Fri Sep 25 21:37:05 2020 : Debug: Server was built with: Fri Sep 25 21:37:05 2020 : Debug: accounting : yes Fri Sep 25 21:37:05 2020 : Debug: authentication : yes Fri Sep 25 21:37:05 2020 : Debug: ascend-binary-attributes : yes Fri Sep 25 21:37:05 2020 : Debug: coa : yes Fri Sep 25 21:37:05 2020 : Debug: control-socket : yes Fri Sep 25 21:37:05 2020 : Debug: detail : yes Fri Sep 25 21:37:05 2020 : Debug: dhcp : yes Fri Sep 25 21:37:05 2020 : Debug: dynamic-clients : yes Fri Sep 25 21:37:05 2020 : Debug: osfc2 : no Fri Sep 25 21:37:05 2020 : Debug: proxy : yes Fri Sep 25 21:37:05 2020 : Debug: regex-pcre : yes Fri Sep 25 21:37:05 2020 : Debug: regex-posix : no Fri Sep 25 21:37:05 2020 : Debug: regex-posix-extended : no Fri Sep 25 21:37:05 2020 : Debug: session-management : yes Fri Sep 25 21:37:05 2020 : Debug: stats : yes Fri Sep 25 21:37:05 2020 : Debug: systemd : no Fri Sep 25 21:37:05 2020 : Debug: tcp : yes Fri Sep 25 21:37:05 2020 : Debug: threads : yes Fri Sep 25 21:37:05 2020 : Debug: tls : yes Fri Sep 25 21:37:05 2020 : Debug: unlang : yes Fri Sep 25 21:37:05 2020 : Debug: vmps : yes Fri Sep 25 21:37:05 2020 : Debug: developer : no Fri Sep 25 21:37:05 2020 : Debug: Server core libs: Fri Sep 25 21:37:05 2020 : Debug: freeradius-server : 3.0.21 Fri Sep 25 21:37:05 2020 : Debug: talloc : 2.0.* Fri Sep 25 21:37:05 2020 : Debug: ssl : 1.0.1e release Fri Sep 25 21:37:05 2020 : Debug: pcre : 7.8 2008-09-05 Fri Sep 25 21:37:05 2020 : Debug: Endianness: Fri Sep 25 21:37:05 2020 : Debug: little Fri Sep 25 21:37:05 2020 : Debug: Compilation flags: Fri Sep 25 21:37:05 2020 : Debug: cppflags : Fri Sep 25 21:37:05 2020 : Debug: cflags : -I. -Isrc -include src/freeradius-devel/autoconf.h -include src/freeradius-devel/build.h -include src/freeradius-devel/features.h -include src/freeradius-devel/radpaths.h -fno-strict-aliasing -Wno-date-time -g -O2 -Wall -std=c99 -D_GNU_SOURCE -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -DNDEBUG -DIS_MODULE=1 Fri Sep 25 21:37:05 2020 : Debug: ldflags : Fri Sep 25 21:37:05 2020 : Debug: libs : -lcrypto -lssl -ltalloc -lpcre -lcap -lnsl -lresolv -ldl -lpthread -lreadline Fri Sep 25 21:37:05 2020 : Debug: Fri Sep 25 21:37:05 2020 : Info: FreeRADIUS Version 3.0.21 Fri Sep 25 21:37:05 2020 : Info: Copyright (C) 1999-2019 The FreeRADIUS server project and contributors Fri Sep 25 21:37:05 2020 : Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A Fri Sep 25 21:37:05 2020 : Info: PARTICULAR PURPOSE Fri Sep 25 21:37:05 2020 : Info: You may redistribute copies of FreeRADIUS under the terms of the Fri Sep 25 21:37:05 2020 : Info: GNU General Public License Fri Sep 25 21:37:05 2020 : Info: For more information about these matters, see the file named COPYRIGHT Fri Sep 25 21:37:05 2020 : Info: Starting - reading configuration files ... Fri Sep 25 21:37:05 2020 : Debug: including dictionary file /usr/local/share/freeradius/dictionary Fri Sep 25 21:37:05 2020 : Debug: including dictionary file /usr/local/share/freeradius/dictionary.dhcp Fri Sep 25 21:37:05 2020 : Debug: including dictionary file /usr/local/share/freeradius/dictionary.vqp Fri Sep 25 21:37:05 2020 : Debug: including dictionary file /usr/local/etc/raddb/dictionary Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/radiusd.conf Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/proxy.conf Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/clients.conf Fri Sep 25 21:37:05 2020 : Debug: including files in directory /usr/local/etc/raddb/mods-enabled/ Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/exec Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/ntlm_auth Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/files Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/radutmp Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/preprocess Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/expiration Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/logintime Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/date Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/always Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/unpack Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/eap Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/pap Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/soh Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/detail.log Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/chap Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/echo Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/detail Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/dynamic_clients Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/mschap Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/linelog Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/digest Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/expr Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/replicate Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/passwd Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/unix Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/utf8 Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/realm Fri Sep 25 21:37:05 2020 : Debug: including files in directory /usr/local/etc/raddb/policy.d/ Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/policy.d/accounting Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/policy.d/dhcp Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/policy.d/moonshot-targeted-ids Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/policy.d/debug Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/policy.d/control Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/policy.d/rfc7542 Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/policy.d/eap Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/policy.d/canonicalization Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/policy.d/operator-name Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/policy.d/filter Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/policy.d/cui Fri Sep 25 21:37:05 2020 : Debug: OPTIMIZING (${policy.cui_require_operator_name} == yes) --> FALSE Fri Sep 25 21:37:05 2020 : Debug: OPTIMIZING (no == yes) --> FALSE Fri Sep 25 21:37:05 2020 : Debug: OPTIMIZING (${policy.cui_require_operator_name} == yes) --> FALSE Fri Sep 25 21:37:05 2020 : Debug: OPTIMIZING (no == yes) --> FALSE Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/policy.d/abfab-tr Fri Sep 25 21:37:05 2020 : Debug: including files in directory /usr/local/etc/raddb/sites-enabled/ Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Sep 25 21:37:05 2020 : Debug: including configuration file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:05 2020 : Debug: main { Fri Sep 25 21:37:05 2020 : Debug: security { Fri Sep 25 21:37:05 2020 : Debug: allow_core_dumps = no Fri Sep 25 21:37:05 2020 : Warning: /usr/local/etc/raddb/radiusd.conf[527]: The item 'max_attributes' is defined, but is unused by the configuration Fri Sep 25 21:37:05 2020 : Warning: /usr/local/etc/raddb/radiusd.conf[545]: The item 'reject_delay' is defined, but is unused by the configuration Fri Sep 25 21:37:05 2020 : Warning: /usr/local/etc/raddb/radiusd.conf[565]: The item 'status_server' is defined, but is unused by the configuration Fri Sep 25 21:37:05 2020 : Warning: /usr/local/etc/raddb/radiusd.conf[575]: The item 'allow_vulnerable_openssl' is defined, but is unused by the configuration Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: name = "radiusd" Fri Sep 25 21:37:05 2020 : Debug: prefix = "/usr/local" Fri Sep 25 21:37:05 2020 : Debug: localstatedir = "/usr/local/var" Fri Sep 25 21:37:05 2020 : Debug: logdir = "/usr/local/var/log/radius" Fri Sep 25 21:37:05 2020 : Debug: run_dir = "/usr/local/var/run/radiusd" Fri Sep 25 21:37:05 2020 : Warning: /usr/local/etc/raddb/radiusd.conf[97]: The item 'confdir' is defined, but is unused by the configuration Fri Sep 25 21:37:05 2020 : Warning: /usr/local/etc/raddb/radiusd.conf[104]: The item 'db_dir' is defined, but is unused by the configuration Fri Sep 25 21:37:05 2020 : Warning: /usr/local/etc/raddb/radiusd.conf[138]: The item 'libdir' is defined, but is unused by the configuration Fri Sep 25 21:37:05 2020 : Warning: /usr/local/etc/raddb/radiusd.conf[149]: The item 'pidfile' is defined, but is unused by the configuration Fri Sep 25 21:37:05 2020 : Warning: /usr/local/etc/raddb/radiusd.conf[170]: The item 'correct_escapes' is defined, but is unused by the configuration Fri Sep 25 21:37:05 2020 : Warning: /usr/local/etc/raddb/radiusd.conf[224]: The item 'max_request_time' is defined, but is unused by the configuration Fri Sep 25 21:37:05 2020 : Warning: /usr/local/etc/raddb/radiusd.conf[243]: The item 'cleanup_delay' is defined, but is unused by the configuration Fri Sep 25 21:37:05 2020 : Warning: /usr/local/etc/raddb/radiusd.conf[280]: The item 'hostname_lookups' is defined, but is unused by the configuration Fri Sep 25 21:37:05 2020 : Warning: /usr/local/etc/raddb/radiusd.conf[383]: The item 'checkrad' is defined, but is unused by the configuration Fri Sep 25 21:37:05 2020 : Warning: /usr/local/etc/raddb/radiusd.conf[594]: The item 'proxy_requests' is defined, but is unused by the configuration Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: main { Fri Sep 25 21:37:05 2020 : Debug: name = "radiusd" Fri Sep 25 21:37:05 2020 : Debug: prefix = "/usr/local" Fri Sep 25 21:37:05 2020 : Debug: localstatedir = "/usr/local/var" Fri Sep 25 21:37:05 2020 : Debug: sbindir = "/usr/local/sbin" Fri Sep 25 21:37:05 2020 : Debug: logdir = "/usr/local/var/log/radius" Fri Sep 25 21:37:05 2020 : Debug: run_dir = "/usr/local/var/run/radiusd" Fri Sep 25 21:37:05 2020 : Debug: libdir = "/usr/local/lib" Fri Sep 25 21:37:05 2020 : Debug: radacctdir = "/usr/local/var/log/radius/radacct" Fri Sep 25 21:37:05 2020 : Debug: hostname_lookups = no Fri Sep 25 21:37:05 2020 : Debug: max_request_time = 30 Fri Sep 25 21:37:05 2020 : Debug: cleanup_delay = 5 Fri Sep 25 21:37:05 2020 : Debug: max_requests = 16384 Fri Sep 25 21:37:05 2020 : Debug: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" Fri Sep 25 21:37:05 2020 : Debug: checkrad = "/usr/local/sbin/checkrad" Fri Sep 25 21:37:05 2020 : Debug: debug_level = 0 Fri Sep 25 21:37:05 2020 : Debug: proxy_requests = yes Fri Sep 25 21:37:05 2020 : Debug: log { Fri Sep 25 21:37:05 2020 : Debug: stripped_names = no Fri Sep 25 21:37:05 2020 : Debug: auth = no Fri Sep 25 21:37:05 2020 : Debug: auth_badpass = no Fri Sep 25 21:37:05 2020 : Debug: auth_goodpass = no Fri Sep 25 21:37:05 2020 : Debug: colourise = yes Fri Sep 25 21:37:05 2020 : Debug: msg_denied = "You are already logged in - access denied" Fri Sep 25 21:37:05 2020 : Warning: /usr/local/etc/raddb/radiusd.conf[298]: The item 'destination' is defined, but is unused by the configuration Fri Sep 25 21:37:05 2020 : Warning: /usr/local/etc/raddb/radiusd.conf[315]: The item 'file' is defined, but is unused by the configuration Fri Sep 25 21:37:05 2020 : Warning: /usr/local/etc/raddb/radiusd.conf[323]: The item 'syslog_facility' is defined, but is unused by the configuration Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: resources { Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: security { Fri Sep 25 21:37:05 2020 : Debug: max_attributes = 200 Fri Sep 25 21:37:05 2020 : Debug: reject_delay = 1.000000 Fri Sep 25 21:37:05 2020 : Debug: status_server = yes Fri Sep 25 21:37:05 2020 : Warning: /usr/local/etc/raddb/radiusd.conf[575]: The item 'allow_vulnerable_openssl' is defined, but is unused by the configuration Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Warning: /usr/local/etc/raddb/radiusd.conf[97]: The item 'confdir' is defined, but is unused by the configuration Fri Sep 25 21:37:05 2020 : Warning: /usr/local/etc/raddb/radiusd.conf[104]: The item 'db_dir' is defined, but is unused by the configuration Fri Sep 25 21:37:05 2020 : Warning: /usr/local/etc/raddb/radiusd.conf[170]: The item 'correct_escapes' is defined, but is unused by the configuration Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: radiusd: #### Loading Realms and Home Servers #### Fri Sep 25 21:37:05 2020 : Debug: proxy server { Fri Sep 25 21:37:05 2020 : Debug: retry_delay = 5 Fri Sep 25 21:37:05 2020 : Debug: retry_count = 3 Fri Sep 25 21:37:05 2020 : Debug: default_fallback = no Fri Sep 25 21:37:05 2020 : Debug: dead_time = 120 Fri Sep 25 21:37:05 2020 : Debug: wake_all_if_all_dead = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: home_server localhost { Fri Sep 25 21:37:05 2020 : Debug: ipaddr = 127.0.0.1 Fri Sep 25 21:37:05 2020 : Debug: port = 1812 Fri Sep 25 21:37:05 2020 : Debug: type = "auth" Fri Sep 25 21:37:05 2020 : Debug: secret = "testing123" Fri Sep 25 21:37:05 2020 : Debug: response_window = 20.000000 Fri Sep 25 21:37:05 2020 : Debug: response_timeouts = 1 Fri Sep 25 21:37:05 2020 : Debug: max_outstanding = 65536 Fri Sep 25 21:37:05 2020 : Debug: zombie_period = 40 Fri Sep 25 21:37:05 2020 : Debug: status_check = "status-server" Fri Sep 25 21:37:05 2020 : Debug: ping_interval = 30 Fri Sep 25 21:37:05 2020 : Debug: check_interval = 30 Fri Sep 25 21:37:05 2020 : Debug: check_timeout = 4 Fri Sep 25 21:37:05 2020 : Debug: num_answers_to_alive = 3 Fri Sep 25 21:37:05 2020 : Debug: revive_interval = 120 Fri Sep 25 21:37:05 2020 : Debug: limit { Fri Sep 25 21:37:05 2020 : Debug: max_connections = 16 Fri Sep 25 21:37:05 2020 : Debug: max_requests = 0 Fri Sep 25 21:37:05 2020 : Debug: lifetime = 0 Fri Sep 25 21:37:05 2020 : Debug: idle_timeout = 0 Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: coa { Fri Sep 25 21:37:05 2020 : Debug: irt = 2 Fri Sep 25 21:37:05 2020 : Debug: mrt = 16 Fri Sep 25 21:37:05 2020 : Debug: mrc = 5 Fri Sep 25 21:37:05 2020 : Debug: mrd = 30 Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: home_server_pool my_auth_failover { Fri Sep 25 21:37:05 2020 : Debug: type = fail-over Fri Sep 25 21:37:05 2020 : Debug: home_server = localhost Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: realm example.com { Fri Sep 25 21:37:05 2020 : Debug: auth_pool = my_auth_failover Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: realm LOCAL { Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: radiusd: #### Loading Clients #### Fri Sep 25 21:37:05 2020 : Debug: client localhost { Fri Sep 25 21:37:05 2020 : Debug: ipaddr = 127.0.0.1 Fri Sep 25 21:37:05 2020 : Debug: require_message_authenticator = no Fri Sep 25 21:37:05 2020 : Debug: secret = "testing123" Fri Sep 25 21:37:05 2020 : Debug: nas_type = "other" Fri Sep 25 21:37:05 2020 : Debug: proto = "*" Fri Sep 25 21:37:05 2020 : Debug: limit { Fri Sep 25 21:37:05 2020 : Debug: max_connections = 16 Fri Sep 25 21:37:05 2020 : Debug: lifetime = 0 Fri Sep 25 21:37:05 2020 : Debug: idle_timeout = 30 Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Adding client 127.0.0.1/32 (127.0.0.1) to prefix tree 32 Fri Sep 25 21:37:05 2020 : Debug: client localhost_ipv6 { Fri Sep 25 21:37:05 2020 : Debug: ipv6addr = ::1 Fri Sep 25 21:37:05 2020 : Debug: require_message_authenticator = no Fri Sep 25 21:37:05 2020 : Debug: secret = "testing123" Fri Sep 25 21:37:05 2020 : Debug: limit { Fri Sep 25 21:37:05 2020 : Debug: max_connections = 16 Fri Sep 25 21:37:05 2020 : Debug: lifetime = 0 Fri Sep 25 21:37:05 2020 : Debug: idle_timeout = 30 Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Adding client ::1/128 (::1) to prefix tree 128 Fri Sep 25 21:37:05 2020 : Debug: client 192.168.255.102 { Fri Sep 25 21:37:05 2020 : Debug: ipaddr = 192.168.255.102 Fri Sep 25 21:37:05 2020 : Debug: require_message_authenticator = no Fri Sep 25 21:37:05 2020 : Debug: secret = "proer123" Fri Sep 25 21:37:05 2020 : Debug: limit { Fri Sep 25 21:37:05 2020 : Debug: max_connections = 16 Fri Sep 25 21:37:05 2020 : Debug: lifetime = 0 Fri Sep 25 21:37:05 2020 : Debug: idle_timeout = 30 Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Adding client 192.168.255.102/32 (192.168.255.102) to prefix tree 32 Fri Sep 25 21:37:05 2020 : Info: Debugger not attached Fri Sep 25 21:37:05 2020 : Debug: # Creating Auth-Type = mschap Fri Sep 25 21:37:05 2020 : Debug: # Creating Auth-Type = eap Fri Sep 25 21:37:05 2020 : Debug: # Creating Auth-Type = PAP Fri Sep 25 21:37:05 2020 : Debug: # Creating Auth-Type = CHAP Fri Sep 25 21:37:05 2020 : Debug: # Creating Auth-Type = MS-CHAP Fri Sep 25 21:37:05 2020 : Debug: # Creating Auth-Type = digest Fri Sep 25 21:37:05 2020 : Debug: radiusd: #### Instantiating modules #### Fri Sep 25 21:37:05 2020 : Debug: modules { Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_exec with path: /usr/local/lib/rlm_exec.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_exec, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_exec Fri Sep 25 21:37:05 2020 : Debug: # Loading module "exec" from file /usr/local/etc/raddb/mods-enabled/exec Fri Sep 25 21:37:05 2020 : Debug: exec { Fri Sep 25 21:37:05 2020 : Debug: wait = no Fri Sep 25 21:37:05 2020 : Debug: input_pairs = "request" Fri Sep 25 21:37:05 2020 : Debug: shell_escape = yes Fri Sep 25 21:37:05 2020 : Debug: timeout = 10 Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_attr_filter with path: /usr/local/lib/rlm_attr_filter.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_attr_filter, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_attr_filter Fri Sep 25 21:37:05 2020 : Debug: # Loading module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter Fri Sep 25 21:37:05 2020 : Debug: attr_filter attr_filter.post-proxy { Fri Sep 25 21:37:05 2020 : Debug: filename = "/usr/local/etc/raddb/mods-config/attr_filter/post-proxy" Fri Sep 25 21:37:05 2020 : Debug: key = "%{Realm}" Fri Sep 25 21:37:05 2020 : Debug: relaxed = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter Fri Sep 25 21:37:05 2020 : Debug: attr_filter attr_filter.pre-proxy { Fri Sep 25 21:37:05 2020 : Debug: filename = "/usr/local/etc/raddb/mods-config/attr_filter/pre-proxy" Fri Sep 25 21:37:05 2020 : Debug: key = "%{Realm}" Fri Sep 25 21:37:05 2020 : Debug: relaxed = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter Fri Sep 25 21:37:05 2020 : Debug: attr_filter attr_filter.access_reject { Fri Sep 25 21:37:05 2020 : Debug: filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_reject" Fri Sep 25 21:37:05 2020 : Debug: key = "%{User-Name}" Fri Sep 25 21:37:05 2020 : Debug: relaxed = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter Fri Sep 25 21:37:05 2020 : Debug: attr_filter attr_filter.access_challenge { Fri Sep 25 21:37:05 2020 : Debug: filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_challenge" Fri Sep 25 21:37:05 2020 : Debug: key = "%{User-Name}" Fri Sep 25 21:37:05 2020 : Debug: relaxed = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter Fri Sep 25 21:37:05 2020 : Debug: attr_filter attr_filter.accounting_response { Fri Sep 25 21:37:05 2020 : Debug: filename = "/usr/local/etc/raddb/mods-config/attr_filter/accounting_response" Fri Sep 25 21:37:05 2020 : Debug: key = "%{User-Name}" Fri Sep 25 21:37:05 2020 : Debug: relaxed = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_cache with path: /usr/local/lib/rlm_cache.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_cache, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_cache Fri Sep 25 21:37:05 2020 : Debug: # Loading module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap Fri Sep 25 21:37:05 2020 : Debug: cache cache_eap { Fri Sep 25 21:37:05 2020 : Debug: driver = "rlm_cache_rbtree" Fri Sep 25 21:37:05 2020 : Debug: key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" Fri Sep 25 21:37:05 2020 : Debug: ttl = 15 Fri Sep 25 21:37:05 2020 : Debug: max_entries = 0 Fri Sep 25 21:37:05 2020 : Debug: epoch = 0 Fri Sep 25 21:37:05 2020 : Debug: add_stats = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "ntlm_auth" from file /usr/local/etc/raddb/mods-enabled/ntlm_auth Fri Sep 25 21:37:05 2020 : Debug: exec ntlm_auth { Fri Sep 25 21:37:05 2020 : Debug: wait = yes Fri Sep 25 21:37:05 2020 : Debug: program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" Fri Sep 25 21:37:05 2020 : Debug: shell_escape = yes Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_radutmp with path: /usr/local/lib/rlm_radutmp.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_radutmp, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_radutmp Fri Sep 25 21:37:05 2020 : Debug: # Loading module "sradutmp" from file /usr/local/etc/raddb/mods-enabled/sradutmp Fri Sep 25 21:37:05 2020 : Debug: radutmp sradutmp { Fri Sep 25 21:37:05 2020 : Debug: filename = "/usr/local/var/log/radius/sradutmp" Fri Sep 25 21:37:05 2020 : Debug: username = "%{User-Name}" Fri Sep 25 21:37:05 2020 : Debug: case_sensitive = yes Fri Sep 25 21:37:05 2020 : Debug: check_with_nas = yes Fri Sep 25 21:37:05 2020 : Debug: permissions = 420 Fri Sep 25 21:37:05 2020 : Debug: caller_id = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_files with path: /usr/local/lib/rlm_files.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_files, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_files Fri Sep 25 21:37:05 2020 : Debug: # Loading module "files" from file /usr/local/etc/raddb/mods-enabled/files Fri Sep 25 21:37:05 2020 : Debug: files { Fri Sep 25 21:37:05 2020 : Debug: filename = "/usr/local/etc/raddb/mods-config/files/authorize" Fri Sep 25 21:37:05 2020 : Debug: acctusersfile = "/usr/local/etc/raddb/mods-config/files/accounting" Fri Sep 25 21:37:05 2020 : Debug: preproxy_usersfile = "/usr/local/etc/raddb/mods-config/files/pre-proxy" Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "radutmp" from file /usr/local/etc/raddb/mods-enabled/radutmp Fri Sep 25 21:37:05 2020 : Debug: radutmp { Fri Sep 25 21:37:05 2020 : Debug: filename = "/usr/local/var/log/radius/radutmp" Fri Sep 25 21:37:05 2020 : Debug: username = "%{User-Name}" Fri Sep 25 21:37:05 2020 : Debug: case_sensitive = yes Fri Sep 25 21:37:05 2020 : Debug: check_with_nas = yes Fri Sep 25 21:37:05 2020 : Debug: permissions = 384 Fri Sep 25 21:37:05 2020 : Debug: caller_id = yes Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_preprocess with path: /usr/local/lib/rlm_preprocess.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_preprocess, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_preprocess Fri Sep 25 21:37:05 2020 : Debug: # Loading module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess Fri Sep 25 21:37:05 2020 : Debug: preprocess { Fri Sep 25 21:37:05 2020 : Debug: huntgroups = "/usr/local/etc/raddb/mods-config/preprocess/huntgroups" Fri Sep 25 21:37:05 2020 : Debug: hints = "/usr/local/etc/raddb/mods-config/preprocess/hints" Fri Sep 25 21:37:05 2020 : Debug: with_ascend_hack = no Fri Sep 25 21:37:05 2020 : Debug: ascend_channels_per_line = 23 Fri Sep 25 21:37:05 2020 : Debug: with_ntdomain_hack = no Fri Sep 25 21:37:05 2020 : Debug: with_specialix_jetstream_hack = no Fri Sep 25 21:37:05 2020 : Debug: with_cisco_vsa_hack = no Fri Sep 25 21:37:05 2020 : Debug: with_alvarion_vsa_hack = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_expiration with path: /usr/local/lib/rlm_expiration.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_expiration, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_expiration Fri Sep 25 21:37:05 2020 : Debug: # Loading module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_logintime with path: /usr/local/lib/rlm_logintime.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_logintime, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_logintime Fri Sep 25 21:37:05 2020 : Debug: # Loading module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime Fri Sep 25 21:37:05 2020 : Debug: logintime { Fri Sep 25 21:37:05 2020 : Debug: minimum_timeout = 60 Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_date with path: /usr/local/lib/rlm_date.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_date, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_date Fri Sep 25 21:37:05 2020 : Debug: # Loading module "date" from file /usr/local/etc/raddb/mods-enabled/date Fri Sep 25 21:37:05 2020 : Debug: date { Fri Sep 25 21:37:05 2020 : Debug: format = "%b %e %Y %H:%M:%S %Z" Fri Sep 25 21:37:05 2020 : Debug: utc = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "wispr2date" from file /usr/local/etc/raddb/mods-enabled/date Fri Sep 25 21:37:05 2020 : Debug: date wispr2date { Fri Sep 25 21:37:05 2020 : Debug: format = "%Y-%m-%dT%H:%M:%S" Fri Sep 25 21:37:05 2020 : Debug: utc = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_always with path: /usr/local/lib/rlm_always.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_always, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_always Fri Sep 25 21:37:05 2020 : Debug: # Loading module "reject" from file /usr/local/etc/raddb/mods-enabled/always Fri Sep 25 21:37:05 2020 : Debug: always reject { Fri Sep 25 21:37:05 2020 : Debug: rcode = "reject" Fri Sep 25 21:37:05 2020 : Debug: simulcount = 0 Fri Sep 25 21:37:05 2020 : Debug: mpp = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "fail" from file /usr/local/etc/raddb/mods-enabled/always Fri Sep 25 21:37:05 2020 : Debug: always fail { Fri Sep 25 21:37:05 2020 : Debug: rcode = "fail" Fri Sep 25 21:37:05 2020 : Debug: simulcount = 0 Fri Sep 25 21:37:05 2020 : Debug: mpp = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "ok" from file /usr/local/etc/raddb/mods-enabled/always Fri Sep 25 21:37:05 2020 : Debug: always ok { Fri Sep 25 21:37:05 2020 : Debug: rcode = "ok" Fri Sep 25 21:37:05 2020 : Debug: simulcount = 0 Fri Sep 25 21:37:05 2020 : Debug: mpp = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "handled" from file /usr/local/etc/raddb/mods-enabled/always Fri Sep 25 21:37:05 2020 : Debug: always handled { Fri Sep 25 21:37:05 2020 : Debug: rcode = "handled" Fri Sep 25 21:37:05 2020 : Debug: simulcount = 0 Fri Sep 25 21:37:05 2020 : Debug: mpp = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "invalid" from file /usr/local/etc/raddb/mods-enabled/always Fri Sep 25 21:37:05 2020 : Debug: always invalid { Fri Sep 25 21:37:05 2020 : Debug: rcode = "invalid" Fri Sep 25 21:37:05 2020 : Debug: simulcount = 0 Fri Sep 25 21:37:05 2020 : Debug: mpp = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "userlock" from file /usr/local/etc/raddb/mods-enabled/always Fri Sep 25 21:37:05 2020 : Debug: always userlock { Fri Sep 25 21:37:05 2020 : Debug: rcode = "userlock" Fri Sep 25 21:37:05 2020 : Debug: simulcount = 0 Fri Sep 25 21:37:05 2020 : Debug: mpp = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "notfound" from file /usr/local/etc/raddb/mods-enabled/always Fri Sep 25 21:37:05 2020 : Debug: always notfound { Fri Sep 25 21:37:05 2020 : Debug: rcode = "notfound" Fri Sep 25 21:37:05 2020 : Debug: simulcount = 0 Fri Sep 25 21:37:05 2020 : Debug: mpp = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "noop" from file /usr/local/etc/raddb/mods-enabled/always Fri Sep 25 21:37:05 2020 : Debug: always noop { Fri Sep 25 21:37:05 2020 : Debug: rcode = "noop" Fri Sep 25 21:37:05 2020 : Debug: simulcount = 0 Fri Sep 25 21:37:05 2020 : Debug: mpp = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "updated" from file /usr/local/etc/raddb/mods-enabled/always Fri Sep 25 21:37:05 2020 : Debug: always updated { Fri Sep 25 21:37:05 2020 : Debug: rcode = "updated" Fri Sep 25 21:37:05 2020 : Debug: simulcount = 0 Fri Sep 25 21:37:05 2020 : Debug: mpp = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_unpack with path: /usr/local/lib/rlm_unpack.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_unpack, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_unpack Fri Sep 25 21:37:05 2020 : Debug: # Loading module "unpack" from file /usr/local/etc/raddb/mods-enabled/unpack Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_eap with path: /usr/local/lib/rlm_eap.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_eap, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_eap Fri Sep 25 21:37:05 2020 : Debug: # Loading module "eap" from file /usr/local/etc/raddb/mods-enabled/eap Fri Sep 25 21:37:05 2020 : Debug: eap { Fri Sep 25 21:37:05 2020 : Debug: default_eap_type = "peap" Fri Sep 25 21:37:05 2020 : Debug: timer_expire = 60 Fri Sep 25 21:37:05 2020 : Debug: ignore_unknown_eap_types = no Fri Sep 25 21:37:05 2020 : Debug: cisco_accounting_username_bug = no Fri Sep 25 21:37:05 2020 : Debug: max_sessions = 16384 Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_pap with path: /usr/local/lib/rlm_pap.