Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
October 2018
- 74 participants
- 85 discussions
Hello everyone,
Could you please instruct me how to make the server log the information in
the "radacct" table? We have some devices connected/disconnected going on
for about 2 weeks but yet I did not see any record in the "radacct" table.
I have uncommented sql in Authorize{}, Accounting{}, Session{} and
Postauth{} in "default" and "inner-tunner" file already.
Also, in the freeradius config file, I have changed to "yes" for the auth,
auth_badpath and auth_goodpass
Am I missing anything please?
Thank you
James
---
This email has been checked for viruses by AVG.
https://www.avg.com
3
4
Hello,
I'm trying to upgrade radius to version 3.0.16 and I'm stuck with this message.
Can you please help.
Thank you.
Debug output:
FreeRADIUS Version 3.0.16 Copyright (C) 1999-2017 The FreeRADIUS
server project and contributors There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may
redistribute copies of FreeRADIUS under the terms of the GNU General
Public License For more information about these matters, see the file
named COPYRIGHT Starting - reading configuration files ... including
dictionary file /usr/share/freeradius/dictionary including dictionary
file /usr/share/freeradius/dictionary.dhcp including dictionary file
/usr/share/freeradius/dictionary.vqp including dictionary file
/etc/freeradius/3.0/dictionary including configuration file
/etc/freeradius/3.0/radiusd.conf including configuration file
/etc/freeradius/3.0/proxy.conf including configuration file
/etc/freeradius/3.0/clients.conf including files in directory
/etc/freeradius/3.0/mods-enabled/ including configuration file
/etc/freeradius/3.0/mods-enabled/expr including configuration file
/etc/freeradius/3.0/mods-enabled/echo including configuration file
/etc/freeradius/3.0/mods-enabled/utf8 including configuration file
/etc/freeradius/3.0/mods-enabled/files including configuration file
/etc/freeradius/3.0/mods-enabled/pap including configuration file
/etc/freeradius/3.0/mods-enabled/detail including configuration file
/etc/freeradius/3.0/mods-enabled/expiration including configuration
file /etc/freeradius/3.0/mods-enabled/replicate including
configuration file /etc/freeradius/3.0/mods-enabled/mschap including
configuration file /etc/freeradius/3.0/mods-enabled/digest including
configuration file /etc/freeradius/3.0/mods-enabled/ldap1 including
configuration file /etc/freeradius/3.0/mods-enabled/radutmp including
configuration file /etc/freeradius/3.0/mods-enabled/cache_eap
including configuration file /etc/freeradius/3.0/mods-enabled/sradutmp
including configuration file
/etc/freeradius/3.0/mods-enabled/attr_filter including configuration
file /etc/freeradius/3.0/mods-enabled/ldap2 including configuration
file /etc/freeradius/3.0/mods-enabled/eap including configuration file
/etc/freeradius/3.0/mods-enabled/exec including configuration file
/etc/freeradius/3.0/mods-enabled/always including configuration file
/etc/freeradius/3.0/mods-enabled/unpack including configuration file
/etc/freeradius/3.0/mods-enabled/soh including configuration file
/etc/freeradius/3.0/mods-enabled/chap including configuration file
/etc/freeradius/3.0/mods-enabled/passwd including configuration file
/etc/freeradius/3.0/mods-enabled/detail.log including configuration
file /etc/freeradius/3.0/mods-enabled/dynamic_clients including
configuration file /etc/freeradius/3.0/mods-enabled/logintime
including configuration file
/etc/freeradius/3.0/mods-enabled/ntlm_auth including configuration
file /etc/freeradius/3.0/mods-enabled/preprocess including
configuration file /etc/freeradius/3.0/mods-enabled/realm including
configuration file /etc/freeradius/3.0/mods-enabled/unix including
configuration file /etc/freeradius/3.0/mods-enabled/linelog including
files in directory /etc/freeradius/3.0/policy.d/ including
configuration file /etc/freeradius/3.0/policy.d/operator-name
including configuration file
/etc/freeradius/3.0/policy.d/canonicalization including configuration
file /etc/freeradius/3.0/policy.d/abfab-tr including configuration
file /etc/freeradius/3.0/policy.d/cui including configuration file
/etc/freeradius/3.0/policy.d/debug including configuration file
/etc/freeradius/3.0/policy.d/dhcp including configuration file
/etc/freeradius/3.0/policy.d/eap including configuration file
/etc/freeradius/3.0/policy.d/accounting including configuration file
/etc/freeradius/3.0/policy.d/filter including configuration file
/etc/freeradius/3.0/policy.d/control including configuration file
/etc/freeradius/3.0/policy.d/moonshot-targeted-ids including files in
directory /etc/freeradius/3.0/sites-enabled/ including configuration
file /etc/freeradius/3.0/sites-enabled/inner-tunnel including
configuration file /etc/freeradius/3.0/sites-enabled/default main {
security { user = "freerad" group = "freerad" allow_core_dumps = no }
name = "freeradius" prefix = "/usr" localstatedir = "/var" logdir =
"/var/log/freeradius" run_dir = "/var/run/freeradius" } main { name =
"freeradius" prefix = "/usr" localstatedir = "/var" sbindir =
"/usr/sbin" logdir = "/var/log/freeradius" run_dir =
"/var/run/freeradius" libdir = "/usr/lib/freeradius" radacctdir =
"/var/log/freeradius/radacct" hostname_lookups = no max_request_time =
30 cleanup_delay = 5 max_requests = 16384 pidfile =
"/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad"
debug_level = 0 proxy_requests = yes log { stripped_names = no auth =
no auth_badpass = no auth_goodpass = no colourise = yes msg_denied =
"You are already logged in - access denied" } resources { } security {
max_attributes = 200 reject_delay = 1.000000 status_server = yes } }
radiusd: #### Loading Realms and Home Servers #### proxy server {
retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120
wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1
port = 1812 type = "auth" secret = <<< secret >>> response_window =
20.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period
= 40 status_check = "status-server" ping_interval = 30 check_interval
= 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 120
limit { max_connections = 16 max_requests = 0 lifetime = 0
idle_timeout = 0 } coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } }
home_server_pool my_auth_failover { type = fail-over home_server =
localhost } realm example.com { auth_pool = my_auth_failover } realm
LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr
= 127.0.0.1 require_message_authenticator = no secret = <<< secret >>>
limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } }
Support for old-style clients will be removed in a future release
Debugger not attached # Creating Auth-Type = eap # Creating Auth-Type
= PAP # Creating Auth-Type = CHAP # Creating Auth-Type = MS-CHAP
radiusd: #### Instantiating modules #### modules { # Loaded module
rlm_expr # Loading module "expr" from file
/etc/freeradius/3.0/mods-enabled/expr expr { safe_characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ" } # Loaded module
rlm_exec # Loading module "echo" from file
/etc/freeradius/3.0/mods-enabled/echo exec echo { wait = yes program =
"/bin/echo %{User-Name}" input_pairs = "request" output_pairs =
"reply" shell_escape = yes } # Loaded module rlm_utf8 # Loading module
"utf8" from file /etc/freeradius/3.0/mods-enabled/utf8 # Loaded module
rlm_files # Loading module "files" from file
/etc/freeradius/3.0/mods-enabled/files files { filename =
"/etc/freeradius/3.0/mods-config/files/authorize" acctusersfile =
"/etc/freeradius/3.0/mods-config/files/accounting" preproxy_usersfile
= "/etc/freeradius/3.0/mods-config/files/pre-proxy" } # Loaded module
rlm_pap # Loading module "pap" from file
/etc/freeradius/3.0/mods-enabled/pap pap { normalise = yes } # Loaded
module rlm_detail # Loading module "detail" from file
/etc/freeradius/3.0/mods-enabled/detail detail { filename =
"/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
header = "%t" permissions = 384 locking = no escape_filenames = no
log_packet_header = no } # Loaded module rlm_expiration # Loading
module "expiration" from file
/etc/freeradius/3.0/mods-enabled/expiration # Loaded module
rlm_replicate # Loading module "replicate" from file
/etc/freeradius/3.0/mods-enabled/replicate # Loaded module rlm_mschap
# Loading module "mschap" from file
/etc/freeradius/3.0/mods-enabled/mschap mschap { use_mppe = yes
require_encryption = no require_strong = no with_ntdomain_hack = yes
passchange { } allow_retry = yes
winbind_retry_with_normalised_username = no } # Loaded module
rlm_digest # Loading module "digest" from file
/etc/freeradius/3.0/mods-enabled/digest # Loaded module rlm_ldap #
Loading module "ldap1" from file
/etc/freeradius/3.0/mods-enabled/ldap1 ldap ldap1 { server = "x" port
= 636 identity = "x" password = <<< secret >>> sasl { } user { scope =
"sub" access_positive = yes sasl { } } group { scope = "sub"
name_attribute = "cn" cacheable_name = no cacheable_dn = no } client {
scope = "sub" base_dn = "" } profile { } options { ldap_debug = 0
net_timeout = 10 res_timeout = 20 srv_timelimit = 20 idle = 60 probes
= 3 interval = 30 } tls { ca_file = "/etc/freeradius/3.0/certs/ca.pem"
ca_path = "/etc/freeradius/3.0/certs/" certificate_file =
"/etc/freeradius/3.0/certs/server.pem" private_key_file =
"/etc/freeradius/3.0/certs/server.key" start_tls = no require_cert =
"allow" } } Creating attribute ldap1-LDAP-Group # Loaded module
rlm_radutmp # Loading module "radutmp" from file
/etc/freeradius/3.0/mods-enabled/radutmp radutmp { filename =
"/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive
= yes check_with_nas = yes permissions = 384 caller_id = yes } #
Loaded module rlm_cache # Loading module "cache_eap" from file
/etc/freeradius/3.0/mods-enabled/cache_eap cache cache_eap { driver =
"rlm_cache_rbtree" key =
"%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15
max_entries = 0 epoch = 0 add_stats = no } # Loading module "sradutmp"
from file /etc/freeradius/3.0/mods-enabled/sradutmp radutmp sradutmp {
filename = "/var/log/freeradius/sradutmp" username = "%{User-Name}"
case_sensitive = yes check_with_nas = yes permissions = 420 caller_id
= no } # Loaded module rlm_attr_filter # Loading module
"attr_filter.post-proxy" from file
/etc/freeradius/3.0/mods-enabled/attr_filter attr_filter
attr_filter.post-proxy { filename =
"/etc/freeradius/3.0/mods-config/attr_filter/post-proxy" key =
"%{Realm}" relaxed = no } # Loading module "attr_filter.pre-proxy"
from file /etc/freeradius/3.0/mods-enabled/attr_filter attr_filter
attr_filter.pre-proxy { filename =
"/etc/freeradius/3.0/mods-config/attr_filter/pre-proxy" key =
"%{Realm}" relaxed = no } # Loading module "attr_filter.access_reject"
from file /etc/freeradius/3.0/mods-enabled/attr_filter attr_filter
attr_filter.access_reject { filename =
"/etc/freeradius/3.0/mods-config/attr_filter/access_reject" key =
"%{User-Name}" relaxed = no } # Loading module
"attr_filter.access_challenge" from file
/etc/freeradius/3.0/mods-enabled/attr_filter attr_filter
attr_filter.access_challenge { filename =
"/etc/freeradius/3.0/mods-config/attr_filter/access_challenge" key =
"%{User-Name}" relaxed = no } # Loading module
"attr_filter.accounting_response" from file
/etc/freeradius/3.0/mods-enabled/attr_filter attr_filter
attr_filter.accounting_response { filename =
"/etc/freeradius/3.0/mods-config/attr_filter/accounting_response" key
= "%{User-Name}" relaxed = no } # Loading module "ldap2" from file
/etc/freeradius/3.0/mods-enabled/ldap2 ldap ldap2 { server = "x" port
= 636 identity = "x" password = <<< secret >>> sasl { } user { scope =
"sub" access_positive = yes sasl { } } group { scope = "sub"
name_attribute = "cn" cacheable_name = no cacheable_dn = no } client {
scope = "sub" base_dn = "" } profile { } options { ldap_debug = 0
net_timeout = 10 res_timeout = 20 srv_timelimit = 20 idle = 60 probes
= 3 interval = 30 } tls { ca_file = "/etc/freeradius/3.0/certs/ca.pem"
ca_path = "/etc/freeradius/3.0/certs/" certificate_file =
"/etc/freeradius/3.0/certs/server.pem" private_key_file =
"/etc/freeradius/3.0/certs/server.key" start_tls = no require_cert =
"allow" } } Creating attribute ldap2-LDAP-Group # Loaded module
rlm_eap # Loading module "eap" from file
/etc/freeradius/3.0/mods-enabled/eap eap { default_eap_type = "peap"
timer_expire = 60 ignore_unknown_eap_types = no
cisco_accounting_username_bug = no max_sessions = 16384 } # Loading
module "exec" from file /etc/freeradius/3.0/mods-enabled/exec exec {
wait = no input_pairs = "request" shell_escape = yes timeout = 10 } #
Loaded module rlm_always # Loading module "reject" from file
/etc/freeradius/3.0/mods-enabled/always always reject { rcode =
"reject" simulcount = 0 mpp = no } # Loading module "fail" from file
/etc/freeradius/3.0/mods-enabled/always always fail { rcode = "fail"
simulcount = 0 mpp = no } # Loading module "ok" from file
/etc/freeradius/3.0/mods-enabled/always always ok { rcode = "ok"
simulcount = 0 mpp = no } # Loading module "handled" from file
/etc/freeradius/3.0/mods-enabled/always always handled { rcode =
"handled" simulcount = 0 mpp = no } # Loading module "invalid" from
file /etc/freeradius/3.0/mods-enabled/always always invalid { rcode =
"invalid" simulcount = 0 mpp = no } # Loading module "userlock" from
file /etc/freeradius/3.0/mods-enabled/always always userlock { rcode =
"userlock" simulcount = 0 mpp = no } # Loading module "notfound" from
file /etc/freeradius/3.0/mods-enabled/always always notfound { rcode =
"notfound" simulcount = 0 mpp = no } # Loading module "noop" from file
/etc/freeradius/3.0/mods-enabled/always always noop { rcode = "noop"
simulcount = 0 mpp = no } # Loading module "updated" from file
/etc/freeradius/3.0/mods-enabled/always always updated { rcode =
"updated" simulcount = 0 mpp = no } # Loaded module rlm_unpack #
Loading module "unpack" from file
/etc/freeradius/3.0/mods-enabled/unpack # Loaded module rlm_soh #
Loading module "soh" from file /etc/freeradius/3.0/mods-enabled/soh
soh { dhcp = yes } # Loaded module rlm_chap # Loading module "chap"
from file /etc/freeradius/3.0/mods-enabled/chap # Loaded module
rlm_passwd # Loading module "etc_passwd" from file
/etc/freeradius/3.0/mods-enabled/passwd passwd etc_passwd { filename =
"/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":"
ignore_nislike = no ignore_empty = yes allow_multiple_keys = no
hash_size = 100 } # Loading module "auth_log" from file
/etc/freeradius/3.0/mods-enabled/detail.log detail auth_log { filename
= "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
header = "%t" permissions = 384 locking = no escape_filenames = no
log_packet_header = no } # Loading module "reply_log" from file
/etc/freeradius/3.0/mods-enabled/detail.log detail reply_log {
filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
header = "%t" permissions = 384 locking = no escape_filenames = no
log_packet_header = no } # Loading module "pre_proxy_log" from file
/etc/freeradius/3.0/mods-enabled/detail.log detail pre_proxy_log {
filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
header = "%t" permissions = 384 locking = no escape_filenames = no
log_packet_header = no } # Loading module "post_proxy_log" from file
/etc/freeradius/3.0/mods-enabled/detail.log detail post_proxy_log {
filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
header = "%t" permissions = 384 locking = no escape_filenames = no
log_packet_header = no } # Loaded module rlm_dynamic_clients # Loading
module "dynamic_clients" from file
/etc/freeradius/3.0/mods-enabled/dynamic_clients # Loaded module
rlm_logintime # Loading module "logintime" from file
/etc/freeradius/3.0/mods-enabled/logintime logintime { minimum_timeout
= 60 } # Loading module "ntlm_auth" from file
/etc/freeradius/3.0/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes
program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN
--username=%{mschap:User-Name} --password=%{User-Password}"
shell_escape = yes } # Loaded module rlm_preprocess # Loading module
"preprocess" from file /etc/freeradius/3.0/mods-enabled/preprocess
preprocess { huntgroups =
"/etc/freeradius/3.0/mods-config/preprocess/huntgroups" hints =
"/etc/freeradius/3.0/mods-config/preprocess/hints" with_ascend_hack =
no ascend_channels_per_line = 23 with_ntdomain_hack = no
with_specialix_jetstream_hack = no with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no } # Loaded module rlm_realm # Loading
module "IPASS" from file /etc/freeradius/3.0/mods-enabled/realm realm
IPASS { format = "prefix" delimiter = "/" ignore_default = no
ignore_null = no } # Loading module "suffix" from file
/etc/freeradius/3.0/mods-enabled/realm realm suffix { format =
"suffix" delimiter = "@" ignore_default = no ignore_null = no } #
Loading module "realmpercent" from file
/etc/freeradius/3.0/mods-enabled/realm realm realmpercent { format =
"suffix" delimiter = "%" ignore_default = no ignore_null = no } #
Loading module "ntdomain" from file
/etc/freeradius/3.0/mods-enabled/realm realm ntdomain { format =
"prefix" delimiter = "\\" ignore_default = no ignore_null = no } #
Loaded module rlm_unix # Loading module "unix" from file
/etc/freeradius/3.0/mods-enabled/unix unix { radwtmp =
"/var/log/freeradius/radwtmp" } Creating attribute Unix-Group # Loaded
module rlm_linelog # Loading module "linelog" from file
/etc/freeradius/3.0/mods-enabled/linelog linelog { filename =
"/var/log/freeradius/linelog" escape_filenames = no syslog_severity =
"info" permissions = 384 format = "This is a log message for
%{User-Name}" reference = "messages.%{%{reply:Packet-Type}:-default}"
} # Loading module "log_accounting" from file
/etc/freeradius/3.0/mods-enabled/linelog linelog log_accounting {
filename = "/var/log/freeradius/linelog-accounting" escape_filenames =
no syslog_severity = "info" permissions = 384 format = "" reference =
"Accounting-Request.%{%{Acct-Status-Type}:-unknown}" } instantiate { }
# Instantiating module "files" from file
/etc/freeradius/3.0/mods-enabled/files reading pairlist file
