(1) Received Access-Request Id 148 from 172.23.73.22:1645 to 172.23.70.54:1812 length 287 (1) User-Name = "NPR\\SemenyukAP" (1) Service-Type = Framed-User (1) Cisco-AVPair = "service-type=Framed" (1) Framed-MTU = 1500 (1) Called-Station-Id = "D4-AD-71-D4-0D-97" (1) Calling-Station-Id = "B4-B6-86-DB-52-75" (1) EAP-Message = 0x02010013014e50525c53656d656e79756b4150 (1) Message-Authenticator = 0xb8922db3d986e7cad34f37c7e30750dd (1) Cisco-AVPair = "audit-session-id=AC17491600000591DF003BBF" (1) Cisco-AVPair = "method=dot1x" (1) Framed-IP-Address = 172.23.73.33 (1) Cisco-AVPair = "vlan-id=2" (1) NAS-IP-Address = 172.23.73.22 (1) NAS-Port-Id = "GigabitEthernet1/0/23" (1) NAS-Port-Type = Ethernet (1) NAS-Port = 50123 (1) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (1) authorize { (1) policy filter_username { (1) if (&User-Name) { (1) if (&User-Name) -> TRUE (1) if (&User-Name) { (1) if (&User-Name =~ / /) { (1) if (&User-Name =~ / /) -> FALSE (1) if (&User-Name =~ /@[^@]*@/ ) { (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (1) if (&User-Name =~ /\.\./ ) { (1) if (&User-Name =~ /\.\./ ) -> FALSE (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (1) if (&User-Name =~ /\.$/) { (1) if (&User-Name =~ /\.$/) -> FALSE (1) if (&User-Name =~ /@\./) { (1) if (&User-Name =~ /@\./) -> FALSE (1) } # if (&User-Name) = notfound (1) } # policy filter_username = notfound (1) [preprocess] = ok (1) [chap] = noop (1) [mschap] = noop (1) [digest] = noop (1) suffix: Checking for suffix after "@" (1) suffix: No '@' in User-Name = "NPR\SemenyukAP", looking up realm NULL (1) suffix: No such realm "NULL" (1) [suffix] = noop (1) eap: Peer sent EAP Response (code 2) ID 1 length 19 (1) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (1) [eap] = ok (1) } # authorize = ok (1) Found Auth-Type = eap (1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (1) authenticate { (1) eap: Peer sent packet with method EAP Identity (1) (1) eap: Calling submodule eap_peap to process data (1) eap_peap: Initiating new TLS session (1) eap_peap: [eaptls start] = request (1) eap: Sending EAP Request (code 1) ID 2 length 6 (1) eap: EAP session adding &reply:State = 0xc00c5163c00e483d (1) [eap] = handled (1) } # authenticate = handled (1) Using Post-Auth-Type Challenge (1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (1) Challenge { ... } # empty sub-section is ignored (1) Sent Access-Challenge Id 148 from 172.23.70.54:1812 to 172.23.73.22:1645 length 0 (1) EAP-Message = 0x010200061920 (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) State = 0xc00c5163c00e483d1404d0fc5a9963db (1) Finished request Waking up in 4.9 seconds. (2) Received Access-Request Id 149 from 172.23.73.22:1645 to 172.23.70.54:1812 length 474 (2) User-Name = "NPR\\SemenyukAP" (2) Service-Type = Framed-User (2) Cisco-AVPair = "service-type=Framed" (2) Framed-MTU = 1500 (2) Called-Station-Id = "D4-AD-71-D4-0D-97" (2) Calling-Station-Id = "B4-B6-86-DB-52-75" (2) EAP-Message = 0x020200bc1980000000b216030300ad010000a90303645e5515029be5a89fafe68e7d34b38fb9ae70d39d73cfb879ff129f85d40422000040ff850081c02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c01300390033009d009c003d003c0035002f000a006a00400038003200130005000401000040000500050100000000000a00080006001d00170018000b00020100000d001400120401050102010403050302030202060106030023000000170000ff01000100 (2) Message-Authenticator = 0xad5ade6a8f95b31ea06e428f08acc3c9 (2) Cisco-AVPair = "audit-session-id=AC17491600000591DF003BBF" (2) Cisco-AVPair = "method=dot1x" (2) Framed-IP-Address = 172.23.73.33 (2) Cisco-AVPair = "vlan-id=2" (2) NAS-IP-Address = 172.23.73.22 (2) NAS-Port-Id = "GigabitEthernet1/0/23" (2) NAS-Port-Type = Ethernet (2) NAS-Port = 50123 (2) State = 0xc00c5163c00e483d1404d0fc5a9963db (2) session-state: No cached attributes (2) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (2) authorize { (2) policy filter_username { (2) if (&User-Name) { (2) if (&User-Name) -> TRUE (2) if (&User-Name) { (2) if (&User-Name =~ / /) { (2) if (&User-Name =~ / /) -> FALSE (2) if (&User-Name =~ /@[^@]*@/ ) { (2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (2) if (&User-Name =~ /\.