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_pap, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_pap Fri Sep 25 21:37:05 2020 : Debug: # Loading module "pap" from file /usr/local/etc/raddb/mods-enabled/pap Fri Sep 25 21:37:05 2020 : Debug: pap { Fri Sep 25 21:37:05 2020 : Debug: normalise = yes Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_soh with path: /usr/local/lib/rlm_soh.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_soh, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_soh Fri Sep 25 21:37:05 2020 : Debug: # Loading module "soh" from file /usr/local/etc/raddb/mods-enabled/soh Fri Sep 25 21:37:05 2020 : Debug: soh { Fri Sep 25 21:37:05 2020 : Debug: dhcp = yes Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_detail with path: /usr/local/lib/rlm_detail.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_detail, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_detail Fri Sep 25 21:37:05 2020 : Debug: # Loading module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log Fri Sep 25 21:37:05 2020 : Debug: detail auth_log { Fri Sep 25 21:37:05 2020 : Debug: filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" Fri Sep 25 21:37:05 2020 : Debug: header = "%t" Fri Sep 25 21:37:05 2020 : Debug: permissions = 384 Fri Sep 25 21:37:05 2020 : Debug: locking = no Fri Sep 25 21:37:05 2020 : Debug: escape_filenames = no Fri Sep 25 21:37:05 2020 : Debug: log_packet_header = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log Fri Sep 25 21:37:05 2020 : Debug: detail reply_log { Fri Sep 25 21:37:05 2020 : Debug: filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" Fri Sep 25 21:37:05 2020 : Debug: header = "%t" Fri Sep 25 21:37:05 2020 : Debug: permissions = 384 Fri Sep 25 21:37:05 2020 : Debug: locking = no Fri Sep 25 21:37:05 2020 : Debug: escape_filenames = no Fri Sep 25 21:37:05 2020 : Debug: log_packet_header = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log Fri Sep 25 21:37:05 2020 : Debug: detail pre_proxy_log { Fri Sep 25 21:37:05 2020 : Debug: filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" Fri Sep 25 21:37:05 2020 : Debug: header = "%t" Fri Sep 25 21:37:05 2020 : Debug: permissions = 384 Fri Sep 25 21:37:05 2020 : Debug: locking = no Fri Sep 25 21:37:05 2020 : Debug: escape_filenames = no Fri Sep 25 21:37:05 2020 : Debug: log_packet_header = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log Fri Sep 25 21:37:05 2020 : Debug: detail post_proxy_log { Fri Sep 25 21:37:05 2020 : Debug: filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" Fri Sep 25 21:37:05 2020 : Debug: header = "%t" Fri Sep 25 21:37:05 2020 : Debug: permissions = 384 Fri Sep 25 21:37:05 2020 : Debug: locking = no Fri Sep 25 21:37:05 2020 : Debug: escape_filenames = no Fri Sep 25 21:37:05 2020 : Debug: log_packet_header = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_chap with path: /usr/local/lib/rlm_chap.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_chap, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_chap Fri Sep 25 21:37:05 2020 : Debug: # Loading module "chap" from file /usr/local/etc/raddb/mods-enabled/chap Fri Sep 25 21:37:05 2020 : Debug: # Loading module "echo" from file /usr/local/etc/raddb/mods-enabled/echo Fri Sep 25 21:37:05 2020 : Debug: exec echo { Fri Sep 25 21:37:05 2020 : Debug: wait = yes Fri Sep 25 21:37:05 2020 : Debug: program = "/bin/echo %{User-Name}" Fri Sep 25 21:37:05 2020 : Debug: input_pairs = "request" Fri Sep 25 21:37:05 2020 : Debug: output_pairs = "reply" Fri Sep 25 21:37:05 2020 : Debug: shell_escape = yes Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "detail" from file /usr/local/etc/raddb/mods-enabled/detail Fri Sep 25 21:37:05 2020 : Debug: detail { Fri Sep 25 21:37:05 2020 : Debug: filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" Fri Sep 25 21:37:05 2020 : Debug: header = "%t" Fri Sep 25 21:37:05 2020 : Debug: permissions = 384 Fri Sep 25 21:37:05 2020 : Debug: locking = no Fri Sep 25 21:37:05 2020 : Debug: escape_filenames = no Fri Sep 25 21:37:05 2020 : Debug: log_packet_header = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_dynamic_clients with path: /usr/local/lib/rlm_dynamic_clients.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_dynamic_clients, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_dynamic_clients Fri Sep 25 21:37:05 2020 : Debug: # Loading module "dynamic_clients" from file /usr/local/etc/raddb/mods-enabled/dynamic_clients Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_mschap with path: /usr/local/lib/rlm_mschap.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_mschap, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_mschap Fri Sep 25 21:37:05 2020 : Debug: # Loading module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap Fri Sep 25 21:37:05 2020 : Debug: mschap { Fri Sep 25 21:37:05 2020 : Debug: use_mppe = yes Fri Sep 25 21:37:05 2020 : Debug: require_encryption = no Fri Sep 25 21:37:05 2020 : Debug: require_strong = no Fri Sep 25 21:37:05 2020 : Debug: with_ntdomain_hack = yes Fri Sep 25 21:37:05 2020 : Debug: passchange { Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: allow_retry = yes Fri Sep 25 21:37:05 2020 : Debug: winbind_retry_with_normalised_username = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_linelog with path: /usr/local/lib/rlm_linelog.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_linelog, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_linelog Fri Sep 25 21:37:05 2020 : Debug: # Loading module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog Fri Sep 25 21:37:05 2020 : Debug: linelog { Fri Sep 25 21:37:05 2020 : Debug: filename = "/usr/local/var/log/radius/linelog" Fri Sep 25 21:37:05 2020 : Debug: escape_filenames = no Fri Sep 25 21:37:05 2020 : Debug: syslog_severity = "info" Fri Sep 25 21:37:05 2020 : Debug: permissions = 384 Fri Sep 25 21:37:05 2020 : Debug: format = "This is a log message for %{User-Name}" Fri Sep 25 21:37:05 2020 : Debug: reference = "messages.%{%{reply:Packet-Type}:-default}" Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "log_accounting" from file /usr/local/etc/raddb/mods-enabled/linelog Fri Sep 25 21:37:05 2020 : Debug: linelog log_accounting { Fri Sep 25 21:37:05 2020 : Debug: filename = "/usr/local/var/log/radius/linelog-accounting" Fri Sep 25 21:37:05 2020 : Debug: escape_filenames = no Fri Sep 25 21:37:05 2020 : Debug: syslog_severity = "info" Fri Sep 25 21:37:05 2020 : Debug: permissions = 384 Fri Sep 25 21:37:05 2020 : Debug: format = "" Fri Sep 25 21:37:05 2020 : Debug: reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_digest with path: /usr/local/lib/rlm_digest.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_digest, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_digest Fri Sep 25 21:37:05 2020 : Debug: # Loading module "digest" from file /usr/local/etc/raddb/mods-enabled/digest Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_expr with path: /usr/local/lib/rlm_expr.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_expr, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_expr Fri Sep 25 21:37:05 2020 : Debug: # Loading module "expr" from file /usr/local/etc/raddb/mods-enabled/expr Fri Sep 25 21:37:05 2020 : Debug: expr { Fri Sep 25 21:37:05 2020 : Debug: safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ" Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_replicate with path: /usr/local/lib/rlm_replicate.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_replicate, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_replicate Fri Sep 25 21:37:05 2020 : Debug: # Loading module "replicate" from file /usr/local/etc/raddb/mods-enabled/replicate Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_passwd with path: /usr/local/lib/rlm_passwd.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_passwd, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_passwd Fri Sep 25 21:37:05 2020 : Debug: # Loading module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd Fri Sep 25 21:37:05 2020 : Debug: passwd etc_passwd { Fri Sep 25 21:37:05 2020 : Debug: filename = "/etc/passwd" Fri Sep 25 21:37:05 2020 : Debug: format = "*User-Name:Crypt-Password:" Fri Sep 25 21:37:05 2020 : Debug: delimiter = ":" Fri Sep 25 21:37:05 2020 : Debug: ignore_nislike = no Fri Sep 25 21:37:05 2020 : Debug: ignore_empty = yes Fri Sep 25 21:37:05 2020 : Debug: allow_multiple_keys = no Fri Sep 25 21:37:05 2020 : Debug: hash_size = 100 Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_unix with path: /usr/local/lib/rlm_unix.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_unix, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_unix Fri Sep 25 21:37:05 2020 : Debug: # Loading module "unix" from file /usr/local/etc/raddb/mods-enabled/unix Fri Sep 25 21:37:05 2020 : Debug: unix { Fri Sep 25 21:37:05 2020 : Debug: radwtmp = "/usr/local/var/log/radius/radwtmp" Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Creating attribute Unix-Group Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_utf8 with path: /usr/local/lib/rlm_utf8.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_utf8, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_utf8 Fri Sep 25 21:37:05 2020 : Debug: # Loading module "utf8" from file /usr/local/etc/raddb/mods-enabled/utf8 Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_realm with path: /usr/local/lib/rlm_realm.so Fri Sep 25 21:37:05 2020 : Debug: Loaded rlm_realm, checking if it's valid Fri Sep 25 21:37:05 2020 : Debug: # Loaded module rlm_realm Fri Sep 25 21:37:05 2020 : Debug: # Loading module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm Fri Sep 25 21:37:05 2020 : Debug: realm IPASS { Fri Sep 25 21:37:05 2020 : Debug: format = "prefix" Fri Sep 25 21:37:05 2020 : Debug: delimiter = "/" Fri Sep 25 21:37:05 2020 : Debug: ignore_default = no Fri Sep 25 21:37:05 2020 : Debug: ignore_null = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm Fri Sep 25 21:37:05 2020 : Debug: realm suffix { Fri Sep 25 21:37:05 2020 : Debug: format = "suffix" Fri Sep 25 21:37:05 2020 : Debug: delimiter = "@" Fri Sep 25 21:37:05 2020 : Debug: ignore_default = no Fri Sep 25 21:37:05 2020 : Debug: ignore_null = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "bangpath" from file /usr/local/etc/raddb/mods-enabled/realm Fri Sep 25 21:37:05 2020 : Debug: realm bangpath { Fri Sep 25 21:37:05 2020 : Debug: format = "prefix" Fri Sep 25 21:37:05 2020 : Debug: delimiter = "!" Fri Sep 25 21:37:05 2020 : Debug: ignore_default = no Fri Sep 25 21:37:05 2020 : Debug: ignore_null = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm Fri Sep 25 21:37:05 2020 : Debug: realm realmpercent { Fri Sep 25 21:37:05 2020 : Debug: format = "suffix" Fri Sep 25 21:37:05 2020 : Debug: delimiter = "%" Fri Sep 25 21:37:05 2020 : Debug: ignore_default = no Fri Sep 25 21:37:05 2020 : Debug: ignore_null = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Loading module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm Fri Sep 25 21:37:05 2020 : Debug: realm ntdomain { Fri Sep 25 21:37:05 2020 : Debug: format = "prefix" Fri Sep 25 21:37:05 2020 : Debug: delimiter = "\\" Fri Sep 25 21:37:05 2020 : Debug: ignore_default = no Fri Sep 25 21:37:05 2020 : Debug: ignore_null = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: instantiate { Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter Fri Sep 25 21:37:05 2020 : Debug: reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/post-proxy Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter Fri Sep 25 21:37:05 2020 : Debug: reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter Fri Sep 25 21:37:05 2020 : Debug: reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_reject Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter Fri Sep 25 21:37:05 2020 : Debug: reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_challenge Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter Fri Sep 25 21:37:05 2020 : Debug: reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/accounting_response Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_cache_rbtree with path: /usr/local/lib/rlm_cache_rbtree.so Fri Sep 25 21:37:05 2020 : Debug: rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "files" from file /usr/local/etc/raddb/mods-enabled/files Fri Sep 25 21:37:05 2020 : Debug: reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize Fri Sep 25 21:37:05 2020 : Debug: reading pairlist file /usr/local/etc/raddb/mods-config/files/accounting Fri Sep 25 21:37:05 2020 : Debug: reading pairlist file /usr/local/etc/raddb/mods-config/files/pre-proxy Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess Fri Sep 25 21:37:05 2020 : Debug: reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/huntgroups Fri Sep 25 21:37:05 2020 : Debug: reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/hints Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "reject" from file /usr/local/etc/raddb/mods-enabled/always Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "fail" from file /usr/local/etc/raddb/mods-enabled/always Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "ok" from file /usr/local/etc/raddb/mods-enabled/always Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "handled" from file /usr/local/etc/raddb/mods-enabled/always Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "invalid" from file /usr/local/etc/raddb/mods-enabled/always Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "userlock" from file /usr/local/etc/raddb/mods-enabled/always Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "notfound" from file /usr/local/etc/raddb/mods-enabled/always Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "noop" from file /usr/local/etc/raddb/mods-enabled/always Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "updated" from file /usr/local/etc/raddb/mods-enabled/always Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "eap" from file /usr/local/etc/raddb/mods-enabled/eap Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_eap_md5 with path: /usr/local/lib/rlm_eap_md5.so Fri Sep 25 21:37:05 2020 : Debug: # Linked to sub-module rlm_eap_md5 Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_eap_leap with path: /usr/local/lib/rlm_eap_leap.so Fri Sep 25 21:37:05 2020 : Debug: # Linked to sub-module rlm_eap_leap Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_eap_gtc with path: /usr/local/lib/rlm_eap_gtc.so Fri Sep 25 21:37:05 2020 : Debug: # Linked to sub-module rlm_eap_gtc Fri Sep 25 21:37:05 2020 : Debug: gtc { Fri Sep 25 21:37:05 2020 : Debug: challenge = "Password: " Fri Sep 25 21:37:05 2020 : Debug: auth_type = "PAP" Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_eap_tls with path: /usr/local/lib/rlm_eap_tls.so Fri Sep 25 21:37:05 2020 : Debug: # Linked to sub-module rlm_eap_tls Fri Sep 25 21:37:05 2020 : Debug: tls { Fri Sep 25 21:37:05 2020 : Debug: tls = "tls-common" Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: tls-config tls-common { Fri Sep 25 21:37:05 2020 : Debug: verify_depth = 0 Fri Sep 25 21:37:05 2020 : Debug: ca_path = "/usr/local/etc/raddb/certs/inboxCA/crl" Fri Sep 25 21:37:05 2020 : Debug: pem_file_type = yes Fri Sep 25 21:37:05 2020 : Debug: private_key_file = "/usr/local/etc/raddb/certs/cert-key.pem" Fri Sep 25 21:37:05 2020 : Debug: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem" Fri Sep 25 21:37:05 2020 : Debug: ca_file = "/usr/local/etc/raddb/certs/cacert.pem" Fri Sep 25 21:37:05 2020 : Debug: private_key_password = "whatever" Fri Sep 25 21:37:05 2020 : Debug: dh_file = "/usr/local/etc/raddb/certs/dh.pem" Fri Sep 25 21:37:05 2020 : Debug: random_file = "/dev/urandom" Fri Sep 25 21:37:05 2020 : Debug: fragment_size = 2048 Fri Sep 25 21:37:05 2020 : Debug: include_length = yes Fri Sep 25 21:37:05 2020 : Debug: auto_chain = yes Fri Sep 25 21:37:05 2020 : Debug: check_crl = yes Fri Sep 25 21:37:05 2020 : Debug: check_all_crl = no Fri Sep 25 21:37:05 2020 : Debug: cipher_list = "DEFAULT" Fri Sep 25 21:37:05 2020 : Debug: cipher_server_preference = no Fri Sep 25 21:37:05 2020 : Debug: ecdh_curve = "prime256v1" Fri Sep 25 21:37:05 2020 : Debug: disable_tlsv1 = yes Fri Sep 25 21:37:05 2020 : Debug: disable_tlsv1_1 = yes Fri Sep 25 21:37:05 2020 : Debug: tls_max_version = "1.2" Fri Sep 25 21:37:05 2020 : Debug: tls_min_version = "1.2" Fri Sep 25 21:37:05 2020 : Debug: cache { Fri Sep 25 21:37:05 2020 : Debug: enable = no Fri Sep 25 21:37:05 2020 : Debug: lifetime = 24 Fri Sep 25 21:37:05 2020 : Debug: max_entries = 255 Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: verify { Fri Sep 25 21:37:05 2020 : Debug: skip_if_ocsp_ok = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: ocsp { Fri Sep 25 21:37:05 2020 : Debug: enable = no Fri Sep 25 21:37:05 2020 : Debug: override_cert_url = yes Fri Sep 25 21:37:05 2020 : Debug: url = "http://127.0.0.1/ocsp/" Fri Sep 25 21:37:05 2020 : Debug: use_nonce = yes Fri Sep 25 21:37:05 2020 : Debug: timeout = 0 Fri Sep 25 21:37:05 2020 : Debug: softfail = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_eap_ttls with path: /usr/local/lib/rlm_eap_ttls.so Fri Sep 25 21:37:05 2020 : Debug: # Linked to sub-module rlm_eap_ttls Fri Sep 25 21:37:05 2020 : Debug: ttls { Fri Sep 25 21:37:05 2020 : Debug: tls = "tls-common" Fri Sep 25 21:37:05 2020 : Debug: default_eap_type = "md5" Fri Sep 25 21:37:05 2020 : Debug: copy_request_to_tunnel = no Fri Sep 25 21:37:05 2020 : Debug: use_tunneled_reply = no Fri Sep 25 21:37:05 2020 : Debug: virtual_server = "inner-tunnel" Fri Sep 25 21:37:05 2020 : Debug: include_length = yes Fri Sep 25 21:37:05 2020 : Debug: require_client_cert = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: tls: Using cached TLS configuration from previous invocation Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_eap_peap with path: /usr/local/lib/rlm_eap_peap.so Fri Sep 25 21:37:05 2020 : Debug: # Linked to sub-module rlm_eap_peap Fri Sep 25 21:37:05 2020 : Debug: peap { Fri Sep 25 21:37:05 2020 : Debug: tls = "tls-common" Fri Sep 25 21:37:05 2020 : Debug: default_eap_type = "mschapv2" Fri Sep 25 21:37:05 2020 : Debug: copy_request_to_tunnel = no Fri Sep 25 21:37:05 2020 : Debug: use_tunneled_reply = no Fri Sep 25 21:37:05 2020 : Debug: proxy_tunneled_request_as_eap = yes Fri Sep 25 21:37:05 2020 : Debug: virtual_server = "inner-tunnel" Fri Sep 25 21:37:05 2020 : Debug: soh = no Fri Sep 25 21:37:05 2020 : Debug: require_client_cert = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: tls: Using cached TLS configuration from previous invocation Fri Sep 25 21:37:05 2020 : Debug: Loading rlm_eap_mschapv2 with path: /usr/local/lib/rlm_eap_mschapv2.so Fri Sep 25 21:37:05 2020 : Debug: # Linked to sub-module rlm_eap_mschapv2 Fri Sep 25 21:37:05 2020 : Debug: mschapv2 { Fri Sep 25 21:37:05 2020 : Debug: with_ntdomain_hack = no Fri Sep 25 21:37:05 2020 : Debug: send_error = no Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "pap" from file /usr/local/etc/raddb/mods-enabled/pap Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log Fri Sep 25 21:37:05 2020 : Debug: rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "detail" from file /usr/local/etc/raddb/mods-enabled/detail Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap Fri Sep 25 21:37:05 2020 : Debug: rlm_mschap (mschap): using internal authentication Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "log_accounting" from file /usr/local/etc/raddb/mods-enabled/linelog Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd Fri Sep 25 21:37:05 2020 : Debug: rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "bangpath" from file /usr/local/etc/raddb/mods-enabled/realm Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm Fri Sep 25 21:37:05 2020 : Debug: # Instantiating module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm Fri Sep 25 21:37:05 2020 : Debug: } # modules Fri Sep 25 21:37:05 2020 : Debug: radiusd: #### Loading Virtual Servers #### Fri Sep 25 21:37:05 2020 : Debug: server { # from file /usr/local/etc/raddb/radiusd.conf Fri Sep 25 21:37:05 2020 : Debug: } # server Fri Sep 25 21:37:05 2020 : Debug: server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Sep 25 21:37:05 2020 : Debug: authenticate { Fri Sep 25 21:37:05 2020 : Debug: group { Fri Sep 25 21:37:05 2020 : Debug: pap Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: group { Fri Sep 25 21:37:05 2020 : Debug: chap Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: group { Fri Sep 25 21:37:05 2020 : Debug: mschap Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: mschap Fri Sep 25 21:37:05 2020 : Debug: eap Fri Sep 25 21:37:05 2020 : Debug: } # authenticate Fri Sep 25 21:37:05 2020 : Debug: authorize { Fri Sep 25 21:37:05 2020 : Debug: policy filter_username { Fri Sep 25 21:37:05 2020 : Debug: if (&User-Name) { Fri Sep 25 21:37:05 2020 : Debug: if (&User-Name =~ / /) { Fri Sep 25 21:37:05 2020 : Debug: update { Fri Sep 25 21:37:05 2020 : Debug: &Module-Failure-Message += 'Rejected: User-Name contains whitespace' Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: reject Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: if (&User-Name =~ /@[^@]*@/) { Fri Sep 25 21:37:05 2020 : Debug: update { Fri Sep 25 21:37:05 2020 : Debug: &Module-Failure-Message += 'Rejected: Multiple @ in User-Name' Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: reject Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: if (&User-Name =~ /\.\./) { Fri Sep 25 21:37:05 2020 : Debug: update { Fri Sep 25 21:37:05 2020 : Debug: &Module-Failure-Message += 'Rejected: User-Name contains multiple ..s' Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: reject Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: if (&User-Name =~ /@/ && !&User-Name =~ /@(.+)\.(.+)$/) { Fri Sep 25 21:37:05 2020 : Debug: update { Fri Sep 25 21:37:05 2020 : Debug: &Module-Failure-Message += 'Rejected: Realm does not have at least one dot separator' Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: reject Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: if (&User-Name =~ /\.$/) { Fri Sep 25 21:37:05 2020 : Debug: update { Fri Sep 25 21:37:05 2020 : Debug: &Module-Failure-Message += 'Rejected: Realm ends with a dot' Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: reject Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: if (&User-Name =~ /@\./) { Fri Sep 25 21:37:05 2020 : Debug: update { Fri Sep 25 21:37:05 2020 : Debug: &Module-Failure-Message += 'Rejected: Realm begins with a dot' Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: reject Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: chap Fri Sep 25 21:37:05 2020 : Debug: mschap Fri Sep 25 21:37:05 2020 : Debug: suffix Fri Sep 25 21:37:05 2020 : Debug: update { Fri Sep 25 21:37:05 2020 : Debug: &control:Proxy-To-Realm := LOCAL Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: eap Fri Sep 25 21:37:05 2020 : Debug: files Fri Sep 25 21:37:05 2020 : Warning: Ignoring "sql" (see raddb/mods-available/README.rst) Fri Sep 25 21:37:05 2020 : Warning: Ignoring "ldap" (see raddb/mods-available/README.rst) Fri Sep 25 21:37:05 2020 : Debug: expiration Fri Sep 25 21:37:05 2020 : Debug: logintime Fri Sep 25 21:37:05 2020 : Debug: pap Fri Sep 25 21:37:05 2020 : Debug: } # authorize Fri Sep 25 21:37:05 2020 : Debug: session { Fri Sep 25 21:37:05 2020 : Debug: radutmp Fri Sep 25 21:37:05 2020 : Debug: } # session Fri Sep 25 21:37:05 2020 : Debug: post-proxy { Fri Sep 25 21:37:05 2020 : Debug: eap Fri Sep 25 21:37:05 2020 : Debug: } # post-proxy Fri Sep 25 21:37:05 2020 : Debug: post-auth { Fri Sep 25 21:37:05 2020 : Info: # Skipping contents of 'if' as it is always 'false' -- /usr/local/etc/raddb/sites-enabled/inner-tunnel:336 Fri Sep 25 21:37:05 2020 : Debug: if (false) { Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: group { Fri Sep 25 21:37:05 2020 : Debug: attr_filter.access_reject Fri Sep 25 21:37:05 2020 : Debug: update { Fri Sep 25 21:37:05 2020 : Debug: &outer.session-state:Module-Failure-Message := &Module-Failure-Message Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } # post-auth Fri Sep 25 21:37:05 2020 : Debug: } # server inner-tunnel Fri Sep 25 21:37:05 2020 : Debug: server default { # from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:05 2020 : Debug: authenticate { Fri Sep 25 21:37:05 2020 : Debug: group { Fri Sep 25 21:37:05 2020 : Debug: pap Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: group { Fri Sep 25 21:37:05 2020 : Debug: chap Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: group { Fri Sep 25 21:37:05 2020 : Debug: mschap Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: mschap Fri Sep 25 21:37:05 2020 : Debug: digest Fri Sep 25 21:37:05 2020 : Debug: eap Fri Sep 25 21:37:05 2020 : Debug: } # authenticate Fri Sep 25 21:37:05 2020 : Debug: authorize { Fri Sep 25 21:37:05 2020 : Debug: policy filter_username { Fri Sep 25 21:37:05 2020 : Debug: if (&User-Name) { Fri Sep 25 21:37:05 2020 : Debug: if (&User-Name =~ / /) { Fri Sep 25 21:37:05 2020 : Debug: update { Fri Sep 25 21:37:05 2020 : Debug: &Module-Failure-Message += 'Rejected: User-Name contains whitespace' Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: reject Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: if (&User-Name =~ /@[^@]*@/) { Fri Sep 25 21:37:05 2020 : Debug: update { Fri Sep 25 21:37:05 2020 : Debug: &Module-Failure-Message += 'Rejected: Multiple @ in User-Name' Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: reject Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: if (&User-Name =~ /\.\./) { Fri Sep 25 21:37:05 2020 : Debug: update { Fri Sep 25 21:37:05 2020 : Debug: &Module-Failure-Message += 'Rejected: User-Name contains multiple ..s' Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: reject Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: if (&User-Name =~ /@/ && !&User-Name =~ /@(.+)\.(.+)$/) { Fri Sep 25 21:37:05 2020 : Debug: update { Fri Sep 25 21:37:05 2020 : Debug: &Module-Failure-Message += 'Rejected: Realm does not have at least one dot separator' Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: reject Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: if (&User-Name =~ /\.$/) { Fri Sep 25 21:37:05 2020 : Debug: update { Fri Sep 25 21:37:05 2020 : Debug: &Module-Failure-Message += 'Rejected: Realm ends with a dot' Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: reject Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: if (&User-Name =~ /@\./) { Fri Sep 25 21:37:05 2020 : Debug: update { Fri Sep 25 21:37:05 2020 : Debug: &Module-Failure-Message += 'Rejected: Realm begins with a dot' Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: reject Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: preprocess Fri Sep 25 21:37:05 2020 : Debug: chap Fri Sep 25 21:37:05 2020 : Debug: mschap Fri Sep 25 21:37:05 2020 : Debug: digest Fri Sep 25 21:37:05 2020 : Debug: suffix Fri Sep 25 21:37:05 2020 : Debug: eap Fri Sep 25 21:37:05 2020 : Debug: files Fri Sep 25 21:37:05 2020 : Debug: expiration Fri Sep 25 21:37:05 2020 : Debug: logintime Fri Sep 25 21:37:05 2020 : Debug: pap Fri Sep 25 21:37:05 2020 : Debug: } # authorize Fri Sep 25 21:37:05 2020 : Debug: preacct { Fri Sep 25 21:37:05 2020 : Debug: preprocess Fri Sep 25 21:37:05 2020 : Debug: policy acct_unique { Fri Sep 25 21:37:05 2020 : Debug: update { Fri Sep 25 21:37:05 2020 : Debug: &Tmp-String-9 := "ai:" Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: if ("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/ && "%{string:&Class}" =~ /^ai:([0-9a-f]{32})/) { Fri Sep 25 21:37:05 2020 : Debug: update { Fri Sep 25 21:37:05 2020 : Debug: &Acct-Unique-Session-Id := "%{md5:%{1},%{Acct-Session-ID}}" Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: else { Fri Sep 25 21:37:05 2020 : Debug: update { Fri Sep 25 21:37:05 2020 : Debug: &Acct-Unique-Session-Id := "%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}" Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: suffix Fri Sep 25 21:37:05 2020 : Debug: files Fri Sep 25 21:37:05 2020 : Debug: } # preacct Fri Sep 25 21:37:05 2020 : Debug: accounting { Fri Sep 25 21:37:05 2020 : Debug: detail Fri Sep 25 21:37:05 2020 : Debug: unix Fri Sep 25 21:37:05 2020 : Debug: exec Fri Sep 25 21:37:05 2020 : Debug: attr_filter.accounting_response Fri Sep 25 21:37:05 2020 : Debug: } # accounting Fri Sep 25 21:37:05 2020 : Debug: post-proxy { Fri Sep 25 21:37:05 2020 : Debug: eap Fri Sep 25 21:37:05 2020 : Debug: } # post-proxy Fri Sep 25 21:37:05 2020 : Debug: post-auth { Fri Sep 25 21:37:05 2020 : Debug: if (&session-state:User-Name && &reply:User-Name && &User-Name && &reply:User-Name == &User-Name) { Fri Sep 25 21:37:05 2020 : Debug: update { Fri Sep 25 21:37:05 2020 : Debug: &reply:User-Name !