/etc/freeradius/3.0/mods-config/files/authorize reading pairlist file
/etc/freeradius/3.0/mods-config/files/accounting reading pairlist file
/etc/freeradius/3.0/mods-config/files/pre-proxy # Instantiating module
"pap" from file /etc/freeradius/3.0/mods-enabled/pap # Instantiating
module "detail" from file /etc/freeradius/3.0/mods-enabled/detail #
Instantiating module "expiration" from file
/etc/freeradius/3.0/mods-enabled/expiration # Instantiating module
"mschap" from file /etc/freeradius/3.0/mods-enabled/mschap rlm_mschap
(mschap): using internal authentication # Instantiating module "ldap1"
from file /etc/freeradius/3.0/mods-enabled/ldap1 rlm_ldap: libldap
vendor: OpenLDAP, version: 20445 rlm_ldap (ldap1): Couldn't find
configuration for accounting, will return NOOP for calls from this
section rlm_ldap (ldap1): Couldn't find configuration for post-auth,
will return NOOP for calls from this section rlm_ldap (ldap1):
Initialising connection pool pool { start = 5 min = 5 max = 10 spare =
3 uses = 0 lifetime = 0 cleanup_interval = 30 idle_timeout = 60
retry_delay = 1 spread = no } rlm_ldap (ldap1): Opening additional
connection (0), 1 of 10 pending slots used rlm_ldap (ldap1):
Connecting to ldap://x:636 rlm_ldap (ldap1): Waiting for bind
result... rlm_ldap (ldap1): Bind successful rlm_ldap (ldap1): Opening
additional connection (1), 1 of 9 pending slots used rlm_ldap (ldap1):
Connecting to ldap://x:636 rlm_ldap (ldap1): Waiting for bind
result... rlm_ldap (ldap1): Bind successful rlm_ldap (ldap1): Opening
additional connection (2), 1 of 8 pending slots used rlm_ldap (ldap1):
Connecting to ldap://x:636 rlm_ldap (ldap1): Waiting for bind
result... rlm_ldap (ldap1): Bind successful rlm_ldap (ldap1): Opening
additional connection (3), 1 of 7 pending slots used rlm_ldap (ldap1):
Connecting to ldap://x:636 rlm_ldap (ldap1): Waiting for bind
result... rlm_ldap (ldap1): Bind successful rlm_ldap (ldap1): Opening
additional connection (4), 1 of 6 pending slots used rlm_ldap (ldap1):
Connecting to ldap://x:636 rlm_ldap (ldap1): Waiting for bind
result... rlm_ldap (ldap1): Bind successful # Instantiating module
"cache_eap" from file /etc/freeradius/3.0/mods-enabled/cache_eap
rlm_cache (cache_eap): Driver rlm_cache_rbtree (module
rlm_cache_rbtree) loaded and linked # Instantiating module
"attr_filter.post-proxy" from file
/etc/freeradius/3.0/mods-enabled/attr_filter reading pairlist file
/etc/freeradius/3.0/mods-config/attr_filter/post-proxy # Instantiating
module "attr_filter.pre-proxy" from file
/etc/freeradius/3.0/mods-enabled/attr_filter reading pairlist file
/etc/freeradius/3.0/mods-config/attr_filter/pre-proxy # Instantiating
module "attr_filter.access_reject" from file
/etc/freeradius/3.0/mods-enabled/attr_filter reading pairlist file
/etc/freeradius/3.0/mods-config/attr_filter/access_reject
[/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check
item "FreeRADIUS-Response-Delay" found in filter list for realm
"DEFAULT". [/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11
Check item "FreeRADIUS-Response-Delay-USec" found in filter list for
realm "DEFAULT". # Instantiating module "attr_filter.access_challenge"
from file /etc/freeradius/3.0/mods-enabled/attr_filter reading
pairlist file /etc/freeradius/3.0/mods-config/attr_filter/access_challenge
# Instantiating module "attr_filter.accounting_response" from file
/etc/freeradius/3.0/mods-enabled/attr_filter reading pairlist file
/etc/freeradius/3.0/mods-config/attr_filter/accounting_response #
Instantiating module "ldap2" from file
/etc/freeradius/3.0/mods-enabled/ldap2 rlm_ldap (ldap2): Couldn't find
configuration for accounting, will return NOOP for calls from this
section rlm_ldap (ldap2): Couldn't find configuration for post-auth,
will return NOOP for calls from this section rlm_ldap (ldap2):
Initialising connection pool pool { start = 5 min = 5 max = 10 spare =
3 uses = 0 lifetime = 0 cleanup_interval = 30 idle_timeout = 60
retry_delay = 1 spread = no } rlm_ldap (ldap2): Opening additional
connection (0), 1 of 10 pending slots used rlm_ldap (ldap2):
Connecting to ldap://x:636 rlm_ldap (ldap2): Waiting for bind
result... rlm_ldap (ldap2): Bind successful rlm_ldap (ldap2): Opening
additional connection (1), 1 of 9 pending slots used rlm_ldap (ldap2):
Connecting to ldap://x:636 rlm_ldap (ldap2): Waiting for bind
result... rlm_ldap (ldap2): Bind successful rlm_ldap (ldap2): Opening
additional connection (2), 1 of 8 pending slots used rlm_ldap (ldap2):
Connecting to ldap://x:636 rlm_ldap (ldap2): Waiting for bind
result... rlm_ldap (ldap2): Bind successful rlm_ldap (ldap2): Opening
additional connection (3), 1 of 7 pending slots used rlm_ldap (ldap2):
Connecting to ldap://x:636 rlm_ldap (ldap2): Waiting for bind
result... rlm_ldap (ldap2): Bind successful rlm_ldap (ldap2): Opening
additional connection (4), 1 of 6 pending slots used rlm_ldap (ldap2):
Connecting to ldap://x:636 rlm_ldap (ldap2): Waiting for bind
result... rlm_ldap (ldap2): Bind successful # Instantiating module
"eap" from file /etc/freeradius/3.0/mods-enabled/eap # Linked to
sub-module rlm_eap_md5 # Linked to sub-module rlm_eap_leap # Linked to
sub-module rlm_eap_gtc gtc { challenge = "Password: " auth_type =
"PAP" } # Linked to sub-module rlm_eap_tls tls { } TLS section "tls"
missing, trying to use legacy configuration tls { verify_depth = 0
ca_path = "/etc/freeradius/3.0/certs" pem_file_type = yes
private_key_file = "/etc/freeradius/3.0/certs/server.key"
certificate_file = "/etc/freeradius/3.0/certs/server.pem" ca_file =
"/etc/freeradius/3.0/certs/ca.pem" private_key_password = <<< secret
>>> dh_file = "/etc/freeradius/3.0/certs/dh" random_file =
"/dev/urandom" fragment_size = 1024 include_length = yes auto_chain =
yes check_crl = no check_all_crl = no cipher_list = "DEFAULT"
ecdh_curve = "prime256v1" tls_max_version = "" tls_min_version = "1.0"
cache { enable = no lifetime = 24 max_entries = 255 } verify {
skip_if_ocsp_ok = no } ocsp { enable = no override_cert_url = yes url
= "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no }
} # Linked to sub-module rlm_eap_ttls ttls { default_eap_type = "md5"
copy_request_to_tunnel = no use_tunneled_reply = no virtual_server =
"inner-tunnel" include_length = yes require_client_cert = no } TLS
section "tls" missing, trying to use legacy configuration tls: Using
cached TLS configuration from previous invocation # Linked to
sub-module rlm_eap_peap peap { default_eap_type = "mschapv2"
copy_request_to_tunnel = no use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel"
soh = no require_client_cert = no } TLS section "tls" missing, trying
to use legacy configuration tls: Using cached TLS configuration from
previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 {
with_ntdomain_hack = no send_error = no } # Instantiating module
"reject" from file /etc/freeradius/3.0/mods-enabled/always #
Instantiating module "fail" from file
/etc/freeradius/3.0/mods-enabled/always # Instantiating module "ok"
from file /etc/freeradius/3.0/mods-enabled/always # Instantiating
module "handled" from file /etc/freeradius/3.0/mods-enabled/always #
Instantiating module "invalid" from file
/etc/freeradius/3.0/mods-enabled/always # Instantiating module
"userlock" from file /etc/freeradius/3.0/mods-enabled/always #
Instantiating module "notfound" from file
/etc/freeradius/3.0/mods-enabled/always # Instantiating module "noop"
from file /etc/freeradius/3.0/mods-enabled/always # Instantiating
module "updated" from file /etc/freeradius/3.0/mods-enabled/always #
Instantiating module "etc_passwd" from file
/etc/freeradius/3.0/mods-enabled/passwd rlm_passwd: nfields: 3
keyfield 0(User-Name) listable: no # Instantiating module "auth_log"
from file /etc/freeradius/3.0/mods-enabled/detail.log rlm_detail
(auth_log): 'User-Password' suppressed, will not appear in detail
output # Instantiating module "reply_log" from file
/etc/freeradius/3.0/mods-enabled/detail.log # Instantiating module
"pre_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
# Instantiating module "post_proxy_log" from file
/etc/freeradius/3.0/mods-enabled/detail.log # Instantiating module
"logintime" from file /etc/freeradius/3.0/mods-enabled/logintime #
Instantiating module "preprocess" from file
/etc/freeradius/3.0/mods-enabled/preprocess reading pairlist file
/etc/freeradius/3.0/mods-config/preprocess/huntgroups reading pairlist
file /etc/freeradius/3.0/mods-config/preprocess/hints # Instantiating
module "IPASS" from file /etc/freeradius/3.0/mods-enabled/realm #
Instantiating module "suffix" from file
/etc/freeradius/3.0/mods-enabled/realm # Instantiating module
"realmpercent" from file /etc/freeradius/3.0/mods-enabled/realm #
Instantiating module "ntdomain" from file
/etc/freeradius/3.0/mods-enabled/realm # Instantiating module
"linelog" from file /etc/freeradius/3.0/mods-enabled/linelog #
Instantiating module "log_accounting" from file
/etc/freeradius/3.0/mods-enabled/linelog } # modules radiusd: ####
Loading Virtual Servers #### server { # from file
/etc/freeradius/3.0/radiusd.conf
/etc/freeradius/3.0/sites-enabled/default[20]: The authenticate
section should be inside of a 'server { ... }' block! # Loading
authenticate {...} /etc/freeradius/3.0/sites-enabled/default[30]: The
Auth-Type attribute has no VALUE defined for LDAP
2
1
Hello,
i'm using freeradius with basic authentication (mac adress).
Then my config file is like that :
0025646642D6 Cleartext-Password := "0025646642D6".
i would like to be able to see in the log the computer name, then i
added in dictionnary file this line :
"ATTRIBUTE Nom-Machine 3003 string".
My config file become like that :
0025646642D6 Cleartext-Password := "0025646642D6", Nom-Machine :=
"portable".
I would like to see in the log file, when authentication is ok, in
addition to mac address, the name "portable".
Is it possible to do that ?
Thank for your help
--
Pascal
4
9
We've been experiencing this issue for about the last month. It seems
to affect mostly Apple IOS devices. The user gets the message that
their password is incorrect even though it is not. Shutting off the
wireless on the device and turning it back on has no effect. However if
you power down the device completely and then power it back up it
immediately connects to the wireless network. When roaming to the next
wireless AP the issue may or may not return. Since we are using
WPA-Enterprise with Freeradius for authentication I'm wondering if we
are hitting some kind of session management issue where powering down
the device forces a new session to be initiated. Has anyone else seen
anything similar?
--
Timothy A. Holtzen
Campus Network Administrator
Nebraska Wesleyan University
Public PGP key CFB4 3AE8 B726 DEBF 00D9 CCFC 426E 76AF DABC B3D7
5
6
05 Oct '18
Hi,
I have a problem with a windows 10 client that fails to access our wifi
wpa2 enterprise PEAP-mschapv2.
This is our infrastructure:
CISCO WLC -> PROXY-RADIUS -> AUTH-RADIUS
OS: Debian GNU / Linux 9 (Stretch)
Freeradius 3.0.12 from STABLE repository
I am attaching the output of the raddebug. Analyzing the log I see that the
TLS tunnel is correctly created, mschap authentication goes to good end
(package 12014208) but then I see this error:
(12014210) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Client rejected our
response. The password is probably incorrect
(12014210) Fri Sep 28 16:27:46 2018: ERROR: eap_peap: We sent a success,
but the client did not agree
(12014210) Fri Sep 28 16:27:46 2018: ERROR: eap: Failed continuing EAP PEAP
(25) session. EAP sub-module failed
and the user can not log in. I can not understand why even if the mschap
authentication was successful, the error above appears. Moreover only this
client complains about the problem, all others works correctly.
Thanks for your help!
(12014187) Fri Sep 28 16:27:43 2018: Debug: Received Access-Request Id 3
from 130.192.119.80:33713 to 192.168.19.93:1812 length 293
(12014187) Fri Sep 28 16:27:43 2018: Debug: User-Name = "USER"
(12014187) Fri Sep 28 16:27:43 2018: Debug: Chargeable-User-Identity =
0x00
(12014187) Fri Sep 28 16:27:43 2018: Debug: Location-Capable =
Civix-Location
(12014187) Fri Sep 28 16:27:43 2018: Debug: Calling-Station-Id =
"00-24-54-F2-B4-53"
(12014187) Fri Sep 28 16:27:43 2018: Debug: Called-Station-Id =
"053-D-004:unito-wifi"
(12014187) Fri Sep 28 16:27:43 2018: Debug: NAS-Port = 13
(12014187) Fri Sep 28 16:27:43 2018: Debug: Cisco-AVPair =
"audit-session-id=ac1ffefd0013f7385bae1886"
(12014187) Fri Sep 28 16:27:43 2018: Debug: Acct-Session-Id =
"5bae1883/00:24:54:f2:b4:53/1359867"
(12014187) Fri Sep 28 16:27:43 2018: Debug: NAS-IP-Address =
172.31.254.253
(12014187) Fri Sep 28 16:27:43 2018: Debug: NAS-Identifier = "wlc-lin"
(12014187) Fri Sep 28 16:27:43 2018: Debug: Airespace-Wlan-Id = 1
(12014187) Fri Sep 28 16:27:43 2018: Debug: Service-Type = Framed-User
(12014187) Fri Sep 28 16:27:43 2018: Debug: Framed-MTU = 1300
(12014187) Fri Sep 28 16:27:43 2018: Debug: NAS-Port-Type =
Wireless-802.11
(12014187) Fri Sep 28 16:27:43 2018: Debug: Tunnel-Type:0 = VLAN
(12014187) Fri Sep 28 16:27:43 2018: Debug: Tunnel-Medium-Type:0 =
IEEE-802
(12014187) Fri Sep 28 16:27:43 2018: Debug: Tunnel-Private-Group-Id:0 =
"940"
(12014187) Fri Sep 28 16:27:43 2018: Debug: EAP-Message =
0x02020015016d61747469612e6265676f766f657661
(12014187) Fri Sep 28 16:27:43 2018: Debug: Message-Authenticator =
0xf9bd98f7b7c84e260c6dbfaaa97bc62f
(12014187) Fri Sep 28 16:27:43 2018: Debug: Event-Timestamp = "Sep 28
2018 16:27:43 CEST"
(12014187) Fri Sep 28 16:27:43 2018: Debug: Proxy-State = 0x313635
(12014187) Fri Sep 28 16:27:43 2018: Debug: # Executing section authorize
from file /etc/freeradius/3.0/sites-enabled/default
(12014187) Fri Sep 28 16:27:43 2018: Debug: authorize {
(12014187) Fri Sep 28 16:27:43 2018: Debug: policy forbid_win_host_auth
{
(12014187) Fri Sep 28 16:27:43 2018: Debug: if ( &User-Name =~
/^host\// ) {
(12014187) Fri Sep 28 16:27:43 2018: Debug: if ( &User-Name =~
/^host\// ) -> FALSE
(12014187) Fri Sep 28 16:27:43 2018: Debug: } # policy
forbid_win_host_auth = notfound
(12014187) Fri Sep 28 16:27:43 2018: Debug: policy normalize_username {
(12014187) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name !=
"%{tolower:%{User-Name}}") {
(12014187) Fri Sep 28 16:27:43 2018: Debug: EXPAND
%{tolower:%{User-Name}}
(12014187) Fri Sep 28 16:27:43 2018: Debug: --> USER
(12014187) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name !=
"%{tolower:%{User-Name}}") -> FALSE
(12014187) Fri Sep 28 16:27:43 2018: Debug: else {
(12014187) Fri Sep 28 16:27:43 2018: Debug: [noop] = noop
(12014187) Fri Sep 28 16:27:43 2018: Debug: } # else = noop
(12014187) Fri Sep 28 16:27:43 2018: Debug: } # policy
normalize_username = noop
(12014187) Fri Sep 28 16:27:43 2018: Debug: policy filter_username {
(12014187) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name) {
(12014187) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name) -> TRUE
(12014187) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name) {
(12014187) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~ / /) {
(12014187) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~ / /)
-> FALSE
(12014187) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) {
(12014187) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) -> FALSE
(12014187) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.\./ ) {
(12014187) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.\./ ) -> FALSE
(12014187) Fri Sep 28 16:27:43 2018: Debug: if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(12014187) Fri Sep 28 16:27:43 2018: Debug: if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(12014187) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.$/) {
(12014187) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.$/) -> FALSE
(12014187) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/(a)\./) {
(12014187) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/(a)\./) -> FALSE
(12014187) Fri Sep 28 16:27:43 2018: Debug: } # if (&User-Name) =
noop
(12014187) Fri Sep 28 16:27:43 2018: Debug: } # policy filter_username
= noop
(12014187) Fri Sep 28 16:27:43 2018: Debug: [preprocess] = ok
(12014187) Fri Sep 28 16:27:43 2018: Debug: [mschap] = noop
(12014187) Fri Sep 28 16:27:43 2018: Debug: suffix: Checking for suffix
after "@"
(12014187) Fri Sep 28 16:27:43 2018: Debug: suffix: No '@' in User-Name =
"USER", looking up realm NULL
(12014187) Fri Sep 28 16:27:43 2018: Debug: suffix: No such realm "NULL"
(12014187) Fri Sep 28 16:27:43 2018: Debug: [suffix] = noop
(12014187) Fri Sep 28 16:27:43 2018: Debug: eap: Peer sent EAP Response
(code 2) ID 2 length 21
(12014187) Fri Sep 28 16:27:43 2018: Debug: eap: EAP-Identity reply,
returning 'ok' so we can short-circuit the rest of authorize
(12014187) Fri Sep 28 16:27:43 2018: Debug: [eap] = ok
(12014187) Fri Sep 28 16:27:43 2018: Debug: } # authorize = ok
(12014187) Fri Sep 28 16:27:43 2018: Debug: Found Auth-Type = eap
(12014187) Fri Sep 28 16:27:43 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
(12014187) Fri Sep 28 16:27:43 2018: Debug: authenticate {
(12014187) Fri Sep 28 16:27:43 2018: Debug: eap: Peer sent packet with
method EAP Identity (1)
(12014187) Fri Sep 28 16:27:43 2018: Debug: eap: Calling submodule eap_peap
to process data
(12014187) Fri Sep 28 16:27:43 2018: Debug: eap_peap: Initiating new
EAP-TLS session
(12014187) Fri Sep 28 16:27:43 2018: Debug: eap_peap: [eaptls start] =
request
(12014187) Fri Sep 28 16:27:43 2018: Debug: eap: Sending EAP Request (code
1) ID 3 length 6
(12014187) Fri Sep 28 16:27:43 2018: Debug: eap: EAP session adding
&reply:State = 0x4a8916764a8a0f76
(12014187) Fri Sep 28 16:27:43 2018: Debug: [eap] = handled
(12014187) Fri Sep 28 16:27:43 2018: Debug: } # authenticate = handled
(12014187) Fri Sep 28 16:27:43 2018: Debug: Using Post-Auth-Type Challenge
(12014187) Fri Sep 28 16:27:43 2018: Debug: Post-Auth-Type sub-section not
found. Ignoring.