\./ ) { (2) if (&User-Name =~ /\.\./ ) -> FALSE (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (2) if (&User-Name =~ /\.$/) { (2) if (&User-Name =~ /\.$/) -> FALSE (2) if (&User-Name =~ /@\./) { (2) if (&User-Name =~ /@\./) -> FALSE (2) } # if (&User-Name) = notfound (2) } # policy filter_username = notfound (2) [preprocess] = ok (2) [chap] = noop (2) [mschap] = noop (2) [digest] = noop (2) suffix: Checking for suffix after "@" (2) suffix: No '@' in User-Name = "NPR\SemenyukAP", looking up realm NULL (2) suffix: No such realm "NULL" (2) [suffix] = noop (2) eap: Peer sent EAP Response (code 2) ID 2 length 188 (2) eap: Continuing tunnel setup (2) [eap] = ok (2) } # authorize = ok (2) Found Auth-Type = eap (2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (2) authenticate { (2) eap: Expiring EAP session with state 0xc00c5163c00e483d (2) eap: Finished EAP session with state 0xc00c5163c00e483d (2) eap: Previous EAP request found for state 0xc00c5163c00e483d, released from the list (2) eap: Peer sent packet with method EAP PEAP (25) (2) eap: Calling submodule eap_peap to process data (2) eap_peap: Continuing EAP-TLS (2) eap_peap: Peer indicated complete TLS record size will be 178 bytes (2) eap_peap: Got complete TLS record (178 bytes) (2) eap_peap: [eaptls verify] = length included (2) eap_peap: (other): before SSL initialization (2) eap_peap: TLS_accept: before SSL initialization (2) eap_peap: TLS_accept: before SSL initialization (2) eap_peap: <<< recv TLS 1.3 [length 00ad] (2) eap_peap: TLS_accept: SSLv3/TLS read client hello (2) eap_peap: >>> send TLS 1.2 [length 005d] (2) eap_peap: TLS_accept: SSLv3/TLS write server hello (2) eap_peap: >>> send TLS 1.2 [length 0c50] (2) eap_peap: TLS_accept: SSLv3/TLS write certificate (2) eap_peap: >>> send TLS 1.2 [length 014d] (2) eap_peap: TLS_accept: SSLv3/TLS write key exchange (2) eap_peap: >>> send TLS 1.2 [length 0004] (2) eap_peap: TLS_accept: SSLv3/TLS write server done (2) eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server done (2) eap_peap: TLS - In Handshake Phase (2) eap_peap: TLS - got 3602 bytes of data (2) eap_peap: [eaptls process] = handled (2) eap: Sending EAP Request (code 1) ID 3 length 1004 (2) eap: EAP session adding &reply:State = 0xc00c5163c10f483d (2) [eap] = handled (2) } # authenticate = handled (2) Using Post-Auth-Type Challenge (2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (2) Challenge { ... } # empty sub-section is ignored (2) Sent Access-Challenge Id 149 from 172.23.70.54:1812 to 172.23.73.22:1645 length 0 (2) EAP-Message = 0x010303ec19c000000e12160303005d020000590303be0fa2be09330a8065a233708c6c72d0af481d4b1fe95aa879a547725748585c200e467329e805a014b8962d863a28746649fad80ad3c6497ecabb4c7df8235582c030000011ff01000100000b000403000102001700001603030c500b000c4c000c490006c9308206c5308205ada003020102021346000565e5bcacbadcc7caaf260002000565e5300d06092a864886f70d01010b0500305531123010060a0992268993f22c6401191602727531173015060a0992268993f22c64011916076e6f726e69636b31133011060a0992268993f22c64011916036e70723111300f060355040313084e4e2d48512d4341301e170d3232303831313038333631365a170d3233303831313038333631365a307c310b3009060355040613025255310f300d060355040713064d6f73636f773111300f060355040a13084564696e7374766f311f301d060355040313167261646975732e6e6e2d6564696e7374766f2e6e6574 (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0xc00c5163c10f483d1404d0fc5a9963db (2) Finished request Waking up in 4.9 seconds. (3) Received Access-Request Id 150 from 172.23.73.22:1645 to 172.23.70.54:1812 length 292 (3) User-Name = "NPR\\SemenyukAP" (3) Service-Type = Framed-User (3) Cisco-AVPair = "service-type=Framed" (3) Framed-MTU = 1500 (3) Called-Station-Id = "D4-AD-71-D4-0D-97" (3) Calling-Station-Id = "B4-B6-86-DB-52-75" (3) EAP-Message = 0x020300061900 (3) Message-Authenticator = 0xe0bf191a2559d715d6af8247e56cb7a3 (3) Cisco-AVPair = "audit-session-id=AC17491600000591DF003BBF" (3) Cisco-AVPair = "method=dot1x" (3) Framed-IP-Address = 172.23.73.33 (3) Cisco-AVPair = "vlan-id=2" (3) NAS-IP-Address = 172.23.73.22 (3) NAS-Port-Id = "GigabitEthernet1/0/23" (3) NAS-Port-Type = Ethernet (3) NAS-Port = 50123 (3) State = 0xc00c5163c10f483d1404d0fc5a9963db (3) session-state: No cached attributes (3) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (3) authorize { (3) policy filter_username { (3) if (&User-Name) { (3) if (&User-Name) -> TRUE (3) if (&User-Name) { (3) if (&User-Name =~ / /) { (3) if (&User-Name =~ / /) -> FALSE (3) if (&User-Name =~ /@[^@]*@/ ) { (3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (3) if (&User-Name =~ /\.