Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
February 2022
- 30 participants
- 36 discussions
Hi Arran,
Thanks for pointing out that eapol_test was actually using Milenage the whole time. I misunderstood the logs, because on the freeradius logs for both cases, it appeared that the Selected-Version = 1 message printed out. Thus, I thought that eapol_test wanted to use one of the Comp128 algorithms.
Regards,
Shane
________________________________
From: Arran Cudbard-Bell
Sent: Wednesday, February 16, 2022 8:14 AM
To: Shane Guan
Cc: FreeRadius users mailing list; Davut Karabay; Corbin Phipps; Paul Irwin
Subject: Re: [EXTERNAL] Help in Configuring EAP-SIM
Hi Shane,
> Thanks for your response. For the purposes of testing, we have a sim client that will be using Comp128 versions 1 through 3, and we will want to test EAP-SIM with each of those algorithms. Regarding my original question, is there a misunderstanding on my part for how to set the SIM-Algo-Version on Freeradius?
No you're doing it correctly.
> It appears that explicitly setting it vs not makes a difference.
Well you're contradicting yourself here. Previously you said setting it would cause authentication to fail... Which it would.
Looking at your eapol test logs, eapol_test is using its internal milenage implementation not an external SIM card:
EAP-SIM: GSM authentication algorithm
EAP-SIM: Use internal GSM-Milenage implementation for authentication
EAP-SIM: RAND - hexdump(len=16): c6 fe 5b 5c 48 28 da 45 ef 30 9d 49 ad f4 94 4f
EAP-SIM: SRES - hexdump(len=4): ca 4f dd 0e
EAP-SIM: Kc - hexdump(len=8): 53 16 4c cf c9 a6 a3 4f
EAP-SIM: RAND - hexdump(len=16): fc d3 32 aa a9 0a 11 73 e7 6d 61 d1 d7 00 50 61
EAP-SIM: SRES - hexdump(len=4): 58 71 33 e8
EAP-SIM: Kc - hexdump(len=8): 37 ea fd eb 69 75 bc dc
EAP-SIM: RAND - hexdump(len=16): 19 a1 2a 54 b3 6c 79 ec b3 4b 2f 79 88 14 67 6f
EAP-SIM: SRES - hexdump(len=4): b4 8c e1 f7
EAP-SIM: Kc - hexdump(len=8): c8 74 d2 4c db 55 de 2f
So yes, setting FreeRADIUS to use Comp128v1 when eapol_test is using milenage would cause authentication to fail. As I said previously, there's no negotiation of SIM algorithm, it's just stored against the IMSI in the HLR/AuC. That's not what the version negotiation at the start of EAP-SIM is doing. You need both sides to have been configured with the same algorithm.
If you want to use eapol_test with an external SIM you need to compile eapol_test with smartcard reader support. There's examples on the internet of how to use a smartcard reader and SIM adaptor to do what you want. If you don't have the hardware the guys over at osmocom used to (and likely still do) sell adaptor cards.
You could also submit patches for comp128v1/v2/v3 support to hostapd if they've not added it yet. The comp128v2/v3 algorithms were secret for a good number of years until someone decompiled a test utility and posted Python code online. I took the Python and rewrote it in C, and that's what's currently in the FreeRADIUS repo. Many projects do not have comp128v2/v3 support because the comp128v2/v3 algorithms were not available until relatively recently. Those that do likely did their own conversion of the original Python script, or lifted it from our repo.
-Arran
1
0
Hi Arran,
Thanks for your response. For the purposes of testing, we have a sim client that will be using Comp128 versions 1 through 3, and we will want to test EAP-SIM with each of those algorithms. Regarding my original question, is there a misunderstanding on my part for how to set the SIM-Algo-Version on Freeradius? It appears that explicitly setting it vs not makes a difference.
Thanks,
Shane
________________________________
From: Arran Cudbard-Bell
Sent: Monday, February 14, 2022 3:25 PM
To: FreeRadius users mailing list
Cc: Shane Guan; Davut Karabay; Corbin Phipps; Paul Irwin
Subject: Re: [EXTERNAL] Help in Configuring EAP-SIM
> On Feb 11, 2022, at 7:28 PM, Shane Guan via Freeradius-Users <freeradius-users(a)lists.freeradius.org> wrote:
>
> Hi everyone,
>
> Thanks for the quick fix in master. I pulled the newest changes and rebuilt the freeradius binary. I noticed that if I do not explicitly set the SIM-Algo-Version, thus leaving it to the default of 1, then eapol_test client is able to authenticate (*default.log). However, when I do explictely set the SIM-Algo-Version to 1, then eapol_test is unable to authenticate, stating a MAC invalidation (*explicit_set_1.log). Can someone help me understand why this would be the case, when I am merely explicitly setting a variable to its default, instead of leaving it alone? Perhaps I misunderstood what the purpose of SIM-Algo-Version is.
Sim-Algo-Version controls the algorithm FreeRADIUS uses to produce vectors for consumption by the EAP code.
You need the same algorithm in use by FreeRADIUS and by your SIM card so that, given the same random value and Ki, both FreeRADIUS and the SIM produce the same AUTN, CK, IK and XRES values.
You likely have a usim in which case it'll probably be using milenage, so you'll want algo 4. 1, 2, 3 refer to the Comp128v1/v2/v3 algorithms.
Normally in a proper HLR this information would be recorded against the IMSI of the SIM.
-Arran
2
1
**Command line testing for EAP
---------------------------------------------
As part of the process of configuring EAP for FreeRADIUS, you will need to test whether or not it works. If you prefer to use a command line tool rather than clicking through windows, this article walks through the steps for testing your EAP configuration.
While FreeRADIUS comes with a command-line tool called radeapclient, by far and away the best EAP testing tool is the eapol_test program from wpa_supplicant.
The default build of wpa_supplicant does not build the eapol_test program, so you will have to do that yourself.
This article walks you through exactly how to setup eapol_test and how to use it to test your EAP configuration.
Read the full article…
https://networkradius.com/articles/2021/10/25/command-line-EAP-testing.html
** Sign up to get this content directly
---------------------------------------------
Want to get these articles in all their HTML glory?
Sign up here: http://eepurl.com/hwuWrn
** Need RADIUS help?
---------------------------------------------
Get commercial support from the team behind FreeRADIUS.
https://networkradius.com/request/
** What is the relationship between Network RADIUS and FreeRADIUS?
----------------------------------------------
FreeRADIUS is an open source implementation of the RADIUS protocol and was written by Alan DeKok in 1999.
Network RADIUS is a private, for-profit company founded by Alan DeKok which provides commercial support for FreeRADIUS. The Network RADIUS team has been the primary contributor to FreeRADIUS for the last 20 years. The FreeRADIUS mailing list, wiki, and documentation are all moderated and maintained by the Network RADIUS team.
FreeRADIUS has always been, and will always continue to be, open source. The Network RADIUS team provides commercial support to paying clients, and free product development for the FreeRADIUS community at large.
All of our software development for FreeRADIUS is integrated into the Open Source platform, and will always continue to be.
3
2
Hello,I have a problem with freeradius 3.0.17 with samba 4.9.5 under debian 10.When I do thisradtest -t mschap eric.roger XXXXXXXX 127.0.0.1 0 testing123it worksSent Access-Request Id 251 from 0.0.0.0:46535 to 127.0.0.1:1812 length 136 User-Name = "eric.roger" MS-CHAP-Password = "Buckroger*1234*" NAS-IP-Address=172.16.1.232 NAS-Port = 0 Message-Authenticator = 0x00 Cleartext-Password="XXXXXXX" MS-CHAP-Challenge=0xe7b3443bc4983e22 MS-CHAP-Response=0x0001000000000000000000000000000000000000000000000000bfcdc7b44a760f05e5ce1d89ea0bc8a546bc7627fb3edd4Received Access-Accept Id 251 from 127.0.0.1:1812 to 127.0.0.1:46535 length 84 MS-CHAP-MPPE-Keys=0x0000000000000000bbee31eb54dd1eef75e78c302ccd2b09 MS-MPPE-Encryption-Policy=Encryption-Allowed MS-MPPE-Encryption-Types=RC4-40or128-bit-Allowed
in Eap it does not work on android or windows 10. I post my log of freeradius -XXX
I don't see the error I use the base certificates to test snakeoil before putting my own. but I don't understand the problem. the server is joined to the domain and the radtest works? thank you very much for your help and if necessary other files I can send them Thank you Eric
Tue Feb 15 07:49:22 2022 : Debug: Server was built with: Tue Feb 15 07:49:22 2022 : Debug: accounting : yesTue Feb 15 07:49:22 2022 : Debug: authentication : yesTue Feb 15 07:49:22 2022 : Debug: ascend-binary-attributes : yesTue Feb 15 07:49:22 2022 : Debug: coa : yesTue Feb 15 07:49:22 2022 : Debug: control-socket : yesTue Feb 15 07:49:22 2022 : Debug: detail : yesTue Feb 15 07:49:22 2022 : Debug: dhcp : yesTue Feb 15 07:49:22 2022 : Debug: dynamic-clients : yesTue Feb 15 07:49:22 2022 : Debug: osfc2 : noTue Feb 15 07:49:22 2022 : Debug: proxy : yesTue Feb 15 07:49:22 2022 : Debug: regex-pcre : yesTue Feb 15 07:49:22 2022 : Debug: regex-posix : noTue Feb 15 07:49:22 2022 : Debug: regex-posix-extended : noTue Feb 15 07:49:22 2022 : Debug: session-management : yesTue Feb 15 07:49:22 2022 : Debug: stats : yesTue Feb 15 07:49:22 2022 : Debug: tcp : yesTue Feb 15 07:49:22 2022 : Debug: threads : yesTue Feb 15 07:49:22 2022 : Debug: tls : yesTue Feb 15 07:49:22 2022 : Debug: unlang : yesTue Feb 15 07:49:22 2022 : Debug: vmps : yesTue Feb 15 07:49:22 2022 : Debug: developer : noTue Feb 15 07:49:22 2022 : Debug: Server core libs:Tue Feb 15 07:49:22 2022 : Debug: freeradius-server : 3.0.17Tue Feb 15 07:49:22 2022 : Debug: talloc : 2.1.*Tue Feb 15 07:49:22 2022 : Debug: ssl : 1.1.1d releaseTue Feb 15 07:49:22 2022 : Debug: pcre : 8.39 2016-06-14Tue Feb 15 07:49:22 2022 : Debug: Endianness:Tue Feb 15 07:49:22 2022 : Debug: littleTue Feb 15 07:49:22 2022 : Debug: Compilation flags:Tue Feb 15 07:49:22 2022 : Debug: cppflags : -Wdate-time -D_FORTIFY_SOURCE=2Tue Feb 15 07:49:22 2022 : Debug: cflags : -I. -Isrc -include src/freeradius-devel/autoconf.h -include src/freeradius-devel/build.h -include src/freeradius-devel/features.h -include src/freeradius-devel/radpaths.h -fno-strict-aliasing -Wno-date-time -g -O2 -fdebug-prefix-map=/build/freeradius-RXCWcb/freeradius-3.0.17+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -std=c99 -D_GNU_SOURCE -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -DNDEBUG -DIS_MODULE=1Tue Feb 15 07:49:22 2022 : Debug: ldflags : -Wl,-z,relro -Wl,-z,nowTue Feb 15 07:49:22 2022 : Debug: libs : -lcrypto -lssl -ltalloc -lpcre -lcap -lnsl -lresolv -ldl -lpthread -lreadlineTue Feb 15 07:49:22 2022 : Debug: Tue Feb 15 07:49:22 2022 : Info: FreeRADIUS Version 3.0.17Tue Feb 15 07:49:22 2022 : Info: Copyright (C) 1999-2017 The FreeRADIUS server project and contributorsTue Feb 15 07:49:22 2022 : Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR ATue Feb 15 07:49:22 2022 : Info: PARTICULAR PURPOSETue Feb 15 07:49:22 2022 : Info: You may redistribute copies of FreeRADIUS under the terms of theTue Feb 15 07:49:22 2022 : Info: GNU General Public LicenseTue Feb 15 07:49:22 2022 : Info: For more information about these matters, see the file named COPYRIGHTTue Feb 15 07:49:22 2022 : Info: Starting - reading configuration files ...Tue Feb 15 07:49:22 2022 : Debug: including dictionary file /usr/share/freeradius/dictionaryTue Feb 15 07:49:22 2022 : Debug: including dictionary file /usr/share/freeradius/dictionary.dhcpTue Feb 15 07:49:22 2022 : Debug: including dictionary file /usr/share/freeradius/dictionary.vqpTue Feb 15 07:49:22 2022 : Debug: including dictionary file /etc/freeradius/3.0/dictionaryTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/radiusd.confTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/proxy.confTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/clients.confTue Feb 15 07:49:22 2022 : Debug: including files in directory /etc/freeradius/3.0/mods-enabled/Tue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/detailTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/linelogTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/digestTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/filesTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/papTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/preprocessTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/mschapTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/logintimeTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/sohTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/echoTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/chapTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/attr_filterTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/execTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/alwaysTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/dynamic_clientsTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/sradutmpTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/radutmpTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/unixTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/passwdTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/realmTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/exprTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/replicateTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/ntlm_authTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/detail.logTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/utf8Tue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/eapTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/cache_eapTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/ldapTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/expirationTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/mods-enabled/unpackTue Feb 15 07:49:22 2022 : Debug: including files in directory /etc/freeradius/3.0/policy.d/Tue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/policy.d/cuiTue Feb 15 07:49:22 2022 : Debug: OPTIMIZING (${policy.cui_require_operator_name} == yes) --> FALSETue Feb 15 07:49:22 2022 : Debug: OPTIMIZING (no == yes) --> FALSETue Feb 15 07:49:22 2022 : Debug: OPTIMIZING (${policy.cui_require_operator_name} == yes) --> FALSETue Feb 15 07:49:22 2022 : Debug: OPTIMIZING (no == yes) --> FALSETue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/policy.d/operator-nameTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/policy.d/controlTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/policy.d/debugTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/policy.d/moonshot-targeted-idsTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/policy.d/abfab-trTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/policy.d/filterTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/policy.d/dhcpTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/policy.d/accountingTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/policy.d/eapTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/policy.d/canonicalizationTue Feb 15 07:49:22 2022 : Debug: including files in directory /etc/freeradius/3.0/sites-enabled/Tue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/sites-enabled/inner-tunnelTue Feb 15 07:49:22 2022 : Debug: including configuration file /etc/freeradius/3.0/sites-enabled/defaultTue Feb 15 07:49:22 2022 : Debug: main {Tue Feb 15 07:49:22 2022 : Debug: security {Tue Feb 15 07:49:22 2022 : Debug: user = "freerad"Tue Feb 15 07:49:22 2022 : Debug: group = "freerad"Tue Feb 15 07:49:22 2022 : Debug: allow_core_dumps = noTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[424]: The item 'max_attributes' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[442]: The item 'reject_delay' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[462]: The item 'status_server' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: name = "freeradius"Tue Feb 15 07:49:22 2022 : Debug: prefix = "/usr"Tue Feb 15 07:49:22 2022 : Debug: localstatedir = "/var"Tue Feb 15 07:49:22 2022 : Debug: logdir = "/var/log/freeradius"Tue Feb 15 07:49:22 2022 : Debug: run_dir = "/var/run/freeradius"Tue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[55]: The item 'sysconfdir' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[67]: The item 'confdir' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[69]: The item 'certdir' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[70]: The item 'cadir' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[74]: The item 'db_dir' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[108]: The item 'libdir' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[119]: The item 'pidfile' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[140]: The item 'correct_escapes' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[194]: The item 'max_request_time' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[213]: The item 'cleanup_delay' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[232]: The item 'max_requests' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[250]: The item 'hostname_lookups' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[334]: The item 'checkrad' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[483]: The item 'proxy_requests' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: main {Tue Feb 15 07:49:22 2022 : Debug: name = "freeradius"Tue Feb 15 07:49:22 2022 : Debug: prefix = "/usr"Tue Feb 15 07:49:22 2022 : Debug: localstatedir = "/var"Tue Feb 15 07:49:22 2022 : Debug: sbindir = "/usr/sbin"Tue Feb 15 07:49:22 2022 : Debug: logdir = "/var/log/freeradius"Tue Feb 15 07:49:22 2022 : Debug: run_dir = "/var/run/freeradius"Tue Feb 15 07:49:22 2022 : Debug: libdir = "/usr/lib/freeradius"Tue Feb 15 07:49:22 2022 : Debug: radacctdir = "/var/log/freeradius/radacct"Tue Feb 15 07:49:22 2022 : Debug: hostname_lookups = noTue Feb 15 07:49:22 2022 : Debug: max_request_time = 30Tue Feb 15 07:49:22 2022 : Debug: cleanup_delay = 5Tue Feb 15 07:49:22 2022 : Debug: max_requests = 16384Tue Feb 15 07:49:22 2022 : Debug: pidfile = "/var/run/freeradius/freeradius.pid"Tue Feb 15 07:49:22 2022 : Debug: checkrad = "/usr/sbin/checkrad"Tue Feb 15 07:49:22 2022 : Debug: debug_level = 0Tue Feb 15 07:49:22 2022 : Debug: proxy_requests = yesTue Feb 15 07:49:22 2022 : Debug: log {Tue Feb 15 07:49:22 2022 : Debug: stripped_names = noTue Feb 15 07:49:22 2022 : Debug: auth = noTue Feb 15 07:49:22 2022 : Debug: auth_badpass = noTue Feb 15 07:49:22 2022 : Debug: auth_goodpass = noTue Feb 15 07:49:22 2022 : Debug: colourise = yesTue Feb 15 07:49:22 2022 : Debug: msg_denied = "You are already logged in - access denied"Tue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[268]: The item 'destination' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[285]: The item 'file' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[293]: The item 'syslog_facility' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: resources {Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: security {Tue Feb 15 07:49:22 2022 : Debug: max_attributes = 200Tue Feb 15 07:49:22 2022 : Debug: reject_delay = 1.000000Tue Feb 15 07:49:22 2022 : Debug: status_server = yesTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[55]: The item 'sysconfdir' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[67]: The item 'confdir' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[69]: The item 'certdir' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[70]: The item 'cadir' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[74]: The item 'db_dir' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/radiusd.conf[140]: The item 'correct_escapes' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: radiusd: #### Loading Realms and Home Servers ####Tue Feb 15 07:49:22 2022 : Debug: proxy server {Tue Feb 15 07:49:22 2022 : Debug: retry_delay = 5Tue Feb 15 07:49:22 2022 : Debug: retry_count = 3Tue Feb 15 07:49:22 2022 : Debug: default_fallback = noTue Feb 15 07:49:22 2022 : Debug: dead_time = 120Tue Feb 15 07:49:22 2022 : Debug: wake_all_if_all_dead = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: home_server localhost {Tue Feb 15 07:49:22 2022 : Debug: ipaddr = 127.0.0.1Tue