(12014187) Fri Sep 28 16:27:43 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
(12014187) Fri Sep 28 16:27:43 2018: Debug: Sent Access-Challenge Id 3 from
192.168.19.93:1812 to 130.192.119.80:33713 length 0
(12014187) Fri Sep 28 16:27:43 2018: Debug: EAP-Message = 0x010300061920
(12014187) Fri Sep 28 16:27:43 2018: Debug: Message-Authenticator =
0x00000000000000000000000000000000
(12014187) Fri Sep 28 16:27:43 2018: Debug: State =
0x4a8916764a8a0f7661caf9ec4798bf13
(12014187) Fri Sep 28 16:27:43 2018: Debug: Proxy-State = 0x313635
(12014187) Fri Sep 28 16:27:43 2018: Debug: Finished request
(12014188) Fri Sep 28 16:27:43 2018: Debug: Received Access-Request Id 31
from 130.192.119.80:33713 to 192.168.19.93:1812 length 456
(12014188) Fri Sep 28 16:27:43 2018: Debug: User-Name = "USER"
(12014188) Fri Sep 28 16:27:43 2018: Debug: Chargeable-User-Identity =
0x00
(12014188) Fri Sep 28 16:27:43 2018: Debug: Location-Capable =
Civix-Location
(12014188) Fri Sep 28 16:27:43 2018: Debug: Calling-Station-Id =
"00-24-54-F2-B4-53"
(12014188) Fri Sep 28 16:27:43 2018: Debug: Called-Station-Id =
"053-D-004:unito-wifi"
(12014188) Fri Sep 28 16:27:43 2018: Debug: NAS-Port = 13
(12014188) Fri Sep 28 16:27:43 2018: Debug: Cisco-AVPair =
"audit-session-id=ac1ffefd0013f7385bae1886"
(12014188) Fri Sep 28 16:27:43 2018: Debug: Acct-Session-Id =
"5bae1883/00:24:54:f2:b4:53/1359867"
(12014188) Fri Sep 28 16:27:43 2018: Debug: NAS-IP-Address =
172.31.254.253
(12014188) Fri Sep 28 16:27:43 2018: Debug: NAS-Identifier = "wlc-lin"
(12014188) Fri Sep 28 16:27:43 2018: Debug: Airespace-Wlan-Id = 1
(12014188) Fri Sep 28 16:27:43 2018: Debug: Service-Type = Framed-User
(12014188) Fri Sep 28 16:27:43 2018: Debug: Framed-MTU = 1300
(12014188) Fri Sep 28 16:27:43 2018: Debug: NAS-Port-Type =
Wireless-802.11
(12014188) Fri Sep 28 16:27:43 2018: Debug: Tunnel-Type:0 = VLAN
(12014188) Fri Sep 28 16:27:43 2018: Debug: Tunnel-Medium-Type:0 =
IEEE-802
(12014188) Fri Sep 28 16:27:43 2018: Debug: Tunnel-Private-Group-Id:0 =
"940"
(12014188) Fri Sep 28 16:27:43 2018: Debug: EAP-Message =
0x020300a619800000009c16030300970100009303035bae3a5ea7ccc2962e30c5aefec92da9c3e60e4b9d3bd55a7795a57f6aa5455300002ac02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c013009d009c003d003c0035002f000a01000040000500050100000000000a00080006001d
(12014188) Fri Sep 28 16:27:43 2018: Debug: State =
0x4a8916764a8a0f7661caf9ec4798bf13
(12014188) Fri Sep 28 16:27:43 2018: Debug: Message-Authenticator =
0x96867235312b66c230053355627f173d
(12014188) Fri Sep 28 16:27:43 2018: Debug: Event-Timestamp = "Sep 28
2018 16:27:43 CEST"
(12014188) Fri Sep 28 16:27:43 2018: Debug: Proxy-State = 0x313636
(12014188) Fri Sep 28 16:27:43 2018: Debug: session-state: No cached
attributes
(12014188) Fri Sep 28 16:27:43 2018: Debug: # Executing section authorize
from file /etc/freeradius/3.0/sites-enabled/default
(12014188) Fri Sep 28 16:27:43 2018: Debug: authorize {
(12014188) Fri Sep 28 16:27:43 2018: Debug: policy forbid_win_host_auth
{
(12014188) Fri Sep 28 16:27:43 2018: Debug: if ( &User-Name =~
/^host\// ) {
(12014188) Fri Sep 28 16:27:43 2018: Debug: if ( &User-Name =~
/^host\// ) -> FALSE
(12014188) Fri Sep 28 16:27:43 2018: Debug: } # policy
forbid_win_host_auth = notfound
(12014188) Fri Sep 28 16:27:43 2018: Debug: policy normalize_username {
(12014188) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name !=
"%{tolower:%{User-Name}}") {
(12014188) Fri Sep 28 16:27:43 2018: Debug: EXPAND
%{tolower:%{User-Name}}
(12014188) Fri Sep 28 16:27:43 2018: Debug: --> USER
(12014188) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name !=
"%{tolower:%{User-Name}}") -> FALSE
(12014188) Fri Sep 28 16:27:43 2018: Debug: else {
(12014188) Fri Sep 28 16:27:43 2018: Debug: [noop] = noop
(12014188) Fri Sep 28 16:27:43 2018: Debug: } # else = noop
(12014188) Fri Sep 28 16:27:43 2018: Debug: } # policy
normalize_username = noop
(12014188) Fri Sep 28 16:27:43 2018: Debug: policy filter_username {
(12014188) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name) {
(12014188) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name) -> TRUE
(12014188) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name) {
(12014188) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~ / /) {
(12014188) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~ / /)
-> FALSE
(12014188) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) {
(12014188) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) -> FALSE
(12014188) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.\./ ) {
(12014188) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.\./ ) -> FALSE
(12014188) Fri Sep 28 16:27:43 2018: Debug: if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(12014188) Fri Sep 28 16:27:43 2018: Debug: if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(12014188) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.$/) {
(12014188) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.$/) -> FALSE
(12014188) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/(a)\./) {
(12014188) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/(a)\./) -> FALSE
(12014188) Fri Sep 28 16:27:43 2018: Debug: } # if (&User-Name) =
noop
(12014188) Fri Sep 28 16:27:43 2018: Debug: } # policy filter_username
= noop
(12014188) Fri Sep 28 16:27:43 2018: Debug: [preprocess] = ok
(12014188) Fri Sep 28 16:27:43 2018: Debug: [mschap] = noop
(12014188) Fri Sep 28 16:27:43 2018: Debug: suffix: Checking for suffix
after "@"
(12014188) Fri Sep 28 16:27:43 2018: Debug: suffix: No '@' in User-Name =
"USER", looking up realm NULL
(12014188) Fri Sep 28 16:27:43 2018: Debug: suffix: No such realm "NULL"
(12014188) Fri Sep 28 16:27:43 2018: Debug: [suffix] = noop
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap: Peer sent EAP Response
(code 2) ID 3 length 166
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap: Continuing tunnel setup
(12014188) Fri Sep 28 16:27:43 2018: Debug: [eap] = ok
(12014188) Fri Sep 28 16:27:43 2018: Debug: } # authorize = ok
(12014188) Fri Sep 28 16:27:43 2018: Debug: Found Auth-Type = eap
(12014188) Fri Sep 28 16:27:43 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
(12014188) Fri Sep 28 16:27:43 2018: Debug: authenticate {
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap: Expiring EAP session with
state 0x3284a47d328ebe20
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap: Finished EAP session with
state 0x4a8916764a8a0f76
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap: Previous EAP request found
for state 0x4a8916764a8a0f76, released from the list
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap: Peer sent packet with
method EAP PEAP (25)
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap: Calling submodule eap_peap
to process data
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap_peap: Continuing EAP-TLS
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap_peap: Peer indicated
complete TLS record size will be 156 bytes
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap_peap: Got complete TLS
record (156 bytes)
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap_peap: [eaptls verify] =
length included
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap_peap: (other): before SSL
initialization
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap_peap: TLS_accept: before
SSL initialization
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap_peap: TLS_accept: before
SSL initialization
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap_peap: TLS_accept: SSLv3/TLS
read client hello
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap_peap: TLS_accept: SSLv3/TLS
write server hello
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap_peap: TLS_accept: SSLv3/TLS
write certificate
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap_peap: TLS_accept: SSLv3/TLS
write key exchange
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap_peap: TLS_accept: SSLv3/TLS
write server done
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap_peap: TLS_accept: Need to
read more data: SSLv3/TLS write server done
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap_peap: In SSL Handshake Phase
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap_peap: In SSL Accept mode
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap_peap: [eaptls process] =
handled
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap: Sending EAP Request (code
1) ID 4 length 1014
(12014188) Fri Sep 28 16:27:43 2018: Debug: eap: EAP session adding
&reply:State = 0x4a8916764b8d0f76
(12014188) Fri Sep 28 16:27:43 2018: Debug: [eap] = handled
(12014188) Fri Sep 28 16:27:43 2018: Debug: } # authenticate = handled
(12014188) Fri Sep 28 16:27:43 2018: Debug: Using Post-Auth-Type Challenge
(12014188) Fri Sep 28 16:27:43 2018: Debug: Post-Auth-Type sub-section not
found. Ignoring.
(12014188) Fri Sep 28 16:27:43 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
(12014188) Fri Sep 28 16:27:43 2018: Debug: Sent Access-Challenge Id 31
from 192.168.19.93:1812 to 130.192.119.80:33713 length 0
(12014188) Fri Sep 28 16:27:43 2018: Debug: EAP-Message =
0x010403f619c000000fa2160303003d020000390303ca0711321a19105799591371046c5540290f34e4d6d9b6c19a2e73ae4aa1c31000c030000011ff01000100000b000403000102001700001603030e000b000dfc000df9000536308205323082041aa00302010202100c0b470919f41d1d2384e8715b
(12014188) Fri Sep 28 16:27:43 2018: Debug: Message-Authenticator =
0x00000000000000000000000000000000
(12014188) Fri Sep 28 16:27:43 2018: Debug: State =
0x4a8916764b8d0f7661caf9ec4798bf13
(12014188) Fri Sep 28 16:27:43 2018: Debug: Proxy-State = 0x313636
(12014188) Fri Sep 28 16:27:43 2018: Debug: Finished request
(12014189) Fri Sep 28 16:27:43 2018: Debug: Received Access-Request Id 254
from 130.192.119.80:33713 to 192.168.19.93:1812 length 296
(12014189) Fri Sep 28 16:27:43 2018: Debug: User-Name = "USER"
(12014189) Fri Sep 28 16:27:43 2018: Debug: Chargeable-User-Identity =
0x00
(12014189) Fri Sep 28 16:27:43 2018: Debug: Location-Capable =
Civix-Location
(12014189) Fri Sep 28 16:27:43 2018: Debug: Calling-Station-Id =
"00-24-54-F2-B4-53"
(12014189) Fri Sep 28 16:27:43 2018: Debug: Called-Station-Id =
"053-D-004:unito-wifi"
(12014189) Fri Sep 28 16:27:43 2018: Debug: NAS-Port = 13
(12014189) Fri Sep 28 16:27:43 2018: Debug: Cisco-AVPair =
"audit-session-id=ac1ffefd0013f7385bae1886"
(12014189) Fri Sep 28 16:27:43 2018: Debug: Acct-Session-Id =
"5bae1883/00:24:54:f2:b4:53/1359867"
(12014189) Fri Sep 28 16:27:43 2018: Debug: NAS-IP-Address =
172.31.254.253
(12014189) Fri Sep 28 16:27:43 2018: Debug: NAS-Identifier = "wlc-lin"
(12014189) Fri Sep 28 16:27:43 2018: Debug: Airespace-Wlan-Id = 1
(12014189) Fri Sep 28 16:27:43 2018: Debug: Service-Type = Framed-User
(12014189) Fri Sep 28 16:27:43 2018: Debug: Framed-MTU = 1300
(12014189) Fri Sep 28 16:27:43 2018: Debug: NAS-Port-Type =
Wireless-802.11
(12014189) Fri Sep 28 16:27:43 2018: Debug: Tunnel-Type:0 = VLAN
(12014189) Fri Sep 28 16:27:43 2018: Debug: Tunnel-Medium-Type:0 =
IEEE-802
(12014189) Fri Sep 28 16:27:43 2018: Debug: Tunnel-Private-Group-Id:0 =
"940"
(12014189) Fri Sep 28 16:27:43 2018: Debug: EAP-Message = 0x020400061900
(12014189) Fri Sep 28 16:27:43 2018: Debug: State =
0x4a8916764b8d0f7661caf9ec4798bf13
(12014189) Fri Sep 28 16:27:43 2018: Debug: Message-Authenticator =
0x6157ae71fe63d397936d792731d9612d
(12014189) Fri Sep 28 16:27:43 2018: Debug: Event-Timestamp = "Sep 28
2018 16:27:43 CEST"
(12014189) Fri Sep 28 16:27:43 2018: Debug: Proxy-State = 0x313637
(12014189) Fri Sep 28 16:27:43 2018: Debug: session-state: No cached
attributes
(12014189) Fri Sep 28 16:27:43 2018: Debug: # Executing section authorize
from file /etc/freeradius/3.0/sites-enabled/default
(12014189) Fri Sep 28 16:27:43 2018: Debug: authorize {
(12014189) Fri Sep 28 16:27:43 2018: Debug: policy forbid_win_host_auth
{
(12014189) Fri Sep 28 16:27:43 2018: Debug: if ( &User-Name =~
/^host\// ) {
(12014189) Fri Sep 28 16:27:43 2018: Debug: if ( &User-Name =~
/^host\// ) -> FALSE
(12014189) Fri Sep 28 16:27:43 2018: Debug: } # policy
forbid_win_host_auth = notfound
(12014189) Fri Sep 28 16:27:43 2018: Debug: policy normalize_username {
(12014189) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name !=
"%{tolower:%{User-Name}}") {
(12014189) Fri Sep 28 16:27:43 2018: Debug: EXPAND
%{tolower:%{User-Name}}
(12014189) Fri Sep 28 16:27:43 2018: Debug: --> USER
(12014189) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name !=
"%{tolower:%{User-Name}}") -> FALSE
(12014189) Fri Sep 28 16:27:43 2018: Debug: else {
(12014189) Fri Sep 28 16:27:43 2018: Debug: [noop] = noop
(12014189) Fri Sep 28 16:27:43 2018: Debug: } # else = noop
(12014189) Fri Sep 28 16:27:43 2018: Debug: } # policy
normalize_username = noop
(12014189) Fri Sep 28 16:27:43 2018: Debug: policy filter_username {
(12014189) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name) {
(12014189) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name) -> TRUE
(12014189) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name) {
(12014189) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~ / /) {
(12014189) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~ / /)
-> FALSE
(12014189) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) {
(12014189) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) -> FALSE
(12014189) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.\./ ) {
(12014189) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.\./ ) -> FALSE
(12014189) Fri Sep 28 16:27:43 2018: Debug: if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(12014189) Fri Sep 28 16:27:43 2018: Debug: if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(12014189) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.$/) {
(12014189) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.$/) -> FALSE
(12014189) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/(a)\./) {
(12014189) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/(a)\./) -> FALSE
(12014189) Fri Sep 28 16:27:43 2018: Debug: } # if (&User-Name) =
noop
(12014189) Fri Sep 28 16:27:43 2018: Debug: } # policy filter_username
= noop
(12014189) Fri Sep 28 16:27:43 2018: Debug: [preprocess] = ok
(12014189) Fri Sep 28 16:27:43 2018: Debug: [mschap] = noop
(12014189) Fri Sep 28 16:27:43 2018: Debug: suffix: Checking for suffix
after "@"
(12014189) Fri Sep 28 16:27:43 2018: Debug: suffix: No '@' in User-Name =
"USER", looking up realm NULL
(12014189) Fri Sep 28 16:27:43 2018: Debug: suffix: No such realm "NULL"
(12014189) Fri Sep 28 16:27:43 2018: Debug: [suffix] = noop
(12014189) Fri Sep 28 16:27:43 2018: Debug: eap: Peer sent EAP Response
(code 2) ID 4 length 6
(12014189) Fri Sep 28 16:27:43 2018: Debug: eap: Continuing tunnel setup
(12014189) Fri Sep 28 16:27:43 2018: Debug: [eap] = ok
(12014189) Fri Sep 28 16:27:43 2018: Debug: } # authorize = ok
(12014189) Fri Sep 28 16:27:43 2018: Debug: Found Auth-Type = eap
(12014189) Fri Sep 28 16:27:43 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
(12014189) Fri Sep 28 16:27:43 2018: Debug: authenticate {
(12014189) Fri Sep 28 16:27:43 2018: Debug: eap: Expiring EAP session with
state 0x3284a47d328ebe20
(12014189) Fri Sep 28 16:27:43 2018: Debug: eap: Finished EAP session with
state 0x4a8916764b8d0f76
(12014189) Fri Sep 28 16:27:43 2018: Debug: eap: Previous EAP request found
for state 0x4a8916764b8d0f76, released from the list
(12014189) Fri Sep 28 16:27:43 2018: Debug: eap: Peer sent packet with
method EAP PEAP (25)
(12014189) Fri Sep 28 16:27:43 2018: Debug: eap: Calling submodule eap_peap
to process data
(12014189) Fri Sep 28 16:27:43 2018: Debug: eap_peap: Continuing EAP-TLS
(12014189) Fri Sep 28 16:27:43 2018: Debug: eap_peap: Peer ACKed our
handshake fragment
(12014189) Fri Sep 28 16:27:43 2018: Debug: eap_peap: [eaptls verify] =
request
(12014189) Fri Sep 28 16:27:43 2018: Debug: eap_peap: [eaptls process] =
handled
(12014189) Fri Sep 28 16:27:43 2018: Debug: eap: Sending EAP Request (code
1) ID 5 length 1010
(12014189) Fri Sep 28 16:27:43 2018: Debug: eap: EAP session adding
&reply:State = 0x4a891676488c0f76
(12014189) Fri Sep 28 16:27:43 2018: Debug: [eap] = handled
(12014189) Fri Sep 28 16:27:43 2018: Debug: } # authenticate = handled
(12014189) Fri Sep 28 16:27:43 2018: Debug: Using Post-Auth-Type Challenge
(12014189) Fri Sep 28 16:27:43 2018: Debug: Post-Auth-Type sub-section not
found. Ignoring.
(12014189) Fri Sep 28 16:27:43 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
(12014189) Fri Sep 28 16:27:43 2018: Debug: Sent Access-Challenge Id 254
from 192.168.19.93:1812 to 130.192.119.80:33713 length 0
(12014189) Fri Sep 28 16:27:43 2018: Debug: EAP-Message =
0x010503f2194008060667810c010202306e06082b0601050507010104623060302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d303806082b06010505073002862c687474703a2f2f636163657274732e64696769636572742e636f6d2f544552454e415353
(12014189) Fri Sep 28 16:27:43 2018: Debug: Message-Authenticator =
0x00000000000000000000000000000000
(12014189) Fri Sep 28 16:27:43 2018: Debug: State =
0x4a891676488c0f7661caf9ec4798bf13
(12014189) Fri Sep 28 16:27:43 2018: Debug: Proxy-State = 0x313637
(12014189) Fri Sep 28 16:27:43 2018: Debug: Finished request
(12014190) Fri Sep 28 16:27:43 2018: Debug: Received Access-Request Id 4
from 130.192.119.80:33713 to 192.168.19.93:1812 length 296
(12014190) Fri Sep 28 16:27:43 2018: Debug: User-Name = "USER"
(12014190) Fri Sep 28 16:27:43 2018: Debug: Chargeable-User-Identity =
0x00
(12014190) Fri Sep 28 16:27:43 2018: Debug: Location-Capable =
Civix-Location
(12014190) Fri Sep 28 16:27:43 2018: Debug: Calling-Station-Id =
"00-24-54-F2-B4-53"
(12014190) Fri Sep 28 16:27:43 2018: Debug: Called-Station-Id =
"053-D-004:unito-wifi"
(12014190) Fri Sep 28 16:27:43 2018: Debug: NAS-Port = 13
(12014190) Fri Sep 28 16:27:43 2018: Debug: Cisco-AVPair =
"audit-session-id=ac1ffefd0013f7385bae1886"
(12014190) Fri Sep 28 16:27:43 2018: Debug: Acct-Session-Id =
"5bae1883/00:24:54:f2:b4:53/1359867"
(12014190) Fri Sep 28 16:27:43 2018: Debug: NAS-IP-Address =
172.31.254.253
(12014190) Fri Sep 28 16:27:43 2018: Debug: NAS-Identifier = "wlc-lin"
(12014190) Fri Sep 28 16:27:43 2018: Debug: Airespace-Wlan-Id = 1
(12014190) Fri Sep 28 16:27:43 2018: Debug: Service-Type = Framed-User
(12014190) Fri Sep 28 16:27:43 2018: Debug: Framed-MTU = 1300
(12014190) Fri Sep 28 16:27:43 2018: Debug: NAS-Port-Type =
Wireless-802.11
(12014190) Fri Sep 28 16:27:43 2018: Debug: Tunnel-Type:0 = VLAN
(12014190) Fri Sep 28 16:27:43 2018: Debug: Tunnel-Medium-Type:0 =
IEEE-802
(12014190) Fri Sep 28 16:27:43 2018: Debug: Tunnel-Private-Group-Id:0 =
"940"
(12014190) Fri Sep 28 16:27:43 2018: Debug: EAP-Message = 0x020500061900
(12014190) Fri Sep 28 16:27:43 2018: Debug: State =
0x4a891676488c0f7661caf9ec4798bf13
(12014190) Fri Sep 28 16:27:43 2018: Debug: Message-Authenticator =
0xb11330e666b8f603e83639bc481f4367
(12014190) Fri Sep 28 16:27:43 2018: Debug: Event-Timestamp = "Sep 28
2018 16:27:43 CEST"
(12014190) Fri Sep 28 16:27:43 2018: Debug: Proxy-State = 0x313638
(12014190) Fri Sep 28 16:27:43 2018: Debug: session-state: No cached
attributes
(12014190) Fri Sep 28 16:27:43 2018: Debug: # Executing section authorize
from file /etc/freeradius/3.0/sites-enabled/default
(12014190) Fri Sep 28 16:27:43 2018: Debug: authorize {
(12014190) Fri Sep 28 16:27:43 2018: Debug: policy forbid_win_host_auth
{
(12014190) Fri Sep 28 16:27:43 2018: Debug: if ( &User-Name =~
/^host\// ) {
(12014190) Fri Sep 28 16:27:43 2018: Debug: if ( &User-Name =~
/^host\// ) -> FALSE
(12014190) Fri Sep 28 16:27:43 2018: Debug: } # policy
forbid_win_host_auth = notfound
(12014190) Fri Sep 28 16:27:43 2018: Debug: policy normalize_username {
(12014190) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name !=
"%{tolower:%{User-Name}}") {
(12014190) Fri Sep 28 16:27:43 2018: Debug: EXPAND
%{tolower:%{User-Name}}
(12014190) Fri Sep 28 16:27:43 2018: Debug: --> USER
(12014190) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name !=
"%{tolower:%{User-Name}}") -> FALSE
(12014190) Fri Sep 28 16:27:43 2018: Debug: else {
(12014190) Fri Sep 28 16:27:43 2018: Debug: [noop] = noop
(12014190) Fri Sep 28 16:27:43 2018: Debug: } # else = noop
(12014190) Fri Sep 28 16:27:43 2018: Debug: } # policy
normalize_username = noop
(12014190) Fri Sep 28 16:27:43 2018: Debug: policy filter_username {
(12014190) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name) {
(12014190) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name) -> TRUE
(12014190) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name) {
(12014190) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~ / /) {
(12014190) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~ / /)
-> FALSE
(12014190) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) {
(12014190) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) -> FALSE
(12014190) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.\./ ) {
(12014190) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.\./ ) -> FALSE
(12014190) Fri Sep 28 16:27:43 2018: Debug: if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(12014190) Fri Sep 28 16:27:43 2018: Debug: if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(12014190) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.$/) {
(12014190) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.$/) -> FALSE
(12014190) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/(a)\./) {
(12014190) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/(a)\./) -> FALSE
(12014190) Fri Sep 28 16:27:43 2018: Debug: } # if (&User-Name) =
noop
(12014190) Fri Sep 28 16:27:43 2018: Debug: } # policy filter_username
= noop
(12014190) Fri Sep 28 16:27:43 2018: Debug: [preprocess] = ok
(12014190) Fri Sep 28 16:27:43 2018: Debug: [mschap] = noop
(12014190) Fri Sep 28 16:27:43 2018: Debug: suffix: Checking for suffix
after "@"
(12014190) Fri Sep 28 16:27:43 2018: Debug: suffix: No '@' in User-Name =
"USER", looking up realm NULL
(12014190) Fri Sep 28 16:27:43 2018: Debug: suffix: No such realm "NULL"
(12014190) Fri Sep 28 16:27:43 2018: Debug: [suffix] = noop
(12014190) Fri Sep 28 16:27:43 2018: Debug: eap: Peer sent EAP Response
(code 2) ID 5 length 6
(12014190) Fri Sep 28 16:27:43 2018: Debug: eap: Continuing tunnel setup
(12014190) Fri Sep 28 16:27:43 2018: Debug: [eap] = ok
(12014190) Fri Sep 28 16:27:43 2018: Debug: } # authorize = ok
(12014190) Fri Sep 28 16:27:43 2018: Debug: Found Auth-Type = eap
(12014190) Fri Sep 28 16:27:43 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
(12014190) Fri Sep 28 16:27:43 2018: Debug: authenticate {
(12014190) Fri Sep 28 16:27:43 2018: Debug: eap: Expiring EAP session with
state 0x3284a47d328ebe20
(12014190) Fri Sep 28 16:27:43 2018: Debug: eap: Finished EAP session with
state 0x4a891676488c0f76
(12014190) Fri Sep 28 16:27:43 2018: Debug: eap: Previous EAP request found
for state 0x4a891676488c0f76, released from the list
(12014190) Fri Sep 28 16:27:43 2018: Debug: eap: Peer sent packet with
method EAP PEAP (25)
(12014190) Fri Sep 28 16:27:43 2018: Debug: eap: Calling submodule eap_peap
to process data
(12014190) Fri Sep 28 16:27:43 2018: Debug: eap_peap: Continuing EAP-TLS
(12014190) Fri Sep 28 16:27:43 2018: Debug: eap_peap: Peer ACKed our
handshake fragment
(12014190) Fri Sep 28 16:27:43 2018: Debug: eap_peap: [eaptls verify] =
request
(12014190) Fri Sep 28 16:27:43 2018: Debug: eap_peap: [eaptls process] =
handled
(12014190) Fri Sep 28 16:27:43 2018: Debug: eap: Sending EAP Request (code
1) ID 6 length 1010
(12014190) Fri Sep 28 16:27:43 2018: Debug: eap: EAP session adding
&reply:State = 0x4a891676498f0f76
(12014190) Fri Sep 28 16:27:43 2018: Debug: [eap] = handled
(12014190) Fri Sep 28 16:27:43 2018: Debug: } # authenticate = handled
(12014190) Fri Sep 28 16:27:43 2018: Debug: Using Post-Auth-Type Challenge
(12014190) Fri Sep 28 16:27:43 2018: Debug: Post-Auth-Type sub-section not
found. Ignoring.