\./ ) { (3) if (&User-Name =~ /\.\./ ) -> FALSE (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (3) if (&User-Name =~ /\.$/) { (3) if (&User-Name =~ /\.$/) -> FALSE (3) if (&User-Name =~ /@\./) { (3) if (&User-Name =~ /@\./) -> FALSE (3) } # if (&User-Name) = notfound (3) } # policy filter_username = notfound (3) [preprocess] = ok (3) [chap] = noop (3) [mschap] = noop (3) [digest] = noop (3) suffix: Checking for suffix after "@" (3) suffix: No '@' in User-Name = "NPR\SemenyukAP", looking up realm NULL (3) suffix: No such realm "NULL" (3) [suffix] = noop (3) eap: Peer sent EAP Response (code 2) ID 3 length 6 (3) eap: Continuing tunnel setup (3) [eap] = ok (3) } # authorize = ok (3) Found Auth-Type = eap (3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (3) authenticate { (3) eap: Expiring EAP session with state 0xc00c5163c10f483d (3) eap: Finished EAP session with state 0xc00c5163c10f483d (3) eap: Previous EAP request found for state 0xc00c5163c10f483d, released from the list (3) eap: Peer sent packet with method EAP PEAP (25) (3) eap: Calling submodule eap_peap to process data (3) eap_peap: Continuing EAP-TLS (3) eap_peap: Peer ACKed our handshake fragment (3) eap_peap: [eaptls verify] = request (3) eap_peap: [eaptls process] = handled (3) eap: Sending EAP Request (code 1) ID 4 length 1000 (3) eap: EAP session adding &reply:State = 0xc00c5163c208483d (3) [eap] = handled (3) } # authenticate = handled (3) Using Post-Auth-Type Challenge (3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (3) Challenge { ... } # empty sub-section is ignored (3) Sent Access-Challenge Id 150 from 172.23.70.54:1812 to 172.23.73.22:1645 length 0 (3) EAP-Message = 0x010403e819407374766f2e6e65748704ac174636301f0603551d23041830168014101352b635f61415384577a778f1678ead3539203081f00603551d1f0481e83081e53081e2a081dfa081dc8681b66c6461703a2f2f2f434e3d4e4e2d48512d43412c434e3d4e4e504b492c434e3d4344502c434e3d5075626c69632532304b657925323053657276696365732c434e3d53657276696365732c434e3d436f6e66696775726174696f6e2c44433d6164726f6f742c44433d6e6f726e69636b2c44433d72753f63657274696669636174655265766f636174696f6e4c6973743f626173653f6f626a656374436c6173733d63524c446973747269627574696f6e506f696e748621687474703a2f2f706b692e6e6f726e696b2e72752f4e4e2d48512d43412e63726c3082011e06082b06010505070101048201103082010c3081b006082b060105050730028681a36c6461703a2f2f2f434e3d4e4e2d48512d43412c434e3d4149412c434e3d5075626c69632532304b65 (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) State = 0xc00c5163c208483d1404d0fc5a9963db (3) Finished request Waking up in 4.9 seconds. (4) Received Access-Request Id 151 from 172.23.73.22:1645 to 172.23.70.54:1812 length 292 (4) User-Name = "NPR\\SemenyukAP" (4) Service-Type = Framed-User (4) Cisco-AVPair = "service-type=Framed" (4) Framed-MTU = 1500 (4) Called-Station-Id = "D4-AD-71-D4-0D-97" (4) Calling-Station-Id = "B4-B6-86-DB-52-75" (4) EAP-Message = 0x020400061900 (4) Message-Authenticator = 0x9c024fab759f1d9b5cea176b1546c233 (4) Cisco-AVPair = "audit-session-id=AC17491600000591DF003BBF" (4) Cisco-AVPair = "method=dot1x" (4) Framed-IP-Address = 172.23.73.33 (4) Cisco-AVPair = "vlan-id=2" (4) NAS-IP-Address = 172.23.73.22 (4) NAS-Port-Id = "GigabitEthernet1/0/23" (4) NAS-Port-Type = Ethernet (4) NAS-Port = 50123 (4) State = 0xc00c5163c208483d1404d0fc5a9963db (4) session-state: No cached attributes (4) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (4) authorize { (4) policy filter_username { (4) if (&User-Name) { (4) if (&User-Name) -> TRUE (4) if (&User-Name) { (4) if (&User-Name =~ / /) { (4) if (&User-Name =~ / /) -> FALSE (4) if (&User-Name =~ /@[^@]*@/ ) { (4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (4) if (&User-Name =~ /\.