Feb 15 07:49:22 2022 : Debug: port = 1812Tue Feb 15 07:49:22 2022 : Debug: type = "auth"Tue Feb 15 07:49:22 2022 : Debug: secret = "testing123"Tue Feb 15 07:49:22 2022 : Debug: response_window = 20.000000Tue Feb 15 07:49:22 2022 : Debug: response_timeouts = 1Tue Feb 15 07:49:22 2022 : Debug: max_outstanding = 65536Tue Feb 15 07:49:22 2022 : Debug: zombie_period = 40Tue Feb 15 07:49:22 2022 : Debug: status_check = "status-server"Tue Feb 15 07:49:22 2022 : Debug: ping_interval = 30Tue Feb 15 07:49:22 2022 : Debug: check_interval = 30Tue Feb 15 07:49:22 2022 : Debug: check_timeout = 4Tue Feb 15 07:49:22 2022 : Debug: num_answers_to_alive = 3Tue Feb 15 07:49:22 2022 : Debug: revive_interval = 120Tue Feb 15 07:49:22 2022 : Debug: limit {Tue Feb 15 07:49:22 2022 : Debug: max_connections = 16Tue Feb 15 07:49:22 2022 : Debug: max_requests = 0Tue Feb 15 07:49:22 2022 : Debug: lifetime = 0Tue Feb 15 07:49:22 2022 : Debug: idle_timeout = 0Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: coa {Tue Feb 15 07:49:22 2022 : Debug: irt = 2Tue Feb 15 07:49:22 2022 : Debug: mrt = 16Tue Feb 15 07:49:22 2022 : Debug: mrc = 5Tue Feb 15 07:49:22 2022 : Debug: mrd = 30Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: home_server_pool my_auth_failover {Tue Feb 15 07:49:22 2022 : Debug: type = fail-overTue Feb 15 07:49:22 2022 : Debug: home_server = localhostTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: realm example.com {Tue Feb 15 07:49:22 2022 : Debug: auth_pool = my_auth_failoverTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: realm LOCAL {Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: realm lyceeader.eu {Tue Feb 15 07:49:22 2022 : Debug: authhost = LOCALTue Feb 15 07:49:22 2022 : Debug: accthost = LOCALTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: realm DEFAULT {Tue Feb 15 07:49:22 2022 : Debug: nostripTue Feb 15 07:49:22 2022 : Debug: authhost = LOCALTue Feb 15 07:49:22 2022 : Debug: accthost = LOCALTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: radiusd: #### Loading Clients ####Tue Feb 15 07:49:22 2022 : Debug: client localhost {Tue Feb 15 07:49:22 2022 : Debug: ipaddr = 127.0.0.1Tue Feb 15 07:49:22 2022 : Debug: require_message_authenticator = noTue Feb 15 07:49:22 2022 : Debug: secret = "testing123"Tue Feb 15 07:49:22 2022 : Debug: nas_type = "other"Tue Feb 15 07:49:22 2022 : Debug: proto = "*"Tue Feb 15 07:49:22 2022 : Debug: limit {Tue Feb 15 07:49:22 2022 : Debug: max_connections = 16Tue Feb 15 07:49:22 2022 : Debug: lifetime = 0Tue Feb 15 07:49:22 2022 : Debug: idle_timeout = 30Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Adding client 127.0.0.1/32 (127.0.0.1) to prefix tree 32Tue Feb 15 07:49:22 2022 : Debug: client private-pfsense {Tue Feb 15 07:49:22 2022 : Debug: ipaddr = 172.16.1.1/24Tue Feb 15 07:49:22 2022 : Debug: require_message_authenticator = noTue Feb 15 07:49:22 2022 : Debug: secret = "aderader"Tue Feb 15 07:49:22 2022 : Debug: limit {Tue Feb 15 07:49:22 2022 : Debug: max_connections = 16Tue Feb 15 07:49:22 2022 : Debug: lifetime = 0Tue Feb 15 07:49:22 2022 : Debug: idle_timeout = 30Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Adding client 172.16.1.0/24 (172.16.1.0) to prefix tree 24Tue Feb 15 07:49:22 2022 : Debug: client lan251 {Tue Feb 15 07:49:22 2022 : Debug: ipaddr = 172.16.251.251/24Tue Feb 15 07:49:22 2022 : Debug: require_message_authenticator = noTue Feb 15 07:49:22 2022 : Debug: secret = "aderader"Tue Feb 15 07:49:22 2022 : Debug: limit {Tue Feb 15 07:49:22 2022 : Debug: max_connections = 16Tue Feb 15 07:49:22 2022 : Debug: lifetime = 0Tue Feb 15 07:49:22 2022 : Debug: idle_timeout = 30Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Adding client 172.16.251.0/24 (172.16.251.0) to prefix tree 24Tue Feb 15 07:49:22 2022 : Debug: client lan252 {Tue Feb 15 07:49:22 2022 : Debug: ipaddr = 172.16.252.252/24Tue Feb 15 07:49:22 2022 : Debug: require_message_authenticator = noTue Feb 15 07:49:22 2022 : Debug: secret = "aderader"Tue Feb 15 07:49:22 2022 : Debug: limit {Tue Feb 15 07:49:22 2022 : Debug: max_connections = 16Tue Feb 15 07:49:22 2022 : Debug: lifetime = 0Tue Feb 15 07:49:22 2022 : Debug: idle_timeout = 30Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Adding client 172.16.252.0/24 (172.16.252.0) to prefix tree 24Tue Feb 15 07:49:22 2022 : Info: Debugger not attachedTue Feb 15 07:49:22 2022 : Debug: # Creating Auth-Type = mschapTue Feb 15 07:49:22 2022 : Debug: # Creating Auth-Type = eapTue Feb 15 07:49:22 2022 : Debug: # Creating Auth-Type = PAPTue Feb 15 07:49:22 2022 : Debug: # Creating Auth-Type = CHAPTue Feb 15 07:49:22 2022 : Debug: # Creating Auth-Type = MS-CHAPTue Feb 15 07:49:22 2022 : Debug: # Creating Auth-Type = digestTue Feb 15 07:49:22 2022 : Debug: radiusd: #### Instantiating modules ####Tue Feb 15 07:49:22 2022 : Debug: modules {Tue Feb 15 07:49:22 2022 : Debug: Loading rlm_detail with path: /usr/lib/freeradius/rlm_detail.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_detail, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_detailTue Feb 15 07:49:22 2022 : Debug: # Loading module "detail" from file /etc/freeradius/3.0/mods-enabled/detailTue Feb 15 07:49:22 2022 : Debug: detail {Tue Feb 15 07:49:22 2022 : Debug: filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"Tue Feb 15 07:49:22 2022 : Debug: header = "%t"Tue Feb 15 07:49:22 2022 : Debug: permissions = 384Tue Feb 15 07:49:22 2022 : Debug: locking = noTue Feb 15 07:49:22 2022 : Debug: escape_filenames = noTue Feb 15 07:49:22 2022 : Debug: log_packet_header = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Loading rlm_linelog with path: /usr/lib/freeradius/rlm_linelog.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_linelog, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_linelogTue Feb 15 07:49:22 2022 : Debug: # Loading module "linelog" from file /etc/freeradius/3.0/mods-enabled/linelogTue Feb 15 07:49:22 2022 : Debug: linelog {Tue Feb 15 07:49:22 2022 : Debug: filename = "/var/log/freeradius/linelog"Tue Feb 15 07:49:22 2022 : Debug: escape_filenames = noTue Feb 15 07:49:22 2022 : Debug: syslog_severity = "info"Tue Feb 15 07:49:22 2022 : Debug: permissions = 384Tue Feb 15 07:49:22 2022 : Debug: format = "This is a log message for %{User-Name}"Tue Feb 15 07:49:22 2022 : Debug: reference = "messages.%{%{reply:Packet-Type}:-default}"Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Loading module "log_accounting" from file /etc/freeradius/3.0/mods-enabled/linelogTue Feb 15 07:49:22 2022 : Debug: linelog log_accounting {Tue Feb 15 07:49:22 2022 : Debug: filename = "/var/log/freeradius/linelog-accounting"Tue Feb 15 07:49:22 2022 : Debug: escape_filenames = noTue Feb 15 07:49:22 2022 : Debug: syslog_severity = "info"Tue Feb 15 07:49:22 2022 : Debug: permissions = 384Tue Feb 15 07:49:22 2022 : Debug: format = ""Tue Feb 15 07:49:22 2022 : Debug: reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Loading rlm_digest with path: /usr/lib/freeradius/rlm_digest.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_digest, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_digestTue Feb 15 07:49:22 2022 : Debug: # Loading module "digest" from file /etc/freeradius/3.0/mods-enabled/digestTue Feb 15 07:49:22 2022 : Debug: Loading rlm_files with path: /usr/lib/freeradius/rlm_files.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_files, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_filesTue Feb 15 07:49:22 2022 : Debug: # Loading module "files" from file /etc/freeradius/3.0/mods-enabled/filesTue Feb 15 07:49:22 2022 : Debug: files {Tue Feb 15 07:49:22 2022 : Debug: filename = "/etc/freeradius/3.0/mods-config/files/authorize"Tue Feb 15 07:49:22 2022 : Debug: acctusersfile = "/etc/freeradius/3.0/mods-config/files/accounting"Tue Feb 15 07:49:22 2022 : Debug: preproxy_usersfile = "/etc/freeradius/3.0/mods-config/files/pre-proxy"Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Loading rlm_pap with path: /usr/lib/freeradius/rlm_pap.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_pap, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_papTue Feb 15 07:49:22 2022 : Debug: # Loading module "pap" from file /etc/freeradius/3.0/mods-enabled/papTue Feb 15 07:49:22 2022 : Debug: pap {Tue Feb 15 07:49:22 2022 : Debug: normalise = yesTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Loading rlm_preprocess with path: /usr/lib/freeradius/rlm_preprocess.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_preprocess, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_preprocessTue Feb 15 07:49:22 2022 : Debug: # Loading module "preprocess" from file /etc/freeradius/3.0/mods-enabled/preprocessTue Feb 15 07:49:22 2022 : Debug: preprocess {Tue Feb 15 07:49:22 2022 : Debug: huntgroups = "/etc/freeradius/3.0/mods-config/preprocess/huntgroups"Tue Feb 15 07:49:22 2022 : Debug: hints = "/etc/freeradius/3.0/mods-config/preprocess/hints"Tue Feb 15 07:49:22 2022 : Debug: with_ascend_hack = noTue Feb 15 07:49:22 2022 : Debug: ascend_channels_per_line = 23Tue Feb 15 07:49:22 2022 : Debug: with_ntdomain_hack = noTue Feb 15 07:49:22 2022 : Debug: with_specialix_jetstream_hack = noTue Feb 15 07:49:22 2022 : Debug: with_cisco_vsa_hack = noTue Feb 15 07:49:22 2022 : Debug: with_alvarion_vsa_hack = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Loading rlm_mschap with path: /usr/lib/freeradius/rlm_mschap.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_mschap, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_mschapTue Feb 15 07:49:22 2022 : Debug: # Loading module "mschap" from file /etc/freeradius/3.0/mods-enabled/mschapTue Feb 15 07:49:22 2022 : Debug: mschap {Tue Feb 15 07:49:22 2022 : Debug: use_mppe = yesTue Feb 15 07:49:22 2022 : Debug: require_encryption = noTue Feb 15 07:49:22 2022 : Debug: require_strong = noTue Feb 15 07:49:22 2022 : Debug: with_ntdomain_hack = yesTue Feb 15 07:49:22 2022 : Debug: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=LYCEEADER --username=%{mschap:User-Name} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"Tue Feb 15 07:49:22 2022 : Debug: passchange {Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: allow_retry = yesTue Feb 15 07:49:22 2022 : Debug: winbind_retry_with_normalised_username = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Loading rlm_logintime with path: /usr/lib/freeradius/rlm_logintime.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_logintime, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_logintimeTue Feb 15 07:49:22 2022 : Debug: # Loading module "logintime" from file /etc/freeradius/3.0/mods-enabled/logintimeTue Feb 15 07:49:22 2022 : Debug: logintime {Tue Feb 15 07:49:22 2022 : Debug: minimum_timeout = 60Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Loading rlm_soh with path: /usr/lib/freeradius/rlm_soh.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_soh, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_sohTue Feb 15 07:49:22 2022 : Debug: # Loading module "soh" from file /etc/freeradius/3.0/mods-enabled/sohTue Feb 15 07:49:22 2022 : Debug: soh {Tue Feb 15 07:49:22 2022 : Debug: dhcp = yesTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Loading rlm_exec with path: /usr/lib/freeradius/rlm_exec.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_exec, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_execTue Feb 15 07:49:22 2022 : Debug: # Loading module "echo" from file /etc/freeradius/3.0/mods-enabled/echoTue Feb 15 07:49:22 2022 : Debug: exec echo {Tue Feb 15 07:49:22 2022 : Debug: wait = yesTue Feb 15 07:49:22 2022 : Debug: program = "/bin/echo %{User-Name}"Tue Feb 15 07:49:22 2022 : Debug: input_pairs = "request"Tue Feb 15 07:49:22 2022 : Debug: output_pairs = "reply"Tue Feb 15 07:49:22 2022 : Debug: shell_escape = yesTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Loading rlm_chap with path: /usr/lib/freeradius/rlm_chap.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_chap, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_chapTue Feb 15 07:49:22 2022 : Debug: # Loading module "chap" from file /etc/freeradius/3.0/mods-enabled/chapTue Feb 15 07:49:22 2022 : Debug: Loading rlm_attr_filter with path: /usr/lib/freeradius/rlm_attr_filter.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_attr_filter, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_attr_filterTue Feb 15 07:49:22 2022 : Debug: # Loading module "attr_filter.post-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filterTue Feb 15 07:49:22 2022 : Debug: attr_filter attr_filter.post-proxy {Tue Feb 15 07:49:22 2022 : Debug: filename = "/etc/freeradius/3.0/mods-config/attr_filter/post-proxy"Tue Feb 15 07:49:22 2022 : Debug: key = "%{Realm}"Tue Feb 15 07:49:22 2022 : Debug: relaxed = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Loading module "attr_filter.pre-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filterTue Feb 15 07:49:22 2022 : Debug: attr_filter attr_filter.pre-proxy {Tue Feb 15 07:49:22 2022 : Debug: filename = "/etc/freeradius/3.0/mods-config/attr_filter/pre-proxy"Tue Feb 15 07:49:22 2022 : Debug: key = "%{Realm}"Tue Feb 15 07:49:22 2022 : Debug: relaxed = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Loading module "attr_filter.access_reject" from file /etc/freeradius/3.0/mods-enabled/attr_filterTue Feb 15 07:49:22 2022 : Debug: attr_filter attr_filter.access_reject {Tue Feb 15 07:49:22 2022 : Debug: filename = "/etc/freeradius/3.0/mods-config/attr_filter/access_reject"Tue Feb 15 07:49:22 2022 : Debug: key = "%{User-Name}"Tue Feb 15 07:49:22 2022 : Debug: relaxed = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Loading module "attr_filter.access_challenge" from file /etc/freeradius/3.0/mods-enabled/attr_filterTue Feb 15 07:49:22 2022 : Debug: attr_filter attr_filter.access_challenge {Tue Feb 15 07:49:22 2022 : Debug: filename = "/etc/freeradius/3.0/mods-config/attr_filter/access_challenge"Tue Feb 15 07:49:22 2022 : Debug: key = "%{User-Name}"Tue Feb 15 07:49:22 2022 : Debug: relaxed = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Loading module "attr_filter.accounting_response" from file /etc/freeradius/3.0/mods-enabled/attr_filterTue Feb 15 07:49:22 2022 : Debug: attr_filter attr_filter.accounting_response {Tue Feb 15 07:49:22 2022 : Debug: filename = "/etc/freeradius/3.0/mods-config/attr_filter/accounting_response"Tue Feb 15 07:49:22 2022 : Debug: key = "%{User-Name}"Tue Feb 15 07:49:22 2022 : Debug: relaxed = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Loading module "exec" from file /etc/freeradius/3.0/mods-enabled/execTue Feb 15 07:49:22 2022 : Debug: exec {Tue Feb 15 07:49:22 2022 : Debug: wait = noTue Feb 15 07:49:22 2022 : Debug: input_pairs = "request"Tue Feb 15 07:49:22 2022 : Debug: shell_escape = yesTue Feb 15 07:49:22 2022 : Debug: timeout = 10Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Loading rlm_always with path: /usr/lib/freeradius/rlm_always.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_always, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_alwaysTue Feb 15 07:49:22 2022 : Debug: # Loading module "reject" from file /etc/freeradius/3.0/mods-enabled/alwaysTue Feb 15 07:49:22 2022 : Debug: always reject {Tue Feb 15 07:49:22 2022 : Debug: rcode = "reject"Tue Feb 15 07:49:22 2022 : Debug: simulcount = 0Tue Feb 15 07:49:22 2022 : Debug: mpp = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Loading module "fail" from file /etc/freeradius/3.0/mods-enabled/alwaysTue Feb 15 07:49:22 2022 : Debug: always fail {Tue Feb 15 07:49:22 2022 : Debug: rcode = "fail"Tue Feb 15 07:49:22 2022 : Debug: simulcount = 0Tue Feb 15 07:49:22 2022 : Debug: mpp = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Loading module "ok" from file /etc/freeradius/3.0/mods-enabled/alwaysTue Feb 15 07:49:22 2022 : Debug: always ok {Tue Feb 15 07:49:22 2022 : Debug: rcode = "ok"Tue Feb 15 07:49:22 2022 : Debug: simulcount = 0Tue Feb 15 07:49:22 2022 : Debug: mpp = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Loading module "handled" from file /etc/freeradius/3.0/mods-enabled/alwaysTue Feb 15 07:49:22 2022 : Debug: always handled {Tue Feb 15 07:49:22 2022 : Debug: rcode = "handled"Tue Feb 15 07:49:22 2022 : Debug: simulcount = 0Tue Feb 15 07:49:22 2022 : Debug: mpp = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Loading module "invalid" from file /etc/freeradius/3.0/mods-enabled/alwaysTue Feb 15 07:49:22 2022 : Debug: always invalid {Tue Feb 15 07:49:22 2022 : Debug: rcode = "invalid"Tue Feb 15 07:49:22 2022 : Debug: simulcount = 0Tue Feb 15 07:49:22 2022 : Debug: mpp = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Loading module "userlock" from file /etc/freeradius/3.0/mods-enabled/alwaysTue Feb 15 07:49:22 2022 : Debug: always userlock {Tue Feb 15 07:49:22 2022 : Debug: rcode = "userlock"Tue Feb 15 07:49:22 2022 : Debug: simulcount = 0Tue Feb 15 07:49:22 2022 : Debug: mpp = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Loading module "notfound" from file /etc/freeradius/3.0/mods-enabled/alwaysTue Feb 15 07:49:22 2022 : Debug: always notfound {Tue Feb 15 07:49:22 2022 : Debug: rcode = "notfound"Tue Feb 15 07:49:22 2022 : Debug: simulcount = 0Tue Feb 15 07:49:22 2022 : Debug: mpp = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Loading module "noop" from file /etc/freeradius/3.0/mods-enabled/alwaysTue Feb 15 07:49:22 2022 : Debug: always noop {Tue Feb 15 07:49:22 2022 : Debug: rcode = "noop"Tue Feb 15 07:49:22 2022 : Debug: simulcount = 0Tue Feb 15 07:49:22 2022 : Debug: mpp = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Loading module "updated" from file /etc/freeradius/3.0/mods-enabled/alwaysTue Feb 15 07:49:22 2022 : Debug: always updated {Tue Feb 15 07:49:22 2022 : Debug: rcode = "updated"Tue Feb 15 07:49:22 2022 : Debug: simulcount = 0Tue Feb 15 07:49:22 2022 : Debug: mpp = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Loading rlm_dynamic_clients with path: /usr/lib/freeradius/rlm_dynamic_clients.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_dynamic_clients, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_dynamic_clientsTue Feb 15 07:49:22 2022 : Debug: # Loading module "dynamic_clients" from file /etc/freeradius/3.0/mods-enabled/dynamic_clientsTue Feb 15 07:49:22 2022 : Debug: Loading rlm_radutmp with path: /usr/lib/freeradius/rlm_radutmp.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_radutmp, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_radutmpTue Feb 15 07:49:22 2022 : Debug: # Loading module "sradutmp" from file /etc/freeradius/3.0/mods-enabled/sradutmpTue Feb 15 07:49:22 2022 : Debug: radutmp sradutmp {Tue Feb 15 07:49:22 2022 : Debug: filename = "/var/log/freeradius/sradutmp"Tue Feb 15 07:49:22 2022 : Debug: username = "%{User-Name}"Tue Feb 15 07:49:22 2022 : Debug: case_sensitive = yesTue Feb 15 07:49:22 2022 : Debug: check_with_nas = yesTue Feb 15 07:49:22 2022 : Debug: permissions = 420Tue Feb 15 07:49:22 2022 : Debug: caller_id = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Loading module "radutmp" from file /etc/freeradius/3.0/mods-enabled/radutmpTue Feb 15 07:49:22 2022 : Debug: radutmp {Tue Feb 15 07:49:22 2022 : Debug: filename = "/var/log/freeradius/radutmp"Tue Feb 15 07:49:22 2022 : Debug: username = "%{User-Name}"Tue Feb 15 07:49:22 2022 : Debug: case_sensitive = yesTue Feb 15 07:49:22 2022 : Debug: check_with_nas = yesTue Feb 15 07:49:22 2022 : Debug: permissions = 384Tue Feb 15 07:49:22 2022 : Debug: caller_id = yesTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Loading rlm_unix with path: /usr/lib/freeradius/rlm_unix.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_unix, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_unixTue Feb 15 07:49:22 2022 : Debug: # Loading module "unix" from file /etc/freeradius/3.0/mods-enabled/unixTue Feb 15 07:49:22 2022 : Debug: unix {Tue Feb 15 07:49:22 2022 : Debug: radwtmp = "/var/log/freeradius/radwtmp"Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Creating attribute Unix-GroupTue Feb 15 07:49:22 2022 : Debug: Loading rlm_passwd with path: /usr/lib/freeradius/rlm_passwd.