* ANY Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: update { Fri Sep 25 21:37:05 2020 : Debug: &reply:[*] += &session-state:[*] Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: exec Fri Sep 25 21:37:05 2020 : Debug: policy remove_reply_message_if_eap { Fri Sep 25 21:37:05 2020 : Debug: if (&reply:EAP-Message && &reply:Reply-Message) { Fri Sep 25 21:37:05 2020 : Debug: update { Fri Sep 25 21:37:05 2020 : Debug: &reply:Reply-Message !* ANY Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: else { Fri Sep 25 21:37:05 2020 : Debug: noop Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: group { Fri Sep 25 21:37:05 2020 : Debug: attr_filter.access_reject Fri Sep 25 21:37:05 2020 : Debug: eap Fri Sep 25 21:37:05 2020 : Debug: policy remove_reply_message_if_eap { Fri Sep 25 21:37:05 2020 : Debug: if (&reply:EAP-Message && &reply:Reply-Message) { Fri Sep 25 21:37:05 2020 : Debug: update { Fri Sep 25 21:37:05 2020 : Debug: &reply:Reply-Message !* ANY Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: else { Fri Sep 25 21:37:05 2020 : Debug: noop Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: group { Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } # post-auth Fri Sep 25 21:37:05 2020 : Debug: } # server default Fri Sep 25 21:37:05 2020 : Debug: Created signal pipe. Read end FD 5, write end FD 6 Fri Sep 25 21:37:05 2020 : Debug: radiusd: #### Opening IP addresses and Ports #### Fri Sep 25 21:37:05 2020 : Debug: Loading proto_auth with path: /usr/local/lib/proto_auth.so Fri Sep 25 21:37:05 2020 : Debug: Loading proto_auth failed: /usr/local/lib/proto_auth.so: cannot open shared object file: No such file or directory - No such file or directory Fri Sep 25 21:37:05 2020 : Debug: Loading library using linker search path(s) Fri Sep 25 21:37:05 2020 : Debug: Defaults : /lib:/usr/lib Fri Sep 25 21:37:05 2020 : Debug: Failed with error: proto_auth.so: cannot open shared object file: No such file or directory Fri Sep 25 21:37:05 2020 : Debug: listen { Fri Sep 25 21:37:05 2020 : Debug: type = "auth" Fri Sep 25 21:37:05 2020 : Debug: ipaddr = 127.0.0.1 Fri Sep 25 21:37:05 2020 : Debug: port = 18120 Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading proto_auth with path: /usr/local/lib/proto_auth.so Fri Sep 25 21:37:05 2020 : Debug: Loading proto_auth failed: /usr/local/lib/proto_auth.so: cannot open shared object file: No such file or directory - No such file or directory Fri Sep 25 21:37:05 2020 : Debug: Loading library using linker search path(s) Fri Sep 25 21:37:05 2020 : Debug: Defaults : /lib:/usr/lib Fri Sep 25 21:37:05 2020 : Debug: Failed with error: proto_auth.so: cannot open shared object file: No such file or directory Fri Sep 25 21:37:05 2020 : Debug: listen { Fri Sep 25 21:37:05 2020 : Debug: type = "auth" Fri Sep 25 21:37:05 2020 : Debug: ipaddr = * Fri Sep 25 21:37:05 2020 : Debug: port = 0 Fri Sep 25 21:37:05 2020 : Debug: limit { Fri Sep 25 21:37:05 2020 : Debug: max_connections = 16 Fri Sep 25 21:37:05 2020 : Debug: lifetime = 0 Fri Sep 25 21:37:05 2020 : Debug: idle_timeout = 30 Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading proto_acct with path: /usr/local/lib/proto_acct.so Fri Sep 25 21:37:05 2020 : Debug: Loading proto_acct failed: /usr/local/lib/proto_acct.so: cannot open shared object file: No such file or directory - No such file or directory Fri Sep 25 21:37:05 2020 : Debug: Loading library using linker search path(s) Fri Sep 25 21:37:05 2020 : Debug: Defaults : /lib:/usr/lib Fri Sep 25 21:37:05 2020 : Debug: Failed with error: proto_acct.so: cannot open shared object file: No such file or directory Fri Sep 25 21:37:05 2020 : Debug: listen { Fri Sep 25 21:37:05 2020 : Debug: type = "acct" Fri Sep 25 21:37:05 2020 : Debug: ipaddr = * Fri Sep 25 21:37:05 2020 : Debug: port = 0 Fri Sep 25 21:37:05 2020 : Debug: limit { Fri Sep 25 21:37:05 2020 : Debug: max_connections = 16 Fri Sep 25 21:37:05 2020 : Debug: lifetime = 0 Fri Sep 25 21:37:05 2020 : Debug: idle_timeout = 30 Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading proto_auth with path: /usr/local/lib/proto_auth.so Fri Sep 25 21:37:05 2020 : Debug: Loading proto_auth failed: /usr/local/lib/proto_auth.so: cannot open shared object file: No such file or directory - No such file or directory Fri Sep 25 21:37:05 2020 : Debug: Loading library using linker search path(s) Fri Sep 25 21:37:05 2020 : Debug: Defaults : /lib:/usr/lib Fri Sep 25 21:37:05 2020 : Debug: Failed with error: proto_auth.so: cannot open shared object file: No such file or directory Fri Sep 25 21:37:05 2020 : Debug: listen { Fri Sep 25 21:37:05 2020 : Debug: type = "auth" Fri Sep 25 21:37:05 2020 : Debug: ipv6addr = :: Fri Sep 25 21:37:05 2020 : Debug: port = 0 Fri Sep 25 21:37:05 2020 : Debug: limit { Fri Sep 25 21:37:05 2020 : Debug: max_connections = 16 Fri Sep 25 21:37:05 2020 : Debug: lifetime = 0 Fri Sep 25 21:37:05 2020 : Debug: idle_timeout = 30 Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Loading proto_acct with path: /usr/local/lib/proto_acct.so Fri Sep 25 21:37:05 2020 : Debug: Loading proto_acct failed: /usr/local/lib/proto_acct.so: cannot open shared object file: No such file or directory - No such file or directory Fri Sep 25 21:37:05 2020 : Debug: Loading library using linker search path(s) Fri Sep 25 21:37:05 2020 : Debug: Defaults : /lib:/usr/lib Fri Sep 25 21:37:05 2020 : Debug: Failed with error: proto_acct.so: cannot open shared object file: No such file or directory Fri Sep 25 21:37:05 2020 : Debug: listen { Fri Sep 25 21:37:05 2020 : Debug: type = "acct" Fri Sep 25 21:37:05 2020 : Debug: ipv6addr = :: Fri Sep 25 21:37:05 2020 : Debug: port = 0 Fri Sep 25 21:37:05 2020 : Debug: limit { Fri Sep 25 21:37:05 2020 : Debug: max_connections = 16 Fri Sep 25 21:37:05 2020 : Debug: lifetime = 0 Fri Sep 25 21:37:05 2020 : Debug: idle_timeout = 30 Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: } Fri Sep 25 21:37:05 2020 : Debug: Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel Fri Sep 25 21:37:05 2020 : Debug: Listening on auth address * port 1812 bound to server default Fri Sep 25 21:37:05 2020 : Debug: Listening on acct address * port 1813 bound to server default Fri Sep 25 21:37:05 2020 : Debug: Listening on auth address :: port 1812 bound to server default Fri Sep 25 21:37:05 2020 : Debug: Listening on acct address :: port 1813 bound to server default Fri Sep 25 21:37:05 2020 : Debug: Opened new proxy socket 'proxy address * port 48574' Fri Sep 25 21:37:05 2020 : Debug: Listening on proxy address * port 48574 Fri Sep 25 21:37:05 2020 : Debug: Opened new proxy socket 'proxy address :: port 36997' Fri Sep 25 21:37:05 2020 : Debug: Listening on proxy address :: port 36997 Fri Sep 25 21:37:05 2020 : Info: Ready to process requests Fri Sep 25 21:37:11 2020 : Debug: (0) Received Access-Request Id 131 from 192.168.255.102:33392 to 192.168.255.20:1812 length 159 Fri Sep 25 21:37:11 2020 : Debug: (0) User-Name = "user01" Fri Sep 25 21:37:11 2020 : Debug: (0) NAS-IP-Address = 192.168.255.102 Fri Sep 25 21:37:11 2020 : Debug: (0) NAS-Identifier = "hello" Fri Sep 25 21:37:11 2020 : Debug: (0) NAS-Port = 0 Fri Sep 25 21:37:11 2020 : Debug: (0) Called-Station-Id = "C4-3D-C7-96-EE-23:eduroam" Fri Sep 25 21:37:11 2020 : Debug: (0) Calling-Station-Id = "F4-5C-89-9C-54-49" Fri Sep 25 21:37:11 2020 : Debug: (0) Framed-MTU = 1400 Fri Sep 25 21:37:11 2020 : Debug: (0) NAS-Port-Type = Wireless-802.11 Fri Sep 25 21:37:11 2020 : Debug: (0) Connect-Info = "CONNECT 0Mbps 802.11g" Fri Sep 25 21:37:11 2020 : Debug: (0) EAP-Message = 0x0201000b01757365723031 Fri Sep 25 21:37:11 2020 : Debug: (0) Message-Authenticator = 0x17aa8bf32598958ff85902231fe08029 Fri Sep 25 21:37:11 2020 : Debug: (0) session-state: No State attribute Fri Sep 25 21:37:11 2020 : Debug: (0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (0) authorize { Fri Sep 25 21:37:11 2020 : Debug: (0) policy filter_username { Fri Sep 25 21:37:11 2020 : Debug: (0) if (&User-Name) { Fri Sep 25 21:37:11 2020 : Debug: (0) if (&User-Name) -> TRUE Fri Sep 25 21:37:11 2020 : Debug: (0) if (&User-Name) { Fri Sep 25 21:37:11 2020 : Debug: (0) if (&User-Name =~ / /) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (0) if (&User-Name =~ / /) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (0) if (&User-Name =~ /@[^@]*@/ ) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (0) if (&User-Name =~ /\.\./ ) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (0) if (&User-Name =~ /\.\./ ) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (0) if (&User-Name =~ /\.$/) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (0) if (&User-Name =~ /\.$/) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (0) if (&User-Name =~ /@\./) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (0) if (&User-Name =~ /@\./) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (0) } # if (&User-Name) = notfound Fri Sep 25 21:37:11 2020 : Debug: (0) } # policy filter_username = notfound Fri Sep 25 21:37:11 2020 : Debug: (0) modsingle[authorize]: calling preprocess (rlm_preprocess) Fri Sep 25 21:37:11 2020 : Debug: (0) modsingle[authorize]: returned from preprocess (rlm_preprocess) Fri Sep 25 21:37:11 2020 : Debug: (0) [preprocess] = ok Fri Sep 25 21:37:11 2020 : Debug: (0) modsingle[authorize]: calling chap (rlm_chap) Fri Sep 25 21:37:11 2020 : Debug: (0) modsingle[authorize]: returned from chap (rlm_chap) Fri Sep 25 21:37:11 2020 : Debug: (0) [chap] = noop Fri Sep 25 21:37:11 2020 : Debug: (0) modsingle[authorize]: calling mschap (rlm_mschap) Fri Sep 25 21:37:11 2020 : Debug: (0) modsingle[authorize]: returned from mschap (rlm_mschap) Fri Sep 25 21:37:11 2020 : Debug: (0) [mschap] = noop Fri Sep 25 21:37:11 2020 : Debug: (0) modsingle[authorize]: calling digest (rlm_digest) Fri Sep 25 21:37:11 2020 : Debug: (0) modsingle[authorize]: returned from digest (rlm_digest) Fri Sep 25 21:37:11 2020 : Debug: (0) [digest] = noop Fri Sep 25 21:37:11 2020 : Debug: (0) modsingle[authorize]: calling suffix (rlm_realm) Fri Sep 25 21:37:11 2020 : Debug: (0) suffix: Checking for suffix after "@" Fri Sep 25 21:37:11 2020 : Debug: (0) suffix: No '@' in User-Name = "user01", looking up realm NULL Fri Sep 25 21:37:11 2020 : Debug: (0) suffix: No such realm "NULL" Fri Sep 25 21:37:11 2020 : Debug: (0) modsingle[authorize]: returned from suffix (rlm_realm) Fri Sep 25 21:37:11 2020 : Debug: (0) [suffix] = noop Fri Sep 25 21:37:11 2020 : Debug: (0) modsingle[authorize]: calling eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (0) eap: Peer sent EAP Response (code 2) ID 1 length 11 Fri Sep 25 21:37:11 2020 : Debug: (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize Fri Sep 25 21:37:11 2020 : Debug: (0) modsingle[authorize]: returned from eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (0) [eap] = ok Fri Sep 25 21:37:11 2020 : Debug: (0) } # authorize = ok Fri Sep 25 21:37:11 2020 : Debug: (0) Found Auth-Type = eap Fri Sep 25 21:37:11 2020 : Debug: (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (0) authenticate { Fri Sep 25 21:37:11 2020 : Debug: (0) modsingle[authenticate]: calling eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (0) eap: Peer sent packet with method EAP Identity (1) Fri Sep 25 21:37:11 2020 : Debug: (0) eap: Calling submodule eap_peap to process data Fri Sep 25 21:37:11 2020 : Debug: (0) eap_peap: Initiating new TLS session Fri Sep 25 21:37:11 2020 : Debug: (0) eap_peap: [eaptls start] = request Fri Sep 25 21:37:11 2020 : Debug: (0) eap: Sending EAP Request (code 1) ID 2 length 6 Fri Sep 25 21:37:11 2020 : Debug: (0) eap: EAP session adding &reply:State = 0xcd396531cd3b7cfe Fri Sep 25 21:37:11 2020 : Debug: (0) modsingle[authenticate]: returned from eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (0) [eap] = handled Fri Sep 25 21:37:11 2020 : Debug: (0) } # authenticate = handled Fri Sep 25 21:37:11 2020 : Debug: (0) Using Post-Auth-Type Challenge Fri Sep 25 21:37:11 2020 : Debug: (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (0) Challenge { ... } # empty sub-section is ignored Fri Sep 25 21:37:11 2020 : Debug: (0) session-state: Nothing to cache Fri Sep 25 21:37:11 2020 : Debug: (0) Sent Access-Challenge Id 131 from 192.168.255.20:1812 to 192.168.255.102:33392 length 0 Fri Sep 25 21:37:11 2020 : Debug: (0) EAP-Message = 0x010200061920 Fri Sep 25 21:37:11 2020 : Debug: (0) Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:11 2020 : Debug: (0) State = 0xcd396531cd3b7cfee72ab47eec5a39d7 Fri Sep 25 21:37:11 2020 : Debug: (0) Finished request Fri Sep 25 21:37:11 2020 : Debug: Waking up in 4.9 seconds. Fri Sep 25 21:37:11 2020 : Debug: (1) Received Access-Request Id 132 from 192.168.255.102:33392 to 192.168.255.20:1812 length 332 Fri Sep 25 21:37:11 2020 : Debug: (1) User-Name = "user01" Fri Sep 25 21:37:11 2020 : Debug: (1) NAS-IP-Address = 192.168.255.102 Fri Sep 25 21:37:11 2020 : Debug: (1) NAS-Identifier = "hello" Fri Sep 25 21:37:11 2020 : Debug: (1) NAS-Port = 0 Fri Sep 25 21:37:11 2020 : Debug: (1) Called-Station-Id = "C4-3D-C7-96-EE-23:eduroam" Fri Sep 25 21:37:11 2020 : Debug: (1) Calling-Station-Id = "F4-5C-89-9C-54-49" Fri Sep 25 21:37:11 2020 : Debug: (1) Framed-MTU = 1400 Fri Sep 25 21:37:11 2020 : Debug: (1) NAS-Port-Type = Wireless-802.11 Fri Sep 25 21:37:11 2020 : Debug: (1) Connect-Info = "CONNECT 0Mbps 802.11g" Fri Sep 25 21:37:11 2020 : Debug: (1) EAP-Message = 0x020200a619800000009c16030300970100009303035f6de53948d66e4b3540ca7b25c8944ebec46ec4f3d86aa80c8273885c30bf5200002ac02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c013009d009c003d003c0035002f000a01000040000500050100000000000a00080006001d00170018000b00020100000d001400120401050102010403050302030202060106030023000000170000ff01000100 Fri Sep 25 21:37:11 2020 : Debug: (1) State = 0xcd396531cd3b7cfee72ab47eec5a39d7 Fri Sep 25 21:37:11 2020 : Debug: (1) Message-Authenticator = 0x0de5e68e480769fc6e99f2bc915c0c08 Fri Sep 25 21:37:11 2020 : Debug: (1) session-state: No cached attributes Fri Sep 25 21:37:11 2020 : Debug: (1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (1) authorize { Fri Sep 25 21:37:11 2020 : Debug: (1) policy filter_username { Fri Sep 25 21:37:11 2020 : Debug: (1) if (&User-Name) { Fri Sep 25 21:37:11 2020 : Debug: (1) if (&User-Name) -> TRUE Fri Sep 25 21:37:11 2020 : Debug: (1) if (&User-Name) { Fri Sep 25 21:37:11 2020 : Debug: (1) if (&User-Name =~ / /) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (1) if (&User-Name =~ / /) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (1) if (&User-Name =~ /@[^@]*@/ ) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (1) if (&User-Name =~ /\.\./ ) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (1) if (&User-Name =~ /\.\./ ) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (1) if (&User-Name =~ /\.$/) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (1) if (&User-Name =~ /\.$/) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (1) if (&User-Name =~ /@\./) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (1) if (&User-Name =~ /@\./) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (1) } # if (&User-Name) = notfound Fri Sep 25 21:37:11 2020 : Debug: (1) } # policy filter_username = notfound Fri Sep 25 21:37:11 2020 : Debug: (1) modsingle[authorize]: calling preprocess (rlm_preprocess) Fri Sep 25 21:37:11 2020 : Debug: (1) modsingle[authorize]: returned from preprocess (rlm_preprocess) Fri Sep 25 21:37:11 2020 : Debug: (1) [preprocess] = ok Fri Sep 25 21:37:11 2020 : Debug: (1) modsingle[authorize]: calling chap (rlm_chap) Fri Sep 25 21:37:11 2020 : Debug: (1) modsingle[authorize]: returned from chap (rlm_chap) Fri Sep 25 21:37:11 2020 : Debug: (1) [chap] = noop Fri Sep 25 21:37:11 2020 : Debug: (1) modsingle[authorize]: calling mschap (rlm_mschap) Fri Sep 25 21:37:11 2020 : Debug: (1) modsingle[authorize]: returned from mschap (rlm_mschap) Fri Sep 25 21:37:11 2020 : Debug: (1) [mschap] = noop Fri Sep 25 21:37:11 2020 : Debug: (1) modsingle[authorize]: calling digest (rlm_digest) Fri Sep 25 21:37:11 2020 : Debug: (1) modsingle[authorize]: returned from digest (rlm_digest) Fri Sep 25 21:37:11 2020 : Debug: (1) [digest] = noop Fri Sep 25 21:37:11 2020 : Debug: (1) modsingle[authorize]: calling suffix (rlm_realm) Fri Sep 25 21:37:11 2020 : Debug: (1) suffix: Checking for suffix after "@" Fri Sep 25 21:37:11 2020 : Debug: (1) suffix: No '@' in User-Name = "user01", looking up realm NULL Fri Sep 25 21:37:11 2020 : Debug: (1) suffix: No such realm "NULL" Fri Sep 25 21:37:11 2020 : Debug: (1) modsingle[authorize]: returned from suffix (rlm_realm) Fri Sep 25 21:37:11 2020 : Debug: (1) [suffix] = noop Fri Sep 25 21:37:11 2020 : Debug: (1) modsingle[authorize]: calling eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (1) eap: Peer sent EAP Response (code 2) ID 2 length 166 Fri Sep 25 21:37:11 2020 : Debug: (1) eap: Continuing tunnel setup Fri Sep 25 21:37:11 2020 : Debug: (1) modsingle[authorize]: returned from eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (1) [eap] = ok Fri Sep 25 21:37:11 2020 : Debug: (1) } # authorize = ok Fri Sep 25 21:37:11 2020 : Debug: (1) Found Auth-Type = eap Fri Sep 25 21:37:11 2020 : Debug: (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (1) authenticate { Fri Sep 25 21:37:11 2020 : Debug: (1) modsingle[authenticate]: calling eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (1) eap: Expiring EAP session with state 0xcd396531cd3b7cfe Fri Sep 25 21:37:11 2020 : Debug: (1) eap: Finished EAP session with state 0xcd396531cd3b7cfe Fri Sep 25 21:37:11 2020 : Debug: (1) eap: Previous EAP request found for state 0xcd396531cd3b7cfe, released from the list Fri Sep 25 21:37:11 2020 : Debug: (1) eap: Peer sent packet with method EAP PEAP (25) Fri Sep 25 21:37:11 2020 : Debug: (1) eap: Calling submodule eap_peap to process data Fri Sep 25 21:37:11 2020 : Debug: (1) eap_peap: Continuing EAP-TLS Fri Sep 25 21:37:11 2020 : Debug: (1) eap_peap: Peer sent flags --L Fri Sep 25 21:37:11 2020 : Debug: (1) eap_peap: Peer indicated complete TLS record size will be 156 bytes Fri Sep 25 21:37:11 2020 : Debug: (1) eap_peap: Got complete TLS record (156 bytes) Fri Sep 25 21:37:11 2020 : Debug: (1) eap_peap: [eaptls verify] = length included Fri Sep 25 21:37:11 2020 : Debug: (1) eap_peap: (other): before/accept initialization Fri Sep 25 21:37:11 2020 : Debug: (1) eap_peap: TLS_accept: before/accept initialization Fri Sep 25 21:37:11 2020 : Debug: (1) eap_peap: <<< recv TLS 1.2 [length 0097] Fri Sep 25 21:37:11 2020 : Debug: (1) eap_peap: TLS_accept: SSLv3 read client hello A Fri Sep 25 21:37:11 2020 : Debug: (1) eap_peap: >>> send TLS 1.2 [length 0039] Fri Sep 25 21:37:11 2020 : Debug: (1) eap_peap: TLS_accept: SSLv3 write server hello A Fri Sep 25 21:37:11 2020 : Debug: (1) eap_peap: >>> send TLS 1.2 [length 066c] Fri Sep 25 21:37:11 2020 : Debug: (1) eap_peap: TLS_accept: SSLv3 write certificate A Fri Sep 25 21:37:11 2020 : Debug: (1) eap_peap: >>> send TLS 1.2 [length 00cd] Fri Sep 25 21:37:11 2020 : Debug: (1) eap_peap: TLS_accept: SSLv3 write key exchange A Fri Sep 25 21:37:11 2020 : Debug: (1) eap_peap: >>> send TLS 1.2 [length 0004] Fri Sep 25 21:37:11 2020 : Debug: (1) eap_peap: TLS_accept: SSLv3 write server done A Fri Sep 25 21:37:11 2020 : Debug: (1) eap_peap: TLS_accept: SSLv3 flush data Fri Sep 25 21:37:11 2020 : Debug: (1) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A Fri Sep 25 21:37:11 2020 : Debug: (1) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A Fri Sep 25 21:37:11 2020 : Debug: (1) eap_peap: TLS - In Handshake Phase Fri Sep 25 21:37:11 2020 : Debug: (1) eap_peap: TLS - got 1930 bytes of data Fri Sep 25 21:37:11 2020 : Debug: (1) eap_peap: [eaptls process] = handled Fri Sep 25 21:37:11 2020 : Debug: (1) eap: Sending EAP Request (code 1) ID 3 length 1410 Fri Sep 25 21:37:11 2020 : Debug: (1) eap: EAP session adding &reply:State = 0xcd396531cc3a7cfe Fri Sep 25 21:37:11 2020 : Debug: (1) modsingle[authenticate]: returned from eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (1) [eap] = handled Fri Sep 25 21:37:11 2020 : Debug: (1) } # authenticate = handled Fri Sep 25 21:37:11 2020 : Debug: (1) Using Post-Auth-Type Challenge Fri Sep 25 21:37:11 2020 : Debug: (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (1) Challenge { ... } # empty sub-section is ignored Fri Sep 25 21:37:11 2020 : Debug: (1) session-state: Nothing to cache Fri Sep 25 21:37:11 2020 : Debug: (1) Sent Access-Challenge Id 132 from 192.168.255.20:1812 to 192.168.255.102:33392 length 0 Fri Sep 25 21:37:11 2020 : Debug: (1) EAP-Message = 0x0103058219c00000078a16030300390200003503035f6de477b9c9438f18371182ebb0cc3627b4a5211111f40af8a30436390b895800c03000000dff01000100000b000403000102160303066c0b0006680006650002b9308202b53082021ea003020102020101300d06092a864886f70d01010b0500308193311830160603550403130f416e794c696e6b20526f6f74204341310b3009060355040613024b52310e300c0603550408130553656f756c3110300e06035504071307536f6e672d506131123010060355040a1309456e74726f4c696e6b3110300e060355040b13076e6574776f726b3122302006092a864886f70d010901161361646d696e40656e74726f6c696e6b2e636f6d301e170d3230303932313032323334385a170d3431303731343032323334385a308193310b3009060355040613024b52310e300c0603550408130553656f756c3110300e06035504071307536f6e672d506131123010060355040a1309456e74726f4c696e6b3110300e06 Fri Sep 25 21:37:11 2020 : Debug: (1) Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:11 2020 : Debug: (1) State = 0xcd396531cc3a7cfee72ab47eec5a39d7 Fri Sep 25 21:37:11 2020 : Debug: (1) Finished request Fri Sep 25 21:37:11 2020 : Debug: Waking up in 4.9 seconds. Fri Sep 25 21:37:11 2020 : Debug: (2) Received Access-Request Id 133 from 192.168.255.102:33392 to 192.168.255.20:1812 length 172 Fri Sep 25 21:37:11 2020 : Debug: (2) User-Name = "user01" Fri Sep 25 21:37:11 2020 : Debug: (2) NAS-IP-Address = 192.168.255.102 Fri Sep 25 21:37:11 2020 : Debug: (2) NAS-Identifier = "hello" Fri Sep 25 21:37:11 2020 : Debug: (2) NAS-Port = 0 Fri Sep 25 21:37:11 2020 : Debug: (2) Called-Station-Id = "C4-3D-C7-96-EE-23:eduroam" Fri Sep 25 21:37:11 2020 : Debug: (2) Calling-Station-Id = "F4-5C-89-9C-54-49" Fri Sep 25 21:37:11 2020 : Debug: (2) Framed-MTU = 1400 Fri Sep 25 21:37:11 2020 : Debug: (2) NAS-Port-Type = Wireless-802.11 Fri Sep 25 21:37:11 2020 : Debug: (2) Connect-Info = "CONNECT 0Mbps 802.11g" Fri Sep 25 21:37:11 2020 : Debug: (2) EAP-Message = 0x020300061900 Fri Sep 25 21:37:11 2020 : Debug: (2) State = 0xcd396531cc3a7cfee72ab47eec5a39d7 Fri Sep 25 21:37:11 2020 : Debug: (2) Message-Authenticator = 0xdcb8dda579e400bad32123e86dd090c4 Fri Sep 25 21:37:11 2020 : Debug: (2) session-state: No cached attributes Fri Sep 25 21:37:11 2020 : Debug: (2) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (2) authorize { Fri Sep 25 21:37:11 2020 : Debug: (2) policy filter_username { Fri Sep 25 21:37:11 2020 : Debug: (2) if (&User-Name) { Fri Sep 25 21:37:11 2020 : Debug: (2) if (&User-Name) -> TRUE Fri Sep 25 21:37:11 2020 : Debug: (2) if (&User-Name) { Fri Sep 25 21:37:11 2020 : Debug: (2) if (&User-Name =~ / /) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (2) if (&User-Name =~ / /) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (2) if (&User-Name =~ /@[^@]*@/ ) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (2) if (&User-Name =~ /\.\./ ) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (2) if (&User-Name =~ /\.\./ ) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (2) if (&User-Name =~ /\.$/) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (2) if (&User-Name =~ /\.$/) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (2) if (&User-Name =~ /@\./) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (2) if (&User-Name =~ /@\./) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (2) } # if (&User-Name) = notfound Fri Sep 25 21:37:11 2020 : Debug: (2) } # policy filter_username = notfound Fri Sep 25 21:37:11 2020 : Debug: (2) modsingle[authorize]: calling preprocess (rlm_preprocess) Fri Sep 25 21:37:11 2020 : Debug: (2) modsingle[authorize]: returned from preprocess (rlm_preprocess) Fri Sep 25 21:37:11 2020 : Debug: (2) [preprocess] = ok Fri Sep 25 21:37:11 2020 : Debug: (2) modsingle[authorize]: calling chap (rlm_chap) Fri Sep 25 21:37:11 2020 : Debug: (2) modsingle[authorize]: returned from chap (rlm_chap) Fri Sep 25 21:37:11 2020 : Debug: (2) [chap] = noop Fri Sep 25 21:37:11 2020 : Debug: (2) modsingle[authorize]: calling mschap (rlm_mschap) Fri Sep 25 21:37:11 2020 : Debug: (2) modsingle[authorize]: returned from mschap (rlm_mschap) Fri Sep 25 21:37:11 2020 : Debug: (2) [mschap] = noop Fri Sep 25 21:37:11 2020 : Debug: (2) modsingle[authorize]: calling digest (rlm_digest) Fri Sep 25 21:37:11 2020 : Debug: (2) modsingle[authorize]: returned from digest (rlm_digest) Fri Sep 25 21:37:11 2020 : Debug: (2) [digest] = noop Fri Sep 25 21:37:11 2020 : Debug: (2) modsingle[authorize]: calling suffix (rlm_realm) Fri Sep 25 21:37:11 2020 : Debug: (2) suffix: Checking for suffix after "@" Fri Sep 25 21:37:11 2020 : Debug: (2) suffix: No '@' in User-Name = "user01", looking up realm NULL Fri Sep 25 21:37:11 2020 : Debug: (2) suffix: No such realm "NULL" Fri Sep 25 21:37:11 2020 : Debug: (2) modsingle[authorize]: returned from suffix (rlm_realm) Fri Sep 25 21:37:11 2020 : Debug: (2) [suffix] = noop Fri Sep 25 21:37:11 2020 : Debug: (2) modsingle[authorize]: calling eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (2) eap: Peer sent EAP Response (code 2) ID 3 length 6 Fri Sep 25 21:37:11 2020 : Debug: (2) eap: Continuing tunnel setup Fri Sep 25 21:37:11 2020 : Debug: (2) modsingle[authorize]: returned from eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (2) [eap] = ok Fri Sep 25 21:37:11 2020 : Debug: (2) } # authorize = ok Fri Sep 25 21:37:11 2020 : Debug: (2) Found Auth-Type = eap Fri Sep 25 21:37:11 2020 : Debug: (2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (2) authenticate { Fri Sep 25 21:37:11 2020 : Debug: (2) modsingle[authenticate]: calling eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (2) eap: Expiring EAP session with state 0xcd396531cc3a7cfe Fri Sep 25 21:37:11 2020 : Debug: (2) eap: Finished EAP session with state 0xcd396531cc3a7cfe Fri Sep 25 21:37:11 2020 : Debug: (2) eap: Previous EAP request found for state 0xcd396531cc3a7cfe, released from the list Fri Sep 25 21:37:11 2020 : Debug: (2) eap: Peer sent packet with method EAP PEAP (25) Fri Sep 25 21:37:11 2020 : Debug: (2) eap: Calling submodule eap_peap to process data Fri Sep 25 21:37:11 2020 : Debug: (2) eap_peap: Continuing EAP-TLS Fri Sep 25 21:37:11 2020 : Debug: (2) eap_peap: Peer sent flags --- Fri Sep 25 21:37:11 2020 : Debug: (2) eap_peap: Peer ACKed our handshake fragment Fri Sep 25 21:37:11 2020 : Debug: (2) eap_peap: [eaptls verify] = request Fri Sep 25 21:37:11 2020 : Debug: (2) eap_peap: [eaptls process] = handled Fri Sep 25 21:37:11 2020 : Debug: (2) eap: Sending EAP Request (code 1) ID 4 length 536 Fri Sep 25 21:37:11 2020 : Debug: (2) eap: EAP session adding &reply:State = 0xcd396531cf3d7cfe Fri Sep 25 21:37:11 2020 : Debug: (2) modsingle[authenticate]: returned from eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (2) [eap] = handled Fri Sep 25 21:37:11 2020 : Debug: (2) } # authenticate = handled Fri Sep 25 21:37:11 2020 : Debug: (2) Using Post-Auth-Type Challenge Fri Sep 25 21:37:11 2020 : Debug: (2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (2) Challenge { ... } # empty sub-section is ignored Fri Sep 25 21:37:11 2020 : Debug: (2) session-state: Nothing to cache Fri Sep 25 21:37:11 2020 : Debug: (2) Sent Access-Challenge Id 133 from 192.168.255.20:1812 to 192.168.255.102:33392 length 0 Fri Sep 25 21:37:11 2020 : Debug: (2) EAP-Message = 0x01040218190003130f416e794c696e6b20526f6f74204341310b3009060355040613024b52310e300c0603550408130553656f756c3110300e06035504071307536f6e672d506131123010060355040a1309456e74726f4c696e6b3110300e060355040b13076e6574776f726b3122302006092a864886f70d010901161361646d696e40656e74726f6c696e6b2e636f6d82090088b8fc303a9f41d7300c0603551d13040530030101ff300d06092a864886f70d010105050003818100627e032a017052540d031d779903c322359dda7d8126f703ddadcb3e67e1554d9da6d924aef903309f68c308a6bcf1314201ac6c4f04ba662e712e7a295bb46d67fcd45350bdebe532e40c0b65417725ba51b9d458df9902eb192615a213d50a8ced9a0725391b801ff9b1e58c2fba9dbd11be1c6836bd41140aa2272aea938716030300cd0c0000c90300174104c246a8e97ff229ad7b06c1c5a643353377e352c128f7e23cd80417a3793f47544bdd3f65e6c932a71632bb3c Fri Sep 25 21:37:11 2020 : Debug: (2) Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:11 2020 : Debug: (2) State = 0xcd396531cf3d7cfee72ab47eec5a39d7 Fri Sep 25 21:37:11 2020 : Debug: (2) Finished request Fri Sep 25 21:37:11 2020 : Debug: Waking up in 4.9 seconds. Fri Sep 25 21:37:11 2020 : Debug: (3) Received Access-Request Id 134 from 192.168.255.102:33392 to 192.168.255.20:1812 length 302 Fri Sep 25 21:37:11 2020 : Debug: (3) User-Name = "user01" Fri Sep 25 21:37:11 2020 : Debug: (3) NAS-IP-Address = 192.168.255.102 Fri Sep 25 21:37:11 2020 : Debug: (3) NAS-Identifier = "hello" Fri Sep 25 21:37:11 2020 : Debug: (3) NAS-Port = 0 Fri Sep 25 21:37:11 2020 : Debug: (3) Called-Station-Id = "C4-3D-C7-96-EE-23:eduroam" Fri Sep 25 21:37:11 2020 : Debug: (3) Calling-Station-Id = "F4-5C-89-9C-54-49" Fri Sep 25 21:37:11 2020 : Debug: (3) Framed-MTU = 1400 Fri Sep 25 21:37:11 2020 : Debug: (3) NAS-Port-Type = Wireless-802.11 Fri Sep 25 21:37:11 2020 : Debug: (3) Connect-Info = "CONNECT 0Mbps 802.11g" Fri Sep 25 21:37:11 2020 : Debug: (3) EAP-Message = 0x0204008819800000007e160303004610000042410413c1b00eacb38cab224ed01a16f917439a807c7121ad15872989fc381355808ab349d4010aa5d43829eb069ad4369167ebcd3b1b829c60b614c7b516f29821d514030300010116030300280000000000000000beb7ae86992d93046fc00b63f22e9794dd6287c83a652bd16cdac97f255800ee Fri Sep 25 21:37:11 2020 : Debug: (3) State = 0xcd396531cf3d7cfee72ab47eec5a39d7 Fri Sep 25 21:37:11 2020 : Debug: (3) Message-Authenticator = 0x76fee746c5b274eaa7c316cbd31ec139 Fri Sep 25 21:37:11 2020 : Debug: (3) session-state: No cached attributes Fri Sep 25 21:37:11 2020 : Debug: (3) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (3) authorize { Fri Sep 25 21:37:11 2020 : Debug: (3) policy filter_username { Fri Sep 25 21:37:11 2020 : Debug: (3) if (&User-Name) { Fri Sep 25 21:37:11 2020 : Debug: (3) if (&User-Name) -> TRUE Fri Sep 25 21:37:11 2020 : Debug: (3) if (&User-Name) { Fri Sep 25 21:37:11 2020 : Debug: (3) if (&User-Name =~ / /) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (3) if (&User-Name =~ / /) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (3) if (&User-Name =~ /@[^@]*@/ ) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (3) if (&User-Name =~ /\.