(12014190) Fri Sep 28 16:27:43 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
(12014190) Fri Sep 28 16:27:43 2018: Debug: Sent Access-Challenge Id 4 from
192.168.19.93:1812 to 130.192.119.80:33713 length 0
(12014190) Fri Sep 28 16:27:43 2018: Debug: EAP-Message =
0x010603f219401d130101ff040830060101ff020100300e0603551d0f0101ff040403020186307906082b06010505070101046d306b302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304306082b060105050730028637687474703a2f2f63616365727473
(12014190) Fri Sep 28 16:27:43 2018: Debug: Message-Authenticator =
0x00000000000000000000000000000000
(12014190) Fri Sep 28 16:27:43 2018: Debug: State =
0x4a891676498f0f7661caf9ec4798bf13
(12014190) Fri Sep 28 16:27:43 2018: Debug: Proxy-State = 0x313638
(12014190) Fri Sep 28 16:27:43 2018: Debug: Finished request
(12014191) Fri Sep 28 16:27:43 2018: Debug: Received Access-Request Id 76
from 130.192.119.80:33713 to 192.168.19.93:1812 length 296
(12014191) Fri Sep 28 16:27:43 2018: Debug: User-Name = "USER"
(12014191) Fri Sep 28 16:27:43 2018: Debug: Chargeable-User-Identity =
0x00
(12014191) Fri Sep 28 16:27:43 2018: Debug: Location-Capable =
Civix-Location
(12014191) Fri Sep 28 16:27:43 2018: Debug: Calling-Station-Id =
"00-24-54-F2-B4-53"
(12014191) Fri Sep 28 16:27:43 2018: Debug: Called-Station-Id =
"053-D-004:unito-wifi"
(12014191) Fri Sep 28 16:27:43 2018: Debug: NAS-Port = 13
(12014191) Fri Sep 28 16:27:43 2018: Debug: Cisco-AVPair =
"audit-session-id=ac1ffefd0013f7385bae1886"
(12014191) Fri Sep 28 16:27:43 2018: Debug: Acct-Session-Id =
"5bae1883/00:24:54:f2:b4:53/1359867"
(12014191) Fri Sep 28 16:27:43 2018: Debug: NAS-IP-Address =
172.31.254.253
(12014191) Fri Sep 28 16:27:43 2018: Debug: NAS-Identifier = "wlc-lin"
(12014191) Fri Sep 28 16:27:43 2018: Debug: Airespace-Wlan-Id = 1
(12014191) Fri Sep 28 16:27:43 2018: Debug: Service-Type = Framed-User
(12014191) Fri Sep 28 16:27:43 2018: Debug: Framed-MTU = 1300
(12014191) Fri Sep 28 16:27:43 2018: Debug: NAS-Port-Type =
Wireless-802.11
(12014191) Fri Sep 28 16:27:43 2018: Debug: Tunnel-Type:0 = VLAN
(12014191) Fri Sep 28 16:27:43 2018: Debug: Tunnel-Medium-Type:0 =
IEEE-802
(12014191) Fri Sep 28 16:27:43 2018: Debug: Tunnel-Private-Group-Id:0 =
"940"
(12014191) Fri Sep 28 16:27:43 2018: Debug: EAP-Message = 0x020600061900
(12014191) Fri Sep 28 16:27:43 2018: Debug: State =
0x4a891676498f0f7661caf9ec4798bf13
(12014191) Fri Sep 28 16:27:43 2018: Debug: Message-Authenticator =
0xa74588a00ca5aa323596e13a85ac485b
(12014191) Fri Sep 28 16:27:43 2018: Debug: Event-Timestamp = "Sep 28
2018 16:27:43 CEST"
(12014191) Fri Sep 28 16:27:43 2018: Debug: Proxy-State = 0x313639
(12014191) Fri Sep 28 16:27:43 2018: Debug: session-state: No cached
attributes
(12014191) Fri Sep 28 16:27:43 2018: Debug: # Executing section authorize
from file /etc/freeradius/3.0/sites-enabled/default
(12014191) Fri Sep 28 16:27:43 2018: Debug: authorize {
(12014191) Fri Sep 28 16:27:43 2018: Debug: policy forbid_win_host_auth
{
(12014191) Fri Sep 28 16:27:43 2018: Debug: if ( &User-Name =~
/^host\// ) {
(12014191) Fri Sep 28 16:27:43 2018: Debug: if ( &User-Name =~
/^host\// ) -> FALSE
(12014191) Fri Sep 28 16:27:43 2018: Debug: } # policy
forbid_win_host_auth = notfound
(12014191) Fri Sep 28 16:27:43 2018: Debug: policy normalize_username {
(12014191) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name !=
"%{tolower:%{User-Name}}") {
(12014191) Fri Sep 28 16:27:43 2018: Debug: EXPAND
%{tolower:%{User-Name}}
(12014191) Fri Sep 28 16:27:43 2018: Debug: --> USER
(12014191) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name !=
"%{tolower:%{User-Name}}") -> FALSE
(12014191) Fri Sep 28 16:27:43 2018: Debug: else {
(12014191) Fri Sep 28 16:27:43 2018: Debug: [noop] = noop
(12014191) Fri Sep 28 16:27:43 2018: Debug: } # else = noop
(12014191) Fri Sep 28 16:27:43 2018: Debug: } # policy
normalize_username = noop
(12014191) Fri Sep 28 16:27:43 2018: Debug: policy filter_username {
(12014191) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name) {
(12014191) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name) -> TRUE
(12014191) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name) {
(12014191) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~ / /) {
(12014191) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~ / /)
-> FALSE
(12014191) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) {
(12014191) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) -> FALSE
(12014191) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.\./ ) {
(12014191) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.\./ ) -> FALSE
(12014191) Fri Sep 28 16:27:43 2018: Debug: if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(12014191) Fri Sep 28 16:27:43 2018: Debug: if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(12014191) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.$/) {
(12014191) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.$/) -> FALSE
(12014191) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/(a)\./) {
(12014191) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/(a)\./) -> FALSE
(12014191) Fri Sep 28 16:27:43 2018: Debug: } # if (&User-Name) =
noop
(12014191) Fri Sep 28 16:27:43 2018: Debug: } # policy filter_username
= noop
(12014191) Fri Sep 28 16:27:43 2018: Debug: [preprocess] = ok
(12014191) Fri Sep 28 16:27:43 2018: Debug: [mschap] = noop
(12014191) Fri Sep 28 16:27:43 2018: Debug: suffix: Checking for suffix
after "@"
(12014191) Fri Sep 28 16:27:43 2018: Debug: suffix: No '@' in User-Name =
"USER", looking up realm NULL
(12014191) Fri Sep 28 16:27:43 2018: Debug: suffix: No such realm "NULL"
(12014191) Fri Sep 28 16:27:43 2018: Debug: [suffix] = noop
(12014191) Fri Sep 28 16:27:43 2018: Debug: eap: Peer sent EAP Response
(code 2) ID 6 length 6
(12014191) Fri Sep 28 16:27:43 2018: Debug: eap: Continuing tunnel setup
(12014191) Fri Sep 28 16:27:43 2018: Debug: [eap] = ok
(12014191) Fri Sep 28 16:27:43 2018: Debug: } # authorize = ok
(12014191) Fri Sep 28 16:27:43 2018: Debug: Found Auth-Type = eap
(12014191) Fri Sep 28 16:27:43 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
(12014191) Fri Sep 28 16:27:43 2018: Debug: authenticate {
(12014191) Fri Sep 28 16:27:43 2018: Debug: eap: Expiring EAP session with
state 0x3284a47d328ebe20
(12014191) Fri Sep 28 16:27:43 2018: Debug: eap: Finished EAP session with
state 0x4a891676498f0f76
(12014191) Fri Sep 28 16:27:43 2018: Debug: eap: Previous EAP request found
for state 0x4a891676498f0f76, released from the list
(12014191) Fri Sep 28 16:27:43 2018: Debug: eap: Peer sent packet with
method EAP PEAP (25)
(12014191) Fri Sep 28 16:27:43 2018: Debug: eap: Calling submodule eap_peap
to process data
(12014191) Fri Sep 28 16:27:43 2018: Debug: eap_peap: Continuing EAP-TLS
(12014191) Fri Sep 28 16:27:43 2018: Debug: eap_peap: Peer ACKed our
handshake fragment
(12014191) Fri Sep 28 16:27:43 2018: Debug: eap_peap: [eaptls verify] =
request
(12014191) Fri Sep 28 16:27:43 2018: Debug: eap_peap: [eaptls process] =
handled
(12014191) Fri Sep 28 16:27:43 2018: Debug: eap: Sending EAP Request (code
1) ID 7 length 996
(12014191) Fri Sep 28 16:27:43 2018: Debug: eap: EAP session adding
&reply:State = 0x4a8916764e8e0f76
(12014191) Fri Sep 28 16:27:43 2018: Debug: [eap] = handled
(12014191) Fri Sep 28 16:27:43 2018: Debug: } # authenticate = handled
(12014191) Fri Sep 28 16:27:43 2018: Debug: Using Post-Auth-Type Challenge
(12014191) Fri Sep 28 16:27:43 2018: Debug: Post-Auth-Type sub-section not
found. Ignoring.
(12014191) Fri Sep 28 16:27:43 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
(12014191) Fri Sep 28 16:27:43 2018: Debug: Sent Access-Challenge Id 76
from 192.168.19.93:1812 to 130.192.119.80:33713 length 0
(12014191) Fri Sep 28 16:27:43 2018: Debug: EAP-Message =
0x010703e419000282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136
(12014191) Fri Sep 28 16:27:43 2018: Debug: Message-Authenticator =
0x00000000000000000000000000000000
(12014191) Fri Sep 28 16:27:43 2018: Debug: State =
0x4a8916764e8e0f7661caf9ec4798bf13
(12014191) Fri Sep 28 16:27:43 2018: Debug: Proxy-State = 0x313639
(12014191) Fri Sep 28 16:27:43 2018: Debug: Finished request
(12014192) Fri Sep 28 16:27:43 2018: Debug: Received Access-Request Id 13
from 130.192.119.80:33713 to 192.168.19.93:1812 length 426
(12014192) Fri Sep 28 16:27:43 2018: Debug: User-Name = "USER"
(12014192) Fri Sep 28 16:27:43 2018: Debug: Chargeable-User-Identity =
0x00
(12014192) Fri Sep 28 16:27:43 2018: Debug: Location-Capable =
Civix-Location
(12014192) Fri Sep 28 16:27:43 2018: Debug: Calling-Station-Id =
"00-24-54-F2-B4-53"
(12014192) Fri Sep 28 16:27:43 2018: Debug: Called-Station-Id =
"053-D-004:unito-wifi"
(12014192) Fri Sep 28 16:27:43 2018: Debug: NAS-Port = 13
(12014192) Fri Sep 28 16:27:43 2018: Debug: Cisco-AVPair =
"audit-session-id=ac1ffefd0013f7385bae1886"
(12014192) Fri Sep 28 16:27:43 2018: Debug: Acct-Session-Id =
"5bae1883/00:24:54:f2:b4:53/1359867"
(12014192) Fri Sep 28 16:27:43 2018: Debug: NAS-IP-Address =
172.31.254.253
(12014192) Fri Sep 28 16:27:43 2018: Debug: NAS-Identifier = "wlc-lin"
(12014192) Fri Sep 28 16:27:43 2018: Debug: Airespace-Wlan-Id = 1
(12014192) Fri Sep 28 16:27:43 2018: Debug: Service-Type = Framed-User
(12014192) Fri Sep 28 16:27:43 2018: Debug: Framed-MTU = 1300
(12014192) Fri Sep 28 16:27:43 2018: Debug: NAS-Port-Type =
Wireless-802.11
(12014192) Fri Sep 28 16:27:43 2018: Debug: Tunnel-Type:0 = VLAN
(12014192) Fri Sep 28 16:27:43 2018: Debug: Tunnel-Medium-Type:0 =
IEEE-802
(12014192) Fri Sep 28 16:27:43 2018: Debug: Tunnel-Private-Group-Id:0 =
"940"
(12014192) Fri Sep 28 16:27:43 2018: Debug: EAP-Message =
0x0207008819800000007e160303004610000042410492cc0a049c313744be89f4fad474e76bf5bbbe8f7630e42dfef34a53dfce8a44ea1e37b1a61895e4776f47577c5b6bda0e3aff2934b6898549ac1b7b3f7c249e14030300010116030300280000000000000000d349e31e6d934aae9a1c69e7478279
(12014192) Fri Sep 28 16:27:43 2018: Debug: State =
0x4a8916764e8e0f7661caf9ec4798bf13
(12014192) Fri Sep 28 16:27:43 2018: Debug: Message-Authenticator =
0x7114901a53f0d646ce8518bec779ec21
(12014192) Fri Sep 28 16:27:43 2018: Debug: Event-Timestamp = "Sep 28
2018 16:27:43 CEST"
(12014192) Fri Sep 28 16:27:43 2018: Debug: Proxy-State = 0x313730
(12014192) Fri Sep 28 16:27:43 2018: Debug: session-state: No cached
attributes
(12014192) Fri Sep 28 16:27:43 2018: Debug: # Executing section authorize
from file /etc/freeradius/3.0/sites-enabled/default
(12014192) Fri Sep 28 16:27:43 2018: Debug: authorize {
(12014192) Fri Sep 28 16:27:43 2018: Debug: policy forbid_win_host_auth
{
(12014192) Fri Sep 28 16:27:43 2018: Debug: if ( &User-Name =~
/^host\// ) {
(12014192) Fri Sep 28 16:27:43 2018: Debug: if ( &User-Name =~
/^host\// ) -> FALSE
(12014192) Fri Sep 28 16:27:43 2018: Debug: } # policy
forbid_win_host_auth = notfound
(12014192) Fri Sep 28 16:27:43 2018: Debug: policy normalize_username {
(12014192) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name !=
"%{tolower:%{User-Name}}") {
(12014192) Fri Sep 28 16:27:43 2018: Debug: EXPAND
%{tolower:%{User-Name}}
(12014192) Fri Sep 28 16:27:43 2018: Debug: --> USER
(12014192) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name !=
"%{tolower:%{User-Name}}") -> FALSE
(12014192) Fri Sep 28 16:27:43 2018: Debug: else {
(12014192) Fri Sep 28 16:27:43 2018: Debug: [noop] = noop
(12014192) Fri Sep 28 16:27:43 2018: Debug: } # else = noop
(12014192) Fri Sep 28 16:27:43 2018: Debug: } # policy
normalize_username = noop
(12014192) Fri Sep 28 16:27:43 2018: Debug: policy filter_username {
(12014192) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name) {
(12014192) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name) -> TRUE
(12014192) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name) {
(12014192) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~ / /) {
(12014192) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~ / /)
-> FALSE
(12014192) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) {
(12014192) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) -> FALSE
(12014192) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.\./ ) {
(12014192) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.\./ ) -> FALSE
(12014192) Fri Sep 28 16:27:43 2018: Debug: if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(12014192) Fri Sep 28 16:27:43 2018: Debug: if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(12014192) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.$/) {
(12014192) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/\.$/) -> FALSE
(12014192) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/(a)\./) {
(12014192) Fri Sep 28 16:27:43 2018: Debug: if (&User-Name =~
/(a)\./) -> FALSE
(12014192) Fri Sep 28 16:27:43 2018: Debug: } # if (&User-Name) =
noop
(12014192) Fri Sep 28 16:27:43 2018: Debug: } # policy filter_username
= noop
(12014192) Fri Sep 28 16:27:43 2018: Debug: [preprocess] = ok
(12014192) Fri Sep 28 16:27:43 2018: Debug: [mschap] = noop
(12014192) Fri Sep 28 16:27:43 2018: Debug: suffix: Checking for suffix
after "@"
(12014192) Fri Sep 28 16:27:43 2018: Debug: suffix: No '@' in User-Name =
"USER", looking up realm NULL
(12014192) Fri Sep 28 16:27:43 2018: Debug: suffix: No such realm "NULL"
(12014192) Fri Sep 28 16:27:43 2018: Debug: [suffix] = noop
(12014192) Fri Sep 28 16:27:43 2018: Debug: eap: Peer sent EAP Response
(code 2) ID 7 length 136
(12014192) Fri Sep 28 16:27:43 2018: Debug: eap: Continuing tunnel setup
(12014192) Fri Sep 28 16:27:43 2018: Debug: [eap] = ok
(12014192) Fri Sep 28 16:27:43 2018: Debug: } # authorize = ok
(12014192) Fri Sep 28 16:27:43 2018: Debug: Found Auth-Type = eap
(12014192) Fri Sep 28 16:27:43 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
(12014192) Fri Sep 28 16:27:43 2018: Debug: authenticate {
(12014192) Fri Sep 28 16:27:43 2018: Debug: eap: Expiring EAP session with
state 0x3284a47d328ebe20
(12014192) Fri Sep 28 16:27:43 2018: Debug: eap: Finished EAP session with
state 0x4a8916764e8e0f76
(12014192) Fri Sep 28 16:27:43 2018: Debug: eap: Previous EAP request found
for state 0x4a8916764e8e0f76, released from the list
(12014192) Fri Sep 28 16:27:43 2018: Debug: eap: Peer sent packet with
method EAP PEAP (25)
(12014192) Fri Sep 28 16:27:43 2018: Debug: eap: Calling submodule eap_peap
to process data
(12014192) Fri Sep 28 16:27:43 2018: Debug: eap_peap: Continuing EAP-TLS
(12014192) Fri Sep 28 16:27:43 2018: Debug: eap_peap: Peer indicated
complete TLS record size will be 126 bytes
(12014192) Fri Sep 28 16:27:43 2018: Debug: eap_peap: Got complete TLS
record (126 bytes)
(12014192) Fri Sep 28 16:27:43 2018: Debug: eap_peap: [eaptls verify] =
length included
(12014192) Fri Sep 28 16:27:43 2018: Debug: eap_peap: TLS_accept: SSLv3/TLS
write server done
(12014192) Fri Sep 28 16:27:43 2018: Debug: eap_peap: TLS_accept: SSLv3/TLS
read client key exchange
(12014192) Fri Sep 28 16:27:43 2018: Debug: eap_peap: TLS_accept: SSLv3/TLS
read change cipher spec
(12014192) Fri Sep 28 16:27:43 2018: Debug: eap_peap: TLS_accept: SSLv3/TLS
read finished
(12014192) Fri Sep 28 16:27:43 2018: Debug: eap_peap: TLS_accept: SSLv3/TLS
write change cipher spec
(12014192) Fri Sep 28 16:27:43 2018: Debug: eap_peap: TLS_accept: SSLv3/TLS
write finished
(12014192) Fri Sep 28 16:27:43 2018: Debug: eap_peap: (other): SSL
negotiation finished successfully
(12014192) Fri Sep 28 16:27:43 2018: Debug: eap_peap: SSL Connection
Established
(12014192) Fri Sep 28 16:27:43 2018: Debug: eap_peap: [eaptls process] =
handled
(12014192) Fri Sep 28 16:27:43 2018: Debug: eap: Sending EAP Request (code
1) ID 8 length 57
(12014192) Fri Sep 28 16:27:43 2018: Debug: eap: EAP session adding
&reply:State = 0x4a8916764f810f76
(12014192) Fri Sep 28 16:27:43 2018: Debug: [eap] = handled
(12014192) Fri Sep 28 16:27:43 2018: Debug: } # authenticate = handled
(12014192) Fri Sep 28 16:27:43 2018: Debug: Using Post-Auth-Type Challenge
(12014192) Fri Sep 28 16:27:43 2018: Debug: Post-Auth-Type sub-section not
found. Ignoring.