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_passwd, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_passwdTue Feb 15 07:49:22 2022 : Debug: # Loading module "etc_passwd" from file /etc/freeradius/3.0/mods-enabled/passwdTue Feb 15 07:49:22 2022 : Debug: passwd etc_passwd {Tue Feb 15 07:49:22 2022 : Debug: filename = "/etc/passwd"Tue Feb 15 07:49:22 2022 : Debug: format = "*User-Name:Crypt-Password:"Tue Feb 15 07:49:22 2022 : Debug: delimiter = ":"Tue Feb 15 07:49:22 2022 : Debug: ignore_nislike = noTue Feb 15 07:49:22 2022 : Debug: ignore_empty = yesTue Feb 15 07:49:22 2022 : Debug: allow_multiple_keys = noTue Feb 15 07:49:22 2022 : Debug: hash_size = 100Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Loading rlm_realm with path: /usr/lib/freeradius/rlm_realm.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_realm, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_realmTue Feb 15 07:49:22 2022 : Debug: # Loading module "IPASS" from file /etc/freeradius/3.0/mods-enabled/realmTue Feb 15 07:49:22 2022 : Debug: realm IPASS {Tue Feb 15 07:49:22 2022 : Debug: format = "prefix"Tue Feb 15 07:49:22 2022 : Debug: delimiter = "/"Tue Feb 15 07:49:22 2022 : Debug: ignore_default = noTue Feb 15 07:49:22 2022 : Debug: ignore_null = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Loading module "suffix" from file /etc/freeradius/3.0/mods-enabled/realmTue Feb 15 07:49:22 2022 : Debug: realm suffix {Tue Feb 15 07:49:22 2022 : Debug: format = "suffix"Tue Feb 15 07:49:22 2022 : Debug: delimiter = "@"Tue Feb 15 07:49:22 2022 : Debug: ignore_default = noTue Feb 15 07:49:22 2022 : Debug: ignore_null = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Loading module "realmpercent" from file /etc/freeradius/3.0/mods-enabled/realmTue Feb 15 07:49:22 2022 : Debug: realm realmpercent {Tue Feb 15 07:49:22 2022 : Debug: format = "suffix"Tue Feb 15 07:49:22 2022 : Debug: delimiter = "%"Tue Feb 15 07:49:22 2022 : Debug: ignore_default = noTue Feb 15 07:49:22 2022 : Debug: ignore_null = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Loading module "ntdomain" from file /etc/freeradius/3.0/mods-enabled/realmTue Feb 15 07:49:22 2022 : Debug: realm ntdomain {Tue Feb 15 07:49:22 2022 : Debug: format = "prefix"Tue Feb 15 07:49:22 2022 : Debug: delimiter = "\\"Tue Feb 15 07:49:22 2022 : Debug: ignore_default = noTue Feb 15 07:49:22 2022 : Debug: ignore_null = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Loading rlm_expr with path: /usr/lib/freeradius/rlm_expr.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_expr, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_exprTue Feb 15 07:49:22 2022 : Debug: # Loading module "expr" from file /etc/freeradius/3.0/mods-enabled/exprTue Feb 15 07:49:22 2022 : Debug: expr {Tue Feb 15 07:49:22 2022 : Debug: safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüà âæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÃÔŒÙÛÜŸ"Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Loading rlm_replicate with path: /usr/lib/freeradius/rlm_replicate.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_replicate, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_replicateTue Feb 15 07:49:22 2022 : Debug: # Loading module "replicate" from file /etc/freeradius/3.0/mods-enabled/replicateTue Feb 15 07:49:22 2022 : Debug: # Loading module "ntlm_auth" from file /etc/freeradius/3.0/mods-enabled/ntlm_authTue Feb 15 07:49:22 2022 : Debug: exec ntlm_auth {Tue Feb 15 07:49:22 2022 : Debug: wait = yesTue Feb 15 07:49:22 2022 : Debug: program = "/usr/bin/ntlm_auth --request-nt-key --domain=LYCEEADER --username=%{mschap:User-Name} --password=%{User-Password}"Tue Feb 15 07:49:22 2022 : Debug: shell_escape = yesTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Loading module "auth_log" from file /etc/freeradius/3.0/mods-enabled/detail.logTue Feb 15 07:49:22 2022 : Debug: detail auth_log {Tue Feb 15 07:49:22 2022 : Debug: filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"Tue Feb 15 07:49:22 2022 : Debug: header = "%t"Tue Feb 15 07:49:22 2022 : Debug: permissions = 384Tue Feb 15 07:49:22 2022 : Debug: locking = noTue Feb 15 07:49:22 2022 : Debug: escape_filenames = noTue Feb 15 07:49:22 2022 : Debug: log_packet_header = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Loading module "reply_log" from file /etc/freeradius/3.0/mods-enabled/detail.logTue Feb 15 07:49:22 2022 : Debug: detail reply_log {Tue Feb 15 07:49:22 2022 : Debug: filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"Tue Feb 15 07:49:22 2022 : Debug: header = "%t"Tue Feb 15 07:49:22 2022 : Debug: permissions = 384Tue Feb 15 07:49:22 2022 : Debug: locking = noTue Feb 15 07:49:22 2022 : Debug: escape_filenames = noTue Feb 15 07:49:22 2022 : Debug: log_packet_header = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Loading module "pre_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.logTue Feb 15 07:49:22 2022 : Debug: detail pre_proxy_log {Tue Feb 15 07:49:22 2022 : Debug: filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"Tue Feb 15 07:49:22 2022 : Debug: header = "%t"Tue Feb 15 07:49:22 2022 : Debug: permissions = 384Tue Feb 15 07:49:22 2022 : Debug: locking = noTue Feb 15 07:49:22 2022 : Debug: escape_filenames = noTue Feb 15 07:49:22 2022 : Debug: log_packet_header = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Loading module "post_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.logTue Feb 15 07:49:22 2022 : Debug: detail post_proxy_log {Tue Feb 15 07:49:22 2022 : Debug: filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"Tue Feb 15 07:49:22 2022 : Debug: header = "%t"Tue Feb 15 07:49:22 2022 : Debug: permissions = 384Tue Feb 15 07:49:22 2022 : Debug: locking = noTue Feb 15 07:49:22 2022 : Debug: escape_filenames = noTue Feb 15 07:49:22 2022 : Debug: log_packet_header = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Loading rlm_utf8 with path: /usr/lib/freeradius/rlm_utf8.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_utf8, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_utf8Tue Feb 15 07:49:22 2022 : Debug: # Loading module "utf8" from file /etc/freeradius/3.0/mods-enabled/utf8Tue Feb 15 07:49:22 2022 : Debug: Loading rlm_eap with path: /usr/lib/freeradius/rlm_eap.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_eap, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_eapTue Feb 15 07:49:22 2022 : Debug: # Loading module "eap" from file /etc/freeradius/3.0/mods-enabled/eapTue Feb 15 07:49:22 2022 : Debug: eap {Tue Feb 15 07:49:22 2022 : Debug: default_eap_type = "ttls"Tue Feb 15 07:49:22 2022 : Debug: timer_expire = 60Tue Feb 15 07:49:22 2022 : Debug: ignore_unknown_eap_types = noTue Feb 15 07:49:22 2022 : Debug: cisco_accounting_username_bug = noTue Feb 15 07:49:22 2022 : Debug: max_sessions = 4096Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Loading rlm_cache with path: /usr/lib/freeradius/rlm_cache.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_cache, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_cacheTue Feb 15 07:49:22 2022 : Debug: # Loading module "cache_eap" from file /etc/freeradius/3.0/mods-enabled/cache_eapTue Feb 15 07:49:22 2022 : Debug: cache cache_eap {Tue Feb 15 07:49:22 2022 : Debug: driver = "rlm_cache_rbtree"Tue Feb 15 07:49:22 2022 : Debug: key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"Tue Feb 15 07:49:22 2022 : Debug: ttl = 15Tue Feb 15 07:49:22 2022 : Debug: max_entries = 0Tue Feb 15 07:49:22 2022 : Debug: epoch = 0Tue Feb 15 07:49:22 2022 : Debug: add_stats = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Loading rlm_ldap with path: /usr/lib/freeradius/rlm_ldap.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_ldap, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_ldapTue Feb 15 07:49:22 2022 : Debug: # Loading module "ldap" from file /etc/freeradius/3.0/mods-enabled/ldapTue Feb 15 07:49:22 2022 : Debug: ldap {Tue Feb 15 07:49:22 2022 : Debug: server = "se4ad.lyceeader.eu"Tue Feb 15 07:49:22 2022 : Debug: identity = "CN=Administrator,CN=Users,DC=lyceeader,DC=eu"Tue Feb 15 07:49:22 2022 : Debug: password = "Audin77Lubin"Tue Feb 15 07:49:22 2022 : Debug: sasl {Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: user {Tue Feb 15 07:49:22 2022 : Debug: scope = "sub"Tue Feb 15 07:49:22 2022 : Debug: access_positive = yesTue Feb 15 07:49:22 2022 : Debug: sasl {Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: group {Tue Feb 15 07:49:22 2022 : Debug: scope = "sub"Tue Feb 15 07:49:22 2022 : Debug: name_attribute = "cn"Tue Feb 15 07:49:22 2022 : Debug: membership_filter = "(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}}))"Tue Feb 15 07:49:22 2022 : Debug: cacheable_name = noTue Feb 15 07:49:22 2022 : Debug: cacheable_dn = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: client {Tue Feb 15 07:49:22 2022 : Debug: filter = "(objectClass=radiusClient)"Tue Feb 15 07:49:22 2022 : Debug: scope = "sub"Tue Feb 15 07:49:22 2022 : Debug: base_dn = "dc=lyceeader,dc=eu"Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: profile {Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: options {Tue Feb 15 07:49:22 2022 : Debug: ldap_debug = 40Tue Feb 15 07:49:22 2022 : Debug: chase_referrals = yesTue Feb 15 07:49:22 2022 : Debug: rebind = yesTue Feb 15 07:49:22 2022 : Debug: net_timeout = 1Tue Feb 15 07:49:22 2022 : Debug: res_timeout = 10Tue Feb 15 07:49:22 2022 : Debug: srv_timelimit = 3Tue Feb 15 07:49:22 2022 : Debug: idle = 60Tue Feb 15 07:49:22 2022 : Debug: probes = 3Tue Feb 15 07:49:22 2022 : Debug: interval = 3Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: tls {Tue Feb 15 07:49:22 2022 : Debug: start_tls = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Creating attribute LDAP-GroupTue Feb 15 07:49:22 2022 : Debug: Loading rlm_expiration with path: /usr/lib/freeradius/rlm_expiration.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_expiration, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_expirationTue Feb 15 07:49:22 2022 : Debug: # Loading module "expiration" from file /etc/freeradius/3.0/mods-enabled/expirationTue Feb 15 07:49:22 2022 : Debug: Loading rlm_unpack with path: /usr/lib/freeradius/rlm_unpack.soTue Feb 15 07:49:22 2022 : Debug: Loaded rlm_unpack, checking if it's validTue Feb 15 07:49:22 2022 : Debug: # Loaded module rlm_unpackTue Feb 15 07:49:22 2022 : Debug: # Loading module "unpack" from file /etc/freeradius/3.0/mods-enabled/unpackTue Feb 15 07:49:22 2022 : Debug: instantiate {Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Instantiating module "detail" from file /etc/freeradius/3.0/mods-enabled/detailTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "linelog" from file /etc/freeradius/3.0/mods-enabled/linelogTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "log_accounting" from file /etc/freeradius/3.0/mods-enabled/linelogTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "files" from file /etc/freeradius/3.0/mods-enabled/filesTue Feb 15 07:49:22 2022 : Debug: reading pairlist file /etc/freeradius/3.0/mods-config/files/authorizeTue Feb 15 07:49:22 2022 : Debug: reading pairlist file /etc/freeradius/3.0/mods-config/files/accountingTue Feb 15 07:49:22 2022 : Debug: reading pairlist file /etc/freeradius/3.0/mods-config/files/pre-proxyTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "pap" from file /etc/freeradius/3.0/mods-enabled/papTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "preprocess" from file /etc/freeradius/3.0/mods-enabled/preprocessTue Feb 15 07:49:22 2022 : Debug: reading pairlist file /etc/freeradius/3.0/mods-config/preprocess/huntgroupsTue Feb 15 07:49:22 2022 : Debug: reading pairlist file /etc/freeradius/3.0/mods-config/preprocess/hintsTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "mschap" from file /etc/freeradius/3.0/mods-enabled/mschapTue Feb 15 07:49:22 2022 : Debug: rlm_mschap (mschap): authenticating by calling 'ntlm_auth'Tue Feb 15 07:49:22 2022 : Debug: # Instantiating module "logintime" from file /etc/freeradius/3.0/mods-enabled/logintimeTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filterTue Feb 15 07:49:22 2022 : Debug: reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/post-proxyTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filterTue Feb 15 07:49:22 2022 : Debug: reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/pre-proxyTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "attr_filter.access_reject" from file /etc/freeradius/3.0/mods-enabled/attr_filterTue Feb 15 07:49:22 2022 : Debug: reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/access_rejectTue Feb 15 07:49:22 2022 : Warning: [/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT". Tue Feb 15 07:49:22 2022 : Warning: [/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT". Tue Feb 15 07:49:22 2022 : Debug: # Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/3.0/mods-enabled/attr_filterTue Feb 15 07:49:22 2022 : Debug: reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/access_challengeTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/3.0/mods-enabled/attr_filterTue Feb 15 07:49:22 2022 : Debug: reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/accounting_responseTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "reject" from file /etc/freeradius/3.0/mods-enabled/alwaysTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "fail" from file /etc/freeradius/3.0/mods-enabled/alwaysTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "ok" from file /etc/freeradius/3.0/mods-enabled/alwaysTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "handled" from file /etc/freeradius/3.0/mods-enabled/alwaysTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "invalid" from file /etc/freeradius/3.0/mods-enabled/alwaysTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "userlock" from file /etc/freeradius/3.0/mods-enabled/alwaysTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "notfound" from file /etc/freeradius/3.0/mods-enabled/alwaysTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "noop" from file /etc/freeradius/3.0/mods-enabled/alwaysTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "updated" from file /etc/freeradius/3.0/mods-enabled/alwaysTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "etc_passwd" from file /etc/freeradius/3.0/mods-enabled/passwdTue Feb 15 07:49:22 2022 : Debug: rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: noTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "IPASS" from file /etc/freeradius/3.0/mods-enabled/realmTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "suffix" from file /etc/freeradius/3.0/mods-enabled/realmTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "realmpercent" from file /etc/freeradius/3.0/mods-enabled/realmTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "ntdomain" from file /etc/freeradius/3.0/mods-enabled/realmTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "auth_log" from file /etc/freeradius/3.0/mods-enabled/detail.logTue Feb 15 07:49:22 2022 : Debug: rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail outputTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "reply_log" from file /etc/freeradius/3.0/mods-enabled/detail.logTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "pre_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.logTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "post_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.logTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "eap" from file /etc/freeradius/3.0/mods-enabled/eapTue Feb 15 07:49:22 2022 : Debug: Loading rlm_eap_tls with path: /usr/lib/freeradius/rlm_eap_tls.soTue Feb 15 07:49:22 2022 : Debug: # Linked to sub-module rlm_eap_tlsTue Feb 15 07:49:22 2022 : Debug: tls {Tue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/mods-enabled/eap[10]: The item 'cadir' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/mods-enabled/eap[11]: The item 'private_key_password' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/mods-enabled/eap[12]: The item 'private_key_file' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/mods-enabled/eap[14]: The item 'certificate_file' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/mods-enabled/eap[16]: The item 'ca_file' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/mods-enabled/eap[18]: The item 'dh_file' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/mods-enabled/eap[19]: The item 'random_file' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/mods-enabled/eap[21]: The item 'cipher_list' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/mods-enabled/eap[22]: The item 'cipher_server_preference' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/mods-enabled/eap[23]: The item 'make_cert_command' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/mods-enabled/eap[24]: The item 'ecdh_curve' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Info: TLS section "tls" missing, trying to use legacy configurationTue Feb 15 07:49:22 2022 : Debug: tls {Tue Feb 15 07:49:22 2022 : Debug: verify_depth = 0Tue Feb 15 07:49:22 2022 : Debug: pem_file_type = yesTue Feb 15 07:49:22 2022 : Debug: private_key_file = "/etc/ssl/private/ssl-cert-snakeoil.key"Tue Feb 15 07:49:22 2022 : Debug: certificate_file = "/etc/ssl/certs/ssl-cert-snakeoil.pem"Tue Feb 15 07:49:22 2022 : Debug: ca_file = "/etc/ssl/certs/ca-certificates.crt"Tue Feb 15 07:49:22 2022 : Debug: private_key_password = "aderader"Tue Feb 15 07:49:22 2022 : Debug: dh_file = "/etc/freeradius/3.0/certs/dh"Tue Feb 15 07:49:22 2022 : Debug: random_file = "/dev/urandom"Tue Feb 15 07:49:22 2022 : Debug: fragment_size = 1024Tue Feb 15 07:49:22 2022 : Debug: include_length = yesTue Feb 15 07:49:22 2022 : Debug: auto_chain = yesTue Feb 15 07:49:22 2022 : Debug: check_crl = noTue Feb 15 07:49:22 2022 : Debug: check_all_crl = noTue Feb 15 07:49:22 2022 : Debug: cipher_list = "DEFAULT"Tue Feb 15 07:49:22 2022 : Debug: cipher_server_preference = noTue Feb 15 07:49:22 2022 : Debug: ecdh_curve = "prime256v1"Tue Feb 15 07:49:22 2022 : Debug: tls_max_version = ""Tue Feb 15 07:49:22 2022 : Debug: tls_min_version = "1.0"Tue Feb 15 07:49:22 2022 : Debug: cache {Tue Feb 15 07:49:22 2022 : Debug: enable = noTue Feb 15 07:49:22 2022 : Debug: lifetime = 24Tue Feb 15 07:49:22 2022 : Debug: max_entries = 255Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: verify {Tue Feb 15 07:49:22 2022 : Debug: skip_if_ocsp_ok = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: ocsp {Tue Feb 15 07:49:22 2022 : Debug: enable = noTue Feb 15 07:49:22 2022 : Debug: override_cert_url = noTue Feb 15 07:49:22 2022 : Debug: use_nonce = yesTue Feb 15 07:49:22 2022 : Debug: timeout = 0Tue Feb 15 07:49:22 2022 : Debug: softfail = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/mods-enabled/eap[10]: The item 'cadir' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Warning: /etc/freeradius/3.0/mods-enabled/eap[23]: The item 'make_cert_command' is defined, but is unused by the configurationTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: Loading rlm_eap_ttls with path: /usr/lib/freeradius/rlm_eap_ttls.soTue Feb 15 07:49:22 2022 : Debug: # Linked to sub-module rlm_eap_ttlsTue Feb 15 07:49:22 2022 : Debug: ttls {Tue Feb 15 07:49:22 2022 : Debug: default_eap_type = "mschapv2"Tue Feb 15 07:49:22 2022 : Debug: copy_request_to_tunnel = yesTue Feb 15 07:49:22 2022 : Debug: use_tunneled_reply = yesTue Feb 15 07:49:22 2022 : Debug: virtual_server = "inner-tunnel"Tue Feb 15 07:49:22 2022 : Debug: include_length = yesTue Feb 15 07:49:22 2022 : Debug: require_client_cert = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Info: TLS section "tls" missing, trying to use legacy configurationTue Feb 15 07:49:22 2022 : Debug: tls: Using cached TLS configuration from previous invocationTue Feb 15 07:49:22 2022 : Debug: Loading rlm_eap_peap with path: /usr/lib/freeradius/rlm_eap_peap.soTue Feb 15 07:49:22 2022 : Debug: # Linked to sub-module rlm_eap_peapTue Feb 15 07:49:22 2022 : Debug: peap {Tue Feb 15 07:49:22 2022 : Debug: default_eap_type = "mschapv2"Tue Feb 15 07:49:22 2022 : Debug: copy_request_to_tunnel = yesTue Feb 15 07:49:22 2022 : Debug: use_tunneled_reply = yesTue Feb 15 07:49:22 2022 : Debug: proxy_tunneled_request_as_eap = yesTue Feb 15 07:49:22 2022 : Debug: virtual_server = "inner-tunnel"Tue Feb 15 07:49:22 2022 : Debug: soh = noTue Feb 15 07:49:22 2022 : Debug: require_client_cert = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Info: TLS section "tls" missing, trying to use legacy configurationTue Feb 15 07:49:22 2022 : Debug: tls: Using cached TLS configuration from previous invocationTue Feb 15 07:49:22 2022 : Debug: Loading rlm_eap_mschapv2 with path: /usr/lib/freeradius/rlm_eap_mschapv2.soTue Feb 15 07:49:22 2022 : Debug: # Linked to sub-module rlm_eap_mschapv2Tue Feb 15 07:49:22 2022 : Debug: mschapv2 {Tue Feb 15 07:49:22 2022 : Debug: with_ntdomain_hack = noTue Feb 15 07:49:22 2022 : Debug: send_error = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: # Instantiating module "cache_eap" from file /etc/freeradius/3.0/mods-enabled/cache_eapTue Feb 15 07:49:22 2022 : Debug: Loading rlm_cache_rbtree with path: /usr/lib/freeradius/rlm_cache_rbtree.soTue Feb 15 07:49:22 2022 : Debug: rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linkedTue Feb 15 07:49:22 2022 : Debug: # Instantiating module "ldap" from file /etc/freeradius/3.0/mods-enabled/ldapTue Feb 15 07:49:22 2022 : Info: rlm_ldap: libldap vendor: OpenLDAP, version: 20447Tue Feb 15 07:49:22 2022 : Debug: accounting {Tue Feb 15 07:49:22 2022 : Debug: reference = "%{tolower:type.