\./ ) { (4) if (&User-Name =~ /\.\./ ) -> FALSE (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (4) if (&User-Name =~ /\.$/) { (4) if (&User-Name =~ /\.$/) -> FALSE (4) if (&User-Name =~ /@\./) { (4) if (&User-Name =~ /@\./) -> FALSE (4) } # if (&User-Name) = notfound (4) } # policy filter_username = notfound (4) [preprocess] = ok (4) [chap] = noop (4) [mschap] = noop (4) [digest] = noop (4) suffix: Checking for suffix after "@" (4) suffix: No '@' in User-Name = "NPR\SemenyukAP", looking up realm NULL (4) suffix: No such realm "NULL" (4) [suffix] = noop (4) eap: Peer sent EAP Response (code 2) ID 4 length 6 (4) eap: Continuing tunnel setup (4) [eap] = ok (4) } # authorize = ok (4) Found Auth-Type = eap (4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (4) authenticate { (4) eap: Expiring EAP session with state 0xc00c5163c208483d (4) eap: Finished EAP session with state 0xc00c5163c208483d (4) eap: Previous EAP request found for state 0xc00c5163c208483d, released from the list (4) eap: Peer sent packet with method EAP PEAP (25) (4) eap: Calling submodule eap_peap to process data (4) eap_peap: Continuing EAP-TLS (4) eap_peap: Peer ACKed our handshake fragment (4) eap_peap: [eaptls verify] = request (4) eap_peap: [eaptls process] = handled (4) eap: Sending EAP Request (code 1) ID 5 length 1000 (4) eap: EAP session adding &reply:State = 0xc00c5163c309483d (4) [eap] = handled (4) } # authenticate = handled (4) Using Post-Auth-Type Challenge (4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (4) Challenge { ... } # empty sub-section is ignored (4) Sent Access-Challenge Id 151 from 172.23.70.54:1812 to 172.23.73.22:1645 length 0 (4) EAP-Message = 0x010503e819408993f22c64011916076e6f726e69636b31133011060a0992268993f22c64011916036e70723111300f060355040313084e4e2d48512d434130820122300d06092a864886f70d01010105000382010f003082010a0282010100d79dd734b3a0b491d2291086d9396eb26cff7ace2017d1b53763a231fff45a5e2769bdb60501ea12b50c793a99256663d26b497b84619a00d6bf3becefff33d6e1c10ebbd1fd9cb26067d2633e3c480bec53f6b0145b502eff706b1606619ef390f8c9a1b43f02044030b2921857cc9dddb793a8fab9d303efc1aab2a080d71d8ed3e0f0c6292871cab0a2466c961483a356a487a108803e4384341573dc2e700aca8951fc35dbdceebea100841d365a80d4a4b84a635df4fe21e879208843fcf0fa6a827ca297fd0906fa5c099f3c860b4f55e9a5af1e39a5f5743e9eb227c62b70f01e4026d796859fc88002f51f9a453484c712afe83ad62020dbb04f6acd0203010001a382017d30820179301006092b060104018237 (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0xc00c5163c309483d1404d0fc5a9963db (4) Finished request Waking up in 4.8 seconds. (5) Received Access-Request Id 152 from 172.23.73.22:1645 to 172.23.70.54:1812 length 292 (5) User-Name = "NPR\\SemenyukAP" (5) Service-Type = Framed-User (5) Cisco-AVPair = "service-type=Framed" (5) Framed-MTU = 1500 (5) Called-Station-Id = "D4-AD-71-D4-0D-97" (5) Calling-Station-Id = "B4-B6-86-DB-52-75" (5) EAP-Message = 0x020500061900 (5) Message-Authenticator = 0xca13c660150b01ec10fbe8dcd166f723 (5) Cisco-AVPair = "audit-session-id=AC17491600000591DF003BBF" (5) Cisco-AVPair = "method=dot1x" (5) Framed-IP-Address = 172.23.73.33 (5) Cisco-AVPair = "vlan-id=2" (5) NAS-IP-Address = 172.23.73.22 (5) NAS-Port-Id = "GigabitEthernet1/0/23" (5) NAS-Port-Type = Ethernet (5) NAS-Port = 50123 (5) State = 0xc00c5163c309483d1404d0fc5a9963db (5) session-state: No cached attributes (5) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (5) authorize { (5) policy filter_username { (5) if (&User-Name) { (5) if (&User-Name) -> TRUE (5) if (&User-Name) { (5) if (&User-Name =~ / /) { (5) if (&User-Name =~ / /) -> FALSE (5) if (&User-Name =~ /@[^@]*@/ ) { (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (5) if (&User-Name =~ /\.\./ ) { (5) if (&User-Name =~ /\.\./ ) -> FALSE (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (5) if (&User-Name =~ /\.$/) { (5) if (&User-Name =~ /\.