(12014192) Fri Sep 28 16:27:43 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
(12014192) Fri Sep 28 16:27:43 2018: Debug: Sent Access-Challenge Id 13
from 192.168.19.93:1812 to 130.192.119.80:33713 length 0
(12014192) Fri Sep 28 16:27:43 2018: Debug: EAP-Message =
0x0108003919001403030001011603030028ad1ff295a543d4925d728be01399e83219afc001b8ed4d3ee1772404eecaebf64d10d02295d8db61
(12014192) Fri Sep 28 16:27:43 2018: Debug: Message-Authenticator =
0x00000000000000000000000000000000
(12014192) Fri Sep 28 16:27:43 2018: Debug: State =
0x4a8916764f810f7661caf9ec4798bf13
(12014192) Fri Sep 28 16:27:43 2018: Debug: Proxy-State = 0x313730
(12014192) Fri Sep 28 16:27:43 2018: Debug: Finished request
(12014206) Fri Sep 28 16:27:46 2018: Debug: Received Access-Request Id 114
from 130.192.119.80:33713 to 192.168.19.93:1812 length 296
(12014206) Fri Sep 28 16:27:46 2018: Debug: User-Name = "USER"
(12014206) Fri Sep 28 16:27:46 2018: Debug: Chargeable-User-Identity =
0x00
(12014206) Fri Sep 28 16:27:46 2018: Debug: Location-Capable =
Civix-Location
(12014206) Fri Sep 28 16:27:46 2018: Debug: Calling-Station-Id =
"00-24-54-F2-B4-53"
(12014206) Fri Sep 28 16:27:46 2018: Debug: Called-Station-Id =
"053-D-004:unito-wifi"
(12014206) Fri Sep 28 16:27:46 2018: Debug: NAS-Port = 13
(12014206) Fri Sep 28 16:27:46 2018: Debug: Cisco-AVPair =
"audit-session-id=ac1ffefd0013f7385bae1886"
(12014206) Fri Sep 28 16:27:46 2018: Debug: Acct-Session-Id =
"5bae1883/00:24:54:f2:b4:53/1359867"
(12014206) Fri Sep 28 16:27:46 2018: Debug: NAS-IP-Address =
172.31.254.253
(12014206) Fri Sep 28 16:27:46 2018: Debug: NAS-Identifier = "wlc-lin"
(12014206) Fri Sep 28 16:27:46 2018: Debug: Airespace-Wlan-Id = 1
(12014206) Fri Sep 28 16:27:46 2018: Debug: Service-Type = Framed-User
(12014206) Fri Sep 28 16:27:46 2018: Debug: Framed-MTU = 1300
(12014206) Fri Sep 28 16:27:46 2018: Debug: NAS-Port-Type =
Wireless-802.11
(12014206) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Type:0 = VLAN
(12014206) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Medium-Type:0 =
IEEE-802
(12014206) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Private-Group-Id:0 =
"940"
(12014206) Fri Sep 28 16:27:46 2018: Debug: EAP-Message = 0x020800061900
(12014206) Fri Sep 28 16:27:46 2018: Debug: State =
0x4a8916764f810f7661caf9ec4798bf13
(12014206) Fri Sep 28 16:27:46 2018: Debug: Message-Authenticator =
0x92a0fff2fc7057153e5d6702efc8873d
(12014206) Fri Sep 28 16:27:46 2018: Debug: Event-Timestamp = "Sep 28
2018 16:27:46 CEST"
(12014206) Fri Sep 28 16:27:46 2018: Debug: Proxy-State = 0x313736
(12014206) Fri Sep 28 16:27:46 2018: Debug: session-state: No cached
attributes
(12014206) Fri Sep 28 16:27:46 2018: Debug: # Executing section authorize
from file /etc/freeradius/3.0/sites-enabled/default
(12014206) Fri Sep 28 16:27:46 2018: Debug: authorize {
(12014206) Fri Sep 28 16:27:46 2018: Debug: policy forbid_win_host_auth
{
(12014206) Fri Sep 28 16:27:46 2018: Debug: if ( &User-Name =~
/^host\// ) {
(12014206) Fri Sep 28 16:27:46 2018: Debug: if ( &User-Name =~
/^host\// ) -> FALSE
(12014206) Fri Sep 28 16:27:46 2018: Debug: } # policy
forbid_win_host_auth = notfound
(12014206) Fri Sep 28 16:27:46 2018: Debug: policy normalize_username {
(12014206) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name !=
"%{tolower:%{User-Name}}") {
(12014206) Fri Sep 28 16:27:46 2018: Debug: EXPAND
%{tolower:%{User-Name}}
(12014206) Fri Sep 28 16:27:46 2018: Debug: --> USER
(12014206) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name !=
"%{tolower:%{User-Name}}") -> FALSE
(12014206) Fri Sep 28 16:27:46 2018: Debug: else {
(12014206) Fri Sep 28 16:27:46 2018: Debug: [noop] = noop
(12014206) Fri Sep 28 16:27:46 2018: Debug: } # else = noop
(12014206) Fri Sep 28 16:27:46 2018: Debug: } # policy
normalize_username = noop
(12014206) Fri Sep 28 16:27:46 2018: Debug: policy filter_username {
(12014206) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) {
(12014206) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) -> TRUE
(12014206) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) {
(12014206) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~ / /) {
(12014206) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~ / /)
-> FALSE
(12014206) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) {
(12014206) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) -> FALSE
(12014206) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.\./ ) {
(12014206) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.\./ ) -> FALSE
(12014206) Fri Sep 28 16:27:46 2018: Debug: if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(12014206) Fri Sep 28 16:27:46 2018: Debug: if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(12014206) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.$/) {
(12014206) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.$/) -> FALSE
(12014206) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/(a)\./) {
(12014206) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/(a)\./) -> FALSE
(12014206) Fri Sep 28 16:27:46 2018: Debug: } # if (&User-Name) =
noop
(12014206) Fri Sep 28 16:27:46 2018: Debug: } # policy filter_username
= noop
(12014206) Fri Sep 28 16:27:46 2018: Debug: [preprocess] = ok
(12014206) Fri Sep 28 16:27:46 2018: Debug: [mschap] = noop
(12014206) Fri Sep 28 16:27:46 2018: Debug: suffix: Checking for suffix
after "@"
(12014206) Fri Sep 28 16:27:46 2018: Debug: suffix: No '@' in User-Name =
"USER", looking up realm NULL
(12014206) Fri Sep 28 16:27:46 2018: Debug: suffix: No such realm "NULL"
(12014206) Fri Sep 28 16:27:46 2018: Debug: [suffix] = noop
(12014206) Fri Sep 28 16:27:46 2018: Debug: eap: Peer sent EAP Response
(code 2) ID 8 length 6
(12014206) Fri Sep 28 16:27:46 2018: Debug: eap: Continuing tunnel setup
(12014206) Fri Sep 28 16:27:46 2018: Debug: [eap] = ok
(12014206) Fri Sep 28 16:27:46 2018: Debug: } # authorize = ok
(12014206) Fri Sep 28 16:27:46 2018: Debug: Found Auth-Type = eap
(12014206) Fri Sep 28 16:27:46 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
(12014206) Fri Sep 28 16:27:46 2018: Debug: authenticate {
(12014206) Fri Sep 28 16:27:46 2018: Debug: eap: Expiring EAP session with
state 0x3284a47d328ebe20
(12014206) Fri Sep 28 16:27:46 2018: Debug: eap: Finished EAP session with
state 0x4a8916764f810f76
(12014206) Fri Sep 28 16:27:46 2018: Debug: eap: Previous EAP request found
for state 0x4a8916764f810f76, released from the list
(12014206) Fri Sep 28 16:27:46 2018: Debug: eap: Peer sent packet with
method EAP PEAP (25)
(12014206) Fri Sep 28 16:27:46 2018: Debug: eap: Calling submodule eap_peap
to process data
(12014206) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Continuing EAP-TLS
(12014206) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Peer ACKed our
handshake fragment. handshake is finished
(12014206) Fri Sep 28 16:27:46 2018: Debug: eap_peap: [eaptls verify] =
success
(12014206) Fri Sep 28 16:27:46 2018: Debug: eap_peap: [eaptls process] =
success
(12014206) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Session established.
Decoding tunneled attributes
(12014206) Fri Sep 28 16:27:46 2018: Debug: eap_peap: PEAP state TUNNEL
ESTABLISHED
(12014206) Fri Sep 28 16:27:46 2018: Debug: eap: Sending EAP Request (code
1) ID 9 length 40
(12014206) Fri Sep 28 16:27:46 2018: Debug: eap: EAP session adding
&reply:State = 0x4a8916764c800f76
(12014206) Fri Sep 28 16:27:46 2018: Debug: [eap] = handled
(12014206) Fri Sep 28 16:27:46 2018: Debug: } # authenticate = handled
(12014206) Fri Sep 28 16:27:46 2018: Debug: Using Post-Auth-Type Challenge
(12014206) Fri Sep 28 16:27:46 2018: Debug: Post-Auth-Type sub-section not
found. Ignoring.
(12014206) Fri Sep 28 16:27:46 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
(12014206) Fri Sep 28 16:27:46 2018: Debug: Sent Access-Challenge Id 114
from 192.168.19.93:1812 to 130.192.119.80:33713 length 0
(12014206) Fri Sep 28 16:27:46 2018: Debug: EAP-Message =
0x010900281900170303001dad1ff295a543d493985fec914519565dd6c4a59cb71424a1b6bf75c011
(12014206) Fri Sep 28 16:27:46 2018: Debug: Message-Authenticator =
0x00000000000000000000000000000000
(12014206) Fri Sep 28 16:27:46 2018: Debug: State =
0x4a8916764c800f7661caf9ec4798bf13
(12014206) Fri Sep 28 16:27:46 2018: Debug: Proxy-State = 0x313736
(12014206) Fri Sep 28 16:27:46 2018: Debug: Finished request
(12014207) Fri Sep 28 16:27:46 2018: Debug: Received Access-Request Id 34
from 130.192.119.80:33713 to 192.168.19.93:1812 length 342
(12014207) Fri Sep 28 16:27:46 2018: Debug: User-Name = "USER"
(12014207) Fri Sep 28 16:27:46 2018: Debug: Chargeable-User-Identity =
0x00
(12014207) Fri Sep 28 16:27:46 2018: Debug: Location-Capable =
Civix-Location
(12014207) Fri Sep 28 16:27:46 2018: Debug: Calling-Station-Id =
"00-24-54-F2-B4-53"
(12014207) Fri Sep 28 16:27:46 2018: Debug: Called-Station-Id =
"053-D-004:unito-wifi"
(12014207) Fri Sep 28 16:27:46 2018: Debug: NAS-Port = 13
(12014207) Fri Sep 28 16:27:46 2018: Debug: Cisco-AVPair =
"audit-session-id=ac1ffefd0013f7385bae1886"
(12014207) Fri Sep 28 16:27:46 2018: Debug: Acct-Session-Id =
"5bae1883/00:24:54:f2:b4:53/1359867"
(12014207) Fri Sep 28 16:27:46 2018: Debug: NAS-IP-Address =
172.31.254.253
(12014207) Fri Sep 28 16:27:46 2018: Debug: NAS-Identifier = "wlc-lin"
(12014207) Fri Sep 28 16:27:46 2018: Debug: Airespace-Wlan-Id = 1
(12014207) Fri Sep 28 16:27:46 2018: Debug: Service-Type = Framed-User
(12014207) Fri Sep 28 16:27:46 2018: Debug: Framed-MTU = 1300
(12014207) Fri Sep 28 16:27:46 2018: Debug: NAS-Port-Type =
Wireless-802.11
(12014207) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Type:0 = VLAN
(12014207) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Medium-Type:0 =
IEEE-802
(12014207) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Private-Group-Id:0 =
"940"
(12014207) Fri Sep 28 16:27:46 2018: Debug: EAP-Message =
0x02090034190017030300290000000000000001cc129720c2092186d6eefa43bb9b9e015b0f486ae1501f8b5074d17be5f9e6743f
(12014207) Fri Sep 28 16:27:46 2018: Debug: State =
0x4a8916764c800f7661caf9ec4798bf13
(12014207) Fri Sep 28 16:27:46 2018: Debug: Message-Authenticator =
0x271d46101a1c2c015fa1b1d233e6f42a
(12014207) Fri Sep 28 16:27:46 2018: Debug: Event-Timestamp = "Sep 28
2018 16:27:46 CEST"
(12014207) Fri Sep 28 16:27:46 2018: Debug: Proxy-State = 0x313737
(12014207) Fri Sep 28 16:27:46 2018: Debug: session-state: No cached
attributes
(12014207) Fri Sep 28 16:27:46 2018: Debug: # Executing section authorize
from file /etc/freeradius/3.0/sites-enabled/default
(12014207) Fri Sep 28 16:27:46 2018: Debug: authorize {
(12014207) Fri Sep 28 16:27:46 2018: Debug: policy forbid_win_host_auth
{
(12014207) Fri Sep 28 16:27:46 2018: Debug: if ( &User-Name =~
/^host\// ) {
(12014207) Fri Sep 28 16:27:46 2018: Debug: if ( &User-Name =~
/^host\// ) -> FALSE
(12014207) Fri Sep 28 16:27:46 2018: Debug: } # policy
forbid_win_host_auth = notfound
(12014207) Fri Sep 28 16:27:46 2018: Debug: policy normalize_username {
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name !=
"%{tolower:%{User-Name}}") {
(12014207) Fri Sep 28 16:27:46 2018: Debug: EXPAND
%{tolower:%{User-Name}}
(12014207) Fri Sep 28 16:27:46 2018: Debug: --> USER
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name !=
"%{tolower:%{User-Name}}") -> FALSE
(12014207) Fri Sep 28 16:27:46 2018: Debug: else {
(12014207) Fri Sep 28 16:27:46 2018: Debug: [noop] = noop
(12014207) Fri Sep 28 16:27:46 2018: Debug: } # else = noop
(12014207) Fri Sep 28 16:27:46 2018: Debug: } # policy
normalize_username = noop
(12014207) Fri Sep 28 16:27:46 2018: Debug: policy filter_username {
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) {
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) -> TRUE
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) {
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~ / /) {
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~ / /)
-> FALSE
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) {
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) -> FALSE
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.\./ ) {
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.\./ ) -> FALSE
(12014207) Fri Sep 28 16:27:46 2018: Debug: if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(12014207) Fri Sep 28 16:27:46 2018: Debug: if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.$/) {
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.$/) -> FALSE
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/(a)\./) {
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/(a)\./) -> FALSE
(12014207) Fri Sep 28 16:27:46 2018: Debug: } # if (&User-Name) =
noop
(12014207) Fri Sep 28 16:27:46 2018: Debug: } # policy filter_username
= noop
(12014207) Fri Sep 28 16:27:46 2018: Debug: [preprocess] = ok
(12014207) Fri Sep 28 16:27:46 2018: Debug: [mschap] = noop
(12014207) Fri Sep 28 16:27:46 2018: Debug: suffix: Checking for suffix
after "@"
(12014207) Fri Sep 28 16:27:46 2018: Debug: suffix: No '@' in User-Name =
"USER", looking up realm NULL
(12014207) Fri Sep 28 16:27:46 2018: Debug: suffix: No such realm "NULL"
(12014207) Fri Sep 28 16:27:46 2018: Debug: [suffix] = noop
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap: Peer sent EAP Response
(code 2) ID 9 length 52
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap: Continuing tunnel setup
(12014207) Fri Sep 28 16:27:46 2018: Debug: [eap] = ok
(12014207) Fri Sep 28 16:27:46 2018: Debug: } # authorize = ok
(12014207) Fri Sep 28 16:27:46 2018: Debug: Found Auth-Type = eap
(12014207) Fri Sep 28 16:27:46 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
(12014207) Fri Sep 28 16:27:46 2018: Debug: authenticate {
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap: Expiring EAP session with
state 0x3284a47d328ebe20
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap: Finished EAP session with
state 0x4a8916764c800f76
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap: Previous EAP request found
for state 0x4a8916764c800f76, released from the list
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap: Peer sent packet with
method EAP PEAP (25)
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap: Calling submodule eap_peap
to process data
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Continuing EAP-TLS
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: [eaptls verify] = ok
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Done initial handshake
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: [eaptls process] = ok
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Session established.
Decoding tunneled attributes
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: PEAP state WAITING
FOR INNER IDENTITY
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Identity - USER
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Got inner identity
'USER'
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Setting default EAP
type for tunneled EAP session
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Got tunneled request
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: EAP-Message =
0x02090015016d61747469612e6265676f766f657661
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Setting User-Name to
USER
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Sending tunneled
request to inner-tunnel
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: EAP-Message =
0x02090015016d61747469612e6265676f766f657661
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap:
FreeRADIUS-Proxied-To = 127.0.0.1
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: User-Name = "USER"
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap:
Chargeable-User-Identity = 0x00
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Location-Capable =
Civix-Location
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Calling-Station-Id
= "00-24-54-F2-B4-53"
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Called-Station-Id =
"053-D-004:unito-wifi"
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: NAS-Port = 13
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Cisco-AVPair =
"audit-session-id=ac1ffefd0013f7385bae1886"
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Acct-Session-Id =
"5bae1883/00:24:54:f2:b4:53/1359867"
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: NAS-IP-Address =
172.31.254.253
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: NAS-Identifier =
"wlc-lin"
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Airespace-Wlan-Id =
1
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Service-Type =
Framed-User
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Framed-MTU = 1300
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: NAS-Port-Type =
Wireless-802.11
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Tunnel-Type:0 = VLAN
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap:
Tunnel-Medium-Type:0 = IEEE-802
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap:
Tunnel-Private-Group-Id:0 = "940"
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Event-Timestamp =
"Sep 28 2018 16:27:46 CEST"
(12014207) Fri Sep 28 16:27:46 2018: Debug: Virtual server inner-tunnel
received request
(12014207) Fri Sep 28 16:27:46 2018: Debug: EAP-Message =
0x02090015016d61747469612e6265676f766f657661
(12014207) Fri Sep 28 16:27:46 2018: Debug: FreeRADIUS-Proxied-To =
127.0.0.1
(12014207) Fri Sep 28 16:27:46 2018: Debug: User-Name = "USER"
(12014207) Fri Sep 28 16:27:46 2018: Debug: Chargeable-User-Identity =
0x00
(12014207) Fri Sep 28 16:27:46 2018: Debug: Location-Capable =
Civix-Location
(12014207) Fri Sep 28 16:27:46 2018: Debug: Calling-Station-Id =
"00-24-54-F2-B4-53"
(12014207) Fri Sep 28 16:27:46 2018: Debug: Called-Station-Id =
"053-D-004:unito-wifi"
(12014207) Fri Sep 28 16:27:46 2018: Debug: NAS-Port = 13
(12014207) Fri Sep 28 16:27:46 2018: Debug: Cisco-AVPair =
"audit-session-id=ac1ffefd0013f7385bae1886"
(12014207) Fri Sep 28 16:27:46 2018: Debug: Acct-Session-Id =
"5bae1883/00:24:54:f2:b4:53/1359867"
(12014207) Fri Sep 28 16:27:46 2018: Debug: NAS-IP-Address =
172.31.254.253
(12014207) Fri Sep 28 16:27:46 2018: Debug: NAS-Identifier = "wlc-lin"
(12014207) Fri Sep 28 16:27:46 2018: Debug: Airespace-Wlan-Id = 1
(12014207) Fri Sep 28 16:27:46 2018: Debug: Service-Type = Framed-User
(12014207) Fri Sep 28 16:27:46 2018: Debug: Framed-MTU = 1300
(12014207) Fri Sep 28 16:27:46 2018: Debug: NAS-Port-Type =
Wireless-802.11
(12014207) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Type:0 = VLAN
(12014207) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Medium-Type:0 =
IEEE-802
(12014207) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Private-Group-Id:0 =
"940"
(12014207) Fri Sep 28 16:27:46 2018: Debug: Event-Timestamp = "Sep 28
2018 16:27:46 CEST"
(12014207) Fri Sep 28 16:27:46 2018: WARNING: Outer and inner identities
are the same. User privacy is compromised.