%{Acct-Status-Type}}"Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: post-auth {Tue Feb 15 07:49:22 2022 : Debug: reference = "."Tue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Debug: LDAP server string: ldap://se4ad.lyceeader.eu:389Tue Feb 15 07:49:22 2022 : Debug: rlm_ldap (ldap): Using local pool sectionTue Feb 15 07:49:22 2022 : Debug: rlm_ldap (ldap): No pool reference found for config item "ldap.pool"Tue Feb 15 07:49:22 2022 : Debug: rlm_ldap (ldap): Initialising connection poolTue Feb 15 07:49:22 2022 : Debug: pool {Tue Feb 15 07:49:22 2022 : Debug: start = 5Tue Feb 15 07:49:22 2022 : Debug: min = 3Tue Feb 15 07:49:22 2022 : Debug: max = 32Tue Feb 15 07:49:22 2022 : Debug: spare = 10Tue Feb 15 07:49:22 2022 : Debug: uses = 0Tue Feb 15 07:49:22 2022 : Debug: lifetime = 0Tue Feb 15 07:49:22 2022 : Debug: cleanup_interval = 30Tue Feb 15 07:49:22 2022 : Debug: idle_timeout = 60Tue Feb 15 07:49:22 2022 : Debug: retry_delay = 30Tue Feb 15 07:49:22 2022 : Debug: spread = noTue Feb 15 07:49:22 2022 : Debug: }Tue Feb 15 07:49:22 2022 : Info: rlm_ldap (ldap): Opening additional connection (0), 1 of 32 pending slots usedTue Feb 15 07:49:22 2022 : Debug: rlm_ldap (ldap): Connecting to ldap://se4ad.lyceeader.eu:389Tue Feb 15 07:49:22 2022 : Debug: rlm_ldap (ldap): New libldap handle 0x55bdfc36be80Tue Feb 15 07:49:22 2022 : Debug: rlm_ldap (ldap): Waiting for bind result...Tue Feb 15 07:49:22 2022 : Debug: rlm_ldap (ldap): Bind successfulTue Feb 15 07:49:22 2022 : Info: rlm_ldap (ldap): Opening additional connection (1), 1 of 31 pending slots usedTue Feb 15 07:49:22 2022 : Debug: rlm_ldap (ldap): Connecting to ldap://se4ad.lyceeader.eu:389Tue Feb 15 07:49:22 2022 : Debug: rlm_ldap (ldap): New libldap handle 0x55bdfc36dfe0Tue Feb 15 07:49:22 2022 : Debug: rlm_ldap (ldap): Waiting for bind result...Tue Feb 15 07:49:23 2022 : Debug: rlm_ldap (ldap): Bind successfulTue Feb 15 07:49:23 2022 : Info: rlm_ldap (ldap): Opening additional connection (2), 1 of 30 pending slots usedTue Feb 15 07:49:23 2022 : Debug: rlm_ldap (ldap): Connecting to ldap://se4ad.lyceeader.eu:389Tue Feb 15 07:49:23 2022 : Debug: rlm_ldap (ldap): New libldap handle 0x55bdfc38d6b0Tue Feb 15 07:49:23 2022 : Debug: rlm_ldap (ldap): Waiting for bind result...Tue Feb 15 07:49:23 2022 : Debug: rlm_ldap (ldap): Bind successfulTue Feb 15 07:49:23 2022 : Info: rlm_ldap (ldap): Opening additional connection (3), 1 of 29 pending slots usedTue Feb 15 07:49:23 2022 : Debug: rlm_ldap (ldap): Connecting to ldap://se4ad.lyceeader.eu:389Tue Feb 15 07:49:23 2022 : Debug: rlm_ldap (ldap): New libldap handle 0x55bdfc38e170Tue Feb 15 07:49:23 2022 : Debug: rlm_ldap (ldap): Waiting for bind result...Tue Feb 15 07:49:23 2022 : Debug: rlm_ldap (ldap): Bind successfulTue Feb 15 07:49:23 2022 : Info: rlm_ldap (ldap): Opening additional connection (4), 1 of 28 pending slots usedTue Feb 15 07:49:23 2022 : Debug: rlm_ldap (ldap): Connecting to ldap://se4ad.lyceeader.eu:389Tue Feb 15 07:49:23 2022 : Debug: rlm_ldap (ldap): New libldap handle 0x55bdfc3a4460Tue Feb 15 07:49:23 2022 : Debug: rlm_ldap (ldap): Waiting for bind result...Tue Feb 15 07:49:23 2022 : Debug: rlm_ldap (ldap): Bind successfulTue Feb 15 07:49:23 2022 : Debug: rlm_ldap (ldap): Adding pool reference 0x55bdfc341100 to config item "ldap.pool"Tue Feb 15 07:49:23 2022 : Debug: # Instantiating module "expiration" from file /etc/freeradius/3.0/mods-enabled/expirationTue Feb 15 07:49:23 2022 : Debug: } # modulesTue Feb 15 07:49:23 2022 : Debug: radiusd: #### Loading Virtual Servers ####Tue Feb 15 07:49:23 2022 : Debug: server { # from file /etc/freeradius/3.0/radiusd.confTue Feb 15 07:49:23 2022 : Debug: } # serverTue Feb 15 07:49:23 2022 : Debug: server inner-tunnel { # from file /etc/freeradius/3.0/sites-enabled/inner-tunnelTue Feb 15 07:49:23 2022 : Debug: authenticate {Tue Feb 15 07:49:23 2022 : Debug: group {Tue Feb 15 07:49:23 2022 : Debug: papTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: group {Tue Feb 15 07:49:23 2022 : Debug: chapTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: group {Tue Feb 15 07:49:23 2022 : Debug: mschapTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: mschapTue Feb 15 07:49:23 2022 : Debug: eapTue Feb 15 07:49:23 2022 : Debug: } # authenticateTue Feb 15 07:49:23 2022 : Debug: authorize {Tue Feb 15 07:49:23 2022 : Debug: policy filter_username {Tue Feb 15 07:49:23 2022 : Debug: if (&User-Name) {Tue Feb 15 07:49:23 2022 : Debug: if (&User-Name =~ / /) {Tue Feb 15 07:49:23 2022 : Debug: update {Tue Feb 15 07:49:23 2022 : Debug: &Module-Failure-Message += 'Rejected: User-Name contains whitespace'Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: rejectTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: if (&User-Name =~ /@[^@]*@/) {Tue Feb 15 07:49:23 2022 : Debug: update {Tue Feb 15 07:49:23 2022 : Debug: &Module-Failure-Message += 'Rejected: Multiple @ in User-Name'Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: rejectTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: if (&User-Name =~ /\.\./) {Tue Feb 15 07:49:23 2022 : Debug: update {Tue Feb 15 07:49:23 2022 : Debug: &Module-Failure-Message += 'Rejected: User-Name contains multiple ..s'Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: rejectTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: if (&User-Name =~ /@/ && !&User-Name =~ /(a)(.+)\.(.+)$/) {Tue Feb 15 07:49:23 2022 : Debug: update {Tue Feb 15 07:49:23 2022 : Debug: &Module-Failure-Message += 'Rejected: Realm does not have at least one dot separator'Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: rejectTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: if (&User-Name =~ /\.$/) {Tue Feb 15 07:49:23 2022 : Debug: update {Tue Feb 15 07:49:23 2022 : Debug: &Module-Failure-Message += 'Rejected: Realm ends with a dot'Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: rejectTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: if (&User-Name =~ /(a)\./) {Tue Feb 15 07:49:23 2022 : Debug: update {Tue Feb 15 07:49:23 2022 : Debug: &Module-Failure-Message += 'Rejected: Realm begins with a dot'Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: rejectTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: chapTue Feb 15 07:49:23 2022 : Debug: mschapTue Feb 15 07:49:23 2022 : Debug: suffixTue Feb 15 07:49:23 2022 : Debug: update {Tue Feb 15 07:49:23 2022 : Debug: &control:Proxy-To-Realm := LOCALTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: eapTue Feb 15 07:49:23 2022 : Debug: filesTue Feb 15 07:49:23 2022 : Warning: Ignoring "sql" (see raddb/mods-available/README.rst)Tue Feb 15 07:49:23 2022 : Debug: ldapTue Feb 15 07:49:23 2022 : Debug: expirationTue Feb 15 07:49:23 2022 : Debug: logintimeTue Feb 15 07:49:23 2022 : Debug: papTue Feb 15 07:49:23 2022 : Debug: } # authorizeTue Feb 15 07:49:23 2022 : Debug: session {Tue Feb 15 07:49:23 2022 : Debug: radutmpTue Feb 15 07:49:23 2022 : Debug: } # sessionTue Feb 15 07:49:23 2022 : Debug: post-proxy {Tue Feb 15 07:49:23 2022 : Debug: eapTue Feb 15 07:49:23 2022 : Debug: } # post-proxyTue Feb 15 07:49:23 2022 : Debug: post-auth {Tue Feb 15 07:49:23 2022 : Info: # Skipping contents of 'if' as it is always 'false' -- /etc/freeradius/3.0/sites-enabled/inner-tunnel:331Tue Feb 15 07:49:23 2022 : Debug: if (false) {Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: group {Tue Feb 15 07:49:23 2022 : Debug: attr_filter.access_rejectTue Feb 15 07:49:23 2022 : Debug: update {Tue Feb 15 07:49:23 2022 : Debug: &outer.session-state:Module-Failure-Message := &Module-Failure-MessageTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: } # post-authTue Feb 15 07:49:23 2022 : Debug: } # server inner-tunnelTue Feb 15 07:49:23 2022 : Debug: server default { # from file /etc/freeradius/3.0/sites-enabled/defaultTue Feb 15 07:49:23 2022 : Debug: authenticate {Tue Feb 15 07:49:23 2022 : Debug: group {Tue Feb 15 07:49:23 2022 : Debug: papTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: group {Tue Feb 15 07:49:23 2022 : Debug: chapTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: group {Tue Feb 15 07:49:23 2022 : Debug: mschapTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: mschapTue Feb 15 07:49:23 2022 : Debug: digestTue Feb 15 07:49:23 2022 : Debug: eapTue Feb 15 07:49:23 2022 : Debug: } # authenticateTue Feb 15 07:49:23 2022 : Debug: authorize {Tue Feb 15 07:49:23 2022 : Debug: policy filter_username {Tue Feb 15 07:49:23 2022 : Debug: if (&User-Name) {Tue Feb 15 07:49:23 2022 : Debug: if (&User-Name =~ / /) {Tue Feb 15 07:49:23 2022 : Debug: update {Tue Feb 15 07:49:23 2022 : Debug: &Module-Failure-Message += 'Rejected: User-Name contains whitespace'Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: rejectTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: if (&User-Name =~ /@[^@]*@/) {Tue Feb 15 07:49:23 2022 : Debug: update {Tue Feb 15 07:49:23 2022 : Debug: &Module-Failure-Message += 'Rejected: Multiple @ in User-Name'Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: rejectTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: if (&User-Name =~ /\.\./) {Tue Feb 15 07:49:23 2022 : Debug: update {Tue Feb 15 07:49:23 2022 : Debug: &Module-Failure-Message += 'Rejected: User-Name contains multiple ..s'Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: rejectTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: if (&User-Name =~ /@/ && !&User-Name =~ /(a)(.+)\.(.+)$/) {Tue Feb 15 07:49:23 2022 : Debug: update {Tue Feb 15 07:49:23 2022 : Debug: &Module-Failure-Message += 'Rejected: Realm does not have at least one dot separator'Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: rejectTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: if (&User-Name =~ /\.$/) {Tue Feb 15 07:49:23 2022 : Debug: update {Tue Feb 15 07:49:23 2022 : Debug: &Module-Failure-Message += 'Rejected: Realm ends with a dot'Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: rejectTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: if (&User-Name =~ /(a)\./) {Tue Feb 15 07:49:23 2022 : Debug: update {Tue Feb 15 07:49:23 2022 : Debug: &Module-Failure-Message += 'Rejected: Realm begins with a dot'Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: rejectTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: preprocessTue Feb 15 07:49:23 2022 : Debug: chapTue Feb 15 07:49:23 2022 : Debug: mschapTue Feb 15 07:49:23 2022 : Debug: digestTue Feb 15 07:49:23 2022 : Debug: suffixTue Feb 15 07:49:23 2022 : Debug: eapTue Feb 15 07:49:23 2022 : Debug: filesTue Feb 15 07:49:23 2022 : Debug: ldapTue Feb 15 07:49:23 2022 : Debug: expirationTue Feb 15 07:49:23 2022 : Debug: logintimeTue Feb 15 07:49:23 2022 : Debug: papTue Feb 15 07:49:23 2022 : Debug: } # authorizeTue Feb 15 07:49:23 2022 : Debug: preacct {Tue Feb 15 07:49:23 2022 : Debug: preprocessTue Feb 15 07:49:23 2022 : Debug: policy acct_unique {Tue Feb 15 07:49:23 2022 : Debug: update {Tue Feb 15 07:49:23 2022 : Debug: &Tmp-String-9 := "ai:"Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: if ("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/ && "%{string:&Class}" =~ /^ai:([0-9a-f]{32})/) {Tue Feb 15 07:49:23 2022 : Debug: update {Tue Feb 15 07:49:23 2022 : Debug: &Acct-Unique-Session-Id := "%{md5:%{1},%{Acct-Session-ID}}"Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: else {Tue Feb 15 07:49:23 2022 : Debug: update {Tue Feb 15 07:49:23 2022 : Debug: &Acct-Unique-Session-Id := "%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}"Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: suffixTue Feb 15 07:49:23 2022 : Debug: filesTue Feb 15 07:49:23 2022 : Debug: } # preacctTue Feb 15 07:49:23 2022 : Debug: accounting {Tue Feb 15 07:49:23 2022 : Debug: detailTue Feb 15 07:49:23 2022 : Debug: unixTue Feb 15 07:49:23 2022 : Debug: execTue Feb 15 07:49:23 2022 : Debug: attr_filter.accounting_responseTue Feb 15 07:49:23 2022 : Debug: } # accountingTue Feb 15 07:49:23 2022 : Debug: post-proxy {Tue Feb 15 07:49:23 2022 : Debug: eapTue Feb 15 07:49:23 2022 : Debug: } # post-proxyTue Feb 15 07:49:23 2022 : Debug: post-auth {Tue Feb 15 07:49:23 2022 : Debug: update {Tue Feb 15 07:49:23 2022 : Debug: &reply:[*] += &session-state:[*]Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: execTue Feb 15 07:49:23 2022 : Debug: policy remove_reply_message_if_eap {Tue Feb 15 07:49:23 2022 : Debug: if (&reply:EAP-Message && &reply:Reply-Message) {Tue Feb 15 07:49:23 2022 : Debug: update {Tue Feb 15 07:49:23 2022 : Debug: &reply:Reply-Message !* ANYTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: else {Tue Feb 15 07:49:23 2022 : Debug: noopTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: group {Tue Feb 15 07:49:23 2022 : Debug: attr_filter.access_rejectTue Feb 15 07:49:23 2022 : Debug: eapTue Feb 15 07:49:23 2022 : Debug: policy remove_reply_message_if_eap {Tue Feb 15 07:49:23 2022 : Debug: if (&reply:EAP-Message && &reply:Reply-Message) {Tue Feb 15 07:49:23 2022 : Debug: update {Tue Feb 15 07:49:23 2022 : Debug: &reply:Reply-Message !* ANYTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: else {Tue Feb 15 07:49:23 2022 : Debug: noopTue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: group {Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: } # post-authTue Feb 15 07:49:23 2022 : Debug: } # server defaultTue Feb 15 07:49:23 2022 : Debug: Created signal pipe. Read end FD 11, write end FD 12Tue Feb 15 07:49:23 2022 : Debug: radiusd: #### Opening IP addresses and Ports ####Tue Feb 15 07:49:23 2022 : Debug: Loading proto_auth with path: /usr/lib/freeradius/proto_auth.soTue Feb 15 07:49:23 2022 : Debug: Loading proto_auth failed: /usr/lib/freeradius/proto_auth.so: cannot open shared object file: No such file or directory - No such file or directoryTue Feb 15 07:49:23 2022 : Debug: Loading library using linker search path(s)Tue Feb 15 07:49:23 2022 : Debug: Defaults : /lib:/usr/libTue Feb 15 07:49:23 2022 : Debug: Failed with error: proto_auth.so: cannot open shared object file: No such file or directoryTue Feb 15 07:49:23 2022 : Debug: listen {Tue Feb 15 07:49:23 2022 : Debug: type = "auth"Tue Feb 15 07:49:23 2022 : Debug: ipaddr = 127.0.0.1Tue Feb 15 07:49:23 2022 : Debug: port = 18120Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: Loading proto_auth with path: /usr/lib/freeradius/proto_auth.soTue Feb 15 07:49:23 2022 : Debug: Loading proto_auth failed: /usr/lib/freeradius/proto_auth.so: cannot open shared object file: No such file or directory - No such file or directoryTue Feb 15 07:49:23 2022 : Debug: Loading library using linker search path(s)Tue Feb 15 07:49:23 2022 : Debug: Defaults : /lib:/usr/libTue Feb 15 07:49:23 2022 : Debug: Failed with error: proto_auth.so: cannot open shared object file: No such file or directoryTue Feb 15 07:49:23 2022 : Debug: listen {Tue Feb 15 07:49:23 2022 : Debug: type = "auth"Tue Feb 15 07:49:23 2022 : Debug: ipaddr = *Tue Feb 15 07:49:23 2022 : Debug: port = 1812Tue Feb 15 07:49:23 2022 : Debug: limit {Tue Feb 15 07:49:23 2022 : Debug: max_connections = 16Tue Feb 15 07:49:23 2022 : Debug: lifetime = 0Tue Feb 15 07:49:23 2022 : Debug: idle_timeout = 30Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: Loading proto_acct with path: /usr/lib/freeradius/proto_acct.soTue Feb 15 07:49:23 2022 : Debug: Loading proto_acct failed: /usr/lib/freeradius/proto_acct.so: cannot open shared object file: No such file or directory - No such file or directoryTue Feb 15 07:49:23 2022 : Debug: Loading library using linker search path(s)Tue Feb 15 07:49:23 2022 : Debug: Defaults : /lib:/usr/libTue Feb 15 07:49:23 2022 : Debug: Failed with error: proto_acct.so: cannot open shared object file: No such file or directoryTue Feb 15 07:49:23 2022 : Debug: listen {Tue Feb 15 07:49:23 2022 : Debug: type = "acct"Tue Feb 15 07:49:23 2022 : Debug: ipaddr = *Tue Feb 15 07:49:23 2022 : Debug: port = 0Tue Feb 15 07:49:23 2022 : Debug: limit {Tue Feb 15 07:49:23 2022 : Debug: max_connections = 16Tue Feb 15 07:49:23 2022 : Debug: lifetime = 0Tue Feb 15 07:49:23 2022 : Debug: idle_timeout = 30Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: Loading proto_auth with path: /usr/lib/freeradius/proto_auth.soTue Feb 15 07:49:23 2022 : Debug: Loading proto_auth failed: /usr/lib/freeradius/proto_auth.so: cannot open shared object file: No such file or directory - No such file or directoryTue Feb 15 07:49:23 2022 : Debug: Loading library using linker search path(s)Tue Feb 15 07:49:23 2022 : Debug: Defaults : /lib:/usr/libTue Feb 15 07:49:23 2022 : Debug: Failed with error: proto_auth.so: cannot open shared object file: No such file or directoryTue Feb 15 07:49:23 2022 : Debug: listen {Tue Feb 15 07:49:23 2022 : Debug: type = "auth"Tue Feb 15 07:49:23 2022 : Debug: ipv6addr = ::Tue Feb 15 07:49:23 2022 : Debug: port = 0Tue Feb 15 07:49:23 2022 : Debug: limit {Tue Feb 15 07:49:23 2022 : Debug: max_connections = 16Tue Feb 15 07:49:23 2022 : Debug: lifetime = 0Tue Feb 15 07:49:23 2022 : Debug: idle_timeout = 30Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: Loading proto_acct with path: /usr/lib/freeradius/proto_acct.soTue Feb 15 07:49:23 2022 : Debug: Loading proto_acct failed: /usr/lib/freeradius/proto_acct.so: cannot open shared object file: No such file or directory - No such file or directoryTue Feb 15 07:49:23 2022 : Debug: Loading library using linker search path(s)Tue Feb 15 07:49:23 2022 : Debug: Defaults : /lib:/usr/libTue Feb 15 07:49:23 2022 : Debug: Failed with error: proto_acct.so: cannot open shared object file: No such file or directoryTue Feb 15 07:49:23 2022 : Debug: listen {Tue Feb 15 07:49:23 2022 : Debug: type = "acct"Tue Feb 15 07:49:23 2022 : Debug: ipv6addr = ::Tue Feb 15 07:49:23 2022 : Debug: port = 0Tue Feb 15 07:49:23 2022 : Debug: limit {Tue Feb 15 07:49:23 2022 : Debug: max_connections = 16Tue Feb 15 07:49:23 2022 : Debug: lifetime = 0Tue Feb 15 07:49:23 2022 : Debug: idle_timeout = 30Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: }Tue Feb 15 07:49:23 2022 : Debug: Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnelTue Feb 15 07:49:23 2022 : Debug: Listening on auth address * port 1812 bound to server defaultTue Feb 15 07:49:23 2022 : Debug: Listening on acct address * port 1813 bound to server defaultTue Feb 15 07:49:23 2022 : Debug: Listening on auth address :: port 1812 bound to server defaultTue Feb 15 07:49:23 2022 : Debug: Listening on acct address :: port 1813 bound to server defaultTue Feb 15 07:49:23 2022 : Debug: Opened new proxy socket 'proxy address * port 58636'Tue Feb 15 07:49:23 2022 : Debug: Listening on proxy address * port 58636Tue Feb 15 07:49:23 2022 : Debug: Opened new proxy socket 'proxy address :: port 56746'Tue Feb 15 07:49:23 2022 : Debug: Listening on proxy address :: port 56746Tue Feb 15 07:49:23 2022 : Info: Ready to process requestsTue Feb 15 07:49:23 2022 : Debug: (0) Received Access-Request Id 154 from 172.16.251.14:58115 to 172.16.1.232:1812 length 212Tue Feb 15 07:49:23 2022 : Debug: (0) User-Name = "eric.roger"Tue Feb 15 07:49:23 2022 : Debug: (0) NAS-IP-Address = 172.16.251.14Tue Feb 15 07:49:23 2022 : Debug: (0) NAS-Port = 0Tue Feb 15 07:49:23 2022 : Debug: (0) NAS-Identifier = "172.16.251.14"Tue Feb 15 07:49:23 2022 : Debug: (0) NAS-Port-Type = Wireless-802.11Tue Feb 15 07:49:23 2022 : Debug: (0) Calling-Station-Id = "001a138fd604"Tue Feb 15 07:49:23 2022 : Debug: (0) Called-Station-Id = "e82689c6cb82"Tue Feb 15 07:49:23 2022 : Debug: (0) Service-Type = Framed-UserTue Feb 15 07:49:23 2022 : Debug: (0) Framed-MTU = 1100Tue Feb 15 07:49:23 2022 : Debug: (0) EAP-Message = 0x0208000f01657269632e726f676572Tue Feb 15 07:49:23 2022 : Debug: (0) Aruba-Essid-Name = "Test"Tue Feb 15 07:49:23 2022 : Debug: (0) Aruba-Location-Id = "AP14"Tue Feb 15 07:49:23 2022 : Debug: (0) Aruba-AP-Group = "Ctrl-Wlan-Clement ADER-BYOD1"Tue Feb 15 07:49:23 2022 : Debug: (0) Aruba-Device-Type = "NOFP"Tue Feb 15 07:49:23 2022 : Debug: (0) Message-Authenticator = 0x7146bcf2b773fddacdd486633aa156a5Tue Feb 15 07:49:23 2022 : Debug: (0) session-state: No State attributeTue Feb 15 07:49:23 2022 : Debug: (0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/defaultTue Feb 15 07:49:23 2022 : Debug: (0) authorize {Tue Feb 15 07:49:23 2022 : Debug: (0) policy filter_username {Tue Feb 15 07:49:23 2022 : Debug: (0) if (&User-Name) {Tue Feb 15 07:49:23 2022 : Debug: (0) if (&User-Name) -> TRUETue Feb 15 07:49:23 2022 : Debug: (0) if (&User-Name) {Tue Feb 15 07:49:23 2022 : Debug: (0) if (&User-Name =~ / /) {Tue Feb 15 07:49:23 2022 : Debug: No matchesTue Feb 15 07:49:23 2022 : Debug: (0) if (&User-Name =~ / /) -> FALSETue Feb 15 07:49:23 2022 : Debug: (0) if (&User-Name =~ /@[^@]*@/ ) {Tue Feb 15 07:49:23 2022 : Debug: No matchesTue Feb 15 07:49:23 2022 : Debug: (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSETue Feb 15 07:49:23 2022 : Debug: (0) if (&User-Name =~ /\.