\./ ) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (3) if (&User-Name =~ /\.\./ ) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (3) if (&User-Name =~ /\.$/) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (3) if (&User-Name =~ /\.$/) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (3) if (&User-Name =~ /@\./) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (3) if (&User-Name =~ /@\./) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (3) } # if (&User-Name) = notfound Fri Sep 25 21:37:11 2020 : Debug: (3) } # policy filter_username = notfound Fri Sep 25 21:37:11 2020 : Debug: (3) modsingle[authorize]: calling preprocess (rlm_preprocess) Fri Sep 25 21:37:11 2020 : Debug: (3) modsingle[authorize]: returned from preprocess (rlm_preprocess) Fri Sep 25 21:37:11 2020 : Debug: (3) [preprocess] = ok Fri Sep 25 21:37:11 2020 : Debug: (3) modsingle[authorize]: calling chap (rlm_chap) Fri Sep 25 21:37:11 2020 : Debug: (3) modsingle[authorize]: returned from chap (rlm_chap) Fri Sep 25 21:37:11 2020 : Debug: (3) [chap] = noop Fri Sep 25 21:37:11 2020 : Debug: (3) modsingle[authorize]: calling mschap (rlm_mschap) Fri Sep 25 21:37:11 2020 : Debug: (3) modsingle[authorize]: returned from mschap (rlm_mschap) Fri Sep 25 21:37:11 2020 : Debug: (3) [mschap] = noop Fri Sep 25 21:37:11 2020 : Debug: (3) modsingle[authorize]: calling digest (rlm_digest) Fri Sep 25 21:37:11 2020 : Debug: (3) modsingle[authorize]: returned from digest (rlm_digest) Fri Sep 25 21:37:11 2020 : Debug: (3) [digest] = noop Fri Sep 25 21:37:11 2020 : Debug: (3) modsingle[authorize]: calling suffix (rlm_realm) Fri Sep 25 21:37:11 2020 : Debug: (3) suffix: Checking for suffix after "@" Fri Sep 25 21:37:11 2020 : Debug: (3) suffix: No '@' in User-Name = "user01", looking up realm NULL Fri Sep 25 21:37:11 2020 : Debug: (3) suffix: No such realm "NULL" Fri Sep 25 21:37:11 2020 : Debug: (3) modsingle[authorize]: returned from suffix (rlm_realm) Fri Sep 25 21:37:11 2020 : Debug: (3) [suffix] = noop Fri Sep 25 21:37:11 2020 : Debug: (3) modsingle[authorize]: calling eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (3) eap: Peer sent EAP Response (code 2) ID 4 length 136 Fri Sep 25 21:37:11 2020 : Debug: (3) eap: Continuing tunnel setup Fri Sep 25 21:37:11 2020 : Debug: (3) modsingle[authorize]: returned from eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (3) [eap] = ok Fri Sep 25 21:37:11 2020 : Debug: (3) } # authorize = ok Fri Sep 25 21:37:11 2020 : Debug: (3) Found Auth-Type = eap Fri Sep 25 21:37:11 2020 : Debug: (3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (3) authenticate { Fri Sep 25 21:37:11 2020 : Debug: (3) modsingle[authenticate]: calling eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (3) eap: Expiring EAP session with state 0xcd396531cf3d7cfe Fri Sep 25 21:37:11 2020 : Debug: (3) eap: Finished EAP session with state 0xcd396531cf3d7cfe Fri Sep 25 21:37:11 2020 : Debug: (3) eap: Previous EAP request found for state 0xcd396531cf3d7cfe, released from the list Fri Sep 25 21:37:11 2020 : Debug: (3) eap: Peer sent packet with method EAP PEAP (25) Fri Sep 25 21:37:11 2020 : Debug: (3) eap: Calling submodule eap_peap to process data Fri Sep 25 21:37:11 2020 : Debug: (3) eap_peap: Continuing EAP-TLS Fri Sep 25 21:37:11 2020 : Debug: (3) eap_peap: Peer sent flags --L Fri Sep 25 21:37:11 2020 : Debug: (3) eap_peap: Peer indicated complete TLS record size will be 126 bytes Fri Sep 25 21:37:11 2020 : Debug: (3) eap_peap: Got complete TLS record (126 bytes) Fri Sep 25 21:37:11 2020 : Debug: (3) eap_peap: [eaptls verify] = length included Fri Sep 25 21:37:11 2020 : Debug: (3) eap_peap: <<< recv TLS 1.2 [length 0046] Fri Sep 25 21:37:11 2020 : Debug: (3) eap_peap: TLS_accept: SSLv3 read client key exchange A Fri Sep 25 21:37:11 2020 : Debug: (3) eap_peap: <<< recv TLS 1.2 [length 0001] Fri Sep 25 21:37:11 2020 : Debug: (3) eap_peap: <<< recv TLS 1.2 [length 0010] Fri Sep 25 21:37:11 2020 : Debug: (3) eap_peap: TLS_accept: SSLv3 read finished A Fri Sep 25 21:37:11 2020 : Debug: (3) eap_peap: >>> send TLS 1.2 [length 0001] Fri Sep 25 21:37:11 2020 : Debug: (3) eap_peap: TLS_accept: SSLv3 write change cipher spec A Fri Sep 25 21:37:11 2020 : Debug: (3) eap_peap: >>> send TLS 1.2 [length 0010] Fri Sep 25 21:37:11 2020 : Debug: (3) eap_peap: TLS_accept: SSLv3 write finished A Fri Sep 25 21:37:11 2020 : Debug: (3) eap_peap: TLS_accept: SSLv3 flush data Fri Sep 25 21:37:11 2020 : Debug: (3) eap_peap: (other): SSL negotiation finished successfully Fri Sep 25 21:37:11 2020 : Debug: (3) eap_peap: TLS - Connection Established Fri Sep 25 21:37:11 2020 : Debug: (3) eap_peap: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" Fri Sep 25 21:37:11 2020 : Debug: (3) eap_peap: TLS-Session-Version = "TLS 1.2" Fri Sep 25 21:37:11 2020 : Debug: (3) eap_peap: TLS - got 51 bytes of data Fri Sep 25 21:37:11 2020 : Debug: (3) eap_peap: [eaptls process] = handled Fri Sep 25 21:37:11 2020 : Debug: (3) eap: Sending EAP Request (code 1) ID 5 length 57 Fri Sep 25 21:37:11 2020 : Debug: (3) eap: EAP session adding &reply:State = 0xcd396531ce3c7cfe Fri Sep 25 21:37:11 2020 : Debug: (3) modsingle[authenticate]: returned from eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (3) [eap] = handled Fri Sep 25 21:37:11 2020 : Debug: (3) } # authenticate = handled Fri Sep 25 21:37:11 2020 : Debug: (3) Using Post-Auth-Type Challenge Fri Sep 25 21:37:11 2020 : Debug: (3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (3) Challenge { ... } # empty sub-section is ignored Fri Sep 25 21:37:11 2020 : Debug: (3) session-state: Saving cached attributes Fri Sep 25 21:37:11 2020 : Debug: (3) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" Fri Sep 25 21:37:11 2020 : Debug: (3) TLS-Session-Version = "TLS 1.2" Fri Sep 25 21:37:11 2020 : Debug: (3) Sent Access-Challenge Id 134 from 192.168.255.20:1812 to 192.168.255.102:33392 length 0 Fri Sep 25 21:37:11 2020 : Debug: (3) EAP-Message = 0x01050039190014030300010116030300286ca288940f966b50366e20e1734350293ea8c9444c5dd5d27f39bf30156a815d71ff2c941c4fb13e Fri Sep 25 21:37:11 2020 : Debug: (3) Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:11 2020 : Debug: (3) State = 0xcd396531ce3c7cfee72ab47eec5a39d7 Fri Sep 25 21:37:11 2020 : Debug: (3) Finished request Fri Sep 25 21:37:11 2020 : Debug: Waking up in 4.9 seconds. Fri Sep 25 21:37:11 2020 : Debug: (4) Received Access-Request Id 135 from 192.168.255.102:33392 to 192.168.255.20:1812 length 172 Fri Sep 25 21:37:11 2020 : Debug: (4) User-Name = "user01" Fri Sep 25 21:37:11 2020 : Debug: (4) NAS-IP-Address = 192.168.255.102 Fri Sep 25 21:37:11 2020 : Debug: (4) NAS-Identifier = "hello" Fri Sep 25 21:37:11 2020 : Debug: (4) NAS-Port = 0 Fri Sep 25 21:37:11 2020 : Debug: (4) Called-Station-Id = "C4-3D-C7-96-EE-23:eduroam" Fri Sep 25 21:37:11 2020 : Debug: (4) Calling-Station-Id = "F4-5C-89-9C-54-49" Fri Sep 25 21:37:11 2020 : Debug: (4) Framed-MTU = 1400 Fri Sep 25 21:37:11 2020 : Debug: (4) NAS-Port-Type = Wireless-802.11 Fri Sep 25 21:37:11 2020 : Debug: (4) Connect-Info = "CONNECT 0Mbps 802.11g" Fri Sep 25 21:37:11 2020 : Debug: (4) EAP-Message = 0x020500061900 Fri Sep 25 21:37:11 2020 : Debug: (4) State = 0xcd396531ce3c7cfee72ab47eec5a39d7 Fri Sep 25 21:37:11 2020 : Debug: (4) Message-Authenticator = 0xd8b92ea5bf5d8a7018bb1dda5c22fa1b Fri Sep 25 21:37:11 2020 : Debug: (4) Restoring &session-state Fri Sep 25 21:37:11 2020 : Debug: (4) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" Fri Sep 25 21:37:11 2020 : Debug: (4) &session-state:TLS-Session-Version = "TLS 1.2" Fri Sep 25 21:37:11 2020 : Debug: (4) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (4) authorize { Fri Sep 25 21:37:11 2020 : Debug: (4) policy filter_username { Fri Sep 25 21:37:11 2020 : Debug: (4) if (&User-Name) { Fri Sep 25 21:37:11 2020 : Debug: (4) if (&User-Name) -> TRUE Fri Sep 25 21:37:11 2020 : Debug: (4) if (&User-Name) { Fri Sep 25 21:37:11 2020 : Debug: (4) if (&User-Name =~ / /) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (4) if (&User-Name =~ / /) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (4) if (&User-Name =~ /@[^@]*@/ ) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (4) if (&User-Name =~ /\.\./ ) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (4) if (&User-Name =~ /\.\./ ) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (4) if (&User-Name =~ /\.$/) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (4) if (&User-Name =~ /\.$/) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (4) if (&User-Name =~ /@\./) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (4) if (&User-Name =~ /@\./) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (4) } # if (&User-Name) = notfound Fri Sep 25 21:37:11 2020 : Debug: (4) } # policy filter_username = notfound Fri Sep 25 21:37:11 2020 : Debug: (4) modsingle[authorize]: calling preprocess (rlm_preprocess) Fri Sep 25 21:37:11 2020 : Debug: (4) modsingle[authorize]: returned from preprocess (rlm_preprocess) Fri Sep 25 21:37:11 2020 : Debug: (4) [preprocess] = ok Fri Sep 25 21:37:11 2020 : Debug: (4) modsingle[authorize]: calling chap (rlm_chap) Fri Sep 25 21:37:11 2020 : Debug: (4) modsingle[authorize]: returned from chap (rlm_chap) Fri Sep 25 21:37:11 2020 : Debug: (4) [chap] = noop Fri Sep 25 21:37:11 2020 : Debug: (4) modsingle[authorize]: calling mschap (rlm_mschap) Fri Sep 25 21:37:11 2020 : Debug: (4) modsingle[authorize]: returned from mschap (rlm_mschap) Fri Sep 25 21:37:11 2020 : Debug: (4) [mschap] = noop Fri Sep 25 21:37:11 2020 : Debug: (4) modsingle[authorize]: calling digest (rlm_digest) Fri Sep 25 21:37:11 2020 : Debug: (4) modsingle[authorize]: returned from digest (rlm_digest) Fri Sep 25 21:37:11 2020 : Debug: (4) [digest] = noop Fri Sep 25 21:37:11 2020 : Debug: (4) modsingle[authorize]: calling suffix (rlm_realm) Fri Sep 25 21:37:11 2020 : Debug: (4) suffix: Checking for suffix after "@" Fri Sep 25 21:37:11 2020 : Debug: (4) suffix: No '@' in User-Name = "user01", looking up realm NULL Fri Sep 25 21:37:11 2020 : Debug: (4) suffix: No such realm "NULL" Fri Sep 25 21:37:11 2020 : Debug: (4) modsingle[authorize]: returned from suffix (rlm_realm) Fri Sep 25 21:37:11 2020 : Debug: (4) [suffix] = noop Fri Sep 25 21:37:11 2020 : Debug: (4) modsingle[authorize]: calling eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (4) eap: Peer sent EAP Response (code 2) ID 5 length 6 Fri Sep 25 21:37:11 2020 : Debug: (4) eap: Continuing tunnel setup Fri Sep 25 21:37:11 2020 : Debug: (4) modsingle[authorize]: returned from eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (4) [eap] = ok Fri Sep 25 21:37:11 2020 : Debug: (4) } # authorize = ok Fri Sep 25 21:37:11 2020 : Debug: (4) Found Auth-Type = eap Fri Sep 25 21:37:11 2020 : Debug: (4) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (4) authenticate { Fri Sep 25 21:37:11 2020 : Debug: (4) modsingle[authenticate]: calling eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (4) eap: Expiring EAP session with state 0xcd396531ce3c7cfe Fri Sep 25 21:37:11 2020 : Debug: (4) eap: Finished EAP session with state 0xcd396531ce3c7cfe Fri Sep 25 21:37:11 2020 : Debug: (4) eap: Previous EAP request found for state 0xcd396531ce3c7cfe, released from the list Fri Sep 25 21:37:11 2020 : Debug: (4) eap: Peer sent packet with method EAP PEAP (25) Fri Sep 25 21:37:11 2020 : Debug: (4) eap: Calling submodule eap_peap to process data Fri Sep 25 21:37:11 2020 : Debug: (4) eap_peap: Continuing EAP-TLS Fri Sep 25 21:37:11 2020 : Debug: (4) eap_peap: Peer sent flags --- Fri Sep 25 21:37:11 2020 : Debug: (4) eap_peap: Peer ACKed our handshake fragment. handshake is finished Fri Sep 25 21:37:11 2020 : Debug: (4) eap_peap: [eaptls verify] = success Fri Sep 25 21:37:11 2020 : Debug: (4) eap_peap: [eaptls process] = success Fri Sep 25 21:37:11 2020 : Debug: (4) eap_peap: Session established. Decoding tunneled attributes Fri Sep 25 21:37:11 2020 : Debug: (4) eap_peap: PEAP state TUNNEL ESTABLISHED Fri Sep 25 21:37:11 2020 : Debug: (4) eap: Sending EAP Request (code 1) ID 6 length 40 Fri Sep 25 21:37:11 2020 : Debug: (4) eap: EAP session adding &reply:State = 0xcd396531c93f7cfe Fri Sep 25 21:37:11 2020 : Debug: (4) modsingle[authenticate]: returned from eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (4) [eap] = handled Fri Sep 25 21:37:11 2020 : Debug: (4) } # authenticate = handled Fri Sep 25 21:37:11 2020 : Debug: (4) Using Post-Auth-Type Challenge Fri Sep 25 21:37:11 2020 : Debug: (4) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (4) Challenge { ... } # empty sub-section is ignored Fri Sep 25 21:37:11 2020 : Debug: (4) session-state: Saving cached attributes Fri Sep 25 21:37:11 2020 : Debug: (4) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" Fri Sep 25 21:37:11 2020 : Debug: (4) TLS-Session-Version = "TLS 1.2" Fri Sep 25 21:37:11 2020 : Debug: (4) Sent Access-Challenge Id 135 from 192.168.255.20:1812 to 192.168.255.102:33392 length 0 Fri Sep 25 21:37:11 2020 : Debug: (4) EAP-Message = 0x010600281900170303001d6ca288940f966b5172c02a263b11a590a16088762c8351ec1eba4b5540 Fri Sep 25 21:37:11 2020 : Debug: (4) Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:11 2020 : Debug: (4) State = 0xcd396531c93f7cfee72ab47eec5a39d7 Fri Sep 25 21:37:11 2020 : Debug: (4) Finished request Fri Sep 25 21:37:11 2020 : Debug: Waking up in 4.9 seconds. Fri Sep 25 21:37:11 2020 : Debug: (5) Received Access-Request Id 136 from 192.168.255.102:33392 to 192.168.255.20:1812 length 208 Fri Sep 25 21:37:11 2020 : Debug: (5) User-Name = "user01" Fri Sep 25 21:37:11 2020 : Debug: (5) NAS-IP-Address = 192.168.255.102 Fri Sep 25 21:37:11 2020 : Debug: (5) NAS-Identifier = "hello" Fri Sep 25 21:37:11 2020 : Debug: (5) NAS-Port = 0 Fri Sep 25 21:37:11 2020 : Debug: (5) Called-Station-Id = "C4-3D-C7-96-EE-23:eduroam" Fri Sep 25 21:37:11 2020 : Debug: (5) Calling-Station-Id = "F4-5C-89-9C-54-49" Fri Sep 25 21:37:11 2020 : Debug: (5) Framed-MTU = 1400 Fri Sep 25 21:37:11 2020 : Debug: (5) NAS-Port-Type = Wireless-802.11 Fri Sep 25 21:37:11 2020 : Debug: (5) Connect-Info = "CONNECT 0Mbps 802.11g" Fri Sep 25 21:37:11 2020 : Debug: (5) EAP-Message = 0x0206002a1900170303001f000000000000000172720d6980dc31c15b91ba2a4b8cb7542df2992660fdd3 Fri Sep 25 21:37:11 2020 : Debug: (5) State = 0xcd396531c93f7cfee72ab47eec5a39d7 Fri Sep 25 21:37:11 2020 : Debug: (5) Message-Authenticator = 0x1152d8d2f945d242a4e4648d928cc053 Fri Sep 25 21:37:11 2020 : Debug: (5) Restoring &session-state Fri Sep 25 21:37:11 2020 : Debug: (5) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" Fri Sep 25 21:37:11 2020 : Debug: (5) &session-state:TLS-Session-Version = "TLS 1.2" Fri Sep 25 21:37:11 2020 : Debug: (5) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (5) authorize { Fri Sep 25 21:37:11 2020 : Debug: (5) policy filter_username { Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name) { Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name) -> TRUE Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name) { Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name =~ / /) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name =~ / /) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name =~ /@[^@]*@/ ) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name =~ /\.\./ ) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name =~ /\.\./ ) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name =~ /\.$/) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name =~ /\.$/) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name =~ /@\./) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name =~ /@\./) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (5) } # if (&User-Name) = notfound Fri Sep 25 21:37:11 2020 : Debug: (5) } # policy filter_username = notfound Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authorize]: calling preprocess (rlm_preprocess) Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authorize]: returned from preprocess (rlm_preprocess) Fri Sep 25 21:37:11 2020 : Debug: (5) [preprocess] = ok Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authorize]: calling chap (rlm_chap) Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authorize]: returned from chap (rlm_chap) Fri Sep 25 21:37:11 2020 : Debug: (5) [chap] = noop Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authorize]: calling mschap (rlm_mschap) Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authorize]: returned from mschap (rlm_mschap) Fri Sep 25 21:37:11 2020 : Debug: (5) [mschap] = noop Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authorize]: calling digest (rlm_digest) Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authorize]: returned from digest (rlm_digest) Fri Sep 25 21:37:11 2020 : Debug: (5) [digest] = noop Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authorize]: calling suffix (rlm_realm) Fri Sep 25 21:37:11 2020 : Debug: (5) suffix: Checking for suffix after "@" Fri Sep 25 21:37:11 2020 : Debug: (5) suffix: No '@' in User-Name = "user01", looking up realm NULL Fri Sep 25 21:37:11 2020 : Debug: (5) suffix: No such realm "NULL" Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authorize]: returned from suffix (rlm_realm) Fri Sep 25 21:37:11 2020 : Debug: (5) [suffix] = noop Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authorize]: calling eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (5) eap: Peer sent EAP Response (code 2) ID 6 length 42 Fri Sep 25 21:37:11 2020 : Debug: (5) eap: Continuing tunnel setup Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authorize]: returned from eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (5) [eap] = ok Fri Sep 25 21:37:11 2020 : Debug: (5) } # authorize = ok Fri Sep 25 21:37:11 2020 : Debug: (5) Found Auth-Type = eap Fri Sep 25 21:37:11 2020 : Debug: (5) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (5) authenticate { Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authenticate]: calling eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (5) eap: Expiring EAP session with state 0xcd396531c93f7cfe Fri Sep 25 21:37:11 2020 : Debug: (5) eap: Finished EAP session with state 0xcd396531c93f7cfe Fri Sep 25 21:37:11 2020 : Debug: (5) eap: Previous EAP request found for state 0xcd396531c93f7cfe, released from the list Fri Sep 25 21:37:11 2020 : Debug: (5) eap: Peer sent packet with method EAP PEAP (25) Fri Sep 25 21:37:11 2020 : Debug: (5) eap: Calling submodule eap_peap to process data Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: Continuing EAP-TLS Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: Peer sent flags --- Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: [eaptls verify] = ok Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: Done initial handshake Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: [eaptls process] = ok Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: Session established. Decoding tunneled attributes Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: PEAP state WAITING FOR INNER IDENTITY Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: Identity - user01 Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: Got inner identity 'user01' Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: Setting default EAP type for tunneled EAP session Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: Got tunneled request Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: EAP-Message = 0x0206000b01757365723031 Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: Setting User-Name to user01 Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: Sending tunneled request to inner-tunnel Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: EAP-Message = 0x0206000b01757365723031 Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: User-Name = "user01" Fri Sep 25 21:37:11 2020 : Debug: (5) Virtual server inner-tunnel received request Fri Sep 25 21:37:11 2020 : Debug: (5) EAP-Message = 0x0206000b01757365723031 Fri Sep 25 21:37:11 2020 : Debug: (5) FreeRADIUS-Proxied-To = 127.0.0.1 Fri Sep 25 21:37:11 2020 : Debug: (5) User-Name = "user01" Fri Sep 25 21:37:11 2020 : WARNING: (5) Outer and inner identities are the same. User privacy is compromised. Fri Sep 25 21:37:11 2020 : Debug: (5) server inner-tunnel { Fri Sep 25 21:37:11 2020 : Debug: (5) session-state: No State attribute Fri Sep 25 21:37:11 2020 : Debug: (5) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Sep 25 21:37:11 2020 : Debug: (5) authorize { Fri Sep 25 21:37:11 2020 : Debug: (5) policy filter_username { Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name) { Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name) -> TRUE Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name) { Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name =~ / /) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name =~ / /) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name =~ /@[^@]*@/ ) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name =~ /\.\./ ) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name =~ /\.\./ ) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name =~ /\.$/) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name =~ /\.