$/) -> FALSE (5) if (&User-Name =~ /@\./) { (5) if (&User-Name =~ /@\./) -> FALSE (5) } # if (&User-Name) = notfound (5) } # policy filter_username = notfound (5) [preprocess] = ok (5) [chap] = noop (5) [mschap] = noop (5) [digest] = noop (5) suffix: Checking for suffix after "@" (5) suffix: No '@' in User-Name = "NPR\SemenyukAP", looking up realm NULL (5) suffix: No such realm "NULL" (5) [suffix] = noop (5) eap: Peer sent EAP Response (code 2) ID 5 length 6 (5) eap: Continuing tunnel setup (5) [eap] = ok (5) } # authorize = ok (5) Found Auth-Type = eap (5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (5) authenticate { (5) eap: Expiring EAP session with state 0xc00c5163c309483d (5) eap: Finished EAP session with state 0xc00c5163c309483d (5) eap: Previous EAP request found for state 0xc00c5163c309483d, released from the list (5) eap: Peer sent packet with method EAP PEAP (25) (5) eap: Calling submodule eap_peap to process data (5) eap_peap: Continuing EAP-TLS (5) eap_peap: Peer ACKed our handshake fragment (5) eap_peap: [eaptls verify] = request (5) eap_peap: [eaptls process] = handled (5) eap: Sending EAP Request (code 1) ID 6 length 626 (5) eap: EAP session adding &reply:State = 0xc00c5163c40a483d (5) [eap] = handled (5) } # authenticate = handled (5) Using Post-Auth-Type Challenge (5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (5) Challenge { ... } # empty sub-section is ignored (5) Sent Access-Challenge Id 152 from 172.23.70.54:1812 to 172.23.73.22:1645 length 0 (5) EAP-Message = 0x01060272190002cbf53856f034b5d69cadb2b576a79a081cbe3239425f05a21394cb7ac9c1e5e55e64462144b3d779d6babd49143fe73194e4f9434865ec117e612add2f0dbf8eefb7619f3341e4fa1387ead998a09aeaaf35826c2db739cdbd6c50c0f472f241aa17699797702d14b37b75b35b2640be963819f22f8aa6587dae522f77a591a5dda7b2c4651cc57f5885d03eef6d5c32063aa9b3bc372b6e404276afcd90b9468b1d3beccae850b4638a52c2f970bf5b8e1bc7d3d2be35428764ca704efd94e28b502591f6d5d8a5b102fbf451f80bd496f2884911379cf4d2a4124c32f5f0c8e38d68a4ef965e358d3de273b5bb4d8f82a8d8a7138a456783822d95c688925eff86e68e51cfb05fd987f0ddbdf6538e160303014d0c00014903001741049b757976c6022b72b74fdec1c908b0974d15a4d6c3f8ff5c5a32bac080ddc3aaab08785b7f290b89d8a8745d9ba625859483e7034eea1e69e86b5d15796376f504010100990bee5205dd2690474dc08c9925 (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) State = 0xc00c5163c40a483d1404d0fc5a9963db (5) Finished request Waking up in 3.9 seconds. (6) Received Access-Request Id 153 from 172.23.73.22:1645 to 172.23.70.54:1812 length 422 (6) User-Name = "NPR\\SemenyukAP" (6) Service-Type = Framed-User (6) Cisco-AVPair = "service-type=Framed" (6) Framed-MTU = 1500 (6) Called-Station-Id = "D4-AD-71-D4-0D-97" (6) Calling-Station-Id = "B4-B6-86-DB-52-75" (6) EAP-Message = 0x0206008819800000007e1603030046100000424104d808af8d7fc0d04ae3e914f01698de867b6c978baf218f5ac925f48351ae6833bcd67577a716c06f38f674eca3df1a6aaac005675e6e71298195fe29ea4e5b4d1403030001011603030028000000000000000059e1eda3d417cbc2e631c38bc38a0856c6f53d595365449e104d641373bd35fa (6) Message-Authenticator = 0xf27f17ea06cf417a978e20f9ca3ae844 (6) Cisco-AVPair = "audit-session-id=AC17491600000591DF003BBF" (6) Cisco-AVPair = "method=dot1x" (6) Framed-IP-Address = 172.23.73.33 (6) Cisco-AVPair = "vlan-id=2" (6) NAS-IP-Address = 172.23.73.22 (6) NAS-Port-Id = "GigabitEthernet1/0/23" (6) NAS-Port-Type = Ethernet (6) NAS-Port = 50123 (6) State = 0xc00c5163c40a483d1404d0fc5a9963db (6) session-state: No cached attributes (6) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (6) authorize { (6) policy filter_username { (6) if (&User-Name) { (6) if (&User-Name) -> TRUE (6) if (&User-Name) { (6) if (&User-Name =~ / /) { (6) if (&User-Name =~ / /) -> FALSE (6) if (&User-Name =~ /@[^@]*@/ ) { (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (6) if (&User-Name =~ /\.\./ ) { (6) if (&User-Name =~ /\.\./ ) -> FALSE (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (6) if (&User-Name =~ /\.$/) { (6) if (&User-Name =~ /\.