\./ ) {Tue Feb 15 07:49:23 2022 : Debug: No matchesTue Feb 15 07:49:23 2022 : Debug: (0) if (&User-Name =~ /\.\./ ) -> FALSETue Feb 15 07:49:23 2022 : Debug: (0) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {Tue Feb 15 07:49:23 2022 : Debug: No matchesTue Feb 15 07:49:23 2022 : Debug: (0) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSETue Feb 15 07:49:23 2022 : Debug: (0) if (&User-Name =~ /\.$/) {Tue Feb 15 07:49:23 2022 : Debug: No matchesTue Feb 15 07:49:23 2022 : Debug: (0) if (&User-Name =~ /\.$/) -> FALSETue Feb 15 07:49:23 2022 : Debug: (0) if (&User-Name =~ /(a)\./) {Tue Feb 15 07:49:23 2022 : Debug: No matchesTue Feb 15 07:49:23 2022 : Debug: (0) if (&User-Name =~ /(a)\./) -> FALSETue Feb 15 07:49:23 2022 : Debug: (0) } # if (&User-Name) = notfoundTue Feb 15 07:49:23 2022 : Debug: (0) } # policy filter_username = notfoundTue Feb 15 07:49:23 2022 : Debug: (0) modsingle[authorize]: calling preprocess (rlm_preprocess)Tue Feb 15 07:49:23 2022 : Debug: (0) modsingle[authorize]: returned from preprocess (rlm_preprocess)Tue Feb 15 07:49:23 2022 : Debug: (0) [preprocess] = okTue Feb 15 07:49:23 2022 : Debug: (0) modsingle[authorize]: calling chap (rlm_chap)Tue Feb 15 07:49:23 2022 : Debug: (0) modsingle[authorize]: returned from chap (rlm_chap)Tue Feb 15 07:49:23 2022 : Debug: (0) [chap] = noopTue Feb 15 07:49:23 2022 : Debug: (0) modsingle[authorize]: calling mschap (rlm_mschap)Tue Feb 15 07:49:23 2022 : Debug: (0) modsingle[authorize]: returned from mschap (rlm_mschap)Tue Feb 15 07:49:23 2022 : Debug: (0) [mschap] = noopTue Feb 15 07:49:23 2022 : Debug: (0) modsingle[authorize]: calling digest (rlm_digest)Tue Feb 15 07:49:23 2022 : Debug: (0) modsingle[authorize]: returned from digest (rlm_digest)Tue Feb 15 07:49:23 2022 : Debug: (0) [digest] = noopTue Feb 15 07:49:23 2022 : Debug: (0) modsingle[authorize]: calling suffix (rlm_realm)Tue Feb 15 07:49:23 2022 : Debug: (0) suffix: Checking for suffix after "@"Tue Feb 15 07:49:23 2022 : Debug: (0) suffix: No '@' in User-Name = "eric.roger", looking up realm NULLTue Feb 15 07:49:23 2022 : Debug: (0) suffix: Found realm "DEFAULT"Tue Feb 15 07:49:23 2022 : Debug: (0) suffix: Adding Realm = "DEFAULT"Tue Feb 15 07:49:23 2022 : Debug: (0) suffix: Authentication realm is LOCALTue Feb 15 07:49:23 2022 : Debug: (0) modsingle[authorize]: returned from suffix (rlm_realm)Tue Feb 15 07:49:23 2022 : Debug: (0) [suffix] = okTue Feb 15 07:49:23 2022 : Debug: (0) modsingle[authorize]: calling eap (rlm_eap)Tue Feb 15 07:49:23 2022 : Debug: (0) eap: Peer sent EAP Response (code 2) ID 8 length 15Tue Feb 15 07:49:23 2022 : Debug: (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorizeTue Feb 15 07:49:23 2022 : Debug: (0) modsingle[authorize]: returned from eap (rlm_eap)Tue Feb 15 07:49:23 2022 : Debug: (0) [eap] = okTue Feb 15 07:49:23 2022 : Debug: (0) } # authorize = okTue Feb 15 07:49:23 2022 : Debug: (0) Found Auth-Type = eapTue Feb 15 07:49:23 2022 : Debug: (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/defaultTue Feb 15 07:49:23 2022 : Debug: (0) authenticate {Tue Feb 15 07:49:23 2022 : Debug: (0) modsingle[authenticate]: calling eap (rlm_eap)Tue Feb 15 07:49:23 2022 : Debug: (0) eap: Peer sent packet with method EAP Identity (1)Tue Feb 15 07:49:23 2022 : Debug: (0) eap: Calling submodule eap_ttls to process dataTue Feb 15 07:49:23 2022 : Debug: (0) eap_ttls: Initiating new EAP-TLS sessionTue Feb 15 07:49:23 2022 : Debug: (0) eap_ttls: [eaptls start] = requestTue Feb 15 07:49:23 2022 : Debug: (0) eap: Sending EAP Request (code 1) ID 9 length 6Tue Feb 15 07:49:23 2022 : Debug: (0) eap: EAP session adding &reply:State = 0xfcef27c1fce632b5Tue Feb 15 07:49:23 2022 : Debug: (0) modsingle[authenticate]: returned from eap (rlm_eap)Tue Feb 15 07:49:23 2022 : Debug: (0) [eap] = handledTue Feb 15 07:49:23 2022 : Debug: (0) } # authenticate = handledTue Feb 15 07:49:23 2022 : Debug: (0) Using Post-Auth-Type ChallengeTue Feb 15 07:49:23 2022 : Debug: (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/defaultTue Feb 15 07:49:23 2022 : Debug: (0) Challenge { ... } # empty sub-section is ignoredTue Feb 15 07:49:23 2022 : Debug: (0) session-state: Nothing to cacheTue Feb 15 07:49:23 2022 : Debug: (0) Sent Access-Challenge Id 154 from 172.16.1.232:1812 to 172.16.251.14:58115 length 0Tue Feb 15 07:49:23 2022 : Debug: (0) EAP-Message = 0x010900061520Tue Feb 15 07:49:23 2022 : Debug: (0) Message-Authenticator = 0x00000000000000000000000000000000Tue Feb 15 07:49:23 2022 : Debug: (0) State = 0xfcef27c1fce632b56e8e47d2a6e92848Tue Feb 15 07:49:23 2022 : Debug: (0) Finished requestTue Feb 15 07:49:23 2022 : Debug: Waking up in 4.9 seconds.Tue Feb 15 07:49:24 2022 : Debug: (1) Received Access-Request Id 158 from 172.16.251.14:58115 to 172.16.1.232:1812 length 212Tue Feb 15 07:49:24 2022 : Debug: (1) User-Name = "eric.roger"Tue Feb 15 07:49:24 2022 : Debug: (1) NAS-IP-Address = 172.16.251.14Tue Feb 15 07:49:24 2022 : Debug: (1) NAS-Port = 0Tue Feb 15 07:49:24 2022 : Debug: (1) NAS-Identifier = "172.16.251.14"Tue Feb 15 07:49:24 2022 : Debug: (1) NAS-Port-Type = Wireless-802.11Tue Feb 15 07:49:24 2022 : Debug: (1) Calling-Station-Id = "001a138fd604"Tue Feb 15 07:49:24 2022 : Debug: (1) Called-Station-Id = "e82689c6cb82"Tue Feb 15 07:49:24 2022 : Debug: (1) Service-Type = Framed-UserTue Feb 15 07:49:24 2022 : Debug: (1) Framed-MTU = 1100Tue Feb 15 07:49:24 2022 : Debug: (1) EAP-Message = 0x020d000f01657269632e726f676572Tue Feb 15 07:49:24 2022 : Debug: (1) Aruba-Essid-Name = "Test"Tue Feb 15 07:49:24 2022 : Debug: (1) Aruba-Location-Id = "AP14"Tue Feb 15 07:49:24 2022 : Debug: (1) Aruba-AP-Group = "Ctrl-Wlan-Clement ADER-BYOD1"Tue Feb 15 07:49:24 2022 : Debug: (1) Aruba-Device-Type = "NOFP"Tue Feb 15 07:49:24 2022 : Debug: (1) Message-Authenticator = 0x2fef1a29c3f874014769537c9e9fea44Tue Feb 15 07:49:24 2022 : Debug: (1) session-state: No State attributeTue Feb 15 07:49:24 2022 : Debug: (1) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/defaultTue Feb 15 07:49:24 2022 : Debug: (1) authorize {Tue Feb 15 07:49:24 2022 : Debug: (1) policy filter_username {Tue Feb 15 07:49:24 2022 : Debug: (1) if (&User-Name) {Tue Feb 15 07:49:24 2022 : Debug: (1) if (&User-Name) -> TRUETue Feb 15 07:49:24 2022 : Debug: (1) if (&User-Name) {Tue Feb 15 07:49:24 2022 : Debug: (1) if (&User-Name =~ / /) {Tue Feb 15 07:49:24 2022 : Debug: No matchesTue Feb 15 07:49:24 2022 : Debug: (1) if (&User-Name =~ / /) -> FALSETue Feb 15 07:49:24 2022 : Debug: (1) if (&User-Name =~ /@[^@]*@/ ) {Tue Feb 15 07:49:24 2022 : Debug: No matchesTue Feb 15 07:49:24 2022 : Debug: (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSETue Feb 15 07:49:24 2022 : Debug: (1) if (&User-Name =~ /\.\./ ) {Tue Feb 15 07:49:24 2022 : Debug: No matchesTue Feb 15 07:49:24 2022 : Debug: (1) if (&User-Name =~ /\.\./ ) -> FALSETue Feb 15 07:49:24 2022 : Debug: (1) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {Tue Feb 15 07:49:24 2022 : Debug: No matchesTue Feb 15 07:49:24 2022 : Debug: (1) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSETue Feb 15 07:49:24 2022 : Debug: (1) if (&User-Name =~ /\.$/) {Tue Feb 15 07:49:24 2022 : Debug: No matchesTue Feb 15 07:49:24 2022 : Debug: (1) if (&User-Name =~ /\.$/) -> FALSETue Feb 15 07:49:24 2022 : Debug: (1) if (&User-Name =~ /(a)\./) {Tue Feb 15 07:49:24 2022 : Debug: No matchesTue Feb 15 07:49:24 2022 : Debug: (1) if (&User-Name =~ /(a)\./) -> FALSETue Feb 15 07:49:24 2022 : Debug: (1) } # if (&User-Name) = notfoundTue Feb 15 07:49:24 2022 : Debug: (1) } # policy filter_username = notfoundTue Feb 15 07:49:24 2022 : Debug: (1) modsingle[authorize]: calling preprocess (rlm_preprocess)Tue Feb 15 07:49:24 2022 : Debug: (1) modsingle[authorize]: returned from preprocess (rlm_preprocess)Tue Feb 15 07:49:24 2022 : Debug: (1) [preprocess] = okTue Feb 15 07:49:24 2022 : Debug: (1) modsingle[authorize]: calling chap (rlm_chap)Tue Feb 15 07:49:24 2022 : Debug: (1) modsingle[authorize]: returned from chap (rlm_chap)Tue Feb 15 07:49:24 2022 : Debug: (1) [chap] = noopTue Feb 15 07:49:24 2022 : Debug: (1) modsingle[authorize]: calling mschap (rlm_mschap)Tue Feb 15 07:49:24 2022 : Debug: (1) modsingle[authorize]: returned from mschap (rlm_mschap)Tue Feb 15 07:49:24 2022 : Debug: (1) [mschap] = noopTue Feb 15 07:49:24 2022 : Debug: (1) modsingle[authorize]: calling digest (rlm_digest)Tue Feb 15 07:49:24 2022 : Debug: (1) modsingle[authorize]: returned from digest (rlm_digest)Tue Feb 15 07:49:24 2022 : Debug: (1) [digest] = noopTue Feb 15 07:49:24 2022 : Debug: (1) modsingle[authorize]: calling suffix (rlm_realm)Tue Feb 15 07:49:24 2022 : Debug: (1) suffix: Checking for suffix after "@"Tue Feb 15 07:49:24 2022 : Debug: (1) suffix: No '@' in User-Name = "eric.roger", looking up realm NULLTue Feb 15 07:49:24 2022 : Debug: (1) suffix: Found realm "DEFAULT"Tue Feb 15 07:49:24 2022 : Debug: (1) suffix: Adding Realm = "DEFAULT"Tue Feb 15 07:49:24 2022 : Debug: (1) suffix: Authentication realm is LOCALTue Feb 15 07:49:24 2022 : Debug: (1) modsingle[authorize]: returned from suffix (rlm_realm)Tue Feb 15 07:49:24 2022 : Debug: (1) [suffix] = okTue Feb 15 07:49:24 2022 : Debug: (1) modsingle[authorize]: calling eap (rlm_eap)Tue Feb 15 07:49:24 2022 : Debug: (1) eap: Peer sent EAP Response (code 2) ID 13 length 15Tue Feb 15 07:49:24 2022 : Debug: (1) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorizeTue Feb 15 07:49:24 2022 : Debug: (1) modsingle[authorize]: returned from eap (rlm_eap)Tue Feb 15 07:49:24 2022 : Debug: (1) [eap] = okTue Feb 15 07:49:24 2022 : Debug: (1) } # authorize = okTue Feb 15 07:49:24 2022 : Debug: (1) Found Auth-Type = eapTue Feb 15 07:49:24 2022 : Debug: (1) # Executing group from file /etc/freeradius/3.0/sites-enabled/defaultTue Feb 15 07:49:24 2022 : Debug: (1) authenticate {Tue Feb 15 07:49:24 2022 : Debug: (1) modsingle[authenticate]: calling eap (rlm_eap)Tue Feb 15 07:49:24 2022 : Debug: (1) eap: Peer sent packet with method EAP Identity (1)Tue Feb 15 07:49:24 2022 : Debug: (1) eap: Calling submodule eap_ttls to process dataTue Feb 15 07:49:24 2022 : Debug: (1) eap_ttls: Initiating new EAP-TLS sessionTue Feb 15 07:49:24 2022 : Debug: (1) eap_ttls: [eaptls start] = requestTue Feb 15 07:49:24 2022 : Debug: (1) eap: Sending EAP Request (code 1) ID 14 length 6Tue Feb 15 07:49:24 2022 : Debug: (1) eap: EAP session adding &reply:State = 0x52ee03dd52e01680Tue Feb 15 07:49:24 2022 : Debug: (1) modsingle[authenticate]: returned from eap (rlm_eap)Tue Feb 15 07:49:24 2022 : Debug: (1) [eap] = handledTue Feb 15 07:49:24 2022 : Debug: (1) } # authenticate = handledTue Feb 15 07:49:24 2022 : Debug: (1) Using Post-Auth-Type ChallengeTue Feb 15 07:49:24 2022 : Debug: (1) # Executing group from file /etc/freeradius/3.0/sites-enabled/defaultTue Feb 15 07:49:24 2022 : Debug: (1) Challenge { ... } # empty sub-section is ignoredTue Feb 15 07:49:24 2022 : Debug: (1) session-state: Nothing to cacheTue Feb 15 07:49:24 2022 : Debug: (1) Sent Access-Challenge Id 158 from 172.16.1.232:1812 to 172.16.251.14:58115 length 0Tue Feb 15 07:49:24 2022 : Debug: (1) EAP-Message = 0x010e00061520Tue Feb 15 07:49:24 2022 : Debug: (1) Message-Authenticator = 0x00000000000000000000000000000000Tue Feb 15 07:49:24 2022 : Debug: (1) State = 0x52ee03dd52e01680d87ed248a86f02b4Tue Feb 15 07:49:24 2022 : Debug: (1) Finished requestTue Feb 15 07:49:24 2022 : Debug: Waking up in 4.8 seconds.Tue Feb 15 07:49:27 2022 : Debug: (2) Received Access-Request Id 157 from 172.16.251.14:58115 to 172.16.1.232:1812 length 212Tue Feb 15 07:49:27 2022 : Debug: (2) User-Name = "eric.roger"Tue Feb 15 07:49:27 2022 : Debug: (2) NAS-IP-Address = 172.16.251.14Tue Feb 15 07:49:27 2022 : Debug: (2) NAS-Port = 0Tue Feb 15 07:49:27 2022 : Debug: (2) NAS-Identifier = "172.16.251.14"Tue Feb 15 07:49:27 2022 : Debug: (2) NAS-Port-Type = Wireless-802.11Tue Feb 15 07:49:27 2022 : Debug: (2) Calling-Station-Id = "001a138fd604"Tue Feb 15 07:49:27 2022 : Debug: (2) Called-Station-Id = "e82689c6cb82"Tue Feb 15 07:49:27 2022 : Debug: (2) Service-Type = Framed-UserTue Feb 15 07:49:27 2022 : Debug: (2) Framed-MTU = 1100Tue Feb 15 07:49:27 2022 : Debug: (2) EAP-Message = 0x020c000f01657269632e726f676572Tue Feb 15 07:49:27 2022 : Debug: (2) Aruba-Essid-Name = "Test"Tue Feb 15 07:49:27 2022 : Debug: (2) Aruba-Location-Id = "AP14"Tue Feb 15 07:49:27 2022 : Debug: (2) Aruba-AP-Group = "Ctrl-Wlan-Clement ADER-BYOD1"Tue Feb 15 07:49:27 2022 : Debug: (2) Aruba-Device-Type = "NOFP"Tue Feb 15 07:49:27 2022 : Debug: (2) Message-Authenticator = 0x9e79ed9502284c1ed826d2459167c085Tue Feb 15 07:49:27 2022 : Debug: (2) session-state: No State attributeTue Feb 15 07:49:27 2022 : Debug: (2) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/defaultTue Feb 15 07:49:27 2022 : Debug: (2) authorize {Tue Feb 15 07:49:27 2022 : Debug: (2) policy filter_username {Tue Feb 15 07:49:27 2022 : Debug: (2) if (&User-Name) {Tue Feb 15 07:49:27 2022 : Debug: (2) if (&User-Name) -> TRUETue Feb 15 07:49:27 2022 : Debug: (2) if (&User-Name) {Tue Feb 15 07:49:27 2022 : Debug: (2) if (&User-Name =~ / /) {Tue Feb 15 07:49:27 2022 : Debug: No matchesTue Feb 15 07:49:27 2022 : Debug: (2) if (&User-Name =~ / /) -> FALSETue Feb 15 07:49:27 2022 : Debug: (2) if (&User-Name =~ /@[^@]*@/ ) {Tue Feb 15 07:49:27 2022 : Debug: No matchesTue Feb 15 07:49:27 2022 : Debug: (2) if (&User-Name =~ /@[^@]*@/ ) -> FALSETue Feb 15 07:49:27 2022 : Debug: (2) if (&User-Name =~ /\.\./ ) {Tue Feb 15 07:49:27 2022 : Debug: No matchesTue Feb 15 07:49:27 2022 : Debug: (2) if (&User-Name =~ /\.\./ ) -> FALSETue Feb 15 07:49:27 2022 : Debug: (2) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {Tue Feb 15 07:49:27 2022 : Debug: No matchesTue Feb 15 07:49:27 2022 : Debug: (2) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSETue Feb 15 07:49:27 2022 : Debug: (2) if (&User-Name =~ /\.$/) {Tue Feb 15 07:49:27 2022 : Debug: No matchesTue Feb 15 07:49:27 2022 : Debug: (2) if (&User-Name =~ /\.$/) -> FALSETue Feb 15 07:49:27 2022 : Debug: (2) if (&User-Name =~ /(a)\./) {Tue Feb 15 07:49:27 2022 : Debug: No matchesTue Feb 15 07:49:27 2022 : Debug: (2) if (&User-Name =~ /(a)\./) -> FALSETue Feb 15 07:49:27 2022 : Debug: (2) } # if (&User-Name) = notfoundTue Feb 15 07:49:27 2022 : Debug: (2) } # policy filter_username = notfoundTue Feb 15 07:49:27 2022 : Debug: (2) modsingle[authorize]: calling preprocess (rlm_preprocess)Tue Feb 15 07:49:27 2022 : Debug: (2) modsingle[authorize]: returned from preprocess (rlm_preprocess)Tue Feb 15 07:49:27 2022 : Debug: (2) [preprocess] = okTue Feb 15 07:49:27 2022 : Debug: (2) modsingle[authorize]: calling chap (rlm_chap)Tue Feb 15 07:49:27 2022 : Debug: (2) modsingle[authorize]: returned from chap (rlm_chap)Tue Feb 15 07:49:27 2022 : Debug: (2) [chap] = noopTue Feb 15 07:49:27 2022 : Debug: (2) modsingle[authorize]: calling mschap (rlm_mschap)Tue Feb 15 07:49:27 2022 : Debug: (2) modsingle[authorize]: returned from mschap (rlm_mschap)Tue Feb 15 07:49:27 2022 : Debug: (2) [mschap] = noopTue Feb 15 07:49:27 2022 : Debug: (2) modsingle[authorize]: calling digest (rlm_digest)Tue Feb 15 07:49:27 2022 : Debug: (2) modsingle[authorize]: returned from digest (rlm_digest)Tue Feb 15 07:49:27 2022 : Debug: (2) [digest] = noopTue Feb 15 07:49:27 2022 : Debug: (2) modsingle[authorize]: calling suffix (rlm_realm)Tue Feb 15 07:49:27 2022 : Debug: (2) suffix: Checking for suffix after "@"Tue Feb 15 07:49:27 2022 : Debug: (2) suffix: No '@' in User-Name = "eric.roger", looking up realm NULLTue Feb 15 07:49:27 2022 : Debug: (2) suffix: Found realm "DEFAULT"Tue Feb 15 07:49:27 2022 : Debug: (2) suffix: Adding Realm = "DEFAULT"Tue Feb 15 07:49:27 2022 : Debug: (2) suffix: Authentication realm is LOCALTue Feb 15 07:49:27 2022 : Debug: (2) modsingle[authorize]: returned from suffix (rlm_realm)Tue Feb 15 07:49:27 2022 : Debug: (2) [suffix] = okTue Feb 15 07:49:27 2022 : Debug: (2) modsingle[authorize]: calling eap (rlm_eap)Tue Feb 15 07:49:27 2022 : Debug: (2) eap: Peer sent EAP Response (code 2) ID 12 length 15Tue Feb 15 07:49:27 2022 : Debug: (2) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorizeTue Feb 15 07:49:27 2022 : Debug: (2) modsingle[authorize]: returned from eap (rlm_eap)Tue Feb 15 07:49:27 2022 : Debug: (2) [eap] = okTue Feb 15 07:49:27 2022 : Debug: (2) } # authorize = okTue Feb 15 07:49:27 2022 : Debug: (2) Found Auth-Type = eapTue Feb 15 07:49:27 2022 : Debug: (2) # Executing group from file /etc/freeradius/3.0/sites-enabled/defaultTue Feb 15 07:49:27 2022 : Debug: (2) authenticate {Tue Feb 15 07:49:27 2022 : Debug: (2) modsingle[authenticate]: calling eap (rlm_eap)Tue Feb 15 07:49:27 2022 : Debug: (2) eap: Peer sent packet with method EAP Identity (1)Tue Feb 15 07:49:27 2022 : Debug: (2) eap: Calling submodule eap_ttls to process dataTue Feb 15 07:49:27 2022 : Debug: (2) eap_ttls: Initiating new EAP-TLS sessionTue Feb 15 07:49:27 2022 : Debug: (2) eap_ttls: [eaptls start] = requestTue Feb 15 07:49:27 2022 : Debug: (2) eap: Sending EAP Request (code 1) ID 13 length 6Tue Feb 15 07:49:27 2022 : Debug: (2) eap: EAP session adding &reply:State = 0x9348f1aa9345e4b6Tue Feb 15 07:49:27 2022 : Debug: (2) modsingle[authenticate]: returned from eap (rlm_eap)Tue Feb 15 07:49:27 2022 : Debug: (2) [eap] = handledTue Feb 15 07:49:27 2022 : Debug: (2) } # authenticate = handledTue Feb 15 07:49:27 2022 : Debug: (2) Using Post-Auth-Type ChallengeTue Feb 15 07:49:27 2022 : Debug: (2) # Executing group from file /etc/freeradius/3.0/sites-enabled/defaultTue Feb 15 07:49:27 2022 : Debug: (2) Challenge { ... } # empty sub-section is ignoredTue Feb 15 07:49:27 2022 : Debug: (2) session-state: Nothing to cacheTue Feb 15 07:49:27 2022 : Debug: (2) Sent Access-Challenge Id 157 from 172.16.1.232:1812 to 172.16.251.14:58115 length 0Tue Feb 15 07:49:27 2022 : Debug: (2) EAP-Message = 0x010d00061520Tue Feb 15 07:49:27 2022 : Debug: (2) Message-Authenticator = 0x00000000000000000000000000000000Tue Feb 15 07:49:27 2022 : Debug: (2) State = 0x9348f1aa9345e4b6ec1f3ac78b5c7230Tue Feb 15 07:49:27 2022 : Debug: (2) Finished requestTue Feb 15 07:49:27 2022 : Debug: Waking up in 1.2 seconds.Tue Feb 15 07:49:28 2022 : Debug: (3) Received Access-Request Id 155 from 172.16.251.14:58115 to 172.16.1.232:1812 length 212Tue Feb 15 07:49:28 2022 : Debug: (3) User-Name = "eric.roger"Tue Feb 15 07:49:28 2022 : Debug: (3) NAS-IP-Address = 172.16.251.14Tue Feb 15 07:49:28 2022 : Debug: (3) NAS-Port = 0Tue Feb 15 07:49:28 2022 : Debug: (3) NAS-Identifier = "172.16.251.14"Tue Feb 15 07:49:28 2022 : Debug: (3) NAS-Port-Type = Wireless-802.11Tue Feb 15 07:49:28 2022 : Debug: (3) Calling-Station-Id = "001a138fd604"Tue Feb 15 07:49:28 2022 : Debug: (3) Called-Station-Id = "e82689c6cb82"Tue Feb 15 07:49:28 2022 : Debug: (3) Service-Type = Framed-UserTue Feb 15 07:49:28 2022 : Debug: (3) Framed-MTU = 1100Tue Feb 15 07:49:28 2022 : Debug: (3) EAP-Message = 0x0209000f01657269632e726f676572Tue Feb 15 07:49:28 2022 : Debug: (3) Aruba-Essid-Name = "Test"Tue Feb 15 07:49:28 2022 : Debug: (3) Aruba-Location-Id = "AP14"Tue Feb 15 07:49:28 2022 : Debug: (3) Aruba-AP-Group = "Ctrl-Wlan-Clement ADER-BYOD1"Tue Feb 15 07:49:28 2022 : Debug: (3) Aruba-Device-Type = "NOFP"Tue Feb 15 07:49:28 2022 : Debug: (3) Message-Authenticator = 0x21b5cc5db81e229d2dac03a61f8c488cTue Feb 15 07:49:28 2022 : Debug: (3) session-state: No State attributeTue Feb 15 07:49:28 2022 : Debug: (3) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/defaultTue Feb 15 07:49:28 2022 : Debug: (3) authorize {Tue Feb 15 07:49:28 2022 : Debug: (3) policy filter_username {Tue Feb 15 07:49:28 2022 : Debug: (3) if (&User-Name) {Tue Feb 15 07:49:28 2022 : Debug: (3) if (&User-Name) -> TRUETue Feb 15 07:49:28 2022 : Debug: (3) if (&User-Name) {Tue Feb 15 07:49:28 2022 : Debug: (3) if (&User-Name =~ / /) {Tue Feb 15 07:49:28 2022 : Debug: No matchesTue Feb 15 07:49:28 2022 : Debug: (3) if (&User-Name =~ / /) -> FALSETue Feb 15 07:49:28 2022 : Debug: (3) if (&User-Name =~ /@[^@]*@/ ) {Tue Feb 15 07:49:28 2022 : Debug: No matchesTue Feb 15 07:49:28 2022 : Debug: (3) if (&User-Name =~ /@[^@]*@/ ) -> FALSETue Feb 15 07:49:28 2022 : Debug: (3) if (&User-Name =~ /\.