$/) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name =~ /@\./) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (5) if (&User-Name =~ /@\./) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (5) } # if (&User-Name) = notfound Fri Sep 25 21:37:11 2020 : Debug: (5) } # policy filter_username = notfound Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authorize]: calling chap (rlm_chap) Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authorize]: returned from chap (rlm_chap) Fri Sep 25 21:37:11 2020 : Debug: (5) [chap] = noop Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authorize]: calling mschap (rlm_mschap) Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authorize]: returned from mschap (rlm_mschap) Fri Sep 25 21:37:11 2020 : Debug: (5) [mschap] = noop Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authorize]: calling suffix (rlm_realm) Fri Sep 25 21:37:11 2020 : Debug: (5) suffix: Checking for suffix after "@" Fri Sep 25 21:37:11 2020 : Debug: (5) suffix: No '@' in User-Name = "user01", looking up realm NULL Fri Sep 25 21:37:11 2020 : Debug: (5) suffix: No such realm "NULL" Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authorize]: returned from suffix (rlm_realm) Fri Sep 25 21:37:11 2020 : Debug: (5) [suffix] = noop Fri Sep 25 21:37:11 2020 : Debug: (5) update control { Fri Sep 25 21:37:11 2020 : Debug: (5) &Proxy-To-Realm := LOCAL Fri Sep 25 21:37:11 2020 : Debug: (5) } # update control = noop Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authorize]: calling eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (5) eap: Peer sent EAP Response (code 2) ID 6 length 11 Fri Sep 25 21:37:11 2020 : Debug: (5) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authorize]: returned from eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (5) [eap] = ok Fri Sep 25 21:37:11 2020 : Debug: (5) } # authorize = ok Fri Sep 25 21:37:11 2020 : Debug: (5) Found Auth-Type = eap Fri Sep 25 21:37:11 2020 : Debug: (5) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Sep 25 21:37:11 2020 : Debug: (5) authenticate { Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authenticate]: calling eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (5) eap: Peer sent packet with method EAP Identity (1) Fri Sep 25 21:37:11 2020 : Debug: (5) eap: Calling submodule eap_mschapv2 to process data Fri Sep 25 21:37:11 2020 : Debug: (5) eap_mschapv2: Issuing Challenge Fri Sep 25 21:37:11 2020 : Debug: (5) eap: Sending EAP Request (code 1) ID 7 length 43 Fri Sep 25 21:37:11 2020 : Debug: (5) eap: EAP session adding &reply:State = 0x84115a24841640af Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authenticate]: returned from eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (5) [eap] = handled Fri Sep 25 21:37:11 2020 : Debug: (5) } # authenticate = handled Fri Sep 25 21:37:11 2020 : Debug: (5) } # server inner-tunnel Fri Sep 25 21:37:11 2020 : Debug: (5) Virtual server sending reply Fri Sep 25 21:37:11 2020 : Debug: (5) EAP-Message = 0x0107002b1a01070026103c9cc0641a652fcc1a72b509a366444f667265657261646975732d332e302e3231 Fri Sep 25 21:37:11 2020 : Debug: (5) Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:11 2020 : Debug: (5) State = 0x84115a24841640af9f4e0423154b6804 Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: Got tunneled reply code 11 Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: EAP-Message = 0x0107002b1a01070026103c9cc0641a652fcc1a72b509a366444f667265657261646975732d332e302e3231 Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: State = 0x84115a24841640af9f4e0423154b6804 Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: Got tunneled reply RADIUS code 11 Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: EAP-Message = 0x0107002b1a01070026103c9cc0641a652fcc1a72b509a366444f667265657261646975732d332e302e3231 Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: State = 0x84115a24841640af9f4e0423154b6804 Fri Sep 25 21:37:11 2020 : Debug: (5) eap_peap: Got tunneled Access-Challenge Fri Sep 25 21:37:11 2020 : Debug: (5) eap: Sending EAP Request (code 1) ID 7 length 74 Fri Sep 25 21:37:11 2020 : Debug: (5) eap: EAP session adding &reply:State = 0xcd396531c83e7cfe Fri Sep 25 21:37:11 2020 : Debug: (5) modsingle[authenticate]: returned from eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (5) [eap] = handled Fri Sep 25 21:37:11 2020 : Debug: (5) } # authenticate = handled Fri Sep 25 21:37:11 2020 : Debug: (5) Using Post-Auth-Type Challenge Fri Sep 25 21:37:11 2020 : Debug: (5) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (5) Challenge { ... } # empty sub-section is ignored Fri Sep 25 21:37:11 2020 : Debug: (5) session-state: Saving cached attributes Fri Sep 25 21:37:11 2020 : Debug: (5) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" Fri Sep 25 21:37:11 2020 : Debug: (5) TLS-Session-Version = "TLS 1.2" Fri Sep 25 21:37:11 2020 : Debug: (5) Sent Access-Challenge Id 136 from 192.168.255.20:1812 to 192.168.255.102:33392 length 0 Fri Sep 25 21:37:11 2020 : Debug: (5) EAP-Message = 0x0107004a1900170303003f6ca288940f966b520c4144cd4ee4208766c2506d55753b01d537665821e2c74813f7efd160073e7f4047d221906f96e0e800d6953d348d9a574fde1d9415d2 Fri Sep 25 21:37:11 2020 : Debug: (5) Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:11 2020 : Debug: (5) State = 0xcd396531c83e7cfee72ab47eec5a39d7 Fri Sep 25 21:37:11 2020 : Debug: (5) Finished request Fri Sep 25 21:37:11 2020 : Debug: Waking up in 4.9 seconds. Fri Sep 25 21:37:11 2020 : Debug: (6) Received Access-Request Id 137 from 192.168.255.102:33392 to 192.168.255.20:1812 length 262 Fri Sep 25 21:37:11 2020 : Debug: (6) User-Name = "user01" Fri Sep 25 21:37:11 2020 : Debug: (6) NAS-IP-Address = 192.168.255.102 Fri Sep 25 21:37:11 2020 : Debug: (6) NAS-Identifier = "hello" Fri Sep 25 21:37:11 2020 : Debug: (6) NAS-Port = 0 Fri Sep 25 21:37:11 2020 : Debug: (6) Called-Station-Id = "C4-3D-C7-96-EE-23:eduroam" Fri Sep 25 21:37:11 2020 : Debug: (6) Calling-Station-Id = "F4-5C-89-9C-54-49" Fri Sep 25 21:37:11 2020 : Debug: (6) Framed-MTU = 1400 Fri Sep 25 21:37:11 2020 : Debug: (6) NAS-Port-Type = Wireless-802.11 Fri Sep 25 21:37:11 2020 : Debug: (6) Connect-Info = "CONNECT 0Mbps 802.11g" Fri Sep 25 21:37:11 2020 : Debug: (6) EAP-Message = 0x0207006019001703030055000000000000000221d4fab068a628eecd0a12f0c6379aff3585a4f6aa92b3da66550b7d74bbc2fa87564d73780c5f4d34ebf3d71720e4dabecf1010208d7ddc743bc0646e0f7c280eb0bb44c1989e799c3ad49d6b Fri Sep 25 21:37:11 2020 : Debug: (6) State = 0xcd396531c83e7cfee72ab47eec5a39d7 Fri Sep 25 21:37:11 2020 : Debug: (6) Message-Authenticator = 0x85dc124d84496d1cdef2a4bbf706eb21 Fri Sep 25 21:37:11 2020 : Debug: (6) Restoring &session-state Fri Sep 25 21:37:11 2020 : Debug: (6) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" Fri Sep 25 21:37:11 2020 : Debug: (6) &session-state:TLS-Session-Version = "TLS 1.2" Fri Sep 25 21:37:11 2020 : Debug: (6) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (6) authorize { Fri Sep 25 21:37:11 2020 : Debug: (6) policy filter_username { Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name) { Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name) -> TRUE Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name) { Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name =~ / /) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name =~ / /) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name =~ /@[^@]*@/ ) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name =~ /\.\./ ) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name =~ /\.\./ ) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name =~ /\.$/) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name =~ /\.$/) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name =~ /@\./) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name =~ /@\./) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (6) } # if (&User-Name) = notfound Fri Sep 25 21:37:11 2020 : Debug: (6) } # policy filter_username = notfound Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: calling preprocess (rlm_preprocess) Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: returned from preprocess (rlm_preprocess) Fri Sep 25 21:37:11 2020 : Debug: (6) [preprocess] = ok Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: calling chap (rlm_chap) Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: returned from chap (rlm_chap) Fri Sep 25 21:37:11 2020 : Debug: (6) [chap] = noop Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: calling mschap (rlm_mschap) Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: returned from mschap (rlm_mschap) Fri Sep 25 21:37:11 2020 : Debug: (6) [mschap] = noop Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: calling digest (rlm_digest) Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: returned from digest (rlm_digest) Fri Sep 25 21:37:11 2020 : Debug: (6) [digest] = noop Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: calling suffix (rlm_realm) Fri Sep 25 21:37:11 2020 : Debug: (6) suffix: Checking for suffix after "@" Fri Sep 25 21:37:11 2020 : Debug: (6) suffix: No '@' in User-Name = "user01", looking up realm NULL Fri Sep 25 21:37:11 2020 : Debug: (6) suffix: No such realm "NULL" Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: returned from suffix (rlm_realm) Fri Sep 25 21:37:11 2020 : Debug: (6) [suffix] = noop Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: calling eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (6) eap: Peer sent EAP Response (code 2) ID 7 length 96 Fri Sep 25 21:37:11 2020 : Debug: (6) eap: Continuing tunnel setup Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: returned from eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (6) [eap] = ok Fri Sep 25 21:37:11 2020 : Debug: (6) } # authorize = ok Fri Sep 25 21:37:11 2020 : Debug: (6) Found Auth-Type = eap Fri Sep 25 21:37:11 2020 : Debug: (6) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (6) authenticate { Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authenticate]: calling eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (6) eap: Expiring EAP session with state 0x84115a24841640af Fri Sep 25 21:37:11 2020 : Debug: (6) eap: Finished EAP session with state 0xcd396531c83e7cfe Fri Sep 25 21:37:11 2020 : Debug: (6) eap: Previous EAP request found for state 0xcd396531c83e7cfe, released from the list Fri Sep 25 21:37:11 2020 : Debug: (6) eap: Peer sent packet with method EAP PEAP (25) Fri Sep 25 21:37:11 2020 : Debug: (6) eap: Calling submodule eap_peap to process data Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: Continuing EAP-TLS Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: Peer sent flags --- Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: [eaptls verify] = ok Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: Done initial handshake Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: [eaptls process] = ok Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: Session established. Decoding tunneled attributes Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: PEAP state phase2 Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: EAP method MSCHAPv2 (26) Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: Got tunneled request Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: EAP-Message = 0x020700411a0207003c3153505d293895c2ca2e6a46dcb20828ff0000000000000000bb3aab1f00ef0f89cdb92146f0db80f29caf91eddd2c061c00757365723031 Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: Setting User-Name to user01 Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: Sending tunneled request to inner-tunnel Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: EAP-Message = 0x020700411a0207003c3153505d293895c2ca2e6a46dcb20828ff0000000000000000bb3aab1f00ef0f89cdb92146f0db80f29caf91eddd2c061c00757365723031 Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: User-Name = "user01" Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: State = 0x84115a24841640af9f4e0423154b6804 Fri Sep 25 21:37:11 2020 : Debug: (6) Virtual server inner-tunnel received request Fri Sep 25 21:37:11 2020 : Debug: (6) EAP-Message = 0x020700411a0207003c3153505d293895c2ca2e6a46dcb20828ff0000000000000000bb3aab1f00ef0f89cdb92146f0db80f29caf91eddd2c061c00757365723031 Fri Sep 25 21:37:11 2020 : Debug: (6) FreeRADIUS-Proxied-To = 127.0.0.1 Fri Sep 25 21:37:11 2020 : Debug: (6) User-Name = "user01" Fri Sep 25 21:37:11 2020 : Debug: (6) State = 0x84115a24841640af9f4e0423154b6804 Fri Sep 25 21:37:11 2020 : WARNING: (6) Outer and inner identities are the same. User privacy is compromised. Fri Sep 25 21:37:11 2020 : Debug: (6) server inner-tunnel { Fri Sep 25 21:37:11 2020 : Debug: (6) session-state: No cached attributes Fri Sep 25 21:37:11 2020 : Debug: (6) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Sep 25 21:37:11 2020 : Debug: (6) authorize { Fri Sep 25 21:37:11 2020 : Debug: (6) policy filter_username { Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name) { Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name) -> TRUE Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name) { Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name =~ / /) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name =~ / /) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name =~ /@[^@]*@/ ) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name =~ /\.\./ ) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name =~ /\.\./ ) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name =~ /\.$/) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name =~ /\.$/) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name =~ /@\./) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (6) if (&User-Name =~ /@\./) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (6) } # if (&User-Name) = notfound Fri Sep 25 21:37:11 2020 : Debug: (6) } # policy filter_username = notfound Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: calling chap (rlm_chap) Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: returned from chap (rlm_chap) Fri Sep 25 21:37:11 2020 : Debug: (6) [chap] = noop Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: calling mschap (rlm_mschap) Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: returned from mschap (rlm_mschap) Fri Sep 25 21:37:11 2020 : Debug: (6) [mschap] = noop Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: calling suffix (rlm_realm) Fri Sep 25 21:37:11 2020 : Debug: (6) suffix: Checking for suffix after "@" Fri Sep 25 21:37:11 2020 : Debug: (6) suffix: No '@' in User-Name = "user01", looking up realm NULL Fri Sep 25 21:37:11 2020 : Debug: (6) suffix: No such realm "NULL" Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: returned from suffix (rlm_realm) Fri Sep 25 21:37:11 2020 : Debug: (6) [suffix] = noop Fri Sep 25 21:37:11 2020 : Debug: (6) update control { Fri Sep 25 21:37:11 2020 : Debug: (6) &Proxy-To-Realm := LOCAL Fri Sep 25 21:37:11 2020 : Debug: (6) } # update control = noop Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: calling eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (6) eap: Peer sent EAP Response (code 2) ID 7 length 65 Fri Sep 25 21:37:11 2020 : Debug: (6) eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: returned from eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (6) [eap] = updated Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: calling files (rlm_files) Fri Sep 25 21:37:11 2020 : Debug: (6) files: users: Matched entry user01 at line 87 Fri Sep 25 21:37:11 2020 : Debug: (6) files: ::: FROM 1 TO 0 MAX 1 Fri Sep 25 21:37:11 2020 : Debug: (6) files: ::: Examining Reply-Message Fri Sep 25 21:37:11 2020 : Debug: Hello, %{User-Name} Fri Sep 25 21:37:11 2020 : Debug: Parsed xlat tree: Fri Sep 25 21:37:11 2020 : Debug: literal --> Hello, Fri Sep 25 21:37:11 2020 : Debug: attribute --> User-Name Fri Sep 25 21:37:11 2020 : Debug: (6) files: EXPAND Hello, %{User-Name} Fri Sep 25 21:37:11 2020 : Debug: (6) files: --> Hello, user01 Fri Sep 25 21:37:11 2020 : Debug: (6) files: ::: APPENDING Reply-Message FROM 0 TO 0 Fri Sep 25 21:37:11 2020 : Debug: (6) files: ::: TO in 0 out 0 Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: returned from files (rlm_files) Fri Sep 25 21:37:11 2020 : Debug: (6) [files] = ok Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: calling expiration (rlm_expiration) Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: returned from expiration (rlm_expiration) Fri Sep 25 21:37:11 2020 : Debug: (6) [expiration] = noop Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: calling logintime (rlm_logintime) Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: returned from logintime (rlm_logintime) Fri Sep 25 21:37:11 2020 : Debug: (6) [logintime] = noop Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: calling pap (rlm_pap) Fri Sep 25 21:37:11 2020 : WARNING: (6) pap: Auth-Type already set. Not setting to PAP Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authorize]: returned from pap (rlm_pap) Fri Sep 25 21:37:11 2020 : Debug: (6) [pap] = noop Fri Sep 25 21:37:11 2020 : Debug: (6) } # authorize = updated Fri Sep 25 21:37:11 2020 : Debug: (6) Found Auth-Type = eap Fri Sep 25 21:37:11 2020 : Debug: (6) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Sep 25 21:37:11 2020 : Debug: (6) authenticate { Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authenticate]: calling eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (6) eap: Expiring EAP session with state 0x84115a24841640af Fri Sep 25 21:37:11 2020 : Debug: (6) eap: Finished EAP session with state 0x84115a24841640af Fri Sep 25 21:37:11 2020 : Debug: (6) eap: Previous EAP request found for state 0x84115a24841640af, released from the list Fri Sep 25 21:37:11 2020 : Debug: (6) eap: Peer sent packet with method EAP MSCHAPv2 (26) Fri Sep 25 21:37:11 2020 : Debug: (6) eap: Calling submodule eap_mschapv2 to process data Fri Sep 25 21:37:11 2020 : Debug: (6) eap_mschapv2: # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Sep 25 21:37:11 2020 : Debug: (6) eap_mschapv2: authenticate { Fri Sep 25 21:37:11 2020 : Debug: (6) eap_mschapv2: modsingle[authenticate]: calling mschap (rlm_mschap) Fri Sep 25 21:37:11 2020 : Debug: (6) mschap: Found Cleartext-Password, hashing to create NT-Password Fri Sep 25 21:37:11 2020 : Debug: (6) mschap: Creating challenge hash with username: user01 Fri Sep 25 21:37:11 2020 : Debug: (6) mschap: Client is using MS-CHAPv2 Fri Sep 25 21:37:11 2020 : ERROR: (6) mschap: MS-CHAP2-Response is incorrect Fri Sep 25 21:37:11 2020 : Debug: (6) eap_mschapv2: modsingle[authenticate]: returned from mschap (rlm_mschap) Fri Sep 25 21:37:11 2020 : Debug: (6) eap_mschapv2: [mschap] = reject Fri Sep 25 21:37:11 2020 : Debug: (6) eap_mschapv2: } # authenticate = reject Fri Sep 25 21:37:11 2020 : Debug: (6) eap: Sending EAP Failure (code 4) ID 7 length 4 Fri Sep 25 21:37:11 2020 : Debug: (6) eap: Freeing handler Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authenticate]: returned from eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (6) [eap] = reject Fri Sep 25 21:37:11 2020 : Debug: (6) } # authenticate = reject Fri Sep 25 21:37:11 2020 : Debug: (6) Failed to authenticate the user Fri Sep 25 21:37:11 2020 : Debug: (6) Using Post-Auth-Type Reject Fri Sep 25 21:37:11 2020 : Debug: (6) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Sep 25 21:37:11 2020 : Debug: (6) Post-Auth-Type REJECT { Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[post-auth]: calling attr_filter.access_reject (rlm_attr_filter) Fri Sep 25 21:37:11 2020 : Debug: %{User-Name} Fri Sep 25 21:37:11 2020 : Debug: Parsed xlat tree: Fri Sep 25 21:37:11 2020 : Debug: attribute --> User-Name Fri Sep 25 21:37:11 2020 : Debug: (6) attr_filter.access_reject: EXPAND %{User-Name} Fri Sep 25 21:37:11 2020 : Debug: (6) attr_filter.access_reject: --> user01 Fri Sep 25 21:37:11 2020 : Debug: (6) attr_filter.access_reject: Matched entry DEFAULT at line 11 Fri Sep 25 21:37:11 2020 : Debug: (6) attr_filter.access_reject: Reply-Message = "Hello, user01" allowed by Reply-Message =* "" Fri Sep 25 21:37:11 2020 : Debug: (6) attr_filter.access_reject: Attribute "Reply-Message" allowed by 1 rules, disallowed by 0 rules Fri Sep 25 21:37:11 2020 : Debug: (6) attr_filter.access_reject: MS-CHAP-Error = "\007E=691 R=1 C=a4e6221d3742a714abcdc3dbc03cab39 V=3 M=Authentication rejected" allowed by MS-CHAP-Error =* "" Fri Sep 25 21:37:11 2020 : Debug: (6) attr_filter.access_reject: Attribute "MS-CHAP-Error" allowed by 1 rules, disallowed by 0 rules Fri Sep 25 21:37:11 2020 : Debug: (6) attr_filter.access_reject: EAP-Message = 0x04070004 allowed by EAP-Message =* 0x Fri Sep 25 21:37:11 2020 : Debug: (6) attr_filter.access_reject: Attribute "EAP-Message" allowed by 1 rules, disallowed by 0 rules Fri Sep 25 21:37:11 2020 : Debug: (6) attr_filter.access_reject: Message-Authenticator = 0x00000000000000000000000000000000 allowed by Message-Authenticator =* 0x Fri Sep 25 21:37:11 2020 : Debug: (6) attr_filter.access_reject: Attribute "Message-Authenticator" allowed by 1 rules, disallowed by 0 rules Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[post-auth]: returned from attr_filter.access_reject (rlm_attr_filter) Fri Sep 25 21:37:11 2020 : Debug: (6) [attr_filter.access_reject] = updated Fri Sep 25 21:37:11 2020 : Debug: (6) update outer.session-state { Fri Sep 25 21:37:11 2020 : Debug: (6) &Module-Failure-Message := &request:Module-Failure-Message -> 'mschap: MS-CHAP2-Response is incorrect' Fri Sep 25 21:37:11 2020 : Debug: (6) } # update outer.session-state = noop Fri Sep 25 21:37:11 2020 : Debug: (6) } # Post-Auth-Type REJECT = updated Fri Sep 25 21:37:11 2020 : Debug: (6) } # server inner-tunnel Fri Sep 25 21:37:11 2020 : Debug: (6) Virtual server sending reply Fri Sep 25 21:37:11 2020 : Debug: (6) Reply-Message = "Hello, user01" Fri Sep 25 21:37:11 2020 : Debug: (6) MS-CHAP-Error = "\007E=691 R=1 C=a4e6221d3742a714abcdc3dbc03cab39 V=3 M=Authentication rejected" Fri Sep 25 21:37:11 2020 : Debug: (6) EAP-Message = 0x04070004 Fri Sep 25 21:37:11 2020 : Debug: (6) Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: Got tunneled reply code 3 Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: Reply-Message = "Hello, user01" Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: MS-CHAP-Error = "\007E=691 R=1 C=a4e6221d3742a714abcdc3dbc03cab39 V=3 M=Authentication rejected" Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: EAP-Message = 0x04070004 Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: Got tunneled reply RADIUS code 3 Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: Reply-Message = "Hello, user01" Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: MS-CHAP-Error = "\007E=691 R=1 C=a4e6221d3742a714abcdc3dbc03cab39 V=3 M=Authentication rejected" Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: EAP-Message = 0x04070004 Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: Tunneled authentication was rejected Fri Sep 25 21:37:11 2020 : Debug: (6) eap_peap: FAILURE Fri Sep 25 21:37:11 2020 : Debug: (6) eap: Sending EAP Request (code 1) ID 8 length 46 Fri Sep 25 21:37:11 2020 : Debug: (6) eap: EAP session adding &reply:State = 0xcd396531cb317cfe Fri Sep 25 21:37:11 2020 : Debug: (6) modsingle[authenticate]: returned from eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (6) [eap] = handled Fri Sep 25 21:37:11 2020 : Debug: (6) } # authenticate = handled Fri Sep 25 21:37:11 2020 : Debug: (6) Using Post-Auth-Type Challenge Fri Sep 25 21:37:11 2020 : Debug: (6) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (6) Challenge { ... } # empty sub-section is ignored Fri Sep 25 21:37:11 2020 : Debug: (6) session-state: Saving cached attributes Fri Sep 25 21:37:11 2020 : Debug: (6) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" Fri Sep 25 21:37:11 2020 : Debug: (6) TLS-Session-Version = "TLS 1.2" Fri Sep 25 21:37:11 2020 : Debug: (6) Module-Failure-Message := "mschap: MS-CHAP2-Response is incorrect" Fri Sep 25 21:37:11 2020 : Debug: (6) Sent Access-Challenge Id 137 from 192.168.255.20:1812 to 192.168.255.102:33392 length 0 Fri Sep 25 21:37:11 2020 : Debug: (6) EAP-Message = 0x0108002e190017030300236ca288940f966b53e7f17f75b3f6db70955e9edfd3a38e89de9693110a3487c03b3005 Fri Sep 25 21:37:11 2020 : Debug: (6) Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:11 2020 : Debug: (6) State = 0xcd396531cb317cfee72ab47eec5a39d7 Fri Sep 25 21:37:11 2020 : Debug: (6) Finished request Fri Sep 25 21:37:11 2020 : Debug: Waking up in 4.8 seconds. Fri Sep 25 21:37:11 2020 : Debug: (7) Received Access-Request Id 138 from 192.168.255.102:33392 to 192.168.255.20:1812 length 212 Fri Sep 25 21:37:11 2020 : Debug: (7) User-Name = "user01" Fri Sep 25 21:37:11 2020 : Debug: (7) NAS-IP-Address = 192.168.255.102 Fri Sep 25 21:37:11 2020 : Debug: (7) NAS-Identifier = "hello" Fri Sep 25 21:37:11 2020 : Debug: (7) NAS-Port = 0 Fri Sep 25 21:37:11 2020 : Debug: (7) Called-Station-Id = "C4-3D-C7-96-EE-23:eduroam" Fri Sep 25 21:37:11 2020 : Debug: (7) Calling-Station-Id = "F4-5C-89-9C-54-49" Fri Sep 25 21:37:11 2020 : Debug: (7) Framed-MTU = 1400 Fri Sep 25 21:37:11 2020 : Debug: (7) NAS-Port-Type = Wireless-802.11 Fri Sep 25 21:37:11 2020 : Debug: (7) Connect-Info = "CONNECT 0Mbps 802.11g" Fri Sep 25 21:37:11 2020 : Debug: (7) EAP-Message = 0x0208002e19001703030023000000000000000393a9031824ff42d90df164715f1e89d554258007144e2e960bab3e Fri Sep 25 21:37:11 2020 : Debug: (7) State = 0xcd396531cb317cfee72ab47eec5a39d7 Fri Sep 25 21:37:11 2020 : Debug: (7) Message-Authenticator = 0x4d47fb4cc2989fd2192e77f201a261ad Fri Sep 25 21:37:11 2020 : Debug: (7) Restoring &session-state Fri Sep 25 21:37:11 2020 : Debug: (7) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" Fri Sep 25 21:37:11 2020 : Debug: (7) &session-state:TLS-Session-Version = "TLS 1.2" Fri Sep 25 21:37:11 2020 : Debug: (7) &session-state:Module-Failure-Message := "mschap: MS-CHAP2-Response is incorrect" Fri Sep 25 21:37:11 2020 : Debug: (7) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (7) authorize { Fri Sep 25 21:37:11 2020 : Debug: (7) policy filter_username { Fri Sep 25 21:37:11 2020 : Debug: (7) if (&User-Name) { Fri Sep 25 21:37:11 2020 : Debug: (7) if (&User-Name) -> TRUE Fri Sep 25 21:37:11 2020 : Debug: (7) if (&User-Name) { Fri Sep 25 21:37:11 2020 : Debug: (7) if (&User-Name =~ / /) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (7) if (&User-Name =~ / /) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (7) if (&User-Name =~ /@[^@]*@/ ) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (7) if (&User-Name =~ /\.\./ ) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (7) if (&User-Name =~ /\.\./ ) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (7) if (&User-Name =~ /\.$/) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (7) if (&User-Name =~ /\.$/) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (7) if (&User-Name =~ /@\./) { Fri Sep 25 21:37:11 2020 : Debug: No old matches Fri Sep 25 21:37:11 2020 : Debug: (7) if (&User-Name =~ /@\./) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (7) } # if (&User-Name) = notfound Fri Sep 25 21:37:11 2020 : Debug: (7) } # policy filter_username = notfound Fri Sep 25 21:37:11 2020 : Debug: (7) modsingle[authorize]: calling preprocess (rlm_preprocess) Fri Sep 25 21:37:11 2020 : Debug: (7) modsingle[authorize]: returned from preprocess (rlm_preprocess) Fri Sep 25 21:37:11 2020 : Debug: (7) [preprocess] = ok Fri Sep 25 21:37:11 2020 : Debug: (7) modsingle[authorize]: calling chap (rlm_chap) Fri Sep 25 21:37:11 2020 : Debug: (7) modsingle[authorize]: returned from chap (rlm_chap) Fri Sep 25 21:37:11 2020 : Debug: (7) [chap] = noop Fri Sep 25 21:37:11 2020 : Debug: (7) modsingle[authorize]: calling mschap (rlm_mschap) Fri Sep 25 21:37:11 2020 : Debug: (7) modsingle[authorize]: returned from mschap (rlm_mschap) Fri Sep 25 21:37:11 2020 : Debug: (7) [mschap] = noop Fri Sep 25 21:37:11 2020 : Debug: (7) modsingle[authorize]: calling digest (rlm_digest) Fri Sep 25 21:37:11 2020 : Debug: (7) modsingle[authorize]: returned from digest (rlm_digest) Fri Sep 25 21:37:11 2020 : Debug: (7) [digest] = noop Fri Sep 25 21:37:11 2020 : Debug: (7) modsingle[authorize]: calling suffix (rlm_realm) Fri Sep 25 21:37:11 2020 : Debug: (7) suffix: Checking for suffix after "@" Fri Sep 25 21:37:11 2020 : Debug: (7) suffix: No '@' in User-Name = "user01", looking up realm NULL Fri Sep 25 21:37:11 2020 : Debug: (7) suffix: No such realm "NULL" Fri Sep 25 21:37:11 2020 : Debug: (7) modsingle[authorize]: returned from suffix (rlm_realm) Fri Sep 25 21:37:11 2020 : Debug: (7) [suffix] = noop Fri Sep 25 21:37:11 2020 : Debug: (7) modsingle[authorize]: calling eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (7) eap: Peer sent EAP Response (code 2) ID 8 length 46 Fri Sep 25 21:37:11 2020 : Debug: (7) eap: Continuing tunnel setup Fri Sep 25 21:37:11 2020 : Debug: (7) modsingle[authorize]: returned from eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (7) [eap] = ok Fri Sep 25 21:37:11 2020 : Debug: (7) } # authorize = ok Fri Sep 25 21:37:11 2020 : Debug: (7) Found Auth-Type = eap Fri Sep 25 21:37:11 2020 : Debug: (7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (7) authenticate { Fri Sep 25 21:37:11 2020 : Debug: (7) modsingle[authenticate]: calling eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (7) eap: Expiring EAP session with state 0xcd396531cb317cfe Fri Sep 25 21:37:11 2020 : Debug: (7) eap: Finished EAP session with state 0xcd396531cb317cfe Fri Sep 25 21:37:11 2020 : Debug: (7) eap: Previous EAP request found for state 0xcd396531cb317cfe, released from the list Fri Sep 25 21:37:11 2020 : Debug: (7) eap: Peer sent packet with method EAP PEAP (25) Fri Sep 25 21:37:11 2020 : Debug: (7) eap: Calling submodule eap_peap to process data Fri Sep 25 21:37:11 2020 : Debug: (7) eap_peap: Continuing EAP-TLS Fri Sep 25 21:37:11 2020 : Debug: (7) eap_peap: Peer sent flags --- Fri Sep 25 21:37:11 2020 : Debug: (7) eap_peap: [eaptls verify] = ok Fri Sep 25 21:37:11 2020 : Debug: (7) eap_peap: Done initial handshake Fri Sep 25 21:37:11 2020 : Debug: (7) eap_peap: [eaptls process] = ok Fri Sep 25 21:37:11 2020 : Debug: (7) eap_peap: Session established. Decoding tunneled attributes Fri Sep 25 21:37:11 2020 : Debug: (7) eap_peap: PEAP state send tlv failure Fri Sep 25 21:37:11 2020 : Debug: (7) eap_peap: Received EAP-TLV response Fri Sep 25 21:37:11 2020 : ERROR: (7) eap_peap: The users session was previously rejected: returning reject (again.) Fri Sep 25 21:37:11 2020 : Debug: (7) eap_peap: This means you need to read the PREVIOUS messages in the debug output Fri Sep 25 21:37:11 2020 : Debug: (7) eap_peap: to find out the reason why the user was rejected Fri Sep 25 21:37:11 2020 : Debug: (7) eap_peap: Look for "reject" or "fail". Those earlier messages will tell you Fri Sep 25 21:37:11 2020 : Debug: (7) eap_peap: what went wrong, and how to fix the problem Fri Sep 25 21:37:11 2020 : ERROR: (7) eap: Failed continuing EAP PEAP (25) session. EAP sub-module failed Fri Sep 25 21:37:11 2020 : Debug: (7) eap: Sending EAP Failure (code 4) ID 8 length 4 Fri Sep 25 21:37:11 2020 : Debug: (7) eap: Failed in EAP select Fri Sep 25 21:37:11 2020 : Debug: (7) modsingle[authenticate]: returned from eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (7) [eap] = invalid Fri Sep 25 21:37:11 2020 : Debug: (7) } # authenticate = invalid Fri Sep 25 21:37:11 2020 : Debug: (7) Failed to authenticate the user Fri Sep 25 21:37:11 2020 : Debug: (7) Using Post-Auth-Type Reject Fri Sep 25 21:37:11 2020 : Debug: (7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:11 2020 : Debug: (7) Post-Auth-Type REJECT { Fri Sep 25 21:37:11 2020 : Debug: (7) modsingle[post-auth]: calling