" (10) suffix: Proxying request from user r-test-hknet@uvtuk.cuni.cz to realm uvtuk.cuni.cz (10) suffix: Preparing to proxy authentication request to realm "uvtuk.cuni.cz" (10) [suffix] = updated (10) [files] = noop (10) [expiration] = noop (10) [logintime] = noop (10) [pap] = noop (10) update request { (10) Operator-Name := "1hknet.cz" (10) } # update request = noop (10) policy operator-name.authorize { (10) if ("%{client:Operator-Name}") { (10) EXPAND %{client:Operator-Name} (10) --> (10) if ("%{client:Operator-Name}") -> FALSE (10) } # policy operator-name.authorize = updated (10) } # authorize = updated (10) Starting proxy to home server 195.113.15.22 port 2083 (10) Proxying request to home server 195.113.15.22 port 2083 (TLS) timeout 5.000000 (10) Sent Access-Request Id 116 from 195.113.115.166:48017 to 195.113.15.22:2083 length 331 (10) User-Name = "r-test-hknet@uvtuk.cuni.cz" (10) NAS-IP-Address = 127.0.0.1 (10) Calling-Station-Id = "70-6F-6C-69-73-68" (10) Framed-MTU = 1400 (10) NAS-Port-Type = Wireless-802.11 (10) Connect-Info = "rad_eap_test + eapol_test" (10) EAP-Message = 0x020a00a019001703010020a2cbf96f4317bc337a11f4f216731e6c7e3798705f0368f973aceb40f30ffbf4170301007058240a51ada878b5165014ec4ae57a0b5d6aeffc0955070d5201663d090a34066d7d4e9940fafe02e38c44a3845c91bf20c6c49c022e62f01dbddb4c7f78851b011e0e3f4b4516 (10) State = 0x6aac2fcb63a636ef783b4d4f7a3fb739 (10) Message-Authenticator = 0x7b9b14340b5c62dbee784de197e8d0c0 (10) Event-Timestamp = "May 23 2017 14:56:27 CEST" (10) Operator-Name := "1hknet.cz" (10) Proxy-State = 0x3130 Thread 5 waiting to be assigned a request Waking up in 0.1 seconds. Thread 4 got semaphore Thread 4 handling request 10, (5 handled so far) (10) Clearing existing &reply: attributes (10) Received Access-Challenge Id 116 from 195.113.15.22:2083 to 195.113.115.166:48017 length 218 (10) User-Name = "r-test-hknet@uvtuk.cuni.cz" (10) Tunnel-Type:0 = VLAN (10) Tunnel-Medium-Type:0 = IEEE-802 (10) Tunnel-Private-Group-Id:0 = "948" (10) Cisco-AVPair = "ssid=eduroam" (10) EAP-Message = 0x010b005b1900170301005037c284b1971053d1f66474ed759f01d51a3e35f74da95f2b874a574c143a22ff4100733011a772d20693d6f25611e22313f8e24c3d5487ed1ea09e4a7f21cdc0d8977c03795f514b46e82a8327ad6c78 (10) Message-Authenticator = 0xec404f182f1fc5be5334dfef6e269ef2 (10) State = 0x6aac2fcb60a736ef783b4d4f7a3fb739 (10) Proxy-State = 0x3130 (10) # Executing section post-proxy from file /usr/local/radius/etc/raddb/sites-enabled/hknet (10) post-proxy { (10) post_proxy_log: EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d (10) post_proxy_log: --> /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (10) post_proxy_log: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (10) post_proxy_log: EXPAND %t (10) post_proxy_log: --> Tue May 23 14:56:27 2017 (10) [post_proxy_log] = ok (10) attr_filter.post-proxy: EXPAND %{Realm} (10) attr_filter.post-proxy: --> uvtuk.cuni.cz (10) attr_filter.post-proxy: Matched entry DEFAULT at line 103 (10) attr_filter.post-proxy: Matched entry uvtuk.cuni.cz at line 146 (10) [attr_filter.post-proxy] = updated (10) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") { (10) EXPAND %{proxy-reply:Packet-Type} (10) --> Access-Challenge (10) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") -> FALSE (10) } # post-proxy = updated (10) Using Post-Auth-Type Challenge (10) Post-Auth-Type sub-section not found. Ignoring. (10) # Executing group from file /usr/local/radius/etc/raddb/sites-enabled/hknet (10) Sent Access-Challenge Id 10 from 127.0.0.1:1812 to 127.0.0.1:42715 length 0 (10) Tunnel-Type := VLAN (10) Tunnel-Medium-Type := IEEE-802 (10) EAP-Message = 0x010b005b1900170301005037c284b1971053d1f66474ed759f01d51a3e35f74da95f2b874a574c143a22ff4100733011a772d20693d6f25611e22313f8e24c3d5487ed1ea09e4a7f21cdc0d8977c03795f514b46e82a8327ad6c78 (10) Message-Authenticator = 0xec404f182f1fc5be5334dfef6e269ef2 (10) State = 0x6aac2fcb60a736ef783b4d4f7a3fb739 (10) Tunnel-Private-Group-Id := "34" (10) Finished request Thread 4 waiting to be assigned a request Waking up in 0.1 seconds. Thread 1 got semaphore Thread 1 handling request 11, (5 handled so far) (11) Received Access-Request Id 11 from 127.0.0.1:42715 to 127.0.0.1:1812 length 230 (11) User-Name = "r-test-hknet@uvtuk.cuni.cz" (11) NAS-IP-Address = 127.0.0.1 (11) Calling-Station-Id = "70-6F-6C-69-73-68" (11) Framed-MTU = 1400 (11) NAS-Port-Type = Wireless-802.11 (11) Connect-Info = "rad_eap_test + eapol_test" (11) EAP-Message = 0x020b005019001703010020fd1f7d250fa79f68e0e6287c921d74c3141c49080bcfed5ba7df4cf2b9fb7e2317030100209bdbb50bd6fda5035d803dbda8bf2e99ca5052f96c07a77eb4f9b019564c82c8 (11) State = 0x6aac2fcb60a736ef783b4d4f7a3fb739 (11) Message-Authenticator = 0x01fcf1cca53609cc01c5f9c546c23afd (11) session-state: No cached attributes (11) # Executing section authorize from file /usr/local/radius/etc/raddb/sites-enabled/hknet (11) authorize { (11) policy filter_username { (11) if (!&User-Name) { (11) if (!&User-Name) -> FALSE (11) if (&User-Name =~ / /) { (11) if (&User-Name =~ / /) -> FALSE (11) if (&User-Name =~ /@.*@/ ) { (11) if (&User-Name =~ /@.*@/ ) -> FALSE (11) if (&User-Name =~ /\\.\\./ ) { (11) if (&User-Name =~ /\\.\\./ ) -> FALSE (11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) { (11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (11) if (&User-Name =~ /\\.$/) { (11) if (&User-Name =~ /\\.$/) -> FALSE (11) if (&User-Name =~ /@\\./) { (11) if (&User-Name =~ /@\\./) -> FALSE (11) } # policy filter_username = notfound (11) [preprocess] = ok (11) [chap] = noop (11) [mschap] = noop (11) [digest] = noop (11) suffix: Checking for suffix after "@" (11) suffix: Looking up realm "uvtuk.cuni.cz" for User-Name = "r-test-hknet@uvtuk.cuni.cz" (11) suffix: Found realm "uvtuk.cuni.cz" (11) suffix: Adding Realm = "uvtuk.cuni.cz" (11) suffix: Proxying request from user r-test-hknet@uvtuk.cuni.cz to realm uvtuk.cuni.cz (11) suffix: Preparing to proxy authentication request to realm "uvtuk.cuni.cz" (11) [suffix] = updated (11) [files] = noop (11) [expiration] = noop (11) [logintime] = noop (11) [pap] = noop (11) update request { (11) Operator-Name := "1hknet.cz" (11) } # update request = noop (11) policy operator-name.authorize { (11) if ("%{client:Operator-Name}") { (11) EXPAND %{client:Operator-Name} (11) --> (11) if ("%{client:Operator-Name}") -> FALSE (11) } # policy operator-name.authorize = updated (11) } # authorize = updated (11) Starting proxy to