\./ ) {Tue Feb 15 07:49:28 2022 : Debug: No matchesTue Feb 15 07:49:28 2022 : Debug: (3) if (&User-Name =~ /\.\./ ) -> FALSETue Feb 15 07:49:28 2022 : Debug: (3) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {Tue Feb 15 07:49:28 2022 : Debug: No matchesTue Feb 15 07:49:28 2022 : Debug: (3) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSETue Feb 15 07:49:28 2022 : Debug: (3) if (&User-Name =~ /\.$/) {Tue Feb 15 07:49:28 2022 : Debug: No matchesTue Feb 15 07:49:28 2022 : Debug: (3) if (&User-Name =~ /\.$/) -> FALSETue Feb 15 07:49:28 2022 : Debug: (3) if (&User-Name =~ /(a)\./) {Tue Feb 15 07:49:28 2022 : Debug: No matchesTue Feb 15 07:49:28 2022 : Debug: (3) if (&User-Name =~ /(a)\./) -> FALSETue Feb 15 07:49:28 2022 : Debug: (3) } # if (&User-Name) = notfoundTue Feb 15 07:49:28 2022 : Debug: (3) } # policy filter_username = notfoundTue Feb 15 07:49:28 2022 : Debug: (3) modsingle[authorize]: calling preprocess (rlm_preprocess)Tue Feb 15 07:49:28 2022 : Debug: (3) modsingle[authorize]: returned from preprocess (rlm_preprocess)Tue Feb 15 07:49:28 2022 : Debug: (3) [preprocess] = okTue Feb 15 07:49:28 2022 : Debug: (3) modsingle[authorize]: calling chap (rlm_chap)Tue Feb 15 07:49:28 2022 : Debug: (3) modsingle[authorize]: returned from chap (rlm_chap)Tue Feb 15 07:49:28 2022 : Debug: (3) [chap] = noopTue Feb 15 07:49:28 2022 : Debug: (3) modsingle[authorize]: calling mschap (rlm_mschap)Tue Feb 15 07:49:28 2022 : Debug: (3) modsingle[authorize]: returned from mschap (rlm_mschap)Tue Feb 15 07:49:28 2022 : Debug: (3) [mschap] = noopTue Feb 15 07:49:28 2022 : Debug: (3) modsingle[authorize]: calling digest (rlm_digest)Tue Feb 15 07:49:28 2022 : Debug: (3) modsingle[authorize]: returned from digest (rlm_digest)Tue Feb 15 07:49:28 2022 : Debug: (3) [digest] = noopTue Feb 15 07:49:28 2022 : Debug: (3) modsingle[authorize]: calling suffix (rlm_realm)Tue Feb 15 07:49:28 2022 : Debug: (3) suffix: Checking for suffix after "@"Tue Feb 15 07:49:28 2022 : Debug: (3) suffix: No '@' in User-Name = "eric.roger", looking up realm NULLTue Feb 15 07:49:28 2022 : Debug: (3) suffix: Found realm "DEFAULT"Tue Feb 15 07:49:28 2022 : Debug: (3) suffix: Adding Realm = "DEFAULT"Tue Feb 15 07:49:28 2022 : Debug: (3) suffix: Authentication realm is LOCALTue Feb 15 07:49:28 2022 : Debug: (3) modsingle[authorize]: returned from suffix (rlm_realm)Tue Feb 15 07:49:28 2022 : Debug: (3) [suffix] = okTue Feb 15 07:49:28 2022 : Debug: (3) modsingle[authorize]: calling eap (rlm_eap)Tue Feb 15 07:49:28 2022 : Debug: (3) eap: Peer sent EAP Response (code 2) ID 9 length 15Tue Feb 15 07:49:28 2022 : Debug: (3) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorizeTue Feb 15 07:49:28 2022 : Debug: (3) modsingle[authorize]: returned from eap (rlm_eap)Tue Feb 15 07:49:28 2022 : Debug: (3) [eap] = okTue Feb 15 07:49:28 2022 : Debug: (3) } # authorize = okTue Feb 15 07:49:28 2022 : Debug: (3) Found Auth-Type = eapTue Feb 15 07:49:28 2022 : Debug: (3) # Executing group from file /etc/freeradius/3.0/sites-enabled/defaultTue Feb 15 07:49:28 2022 : Debug: (3) authenticate {Tue Feb 15 07:49:28 2022 : Debug: (3) modsingle[authenticate]: calling eap (rlm_eap)Tue Feb 15 07:49:28 2022 : Debug: (3) eap: Peer sent packet with method EAP Identity (1)Tue Feb 15 07:49:28 2022 : Debug: (3) eap: Calling submodule eap_ttls to process dataTue Feb 15 07:49:28 2022 : Debug: (3) eap_ttls: Initiating new EAP-TLS sessionTue Feb 15 07:49:28 2022 : Debug: (3) eap_ttls: [eaptls start] = requestTue Feb 15 07:49:28 2022 : Debug: (3) eap: Sending EAP Request (code 1) ID 10 length 6Tue Feb 15 07:49:28 2022 : Debug: (3) eap: EAP session adding &reply:State = 0xb4ed6552b4e77011Tue Feb 15 07:49:28 2022 : Debug: (3) modsingle[authenticate]: returned from eap (rlm_eap)Tue Feb 15 07:49:28 2022 : Debug: (3) [eap] = handledTue Feb 15 07:49:28 2022 : Debug: (3) } # authenticate = handledTue Feb 15 07:49:28 2022 : Debug: (3) Using Post-Auth-Type ChallengeTue Feb 15 07:49:28 2022 : Debug: (3) # Executing group from file /etc/freeradius/3.0/sites-enabled/defaultTue Feb 15 07:49:28 2022 : Debug: (3) Challenge { ... } # empty sub-section is ignoredTue Feb 15 07:49:28 2022 : Debug: (3) session-state: Nothing to cacheTue Feb 15 07:49:28 2022 : Debug: (3) Sent Access-Challenge Id 155 from 172.16.1.232:1812 to 172.16.251.14:58115 length 0Tue Feb 15 07:49:28 2022 : Debug: (3) EAP-Message = 0x010a00061520Tue Feb 15 07:49:28 2022 : Debug: (3) Message-Authenticator = 0x00000000000000000000000000000000Tue Feb 15 07:49:28 2022 : Debug: (3) State = 0xb4ed6552b4e770115cf193464c90e32cTue Feb 15 07:49:28 2022 : Debug: (3) Finished requestTue Feb 15 07:49:28 2022 : Debug: Waking up in 0.8 seconds.Tue Feb 15 07:49:28 2022 : Debug: (4) Received Access-Request Id 156 from 172.16.251.14:58115 to 172.16.1.232:1812 length 212Tue Feb 15 07:49:28 2022 : Debug: (4) User-Name = "eric.roger"Tue Feb 15 07:49:28 2022 : Debug: (4) NAS-IP-Address = 172.16.251.14Tue Feb 15 07:49:28 2022 : Debug: (4) NAS-Port = 0Tue Feb 15 07:49:28 2022 : Debug: (4) NAS-Identifier = "172.16.251.14"Tue Feb 15 07:49:28 2022 : Debug: (4) NAS-Port-Type = Wireless-802.11Tue Feb 15 07:49:28 2022 : Debug: (4) Calling-Station-Id = "001a138fd604"Tue Feb 15 07:49:28 2022 : Debug: (4) Called-Station-Id = "e82689c6cb82"Tue Feb 15 07:49:28 2022 : Debug: (4) Service-Type = Framed-UserTue Feb 15 07:49:28 2022 : Debug: (4) Framed-MTU = 1100Tue Feb 15 07:49:28 2022 : Debug: (4) EAP-Message = 0x020a000f01657269632e726f676572Tue Feb 15 07:49:28 2022 : Debug: (4) Aruba-Essid-Name = "Test"Tue Feb 15 07:49:28 2022 : Debug: (4) Aruba-Location-Id = "AP14"Tue Feb 15 07:49:28 2022 : Debug: (4) Aruba-AP-Group = "Ctrl-Wlan-Clement ADER-BYOD1"Tue Feb 15 07:49:28 2022 : Debug: (4) Aruba-Device-Type = "NOFP"Tue Feb 15 07:49:28 2022 : Debug: (4) Message-Authenticator = 0x11789da0fc3dffd0c5bb2d6dfeb0fffcTue Feb 15 07:49:28 2022 : Debug: (4) session-state: No State attributeTue Feb 15 07:49:28 2022 : Debug: (4) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/defaultTue Feb 15 07:49:28 2022 : Debug: (4) authorize {Tue Feb 15 07:49:28 2022 : Debug: (4) policy filter_username {Tue Feb 15 07:49:28 2022 : Debug: (4) if (&User-Name) {Tue Feb 15 07:49:28 2022 : Debug: (4) if (&User-Name) -> TRUETue Feb 15 07:49:28 2022 : Debug: (4) if (&User-Name) {Tue Feb 15 07:49:28 2022 : Debug: (4) if (&User-Name =~ / /) {Tue Feb 15 07:49:28 2022 : Debug: No matchesTue Feb 15 07:49:28 2022 : Debug: (4) if (&User-Name =~ / /) -> FALSETue Feb 15 07:49:28 2022 : Debug: (4) if (&User-Name =~ /@[^@]*@/ ) {Tue Feb 15 07:49:28 2022 : Debug: No matchesTue Feb 15 07:49:28 2022 : Debug: (4) if (&User-Name =~ /@[^@]*@/ ) -> FALSETue Feb 15 07:49:28 2022 : Debug: (4) if (&User-Name =~ /\.\./ ) {Tue Feb 15 07:49:28 2022 : Debug: No matchesTue Feb 15 07:49:28 2022 : Debug: (4) if (&User-Name =~ /\.\./ ) -> FALSETue Feb 15 07:49:28 2022 : Debug: (4) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {Tue Feb 15 07:49:28 2022 : Debug: No matchesTue Feb 15 07:49:28 2022 : Debug: (4) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSETue Feb 15 07:49:28 2022 : Debug: (4) if (&User-Name =~ /\.$/) {Tue Feb 15 07:49:28 2022 : Debug: No matchesTue Feb 15 07:49:28 2022 : Debug: (4) if (&User-Name =~ /\.$/) -> FALSETue Feb 15 07:49:28 2022 : Debug: (4) if (&User-Name =~ /(a)\./) {Tue Feb 15 07:49:28 2022 : Debug: No matchesTue Feb 15 07:49:28 2022 : Debug: (4) if (&User-Name =~ /(a)\./) -> FALSETue Feb 15 07:49:28 2022 : Debug: (4) } # if (&User-Name) = notfoundTue Feb 15 07:49:28 2022 : Debug: (4) } # policy filter_username = notfoundTue Feb 15 07:49:28 2022 : Debug: (4) modsingle[authorize]: calling preprocess (rlm_preprocess)Tue Feb 15 07:49:28 2022 : Debug: (4) modsingle[authorize]: returned from preprocess (rlm_preprocess)Tue Feb 15 07:49:28 2022 : Debug: (4) [preprocess] = okTue Feb 15 07:49:28 2022 : Debug: (4) modsingle[authorize]: calling chap (rlm_chap)Tue Feb 15 07:49:28 2022 : Debug: (4) modsingle[authorize]: returned from chap (rlm_chap)Tue Feb 15 07:49:28 2022 : Debug: (4) [chap] = noopTue Feb 15 07:49:28 2022 : Debug: (4) modsingle[authorize]: calling mschap (rlm_mschap)Tue Feb 15 07:49:28 2022 : Debug: (4) modsingle[authorize]: returned from mschap (rlm_mschap)Tue Feb 15 07:49:28 2022 : Debug: (4) [mschap] = noopTue Feb 15 07:49:28 2022 : Debug: (4) modsingle[authorize]: calling digest (rlm_digest)Tue Feb 15 07:49:28 2022 : Debug: (4) modsingle[authorize]: returned from digest (rlm_digest)Tue Feb 15 07:49:28 2022 : Debug: (4) [digest] = noopTue Feb 15 07:49:28 2022 : Debug: (4) modsingle[authorize]: calling suffix (rlm_realm)Tue Feb 15 07:49:28 2022 : Debug: (4) suffix: Checking for suffix after "@"Tue Feb 15 07:49:28 2022 : Debug: (4) suffix: No '@' in User-Name = "eric.roger", looking up realm NULLTue Feb 15 07:49:28 2022 : Debug: (4) suffix: Found realm "DEFAULT"Tue Feb 15 07:49:28 2022 : Debug: (4) suffix: Adding Realm = "DEFAULT"Tue Feb 15 07:49:28 2022 : Debug: (4) suffix: Authentication realm is LOCALTue Feb 15 07:49:28 2022 : Debug: (4) modsingle[authorize]: returned from suffix (rlm_realm)Tue Feb 15 07:49:28 2022 : Debug: (4) [suffix] = okTue Feb 15 07:49:28 2022 : Debug: (4) modsingle[authorize]: calling eap (rlm_eap)Tue Feb 15 07:49:28 2022 : Debug: (4) eap: Peer sent EAP Response (code 2) ID 10 length 15Tue Feb 15 07:49:28 2022 : Debug: (4) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorizeTue Feb 15 07:49:28 2022 : Debug: (4) modsingle[authorize]: returned from eap (rlm_eap)Tue Feb 15 07:49:28 2022 : Debug: (4) [eap] = okTue Feb 15 07:49:28 2022 : Debug: (4) } # authorize = okTue Feb 15 07:49:28 2022 : Debug: (4) Found Auth-Type = eapTue Feb 15 07:49:28 2022 : Debug: (4) # Executing group from file /etc/freeradius/3.0/sites-enabled/defaultTue Feb 15 07:49:28 2022 : Debug: (4) authenticate {Tue Feb 15 07:49:28 2022 : Debug: (4) modsingle[authenticate]: calling eap (rlm_eap)Tue Feb 15 07:49:28 2022 : Debug: (4) eap: Peer sent packet with method EAP Identity (1)Tue Feb 15 07:49:28 2022 : Debug: (4) eap: Calling submodule eap_ttls to process dataTue Feb 15 07:49:28 2022 : Debug: (4) eap_ttls: Initiating new EAP-TLS sessionTue Feb 15 07:49:28 2022 : Debug: (4) eap_ttls: [eaptls start] = requestTue Feb 15 07:49:28 2022 : Debug: (4) eap: Sending EAP Request (code 1) ID 11 length 6Tue Feb 15 07:49:28 2022 : Debug: (4) eap: EAP session adding &reply:State = 0xf169db02f162ceccTue Feb 15 07:49:28 2022 : Debug: (4) modsingle[authenticate]: returned from eap (rlm_eap)Tue Feb 15 07:49:28 2022 : Debug: (4) [eap] = handledTue Feb 15 07:49:28 2022 : Debug: (4) } # authenticate = handledTue Feb 15 07:49:28 2022 : Debug: (4) Using Post-Auth-Type ChallengeTue Feb 15 07:49:28 2022 : Debug: (4) # Executing group from file /etc/freeradius/3.0/sites-enabled/defaultTue Feb 15 07:49:28 2022 : Debug: (4) Challenge { ... } # empty sub-section is ignoredTue Feb 15 07:49:28 2022 : Debug: (4) session-state: Nothing to cacheTue Feb 15 07:49:28 2022 : Debug: (4) Sent Access-Challenge Id 156 from 172.16.1.232:1812 to 172.16.251.14:58115 length 0Tue Feb 15 07:49:28 2022 : Debug: (4) EAP-Message = 0x010b00061520Tue Feb 15 07:49:28 2022 : Debug: (4) Message-Authenticator = 0x00000000000000000000000000000000Tue Feb 15 07:49:28 2022 : Debug: (4) State = 0xf169db02f162ceccb887fa5a4defe449Tue Feb 15 07:49:28 2022 : Debug: (4) Finished requestTue Feb 15 07:49:28 2022 : Debug: Waking up in 0.7 seconds.Tue Feb 15 07:49:28 2022 : Debug: (0) Cleaning up request packet ID 154 with timestamp +0Tue Feb 15 07:49:28 2022 : Debug: Waking up in 0.1 seconds.Tue Feb 15 07:49:29 2022 : Debug: (5) Received Access-Request Id 159 from 172.16.251.14:58115 to 172.16.1.232:1812 length 212Tue Feb 15 07:49:29 2022 : Debug: (5) User-Name = "eric.roger"Tue Feb 15 07:49:29 2022 : Debug: (5) NAS-IP-Address = 172.16.251.14Tue Feb 15 07:49:29 2022 : Debug: (5) NAS-Port = 0Tue Feb 15 07:49:29 2022 : Debug: (5) NAS-Identifier = "172.16.251.14"Tue Feb 15 07:49:29 2022 : Debug: (5) NAS-Port-Type = Wireless-802.11Tue Feb 15 07:49:29 2022 : Debug: (5) Calling-Station-Id = "001a138fd604"Tue Feb 15 07:49:29 2022 : Debug: (5) Called-Station-Id = "e82689c6cb82"Tue Feb 15 07:49:29 2022 : Debug: (5) Service-Type = Framed-UserTue Feb 15 07:49:29 2022 : Debug: (5) Framed-MTU = 1100Tue Feb 15 07:49:29 2022 : Debug: (5) EAP-Message = 0x020e000f01657269632e726f676572Tue Feb 15 07:49:29 2022 : Debug: (5) Aruba-Essid-Name = "Test"Tue Feb 15 07:49:29 2022 : Debug: (5) Aruba-Location-Id = "AP14"Tue Feb 15 07:49:29 2022 : Debug: (5) Aruba-AP-Group = "Ctrl-Wlan-Clement ADER-BYOD1"Tue Feb 15 07:49:29 2022 : Debug: (5) Aruba-Device-Type = "NOFP"Tue Feb 15 07:49:29 2022 : Debug: (5) Message-Authenticator = 0xef844d30fba690aa52b8356793a00cc7Tue Feb 15 07:49:29 2022 : Debug: (5) session-state: No State attributeTue Feb 15 07:49:29 2022 : Debug: (5) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/defaultTue Feb 15 07:49:29 2022 : Debug: (5) authorize {Tue Feb 15 07:49:29 2022 : Debug: (5) policy filter_username {Tue Feb 15 07:49:29 2022 : Debug: (5) if (&User-Name) {Tue Feb 15 07:49:29 2022 : Debug: (5) if (&User-Name) -> TRUETue Feb 15 07:49:29 2022 : Debug: (5) if (&User-Name) {Tue Feb 15 07:49:29 2022 : Debug: (5) if (&User-Name =~ / /) {Tue Feb 15 07:49:29 2022 : Debug: No matchesTue Feb 15 07:49:29 2022 : Debug: (5) if (&User-Name =~ / /) -> FALSETue Feb 15 07:49:29 2022 : Debug: (5) if (&User-Name =~ /@[^@]*@/ ) {Tue Feb 15 07:49:29 2022 : Debug: No matchesTue Feb 15 07:49:29 2022 : Debug: (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSETue Feb 15 07:49:29 2022 : Debug: (5) if (&User-Name =~ /\.\./ ) {Tue Feb 15 07:49:29 2022 : Debug: No matchesTue Feb 15 07:49:29 2022 : Debug: (5) if (&User-Name =~ /\.\./ ) -> FALSETue Feb 15 07:49:29 2022 : Debug: (5) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {Tue Feb 15 07:49:29 2022 : Debug: No matchesTue Feb 15 07:49:29 2022 : Debug: (5) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSETue Feb 15 07:49:29 2022 : Debug: (5) if (&User-Name =~ /\.$/) {Tue Feb 15 07:49:29 2022 : Debug: No matchesTue Feb 15 07:49:29 2022 : Debug: (5) if (&User-Name =~ /\.$/) -> FALSETue Feb 15 07:49:29 2022 : Debug: (5) if (&User-Name =~ /(a)\./) {Tue Feb 15 07:49:29 2022 : Debug: No matchesTue Feb 15 07:49:29 2022 : Debug: (5) if (&User-Name =~ /(a)\./) -> FALSETue Feb 15 07:49:29 2022 : Debug: (5) } # if (&User-Name) = notfoundTue Feb 15 07:49:29 2022 : Debug: (5) } # policy filter_username = notfoundTue Feb 15 07:49:29 2022 : Debug: (5) modsingle[authorize]: calling preprocess (rlm_preprocess)Tue Feb 15 07:49:29 2022 : Debug: (5) modsingle[authorize]: returned from preprocess (rlm_preprocess)Tue Feb 15 07:49:29 2022 : Debug: (5) [preprocess] = okTue Feb 15 07:49:29 2022 : Debug: (5) modsingle[authorize]: calling chap (rlm_chap)Tue Feb 15 07:49:29 2022 : Debug: (5) modsingle[authorize]: returned from chap (rlm_chap)Tue Feb 15 07:49:29 2022 : Debug: (5) [chap] = noopTue Feb 15 07:49:29 2022 : Debug: (5) modsingle[authorize]: calling mschap (rlm_mschap)Tue Feb 15 07:49:29 2022 : Debug: (5) modsingle[authorize]: returned from mschap (rlm_mschap)Tue Feb 15 07:49:29 2022 : Debug: (5) [mschap] = noopTue Feb 15 07:49:29 2022 : Debug: (5) modsingle[authorize]: calling digest (rlm_digest)Tue Feb 15 07:49:29 2022 : Debug: (5) modsingle[authorize]: returned from digest (rlm_digest)Tue Feb 15 07:49:29 2022 : Debug: (5) [digest] = noopTue Feb 15 07:49:29 2022 : Debug: (5) modsingle[authorize]: calling suffix (rlm_realm)Tue Feb 15 07:49:29 2022 : Debug: (5) suffix: Checking for suffix after "@"Tue Feb 15 07:49:29 2022 : Debug: (5) suffix: No '@' in User-Name = "eric.roger", looking up realm NULLTue Feb 15 07:49:29 2022 : Debug: (5) suffix: Found realm "DEFAULT"Tue Feb 15 07:49:29 2022 : Debug: (5) suffix: Adding Realm = "DEFAULT"Tue Feb 15 07:49:29 2022 : Debug: (5) suffix: Authentication realm is LOCALTue Feb 15 07:49:29 2022 : Debug: (5) modsingle[authorize]: returned from suffix (rlm_realm)Tue Feb 15 07:49:29 2022 : Debug: (5) [suffix] = okTue Feb 15 07:49:29 2022 : Debug: (5) modsingle[authorize]: calling eap (rlm_eap)Tue Feb 15 07:49:29 2022 : Debug: (5) eap: Peer sent EAP Response (code 2) ID 14 length 15Tue Feb 15 07:49:29 2022 : Debug: (5) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorizeTue Feb 15 07:49:29 2022 : Debug: (5) modsingle[authorize]: returned from eap (rlm_eap)Tue Feb 15 07:49:29 2022 : Debug: (5) [eap] = okTue Feb 15 07:49:29 2022 : Debug: (5) } # authorize = okTue Feb 15 07:49:29 2022 : Debug: (5) Found Auth-Type = eapTue Feb 15 07:49:29 2022 : Debug: (5) # Executing group from file /etc/freeradius/3.0/sites-enabled/defaultTue Feb 15 07:49:29 2022 : Debug: (5) authenticate {Tue Feb 15 07:49:29 2022 : Debug: (5) modsingle[authenticate]: calling eap (rlm_eap)Tue Feb 15 07:49:29 2022 : Debug: (5) eap: Peer sent packet with method EAP Identity (1)Tue Feb 15 07:49:29 2022 : Debug: (5) eap: Calling submodule eap_ttls to process dataTue Feb 15 07:49:29 2022 : Debug: (5) eap_ttls: Initiating new EAP-TLS sessionTue Feb 15 07:49:29 2022 : Debug: (5) eap_ttls: [eaptls start] = requestTue Feb 15 07:49:29 2022 : Debug: (5) eap: Sending EAP Request (code 1) ID 15 length 6Tue Feb 15 07:49:29 2022 : Debug: (5) eap: EAP session adding &reply:State = 0xa12bcb1ba124de2cTue Feb 15 07:49:29 2022 : Debug: (5) modsingle[authenticate]: returned from eap (rlm_eap)Tue Feb 15 07:49:29 2022 : Debug: (5) [eap] = handledTue Feb 15 07:49:29 2022 : Debug: (5) } # authenticate = handledTue Feb 15 07:49:29 2022 : Debug: (5) Using Post-Auth-Type ChallengeTue Feb 15 07:49:29 2022 : Debug: (5) # Executing group from file /etc/freeradius/3.0/sites-enabled/defaultTue Feb 15 07:49:29 2022 : Debug: (5) Challenge { ... } # empty sub-section is ignoredTue Feb 15 07:49:29 2022 : Debug: (5) session-state: Nothing to cacheTue Feb 15 07:49:29 2022 : Debug: (5) Sent Access-Challenge Id 159 from 172.16.1.232:1812 to 172.16.251.14:58115 length 0Tue Feb 15 07:49:29 2022 : Debug: (5) EAP-Message = 0x010f00061520Tue Feb 15 07:49:29 2022 : Debug: (5) Message-Authenticator = 0x00000000000000000000000000000000Tue Feb 15 07:49:29 2022 : Debug: (5) State = 0xa12bcb1ba124de2c4091bac68f71e368Tue Feb 15 07:49:29 2022 : Debug: (5) Finished requestTue Feb 15 07:49:29 2022 : Debug: Waking up in 3.6 seconds.