attr_filter.access_reject (rlm_attr_filter) Fri Sep 25 21:37:11 2020 : Debug: %{User-Name} Fri Sep 25 21:37:11 2020 : Debug: Parsed xlat tree: Fri Sep 25 21:37:11 2020 : Debug: attribute --> User-Name Fri Sep 25 21:37:11 2020 : Debug: (7) attr_filter.access_reject: EXPAND %{User-Name} Fri Sep 25 21:37:11 2020 : Debug: (7) attr_filter.access_reject: --> user01 Fri Sep 25 21:37:11 2020 : Debug: (7) attr_filter.access_reject: Matched entry DEFAULT at line 11 Fri Sep 25 21:37:11 2020 : Debug: (7) attr_filter.access_reject: EAP-Message = 0x04080004 allowed by EAP-Message =* 0x Fri Sep 25 21:37:11 2020 : Debug: (7) attr_filter.access_reject: Attribute "EAP-Message" allowed by 1 rules, disallowed by 0 rules Fri Sep 25 21:37:11 2020 : Debug: (7) attr_filter.access_reject: Message-Authenticator = 0x00000000000000000000000000000000 allowed by Message-Authenticator =* 0x Fri Sep 25 21:37:11 2020 : Debug: (7) attr_filter.access_reject: Attribute "Message-Authenticator" allowed by 1 rules, disallowed by 0 rules Fri Sep 25 21:37:11 2020 : Debug: (7) modsingle[post-auth]: returned from attr_filter.access_reject (rlm_attr_filter) Fri Sep 25 21:37:11 2020 : Debug: (7) [attr_filter.access_reject] = updated Fri Sep 25 21:37:11 2020 : Debug: (7) modsingle[post-auth]: calling eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (7) eap: Reply already contained an EAP-Message, not inserting EAP-Failure Fri Sep 25 21:37:11 2020 : Debug: (7) modsingle[post-auth]: returned from eap (rlm_eap) Fri Sep 25 21:37:11 2020 : Debug: (7) [eap] = noop Fri Sep 25 21:37:11 2020 : Debug: (7) policy remove_reply_message_if_eap { Fri Sep 25 21:37:11 2020 : Debug: (7) if (&reply:EAP-Message && &reply:Reply-Message) { Fri Sep 25 21:37:11 2020 : Debug: (7) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE Fri Sep 25 21:37:11 2020 : Debug: (7) else { Fri Sep 25 21:37:11 2020 : Debug: (7) modsingle[post-auth]: calling noop (rlm_always) Fri Sep 25 21:37:11 2020 : Debug: (7) modsingle[post-auth]: returned from noop (rlm_always) Fri Sep 25 21:37:11 2020 : Debug: (7) [noop] = noop Fri Sep 25 21:37:11 2020 : Debug: (7) } # else = noop Fri Sep 25 21:37:11 2020 : Debug: (7) } # policy remove_reply_message_if_eap = noop Fri Sep 25 21:37:11 2020 : Debug: (7) } # Post-Auth-Type REJECT = updated Fri Sep 25 21:37:11 2020 : Debug: (7) Delaying response for 1.000000 seconds Fri Sep 25 21:37:11 2020 : Debug: Waking up in 0.3 seconds. Fri Sep 25 21:37:11 2020 : Debug: Waking up in 0.6 seconds. Fri Sep 25 21:37:12 2020 : Debug: (7) (7) Discarding duplicate request from client 192.168.255.102 port 33392 - ID: 138 due to delayed response Fri Sep 25 21:37:12 2020 : Debug: (7) Sending delayed response Fri Sep 25 21:37:12 2020 : Debug: (7) Sent Access-Reject Id 138 from 192.168.255.20:1812 to 192.168.255.102:33392 length 44 Fri Sep 25 21:37:12 2020 : Debug: (7) EAP-Message = 0x04080004 Fri Sep 25 21:37:12 2020 : Debug: (7) Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:12 2020 : Debug: Waking up in 3.8 seconds. Fri Sep 25 21:37:13 2020 : Debug: (8) Received Access-Request Id 139 from 192.168.255.102:33392 to 192.168.255.20:1812 length 159 Fri Sep 25 21:37:13 2020 : Debug: (8) User-Name = "user01" Fri Sep 25 21:37:13 2020 : Debug: (8) NAS-IP-Address = 192.168.255.102 Fri Sep 25 21:37:13 2020 : Debug: (8) NAS-Identifier = "hello" Fri Sep 25 21:37:13 2020 : Debug: (8) NAS-Port = 0 Fri Sep 25 21:37:13 2020 : Debug: (8) Called-Station-Id = "C4-3D-C7-96-EE-23:eduroam" Fri Sep 25 21:37:13 2020 : Debug: (8) Calling-Station-Id = "F4-5C-89-9C-54-49" Fri Sep 25 21:37:13 2020 : Debug: (8) Framed-MTU = 1400 Fri Sep 25 21:37:13 2020 : Debug: (8) NAS-Port-Type = Wireless-802.11 Fri Sep 25 21:37:13 2020 : Debug: (8) Connect-Info = "CONNECT 0Mbps 802.11g" Fri Sep 25 21:37:13 2020 : Debug: (8) EAP-Message = 0x0201000b01757365723031 Fri Sep 25 21:37:13 2020 : Debug: (8) Message-Authenticator = 0x2d9071054d88f27f809128897c5f4016 Fri Sep 25 21:37:13 2020 : Debug: (8) session-state: No State attribute Fri Sep 25 21:37:13 2020 : Debug: (8) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (8) authorize { Fri Sep 25 21:37:13 2020 : Debug: (8) policy filter_username { Fri Sep 25 21:37:13 2020 : Debug: (8) if (&User-Name) { Fri Sep 25 21:37:13 2020 : Debug: (8) if (&User-Name) -> TRUE Fri Sep 25 21:37:13 2020 : Debug: (8) if (&User-Name) { Fri Sep 25 21:37:13 2020 : Debug: (8) if (&User-Name =~ / /) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (8) if (&User-Name =~ / /) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (8) if (&User-Name =~ /@[^@]*@/ ) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (8) if (&User-Name =~ /\.\./ ) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (8) if (&User-Name =~ /\.\./ ) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (8) if (&User-Name =~ /\.$/) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (8) if (&User-Name =~ /\.$/) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (8) if (&User-Name =~ /@\./) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (8) if (&User-Name =~ /@\./) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (8) } # if (&User-Name) = notfound Fri Sep 25 21:37:13 2020 : Debug: (8) } # policy filter_username = notfound Fri Sep 25 21:37:13 2020 : Debug: (8) modsingle[authorize]: calling preprocess (rlm_preprocess) Fri Sep 25 21:37:13 2020 : Debug: (8) modsingle[authorize]: returned from preprocess (rlm_preprocess) Fri Sep 25 21:37:13 2020 : Debug: (8) [preprocess] = ok Fri Sep 25 21:37:13 2020 : Debug: (8) modsingle[authorize]: calling chap (rlm_chap) Fri Sep 25 21:37:13 2020 : Debug: (8) modsingle[authorize]: returned from chap (rlm_chap) Fri Sep 25 21:37:13 2020 : Debug: (8) [chap] = noop Fri Sep 25 21:37:13 2020 : Debug: (8) modsingle[authorize]: calling mschap (rlm_mschap) Fri Sep 25 21:37:13 2020 : Debug: (8) modsingle[authorize]: returned from mschap (rlm_mschap) Fri Sep 25 21:37:13 2020 : Debug: (8) [mschap] = noop Fri Sep 25 21:37:13 2020 : Debug: (8) modsingle[authorize]: calling digest (rlm_digest) Fri Sep 25 21:37:13 2020 : Debug: (8) modsingle[authorize]: returned from digest (rlm_digest) Fri Sep 25 21:37:13 2020 : Debug: (8) [digest] = noop Fri Sep 25 21:37:13 2020 : Debug: (8) modsingle[authorize]: calling suffix (rlm_realm) Fri Sep 25 21:37:13 2020 : Debug: (8) suffix: Checking for suffix after "@" Fri Sep 25 21:37:13 2020 : Debug: (8) suffix: No '@' in User-Name = "user01", looking up realm NULL Fri Sep 25 21:37:13 2020 : Debug: (8) suffix: No such realm "NULL" Fri Sep 25 21:37:13 2020 : Debug: (8) modsingle[authorize]: returned from suffix (rlm_realm) Fri Sep 25 21:37:13 2020 : Debug: (8) [suffix] = noop Fri Sep 25 21:37:13 2020 : Debug: (8) modsingle[authorize]: calling eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (8) eap: Peer sent EAP Response (code 2) ID 1 length 11 Fri Sep 25 21:37:13 2020 : Debug: (8) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize Fri Sep 25 21:37:13 2020 : Debug: (8) modsingle[authorize]: returned from eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (8) [eap] = ok Fri Sep 25 21:37:13 2020 : Debug: (8) } # authorize = ok Fri Sep 25 21:37:13 2020 : Debug: (8) Found Auth-Type = eap Fri Sep 25 21:37:13 2020 : Debug: (8) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (8) authenticate { Fri Sep 25 21:37:13 2020 : Debug: (8) modsingle[authenticate]: calling eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (8) eap: Peer sent packet with method EAP Identity (1) Fri Sep 25 21:37:13 2020 : Debug: (8) eap: Calling submodule eap_peap to process data Fri Sep 25 21:37:13 2020 : Debug: (8) eap_peap: Initiating new TLS session Fri Sep 25 21:37:13 2020 : Debug: (8) eap_peap: [eaptls start] = request Fri Sep 25 21:37:13 2020 : Debug: (8) eap: Sending EAP Request (code 1) ID 2 length 6 Fri Sep 25 21:37:13 2020 : Debug: (8) eap: EAP session adding &reply:State = 0x3a8fd5ca3a8dccab Fri Sep 25 21:37:13 2020 : Debug: (8) modsingle[authenticate]: returned from eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (8) [eap] = handled Fri Sep 25 21:37:13 2020 : Debug: (8) } # authenticate = handled Fri Sep 25 21:37:13 2020 : Debug: (8) Using Post-Auth-Type Challenge Fri Sep 25 21:37:13 2020 : Debug: (8) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (8) Challenge { ... } # empty sub-section is ignored Fri Sep 25 21:37:13 2020 : Debug: (8) session-state: Nothing to cache Fri Sep 25 21:37:13 2020 : Debug: (8) Sent Access-Challenge Id 139 from 192.168.255.20:1812 to 192.168.255.102:33392 length 0 Fri Sep 25 21:37:13 2020 : Debug: (8) EAP-Message = 0x010200061920 Fri Sep 25 21:37:13 2020 : Debug: (8) Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:13 2020 : Debug: (8) State = 0x3a8fd5ca3a8dccab834f6c6baaa88a53 Fri Sep 25 21:37:13 2020 : Debug: (8) Finished request Fri Sep 25 21:37:13 2020 : Debug: Waking up in 3.1 seconds. Fri Sep 25 21:37:13 2020 : Debug: (9) Received Access-Request Id 140 from 192.168.255.102:33392 to 192.168.255.20:1812 length 332 Fri Sep 25 21:37:13 2020 : Debug: (9) User-Name = "user01" Fri Sep 25 21:37:13 2020 : Debug: (9) NAS-IP-Address = 192.168.255.102 Fri Sep 25 21:37:13 2020 : Debug: (9) NAS-Identifier = "hello" Fri Sep 25 21:37:13 2020 : Debug: (9) NAS-Port = 0 Fri Sep 25 21:37:13 2020 : Debug: (9) Called-Station-Id = "C4-3D-C7-96-EE-23:eduroam" Fri Sep 25 21:37:13 2020 : Debug: (9) Calling-Station-Id = "F4-5C-89-9C-54-49" Fri Sep 25 21:37:13 2020 : Debug: (9) Framed-MTU = 1400 Fri Sep 25 21:37:13 2020 : Debug: (9) NAS-Port-Type = Wireless-802.11 Fri Sep 25 21:37:13 2020 : Debug: (9) Connect-Info = "CONNECT 0Mbps 802.11g" Fri Sep 25 21:37:13 2020 : Debug: (9) EAP-Message = 0x020200a619800000009c16030300970100009303035f6de53aa3f41d2aaa74cb4757c19e75c108f7b9172294efef52d9e4ae90c65e00002ac02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c013009d009c003d003c0035002f000a01000040000500050100000000000a00080006001d00170018000b00020100000d001400120401050102010403050302030202060106030023000000170000ff01000100 Fri Sep 25 21:37:13 2020 : Debug: (9) State = 0x3a8fd5ca3a8dccab834f6c6baaa88a53 Fri Sep 25 21:37:13 2020 : Debug: (9) Message-Authenticator = 0x0d6d8ad35b01c6c1bac3a514c0e8568a Fri Sep 25 21:37:13 2020 : Debug: (9) session-state: No cached attributes Fri Sep 25 21:37:13 2020 : Debug: (9) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (9) authorize { Fri Sep 25 21:37:13 2020 : Debug: (9) policy filter_username { Fri Sep 25 21:37:13 2020 : Debug: (9) if (&User-Name) { Fri Sep 25 21:37:13 2020 : Debug: (9) if (&User-Name) -> TRUE Fri Sep 25 21:37:13 2020 : Debug: (9) if (&User-Name) { Fri Sep 25 21:37:13 2020 : Debug: (9) if (&User-Name =~ / /) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (9) if (&User-Name =~ / /) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (9) if (&User-Name =~ /@[^@]*@/ ) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (9) if (&User-Name =~ /\.\./ ) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (9) if (&User-Name =~ /\.\./ ) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (9) if (&User-Name =~ /\.$/) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (9) if (&User-Name =~ /\.$/) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (9) if (&User-Name =~ /@\./) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (9) if (&User-Name =~ /@\./) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (9) } # if (&User-Name) = notfound Fri Sep 25 21:37:13 2020 : Debug: (9) } # policy filter_username = notfound Fri Sep 25 21:37:13 2020 : Debug: (9) modsingle[authorize]: calling preprocess (rlm_preprocess) Fri Sep 25 21:37:13 2020 : Debug: (9) modsingle[authorize]: returned from preprocess (rlm_preprocess) Fri Sep 25 21:37:13 2020 : Debug: (9) [preprocess] = ok Fri Sep 25 21:37:13 2020 : Debug: (9) modsingle[authorize]: calling chap (rlm_chap) Fri Sep 25 21:37:13 2020 : Debug: (9) modsingle[authorize]: returned from chap (rlm_chap) Fri Sep 25 21:37:13 2020 : Debug: (9) [chap] = noop Fri Sep 25 21:37:13 2020 : Debug: (9) modsingle[authorize]: calling mschap (rlm_mschap) Fri Sep 25 21:37:13 2020 : Debug: (9) modsingle[authorize]: returned from mschap (rlm_mschap) Fri Sep 25 21:37:13 2020 : Debug: (9) [mschap] = noop Fri Sep 25 21:37:13 2020 : Debug: (9) modsingle[authorize]: calling digest (rlm_digest) Fri Sep 25 21:37:13 2020 : Debug: (9) modsingle[authorize]: returned from digest (rlm_digest) Fri Sep 25 21:37:13 2020 : Debug: (9) [digest] = noop Fri Sep 25 21:37:13 2020 : Debug: (9) modsingle[authorize]: calling suffix (rlm_realm) Fri Sep 25 21:37:13 2020 : Debug: (9) suffix: Checking for suffix after "@" Fri Sep 25 21:37:13 2020 : Debug: (9) suffix: No '@' in User-Name = "user01", looking up realm NULL Fri Sep 25 21:37:13 2020 : Debug: (9) suffix: No such realm "NULL" Fri Sep 25 21:37:13 2020 : Debug: (9) modsingle[authorize]: returned from suffix (rlm_realm) Fri Sep 25 21:37:13 2020 : Debug: (9) [suffix] = noop Fri Sep 25 21:37:13 2020 : Debug: (9) modsingle[authorize]: calling eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (9) eap: Peer sent EAP Response (code 2) ID 2 length 166 Fri Sep 25 21:37:13 2020 : Debug: (9) eap: Continuing tunnel setup Fri Sep 25 21:37:13 2020 : Debug: (9) modsingle[authorize]: returned from eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (9) [eap] = ok Fri Sep 25 21:37:13 2020 : Debug: (9) } # authorize = ok Fri Sep 25 21:37:13 2020 : Debug: (9) Found Auth-Type = eap Fri Sep 25 21:37:13 2020 : Debug: (9) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (9) authenticate { Fri Sep 25 21:37:13 2020 : Debug: (9) modsingle[authenticate]: calling eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (9) eap: Expiring EAP session with state 0x3a8fd5ca3a8dccab Fri Sep 25 21:37:13 2020 : Debug: (9) eap: Finished EAP session with state 0x3a8fd5ca3a8dccab Fri Sep 25 21:37:13 2020 : Debug: (9) eap: Previous EAP request found for state 0x3a8fd5ca3a8dccab, released from the list Fri Sep 25 21:37:13 2020 : Debug: (9) eap: Peer sent packet with method EAP PEAP (25) Fri Sep 25 21:37:13 2020 : Debug: (9) eap: Calling submodule eap_peap to process data Fri Sep 25 21:37:13 2020 : Debug: (9) eap_peap: Continuing EAP-TLS Fri Sep 25 21:37:13 2020 : Debug: (9) eap_peap: Peer sent flags --L Fri Sep 25 21:37:13 2020 : Debug: (9) eap_peap: Peer indicated complete TLS record size will be 156 bytes Fri Sep 25 21:37:13 2020 : Debug: (9) eap_peap: Got complete TLS record (156 bytes) Fri Sep 25 21:37:13 2020 : Debug: (9) eap_peap: [eaptls verify] = length included Fri Sep 25 21:37:13 2020 : Debug: (9) eap_peap: (other): before/accept initialization Fri Sep 25 21:37:13 2020 : Debug: (9) eap_peap: TLS_accept: before/accept initialization Fri Sep 25 21:37:13 2020 : Debug: (9) eap_peap: <<< recv TLS 1.2 [length 0097] Fri Sep 25 21:37:13 2020 : Debug: (9) eap_peap: TLS_accept: SSLv3 read client hello A Fri Sep 25 21:37:13 2020 : Debug: (9) eap_peap: >>> send TLS 1.2 [length 0039] Fri Sep 25 21:37:13 2020 : Debug: (9) eap_peap: TLS_accept: SSLv3 write server hello A Fri Sep 25 21:37:13 2020 : Debug: (9) eap_peap: >>> send TLS 1.2 [length 066c] Fri Sep 25 21:37:13 2020 : Debug: (9) eap_peap: TLS_accept: SSLv3 write certificate A Fri Sep 25 21:37:13 2020 : Debug: (9) eap_peap: >>> send TLS 1.2 [length 00cd] Fri Sep 25 21:37:13 2020 : Debug: (9) eap_peap: TLS_accept: SSLv3 write key exchange A Fri Sep 25 21:37:13 2020 : Debug: (9) eap_peap: >>> send TLS 1.2 [length 0004] Fri Sep 25 21:37:13 2020 : Debug: (9) eap_peap: TLS_accept: SSLv3 write server done A Fri Sep 25 21:37:13 2020 : Debug: (9) eap_peap: TLS_accept: SSLv3 flush data Fri Sep 25 21:37:13 2020 : Debug: (9) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A Fri Sep 25 21:37:13 2020 : Debug: (9) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A Fri Sep 25 21:37:13 2020 : Debug: (9) eap_peap: TLS - In Handshake Phase Fri Sep 25 21:37:13 2020 : Debug: (9) eap_peap: TLS - got 1930 bytes of data Fri Sep 25 21:37:13 2020 : Debug: (9) eap_peap: [eaptls process] = handled Fri Sep 25 21:37:13 2020 : Debug: (9) eap: Sending EAP Request (code 1) ID 3 length 1410 Fri Sep 25 21:37:13 2020 : Debug: (9) eap: EAP session adding &reply:State = 0x3a8fd5ca3b8cccab Fri Sep 25 21:37:13 2020 : Debug: (9) modsingle[authenticate]: returned from eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (9) [eap] = handled Fri Sep 25 21:37:13 2020 : Debug: (9) } # authenticate = handled Fri Sep 25 21:37:13 2020 : Debug: (9) Using Post-Auth-Type Challenge Fri Sep 25 21:37:13 2020 : Debug: (9) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (9) Challenge { ... } # empty sub-section is ignored Fri Sep 25 21:37:13 2020 : Debug: (9) session-state: Nothing to cache Fri Sep 25 21:37:13 2020 : Debug: (9) Sent Access-Challenge Id 140 from 192.168.255.20:1812 to 192.168.255.102:33392 length 0 Fri Sep 25 21:37:13 2020 : Debug: (9) EAP-Message = 0x0103058219c00000078a16030300390200003503035f6de4799bb90ecca23ecb79f3aa08c95a0d0ff9ad788ea565404c2e6bec05d700c03000000dff01000100000b000403000102160303066c0b0006680006650002b9308202b53082021ea003020102020101300d06092a864886f70d01010b0500308193311830160603550403130f416e794c696e6b20526f6f74204341310b3009060355040613024b52310e300c0603550408130553656f756c3110300e06035504071307536f6e672d506131123010060355040a1309456e74726f4c696e6b3110300e060355040b13076e6574776f726b3122302006092a864886f70d010901161361646d696e40656e74726f6c696e6b2e636f6d301e170d3230303932313032323334385a170d3431303731343032323334385a308193310b3009060355040613024b52310e300c0603550408130553656f756c3110300e06035504071307536f6e672d506131123010060355040a1309456e74726f4c696e6b3110300e06 Fri Sep 25 21:37:13 2020 : Debug: (9) Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:13 2020 : Debug: (9) State = 0x3a8fd5ca3b8cccab834f6c6baaa88a53 Fri Sep 25 21:37:13 2020 : Debug: (9) Finished request Fri Sep 25 21:37:13 2020 : Debug: Waking up in 3.1 seconds. Fri Sep 25 21:37:13 2020 : Debug: (10) Received Access-Request Id 141 from 192.168.255.102:33392 to 192.168.255.20:1812 length 172 Fri Sep 25 21:37:13 2020 : Debug: (10) User-Name = "user01" Fri Sep 25 21:37:13 2020 : Debug: (10) NAS-IP-Address = 192.168.255.102 Fri Sep 25 21:37:13 2020 : Debug: (10) NAS-Identifier = "hello" Fri Sep 25 21:37:13 2020 : Debug: (10) NAS-Port = 0 Fri Sep 25 21:37:13 2020 : Debug: (10) Called-Station-Id = "C4-3D-C7-96-EE-23:eduroam" Fri Sep 25 21:37:13 2020 : Debug: (10) Calling-Station-Id = "F4-5C-89-9C-54-49" Fri Sep 25 21:37:13 2020 : Debug: (10) Framed-MTU = 1400 Fri Sep 25 21:37:13 2020 : Debug: (10) NAS-Port-Type = Wireless-802.11 Fri Sep 25 21:37:13 2020 : Debug: (10) Connect-Info = "CONNECT 0Mbps 802.11g" Fri Sep 25 21:37:13 2020 : Debug: (10) EAP-Message = 0x020300061900 Fri Sep 25 21:37:13 2020 : Debug: (10) State = 0x3a8fd5ca3b8cccab834f6c6baaa88a53 Fri Sep 25 21:37:13 2020 : Debug: (10) Message-Authenticator = 0xf1a407fb1f89afe03934a5ec4a9665c0 Fri Sep 25 21:37:13 2020 : Debug: (10) session-state: No cached attributes Fri Sep 25 21:37:13 2020 : Debug: (10) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (10) authorize { Fri Sep 25 21:37:13 2020 : Debug: (10) policy filter_username { Fri Sep 25 21:37:13 2020 : Debug: (10) if (&User-Name) { Fri Sep 25 21:37:13 2020 : Debug: (10) if (&User-Name) -> TRUE Fri Sep 25 21:37:13 2020 : Debug: (10) if (&User-Name) { Fri Sep 25 21:37:13 2020 : Debug: (10) if (&User-Name =~ / /) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (10) if (&User-Name =~ / /) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (10) if (&User-Name =~ /@[^@]*@/ ) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (10) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (10) if (&User-Name =~ /\.\./ ) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (10) if (&User-Name =~ /\.\./ ) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (10) if (&User-Name =~ /\.$/) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (10) if (&User-Name =~ /\.$/) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (10) if (&User-Name =~ /@\./) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (10) if (&User-Name =~ /@\./) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (10) } # if (&User-Name) = notfound Fri Sep 25 21:37:13 2020 : Debug: (10) } # policy filter_username = notfound Fri Sep 25 21:37:13 2020 : Debug: (10) modsingle[authorize]: calling preprocess (rlm_preprocess) Fri Sep 25 21:37:13 2020 : Debug: (10) modsingle[authorize]: returned from preprocess (rlm_preprocess) Fri Sep 25 21:37:13 2020 : Debug: (10) [preprocess] = ok Fri Sep 25 21:37:13 2020 : Debug: (10) modsingle[authorize]: calling chap (rlm_chap) Fri Sep 25 21:37:13 2020 : Debug: (10) modsingle[authorize]: returned from chap (rlm_chap) Fri Sep 25 21:37:13 2020 : Debug: (10) [chap] = noop Fri Sep 25 21:37:13 2020 : Debug: (10) modsingle[authorize]: calling mschap (rlm_mschap) Fri Sep 25 21:37:13 2020 : Debug: (10) modsingle[authorize]: returned from mschap (rlm_mschap) Fri Sep 25 21:37:13 2020 : Debug: (10) [mschap] = noop Fri Sep 25 21:37:13 2020 : Debug: (10) modsingle[authorize]: calling digest (rlm_digest) Fri Sep 25 21:37:13 2020 : Debug: (10) modsingle[authorize]: returned from digest (rlm_digest) Fri Sep 25 21:37:13 2020 : Debug: (10) [digest] = noop Fri Sep 25 21:37:13 2020 : Debug: (10) modsingle[authorize]: calling suffix (rlm_realm) Fri Sep 25 21:37:13 2020 : Debug: (10) suffix: Checking for suffix after "@" Fri Sep 25 21:37:13 2020 : Debug: (10) suffix: No '@' in User-Name = "user01", looking up realm NULL Fri Sep 25 21:37:13 2020 : Debug: (10) suffix: No such realm "NULL" Fri Sep 25 21:37:13 2020 : Debug: (10) modsingle[authorize]: returned from suffix (rlm_realm) Fri Sep 25 21:37:13 2020 : Debug: (10) [suffix] = noop Fri Sep 25 21:37:13 2020 : Debug: (10) modsingle[authorize]: calling eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (10) eap: Peer sent EAP Response (code 2) ID 3 length 6 Fri Sep 25 21:37:13 2020 : Debug: (10) eap: Continuing tunnel setup Fri Sep 25 21:37:13 2020 : Debug: (10) modsingle[authorize]: returned from eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (10) [eap] = ok Fri Sep 25 21:37:13 2020 : Debug: (10) } # authorize = ok Fri Sep 25 21:37:13 2020 : Debug: (10) Found Auth-Type = eap Fri Sep 25 21:37:13 2020 : Debug: (10) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (10) authenticate { Fri Sep 25 21:37:13 2020 : Debug: (10) modsingle[authenticate]: calling eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (10) eap: Expiring EAP session with state 0x3a8fd5ca3b8cccab Fri Sep 25 21:37:13 2020 : Debug: (10) eap: Finished EAP session with state 0x3a8fd5ca3b8cccab Fri Sep 25 21:37:13 2020 : Debug: (10) eap: Previous EAP request found for state 0x3a8fd5ca3b8cccab, released from the list Fri Sep 25 21:37:13 2020 : Debug: (10) eap: Peer sent packet with method EAP PEAP (25) Fri Sep 25 21:37:13 2020 : Debug: (10) eap: Calling submodule eap_peap to process data Fri Sep 25 21:37:13 2020 : Debug: (10) eap_peap: Continuing EAP-TLS Fri Sep 25 21:37:13 2020 : Debug: (10) eap_peap: Peer sent flags --- Fri Sep 25 21:37:13 2020 : Debug: (10) eap_peap: Peer ACKed our handshake fragment Fri Sep 25 21:37:13 2020 : Debug: (10) eap_peap: [eaptls verify] = request Fri Sep 25 21:37:13 2020 : Debug: (10) eap_peap: [eaptls process] = handled Fri Sep 25 21:37:13 2020 : Debug: (10) eap: Sending EAP Request (code 1) ID 4 length 536 Fri Sep 25 21:37:13 2020 : Debug: (10) eap: EAP session adding &reply:State = 0x3a8fd5ca388bccab Fri Sep 25 21:37:13 2020 : Debug: (10) modsingle[authenticate]: returned from eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (10) [eap] = handled Fri Sep 25 21:37:13 2020 : Debug: (10) } # authenticate = handled Fri Sep 25 21:37:13 2020 : Debug: (10) Using Post-Auth-Type Challenge Fri Sep 25 21:37:13 2020 : Debug: (10) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (10) Challenge { ... } # empty sub-section is ignored Fri Sep 25 21:37:13 2020 : Debug: (10) session-state: Nothing to cache Fri Sep 25 21:37:13 2020 : Debug: (10) Sent Access-Challenge Id 141 from 192.168.255.20:1812 to 192.168.255.102:33392 length 0 Fri Sep 25 21:37:13 2020 : Debug: (10) EAP-Message = 0x01040218190003130f416e794c696e6b20526f6f74204341310b3009060355040613024b52310e300c0603550408130553656f756c3110300e06035504071307536f6e672d506131123010060355040a1309456e74726f4c696e6b3110300e060355040b13076e6574776f726b3122302006092a864886f70d010901161361646d696e40656e74726f6c696e6b2e636f6d82090088b8fc303a9f41d7300c0603551d13040530030101ff300d06092a864886f70d010105050003818100627e032a017052540d031d779903c322359dda7d8126f703ddadcb3e67e1554d9da6d924aef903309f68c308a6bcf1314201ac6c4f04ba662e712e7a295bb46d67fcd45350bdebe532e40c0b65417725ba51b9d458df9902eb192615a213d50a8ced9a0725391b801ff9b1e58c2fba9dbd11be1c6836bd41140aa2272aea938716030300cd0c0000c90300174104a5f37111ee050b08dbc6b73a2a06a4d35742f94721f1820e86893c7147fb134514bc53adf4994db1631cdb74 Fri Sep 25 21:37:13 2020 : Debug: (10) Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:13 2020 : Debug: (10) State = 0x3a8fd5ca388bccab834f6c6baaa88a53 Fri Sep 25 21:37:13 2020 : Debug: (10) Finished request Fri Sep 25 21:37:13 2020 : Debug: Waking up in 3.1 seconds. Fri Sep 25 21:37:13 2020 : Debug: (11) Received Access-Request Id 142 from 192.168.255.102:33392 to 192.168.255.20:1812 length 302 Fri Sep 25 21:37:13 2020 : Debug: (11) User-Name = "user01" Fri Sep 25 21:37:13 2020 : Debug: (11) NAS-IP-Address = 192.168.255.102 Fri Sep 25 21:37:13 2020 : Debug: (11) NAS-Identifier = "hello" Fri Sep 25 21:37:13 2020 : Debug: (11) NAS-Port = 0 Fri Sep 25 21:37:13 2020 : Debug: (11) Called-Station-Id = "C4-3D-C7-96-EE-23:eduroam" Fri Sep 25 21:37:13 2020 : Debug: (11) Calling-Station-Id = "F4-5C-89-9C-54-49" Fri Sep 25 21:37:13 2020 : Debug: (11) Framed-MTU = 1400 Fri Sep 25 21:37:13 2020 : Debug: (11) NAS-Port-Type = Wireless-802.11 Fri Sep 25 21:37:13 2020 : Debug: (11) Connect-Info = "CONNECT 0Mbps 802.11g" Fri Sep 25 21:37:13 2020 : Debug: (11) EAP-Message = 0x0204008819800000007e1603030046100000424104b8b37fc4226d26301f13c5a703191c59a08848f032ac2659850ea5d94ff667ca9b321bd93c506ae2509dc6261916882588587cfd631034879c94fd29c204b0811403030001011603030028000000000000000081beb1f5490b189d97101d47d9a90e03c88bea1e08fb512d415de4faac19d096 Fri Sep 25 21:37:13 2020 : Debug: (11) State = 0x3a8fd5ca388bccab834f6c6baaa88a53 Fri Sep 25 21:37:13 2020 : Debug: (11) Message-Authenticator = 0x3c65949de4e0ebe8227bbd7de001961a Fri Sep 25 21:37:13 2020 : Debug: (11) session-state: No cached attributes Fri Sep 25 21:37:13 2020 : Debug: (11) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (11) authorize { Fri Sep 25 21:37:13 2020 : Debug: (11) policy filter_username { Fri Sep 25 21:37:13 2020 : Debug: (11) if (&User-Name) { Fri Sep 25 21:37:13 2020 : Debug: (11) if (&User-Name) -> TRUE Fri Sep 25 21:37:13 2020 : Debug: (11) if (&User-Name) { Fri Sep 25 21:37:13 2020 : Debug: (11) if (&User-Name =~ / /) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (11) if (&User-Name =~ / /) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (11) if (&User-Name =~ /@[^@]*@/ ) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (11) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (11) if (&User-Name =~ /\.\./ ) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (11) if (&User-Name =~ /\.\./ ) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (11) if (&User-Name =~ /\.$/) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (11) if (&User-Name =~ /\.