$/) -> FALSE (6) if (&User-Name =~ /@\./) { (6) if (&User-Name =~ /@\./) -> FALSE (6) } # if (&User-Name) = notfound (6) } # policy filter_username = notfound (6) [preprocess] = ok (6) [chap] = noop (6) [mschap] = noop (6) [digest] = noop (6) suffix: Checking for suffix after "@" (6) suffix: No '@' in User-Name = "NPR\SemenyukAP", looking up realm NULL (6) suffix: No such realm "NULL" (6) [suffix] = noop (6) eap: Peer sent EAP Response (code 2) ID 6 length 136 (6) eap: Continuing tunnel setup (6) [eap] = ok (6) } # authorize = ok (6) Found Auth-Type = eap (6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (6) authenticate { (6) eap: Expiring EAP session with state 0xc00c5163c40a483d (6) eap: Finished EAP session with state 0xc00c5163c40a483d (6) eap: Previous EAP request found for state 0xc00c5163c40a483d, released from the list (6) eap: Peer sent packet with method EAP PEAP (25) (6) eap: Calling submodule eap_peap to process data (6) eap_peap: Continuing EAP-TLS (6) eap_peap: Peer indicated complete TLS record size will be 126 bytes (6) eap_peap: Got complete TLS record (126 bytes) (6) eap_peap: [eaptls verify] = length included (6) eap_peap: TLS_accept: SSLv3/TLS write server done (6) eap_peap: <<< recv TLS 1.2 [length 0046] (6) eap_peap: TLS_accept: SSLv3/TLS read client key exchange (6) eap_peap: TLS_accept: SSLv3/TLS read change cipher spec (6) eap_peap: <<< recv TLS 1.2 [length 0010] (6) eap_peap: TLS_accept: SSLv3/TLS read finished (6) eap_peap: >>> send TLS 1.2 [length 0001] (6) eap_peap: TLS_accept: SSLv3/TLS write change cipher spec (6) eap_peap: >>> send TLS 1.2 [length 0010] (6) eap_peap: TLS_accept: SSLv3/TLS write finished (6) eap_peap: (other): SSL negotiation finished successfully (6) eap_peap: TLS - Connection Established (6) eap_peap: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (6) eap_peap: TLS-Session-Version = "TLS 1.2" (6) eap_peap: TLS - got 51 bytes of data (6) eap_peap: [eaptls process] = handled (6) eap: Sending EAP Request (code 1) ID 7 length 57 (6) eap: EAP session adding &reply:State = 0xc00c5163c50b483d (6) [eap] = handled (6) } # authenticate = handled (6) Using Post-Auth-Type Challenge (6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (6) Challenge { ... } # empty sub-section is ignored (6) session-state: Saving cached attributes (6) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (6) TLS-Session-Version = "TLS 1.2" (6) Sent Access-Challenge Id 153 from 172.23.70.54:1812 to 172.23.73.22:1645 length 0 (6) EAP-Message = 0x01070039190014030300010116030300283a4b57541b3879ca736593cefbbeb2423a1c39e657c17a09d4e81df2fbc574d30ed565f9fdd49fce (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0xc00c5163c50b483d1404d0fc5a9963db (6) Finished request Waking up in 3.8 seconds. (7) Received Access-Request Id 154 from 172.23.73.22:1645 to 172.23.70.54:1812 length 292 (7) User-Name = "NPR\\SemenyukAP" (7) Service-Type = Framed-User (7) Cisco-AVPair = "service-type=Framed" (7) Framed-MTU = 1500 (7) Called-Station-Id = "D4-AD-71-D4-0D-97" (7) Calling-Station-Id = "B4-B6-86-DB-52-75" (7) EAP-Message = 0x020700061900 (7) Message-Authenticator = 0x219d791f566562d44eeef6f475da0e4f (7) Cisco-AVPair = "audit-session-id=AC17491600000591DF003BBF" (7) Cisco-AVPair = "method=dot1x" (7) Framed-IP-Address = 172.23.73.33 (7) Cisco-AVPair = "vlan-id=2" (7) NAS-IP-Address = 172.23.73.22 (7) NAS-Port-Id = "GigabitEthernet1/0/23" (7) NAS-Port-Type = Ethernet (7) NAS-Port = 50123 (7) State = 0xc00c5163c50b483d1404d0fc5a9963db (7) Restoring &session-state (7) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (7) &session-state:TLS-Session-Version = "TLS 1.2" (7) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (7) authorize { (7) policy filter_username { (7) if (&User-Name) { (7) if (&User-Name) -> TRUE (7) if (&User-Name) { (7) if (&User-Name =~ / /) { (7) if (&User-Name =~ / /) -> FALSE (7) if (&User-Name =~ /@[^@]*@/ ) { (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (7) if (&User-Name =~ /\.\./ ) { (7) if (&User-Name =~ /\.\./ ) -> FALSE (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (7) if (&User-Name =~ /\.$/) { (7) if (&User-Name =~ /\.