2
1
How to set values of authentication quintuplets received in a REST response from the AuC
by amine mustapha smaali 15 Feb '22
by amine mustapha smaali 15 Feb '22
15 Feb '22
hi All,
I'm trying to configure freeradius server to use REST to get EAP-AKA authentication vector. In fact, I'm sending a rest message to an HSS server which is generating the authentication vector and sending it back in JSON format to freeradius server in 200 OK message, here is an example of 200 OK message with json content:
{
"_AUTN": "c602e56f0c169001dc3ba3e2614ff0af",
"_XRES":"90e7ae114d3a8578",
"_RAND":"5090a3ea24f861004111fb71bb0bc05c",
"_CK":"cc03c7d1cadd5a28a6717d67a2eb9cfb",
"_IK":"2a6e7e1fa6716eba7d976204634c9992"
}
This is what I can see in the log file when the 200 OK is parsed:
Processing response header
(4,3) Status : 200 (OK)
(4,3) Type : json (application/json)
(4,3) rest - Resuming execution
(4,3) rest - Updating result attribute(s)
(4,3) rest - &request.REST-HTTP-Status-Code := 200
(4,3) rest - Parsing attribute "_AUTN"
(4,3) rest - &reply:_AUTN := "c602e56f0c169001dc3ba3e2614ff0af"
(4,3) rest - Parsing attribute "_XRES"
(4,3) rest - &reply:_XRES := "90e7ae114d3a8578"
(4,3) rest - Parsing attribute "_RAND"
(4,3) rest - &reply:_RAND := "5090a3ea24f861004111fb71bb0bc05c"
(4,3) rest - Parsing attribute "_CK"
(4,3) rest - &reply:_CK := "cc03c7d1cadd5a28a6717d67a2eb9cfb"
(4,3) rest - Parsing attribute "_IK"
(4,3) rest - &reply:_IK := "2a6e7e1fa6716eba7d976204634c9992"
(4,3) rest - Released connection (2)
(4,3) rest (updated)
In the eap-aka-sim module, I need to set the quintuplets (RAND, AUTN, CK, IK, XRES) received from the HSS but I don't know how can use the values received for each parameter?
FYI, I used map function given in json module but I'm getting the following error when I start my freeradius server. here is what I tried in my json module:
map json "%(rest:POST http://172.26.111.160/rest/hss/wlan/getAuthenticationVector/%{User-Name})" {
&AUTN := '$._AUTN'
&CK := '$._CK'
&IK := '$._IK'
&RAND := '$._RAND'
&XRES := '$._XRES'
}
in rest module, I have this configuration:
connect_uri = "http://172.26.111.160:80"
authorize {
uri = "${..connect_uri}/rest/hss/wlan/getAuthenticationVector/%{User-Name}"
method = 'POST'
body = 'json'
force_to = 'json'
data = '{"username":"admin","password":"password","ratType":"WLAN","calledId":"%{Called-Station-ID}","callingId":"%{Calling-Station-ID}","nbOfVectors":1}'
tls = ${..tls}
}
and this is the error I'm getting:
Info : FreeRADIUS Version 4.0.0
Info : Copyright 1999-2022 The FreeRADIUS server project and contributors
Info : There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
Info : PARTICULAR PURPOSE
Info : You may redistribute copies of FreeRADIUS under the terms of the
Info : GNU General Public License
Info : For more information about these matters, see the file named COPYRIGHT
Info : Starting - reading configuration files ...
Debug : Including dictionary file "/usr/local/etc/raddb/dictionary"
including configuration file /usr/local/etc/raddb/radiusd.conf
Including files in directory "/usr/local/etc/raddb/template.d/"
including configuration file /usr/local/etc/raddb/template.d/default
including configuration file /usr/local/etc/raddb/clients.conf
Including files in directory "/usr/local/etc/raddb/mods-enabled/"
including configuration file /usr/local/etc/raddb/mods-enabled/always
including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter
including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap
including configuration file /usr/local/etc/raddb/mods-enabled/chap
including configuration file /usr/local/etc/raddb/mods-enabled/client
including configuration file /usr/local/etc/raddb/mods-enabled/delay
including configuration file /usr/local/etc/raddb/mods-enabled/detail
including configuration file /usr/local/etc/raddb/mods-enabled/detail.log
including configuration file /usr/local/etc/raddb/mods-enabled/digest
including configuration file /usr/local/etc/raddb/mods-enabled/eap
including configuration file /usr/local/etc/raddb/mods-enabled/eap_inner
including configuration file /usr/local/etc/raddb/mods-enabled/echo
including configuration file /usr/local/etc/raddb/mods-enabled/escape
including configuration file /usr/local/etc/raddb/mods-enabled/exec
including configuration file /usr/local/etc/raddb/mods-enabled/expr
including configuration file /usr/local/etc/raddb/mods-enabled/files
including configuration file /usr/local/etc/raddb/mods-enabled/json
/usr/local/etc/raddb/mods-enabled/json[75]: Parse error: expected '{', got text ""%(rest:POST http://172.26.111.160/rest/hss/wlan/getAuthenticationVector/%{User-Name})" {"
Error reading or parsing /usr/local/etc/raddb/radiusd.conf
Thanks in advance for your help,
BRs,
Amine
3
7
Hello,
I am writing to inquire about the best way to configure freeradius for eap-sim.
* I am using version 3.0.25
* I have a test sim peer and know the Ki, OP, and IMSI for it.
How would I configure freeradius to use the Ki and OP when it receives a message from the test peer requesting to authenticate with EAP-SIM?
I tried putting the Ki and OP in the users file but that didn't work. According to doc/modules/rlm_eap it says I need to write a separate module to generate GSM triplets given the Ki. However, in src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c:eap_sim_get_challenge it looks like there is already a module to generate GSM triplets given the Ki. How could I configure freeradius to call it?
Thanks,
Shane
3
17
freeradius configuration users (ldap) authentification + mac adresses(hosts
by Abdeslam Tahari 14 Feb '22
by Abdeslam Tahari 14 Feb '22
14 Feb '22
Hello everybody
I am a new to freeradius and want to configure freeradius with two factors
1-users authentication(ldap)
+
2-mac addresses authentication
Regards
--
Tahari.Abdeslam
1
0
** Common EAP configuration problems
---------------------------------------------
If you have followed the steps for configuring EAP (outlined in previous articles) and are encountering problems, there are only a few things that go wrong.
The most common issues are:
1) The server is unresponsive after sending a request
2) The server sends an Access-Reject response
This article discusses these issues in detail and how to fix them.
Read the full article…
https://networkradius.com/articles/2021/10/20/common-EAP-problems.html
** Previous EAP Configuration articles
---------------------------------------------
Configuring EAP - getting started:
https://networkradius.com/articles/2021/10/18/configuring-EAP.html
Command line testing for EAP configuration
https://networkradius.com/articles/2021/10/25/command-line-EAP-testing.html
** Sign up to get this content directly
---------------------------------------------
Want to get these articles in all their HTML glory?
Sign up here: http://eepurl.com/hwuWrn
** Need RADIUS help?
---------------------------------------------
Get commercial support from the team behind FreeRADIUS.
https://networkradius.com/request/
** What is the relationship between Network RADIUS and FreeRADIUS?
----------------------------------------------
FreeRADIUS is an open source implementation of the RADIUS protocol and was written by Alan DeKok in 1999.
Network RADIUS is a private, for-profit company founded by Alan DeKok which provides commercial support for FreeRADIUS. The Network RADIUS team has been the primary contributor to FreeRADIUS for the last 20 years. The FreeRADIUS mailing list, wiki, and documentation are all moderated and maintained by the Network RADIUS team.
FreeRADIUS has always been, and will always continue to be, open source. The Network RADIUS team provides commercial support to paying clients, and free product development for the FreeRADIUS community at large.
All of our software development for FreeRADIUS is integrated into the Open Source platform, and will always continue to be.
1
0
Hey,
I hope you are having a nice day, I am currently trying to set up a
freeradius based wifi system for the small student dorm I am living in. We
are using private Wifis all over the place right now, but we want to change
this in the future. As a 'starting' experiment I am trying to set up a
freeradius server with an access-point in our server room.
Right now I am using freeRadius 3.0. installed on an Ubuntu 20.04 Lxd
container and an old TP-Link Router with Openwrt on it as an Access Point.
The goal is to use Eap_Peap with MschapV2 as authentication method and
everything should be set up by now. I am using an android 11 phone (with
the CA-certificate installed) to connect, but it simply won't. I type in
everything as it should be, but it simply says "connecting" forever. The
following is the debug log of freeradius for 10 requests and they are quite
different from each other. (8) seems to be the most successful one with
multiple "erfolgreich angemeldet"="successfully logged in" messages.
Notice that log (0) is the server output belonging to "radtest -t mschap
nutzer magazin 127.0.0.1:18120 0 testing123". Further notice: As a test
user I just created the user "nutzer" with the password "magazin".
I do have an Android 9 device available, but in contrast to my newer phone
it needs a "domain" extra, and I couldn't figure out anything that works
for that field.
SO what the hell doesn't work here?
Thanks for your help, with kind regards, Vincent
This is the output:
Ready to process requests
(0) Received Access-Request Id 214 from 127.0.0.1:37588 to 127.0.0.1:18120
length 132
(0) User-Name = "nutzer"
(0) NAS-IP-Address = [Radius-Server--IP]
(0) NAS-Port = 0
(0) Message-Authenticator = 0xe320828ad839fad8fe6880e88ad67ddd
(0) MS-CHAP-Challenge = 0x5be637b29e8a6bde
(0) MS-CHAP-Response =
0x0001000000000000000000000000000000000000000000000000a55295612da4a97a989fd47e8c77558c92f2cef93ccb7c63
(0) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(0) authorize {
(0) policy filter_username {
(0) if (&User-Name) {
(0) if (&User-Name) -> TRUE
(0) if (&User-Name) {
(0) if (&User-Name =~ / /) {
(0) if (&User-Name =~ / /) -> FALSE
(0) if (&User-Name =~ /@[^@]*@/ ) {
(0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(0) if (&User-Name =~ /\.\./ ) {
(0) if (&User-Name =~ /\.\./ ) -> FALSE
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) ->
FALSE
(0) if (&User-Name =~ /\.$/) {
(0) if (&User-Name =~ /\.$/) -> FALSE
(0) if (&User-Name =~ /(a)\./) {
(0) if (&User-Name =~ /(a)\./) -> FALSE
(0) } # if (&User-Name) = notfound
(0) } # policy filter_username = notfound
(0) [chap] = noop
(0) mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
(0) [mschap] = ok
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "nutzer", looking up realm NULL
(0) suffix: No such realm "NULL"
(0) [suffix] = noop
(0) update control {
(0) &Proxy-To-Realm := LOCAL
(0) } # update control = noop
(0) eap: No EAP-Message, not doing EAP
(0) [eap] = noop
(0) files: users: Matched entry nutzer at line 91
(0) [files] = ok
(0) [expiration] = noop
(0) [logintime] = noop
(0) pap: WARNING: Auth-Type already set. Not setting to PAP
(0) [pap] = noop
(0) } # authorize = ok
(0) Found Auth-Type = mschap
(0) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(0) authenticate {
(0) mschap: Found Cleartext-Password, hashing to create NT-Password
(0) mschap: Client is using MS-CHAPv1 with NT-Password
(0) mschap: adding MS-CHAPv1 MPPE keys
(0) [mschap] = ok
(0) } # authenticate = ok
(0) # Executing section post-auth from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(0) post-auth {
(0) if (0) {
(0) if (0) -> FALSE
(0) } # post-auth = noop
(0) Sent Access-Accept Id 214 from 127.0.0.1:18120 to 127.0.0.1:37588
length 0
(0) Reply-Message = "erfolgreich angemeldet"
(0) MS-CHAP-MPPE-Keys = 0x0000000000000000b4dd71791376c2da9a9a0dd82b5678c7
(0) MS-MPPE-Encryption-Policy = Encryption-Allowed
(0) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(0) Finished request
Waking up in 4.9 seconds.
(0) Cleaning up request packet ID 214 with timestamp +23
Ready to process requests
(1) Received Access-Request Id 223 from [AccessPoint-IP]:52784 to
[Radius-Server--IP]:1812 length 202
(1) User-Name = "anonymous"
(1) Called-Station-Id = "10-FE-ED-EB-5D-2C:OpenWrt-Radius"
(1) NAS-Port-Type = Wireless-802.11
(1) Service-Type = Framed-User
(1) NAS-Port = 1
(1) Calling-Station-Id = "52-A4-4F-C1-D8-2F"
(1) Connect-Info = "CONNECT 54Mbps 802.11g"
(1) Acct-Session-Id = "5F953B94262D8D47"
(1) WLAN-Pairwise-Cipher = 1027076
(1) WLAN-Group-Cipher = 1027076
(1) WLAN-AKM-Suite = 1027073
(1) Framed-MTU = 1400
(1) EAP-Message = 0x0237000e01616e6f6e796d6f7573
(1) Message-Authenticator = 0x5e7d4e06969cbbcc685aa4005c8524f0
(1) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(1) authorize {
(1) policy filter_username {
(1) if (&User-Name) {
(1) if (&User-Name) -> TRUE
(1) if (&User-Name) {
(1) if (&User-Name =~ / /) {
(1) if (&User-Name =~ / /) -> FALSE
(1) if (&User-Name =~ /@[^@]*@/ ) {
(1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(1) if (&User-Name =~ /\.\./ ) {
(1) if (&User-Name =~ /\.\./ ) -> FALSE
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) ->
FALSE
(1) if (&User-Name =~ /\.$/) {
(1) if (&User-Name =~ /\.$/) -> FALSE
(1) if (&User-Name =~ /(a)\./) {
(1) if (&User-Name =~ /(a)\./) -> FALSE
(1) } # if (&User-Name) = notfound
(1) } # policy filter_username = notfound
(1) [preprocess] = ok
(1) suffix: Checking for suffix after "@"
(1) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(1) suffix: No such realm "NULL"
(1) [suffix] = noop
(1) eap: Peer sent EAP Response (code 2) ID 55 length 14
(1) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(1) [eap] = ok
(1) } # authorize = ok
(1) Found Auth-Type = eap
(1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(1) authenticate {
(1) eap: Peer sent packet with method EAP Identity (1)
(1) eap: Calling submodule eap_peap to process data
(1) eap_peap: Initiating new TLS session
(1) eap_peap: [eaptls start] = request
(1) eap: Sending EAP Request (code 1) ID 56 length 6
(1) eap: EAP session adding &reply:State = 0x8902b1c3893aa80a
(1) [eap] = handled
(1) } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(1) Challenge { ... } # empty sub-section is ignored
(1) Sent Access-Challenge Id 223 from [Radius-Server--IP]:1812 to
[AccessPoint-IP]:52784 length 0
(1) EAP-Message = 0x013800061920
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0x8902b1c3893aa80ae70679604528de30
(1) Finished request
Waking up in 4.9 seconds.
(2) Received Access-Request Id 224 from [AccessPoint-IP]:52784 to
[Radius-Server--IP]:1812 length 347
(2) User-Name = "anonymous"
(2) Called-Station-Id = "10-FE-ED-EB-5D-2C:OpenWrt-Radius"
(2) NAS-Port-Type = Wireless-802.11
(2) Service-Type = Framed-User
(2) NAS-Port = 1
(2) Calling-Station-Id = "52-A4-4F-C1-D8-2F"
(2) Connect-Info = "CONNECT 54Mbps 802.11g"
(2) Acct-Session-Id = "5F953B94262D8D47"
(2) WLAN-Pairwise-Cipher = 1027076
(2) WLAN-Group-Cipher = 1027076
(2) WLAN-AKM-Suite = 1027073
(2) Framed-MTU = 1400
(2) EAP-Message =
0x0238008d198000000083160301007e0100007a0303bb634a06b73a4f3c0ee57c48c0faec41bc7e8b082209ef069e48a88482861db400001ec02bc02fc02cc030cca9cca8c009c013c00ac014009c009d002f0035000a0100003300170000ff01000100000a00080006001d00170018000b00020100000d00140012040308040401050308050501080606010201
(2) State = 0x8902b1c3893aa80ae70679604528de30
(2) Message-Authenticator = 0x4f4dd4359a47d105241238807d481433
(2) session-state: No cached attributes
(2) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(2) authorize {
(2) policy filter_username {
(2) if (&User-Name) {
(2) if (&User-Name) -> TRUE
(2) if (&User-Name) {
(2) if (&User-Name =~ / /) {
(2) if (&User-Name =~ / /) -> FALSE
(2) if (&User-Name =~ /@[^@]*@/ ) {
(2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(2) if (&User-Name =~ /\.\./ ) {
(2) if (&User-Name =~ /\.\./ ) -> FALSE
(2) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(2) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) ->
FALSE
(2) if (&User-Name =~ /\.$/) {
(2) if (&User-Name =~ /\.$/) -> FALSE
(2) if (&User-Name =~ /(a)\./) {
(2) if (&User-Name =~ /(a)\./) -> FALSE
(2) } # if (&User-Name) = notfound
(2) } # policy filter_username = notfound
(2) [preprocess] = ok
(2) suffix: Checking for suffix after "@"
(2) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(2) suffix: No such realm "NULL"
(2) [suffix] = noop
(2) eap: Peer sent EAP Response (code 2) ID 56 length 141
(2) eap: Continuing tunnel setup
(2) [eap] = ok
(2) } # authorize = ok
(2) Found Auth-Type = eap
(2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(2) authenticate {
(2) eap: Expiring EAP session with state 0x8902b1c3893aa80a
(2) eap: Finished EAP session with state 0x8902b1c3893aa80a
(2) eap: Previous EAP request found for state 0x8902b1c3893aa80a, released
from the list
(2) eap: Peer sent packet with method EAP PEAP (25)
(2) eap: Calling submodule eap_peap to process data
(2) eap_peap: Continuing EAP-TLS
(2) eap_peap: Peer indicated complete TLS record size will be 131 bytes
(2) eap_peap: Got complete TLS record (131 bytes)
(2) eap_peap: [eaptls verify] = length included
(2) eap_peap: (other): before SSL initialization
(2) eap_peap: TLS_accept: before SSL initialization
(2) eap_peap: TLS_accept: before SSL initialization
(2) eap_peap: <<< recv TLS 1.3 [length 007e]
(2) eap_peap: TLS_accept: SSLv3/TLS read client hello
(2) eap_peap: >>> send TLS 1.2 [length 003d]
(2) eap_peap: TLS_accept: SSLv3/TLS write server hello
(2) eap_peap: >>> send TLS 1.2 [length 08f4]
(2) eap_peap: TLS_accept: SSLv3/TLS write certificate
(2) eap_peap: >>> send TLS 1.2 [length 014d]
(2) eap_peap: TLS_accept: SSLv3/TLS write key exchange
(2) eap_peap: >>> send TLS 1.2 [length 0004]
(2) eap_peap: TLS_accept: SSLv3/TLS write server done
(2) eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server
done
(2) eap_peap: TLS - In Handshake Phase
(2) eap_peap: TLS - got 2710 bytes of data
(2) eap_peap: [eaptls process] = handled
(2) eap: Sending EAP Request (code 1) ID 57 length 1004
(2) eap: EAP session adding &reply:State = 0x8902b1c3883ba80a
(2) [eap] = handled
(2) } # authenticate = handled
(2) Using Post-Auth-Type Challenge
(2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(2) Challenge { ... } # empty sub-section is ignored
(2) Sent Access-Challenge Id 224 from [Radius-Server--IP]:1812 to
[AccessPoint-IP]:52784 length 0
(2) EAP-Message =
0x013903ec19c000000a96160303003d020000390303a21d032a6a0647f01a929f575c00cda352bceb051ad0a8b2c6e9de4abc4552d100c02f000011ff01000100000b0004030001020017000016030308f40b0008f00008ed0003e9308203e5308202cda003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024445310c300a06035504080c034e5257310f300d06035504070c0641616368656e31163014060355040a0c0d4641484f20576f686e6865696d3128302606092a864886f70d010901161961646d696e406661686f2e727774682d61616368656e2e64653123302106035504030c1a4641484f20436572746966696361746520417574686f72697479301e170d3232303133313231353035375a170d3237303133303231353035375a308186310b3009060355040613024445310c300a06035504080c034e525731163014060355040a0c0d4641484f20576f686e6865696d3127302506035504030c1e4641484f2052
(2) Message-Authenticator = 0x00000000000000000000000000000000
(2) State = 0x8902b1c3883ba80ae70679604528de30
(2) Finished request
Waking up in 4.8 seconds.
(3) Received Access-Request Id 225 from [AccessPoint-IP]:52784 to
[Radius-Server--IP]:1812 length 212
(3) User-Name = "anonymous"
(3) Called-Station-Id = "10-FE-ED-EB-5D-2C:OpenWrt-Radius"
(3) NAS-Port-Type = Wireless-802.11
(3) Service-Type = Framed-User
(3) NAS-Port = 1
(3) Calling-Station-Id = "52-A4-4F-C1-D8-2F"
(3) Connect-Info = "CONNECT 54Mbps 802.11g"
(3) Acct-Session-Id = "5F953B94262D8D47"
(3) WLAN-Pairwise-Cipher = 1027076
(3) WLAN-Group-Cipher = 1027076
(3) WLAN-AKM-Suite = 1027073
(3) Framed-MTU = 1400
(3) EAP-Message = 0x023900061900
(3) State = 0x8902b1c3883ba80ae70679604528de30
(3) Message-Authenticator = 0x5c93c55535a85416280e053f8fd8594b
(3) session-state: No cached attributes
(3) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(3) authorize {
(3) policy filter_username {
(3) if (&User-Name) {
(3) if (&User-Name) -> TRUE
(3) if (&User-Name) {
(3) if (&User-Name =~ / /) {
(3) if (&User-Name =~ / /) -> FALSE
(3) if (&User-Name =~ /@[^@]*@/ ) {
(3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(3) if (&User-Name =~ /\.\./ ) {
(3) if (&User-Name =~ /\.\./ ) -> FALSE
(3) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(3) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) ->
FALSE
(3) if (&User-Name =~ /\.$/) {
(3) if (&User-Name =~ /\.$/) -> FALSE
(3) if (&User-Name =~ /(a)\./) {
(3) if (&User-Name =~ /(a)\./) -> FALSE
(3) } # if (&User-Name) = notfound
(3) } # policy filter_username = notfound
(3) [preprocess] = ok
(3) suffix: Checking for suffix after "@"
(3) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(3) suffix: No such realm "NULL"
(3) [suffix] = noop
(3) eap: Peer sent EAP Response (code 2) ID 57 length 6
(3) eap: Continuing tunnel setup
(3) [eap] = ok
(3) } # authorize = ok
(3) Found Auth-Type = eap
(3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(3) authenticate {
(3) eap: Expiring EAP session with state 0x8902b1c3883ba80a
(3) eap: Finished EAP session with state 0x8902b1c3883ba80a
(3) eap: Previous EAP request found for state 0x8902b1c3883ba80a, released
from the list
(3) eap: Peer sent packet with method EAP PEAP (25)
(3) eap: Calling submodule eap_peap to process data
(3) eap_peap: Continuing EAP-TLS
(3) eap_peap: Peer ACKed our handshake fragment
(3) eap_peap: [eaptls verify] = request
(3) eap_peap: [eaptls process] = handled
(3) eap: Sending EAP Request (code 1) ID 58 length 1000
(3) eap: EAP session adding &reply:State = 0x8902b1c38b38a80a
(3) [eap] = handled
(3) } # authenticate = handled
(3) Using Post-Auth-Type Challenge
(3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(3) Challenge { ... } # empty sub-section is ignored
(3) Sent Access-Challenge Id 225 from [Radius-Server--IP]:1812 to
[AccessPoint-IP]:52784 length 0
(3) EAP-Message =
0x013a03e819404d8bdc32e71f2a0fb604a0d1998c75b2caf7e82fa7fb43bc395e27fe0bb7bf3039b7d8d1f9b9d3b456faabdd9fd4f90574e6096e06d47a43410533be34a673f5af993d913a0782420c5402db098b1fc7a37e7a97f72c7dc50004fe308204fa308203e2a00302010202144d68d90956806f70226752a6417b4f33698fbce8300d06092a864886f70d01010b0500308193310b3009060355040613024445310c300a06035504080c034e5257310f300d06035504070c0641616368656e31163014060355040a0c0d4641484f20576f686e6865696d3128302606092a864886f70d010901161961646d696e406661686f2e727774682d61616368656e2e64653123302106035504030c1a4641484f20436572746966696361746520417574686f72697479301e170d3232303133313231353033375a170d3237303133303231353033375a308193310b3009060355040613024445310c300a06035504080c034e5257310f300d06035504070c064161636865
(3) Message-Authenticator = 0x00000000000000000000000000000000
(3) State = 0x8902b1c38b38a80ae70679604528de30
(3) Finished request
Waking up in 4.8 seconds.