(12014207) Fri Sep 28 16:27:46 2018: Debug: server inner-tunnel {
(12014207) Fri Sep 28 16:27:46 2018: Debug: # Executing section authorize
from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(12014207) Fri Sep 28 16:27:46 2018: Debug: authorize {
(12014207) Fri Sep 28 16:27:46 2018: Debug: policy filter_username {
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) {
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) -> TRUE
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) {
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~ /
/) {
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~ /
/) -> FALSE
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) {
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) -> FALSE
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.\./ ) {
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.\./ ) -> FALSE
(12014207) Fri Sep 28 16:27:46 2018: Debug: if ((&User-Name =~
/@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(12014207) Fri Sep 28 16:27:46 2018: Debug: if ((&User-Name =~
/@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.$/) {
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.$/) -> FALSE
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/(a)\./) {
(12014207) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/(a)\./) -> FALSE
(12014207) Fri Sep 28 16:27:46 2018: Debug: } # if (&User-Name) =
notfound
(12014207) Fri Sep 28 16:27:46 2018: Debug: } # policy
filter_username = notfound
(12014207) Fri Sep 28 16:27:46 2018: Debug: policy
filter_inner_identity {
(12014207) Fri Sep 28 16:27:46 2018: Debug: if
(!&outer.request:User-Name || !&User-Name) {
(12014207) Fri Sep 28 16:27:46 2018: Debug: if
(!&outer.request:User-Name || !&User-Name) -> FALSE
(12014207) Fri Sep 28 16:27:46 2018: Debug: if
(&outer.request:User-Name != &User-Name) {
(12014207) Fri Sep 28 16:27:46 2018: Debug: if
(&outer.request:User-Name != &User-Name) -> FALSE
(12014207) Fri Sep 28 16:27:46 2018: Debug: } # policy
filter_inner_identity = notfound
(12014207) Fri Sep 28 16:27:46 2018: Debug: [chap] = noop
(12014207) Fri Sep 28 16:27:46 2018: Debug: [mschap] = noop
(12014207) Fri Sep 28 16:27:46 2018: Debug: suffix: Checking for suffix
after "@"
(12014207) Fri Sep 28 16:27:46 2018: Debug: suffix: No '@' in User-Name =
"USER", looking up realm NULL
(12014207) Fri Sep 28 16:27:46 2018: Debug: suffix: No such realm "NULL"
(12014207) Fri Sep 28 16:27:46 2018: Debug: [suffix] = noop
(12014207) Fri Sep 28 16:27:46 2018: Debug: update control {
(12014207) Fri Sep 28 16:27:46 2018: Debug: } # update control = noop
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap: Peer sent EAP Response
(code 2) ID 9 length 21
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap: EAP-Identity reply,
returning 'ok' so we can short-circuit the rest of authorize
(12014207) Fri Sep 28 16:27:46 2018: Debug: [eap] = ok
(12014207) Fri Sep 28 16:27:46 2018: Debug: } # authorize = ok
(12014207) Fri Sep 28 16:27:46 2018: Debug: Found Auth-Type = eap
(12014207) Fri Sep 28 16:27:46 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(12014207) Fri Sep 28 16:27:46 2018: Debug: authenticate {
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap: Peer sent packet with
method EAP Identity (1)
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap: Calling submodule
eap_mschapv2 to process data
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_mschapv2: Issuing Challenge
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap: Sending EAP Request (code
1) ID 10 length 43
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap: EAP session adding
&reply:State = 0xd17b9cafd17186c4
(12014207) Fri Sep 28 16:27:46 2018: Debug: [eap] = handled
(12014207) Fri Sep 28 16:27:46 2018: Debug: } # authenticate = handled
(12014207) Fri Sep 28 16:27:46 2018: Debug: } # server inner-tunnel
(12014207) Fri Sep 28 16:27:46 2018: Debug: Virtual server sending reply
(12014207) Fri Sep 28 16:27:46 2018: Debug: EAP-Message =
0x010a002b1a010a0026101e491bc846728e627f87d42331372f0d667265657261646975732d332e302e3132
(12014207) Fri Sep 28 16:27:46 2018: Debug: Message-Authenticator =
0x00000000000000000000000000000000
(12014207) Fri Sep 28 16:27:46 2018: Debug: State =
0xd17b9cafd17186c4a414169edff77c76
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Got tunneled reply
code 11
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: EAP-Message =
0x010a002b1a010a0026101e491bc846728e627f87d42331372f0d667265657261646975732d332e302e3132
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap:
Message-Authenticator = 0x00000000000000000000000000000000
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: State =
0xd17b9cafd17186c4a414169edff77c76
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Got tunneled
Access-Challenge
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap: Sending EAP Request (code
1) ID 10 length 74
(12014207) Fri Sep 28 16:27:46 2018: Debug: eap: EAP session adding
&reply:State = 0x4a8916764d830f76
(12014207) Fri Sep 28 16:27:46 2018: Debug: [eap] = handled
(12014207) Fri Sep 28 16:27:46 2018: Debug: } # authenticate = handled
(12014207) Fri Sep 28 16:27:46 2018: Debug: Using Post-Auth-Type Challenge
(12014207) Fri Sep 28 16:27:46 2018: Debug: Post-Auth-Type sub-section not
found. Ignoring.
(12014207) Fri Sep 28 16:27:46 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
(12014207) Fri Sep 28 16:27:46 2018: Debug: Sent Access-Challenge Id 34
from 192.168.19.93:1812 to 130.192.119.80:33713 length 0
(12014207) Fri Sep 28 16:27:46 2018: Debug: EAP-Message =
0x010a004a1900170303003fad1ff295a543d494b2b6f96343807584afc9f5973ba753882cf60d9a68f9ea519be8e97d0b98e137b5e8fad21229717437b422c1d75b5d702f4950ae389880
(12014207) Fri Sep 28 16:27:46 2018: Debug: Message-Authenticator =
0x00000000000000000000000000000000
(12014207) Fri Sep 28 16:27:46 2018: Debug: State =
0x4a8916764d830f7661caf9ec4798bf13
(12014207) Fri Sep 28 16:27:46 2018: Debug: Proxy-State = 0x313737
(12014207) Fri Sep 28 16:27:46 2018: Debug: Finished request
(12014208) Fri Sep 28 16:27:46 2018: Debug: Received Access-Request Id 199
from 130.192.119.80:33713 to 192.168.19.93:1812 length 396
(12014208) Fri Sep 28 16:27:46 2018: Debug: User-Name = "USER"
(12014208) Fri Sep 28 16:27:46 2018: Debug: Chargeable-User-Identity =
0x00
(12014208) Fri Sep 28 16:27:46 2018: Debug: Location-Capable =
Civix-Location
(12014208) Fri Sep 28 16:27:46 2018: Debug: Calling-Station-Id =
"00-24-54-F2-B4-53"
(12014208) Fri Sep 28 16:27:46 2018: Debug: Called-Station-Id =
"053-D-004:unito-wifi"
(12014208) Fri Sep 28 16:27:46 2018: Debug: NAS-Port = 13
(12014208) Fri Sep 28 16:27:46 2018: Debug: Cisco-AVPair =
"audit-session-id=ac1ffefd0013f7385bae1886"
(12014208) Fri Sep 28 16:27:46 2018: Debug: Acct-Session-Id =
"5bae1883/00:24:54:f2:b4:53/1359867"
(12014208) Fri Sep 28 16:27:46 2018: Debug: NAS-IP-Address =
172.31.254.253
(12014208) Fri Sep 28 16:27:46 2018: Debug: NAS-Identifier = "wlc-lin"
(12014208) Fri Sep 28 16:27:46 2018: Debug: Airespace-Wlan-Id = 1
(12014208) Fri Sep 28 16:27:46 2018: Debug: Service-Type = Framed-User
(12014208) Fri Sep 28 16:27:46 2018: Debug: Framed-MTU = 1300
(12014208) Fri Sep 28 16:27:46 2018: Debug: NAS-Port-Type =
Wireless-802.11
(12014208) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Type:0 = VLAN
(12014208) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Medium-Type:0 =
IEEE-802
(12014208) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Private-Group-Id:0 =
"940"
(12014208) Fri Sep 28 16:27:46 2018: Debug: EAP-Message =
0x020a006a1900170303005f000000000000000210e73a15c1bc6370114d34f8a46f47d8a421c6234b6a5e4fa1f118283243f0d1fc00dd18be0bd3eb733a5112fd6819bd806f8c61335fa3ddd7c99b5045c78454da1cd74a259538748837440828877a981da96fac673ab2
(12014208) Fri Sep 28 16:27:46 2018: Debug: State =
0x4a8916764d830f7661caf9ec4798bf13
(12014208) Fri Sep 28 16:27:46 2018: Debug: Message-Authenticator =
0x12f38c9312ff1590f52aad1d29c064b6
(12014208) Fri Sep 28 16:27:46 2018: Debug: Event-Timestamp = "Sep 28
2018 16:27:46 CEST"
(12014208) Fri Sep 28 16:27:46 2018: Debug: Proxy-State = 0x313738
(12014208) Fri Sep 28 16:27:46 2018: Debug: session-state: No cached
attributes
(12014208) Fri Sep 28 16:27:46 2018: Debug: # Executing section authorize
from file /etc/freeradius/3.0/sites-enabled/default
(12014208) Fri Sep 28 16:27:46 2018: Debug: authorize {
(12014208) Fri Sep 28 16:27:46 2018: Debug: policy forbid_win_host_auth
{
(12014208) Fri Sep 28 16:27:46 2018: Debug: if ( &User-Name =~
/^host\// ) {
(12014208) Fri Sep 28 16:27:46 2018: Debug: if ( &User-Name =~
/^host\// ) -> FALSE
(12014208) Fri Sep 28 16:27:46 2018: Debug: } # policy
forbid_win_host_auth = notfound
(12014208) Fri Sep 28 16:27:46 2018: Debug: policy normalize_username {
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name !=
"%{tolower:%{User-Name}}") {
(12014208) Fri Sep 28 16:27:46 2018: Debug: EXPAND
%{tolower:%{User-Name}}
(12014208) Fri Sep 28 16:27:46 2018: Debug: --> USER
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name !=
"%{tolower:%{User-Name}}") -> FALSE
(12014208) Fri Sep 28 16:27:46 2018: Debug: else {
(12014208) Fri Sep 28 16:27:46 2018: Debug: [noop] = noop
(12014208) Fri Sep 28 16:27:46 2018: Debug: } # else = noop
(12014208) Fri Sep 28 16:27:46 2018: Debug: } # policy
normalize_username = noop
(12014208) Fri Sep 28 16:27:46 2018: Debug: policy filter_username {
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) {
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) -> TRUE
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) {
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~ / /) {
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~ / /)
-> FALSE
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) {
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) -> FALSE
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.\./ ) {
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.\./ ) -> FALSE
(12014208) Fri Sep 28 16:27:46 2018: Debug: if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(12014208) Fri Sep 28 16:27:46 2018: Debug: if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.$/) {
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.$/) -> FALSE
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/(a)\./) {
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/(a)\./) -> FALSE
(12014208) Fri Sep 28 16:27:46 2018: Debug: } # if (&User-Name) =
noop
(12014208) Fri Sep 28 16:27:46 2018: Debug: } # policy filter_username
= noop
(12014208) Fri Sep 28 16:27:46 2018: Debug: [preprocess] = ok
(12014208) Fri Sep 28 16:27:46 2018: Debug: [mschap] = noop
(12014208) Fri Sep 28 16:27:46 2018: Debug: suffix: Checking for suffix
after "@"
(12014208) Fri Sep 28 16:27:46 2018: Debug: suffix: No '@' in User-Name =
"USER", looking up realm NULL
(12014208) Fri Sep 28 16:27:46 2018: Debug: suffix: No such realm "NULL"
(12014208) Fri Sep 28 16:27:46 2018: Debug: [suffix] = noop
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap: Peer sent EAP Response
(code 2) ID 10 length 106
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap: Continuing tunnel setup
(12014208) Fri Sep 28 16:27:46 2018: Debug: [eap] = ok
(12014208) Fri Sep 28 16:27:46 2018: Debug: } # authorize = ok
(12014208) Fri Sep 28 16:27:46 2018: Debug: Found Auth-Type = eap
(12014208) Fri Sep 28 16:27:46 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
(12014208) Fri Sep 28 16:27:46 2018: Debug: authenticate {
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap: Expiring EAP session with
state 0x3284a47d328ebe20
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap: Finished EAP session with
state 0x4a8916764d830f76
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap: Previous EAP request found
for state 0x4a8916764d830f76, released from the list
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap: Peer sent packet with
method EAP PEAP (25)
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap: Calling submodule eap_peap
to process data
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Continuing EAP-TLS
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: [eaptls verify] = ok
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Done initial handshake
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: [eaptls process] = ok
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Session established.
Decoding tunneled attributes
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: PEAP state phase2
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: EAP method MSCHAPv2
(26)
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Got tunneled request
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: EAP-Message =
0x020a004b1a020a004631e2af7c69e50b037a8e2c6739d0d8c44c00000000000000006897fcaba602febac38bdb8a4efa8e1d89b8c2b6e74199d0006d61747469612e6265676f766f657661
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Setting User-Name to
USER
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Sending tunneled
request to inner-tunnel
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: EAP-Message =
0x020a004b1a020a004631e2af7c69e50b037a8e2c6739d0d8c44c00000000000000006897fcaba602febac38bdb8a4efa8e1d89b8c2b6e74199d0006d61747469612e6265676f766f657661
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap:
FreeRADIUS-Proxied-To = 127.0.0.1
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: User-Name = "USER"
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: State =
0xd17b9cafd17186c4a414169edff77c76
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap:
Chargeable-User-Identity = 0x00
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Location-Capable =
Civix-Location
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Calling-Station-Id
= "00-24-54-F2-B4-53"
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Called-Station-Id =
"053-D-004:unito-wifi"
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: NAS-Port = 13
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Cisco-AVPair =
"audit-session-id=ac1ffefd0013f7385bae1886"
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Acct-Session-Id =
"5bae1883/00:24:54:f2:b4:53/1359867"
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: NAS-IP-Address =
172.31.254.253
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: NAS-Identifier =
"wlc-lin"
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Airespace-Wlan-Id =
1
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Service-Type =
Framed-User
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Framed-MTU = 1300
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: NAS-Port-Type =
Wireless-802.11
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Tunnel-Type:0 = VLAN
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap:
Tunnel-Medium-Type:0 = IEEE-802
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap:
Tunnel-Private-Group-Id:0 = "940"
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Event-Timestamp =
"Sep 28 2018 16:27:46 CEST"
(12014208) Fri Sep 28 16:27:46 2018: Debug: Virtual server inner-tunnel
received request
(12014208) Fri Sep 28 16:27:46 2018: Debug: EAP-Message =
0x020a004b1a020a004631e2af7c69e50b037a8e2c6739d0d8c44c00000000000000006897fcaba602febac38bdb8a4efa8e1d89b8c2b6e74199d0006d61747469612e6265676f766f657661
(12014208) Fri Sep 28 16:27:46 2018: Debug: FreeRADIUS-Proxied-To =
127.0.0.1
(12014208) Fri Sep 28 16:27:46 2018: Debug: User-Name = "USER"
(12014208) Fri Sep 28 16:27:46 2018: Debug: State =
0xd17b9cafd17186c4a414169edff77c76
(12014208) Fri Sep 28 16:27:46 2018: Debug: Chargeable-User-Identity =
0x00
(12014208) Fri Sep 28 16:27:46 2018: Debug: Location-Capable =
Civix-Location
(12014208) Fri Sep 28 16:27:46 2018: Debug: Calling-Station-Id =
"00-24-54-F2-B4-53"
(12014208) Fri Sep 28 16:27:46 2018: Debug: Called-Station-Id =
"053-D-004:unito-wifi"
(12014208) Fri Sep 28 16:27:46 2018: Debug: NAS-Port = 13
(12014208) Fri Sep 28 16:27:46 2018: Debug: Cisco-AVPair =
"audit-session-id=ac1ffefd0013f7385bae1886"
(12014208) Fri Sep 28 16:27:46 2018: Debug: Acct-Session-Id =
"5bae1883/00:24:54:f2:b4:53/1359867"
(12014208) Fri Sep 28 16:27:46 2018: Debug: NAS-IP-Address =
172.31.254.253
(12014208) Fri Sep 28 16:27:46 2018: Debug: NAS-Identifier = "wlc-lin"
(12014208) Fri Sep 28 16:27:46 2018: Debug: Airespace-Wlan-Id = 1
(12014208) Fri Sep 28 16:27:46 2018: Debug: Service-Type = Framed-User
(12014208) Fri Sep 28 16:27:46 2018: Debug: Framed-MTU = 1300
(12014208) Fri Sep 28 16:27:46 2018: Debug: NAS-Port-Type =
Wireless-802.11
(12014208) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Type:0 = VLAN
(12014208) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Medium-Type:0 =
IEEE-802
(12014208) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Private-Group-Id:0 =
"940"
(12014208) Fri Sep 28 16:27:46 2018: Debug: Event-Timestamp = "Sep 28
2018 16:27:46 CEST"
(12014208) Fri Sep 28 16:27:46 2018: WARNING: Outer and inner identities
are the same. User privacy is compromised.