home server 195.113.15.22 port 2083 (11) Proxying request to home server 195.113.15.22 port 2083 (TLS) timeout 5.000000 (11) Sent Access-Request Id 68 from 195.113.115.166:48017 to 195.113.15.22:2083 length 251 (11) User-Name = "r-test-hknet@uvtuk.cuni.cz" (11) NAS-IP-Address = 127.0.0.1 (11) Calling-Station-Id = "70-6F-6C-69-73-68" (11) Framed-MTU = 1400 (11) NAS-Port-Type = Wireless-802.11 (11) Connect-Info = "rad_eap_test + eapol_test" (11) EAP-Message = 0x020b005019001703010020fd1f7d250fa79f68e0e6287c921d74c3141c49080bcfed5ba7df4cf2b9fb7e2317030100209bdbb50bd6fda5035d803dbda8bf2e99ca5052f96c07a77eb4f9b019564c82c8 (11) State = 0x6aac2fcb60a736ef783b4d4f7a3fb739 (11) Message-Authenticator = 0x01fcf1cca53609cc01c5f9c546c23afd (11) Event-Timestamp = "May 23 2017 14:56:27 CEST" (11) Operator-Name := "1hknet.cz" (11) Proxy-State = 0x3131 Thread 1 waiting to be assigned a request Waking up in 0.1 seconds. Thread 3 got semaphore Thread 3 handling request 11, (5 handled so far) (11) Clearing existing &reply: attributes (11) Received Access-Challenge Id 68 from 195.113.15.22:2083 to 195.113.115.166:48017 length 170 (11) User-Name = "r-test-hknet@uvtuk.cuni.cz" (11) Tunnel-Type:0 = VLAN (11) Tunnel-Medium-Type:0 = IEEE-802 (11) Tunnel-Private-Group-Id:0 = "948" (11) Cisco-AVPair = "ssid=eduroam" (11) EAP-Message = 0x010c002b1900170301002072a5974e40cd3bb60f29d309dd54f0a9546e2c5ef4faa61ee22e8d12340251b7 (11) Message-Authenticator = 0x33f14d2c99d3037b63b0309b471eae96 (11) State = 0x6aac2fcb61a036ef783b4d4f7a3fb739 (11) Proxy-State = 0x3131 (11) # Executing section post-proxy from file /usr/local/radius/etc/raddb/sites-enabled/hknet (11) post-proxy { (11) post_proxy_log: EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d (11) post_proxy_log: --> /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (11) post_proxy_log: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (11) post_proxy_log: EXPAND %t (11) post_proxy_log: --> Tue May 23 14:56:27 2017 (11) [post_proxy_log] = ok (11) attr_filter.post-proxy: EXPAND %{Realm} (11) attr_filter.post-proxy: --> uvtuk.cuni.cz (11) attr_filter.post-proxy: Matched entry DEFAULT at line 103 (11) attr_filter.post-proxy: Matched entry uvtuk.cuni.cz at line 146 (11) [attr_filter.post-proxy] = updated (11) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") { (11) EXPAND %{proxy-reply:Packet-Type} (11) --> Access-Challenge (11) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") -> FALSE (11) } # post-proxy = updated (11) Using Post-Auth-Type Challenge (11) Post-Auth-Type sub-section not found. Ignoring. (11) # Executing group from file /usr/local/radius/etc/raddb/sites-enabled/hknet (11) Sent Access-Challenge Id 11 from 127.0.0.1:1812 to 127.0.0.1:42715 length 0 (11) Tunnel-Type := VLAN (11) Tunnel-Medium-Type := IEEE-802 (11) EAP-Message = 0x010c002b1900170301002072a5974e40cd3bb60f29d309dd54f0a9546e2c5ef4faa61ee22e8d12340251b7 (11) Message-Authenticator = 0x33f14d2c99d3037b63b0309b471eae96 (11) State = 0x6aac2fcb61a036ef783b4d4f7a3fb739 (11) Tunnel-Private-Group-Id := "34" (11) Finished request Thread 3 waiting to be assigned a request Waking up in 0.1 seconds. Thread 2 got semaphore Thread 2 handling request 12, (5 handled so