$/) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (11) if (&User-Name =~ /@\./) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (11) if (&User-Name =~ /@\./) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (11) } # if (&User-Name) = notfound Fri Sep 25 21:37:13 2020 : Debug: (11) } # policy filter_username = notfound Fri Sep 25 21:37:13 2020 : Debug: (11) modsingle[authorize]: calling preprocess (rlm_preprocess) Fri Sep 25 21:37:13 2020 : Debug: (11) modsingle[authorize]: returned from preprocess (rlm_preprocess) Fri Sep 25 21:37:13 2020 : Debug: (11) [preprocess] = ok Fri Sep 25 21:37:13 2020 : Debug: (11) modsingle[authorize]: calling chap (rlm_chap) Fri Sep 25 21:37:13 2020 : Debug: (11) modsingle[authorize]: returned from chap (rlm_chap) Fri Sep 25 21:37:13 2020 : Debug: (11) [chap] = noop Fri Sep 25 21:37:13 2020 : Debug: (11) modsingle[authorize]: calling mschap (rlm_mschap) Fri Sep 25 21:37:13 2020 : Debug: (11) modsingle[authorize]: returned from mschap (rlm_mschap) Fri Sep 25 21:37:13 2020 : Debug: (11) [mschap] = noop Fri Sep 25 21:37:13 2020 : Debug: (11) modsingle[authorize]: calling digest (rlm_digest) Fri Sep 25 21:37:13 2020 : Debug: (11) modsingle[authorize]: returned from digest (rlm_digest) Fri Sep 25 21:37:13 2020 : Debug: (11) [digest] = noop Fri Sep 25 21:37:13 2020 : Debug: (11) modsingle[authorize]: calling suffix (rlm_realm) Fri Sep 25 21:37:13 2020 : Debug: (11) suffix: Checking for suffix after "@" Fri Sep 25 21:37:13 2020 : Debug: (11) suffix: No '@' in User-Name = "user01", looking up realm NULL Fri Sep 25 21:37:13 2020 : Debug: (11) suffix: No such realm "NULL" Fri Sep 25 21:37:13 2020 : Debug: (11) modsingle[authorize]: returned from suffix (rlm_realm) Fri Sep 25 21:37:13 2020 : Debug: (11) [suffix] = noop Fri Sep 25 21:37:13 2020 : Debug: (11) modsingle[authorize]: calling eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (11) eap: Peer sent EAP Response (code 2) ID 4 length 136 Fri Sep 25 21:37:13 2020 : Debug: (11) eap: Continuing tunnel setup Fri Sep 25 21:37:13 2020 : Debug: (11) modsingle[authorize]: returned from eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (11) [eap] = ok Fri Sep 25 21:37:13 2020 : Debug: (11) } # authorize = ok Fri Sep 25 21:37:13 2020 : Debug: (11) Found Auth-Type = eap Fri Sep 25 21:37:13 2020 : Debug: (11) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (11) authenticate { Fri Sep 25 21:37:13 2020 : Debug: (11) modsingle[authenticate]: calling eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (11) eap: Expiring EAP session with state 0x3a8fd5ca388bccab Fri Sep 25 21:37:13 2020 : Debug: (11) eap: Finished EAP session with state 0x3a8fd5ca388bccab Fri Sep 25 21:37:13 2020 : Debug: (11) eap: Previous EAP request found for state 0x3a8fd5ca388bccab, released from the list Fri Sep 25 21:37:13 2020 : Debug: (11) eap: Peer sent packet with method EAP PEAP (25) Fri Sep 25 21:37:13 2020 : Debug: (11) eap: Calling submodule eap_peap to process data Fri Sep 25 21:37:13 2020 : Debug: (11) eap_peap: Continuing EAP-TLS Fri Sep 25 21:37:13 2020 : Debug: (11) eap_peap: Peer sent flags --L Fri Sep 25 21:37:13 2020 : Debug: (11) eap_peap: Peer indicated complete TLS record size will be 126 bytes Fri Sep 25 21:37:13 2020 : Debug: (11) eap_peap: Got complete TLS record (126 bytes) Fri Sep 25 21:37:13 2020 : Debug: (11) eap_peap: [eaptls verify] = length included Fri Sep 25 21:37:13 2020 : Debug: (11) eap_peap: <<< recv TLS 1.2 [length 0046] Fri Sep 25 21:37:13 2020 : Debug: (11) eap_peap: TLS_accept: SSLv3 read client key exchange A Fri Sep 25 21:37:13 2020 : Debug: (11) eap_peap: <<< recv TLS 1.2 [length 0001] Fri Sep 25 21:37:13 2020 : Debug: (11) eap_peap: <<< recv TLS 1.2 [length 0010] Fri Sep 25 21:37:13 2020 : Debug: (11) eap_peap: TLS_accept: SSLv3 read finished A Fri Sep 25 21:37:13 2020 : Debug: (11) eap_peap: >>> send TLS 1.2 [length 0001] Fri Sep 25 21:37:13 2020 : Debug: (11) eap_peap: TLS_accept: SSLv3 write change cipher spec A Fri Sep 25 21:37:13 2020 : Debug: (11) eap_peap: >>> send TLS 1.2 [length 0010] Fri Sep 25 21:37:13 2020 : Debug: (11) eap_peap: TLS_accept: SSLv3 write finished A Fri Sep 25 21:37:13 2020 : Debug: (11) eap_peap: TLS_accept: SSLv3 flush data Fri Sep 25 21:37:13 2020 : Debug: (11) eap_peap: (other): SSL negotiation finished successfully Fri Sep 25 21:37:13 2020 : Debug: (11) eap_peap: TLS - Connection Established Fri Sep 25 21:37:13 2020 : Debug: (11) eap_peap: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" Fri Sep 25 21:37:13 2020 : Debug: (11) eap_peap: TLS-Session-Version = "TLS 1.2" Fri Sep 25 21:37:13 2020 : Debug: (11) eap_peap: TLS - got 51 bytes of data Fri Sep 25 21:37:13 2020 : Debug: (11) eap_peap: [eaptls process] = handled Fri Sep 25 21:37:13 2020 : Debug: (11) eap: Sending EAP Request (code 1) ID 5 length 57 Fri Sep 25 21:37:13 2020 : Debug: (11) eap: EAP session adding &reply:State = 0x3a8fd5ca398accab Fri Sep 25 21:37:13 2020 : Debug: (11) modsingle[authenticate]: returned from eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (11) [eap] = handled Fri Sep 25 21:37:13 2020 : Debug: (11) } # authenticate = handled Fri Sep 25 21:37:13 2020 : Debug: (11) Using Post-Auth-Type Challenge Fri Sep 25 21:37:13 2020 : Debug: (11) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (11) Challenge { ... } # empty sub-section is ignored Fri Sep 25 21:37:13 2020 : Debug: (11) session-state: Saving cached attributes Fri Sep 25 21:37:13 2020 : Debug: (11) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" Fri Sep 25 21:37:13 2020 : Debug: (11) TLS-Session-Version = "TLS 1.2" Fri Sep 25 21:37:13 2020 : Debug: (11) Sent Access-Challenge Id 142 from 192.168.255.20:1812 to 192.168.255.102:33392 length 0 Fri Sep 25 21:37:13 2020 : Debug: (11) EAP-Message = 0x0105003919001403030001011603030028ad362d7350e43c3b77b1833ced1d27391fa87d7f21c08b4c9d776929e6735e67b88398eac9880dd3 Fri Sep 25 21:37:13 2020 : Debug: (11) Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:13 2020 : Debug: (11) State = 0x3a8fd5ca398accab834f6c6baaa88a53 Fri Sep 25 21:37:13 2020 : Debug: (11) Finished request Fri Sep 25 21:37:13 2020 : Debug: Waking up in 3.1 seconds. Fri Sep 25 21:37:13 2020 : Debug: (12) Received Access-Request Id 143 from 192.168.255.102:33392 to 192.168.255.20:1812 length 172 Fri Sep 25 21:37:13 2020 : Debug: (12) User-Name = "user01" Fri Sep 25 21:37:13 2020 : Debug: (12) NAS-IP-Address = 192.168.255.102 Fri Sep 25 21:37:13 2020 : Debug: (12) NAS-Identifier = "hello" Fri Sep 25 21:37:13 2020 : Debug: (12) NAS-Port = 0 Fri Sep 25 21:37:13 2020 : Debug: (12) Called-Station-Id = "C4-3D-C7-96-EE-23:eduroam" Fri Sep 25 21:37:13 2020 : Debug: (12) Calling-Station-Id = "F4-5C-89-9C-54-49" Fri Sep 25 21:37:13 2020 : Debug: (12) Framed-MTU = 1400 Fri Sep 25 21:37:13 2020 : Debug: (12) NAS-Port-Type = Wireless-802.11 Fri Sep 25 21:37:13 2020 : Debug: (12) Connect-Info = "CONNECT 0Mbps 802.11g" Fri Sep 25 21:37:13 2020 : Debug: (12) EAP-Message = 0x020500061900 Fri Sep 25 21:37:13 2020 : Debug: (12) State = 0x3a8fd5ca398accab834f6c6baaa88a53 Fri Sep 25 21:37:13 2020 : Debug: (12) Message-Authenticator = 0x869c8d9a387073f926961eecee3085bf Fri Sep 25 21:37:13 2020 : Debug: (12) Restoring &session-state Fri Sep 25 21:37:13 2020 : Debug: (12) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" Fri Sep 25 21:37:13 2020 : Debug: (12) &session-state:TLS-Session-Version = "TLS 1.2" Fri Sep 25 21:37:13 2020 : Debug: (12) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (12) authorize { Fri Sep 25 21:37:13 2020 : Debug: (12) policy filter_username { Fri Sep 25 21:37:13 2020 : Debug: (12) if (&User-Name) { Fri Sep 25 21:37:13 2020 : Debug: (12) if (&User-Name) -> TRUE Fri Sep 25 21:37:13 2020 : Debug: (12) if (&User-Name) { Fri Sep 25 21:37:13 2020 : Debug: (12) if (&User-Name =~ / /) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (12) if (&User-Name =~ / /) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (12) if (&User-Name =~ /@[^@]*@/ ) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (12) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (12) if (&User-Name =~ /\.\./ ) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (12) if (&User-Name =~ /\.\./ ) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (12) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (12) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (12) if (&User-Name =~ /\.$/) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (12) if (&User-Name =~ /\.$/) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (12) if (&User-Name =~ /@\./) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (12) if (&User-Name =~ /@\./) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (12) } # if (&User-Name) = notfound Fri Sep 25 21:37:13 2020 : Debug: (12) } # policy filter_username = notfound Fri Sep 25 21:37:13 2020 : Debug: (12) modsingle[authorize]: calling preprocess (rlm_preprocess) Fri Sep 25 21:37:13 2020 : Debug: (12) modsingle[authorize]: returned from preprocess (rlm_preprocess) Fri Sep 25 21:37:13 2020 : Debug: (12) [preprocess] = ok Fri Sep 25 21:37:13 2020 : Debug: (12) modsingle[authorize]: calling chap (rlm_chap) Fri Sep 25 21:37:13 2020 : Debug: (12) modsingle[authorize]: returned from chap (rlm_chap) Fri Sep 25 21:37:13 2020 : Debug: (12) [chap] = noop Fri Sep 25 21:37:13 2020 : Debug: (12) modsingle[authorize]: calling mschap (rlm_mschap) Fri Sep 25 21:37:13 2020 : Debug: (12) modsingle[authorize]: returned from mschap (rlm_mschap) Fri Sep 25 21:37:13 2020 : Debug: (12) [mschap] = noop Fri Sep 25 21:37:13 2020 : Debug: (12) modsingle[authorize]: calling digest (rlm_digest) Fri Sep 25 21:37:13 2020 : Debug: (12) modsingle[authorize]: returned from digest (rlm_digest) Fri Sep 25 21:37:13 2020 : Debug: (12) [digest] = noop Fri Sep 25 21:37:13 2020 : Debug: (12) modsingle[authorize]: calling suffix (rlm_realm) Fri Sep 25 21:37:13 2020 : Debug: (12) suffix: Checking for suffix after "@" Fri Sep 25 21:37:13 2020 : Debug: (12) suffix: No '@' in User-Name = "user01", looking up realm NULL Fri Sep 25 21:37:13 2020 : Debug: (12) suffix: No such realm "NULL" Fri Sep 25 21:37:13 2020 : Debug: (12) modsingle[authorize]: returned from suffix (rlm_realm) Fri Sep 25 21:37:13 2020 : Debug: (12) [suffix] = noop Fri Sep 25 21:37:13 2020 : Debug: (12) modsingle[authorize]: calling eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (12) eap: Peer sent EAP Response (code 2) ID 5 length 6 Fri Sep 25 21:37:13 2020 : Debug: (12) eap: Continuing tunnel setup Fri Sep 25 21:37:13 2020 : Debug: (12) modsingle[authorize]: returned from eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (12) [eap] = ok Fri Sep 25 21:37:13 2020 : Debug: (12) } # authorize = ok Fri Sep 25 21:37:13 2020 : Debug: (12) Found Auth-Type = eap Fri Sep 25 21:37:13 2020 : Debug: (12) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (12) authenticate { Fri Sep 25 21:37:13 2020 : Debug: (12) modsingle[authenticate]: calling eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (12) eap: Expiring EAP session with state 0x3a8fd5ca398accab Fri Sep 25 21:37:13 2020 : Debug: (12) eap: Finished EAP session with state 0x3a8fd5ca398accab Fri Sep 25 21:37:13 2020 : Debug: (12) eap: Previous EAP request found for state 0x3a8fd5ca398accab, released from the list Fri Sep 25 21:37:13 2020 : Debug: (12) eap: Peer sent packet with method EAP PEAP (25) Fri Sep 25 21:37:13 2020 : Debug: (12) eap: Calling submodule eap_peap to process data Fri Sep 25 21:37:13 2020 : Debug: (12) eap_peap: Continuing EAP-TLS Fri Sep 25 21:37:13 2020 : Debug: (12) eap_peap: Peer sent flags --- Fri Sep 25 21:37:13 2020 : Debug: (12) eap_peap: Peer ACKed our handshake fragment. handshake is finished Fri Sep 25 21:37:13 2020 : Debug: (12) eap_peap: [eaptls verify] = success Fri Sep 25 21:37:13 2020 : Debug: (12) eap_peap: [eaptls process] = success Fri Sep 25 21:37:13 2020 : Debug: (12) eap_peap: Session established. Decoding tunneled attributes Fri Sep 25 21:37:13 2020 : Debug: (12) eap_peap: PEAP state TUNNEL ESTABLISHED Fri Sep 25 21:37:13 2020 : Debug: (12) eap: Sending EAP Request (code 1) ID 6 length 40 Fri Sep 25 21:37:13 2020 : Debug: (12) eap: EAP session adding &reply:State = 0x3a8fd5ca3e89ccab Fri Sep 25 21:37:13 2020 : Debug: (12) modsingle[authenticate]: returned from eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (12) [eap] = handled Fri Sep 25 21:37:13 2020 : Debug: (12) } # authenticate = handled Fri Sep 25 21:37:13 2020 : Debug: (12) Using Post-Auth-Type Challenge Fri Sep 25 21:37:13 2020 : Debug: (12) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (12) Challenge { ... } # empty sub-section is ignored Fri Sep 25 21:37:13 2020 : Debug: (12) session-state: Saving cached attributes Fri Sep 25 21:37:13 2020 : Debug: (12) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" Fri Sep 25 21:37:13 2020 : Debug: (12) TLS-Session-Version = "TLS 1.2" Fri Sep 25 21:37:13 2020 : Debug: (12) Sent Access-Challenge Id 143 from 192.168.255.20:1812 to 192.168.255.102:33392 length 0 Fri Sep 25 21:37:13 2020 : Debug: (12) EAP-Message = 0x010600281900170303001dad362d7350e43c3c6b1901320d365d0e51d164c189eeb7159f8bc1463a Fri Sep 25 21:37:13 2020 : Debug: (12) Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:13 2020 : Debug: (12) State = 0x3a8fd5ca3e89ccab834f6c6baaa88a53 Fri Sep 25 21:37:13 2020 : Debug: (12) Finished request Fri Sep 25 21:37:13 2020 : Debug: Waking up in 3.0 seconds. Fri Sep 25 21:37:13 2020 : Debug: (13) Received Access-Request Id 144 from 192.168.255.102:33392 to 192.168.255.20:1812 length 208 Fri Sep 25 21:37:13 2020 : Debug: (13) User-Name = "user01" Fri Sep 25 21:37:13 2020 : Debug: (13) NAS-IP-Address = 192.168.255.102 Fri Sep 25 21:37:13 2020 : Debug: (13) NAS-Identifier = "hello" Fri Sep 25 21:37:13 2020 : Debug: (13) NAS-Port = 0 Fri Sep 25 21:37:13 2020 : Debug: (13) Called-Station-Id = "C4-3D-C7-96-EE-23:eduroam" Fri Sep 25 21:37:13 2020 : Debug: (13) Calling-Station-Id = "F4-5C-89-9C-54-49" Fri Sep 25 21:37:13 2020 : Debug: (13) Framed-MTU = 1400 Fri Sep 25 21:37:13 2020 : Debug: (13) NAS-Port-Type = Wireless-802.11 Fri Sep 25 21:37:13 2020 : Debug: (13) Connect-Info = "CONNECT 0Mbps 802.11g" Fri Sep 25 21:37:13 2020 : Debug: (13) EAP-Message = 0x0206002a1900170303001f0000000000000001a1eeb833d7b43e9867c1c3575ce1c29d4db34a786ae5c8 Fri Sep 25 21:37:13 2020 : Debug: (13) State = 0x3a8fd5ca3e89ccab834f6c6baaa88a53 Fri Sep 25 21:37:13 2020 : Debug: (13) Message-Authenticator = 0x5fe565a7ed91c2a4c2257e59b53239d2 Fri Sep 25 21:37:13 2020 : Debug: (13) Restoring &session-state Fri Sep 25 21:37:13 2020 : Debug: (13) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" Fri Sep 25 21:37:13 2020 : Debug: (13) &session-state:TLS-Session-Version = "TLS 1.2" Fri Sep 25 21:37:13 2020 : Debug: (13) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (13) authorize { Fri Sep 25 21:37:13 2020 : Debug: (13) policy filter_username { Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name) { Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name) -> TRUE Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name) { Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name =~ / /) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name =~ / /) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name =~ /@[^@]*@/ ) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name =~ /\.\./ ) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name =~ /\.\./ ) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (13) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (13) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name =~ /\.$/) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name =~ /\.$/) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name =~ /@\./) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name =~ /@\./) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (13) } # if (&User-Name) = notfound Fri Sep 25 21:37:13 2020 : Debug: (13) } # policy filter_username = notfound Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authorize]: calling preprocess (rlm_preprocess) Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authorize]: returned from preprocess (rlm_preprocess) Fri Sep 25 21:37:13 2020 : Debug: (13) [preprocess] = ok Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authorize]: calling chap (rlm_chap) Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authorize]: returned from chap (rlm_chap) Fri Sep 25 21:37:13 2020 : Debug: (13) [chap] = noop Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authorize]: calling mschap (rlm_mschap) Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authorize]: returned from mschap (rlm_mschap) Fri Sep 25 21:37:13 2020 : Debug: (13) [mschap] = noop Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authorize]: calling digest (rlm_digest) Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authorize]: returned from digest (rlm_digest) Fri Sep 25 21:37:13 2020 : Debug: (13) [digest] = noop Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authorize]: calling suffix (rlm_realm) Fri Sep 25 21:37:13 2020 : Debug: (13) suffix: Checking for suffix after "@" Fri Sep 25 21:37:13 2020 : Debug: (13) suffix: No '@' in User-Name = "user01", looking up realm NULL Fri Sep 25 21:37:13 2020 : Debug: (13) suffix: No such realm "NULL" Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authorize]: returned from suffix (rlm_realm) Fri Sep 25 21:37:13 2020 : Debug: (13) [suffix] = noop Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authorize]: calling eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (13) eap: Peer sent EAP Response (code 2) ID 6 length 42 Fri Sep 25 21:37:13 2020 : Debug: (13) eap: Continuing tunnel setup Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authorize]: returned from eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (13) [eap] = ok Fri Sep 25 21:37:13 2020 : Debug: (13) } # authorize = ok Fri Sep 25 21:37:13 2020 : Debug: (13) Found Auth-Type = eap Fri Sep 25 21:37:13 2020 : Debug: (13) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (13) authenticate { Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authenticate]: calling eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (13) eap: Expiring EAP session with state 0x3a8fd5ca3e89ccab Fri Sep 25 21:37:13 2020 : Debug: (13) eap: Finished EAP session with state 0x3a8fd5ca3e89ccab Fri Sep 25 21:37:13 2020 : Debug: (13) eap: Previous EAP request found for state 0x3a8fd5ca3e89ccab, released from the list Fri Sep 25 21:37:13 2020 : Debug: (13) eap: Peer sent packet with method EAP PEAP (25) Fri Sep 25 21:37:13 2020 : Debug: (13) eap: Calling submodule eap_peap to process data Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: Continuing EAP-TLS Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: Peer sent flags --- Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: [eaptls verify] = ok Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: Done initial handshake Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: [eaptls process] = ok Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: Session established. Decoding tunneled attributes Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: PEAP state WAITING FOR INNER IDENTITY Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: Identity - user01 Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: Got inner identity 'user01' Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: Setting default EAP type for tunneled EAP session Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: Got tunneled request Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: EAP-Message = 0x0206000b01757365723031 Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: Setting User-Name to user01 Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: Sending tunneled request to inner-tunnel Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: EAP-Message = 0x0206000b01757365723031 Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: User-Name = "user01" Fri Sep 25 21:37:13 2020 : Debug: (13) Virtual server inner-tunnel received request Fri Sep 25 21:37:13 2020 : Debug: (13) EAP-Message = 0x0206000b01757365723031 Fri Sep 25 21:37:13 2020 : Debug: (13) FreeRADIUS-Proxied-To = 127.0.0.1 Fri Sep 25 21:37:13 2020 : Debug: (13) User-Name = "user01" Fri Sep 25 21:37:13 2020 : WARNING: (13) Outer and inner identities are the same. User privacy is compromised. Fri Sep 25 21:37:13 2020 : Debug: (13) server inner-tunnel { Fri Sep 25 21:37:13 2020 : Debug: (13) session-state: No State attribute Fri Sep 25 21:37:13 2020 : Debug: (13) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Sep 25 21:37:13 2020 : Debug: (13) authorize { Fri Sep 25 21:37:13 2020 : Debug: (13) policy filter_username { Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name) { Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name) -> TRUE Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name) { Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name =~ / /) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name =~ / /) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name =~ /@[^@]*@/ ) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name =~ /\.\./ ) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name =~ /\.\./ ) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (13) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (13) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name =~ /\.$/) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name =~ /\.$/) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name =~ /@\./) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (13) if (&User-Name =~ /@\./) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (13) } # if (&User-Name) = notfound Fri Sep 25 21:37:13 2020 : Debug: (13) } # policy filter_username = notfound Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authorize]: calling chap (rlm_chap) Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authorize]: returned from chap (rlm_chap) Fri Sep 25 21:37:13 2020 : Debug: (13) [chap] = noop Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authorize]: calling mschap (rlm_mschap) Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authorize]: returned from mschap (rlm_mschap) Fri Sep 25 21:37:13 2020 : Debug: (13) [mschap] = noop Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authorize]: calling suffix (rlm_realm) Fri Sep 25 21:37:13 2020 : Debug: (13) suffix: Checking for suffix after "@" Fri Sep 25 21:37:13 2020 : Debug: (13) suffix: No '@' in User-Name = "user01", looking up realm NULL Fri Sep 25 21:37:13 2020 : Debug: (13) suffix: No such realm "NULL" Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authorize]: returned from suffix (rlm_realm) Fri Sep 25 21:37:13 2020 : Debug: (13) [suffix] = noop Fri Sep 25 21:37:13 2020 : Debug: (13) update control { Fri Sep 25 21:37:13 2020 : Debug: (13) &Proxy-To-Realm := LOCAL Fri Sep 25 21:37:13 2020 : Debug: (13) } # update control = noop Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authorize]: calling eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (13) eap: Peer sent EAP Response (code 2) ID 6 length 11 Fri Sep 25 21:37:13 2020 : Debug: (13) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authorize]: returned from eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (13) [eap] = ok Fri Sep 25 21:37:13 2020 : Debug: (13) } # authorize = ok Fri Sep 25 21:37:13 2020 : Debug: (13) Found Auth-Type = eap Fri Sep 25 21:37:13 2020 : Debug: (13) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Sep 25 21:37:13 2020 : Debug: (13) authenticate { Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authenticate]: calling eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (13) eap: Peer sent packet with method EAP Identity (1) Fri Sep 25 21:37:13 2020 : Debug: (13) eap: Calling submodule eap_mschapv2 to process data Fri Sep 25 21:37:13 2020 : Debug: (13) eap_mschapv2: Issuing Challenge Fri Sep 25 21:37:13 2020 : Debug: (13) eap: Sending EAP Request (code 1) ID 7 length 43 Fri Sep 25 21:37:13 2020 : Debug: (13) eap: EAP session adding &reply:State = 0x31e4126b31e30842 Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authenticate]: returned from eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (13) [eap] = handled Fri Sep 25 21:37:13 2020 : Debug: (13) } # authenticate = handled Fri Sep 25 21:37:13 2020 : Debug: (13) } # server inner-tunnel Fri Sep 25 21:37:13 2020 : Debug: (13) Virtual server sending reply Fri Sep 25 21:37:13 2020 : Debug: (13) EAP-Message = 0x0107002b1a01070026103227b64513557fd3b55b444058947bca667265657261646975732d332e302e3231 Fri Sep 25 21:37:13 2020 : Debug: (13) Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:13 2020 : Debug: (13) State = 0x31e4126b31e3084296ae881f9394c1f5 Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: Got tunneled reply code 11 Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: EAP-Message = 0x0107002b1a01070026103227b64513557fd3b55b444058947bca667265657261646975732d332e302e3231 Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: State = 0x31e4126b31e3084296ae881f9394c1f5 Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: Got tunneled reply RADIUS code 11 Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: EAP-Message = 0x0107002b1a01070026103227b64513557fd3b55b444058947bca667265657261646975732d332e302e3231 Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: State = 0x31e4126b31e3084296ae881f9394c1f5 Fri Sep 25 21:37:13 2020 : Debug: (13) eap_peap: Got tunneled Access-Challenge Fri Sep 25 21:37:13 2020 : Debug: (13) eap: Sending EAP Request (code 1) ID 7 length 74 Fri Sep 25 21:37:13 2020 : Debug: (13) eap: EAP session adding &reply:State = 0x3a8fd5ca3f88ccab Fri Sep 25 21:37:13 2020 : Debug: (13) modsingle[authenticate]: returned from eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (13) [eap] = handled Fri Sep 25 21:37:13 2020 : Debug: (13) } # authenticate = handled Fri Sep 25 21:37:13 2020 : Debug: (13) Using Post-Auth-Type Challenge Fri Sep 25 21:37:13 2020 : Debug: (13) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (13) Challenge { ... } # empty sub-section is ignored Fri Sep 25 21:37:13 2020 : Debug: (13) session-state: Saving cached attributes Fri Sep 25 21:37:13 2020 : Debug: (13) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" Fri Sep 25 21:37:13 2020 : Debug: (13) TLS-Session-Version = "TLS 1.2" Fri Sep 25 21:37:13 2020 : Debug: (13) Sent Access-Challenge Id 144 from 192.168.255.20:1812 to 192.168.255.102:33392 length 0 Fri Sep 25 21:37:13 2020 : Debug: (13) EAP-Message = 0x0107004a1900170303003fad362d7350e43c3da45416dac6637fbd8115b413addc37022b57bff941f7db71a61d3e5131cafe59302a0fbc6dc521c3edf1affcc327f038f365f73e6f0abe Fri Sep 25 21:37:13 2020 : Debug: (13) Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:13 2020 : Debug: (13) State = 0x3a8fd5ca3f88ccab834f6c6baaa88a53 Fri Sep 25 21:37:13 2020 : Debug: (13) Finished request Fri Sep 25 21:37:13 2020 : Debug: Waking up in 3.0 seconds. Fri Sep 25 21:37:13 2020 : Debug: (14) Received Access-Request Id 145 from 192.168.255.102:33392 to 192.168.255.20:1812 length 262 Fri Sep 25 21:37:13 2020 : Debug: (14) User-Name = "user01" Fri Sep 25 21:37:13 2020 : Debug: (14) NAS-IP-Address = 192.168.255.102 Fri Sep 25 21:37:13 2020 : Debug: (14) NAS-Identifier = "hello" Fri Sep 25 21:37:13 2020 : Debug: (14) NAS-Port = 0 Fri Sep 25 21:37:13 2020 : Debug: (14) Called-Station-Id = "C4-3D-C7-96-EE-23:eduroam" Fri Sep 25 21:37:13 2020 : Debug: (14) Calling-Station-Id = "F4-5C-89-9C-54-49" Fri Sep 25 21:37:13 2020 : Debug: (14) Framed-MTU = 1400 Fri Sep 25 21:37:13 2020 : Debug: (14) NAS-Port-Type = Wireless-802.11 Fri Sep 25 21:37:13 2020 : Debug: (14) Connect-Info = "CONNECT 0Mbps 802.11g" Fri Sep 25 21:37:13 2020 : Debug: (14) EAP-Message = 0x0207006019001703030055000000000000000283a3d18abc084d3c52c30db66b132a27ad39a665fc2f75dc3b78c5a7339a4d3d1d7eab076f5825884f86e6f5ed38bc03026de390fda8450c9b8a731787d14c13048fb6150146e9e4ece6f2b341 Fri Sep 25 21:37:13 2020 : Debug: (14) State = 0x3a8fd5ca3f88ccab834f6c6baaa88a53 Fri Sep 25 21:37:13 2020 : Debug: (14) Message-Authenticator = 0x50b13c62c9048c3a4e0604633007215f Fri Sep 25 21:37:13 2020 : Debug: (14) Restoring &session-state Fri Sep 25 21:37:13 2020 : Debug: (14) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" Fri Sep 25 21:37:13 2020 : Debug: (14) &session-state:TLS-Session-Version = "TLS 1.2" Fri Sep 25 21:37:13 2020 : Debug: (14) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (14) authorize { Fri Sep 25 21:37:13 2020 : Debug: (14) policy filter_username { Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name) { Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name) -> TRUE Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name) { Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name =~ / /) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name =~ / /) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name =~ /@[^@]*@/ ) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name =~ /\.