(12014208) Fri Sep 28 16:27:46 2018: Debug: server inner-tunnel {
(12014208) Fri Sep 28 16:27:46 2018: Debug: session-state: No cached
attributes
(12014208) Fri Sep 28 16:27:46 2018: Debug: # Executing section authorize
from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(12014208) Fri Sep 28 16:27:46 2018: Debug: authorize {
(12014208) Fri Sep 28 16:27:46 2018: Debug: policy filter_username {
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) {
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) -> TRUE
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) {
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~ /
/) {
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~ /
/) -> FALSE
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) {
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) -> FALSE
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.\./ ) {
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.\./ ) -> FALSE
(12014208) Fri Sep 28 16:27:46 2018: Debug: if ((&User-Name =~
/@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(12014208) Fri Sep 28 16:27:46 2018: Debug: if ((&User-Name =~
/@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.$/) {
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.$/) -> FALSE
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/(a)\./) {
(12014208) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/(a)\./) -> FALSE
(12014208) Fri Sep 28 16:27:46 2018: Debug: } # if (&User-Name) =
notfound
(12014208) Fri Sep 28 16:27:46 2018: Debug: } # policy
filter_username = notfound
(12014208) Fri Sep 28 16:27:46 2018: Debug: policy
filter_inner_identity {
(12014208) Fri Sep 28 16:27:46 2018: Debug: if
(!&outer.request:User-Name || !&User-Name) {
(12014208) Fri Sep 28 16:27:46 2018: Debug: if
(!&outer.request:User-Name || !&User-Name) -> FALSE
(12014208) Fri Sep 28 16:27:46 2018: Debug: if
(&outer.request:User-Name != &User-Name) {
(12014208) Fri Sep 28 16:27:46 2018: Debug: if
(&outer.request:User-Name != &User-Name) -> FALSE
(12014208) Fri Sep 28 16:27:46 2018: Debug: } # policy
filter_inner_identity = notfound
(12014208) Fri Sep 28 16:27:46 2018: Debug: [chap] = noop
(12014208) Fri Sep 28 16:27:46 2018: Debug: [mschap] = noop
(12014208) Fri Sep 28 16:27:46 2018: Debug: suffix: Checking for suffix
after "@"
(12014208) Fri Sep 28 16:27:46 2018: Debug: suffix: No '@' in User-Name =
"USER", looking up realm NULL
(12014208) Fri Sep 28 16:27:46 2018: Debug: suffix: No such realm "NULL"
(12014208) Fri Sep 28 16:27:46 2018: Debug: [suffix] = noop
(12014208) Fri Sep 28 16:27:46 2018: Debug: update control {
(12014208) Fri Sep 28 16:27:46 2018: Debug: } # update control = noop
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap: Peer sent EAP Response
(code 2) ID 10 length 75
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap: No EAP Start, assuming
it's an on-going EAP conversation
(12014208) Fri Sep 28 16:27:46 2018: Debug: [eap] = updated
(12014208) Fri Sep 28 16:27:46 2018: Debug: [files] = noop
(12014208) Fri Sep 28 16:27:46 2018: Debug: [expiration] = noop
(12014208) Fri Sep 28 16:27:46 2018: Debug: [logintime] = noop
(12014208) Fri Sep 28 16:27:46 2018: Debug: [pap] = noop
(12014208) Fri Sep 28 16:27:46 2018: Debug: } # authorize = updated
(12014208) Fri Sep 28 16:27:46 2018: Debug: Found Auth-Type = eap
(12014208) Fri Sep 28 16:27:46 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(12014208) Fri Sep 28 16:27:46 2018: Debug: authenticate {
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap: Expiring EAP session with
state 0x3284a47d328ebe20
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap: Finished EAP session with
state 0xd17b9cafd17186c4
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap: Previous EAP request found
for state 0xd17b9cafd17186c4, released from the list
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap: Peer sent packet with
method EAP MSCHAPv2 (26)
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap: Calling submodule
eap_mschapv2 to process data
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_mschapv2: # Executing group
from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_mschapv2: authenticate {
(12014208) Fri Sep 28 16:27:46 2018: Debug: mschap: Creating challenge hash
with username: USER
(12014208) Fri Sep 28 16:27:46 2018: Debug: mschap: Client is using
MS-CHAPv2
(12014208) Fri Sep 28 16:27:46 2018: Debug: mschap: EXPAND
%{%{Stripped-User-Name}:-%{%{mschap:User-Name}:-None}}
(12014208) Fri Sep 28 16:27:46 2018: Debug: mschap: --> USER
(12014208) Fri Sep 28 16:27:46 2018: Debug: mschap: sending authentication
request user='USER' domain='ateneo'
(12014208) Fri Sep 28 16:27:46 2018: Debug: mschap: Authenticated
successfully
(12014208) Fri Sep 28 16:27:46 2018: Debug: mschap: Adding MS-CHAPv2 MPPE
keys
(12014208) Fri Sep 28 16:27:46 2018: Debug: [mschap] = ok
(12014208) Fri Sep 28 16:27:46 2018: Debug: } # authenticate = ok
(12014208) Fri Sep 28 16:27:46 2018: Debug: MSCHAP Success
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap: Sending EAP Request (code
1) ID 11 length 51
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap: EAP session adding
&reply:State = 0xd17b9cafd07086c4
(12014208) Fri Sep 28 16:27:46 2018: Debug: [eap] = handled
(12014208) Fri Sep 28 16:27:46 2018: Debug: } # authenticate = handled
(12014208) Fri Sep 28 16:27:46 2018: Debug: } # server inner-tunnel
(12014208) Fri Sep 28 16:27:46 2018: Debug: Virtual server sending reply
(12014208) Fri Sep 28 16:27:46 2018: Debug: EAP-Message =
0x010b00331a030a002e533d44364238374641423034413243463344363443334535324336423338374345314639424231334139
(12014208) Fri Sep 28 16:27:46 2018: Debug: Message-Authenticator =
0x00000000000000000000000000000000
(12014208) Fri Sep 28 16:27:46 2018: Debug: State =
0xd17b9cafd07086c4a414169edff77c76
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Got tunneled reply
code 11
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: EAP-Message =
0x010b00331a030a002e533d44364238374641423034413243463344363443334535324336423338374345314639424231334139
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap:
Message-Authenticator = 0x00000000000000000000000000000000
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: State =
0xd17b9cafd07086c4a414169edff77c76
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Got tunneled
Access-Challenge
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap: Sending EAP Request (code
1) ID 11 length 82
(12014208) Fri Sep 28 16:27:46 2018: Debug: eap: EAP session adding
&reply:State = 0x4a89167642820f76
(12014208) Fri Sep 28 16:27:46 2018: Debug: [eap] = handled
(12014208) Fri Sep 28 16:27:46 2018: Debug: } # authenticate = handled
(12014208) Fri Sep 28 16:27:46 2018: Debug: Using Post-Auth-Type Challenge
(12014208) Fri Sep 28 16:27:46 2018: Debug: Post-Auth-Type sub-section not
found. Ignoring.
(12014208) Fri Sep 28 16:27:46 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
(12014208) Fri Sep 28 16:27:46 2018: Debug: Sent Access-Challenge Id 199
from 192.168.19.93:1812 to 130.192.119.80:33713 length 0
(12014208) Fri Sep 28 16:27:46 2018: Debug: EAP-Message =
0x010b005219001703030047ad1ff295a543d495b30dda05842023a40d0664a7d1dddae763d5ad58141c61532011d406bae71ac22dc90a0ab35caa9b8fabdd1ad1535887f6ddb7f70a283bca04cb1963cd544d
(12014208) Fri Sep 28 16:27:46 2018: Debug: Message-Authenticator =
0x00000000000000000000000000000000
(12014208) Fri Sep 28 16:27:46 2018: Debug: State =
0x4a89167642820f7661caf9ec4798bf13
(12014208) Fri Sep 28 16:27:46 2018: Debug: Proxy-State = 0x313738
(12014208) Fri Sep 28 16:27:46 2018: Debug: Finished request
(12014209) Fri Sep 28 16:27:46 2018: Debug: Received Access-Request Id 165
from 130.192.119.80:33713 to 192.168.19.93:1812 length 327
(12014209) Fri Sep 28 16:27:46 2018: Debug: User-Name = "USER"
(12014209) Fri Sep 28 16:27:46 2018: Debug: Chargeable-User-Identity =
0x00
(12014209) Fri Sep 28 16:27:46 2018: Debug: Location-Capable =
Civix-Location
(12014209) Fri Sep 28 16:27:46 2018: Debug: Calling-Station-Id =
"00-24-54-F2-B4-53"
(12014209) Fri Sep 28 16:27:46 2018: Debug: Called-Station-Id =
"053-D-004:unito-wifi"
(12014209) Fri Sep 28 16:27:46 2018: Debug: NAS-Port = 13
(12014209) Fri Sep 28 16:27:46 2018: Debug: Cisco-AVPair =
"audit-session-id=ac1ffefd0013f7385bae1886"
(12014209) Fri Sep 28 16:27:46 2018: Debug: Acct-Session-Id =
"5bae1883/00:24:54:f2:b4:53/1359867"
(12014209) Fri Sep 28 16:27:46 2018: Debug: NAS-IP-Address =
172.31.254.253
(12014209) Fri Sep 28 16:27:46 2018: Debug: NAS-Identifier = "wlc-lin"
(12014209) Fri Sep 28 16:27:46 2018: Debug: Airespace-Wlan-Id = 1
(12014209) Fri Sep 28 16:27:46 2018: Debug: Service-Type = Framed-User
(12014209) Fri Sep 28 16:27:46 2018: Debug: Framed-MTU = 1300
(12014209) Fri Sep 28 16:27:46 2018: Debug: NAS-Port-Type =
Wireless-802.11
(12014209) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Type:0 = VLAN
(12014209) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Medium-Type:0 =
IEEE-802
(12014209) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Private-Group-Id:0 =
"940"
(12014209) Fri Sep 28 16:27:46 2018: Debug: EAP-Message =
0x020b00251900170303001a00000000000000038a42de4b968ff0f4bb626c51eb7b83ea5735
(12014209) Fri Sep 28 16:27:46 2018: Debug: State =
0x4a89167642820f7661caf9ec4798bf13
(12014209) Fri Sep 28 16:27:46 2018: Debug: Message-Authenticator =
0x4bd4ce4907cf523a46b3491550e274b6
(12014209) Fri Sep 28 16:27:46 2018: Debug: Event-Timestamp = "Sep 28
2018 16:27:46 CEST"
(12014209) Fri Sep 28 16:27:46 2018: Debug: Proxy-State = 0x313739
(12014209) Fri Sep 28 16:27:46 2018: Debug: session-state: No cached
attributes
(12014209) Fri Sep 28 16:27:46 2018: Debug: # Executing section authorize
from file /etc/freeradius/3.0/sites-enabled/default
(12014209) Fri Sep 28 16:27:46 2018: Debug: authorize {
(12014209) Fri Sep 28 16:27:46 2018: Debug: policy forbid_win_host_auth
{
(12014209) Fri Sep 28 16:27:46 2018: Debug: if ( &User-Name =~
/^host\// ) {
(12014209) Fri Sep 28 16:27:46 2018: Debug: if ( &User-Name =~
/^host\// ) -> FALSE
(12014209) Fri Sep 28 16:27:46 2018: Debug: } # policy
forbid_win_host_auth = notfound
(12014209) Fri Sep 28 16:27:46 2018: Debug: policy normalize_username {
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name !=
"%{tolower:%{User-Name}}") {
(12014209) Fri Sep 28 16:27:46 2018: Debug: EXPAND
%{tolower:%{User-Name}}
(12014209) Fri Sep 28 16:27:46 2018: Debug: --> USER
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name !=
"%{tolower:%{User-Name}}") -> FALSE
(12014209) Fri Sep 28 16:27:46 2018: Debug: else {
(12014209) Fri Sep 28 16:27:46 2018: Debug: [noop] = noop
(12014209) Fri Sep 28 16:27:46 2018: Debug: } # else = noop
(12014209) Fri Sep 28 16:27:46 2018: Debug: } # policy
normalize_username = noop
(12014209) Fri Sep 28 16:27:46 2018: Debug: policy filter_username {
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) {
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) -> TRUE
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) {
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~ / /) {
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~ / /)
-> FALSE
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) {
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) -> FALSE
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.\./ ) {
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.\./ ) -> FALSE
(12014209) Fri Sep 28 16:27:46 2018: Debug: if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(12014209) Fri Sep 28 16:27:46 2018: Debug: if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.$/) {
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.$/) -> FALSE
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/(a)\./) {
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/(a)\./) -> FALSE
(12014209) Fri Sep 28 16:27:46 2018: Debug: } # if (&User-Name) =
noop
(12014209) Fri Sep 28 16:27:46 2018: Debug: } # policy filter_username
= noop
(12014209) Fri Sep 28 16:27:46 2018: Debug: [preprocess] = ok
(12014209) Fri Sep 28 16:27:46 2018: Debug: [mschap] = noop
(12014209) Fri Sep 28 16:27:46 2018: Debug: suffix: Checking for suffix
after "@"
(12014209) Fri Sep 28 16:27:46 2018: Debug: suffix: No '@' in User-Name =
"USER", looking up realm NULL
(12014209) Fri Sep 28 16:27:46 2018: Debug: suffix: No such realm "NULL"
(12014209) Fri Sep 28 16:27:46 2018: Debug: [suffix] = noop
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap: Peer sent EAP Response
(code 2) ID 11 length 37
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap: Continuing tunnel setup
(12014209) Fri Sep 28 16:27:46 2018: Debug: [eap] = ok
(12014209) Fri Sep 28 16:27:46 2018: Debug: } # authorize = ok
(12014209) Fri Sep 28 16:27:46 2018: Debug: Found Auth-Type = eap
(12014209) Fri Sep 28 16:27:46 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
(12014209) Fri Sep 28 16:27:46 2018: Debug: authenticate {
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap: Expiring EAP session with
state 0x3284a47d328ebe20
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap: Finished EAP session with
state 0x4a89167642820f76
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap: Previous EAP request found
for state 0x4a89167642820f76, released from the list
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap: Peer sent packet with
method EAP PEAP (25)
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap: Calling submodule eap_peap
to process data
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Continuing EAP-TLS
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: [eaptls verify] = ok
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Done initial handshake
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: [eaptls process] = ok
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Session established.
Decoding tunneled attributes
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: PEAP state phase2
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: EAP method MSCHAPv2
(26)
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Got tunneled request
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: EAP-Message =
0x020b00061a03
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Setting User-Name to
USER
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Sending tunneled
request to inner-tunnel
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: EAP-Message =
0x020b00061a03
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap:
FreeRADIUS-Proxied-To = 127.0.0.1
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: User-Name = "USER"
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: State =
0xd17b9cafd07086c4a414169edff77c76
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap:
Chargeable-User-Identity = 0x00
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Location-Capable =
Civix-Location
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Calling-Station-Id
= "00-24-54-F2-B4-53"
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Called-Station-Id =
"053-D-004:unito-wifi"
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: NAS-Port = 13
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Cisco-AVPair =
"audit-session-id=ac1ffefd0013f7385bae1886"
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Acct-Session-Id =
"5bae1883/00:24:54:f2:b4:53/1359867"
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: NAS-IP-Address =
172.31.254.253
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: NAS-Identifier =
"wlc-lin"
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Airespace-Wlan-Id =
1
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Service-Type =
Framed-User
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Framed-MTU = 1300
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: NAS-Port-Type =
Wireless-802.11
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Tunnel-Type:0 = VLAN
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap:
Tunnel-Medium-Type:0 = IEEE-802
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap:
Tunnel-Private-Group-Id:0 = "940"
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Event-Timestamp =
"Sep 28 2018 16:27:46 CEST"
(12014209) Fri Sep 28 16:27:46 2018: Debug: Virtual server inner-tunnel
received request
(12014209) Fri Sep 28 16:27:46 2018: Debug: EAP-Message = 0x020b00061a03
(12014209) Fri Sep 28 16:27:46 2018: Debug: FreeRADIUS-Proxied-To =
127.0.0.1
(12014209) Fri Sep 28 16:27:46 2018: Debug: User-Name = "USER"
(12014209) Fri Sep 28 16:27:46 2018: Debug: State =
0xd17b9cafd07086c4a414169edff77c76
(12014209) Fri Sep 28 16:27:46 2018: Debug: Chargeable-User-Identity =
0x00
(12014209) Fri Sep 28 16:27:46 2018: Debug: Location-Capable =
Civix-Location
(12014209) Fri Sep 28 16:27:46 2018: Debug: Calling-Station-Id =
"00-24-54-F2-B4-53"
(12014209) Fri Sep 28 16:27:46 2018: Debug: Called-Station-Id =
"053-D-004:unito-wifi"
(12014209) Fri Sep 28 16:27:46 2018: Debug: NAS-Port = 13
(12014209) Fri Sep 28 16:27:46 2018: Debug: Cisco-AVPair =
"audit-session-id=ac1ffefd0013f7385bae1886"
(12014209) Fri Sep 28 16:27:46 2018: Debug: Acct-Session-Id =
"5bae1883/00:24:54:f2:b4:53/1359867"
(12014209) Fri Sep 28 16:27:46 2018: Debug: NAS-IP-Address =
172.31.254.253
(12014209) Fri Sep 28 16:27:46 2018: Debug: NAS-Identifier = "wlc-lin"
(12014209) Fri Sep 28 16:27:46 2018: Debug: Airespace-Wlan-Id = 1
(12014209) Fri Sep 28 16:27:46 2018: Debug: Service-Type = Framed-User
(12014209) Fri Sep 28 16:27:46 2018: Debug: Framed-MTU = 1300
(12014209) Fri Sep 28 16:27:46 2018: Debug: NAS-Port-Type =
Wireless-802.11
(12014209) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Type:0 = VLAN
(12014209) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Medium-Type:0 =
IEEE-802
(12014209) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Private-Group-Id:0 =
"940"
(12014209) Fri Sep 28 16:27:46 2018: Debug: Event-Timestamp = "Sep 28
2018 16:27:46 CEST"
(12014209) Fri Sep 28 16:27:46 2018: WARNING: Outer and inner identities
are the same. User privacy is compromised.
(12014209) Fri Sep 28 16:27:46 2018: Debug: server inner-tunnel {
(12014209) Fri Sep 28 16:27:46 2018: Debug: session-state: No cached
attributes
(12014209) Fri Sep 28 16:27:46 2018: Debug: # Executing section authorize
from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(12014209) Fri Sep 28 16:27:46 2018: Debug: authorize {
(12014209) Fri Sep 28 16:27:46 2018: Debug: policy filter_username {
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) {
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) -> TRUE
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) {
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~ /
/) {
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~ /
/) -> FALSE
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) {
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) -> FALSE
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.\./ ) {
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.\./ ) -> FALSE
(12014209) Fri Sep 28 16:27:46 2018: Debug: if ((&User-Name =~
/@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(12014209) Fri Sep 28 16:27:46 2018: Debug: if ((&User-Name =~
/@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.$/) {
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.$/) -> FALSE
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/(a)\./) {
(12014209) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/(a)\./) -> FALSE
(12014209) Fri Sep 28 16:27:46 2018: Debug: } # if (&User-Name) =
notfound
(12014209) Fri Sep 28 16:27:46 2018: Debug: } # policy
filter_username = notfound
(12014209) Fri Sep 28 16:27:46 2018: Debug: policy
filter_inner_identity {
(12014209) Fri Sep 28 16:27:46 2018: Debug: if
(!&outer.request:User-Name || !&User-Name) {
(12014209) Fri Sep 28 16:27:46 2018: Debug: if
(!&outer.request:User-Name || !&User-Name) -> FALSE
(12014209) Fri Sep 28 16:27:46 2018: Debug: if
(&outer.request:User-Name != &User-Name) {
(12014209) Fri Sep 28 16:27:46 2018: Debug: if
(&outer.request:User-Name != &User-Name) -> FALSE
(12014209) Fri Sep 28 16:27:46 2018: Debug: } # policy
filter_inner_identity = notfound
(12014209) Fri Sep 28 16:27:46 2018: Debug: [chap] = noop
(12014209) Fri Sep 28 16:27:46 2018: Debug: [mschap] = noop
(12014209) Fri Sep 28 16:27:46 2018: Debug: suffix: Checking for suffix
after "@"
(12014209) Fri Sep 28 16:27:46 2018: Debug: suffix: No '@' in User-Name =
"USER", looking up realm NULL
(12014209) Fri Sep 28 16:27:46 2018: Debug: suffix: No such realm "NULL"
(12014209) Fri Sep 28 16:27:46 2018: Debug: [suffix] = noop
(12014209) Fri Sep 28 16:27:46 2018: Debug: update control {
(12014209) Fri Sep 28 16:27:46 2018: Debug: } # update control = noop
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap: Peer sent EAP Response
(code 2) ID 11 length 6
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap: No EAP Start, assuming
it's an on-going EAP conversation
(12014209) Fri Sep 28 16:27:46 2018: Debug: [eap] = updated
(12014209) Fri Sep 28 16:27:46 2018: Debug: [files] = noop
(12014209) Fri Sep 28 16:27:46 2018: Debug: [expiration] = noop
(12014209) Fri Sep 28 16:27:46 2018: Debug: [logintime] = noop
(12014209) Fri Sep 28 16:27:46 2018: Debug: [pap] = noop
(12014209) Fri Sep 28 16:27:46 2018: Debug: } # authorize = updated
(12014209) Fri Sep 28 16:27:46 2018: Debug: Found Auth-Type = eap
(12014209) Fri Sep 28 16:27:46 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(12014209) Fri Sep 28 16:27:46 2018: Debug: authenticate {
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap: Expiring EAP session with
state 0x3284a47d328ebe20
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap: Finished EAP session with
state 0xd17b9cafd07086c4
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap: Previous EAP request found
for state 0xd17b9cafd07086c4, released from the list
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap: Peer sent packet with
method EAP MSCHAPv2 (26)
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap: Calling submodule
eap_mschapv2 to process data
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap: Sending EAP Success (code
3) ID 11 length 4
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap: Freeing handler
(12014209) Fri Sep 28 16:27:46 2018: Debug: [eap] = ok
(12014209) Fri Sep 28 16:27:46 2018: Debug: } # authenticate = ok
(12014209) Fri Sep 28 16:27:46 2018: Debug: # Executing section post-auth
from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(12014209) Fri Sep 28 16:27:46 2018: Debug: post-auth {
(12014209) Fri Sep 28 16:27:46 2018: Debug: update {
(12014209) Fri Sep 28 16:27:46 2018: Debug: } # update = noop
(12014209) Fri Sep 28 16:27:46 2018: Debug: update
outer.session-state {
(12014209) Fri Sep 28 16:27:46 2018: Debug: } # update
outer.session-state = noop
(12014209) Fri Sep 28 16:27:46 2018: Debug: unito-linelog-eap: EXPAND
custom.%{%{reply:Packet-Type}:-default}
(12014209) Fri Sep 28 16:27:46 2018: Debug: unito-linelog-eap: -->
custom.Access-Accept
(12014209) Fri Sep 28 16:27:46 2018: Debug: unito-linelog-eap: EXPAND
ACCEPTED (%{%{Stripped-User-Name}:-%{User-Name}})
(OUTER=%{%{outer.request:User-Name}:-Unknown})
(MAC=%{%{request:Calling-Station-Id}:-Unknown})
(CSID=%{request:Called-Station-Id})
(12014209) Fri Sep 28 16:27:46 2018: Debug: unito-linelog-eap: -->
ACCEPTED (USER) (OUTER=USER) (MAC=00-24-54-F2-B4-53)
(CSID=053-D-004:unito-wifi)
(12014209) Fri Sep 28 16:27:46 2018: Debug: [unito-linelog-eap] = ok
(12014209) Fri Sep 28 16:27:46 2018: Debug: } # post-auth = ok
(12014209) Fri Sep 28 16:27:46 2018: Debug: } # server inner-tunnel
(12014209) Fri Sep 28 16:27:46 2018: Debug: Virtual server sending reply
(12014209) Fri Sep 28 16:27:46 2018: Debug: MS-MPPE-Encryption-Policy =
Encryption-Allowed
(12014209) Fri Sep 28 16:27:46 2018: Debug: MS-MPPE-Encryption-Types =
RC4-40or128-bit-Allowed
(12014209) Fri Sep 28 16:27:46 2018: Debug: MS-MPPE-Send-Key =
0x7266b1a55bb76baa8b669b27a29bcd15
(12014209) Fri Sep 28 16:27:46 2018: Debug: MS-MPPE-Recv-Key =
0x802d880cd66d80ac457ebbc473566b03
(12014209) Fri Sep 28 16:27:46 2018: Debug: EAP-Message = 0x030b0004
(12014209) Fri Sep 28 16:27:46 2018: Debug: Message-Authenticator =
0x00000000000000000000000000000000
(12014209) Fri Sep 28 16:27:46 2018: Debug: User-Name = "USER"
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Got tunneled reply
code 2
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap:
MS-MPPE-Encryption-Policy = Encryption-Allowed
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap:
MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: MS-MPPE-Send-Key =
0x7266b1a55bb76baa8b669b27a29bcd15
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: MS-MPPE-Recv-Key =
0x802d880cd66d80ac457ebbc473566b03
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: EAP-Message =
0x030b0004
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap:
Message-Authenticator = 0x00000000000000000000000000000000
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: User-Name = "USER"
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Tunneled
authentication was successful
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap_peap: SUCCESS
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap: Sending EAP Request (code
1) ID 12 length 46
(12014209) Fri Sep 28 16:27:46 2018: Debug: eap: EAP session adding
&reply:State = 0x4a89167643850f76
(12014209) Fri Sep 28 16:27:46 2018: Debug: [eap] = handled
(12014209) Fri Sep 28 16:27:46 2018: Debug: } # authenticate = handled
(12014209) Fri Sep 28 16:27:46 2018: Debug: Using Post-Auth-Type Challenge
(12014209) Fri Sep 28 16:27:46 2018: Debug: Post-Auth-Type sub-section not
found. Ignoring.