far) (12) Received Access-Request Id 12 from 127.0.0.1:42715 to 127.0.0.1:1812 length 230 (12) User-Name = "r-test-hknet@uvtuk.cuni.cz" (12) NAS-IP-Address = 127.0.0.1 (12) Calling-Station-Id = "70-6F-6C-69-73-68" (12) Framed-MTU = 1400 (12) NAS-Port-Type = Wireless-802.11 (12) Connect-Info = "rad_eap_test + eapol_test" (12) EAP-Message = 0x020c005019001703010020acdcecb8f10a5d40c00dc3af016fb44c5f2cecdd8707cf2da33eab84459de5ad1703010020ee55219f7e807c6f62571096ff2bc71941760cb320a71d8b93a7e5689eabd04c (12) State = 0x6aac2fcb61a036ef783b4d4f7a3fb739 (12) Message-Authenticator = 0xfa7d80072af35f6027a825b7c4a732d1 (12) session-state: No cached attributes (12) # Executing section authorize from file /usr/local/radius/etc/raddb/sites-enabled/hknet (12) authorize { (12) policy filter_username { (12) if (!&User-Name) { (12) if (!&User-Name) -> FALSE (12) if (&User-Name =~ / /) { (12) if (&User-Name =~ / /) -> FALSE (12) if (&User-Name =~ /@.*@/ ) { (12) if (&User-Name =~ /@.*@/ ) -> FALSE (12) if (&User-Name =~ /\\.\\./ ) { (12) if (&User-Name =~ /\\.\\./ ) -> FALSE (12) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) { (12) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (12) if (&User-Name =~ /\\.$/) { (12) if (&User-Name =~ /\\.$/) -> FALSE (12) if (&User-Name =~ /@\\./) { (12) if (&User-Name =~ /@\\./) -> FALSE (12) } # policy filter_username = notfound (12) [preprocess] = ok (12) [chap] = noop (12) [mschap] = noop (12) [digest] = noop (12) suffix: Checking for suffix after "@" (12) suffix: Looking up realm "uvtuk.cuni.cz" for User-Name = "r-test-hknet@uvtuk.cuni.cz" (12) suffix: Found realm "uvtuk.cuni.cz" (12) suffix: Adding Realm = "uvtuk.cuni.cz" (12) suffix: Proxying request from user r-test-hknet@uvtuk.cuni.cz to realm uvtuk.cuni.cz (12) suffix: Preparing to proxy authentication request to realm "uvtuk.cuni.cz" (12) [suffix] = updated (12) [files] = noop (12) [expiration] = noop (12) [logintime] = noop (12) [pap] = noop (12) update request { (12) Operator-Name := "1hknet.cz" (12) } # update request = noop (12) policy operator-name.authorize { (12) if ("%{client:Operator-Name}") { (12) EXPAND %{client:Operator-Name} (12) --> (12) if ("%{client:Operator-Name}") -> FALSE (12) } # policy operator-name.authorize = updated (12) } # authorize = updated (12) Starting proxy to home server 195.113.15.22 port 2083 (12) Proxying request to home server 195.113.15.22 port 2083 (TLS) timeout 5.000000 (12) Sent Access-Request Id 80 from 195.113.115.166:48017 to 195.113.15.22:2083 length 251 (12) User-Name = "r-test-hknet@uvtuk.cuni.cz" (12) NAS-IP-Address = 127.0.0.1 (12) Calling-Station-Id = "70-6F-6C-69-73-68" (12) Framed-MTU = 1400 (12) NAS-Port-Type = Wireless-802.11 (12) Connect-Info = "rad_eap_test + eapol_test" (12) EAP-Message = 0x020c005019001703010020acdcecb8f10a5d40c00dc3af016fb44c5f2cecdd8707cf2da33eab84459de5ad1703010020ee55219f7e807c6f62571096ff2bc71941760cb320a71d8b93a7e5689eabd04c (12) State = 0x6aac2fcb61a036ef783b4d4f7a3fb739 (12) Message-Authenticator = 0xfa7d80072af35f6027a825b7c4a732d1 (12) Event-Timestamp = "May 23 2017 14:56:27 CEST" (12) Operator-Name := "1hknet.cz" (12) Proxy-State = 0x3132 Thread 2 waiting to be assigned a request Waking up in 0.1 