$/) -> FALSE (7) if (&User-Name =~ /@\./) { (7) if (&User-Name =~ /@\./) -> FALSE (7) } # if (&User-Name) = notfound (7) } # policy filter_username = notfound (7) [preprocess] = ok (7) [chap] = noop (7) [mschap] = noop (7) [digest] = noop (7) suffix: Checking for suffix after "@" (7) suffix: No '@' in User-Name = "NPR\SemenyukAP", looking up realm NULL (7) suffix: No such realm "NULL" (7) [suffix] = noop (7) eap: Peer sent EAP Response (code 2) ID 7 length 6 (7) eap: Continuing tunnel setup (7) [eap] = ok (7) } # authorize = ok (7) Found Auth-Type = eap (7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (7) authenticate { (7) eap: Expiring EAP session with state 0xc00c5163c50b483d (7) eap: Finished EAP session with state 0xc00c5163c50b483d (7) eap: Previous EAP request found for state 0xc00c5163c50b483d, released from the list (7) eap: Peer sent packet with method EAP PEAP (25) (7) eap: Calling submodule eap_peap to process data (7) eap_peap: Continuing EAP-TLS (7) eap_peap: Peer ACKed our handshake fragment. handshake is finished (7) eap_peap: [eaptls verify] = success (7) eap_peap: [eaptls process] = success (7) eap_peap: Session established. Decoding tunneled attributes (7) eap_peap: PEAP state TUNNEL ESTABLISHED (7) eap: Sending EAP Request (code 1) ID 8 length 40 (7) eap: EAP session adding &reply:State = 0xc00c5163c604483d (7) [eap] = handled (7) } # authenticate = handled (7) Using Post-Auth-Type Challenge (7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (7) Challenge { ... } # empty sub-section is ignored (7) session-state: Saving cached attributes (7) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (7) TLS-Session-Version = "TLS 1.2" (7) Sent Access-Challenge Id 154 from 172.23.70.54:1812 to 172.23.73.22:1645 length 0 (7) EAP-Message = 0x010800281900170303001d3a4b57541b3879cb77e9f3a99c91af1c6bbb2189705812f38230171fff (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0xc00c5163c604483d1404d0fc5a9963db (7) Finished request Waking up in 3.3 seconds. (1) Cleaning up request packet ID 148 with timestamp +115 (2) Cleaning up request packet ID 149 with timestamp +115 (3) Cleaning up request packet ID 150 with timestamp +116 (4) Cleaning up request packet ID 151 with timestamp +116 Waking up in 0.8 seconds. (5) Cleaning up request packet ID 152 with timestamp +116 Waking up in 0.1 seconds. (6) Cleaning up request packet ID 153 with timestamp +117 Waking up in 0.4 seconds. (7) Cleaning up request packet ID 154 with timestamp +117 Ready to process requests (8) Received Access-Request Id 155 from 172.23.73.22:1645 to 172.23.70.54:1812 length 291 (8) User-Name = "b4-b6-86-db-52-75" (8) User-Password = "b4-b6-86-db-52-75" (8) Service-Type = Call-Check (8) Cisco-AVPair = "service-type=Call Check" (8) Framed-MTU = 1500 (8) Called-Station-Id = "D4-AD-71-D4-0D-97" (8) Calling-Station-Id = "B4-B6-86-DB-52-75" (8) Message-Authenticator = 0x2c77efed31dfdbe3de613323f4fe48ba (8) Cisco-AVPair = "audit-session-id=AC17491600000592DF025379" (8) NAS-Identifier = "1" (8) Cisco-AVPair = "method=mab" (8) Framed-IP-Address = 172.23.73.33 (8) NAS-IP-Address = 172.23.73.22 (8) NAS-Port-Id = "GigabitEthernet1/0/23" (8) NAS-Port-Type = Ethernet (8) NAS-Port = 50123 (8) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (8) authorize { (8) policy filter_username { (8) if (&User-Name) { (8) if (&User-Name) -> TRUE (8) if (&User-Name) { (8) if (&User-Name =~ / /) { (8) if (&User-Name =~ / /) -> FALSE (8) if (&User-Name =~ /@[^@]*@/ ) { (8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (8) if (&User-Name =~ /\.\./ ) { (8) if (&User-Name =~ /\.\./ ) -> FALSE (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (8) if (&User-Name =~ /\.$/) { (8) if (&User-Name =~ /\.$/) -> FALSE (8) if (&User-Name =~ /@\./) { (8) if (&User-Name =~ /@\./) -> FALSE (8) } # if (&User-Name) = notfound (8) } # policy filter_username = notfound (8) [preprocess] = ok (8) [chap] = noop (8) [mschap] = noop (8) [digest] = noop (8) suffix: Checking for suffix after "@" (8) suffix: No '@' in User-Name = "b4-b6-86-db-52-75", looking up realm NULL (8) suffix: No such realm "NULL" (8) [suffix] = noop (8) eap: No EAP-Message, not doing EAP (8) [eap] = noop (8) files: users: Matched entry b4-b6-86-db-52-75 at line 293 (8) [files] = ok (8) [expiration] = noop (8) [logintime] = noop (8) [pap] = updated (8) } # authorize = updated (8) Found Auth-Type = PAP (8) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (8) Auth-Type