(12014209) Fri Sep 28 16:27:46 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
(12014209) Fri Sep 28 16:27:46 2018: Debug: session-state: Saving cached
attributes
(12014209) Fri Sep 28 16:27:46 2018: Debug: User-Name += "USER"
(12014209) Fri Sep 28 16:27:46 2018: Debug: Sent Access-Challenge Id 165
from 192.168.19.93:1812 to 130.192.119.80:33713 length 0
(12014209) Fri Sep 28 16:27:46 2018: Debug: EAP-Message =
0x010c002e19001703030023ad1ff295a543d4966d076f6ae66986ec710a95864c191a47a4f8f209c35c39af94a296
(12014209) Fri Sep 28 16:27:46 2018: Debug: Message-Authenticator =
0x00000000000000000000000000000000
(12014209) Fri Sep 28 16:27:46 2018: Debug: State =
0x4a89167643850f7661caf9ec4798bf13
(12014209) Fri Sep 28 16:27:46 2018: Debug: Proxy-State = 0x313739
(12014209) Fri Sep 28 16:27:46 2018: Debug: Finished request
(12014210) Fri Sep 28 16:27:46 2018: Debug: Received Access-Request Id 247
from 130.192.119.80:33713 to 192.168.19.93:1812 length 336
(12014210) Fri Sep 28 16:27:46 2018: Debug: User-Name = "USER"
(12014210) Fri Sep 28 16:27:46 2018: Debug: Chargeable-User-Identity =
0x00
(12014210) Fri Sep 28 16:27:46 2018: Debug: Location-Capable =
Civix-Location
(12014210) Fri Sep 28 16:27:46 2018: Debug: Calling-Station-Id =
"00-24-54-F2-B4-53"
(12014210) Fri Sep 28 16:27:46 2018: Debug: Called-Station-Id =
"053-D-004:unito-wifi"
(12014210) Fri Sep 28 16:27:46 2018: Debug: NAS-Port = 13
(12014210) Fri Sep 28 16:27:46 2018: Debug: Cisco-AVPair =
"audit-session-id=ac1ffefd0013f7385bae1886"
(12014210) Fri Sep 28 16:27:46 2018: Debug: Acct-Session-Id =
"5bae1883/00:24:54:f2:b4:53/1359867"
(12014210) Fri Sep 28 16:27:46 2018: Debug: NAS-IP-Address =
172.31.254.253
(12014210) Fri Sep 28 16:27:46 2018: Debug: NAS-Identifier = "wlc-lin"
(12014210) Fri Sep 28 16:27:46 2018: Debug: Airespace-Wlan-Id = 1
(12014210) Fri Sep 28 16:27:46 2018: Debug: Service-Type = Framed-User
(12014210) Fri Sep 28 16:27:46 2018: Debug: Framed-MTU = 1300
(12014210) Fri Sep 28 16:27:46 2018: Debug: NAS-Port-Type =
Wireless-802.11
(12014210) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Type:0 = VLAN
(12014210) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Medium-Type:0 =
IEEE-802
(12014210) Fri Sep 28 16:27:46 2018: Debug: Tunnel-Private-Group-Id:0 =
"940"
(12014210) Fri Sep 28 16:27:46 2018: Debug: EAP-Message =
0x020c002e1900170303002300000000000000046d1c6ef9533507adc1bf7af1f99b3c7cad118fac74da98772b4fda
(12014210) Fri Sep 28 16:27:46 2018: Debug: State =
0x4a89167643850f7661caf9ec4798bf13
(12014210) Fri Sep 28 16:27:46 2018: Debug: Message-Authenticator =
0x0dbfe7856dbd45f1ddabd9f5ec69f137
(12014210) Fri Sep 28 16:27:46 2018: Debug: Event-Timestamp = "Sep 28
2018 16:27:46 CEST"
(12014210) Fri Sep 28 16:27:46 2018: Debug: Proxy-State = 0x313830
(12014210) Fri Sep 28 16:27:46 2018: Debug: Restoring &session-state
(12014210) Fri Sep 28 16:27:46 2018: Debug: &session-state:User-Name +=
"USER"
(12014210) Fri Sep 28 16:27:46 2018: Debug: # Executing section authorize
from file /etc/freeradius/3.0/sites-enabled/default
(12014210) Fri Sep 28 16:27:46 2018: Debug: authorize {
(12014210) Fri Sep 28 16:27:46 2018: Debug: policy forbid_win_host_auth
{
(12014210) Fri Sep 28 16:27:46 2018: Debug: if ( &User-Name =~
/^host\// ) {
(12014210) Fri Sep 28 16:27:46 2018: Debug: if ( &User-Name =~
/^host\// ) -> FALSE
(12014210) Fri Sep 28 16:27:46 2018: Debug: } # policy
forbid_win_host_auth = notfound
(12014210) Fri Sep 28 16:27:46 2018: Debug: policy normalize_username {
(12014210) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name !=
"%{tolower:%{User-Name}}") {
(12014210) Fri Sep 28 16:27:46 2018: Debug: EXPAND
%{tolower:%{User-Name}}
(12014210) Fri Sep 28 16:27:46 2018: Debug: --> USER
(12014210) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name !=
"%{tolower:%{User-Name}}") -> FALSE
(12014210) Fri Sep 28 16:27:46 2018: Debug: else {
(12014210) Fri Sep 28 16:27:46 2018: Debug: [noop] = noop
(12014210) Fri Sep 28 16:27:46 2018: Debug: } # else = noop
(12014210) Fri Sep 28 16:27:46 2018: Debug: } # policy
normalize_username = noop
(12014210) Fri Sep 28 16:27:46 2018: Debug: policy filter_username {
(12014210) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) {
(12014210) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) -> TRUE
(12014210) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name) {
(12014210) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~ / /) {
(12014210) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~ / /)
-> FALSE
(12014210) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) {
(12014210) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) -> FALSE
(12014210) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.\./ ) {
(12014210) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.\./ ) -> FALSE
(12014210) Fri Sep 28 16:27:46 2018: Debug: if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(12014210) Fri Sep 28 16:27:46 2018: Debug: if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(12014210) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.$/) {
(12014210) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/\.$/) -> FALSE
(12014210) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/(a)\./) {
(12014210) Fri Sep 28 16:27:46 2018: Debug: if (&User-Name =~
/(a)\./) -> FALSE
(12014210) Fri Sep 28 16:27:46 2018: Debug: } # if (&User-Name) =
noop
(12014210) Fri Sep 28 16:27:46 2018: Debug: } # policy filter_username
= noop
(12014210) Fri Sep 28 16:27:46 2018: Debug: [preprocess] = ok
(12014210) Fri Sep 28 16:27:46 2018: Debug: [mschap] = noop
(12014210) Fri Sep 28 16:27:46 2018: Debug: suffix: Checking for suffix
after "@"
(12014210) Fri Sep 28 16:27:46 2018: Debug: suffix: No '@' in User-Name =
"USER", looking up realm NULL
(12014210) Fri Sep 28 16:27:46 2018: Debug: suffix: No such realm "NULL"
(12014210) Fri Sep 28 16:27:46 2018: Debug: [suffix] = noop
(12014210) Fri Sep 28 16:27:46 2018: Debug: eap: Peer sent EAP Response
(code 2) ID 12 length 46
(12014210) Fri Sep 28 16:27:46 2018: Debug: eap: Continuing tunnel setup
(12014210) Fri Sep 28 16:27:46 2018: Debug: [eap] = ok
(12014210) Fri Sep 28 16:27:46 2018: Debug: } # authorize = ok
(12014210) Fri Sep 28 16:27:46 2018: Debug: Found Auth-Type = eap
(12014210) Fri Sep 28 16:27:46 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
(12014210) Fri Sep 28 16:27:46 2018: Debug: authenticate {
(12014210) Fri Sep 28 16:27:46 2018: Debug: eap: Expiring EAP session with
state 0x3284a47d328ebe20
(12014210) Fri Sep 28 16:27:46 2018: Debug: eap: Finished EAP session with
state 0x4a89167643850f76
(12014210) Fri Sep 28 16:27:46 2018: Debug: eap: Previous EAP request found
for state 0x4a89167643850f76, released from the list
(12014210) Fri Sep 28 16:27:46 2018: Debug: eap: Peer sent packet with
method EAP PEAP (25)
(12014210) Fri Sep 28 16:27:46 2018: Debug: eap: Calling submodule eap_peap
to process data
(12014210) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Continuing EAP-TLS
(12014210) Fri Sep 28 16:27:46 2018: Debug: eap_peap: [eaptls verify] = ok
(12014210) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Done initial handshake
(12014210) Fri Sep 28 16:27:46 2018: Debug: eap_peap: [eaptls process] = ok
(12014210) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Session established.
Decoding tunneled attributes
(12014210) Fri Sep 28 16:27:46 2018: Debug: eap_peap: PEAP state send tlv
success
(12014210) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Received EAP-TLV
response
(12014210) Fri Sep 28 16:27:46 2018: Debug: eap_peap: Client rejected our
response. The password is probably incorrect
(12014210) Fri Sep 28 16:27:46 2018: ERROR: eap_peap: We sent a success,
but the client did not agree
(12014210) Fri Sep 28 16:27:46 2018: ERROR: eap: Failed continuing EAP PEAP
(25) session. EAP sub-module failed
(12014210) Fri Sep 28 16:27:46 2018: Debug: eap: Sending EAP Failure (code
4) ID 12 length 4
(12014210) Fri Sep 28 16:27:46 2018: Debug: eap: Failed in EAP select
(12014210) Fri Sep 28 16:27:46 2018: Debug: [eap] = invalid
(12014210) Fri Sep 28 16:27:46 2018: Debug: } # authenticate = invalid
(12014210) Fri Sep 28 16:27:46 2018: Debug: Failed to authenticate the user
(12014210) Fri Sep 28 16:27:46 2018: Debug: Using Post-Auth-Type Reject
(12014210) Fri Sep 28 16:27:46 2018: Debug: # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
(12014210) Fri Sep 28 16:27:46 2018: Debug: Post-Auth-Type REJECT {
(12014210) Fri Sep 28 16:27:46 2018: Debug: attr_filter.access_reject:
EXPAND %{User-Name}
(12014210) Fri Sep 28 16:27:46 2018: Debug: attr_filter.access_reject:
--> USER
(12014210) Fri Sep 28 16:27:46 2018: Debug: attr_filter.access_reject:
Matched entry DEFAULT at line 11
(12014210) Fri Sep 28 16:27:46 2018: Debug: [attr_filter.access_reject]
= updated
(12014210) Fri Sep 28 16:27:46 2018: Debug: [eap] = noop
(12014210) Fri Sep 28 16:27:46 2018: Debug: policy
remove_reply_message_if_eap {
(12014210) Fri Sep 28 16:27:46 2018: Debug: if (&reply:EAP-Message &&
&reply:Reply-Message) {
(12014210) Fri Sep 28 16:27:46 2018: Debug: if (&reply:EAP-Message &&
&reply:Reply-Message) -> FALSE
(12014210) Fri Sep 28 16:27:46 2018: Debug: else {
(12014210) Fri Sep 28 16:27:46 2018: Debug: [noop] = noop
(12014210) Fri Sep 28 16:27:46 2018: Debug: } # else = noop
(12014210) Fri Sep 28 16:27:46 2018: Debug: } # policy
remove_reply_message_if_eap = noop
(12014210) Fri Sep 28 16:27:46 2018: Debug: if (!&EAP-Message) {
(12014210) Fri Sep 28 16:27:46 2018: Debug: if (!&EAP-Message) -> FALSE
(12014210) Fri Sep 28 16:27:46 2018: Debug: } # Post-Auth-Type REJECT =
updated
(12014210) Fri Sep 28 16:27:46 2018: Debug: Delaying response for 1.000000
seconds
(12014209) Fri Sep 28 16:27:46 2018: Debug: Cleaning up request packet ID
165 with timestamp +1919353
(12014210) Fri Sep 28 16:27:47 2018: Debug: Sending delayed response
(12014210) Fri Sep 28 16:27:47 2018: Debug: Sent Access-Reject Id 247 from
192.168.19.93:1812 to 130.192.119.80:33713 length 49
(12014210) Fri Sep 28 16:27:47 2018: Debug: EAP-Message = 0x040c0004
(12014210) Fri Sep 28 16:27:47 2018: Debug: Message-Authenticator =
0x00000000000000000000000000000000
(12014210) Fri Sep 28 16:27:47 2018: Debug: Proxy-State = 0x313830
(12014187) Fri Sep 28 16:27:47 2018: Debug: Cleaning up request packet ID 3
with timestamp +1919350
(12014188) Fri Sep 28 16:27:48 2018: Debug: Cleaning up request packet ID
31 with timestamp +1919350
(12014189) Fri Sep 28 16:27:48 2018: Debug: Cleaning up request packet ID
254 with timestamp +1919350
(12014190) Fri Sep 28 16:27:48 2018: Debug: Cleaning up request packet ID 4
with timestamp +1919350
(12014191) Fri Sep 28 16:27:48 2018: Debug: Cleaning up request packet ID
76 with timestamp +1919350
(12014192) Fri Sep 28 16:27:48 2018: Debug: Cleaning up request packet ID
13 with timestamp +1919350
(12014206) Fri Sep 28 16:27:51 2018: Debug: Cleaning up request packet ID
114 with timestamp +1919353
(12014207) Fri Sep 28 16:27:51 2018: Debug: Cleaning up request packet ID
34 with timestamp +1919353
(12014208) Fri Sep 28 16:27:51 2018: Debug: Cleaning up request packet ID
199 with timestamp +1919353
(12014210) Fri Sep 28 16:27:51 2018: Debug: Cleaning up request packet ID
247 with timestamp +1919353
--
****************************************
Marco Santantonio
Direzione Sistemi Informativi, Portale, E-learning
Sezione Fonia, VoIP e WiFi
www.unito.it
****************************************
1
0
Hi,
In unlang statements i need to store input and output octet sums from accounting table to keep if conditions simple and readable, but unlang does not support 64 bit integers so i need another integer variable to keep gigaword carry which needs the same sql query to be executed multiple times.
Isn't it possible to add "long integer" support to unlang to be used in calculations, not to be sent on wire?
Results can be stored in string variables, but again we need casting to long integer in comparison.
As being a newbie in freeradius world i may be missing some other simple workarounds for the problem stated above, if so i need some suggestions to hande this problem.
Thanks.
2
1
Hi everyone,
I'm having issue with mschap auth with ldap background.
My log says:
No Cleartext-Password configured. Cannot create LM-Password.
FAILED: No NT/LM-Password. Cannot perform authentication.
I've found few questions like this on your mailing list but none of them
helped.
Can someone tell me what am I doing wrong?
Thanks.
Cheers,
K
3
3
Hi,
While running radiusd -X, below error is interpreted for rlm_sql_oracle:
rlm_sql (sqlADSL): Opening additional connection (0), 1 of 32 pending slots
used
rlm_sql_oracle: Couldn't init Oracle OCI environment (OCIEnvCreate())
rlm_sql (sqlADSL): Opening connection failed (0)
rlm_sql (sqlADSL): Removing connection pool
/usr/app/radius/etc/raddb/mods-enabled/sql[20]: Instantiation failed for
module "sqlADSL"
Could you please help how to get rid of this error..?
----
*Thanks & Kind Regards,*
Saurabh LAHOTI.
*Ideas enlighten Innovation**!!!*
Please consider the environment before printing this mail..!!
2
1
Hi,
I am a newbie in freeradius.
My radius server should handle multiple NAS devices from multiple vendors (Cisco, Mikrotik, juniper).
I want to implement FUP (fair usage policy),
Every user may buy different rates and fair usage limits, after he/she downloads fair usage limit quantity the rate will be lower.
I see 2 options:
1- An application that checks periodically the download quantities of users and and send SSH command to server to request CoA from NAS like:
echo "User-Name={UserName}, Rate-Limit={RateLimit}" | radclient NAS-IP:coaPort CoA secret
2- Unlang code in default site accounting section
In first option the check period should be low enough so that users wont download too much excess of their limit, this will hang server.
I need your suggestions about best practices for FUP, and some instructions if second option is suggested.
a. arslan
2
3
Hi,
I'm developing a Python module that implements a very simple TOTP
functionality (it basically replaces the value of Cleartext-Password
with the original value plus the expected TOTP code), so the user has to
provide a concatenation of the original password and the OTP code to
authenticate. This works well so far.
The doubt I have is where and how to store the OTP secret codes. So far,
for development, I have a Python dictionary defined on the Python module
with all the User-Name -> Secret key associations, but having these on
the code is not a good practice and it requires managing two user lists,
one for authentication (users file or SQL DB or LDAP...) plus this OTP
secret list. This might lead to inconsistencies.
The first option I thought of was to make use of the config {}
subsection of the python module, but it would still be a second user
list (besides the main one used for authentication).
Then I thought that I might be able to define an internal attribute
(similar to Cleartext-Password) that contained the OTP secret. It would
be defined as follows:
ATTRIBUTE OTP-Secret 3000 string
And then use it on the "users" file or on the DB as follows:
alex(a)test.org Cleartext-Password := "OneTestingPassword", OTP-Secret
:= "7MR674BRPXXNYGGMPFA52MW6GSMA6JQL"
This way I would be able to define the OTP Secret right next to the user
password, on any backend that I'd like to use (users file, LDAP, SQL...).
I've tested it and it works, so question is: Can I define internal
attributes for private module usage? If so, how are numbers allocated?
Can I use any number I want if it's not currently in use?
Thanks,
--
Alejandro Perez-Mendez
Technical Specialist (AAA), Trust & Identity
M (+34) 619 333 219
Skype alejandro_perez_mendez
jisc.ac.uk
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
3
3