seconds. Thread 5 got semaphore Thread 5 handling request 12, (6 handled so far) (12) Clearing existing &reply: attributes (12) Received Access-Accept Id 80 from 195.113.15.22:2083 to 195.113.115.166:48017 length 294 (12) User-Name = "r-test-hknet@uvtuk.cuni.cz" (12) Tunnel-Type:0 = VLAN (12) Tunnel-Medium-Type:0 = IEEE-802 (12) Tunnel-Private-Group-Id:0 = "948" (12) Cisco-AVPair = "ssid=eduroam" (12) User-Name = "r-test-hknet@uvtuk.cuni.cz" (12) Tunnel-Type:0 = VLAN (12) Tunnel-Medium-Type:0 = IEEE-802 (12) Tunnel-Private-Group-Id:0 = "948" (12) Cisco-AVPair = "ssid=eduroam" (12) MS-MPPE-Recv-Key = 0x21ba846be1b18f3eccd9d111dfa79e9d8a6ea2ce64edbc288b8dabfa6a479e1e (12) MS-MPPE-Send-Key = 0x4b9261b43b57d28f6037a9032d9013abc860a5d7d333b322958c9f628ee5a89d (12) EAP-Message = 0x030c0004 (12) Message-Authenticator = 0x616475a2e8a0b8d16a3f292425640bce (12) Proxy-State = 0x3132 (12) # Executing section post-proxy from file /usr/local/radius/etc/raddb/sites-enabled/hknet (12) post-proxy { (12) post_proxy_log: EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d (12) post_proxy_log: --> /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (12) post_proxy_log: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/post-proxy-detail-20170523 (12) post_proxy_log: EXPAND %t (12) post_proxy_log: --> Tue May 23 14:56:27 2017 (12) [post_proxy_log] = ok (12) attr_filter.post-proxy: EXPAND %{Realm} (12) attr_filter.post-proxy: --> uvtuk.cuni.cz (12) attr_filter.post-proxy: Matched entry DEFAULT at line 103 (12) attr_filter.post-proxy: Matched entry uvtuk.cuni.cz at line 146 (12) [attr_filter.post-proxy] = updated (12) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") { (12) EXPAND %{proxy-reply:Packet-Type} (12) --> Access-Accept (12) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") -> TRUE (12) if ("%{proxy-reply:Packet-Type}" == "Access-Accept") { (12) update proxy-reply { (12) Tunnel-Type := VLAN (12) Tunnel-Medium-Type := IEEE-802 (12) } # update proxy-reply = noop (12) } # if ("%{proxy-reply:Packet-Type}" == "Access-Accept") = noop (12) } # post-proxy = updated (12) Found Auth-Type = Accept (12) Auth-Type = Accept, accepting the user (12) # Executing section post-auth from file /usr/local/radius/etc/raddb/sites-enabled/hknet (12) post-auth { (12) [exec] = noop (12) policy remove_reply_message_if_eap { (12) if (&reply:EAP-Message && &reply:Reply-Message) { (12) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (12) else { (12) [noop] = noop (12) } # else = noop (12) } # policy remove_reply_message_if_eap = noop (12) } # post-auth = noop (12) Login OK: [r-test-hknet@uvtuk.cuni.cz] (from client localhost port 0 cli 70-6F-6C-69-73-68) (12) Sent Access-Accept Id 12 from 127.0.0.1:1812 to 127.0.0.1:42715 length 0 (12) Tunnel-Type := VLAN (12) Tunnel-Medium-Type := IEEE-802 (12) MS-MPPE-Recv-Key = 0x21ba846be1b18f3eccd9d111dfa79e9d8a6ea2ce64edbc288b8dabfa6a479e1e (12) MS-MPPE-Send-Key = 0x4b9261b43b57d28f6037a9032d9013abc860a5d7d333b322958c9f628ee5a89d (12) EAP-Message = 0x030c0004 (12) Message-Authenticator = 0x616475a2e8a0b8d16a3f292425640bce (12) Tunnel-Private-Group-Id := "34" (12) Finished request Thread 5 waiting to be assigned a request Waking up in 9.5 seconds.