PAP { (8) pap: Login attempt with password (8) pap: Comparing with "known good" Cleartext-Password (8) pap: User authenticated successfully (8) [pap] = ok (8) } # Auth-Type PAP = ok (8) # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/default (8) post-auth { (8) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) { (8) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) -> FALSE (8) update { (8) No attributes updated for RHS &session-state: (8) } # update = noop (8) [exec] = noop (8) policy remove_reply_message_if_eap { (8) if (&reply:EAP-Message && &reply:Reply-Message) { (8) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (8) else { (8) [noop] = noop (8) } # else = noop (8) } # policy remove_reply_message_if_eap = noop (8) } # post-auth = noop (8) Sent Access-Accept Id 155 from 172.23.70.54:1812 to 172.23.73.22:1645 length 0 (8) Cisco-AVPair = "tunnel-type=13" (8) Cisco-AVPair = "tunnel-medium-type=6" (8) Cisco-AVPair = "tunnel-private-group-id=2" (8) Finished request Waking up in 4.9 seconds. (8) Cleaning up request packet ID 155 with timestamp +286 Ready to process requests (9) Received Access-Request Id 156 from 172.23.73.22:1645 to 172.23.70.54:1812 length 308 (9) User-Name = "b4-b6-86-db-52-75" (9) User-Password = "b4-b6-86-db-52-75" (9) Service-Type = Call-Check (9) Cisco-AVPair = "service-type=Call Check" (9) Framed-MTU = 1500 (9) Called-Station-Id = "D4-AD-71-D4-0D-97" (9) Calling-Station-Id = "B4-B6-86-DB-52-75" (9) Message-Authenticator = 0xdb5769971c6915d873ab0526a7461082 (9) Cisco-AVPair = "audit-session-id=AC17491600000592DF025379" (9) NAS-Identifier = "1" (9) Cisco-AVPair = "method=mab" (9) Framed-IP-Address = 172.23.73.33 (9) Cisco-AVPair = "vlan-id=2" (9) NAS-IP-Address = 172.23.73.22 (9) NAS-Port-Id = "GigabitEthernet1/0/23" (9) NAS-Port-Type = Ethernet (9) NAS-Port = 50123 (9) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (9) authorize { (9) policy filter_username { (9) if (&User-Name) { (9) if (&User-Name) -> TRUE (9) if (&User-Name) { (9) if (&User-Name =~ / /) { (9) if (&User-Name =~ / /) -> FALSE (9) if (&User-Name =~ /@[^@]*@/ ) { (9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (9) if (&User-Name =~ /\.\./ ) { (9) if (&User-Name =~ /\.\./ ) -> FALSE (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (9) if (&User-Name =~ /\.$/) { (9) if (&User-Name =~ /\.$/) -> FALSE (9) if (&User-Name =~ /@\./) { (9) if (&User-Name =~ /@\./) -> FALSE (9) } # if (&User-Name) = notfound (9) } # policy filter_username = notfound (9) [preprocess] = ok (9) [chap] = noop (9) [mschap] = noop (9) [digest] = noop (9) suffix: Checking for suffix after "@" (9) suffix: No '@' in User-Name = "b4-b6-86-db-52-75", looking up realm NULL (9) suffix: No such realm "NULL" (9) [suffix] = noop (9) eap: No EAP-Message, not doing EAP (9) [eap] = noop (9) files: users: Matched entry b4-b6-86-db-52-75 at line 293 (9) [files] = ok (9) [expiration] = noop (9) [logintime] = noop (9) [pap] = updated (9) } # authorize = updated (9) Found Auth-Type = PAP (9) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (9) Auth-Type PAP { (9) pap: Login attempt with password (9) pap: Comparing with "known good" Cleartext-Password (9) pap: User authenticated successfully (9) [pap] = ok (9) } # Auth-Type PAP = ok (9) # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/default (9) post-auth { (9) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) { (9) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) -> FALSE (9) update { (9) No attributes updated for RHS &session-state: (9) } # update = noop (9) [exec] = noop (9) policy remove_reply_message_if_eap { (9) if (&reply:EAP-Message && &reply:Reply-Message) { (9) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (9) else { (9) [noop] = noop (9) } # else = noop (9) } # policy remove_reply_message_if_eap = noop (9) } # post-auth = noop (9) Sent Access-Accept Id 156 from 172.23.70.54:1812 to 172.23.73.22:1645 length 0 (9) Cisco-AVPair = "tunnel-type=13" (9) Cisco-AVPair = "tunnel-medium-type=6" (9) Cisco-AVPair = "tunnel-private-group-id=2" (9) Finished request Waking up in 4.9 seconds.