\./ ) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name =~ /\.\./ ) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (14) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (14) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name =~ /\.$/) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name =~ /\.$/) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name =~ /@\./) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name =~ /@\./) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (14) } # if (&User-Name) = notfound Fri Sep 25 21:37:13 2020 : Debug: (14) } # policy filter_username = notfound Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: calling preprocess (rlm_preprocess) Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: returned from preprocess (rlm_preprocess) Fri Sep 25 21:37:13 2020 : Debug: (14) [preprocess] = ok Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: calling chap (rlm_chap) Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: returned from chap (rlm_chap) Fri Sep 25 21:37:13 2020 : Debug: (14) [chap] = noop Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: calling mschap (rlm_mschap) Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: returned from mschap (rlm_mschap) Fri Sep 25 21:37:13 2020 : Debug: (14) [mschap] = noop Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: calling digest (rlm_digest) Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: returned from digest (rlm_digest) Fri Sep 25 21:37:13 2020 : Debug: (14) [digest] = noop Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: calling suffix (rlm_realm) Fri Sep 25 21:37:13 2020 : Debug: (14) suffix: Checking for suffix after "@" Fri Sep 25 21:37:13 2020 : Debug: (14) suffix: No '@' in User-Name = "user01", looking up realm NULL Fri Sep 25 21:37:13 2020 : Debug: (14) suffix: No such realm "NULL" Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: returned from suffix (rlm_realm) Fri Sep 25 21:37:13 2020 : Debug: (14) [suffix] = noop Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: calling eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (14) eap: Peer sent EAP Response (code 2) ID 7 length 96 Fri Sep 25 21:37:13 2020 : Debug: (14) eap: Continuing tunnel setup Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: returned from eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (14) [eap] = ok Fri Sep 25 21:37:13 2020 : Debug: (14) } # authorize = ok Fri Sep 25 21:37:13 2020 : Debug: (14) Found Auth-Type = eap Fri Sep 25 21:37:13 2020 : Debug: (14) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (14) authenticate { Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authenticate]: calling eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (14) eap: Expiring EAP session with state 0x31e4126b31e30842 Fri Sep 25 21:37:13 2020 : Debug: (14) eap: Finished EAP session with state 0x3a8fd5ca3f88ccab Fri Sep 25 21:37:13 2020 : Debug: (14) eap: Previous EAP request found for state 0x3a8fd5ca3f88ccab, released from the list Fri Sep 25 21:37:13 2020 : Debug: (14) eap: Peer sent packet with method EAP PEAP (25) Fri Sep 25 21:37:13 2020 : Debug: (14) eap: Calling submodule eap_peap to process data Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: Continuing EAP-TLS Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: Peer sent flags --- Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: [eaptls verify] = ok Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: Done initial handshake Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: [eaptls process] = ok Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: Session established. Decoding tunneled attributes Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: PEAP state phase2 Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: EAP method MSCHAPv2 (26) Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: Got tunneled request Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: EAP-Message = 0x020700411a0207003c31b393b5e778b497928ab57511520136780000000000000000221ac5b78e431bc4cb1168a364d9ad7bf922d9f61cafa6ab00757365723031 Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: Setting User-Name to user01 Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: Sending tunneled request to inner-tunnel Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: EAP-Message = 0x020700411a0207003c31b393b5e778b497928ab57511520136780000000000000000221ac5b78e431bc4cb1168a364d9ad7bf922d9f61cafa6ab00757365723031 Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: User-Name = "user01" Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: State = 0x31e4126b31e3084296ae881f9394c1f5 Fri Sep 25 21:37:13 2020 : Debug: (14) Virtual server inner-tunnel received request Fri Sep 25 21:37:13 2020 : Debug: (14) EAP-Message = 0x020700411a0207003c31b393b5e778b497928ab57511520136780000000000000000221ac5b78e431bc4cb1168a364d9ad7bf922d9f61cafa6ab00757365723031 Fri Sep 25 21:37:13 2020 : Debug: (14) FreeRADIUS-Proxied-To = 127.0.0.1 Fri Sep 25 21:37:13 2020 : Debug: (14) User-Name = "user01" Fri Sep 25 21:37:13 2020 : Debug: (14) State = 0x31e4126b31e3084296ae881f9394c1f5 Fri Sep 25 21:37:13 2020 : WARNING: (14) Outer and inner identities are the same. User privacy is compromised. Fri Sep 25 21:37:13 2020 : Debug: (14) server inner-tunnel { Fri Sep 25 21:37:13 2020 : Debug: (14) session-state: No cached attributes Fri Sep 25 21:37:13 2020 : Debug: (14) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Sep 25 21:37:13 2020 : Debug: (14) authorize { Fri Sep 25 21:37:13 2020 : Debug: (14) policy filter_username { Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name) { Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name) -> TRUE Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name) { Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name =~ / /) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name =~ / /) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name =~ /@[^@]*@/ ) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name =~ /\.\./ ) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name =~ /\.\./ ) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (14) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (14) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name =~ /\.$/) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name =~ /\.$/) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name =~ /@\./) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (14) if (&User-Name =~ /@\./) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (14) } # if (&User-Name) = notfound Fri Sep 25 21:37:13 2020 : Debug: (14) } # policy filter_username = notfound Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: calling chap (rlm_chap) Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: returned from chap (rlm_chap) Fri Sep 25 21:37:13 2020 : Debug: (14) [chap] = noop Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: calling mschap (rlm_mschap) Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: returned from mschap (rlm_mschap) Fri Sep 25 21:37:13 2020 : Debug: (14) [mschap] = noop Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: calling suffix (rlm_realm) Fri Sep 25 21:37:13 2020 : Debug: (14) suffix: Checking for suffix after "@" Fri Sep 25 21:37:13 2020 : Debug: (14) suffix: No '@' in User-Name = "user01", looking up realm NULL Fri Sep 25 21:37:13 2020 : Debug: (14) suffix: No such realm "NULL" Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: returned from suffix (rlm_realm) Fri Sep 25 21:37:13 2020 : Debug: (14) [suffix] = noop Fri Sep 25 21:37:13 2020 : Debug: (14) update control { Fri Sep 25 21:37:13 2020 : Debug: (14) &Proxy-To-Realm := LOCAL Fri Sep 25 21:37:13 2020 : Debug: (14) } # update control = noop Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: calling eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (14) eap: Peer sent EAP Response (code 2) ID 7 length 65 Fri Sep 25 21:37:13 2020 : Debug: (14) eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: returned from eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (14) [eap] = updated Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: calling files (rlm_files) Fri Sep 25 21:37:13 2020 : Debug: (14) files: users: Matched entry user01 at line 87 Fri Sep 25 21:37:13 2020 : Debug: (14) files: ::: FROM 1 TO 0 MAX 1 Fri Sep 25 21:37:13 2020 : Debug: (14) files: ::: Examining Reply-Message Fri Sep 25 21:37:13 2020 : Debug: Hello, %{User-Name} Fri Sep 25 21:37:13 2020 : Debug: Parsed xlat tree: Fri Sep 25 21:37:13 2020 : Debug: literal --> Hello, Fri Sep 25 21:37:13 2020 : Debug: attribute --> User-Name Fri Sep 25 21:37:13 2020 : Debug: (14) files: EXPAND Hello, %{User-Name} Fri Sep 25 21:37:13 2020 : Debug: (14) files: --> Hello, user01 Fri Sep 25 21:37:13 2020 : Debug: (14) files: ::: APPENDING Reply-Message FROM 0 TO 0 Fri Sep 25 21:37:13 2020 : Debug: (14) files: ::: TO in 0 out 0 Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: returned from files (rlm_files) Fri Sep 25 21:37:13 2020 : Debug: (14) [files] = ok Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: calling expiration (rlm_expiration) Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: returned from expiration (rlm_expiration) Fri Sep 25 21:37:13 2020 : Debug: (14) [expiration] = noop Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: calling logintime (rlm_logintime) Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: returned from logintime (rlm_logintime) Fri Sep 25 21:37:13 2020 : Debug: (14) [logintime] = noop Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: calling pap (rlm_pap) Fri Sep 25 21:37:13 2020 : WARNING: (14) pap: Auth-Type already set. Not setting to PAP Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authorize]: returned from pap (rlm_pap) Fri Sep 25 21:37:13 2020 : Debug: (14) [pap] = noop Fri Sep 25 21:37:13 2020 : Debug: (14) } # authorize = updated Fri Sep 25 21:37:13 2020 : Debug: (14) Found Auth-Type = eap Fri Sep 25 21:37:13 2020 : Debug: (14) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Sep 25 21:37:13 2020 : Debug: (14) authenticate { Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authenticate]: calling eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (14) eap: Expiring EAP session with state 0x31e4126b31e30842 Fri Sep 25 21:37:13 2020 : Debug: (14) eap: Finished EAP session with state 0x31e4126b31e30842 Fri Sep 25 21:37:13 2020 : Debug: (14) eap: Previous EAP request found for state 0x31e4126b31e30842, released from the list Fri Sep 25 21:37:13 2020 : Debug: (14) eap: Peer sent packet with method EAP MSCHAPv2 (26) Fri Sep 25 21:37:13 2020 : Debug: (14) eap: Calling submodule eap_mschapv2 to process data Fri Sep 25 21:37:13 2020 : Debug: (14) eap_mschapv2: # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Sep 25 21:37:13 2020 : Debug: (14) eap_mschapv2: authenticate { Fri Sep 25 21:37:13 2020 : Debug: (14) eap_mschapv2: modsingle[authenticate]: calling mschap (rlm_mschap) Fri Sep 25 21:37:13 2020 : Debug: (14) mschap: Found Cleartext-Password, hashing to create NT-Password Fri Sep 25 21:37:13 2020 : Debug: (14) mschap: Creating challenge hash with username: user01 Fri Sep 25 21:37:13 2020 : Debug: (14) mschap: Client is using MS-CHAPv2 Fri Sep 25 21:37:13 2020 : ERROR: (14) mschap: MS-CHAP2-Response is incorrect Fri Sep 25 21:37:13 2020 : Debug: (14) eap_mschapv2: modsingle[authenticate]: returned from mschap (rlm_mschap) Fri Sep 25 21:37:13 2020 : Debug: (14) eap_mschapv2: [mschap] = reject Fri Sep 25 21:37:13 2020 : Debug: (14) eap_mschapv2: } # authenticate = reject Fri Sep 25 21:37:13 2020 : Debug: (14) eap: Sending EAP Failure (code 4) ID 7 length 4 Fri Sep 25 21:37:13 2020 : Debug: (14) eap: Freeing handler Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authenticate]: returned from eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (14) [eap] = reject Fri Sep 25 21:37:13 2020 : Debug: (14) } # authenticate = reject Fri Sep 25 21:37:13 2020 : Debug: (14) Failed to authenticate the user Fri Sep 25 21:37:13 2020 : Debug: (14) Using Post-Auth-Type Reject Fri Sep 25 21:37:13 2020 : Debug: (14) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Sep 25 21:37:13 2020 : Debug: (14) Post-Auth-Type REJECT { Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[post-auth]: calling attr_filter.access_reject (rlm_attr_filter) Fri Sep 25 21:37:13 2020 : Debug: %{User-Name} Fri Sep 25 21:37:13 2020 : Debug: Parsed xlat tree: Fri Sep 25 21:37:13 2020 : Debug: attribute --> User-Name Fri Sep 25 21:37:13 2020 : Debug: (14) attr_filter.access_reject: EXPAND %{User-Name} Fri Sep 25 21:37:13 2020 : Debug: (14) attr_filter.access_reject: --> user01 Fri Sep 25 21:37:13 2020 : Debug: (14) attr_filter.access_reject: Matched entry DEFAULT at line 11 Fri Sep 25 21:37:13 2020 : Debug: (14) attr_filter.access_reject: Reply-Message = "Hello, user01" allowed by Reply-Message =* "" Fri Sep 25 21:37:13 2020 : Debug: (14) attr_filter.access_reject: Attribute "Reply-Message" allowed by 1 rules, disallowed by 0 rules Fri Sep 25 21:37:13 2020 : Debug: (14) attr_filter.access_reject: MS-CHAP-Error = "\007E=691 R=1 C=4f6ce659d5848121a4918ee9f9b2c93d V=3 M=Authentication rejected" allowed by MS-CHAP-Error =* "" Fri Sep 25 21:37:13 2020 : Debug: (14) attr_filter.access_reject: Attribute "MS-CHAP-Error" allowed by 1 rules, disallowed by 0 rules Fri Sep 25 21:37:13 2020 : Debug: (14) attr_filter.access_reject: EAP-Message = 0x04070004 allowed by EAP-Message =* 0x Fri Sep 25 21:37:13 2020 : Debug: (14) attr_filter.access_reject: Attribute "EAP-Message" allowed by 1 rules, disallowed by 0 rules Fri Sep 25 21:37:13 2020 : Debug: (14) attr_filter.access_reject: Message-Authenticator = 0x00000000000000000000000000000000 allowed by Message-Authenticator =* 0x Fri Sep 25 21:37:13 2020 : Debug: (14) attr_filter.access_reject: Attribute "Message-Authenticator" allowed by 1 rules, disallowed by 0 rules Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[post-auth]: returned from attr_filter.access_reject (rlm_attr_filter) Fri Sep 25 21:37:13 2020 : Debug: (14) [attr_filter.access_reject] = updated Fri Sep 25 21:37:13 2020 : Debug: (14) update outer.session-state { Fri Sep 25 21:37:13 2020 : Debug: (14) &Module-Failure-Message := &request:Module-Failure-Message -> 'mschap: MS-CHAP2-Response is incorrect' Fri Sep 25 21:37:13 2020 : Debug: (14) } # update outer.session-state = noop Fri Sep 25 21:37:13 2020 : Debug: (14) } # Post-Auth-Type REJECT = updated Fri Sep 25 21:37:13 2020 : Debug: (14) } # server inner-tunnel Fri Sep 25 21:37:13 2020 : Debug: (14) Virtual server sending reply Fri Sep 25 21:37:13 2020 : Debug: (14) Reply-Message = "Hello, user01" Fri Sep 25 21:37:13 2020 : Debug: (14) MS-CHAP-Error = "\007E=691 R=1 C=4f6ce659d5848121a4918ee9f9b2c93d V=3 M=Authentication rejected" Fri Sep 25 21:37:13 2020 : Debug: (14) EAP-Message = 0x04070004 Fri Sep 25 21:37:13 2020 : Debug: (14) Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: Got tunneled reply code 3 Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: Reply-Message = "Hello, user01" Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: MS-CHAP-Error = "\007E=691 R=1 C=4f6ce659d5848121a4918ee9f9b2c93d V=3 M=Authentication rejected" Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: EAP-Message = 0x04070004 Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: Got tunneled reply RADIUS code 3 Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: Reply-Message = "Hello, user01" Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: MS-CHAP-Error = "\007E=691 R=1 C=4f6ce659d5848121a4918ee9f9b2c93d V=3 M=Authentication rejected" Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: EAP-Message = 0x04070004 Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: Tunneled authentication was rejected Fri Sep 25 21:37:13 2020 : Debug: (14) eap_peap: FAILURE Fri Sep 25 21:37:13 2020 : Debug: (14) eap: Sending EAP Request (code 1) ID 8 length 46 Fri Sep 25 21:37:13 2020 : Debug: (14) eap: EAP session adding &reply:State = 0x3a8fd5ca3c87ccab Fri Sep 25 21:37:13 2020 : Debug: (14) modsingle[authenticate]: returned from eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (14) [eap] = handled Fri Sep 25 21:37:13 2020 : Debug: (14) } # authenticate = handled Fri Sep 25 21:37:13 2020 : Debug: (14) Using Post-Auth-Type Challenge Fri Sep 25 21:37:13 2020 : Debug: (14) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (14) Challenge { ... } # empty sub-section is ignored Fri Sep 25 21:37:13 2020 : Debug: (14) session-state: Saving cached attributes Fri Sep 25 21:37:13 2020 : Debug: (14) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" Fri Sep 25 21:37:13 2020 : Debug: (14) TLS-Session-Version = "TLS 1.2" Fri Sep 25 21:37:13 2020 : Debug: (14) Module-Failure-Message := "mschap: MS-CHAP2-Response is incorrect" Fri Sep 25 21:37:13 2020 : Debug: (14) Sent Access-Challenge Id 145 from 192.168.255.20:1812 to 192.168.255.102:33392 length 0 Fri Sep 25 21:37:13 2020 : Debug: (14) EAP-Message = 0x0108002e19001703030023ad362d7350e43c3e3534e2b64196a701ff78509cbb1f9cb12fef9ba29ecc0f49b3fb24 Fri Sep 25 21:37:13 2020 : Debug: (14) Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:13 2020 : Debug: (14) State = 0x3a8fd5ca3c87ccab834f6c6baaa88a53 Fri Sep 25 21:37:13 2020 : Debug: (14) Finished request Fri Sep 25 21:37:13 2020 : Debug: Waking up in 3.0 seconds. Fri Sep 25 21:37:13 2020 : Debug: (15) Received Access-Request Id 146 from 192.168.255.102:33392 to 192.168.255.20:1812 length 212 Fri Sep 25 21:37:13 2020 : Debug: (15) User-Name = "user01" Fri Sep 25 21:37:13 2020 : Debug: (15) NAS-IP-Address = 192.168.255.102 Fri Sep 25 21:37:13 2020 : Debug: (15) NAS-Identifier = "hello" Fri Sep 25 21:37:13 2020 : Debug: (15) NAS-Port = 0 Fri Sep 25 21:37:13 2020 : Debug: (15) Called-Station-Id = "C4-3D-C7-96-EE-23:eduroam" Fri Sep 25 21:37:13 2020 : Debug: (15) Calling-Station-Id = "F4-5C-89-9C-54-49" Fri Sep 25 21:37:13 2020 : Debug: (15) Framed-MTU = 1400 Fri Sep 25 21:37:13 2020 : Debug: (15) NAS-Port-Type = Wireless-802.11 Fri Sep 25 21:37:13 2020 : Debug: (15) Connect-Info = "CONNECT 0Mbps 802.11g" Fri Sep 25 21:37:13 2020 : Debug: (15) EAP-Message = 0x0208002e1900170303002300000000000000038fa92e15978895965fbebf011ec35f238f071df59a9073604bbae5 Fri Sep 25 21:37:13 2020 : Debug: (15) State = 0x3a8fd5ca3c87ccab834f6c6baaa88a53 Fri Sep 25 21:37:13 2020 : Debug: (15) Message-Authenticator = 0x72f74eaaf029a0d27d55aabe257f7928 Fri Sep 25 21:37:13 2020 : Debug: (15) Restoring &session-state Fri Sep 25 21:37:13 2020 : Debug: (15) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" Fri Sep 25 21:37:13 2020 : Debug: (15) &session-state:TLS-Session-Version = "TLS 1.2" Fri Sep 25 21:37:13 2020 : Debug: (15) &session-state:Module-Failure-Message := "mschap: MS-CHAP2-Response is incorrect" Fri Sep 25 21:37:13 2020 : Debug: (15) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (15) authorize { Fri Sep 25 21:37:13 2020 : Debug: (15) policy filter_username { Fri Sep 25 21:37:13 2020 : Debug: (15) if (&User-Name) { Fri Sep 25 21:37:13 2020 : Debug: (15) if (&User-Name) -> TRUE Fri Sep 25 21:37:13 2020 : Debug: (15) if (&User-Name) { Fri Sep 25 21:37:13 2020 : Debug: (15) if (&User-Name =~ / /) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (15) if (&User-Name =~ / /) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (15) if (&User-Name =~ /@[^@]*@/ ) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (15) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (15) if (&User-Name =~ /\.\./ ) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (15) if (&User-Name =~ /\.\./ ) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (15) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (15) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (15) if (&User-Name =~ /\.$/) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (15) if (&User-Name =~ /\.$/) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (15) if (&User-Name =~ /@\./) { Fri Sep 25 21:37:13 2020 : Debug: No old matches Fri Sep 25 21:37:13 2020 : Debug: (15) if (&User-Name =~ /@\./) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (15) } # if (&User-Name) = notfound Fri Sep 25 21:37:13 2020 : Debug: (15) } # policy filter_username = notfound Fri Sep 25 21:37:13 2020 : Debug: (15) modsingle[authorize]: calling preprocess (rlm_preprocess) Fri Sep 25 21:37:13 2020 : Debug: (15) modsingle[authorize]: returned from preprocess (rlm_preprocess) Fri Sep 25 21:37:13 2020 : Debug: (15) [preprocess] = ok Fri Sep 25 21:37:13 2020 : Debug: (15) modsingle[authorize]: calling chap (rlm_chap) Fri Sep 25 21:37:13 2020 : Debug: (15) modsingle[authorize]: returned from chap (rlm_chap) Fri Sep 25 21:37:13 2020 : Debug: (15) [chap] = noop Fri Sep 25 21:37:13 2020 : Debug: (15) modsingle[authorize]: calling mschap (rlm_mschap) Fri Sep 25 21:37:13 2020 : Debug: (15) modsingle[authorize]: returned from mschap (rlm_mschap) Fri Sep 25 21:37:13 2020 : Debug: (15) [mschap] = noop Fri Sep 25 21:37:13 2020 : Debug: (15) modsingle[authorize]: calling digest (rlm_digest) Fri Sep 25 21:37:13 2020 : Debug: (15) modsingle[authorize]: returned from digest (rlm_digest) Fri Sep 25 21:37:13 2020 : Debug: (15) [digest] = noop Fri Sep 25 21:37:13 2020 : Debug: (15) modsingle[authorize]: calling suffix (rlm_realm) Fri Sep 25 21:37:13 2020 : Debug: (15) suffix: Checking for suffix after "@" Fri Sep 25 21:37:13 2020 : Debug: (15) suffix: No '@' in User-Name = "user01", looking up realm NULL Fri Sep 25 21:37:13 2020 : Debug: (15) suffix: No such realm "NULL" Fri Sep 25 21:37:13 2020 : Debug: (15) modsingle[authorize]: returned from suffix (rlm_realm) Fri Sep 25 21:37:13 2020 : Debug: (15) [suffix] = noop Fri Sep 25 21:37:13 2020 : Debug: (15) modsingle[authorize]: calling eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (15) eap: Peer sent EAP Response (code 2) ID 8 length 46 Fri Sep 25 21:37:13 2020 : Debug: (15) eap: Continuing tunnel setup Fri Sep 25 21:37:13 2020 : Debug: (15) modsingle[authorize]: returned from eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (15) [eap] = ok Fri Sep 25 21:37:13 2020 : Debug: (15) } # authorize = ok Fri Sep 25 21:37:13 2020 : Debug: (15) Found Auth-Type = eap Fri Sep 25 21:37:13 2020 : Debug: (15) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (15) authenticate { Fri Sep 25 21:37:13 2020 : Debug: (15) modsingle[authenticate]: calling eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (15) eap: Expiring EAP session with state 0x3a8fd5ca3c87ccab Fri Sep 25 21:37:13 2020 : Debug: (15) eap: Finished EAP session with state 0x3a8fd5ca3c87ccab Fri Sep 25 21:37:13 2020 : Debug: (15) eap: Previous EAP request found for state 0x3a8fd5ca3c87ccab, released from the list Fri Sep 25 21:37:13 2020 : Debug: (15) eap: Peer sent packet with method EAP PEAP (25) Fri Sep 25 21:37:13 2020 : Debug: (15) eap: Calling submodule eap_peap to process data Fri Sep 25 21:37:13 2020 : Debug: (15) eap_peap: Continuing EAP-TLS Fri Sep 25 21:37:13 2020 : Debug: (15) eap_peap: Peer sent flags --- Fri Sep 25 21:37:13 2020 : Debug: (15) eap_peap: [eaptls verify] = ok Fri Sep 25 21:37:13 2020 : Debug: (15) eap_peap: Done initial handshake Fri Sep 25 21:37:13 2020 : Debug: (15) eap_peap: [eaptls process] = ok Fri Sep 25 21:37:13 2020 : Debug: (15) eap_peap: Session established. Decoding tunneled attributes Fri Sep 25 21:37:13 2020 : Debug: (15) eap_peap: PEAP state send tlv failure Fri Sep 25 21:37:13 2020 : Debug: (15) eap_peap: Received EAP-TLV response Fri Sep 25 21:37:13 2020 : ERROR: (15) eap_peap: The users session was previously rejected: returning reject (again.) Fri Sep 25 21:37:13 2020 : Debug: (15) eap_peap: This means you need to read the PREVIOUS messages in the debug output Fri Sep 25 21:37:13 2020 : Debug: (15) eap_peap: to find out the reason why the user was rejected Fri Sep 25 21:37:13 2020 : Debug: (15) eap_peap: Look for "reject" or "fail". Those earlier messages will tell you Fri Sep 25 21:37:13 2020 : Debug: (15) eap_peap: what went wrong, and how to fix the problem Fri Sep 25 21:37:13 2020 : ERROR: (15) eap: Failed continuing EAP PEAP (25) session. EAP sub-module failed Fri Sep 25 21:37:13 2020 : Debug: (15) eap: Sending EAP Failure (code 4) ID 8 length 4 Fri Sep 25 21:37:13 2020 : Debug: (15) eap: Failed in EAP select Fri Sep 25 21:37:13 2020 : Debug: (15) modsingle[authenticate]: returned from eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (15) [eap] = invalid Fri Sep 25 21:37:13 2020 : Debug: (15) } # authenticate = invalid Fri Sep 25 21:37:13 2020 : Debug: (15) Failed to authenticate the user Fri Sep 25 21:37:13 2020 : Debug: (15) Using Post-Auth-Type Reject Fri Sep 25 21:37:13 2020 : Debug: (15) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Sep 25 21:37:13 2020 : Debug: (15) Post-Auth-Type REJECT { Fri Sep 25 21:37:13 2020 : Debug: (15) modsingle[post-auth]: calling attr_filter.access_reject (rlm_attr_filter) Fri Sep 25 21:37:13 2020 : Debug: %{User-Name} Fri Sep 25 21:37:13 2020 : Debug: Parsed xlat tree: Fri Sep 25 21:37:13 2020 : Debug: attribute --> User-Name Fri Sep 25 21:37:13 2020 : Debug: (15) attr_filter.access_reject: EXPAND %{User-Name} Fri Sep 25 21:37:13 2020 : Debug: (15) attr_filter.access_reject: --> user01 Fri Sep 25 21:37:13 2020 : Debug: (15) attr_filter.access_reject: Matched entry DEFAULT at line 11 Fri Sep 25 21:37:13 2020 : Debug: (15) attr_filter.access_reject: EAP-Message = 0x04080004 allowed by EAP-Message =* 0x Fri Sep 25 21:37:13 2020 : Debug: (15) attr_filter.access_reject: Attribute "EAP-Message" allowed by 1 rules, disallowed by 0 rules Fri Sep 25 21:37:13 2020 : Debug: (15) attr_filter.access_reject: Message-Authenticator = 0x00000000000000000000000000000000 allowed by Message-Authenticator =* 0x Fri Sep 25 21:37:13 2020 : Debug: (15) attr_filter.access_reject: Attribute "Message-Authenticator" allowed by 1 rules, disallowed by 0 rules Fri Sep 25 21:37:13 2020 : Debug: (15) modsingle[post-auth]: returned from attr_filter.access_reject (rlm_attr_filter) Fri Sep 25 21:37:13 2020 : Debug: (15) [attr_filter.access_reject] = updated Fri Sep 25 21:37:13 2020 : Debug: (15) modsingle[post-auth]: calling eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (15) eap: Reply already contained an EAP-Message, not inserting EAP-Failure Fri Sep 25 21:37:13 2020 : Debug: (15) modsingle[post-auth]: returned from eap (rlm_eap) Fri Sep 25 21:37:13 2020 : Debug: (15) [eap] = noop Fri Sep 25 21:37:13 2020 : Debug: (15) policy remove_reply_message_if_eap { Fri Sep 25 21:37:13 2020 : Debug: (15) if (&reply:EAP-Message && &reply:Reply-Message) { Fri Sep 25 21:37:13 2020 : Debug: (15) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE Fri Sep 25 21:37:13 2020 : Debug: (15) else { Fri Sep 25 21:37:13 2020 : Debug: (15) modsingle[post-auth]: calling noop (rlm_always) Fri Sep 25 21:37:13 2020 : Debug: (15) modsingle[post-auth]: returned from noop (rlm_always) Fri Sep 25 21:37:13 2020 : Debug: (15) [noop] = noop Fri Sep 25 21:37:13 2020 : Debug: (15) } # else = noop Fri Sep 25 21:37:13 2020 : Debug: (15) } # policy remove_reply_message_if_eap = noop Fri Sep 25 21:37:13 2020 : Debug: (15) } # Post-Auth-Type REJECT = updated Fri Sep 25 21:37:13 2020 : Debug: (15) Delaying response for 1.000000 seconds Fri Sep 25 21:37:13 2020 : Debug: Waking up in 0.3 seconds. Fri Sep 25 21:37:13 2020 : Debug: Waking up in 0.6 seconds. Fri Sep 25 21:37:14 2020 : Debug: (15) (15) Discarding duplicate request from client 192.168.255.102 port 33392 - ID: 146 due to delayed response Fri Sep 25 21:37:14 2020 : Debug: (15) Sending delayed response Fri Sep 25 21:37:14 2020 : Debug: (15) Sent Access-Reject Id 146 from 192.168.255.20:1812 to 192.168.255.102:33392 length 44 Fri Sep 25 21:37:14 2020 : Debug: (15) EAP-Message = 0x04080004 Fri Sep 25 21:37:14 2020 : Debug: (15) Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 25 21:37:14 2020 : Debug: Waking up in 2.0 seconds.