(4) Received Access-Request Id 226 from [AccessPoint-IP]:52784 to
[Radius-Server--IP]:1812 length 212
(4) User-Name = "anonymous"
(4) Called-Station-Id = "10-FE-ED-EB-5D-2C:OpenWrt-Radius"
(4) NAS-Port-Type = Wireless-802.11
(4) Service-Type = Framed-User
(4) NAS-Port = 1
(4) Calling-Station-Id = "52-A4-4F-C1-D8-2F"
(4) Connect-Info = "CONNECT 54Mbps 802.11g"
(4) Acct-Session-Id = "5F953B94262D8D47"
(4) WLAN-Pairwise-Cipher = 1027076
(4) WLAN-Group-Cipher = 1027076
(4) WLAN-AKM-Suite = 1027073
(4) Framed-MTU = 1400
(4) EAP-Message = 0x023a00061900
(4) State = 0x8902b1c38b38a80ae70679604528de30
(4) Message-Authenticator = 0x0eb3e33b6e473f367baf22b9cd51f6d0
(4) session-state: No cached attributes
(4) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(4) authorize {
(4) policy filter_username {
(4) if (&User-Name) {
(4) if (&User-Name) -> TRUE
(4) if (&User-Name) {
(4) if (&User-Name =~ / /) {
(4) if (&User-Name =~ / /) -> FALSE
(4) if (&User-Name =~ /@[^@]*@/ ) {
(4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(4) if (&User-Name =~ /\.\./ ) {
(4) if (&User-Name =~ /\.\./ ) -> FALSE
(4) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(4) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) ->
FALSE
(4) if (&User-Name =~ /\.$/) {
(4) if (&User-Name =~ /\.$/) -> FALSE
(4) if (&User-Name =~ /(a)\./) {
(4) if (&User-Name =~ /(a)\./) -> FALSE
(4) } # if (&User-Name) = notfound
(4) } # policy filter_username = notfound
(4) [preprocess] = ok
(4) suffix: Checking for suffix after "@"
(4) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(4) suffix: No such realm "NULL"
(4) [suffix] = noop
(4) eap: Peer sent EAP Response (code 2) ID 58 length 6
(4) eap: Continuing tunnel setup
(4) [eap] = ok
(4) } # authorize = ok
(4) Found Auth-Type = eap
(4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(4) authenticate {
(4) eap: Expiring EAP session with state 0x8902b1c38b38a80a
(4) eap: Finished EAP session with state 0x8902b1c38b38a80a
(4) eap: Previous EAP request found for state 0x8902b1c38b38a80a, released
from the list
(4) eap: Peer sent packet with method EAP PEAP (25)
(4) eap: Calling submodule eap_peap to process data
(4) eap_peap: Continuing EAP-TLS
(4) eap_peap: Peer ACKed our handshake fragment
(4) eap_peap: [eaptls verify] = request
(4) eap_peap: [eaptls process] = handled
(4) eap: Sending EAP Request (code 1) ID 59 length 728
(4) eap: EAP session adding &reply:State = 0x8902b1c38a39a80a
(4) [eap] = handled
(4) } # authenticate = handled
(4) Using Post-Auth-Type Challenge
(4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(4) Challenge { ... } # empty sub-section is ignored
(4) Sent Access-Challenge Id 226 from [Radius-Server--IP]:1812 to
[AccessPoint-IP]:52784 length 0
(4) EAP-Message =
0x013b02d819007269747982144d68d90956806f70226752a6417b4f33698fbce8300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101003fcd0619d03f35a2a1975b7a83397d83125454ac4be33d7992ebc339146a8369420e1b68a260adddee126eaf52325a0869b93d6e76f6ee97ebfcbb098da84c0a41cfc87c46dc46ecbb9dbb1e0b22134d183e82c5cdea55de69665359b69c0a7de4c02a6d911bdc34d9e98ff1e63a145c58ccc7f11a2ab490d7aadb46a4ed36ee6bbd8b6935dbcd8fe5e88f845cdb249fe69ea9d38ab79db2bddff87e5bcf028ee0c32ad28d7235208a5f9da431dc765a7dfc4edb24dc6fe8080b10a2edadcffc302adbae773dcac458d45ae170d87e069a41a9fb13a56bbd8f899f537f27877543a6f49a304a0c326f1fea1fb2645ef045edd0f36b5c4ecd0961
(4) Message-Authenticator = 0x00000000000000000000000000000000
(4) State = 0x8902b1c38a39a80ae70679604528de30
(4) Finished request
Waking up in 4.8 seconds.
(5) Received Access-Request Id 227 from [AccessPoint-IP]:52784 to
[Radius-Server--IP]:1812 length 342
(5) User-Name = "anonymous"
(5) Called-Station-Id = "10-FE-ED-EB-5D-2C:OpenWrt-Radius"
(5) NAS-Port-Type = Wireless-802.11
(5) Service-Type = Framed-User
(5) NAS-Port = 1
(5) Calling-Station-Id = "52-A4-4F-C1-D8-2F"
(5) Connect-Info = "CONNECT 54Mbps 802.11g"
(5) Acct-Session-Id = "5F953B94262D8D47"
(5) WLAN-Pairwise-Cipher = 1027076
(5) WLAN-Group-Cipher = 1027076
(5) WLAN-AKM-Suite = 1027073
(5) Framed-MTU = 1400
(5) EAP-Message =
0x023b008819800000007e160303004610000042410479a4c01b9202d00d2e35790d5c7e46ad9e775fbd60389ad87925250dc6df9d74d3d4ca805ba7ed6695213d4eb5681d164587f2ebd03f63f51c040dae2be3209e14030300010116030300280000000000000000528b59941c85eda9e878d2e917c5f133c86feab766ecb029efa86d376696f62b
(5) State = 0x8902b1c38a39a80ae70679604528de30
(5) Message-Authenticator = 0xca548784504d435e572cb7441362f403
(5) session-state: No cached attributes
(5) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(5) authorize {
(5) policy filter_username {
(5) if (&User-Name) {
(5) if (&User-Name) -> TRUE
(5) if (&User-Name) {
(5) if (&User-Name =~ / /) {
(5) if (&User-Name =~ / /) -> FALSE
(5) if (&User-Name =~ /@[^@]*@/ ) {
(5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(5) if (&User-Name =~ /\.\./ ) {
(5) if (&User-Name =~ /\.\./ ) -> FALSE
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) ->
FALSE
(5) if (&User-Name =~ /\.$/) {
(5) if (&User-Name =~ /\.$/) -> FALSE
(5) if (&User-Name =~ /(a)\./) {
(5) if (&User-Name =~ /(a)\./) -> FALSE
(5) } # if (&User-Name) = notfound
(5) } # policy filter_username = notfound
(5) [preprocess] = ok
(5) suffix: Checking for suffix after "@"
(5) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(5) suffix: No such realm "NULL"
(5) [suffix] = noop
(5) eap: Peer sent EAP Response (code 2) ID 59 length 136
(5) eap: Continuing tunnel setup
(5) [eap] = ok
(5) } # authorize = ok
(5) Found Auth-Type = eap
(5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(5) authenticate {
(5) eap: Expiring EAP session with state 0x8902b1c38a39a80a
(5) eap: Finished EAP session with state 0x8902b1c38a39a80a
(5) eap: Previous EAP request found for state 0x8902b1c38a39a80a, released
from the list
(5) eap: Peer sent packet with method EAP PEAP (25)
(5) eap: Calling submodule eap_peap to process data
(5) eap_peap: Continuing EAP-TLS
(5) eap_peap: Peer indicated complete TLS record size will be 126 bytes
(5) eap_peap: Got complete TLS record (126 bytes)
(5) eap_peap: [eaptls verify] = length included
(5) eap_peap: TLS_accept: SSLv3/TLS write server done
(5) eap_peap: <<< recv TLS 1.2 [length 0046]
(5) eap_peap: TLS_accept: SSLv3/TLS read client key exchange
(5) eap_peap: TLS_accept: SSLv3/TLS read change cipher spec
(5) eap_peap: <<< recv TLS 1.2 [length 0010]
(5) eap_peap: TLS_accept: SSLv3/TLS read finished
(5) eap_peap: >>> send TLS 1.2 [length 0001]
(5) eap_peap: TLS_accept: SSLv3/TLS write change cipher spec
(5) eap_peap: >>> send TLS 1.2 [length 0010]
(5) eap_peap: TLS_accept: SSLv3/TLS write finished
(5) eap_peap: (other): SSL negotiation finished successfully
(5) eap_peap: TLS - Connection Established
(5) eap_peap: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(5) eap_peap: TLS-Session-Version = "TLS 1.2"
(5) eap_peap: TLS - got 51 bytes of data
(5) eap_peap: [eaptls process] = handled
(5) eap: Sending EAP Request (code 1) ID 60 length 57
(5) eap: EAP session adding &reply:State = 0x8902b1c38d3ea80a
(5) [eap] = handled
(5) } # authenticate = handled
(5) Using Post-Auth-Type Challenge
(5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(5) Challenge { ... } # empty sub-section is ignored
(5) session-state: Saving cached attributes
(5) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(5) TLS-Session-Version = "TLS 1.2"
(5) Sent Access-Challenge Id 227 from [Radius-Server--IP]:1812 to
[AccessPoint-IP]:52784 length 0
(5) EAP-Message =
0x013c003919001403030001011603030028ecfac5b9f026fdb244b35870a4c617e4e14d779c1dcbbc78b54c29fc4212a86753e34380e177dcd2
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0x8902b1c38d3ea80ae70679604528de30
(5) Finished request
Waking up in 4.8 seconds.
(6) Received Access-Request Id 228 from [AccessPoint-IP]:52784 to
[Radius-Server--IP]:1812 length 212
(6) User-Name = "anonymous"
(6) Called-Station-Id = "10-FE-ED-EB-5D-2C:OpenWrt-Radius"
(6) NAS-Port-Type = Wireless-802.11
(6) Service-Type = Framed-User
(6) NAS-Port = 1
(6) Calling-Station-Id = "52-A4-4F-C1-D8-2F"
(6) Connect-Info = "CONNECT 54Mbps 802.11g"
(6) Acct-Session-Id = "5F953B94262D8D47"
(6) WLAN-Pairwise-Cipher = 1027076
(6) WLAN-Group-Cipher = 1027076
(6) WLAN-AKM-Suite = 1027073
(6) Framed-MTU = 1400
(6) EAP-Message = 0x023c00061900
(6) State = 0x8902b1c38d3ea80ae70679604528de30
(6) Message-Authenticator = 0x21af232ac16758d39dd8fda69171344e
(6) Restoring &session-state
(6) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES128-GCM-SHA256"
(6) &session-state:TLS-Session-Version = "TLS 1.2"
(6) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(6) authorize {
(6) policy filter_username {
(6) if (&User-Name) {
(6) if (&User-Name) -> TRUE
(6) if (&User-Name) {
(6) if (&User-Name =~ / /) {
(6) if (&User-Name =~ / /) -> FALSE
(6) if (&User-Name =~ /@[^@]*@/ ) {
(6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(6) if (&User-Name =~ /\.\./ ) {
(6) if (&User-Name =~ /\.\./ ) -> FALSE
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) ->
FALSE
(6) if (&User-Name =~ /\.$/) {
(6) if (&User-Name =~ /\.$/) -> FALSE
(6) if (&User-Name =~ /(a)\./) {
(6) if (&User-Name =~ /(a)\./) -> FALSE
(6) } # if (&User-Name) = notfound
(6) } # policy filter_username = notfound
(6) [preprocess] = ok
(6) suffix: Checking for suffix after "@"
(6) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(6) suffix: No such realm "NULL"
(6) [suffix] = noop
(6) eap: Peer sent EAP Response (code 2) ID 60 length 6
(6) eap: Continuing tunnel setup
(6) [eap] = ok
(6) } # authorize = ok
(6) Found Auth-Type = eap
(6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(6) authenticate {
(6) eap: Expiring EAP session with state 0x8902b1c38d3ea80a
(6) eap: Finished EAP session with state 0x8902b1c38d3ea80a
(6) eap: Previous EAP request found for state 0x8902b1c38d3ea80a, released
from the list
(6) eap: Peer sent packet with method EAP PEAP (25)
(6) eap: Calling submodule eap_peap to process data
(6) eap_peap: Continuing EAP-TLS
(6) eap_peap: Peer ACKed our handshake fragment. handshake is finished
(6) eap_peap: [eaptls verify] = success
(6) eap_peap: [eaptls process] = success
(6) eap_peap: Session established. Decoding tunneled attributes
(6) eap_peap: PEAP state TUNNEL ESTABLISHED
(6) eap: Sending EAP Request (code 1) ID 61 length 40
(6) eap: EAP session adding &reply:State = 0x8902b1c38c3fa80a
(6) [eap] = handled
(6) } # authenticate = handled
(6) Using Post-Auth-Type Challenge
(6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(6) Challenge { ... } # empty sub-section is ignored
(6) session-state: Saving cached attributes
(6) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(6) TLS-Session-Version = "TLS 1.2"
(6) Sent Access-Challenge Id 228 from [Radius-Server--IP]:1812 to
[AccessPoint-IP]:52784 length 0
(6) EAP-Message =
0x013d00281900170303001decfac5b9f026fdb34366380e8360b9b9f0f022a669e15645870ce83d3e
(6) Message-Authenticator = 0x00000000000000000000000000000000
(6) State = 0x8902b1c38c3fa80ae70679604528de30
(6) Finished request
Waking up in 4.8 seconds.
(7) Received Access-Request Id 229 from [AccessPoint-IP]:52784 to
[Radius-Server--IP]:1812 length 248
(7) User-Name = "anonymous"
(7) Called-Station-Id = "10-FE-ED-EB-5D-2C:OpenWrt-Radius"
(7) NAS-Port-Type = Wireless-802.11
(7) Service-Type = Framed-User
(7) NAS-Port = 1
(7) Calling-Station-Id = "52-A4-4F-C1-D8-2F"
(7) Connect-Info = "CONNECT 54Mbps 802.11g"
(7) Acct-Session-Id = "5F953B94262D8D47"
(7) WLAN-Pairwise-Cipher = 1027076
(7) WLAN-Group-Cipher = 1027076
(7) WLAN-AKM-Suite = 1027073
(7) Framed-MTU = 1400
(7) EAP-Message =
0x023d002a1900170303001f0000000000000001e0aac078c1ee5f9847885927ed6dc37553d3c9a7de3384
(7) State = 0x8902b1c38c3fa80ae70679604528de30
(7) Message-Authenticator = 0x93924852011006c8c9aef0de7aa8985d
(7) Restoring &session-state
(7) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES128-GCM-SHA256"
(7) &session-state:TLS-Session-Version = "TLS 1.2"
(7) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(7) authorize {
(7) policy filter_username {
(7) if (&User-Name) {
(7) if (&User-Name) -> TRUE
(7) if (&User-Name) {
(7) if (&User-Name =~ / /) {
(7) if (&User-Name =~ / /) -> FALSE
(7) if (&User-Name =~ /@[^@]*@/ ) {
(7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(7) if (&User-Name =~ /\.\./ ) {
(7) if (&User-Name =~ /\.\./ ) -> FALSE
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) ->
FALSE
(7) if (&User-Name =~ /\.$/) {
(7) if (&User-Name =~ /\.$/) -> FALSE
(7) if (&User-Name =~ /(a)\./) {
(7) if (&User-Name =~ /(a)\./) -> FALSE
(7) } # if (&User-Name) = notfound
(7) } # policy filter_username = notfound
(7) [preprocess] = ok
(7) suffix: Checking for suffix after "@"
(7) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(7) suffix: No such realm "NULL"
(7) [suffix] = noop
(7) eap: Peer sent EAP Response (code 2) ID 61 length 42
(7) eap: Continuing tunnel setup
(7) [eap] = ok
(7) } # authorize = ok
(7) Found Auth-Type = eap
(7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(7) authenticate {
(7) eap: Expiring EAP session with state 0x8902b1c38c3fa80a
(7) eap: Finished EAP session with state 0x8902b1c38c3fa80a
(7) eap: Previous EAP request found for state 0x8902b1c38c3fa80a, released
from the list
(7) eap: Peer sent packet with method EAP PEAP (25)
(7) eap: Calling submodule eap_peap to process data
(7) eap_peap: Continuing EAP-TLS
(7) eap_peap: [eaptls verify] = ok
(7) eap_peap: Done initial handshake
(7) eap_peap: [eaptls process] = ok
(7) eap_peap: Session established. Decoding tunneled attributes
(7) eap_peap: PEAP state WAITING FOR INNER IDENTITY
(7) eap_peap: Identity - nutzer
(7) eap_peap: Got inner identity 'nutzer'
(7) eap_peap: Setting default EAP type for tunneled EAP session
(7) eap_peap: Got tunneled request
(7) eap_peap: EAP-Message = 0x023d000b016e75747a6572
(7) eap_peap: Setting User-Name to nutzer
(7) eap_peap: Sending tunneled request to inner-tunnel
(7) eap_peap: EAP-Message = 0x023d000b016e75747a6572
(7) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(7) eap_peap: User-Name = "nutzer"
(7) Virtual server inner-tunnel received request
(7) EAP-Message = 0x023d000b016e75747a6572
(7) FreeRADIUS-Proxied-To = 127.0.0.1
(7) User-Name = "nutzer"
(7) server inner-tunnel {
(7) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(7) authorize {
(7) policy filter_username {
(7) if (&User-Name) {
(7) if (&User-Name) -> TRUE
(7) if (&User-Name) {
(7) if (&User-Name =~ / /) {
(7) if (&User-Name =~ / /) -> FALSE
(7) if (&User-Name =~ /@[^@]*@/ ) {
(7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(7) if (&User-Name =~ /\.\./ ) {
(7) if (&User-Name =~ /\.\./ ) -> FALSE
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/))
-> FALSE
(7) if (&User-Name =~ /\.$/) {
(7) if (&User-Name =~ /\.$/) -> FALSE
(7) if (&User-Name =~ /(a)\./) {
(7) if (&User-Name =~ /(a)\./) -> FALSE
(7) } # if (&User-Name) = notfound
(7) } # policy filter_username = notfound
(7) [chap] = noop
(7) [mschap] = noop
(7) suffix: Checking for suffix after "@"
(7) suffix: No '@' in User-Name = "nutzer", looking up realm NULL
(7) suffix: No such realm "NULL"
(7) [suffix] = noop
(7) update control {
(7) &Proxy-To-Realm := LOCAL
(7) } # update control = noop
(7) eap: Peer sent EAP Response (code 2) ID 61 length 11
(7) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(7) [eap] = ok
(7) } # authorize = ok
(7) Found Auth-Type = eap
(7) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(7) authenticate {
(7) eap: Peer sent packet with method EAP Identity (1)
(7) eap: Calling submodule eap_mschapv2 to process data
(7) eap_mschapv2: Issuing Challenge
(7) eap: Sending EAP Request (code 1) ID 62 length 36
(7) eap: EAP session adding &reply:State = 0x2ed1a7b42eefbd97
(7) [eap] = handled
(7) } # authenticate = handled
(7) } # server inner-tunnel
(7) Virtual server sending reply
(7) EAP-Message =
0x013e00241a013e001f102720785658ad93d089bc838849f76f3446726565524144495553
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) State = 0x2ed1a7b42eefbd97965fbd6ad11fccdb
(7) eap_peap: Got tunneled reply code 11
(7) eap_peap: EAP-Message =
0x013e00241a013e001f102720785658ad93d089bc838849f76f3446726565524144495553
(7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(7) eap_peap: State = 0x2ed1a7b42eefbd97965fbd6ad11fccdb
(7) eap_peap: Got tunneled reply RADIUS code 11
(7) eap_peap: EAP-Message =
0x013e00241a013e001f102720785658ad93d089bc838849f76f3446726565524144495553
(7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(7) eap_peap: State = 0x2ed1a7b42eefbd97965fbd6ad11fccdb
(7) eap_peap: Got tunneled Access-Challenge
(7) eap: Sending EAP Request (code 1) ID 62 length 67
(7) eap: EAP session adding &reply:State = 0x8902b1c38f3ca80a
(7) [eap] = handled
(7) } # authenticate = handled
(7) Using Post-Auth-Type Challenge
(7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(7) Challenge { ... } # empty sub-section is ignored
(7) session-state: Saving cached attributes
(7) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(7) TLS-Session-Version = "TLS 1.2"
(7) Sent Access-Challenge Id 229 from [Radius-Server--IP]:1812 to
[AccessPoint-IP]:52784 length 0
(7) EAP-Message =
0x013e004319001703030038ecfac5b9f026fdb466ffd36bf1be038dedc69f8942b55893579d49bb08dc4e4864a720ac39e33de467b54833f9941fc7d3cfcbb8c5139a3b
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) State = 0x8902b1c38f3ca80ae70679604528de30
(7) Finished request
Waking up in 4.8 seconds.
(8) Received Access-Request Id 230 from [AccessPoint-IP]:52784 to
[Radius-Server--IP]:1812 length 302
(8) User-Name = "anonymous"
(8) Called-Station-Id = "10-FE-ED-EB-5D-2C:OpenWrt-Radius"
(8) NAS-Port-Type = Wireless-802.11
(8) Service-Type = Framed-User
(8) NAS-Port = 1
(8) Calling-Station-Id = "52-A4-4F-C1-D8-2F"
(8) Connect-Info = "CONNECT 54Mbps 802.11g"
(8) Acct-Session-Id = "5F953B94262D8D47"
(8) WLAN-Pairwise-Cipher = 1027076
(8) WLAN-Group-Cipher = 1027076
(8) WLAN-AKM-Suite = 1027073
(8) Framed-MTU = 1400
(8) EAP-Message =
0x023e0060190017030300550000000000000002b7c376efa69b12353ab277f64af212836e42a2827a7976e1e6703751f299408a85f5feedbf95035f4a4222634e22bb79efd94ccb3b6b24885b7b76a7956933e9d94765ed93cba67ec3e570ee10
(8) State = 0x8902b1c38f3ca80ae70679604528de30
(8) Message-Authenticator = 0xba1f6f196915b7907e1545c2846b50d3
(8) Restoring &session-state
(8) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES128-GCM-SHA256"
(8) &session-state:TLS-Session-Version = "TLS 1.2"
(8) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(8) authorize {
(8) policy filter_username {
(8) if (&User-Name) {
(8) if (&User-Name) -> TRUE
(8) if (&User-Name) {
(8) if (&User-Name =~ / /) {
(8) if (&User-Name =~ / /) -> FALSE
(8) if (&User-Name =~ /@[^@]*@/ ) {
(8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(8) if (&User-Name =~ /\.\./ ) {
(8) if (&User-Name =~ /\.\./ ) -> FALSE
(8) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(8) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) ->
FALSE
(8) if (&User-Name =~ /\.$/) {
(8) if (&User-Name =~ /\.$/) -> FALSE
(8) if (&User-Name =~ /(a)\./) {
(8) if (&User-Name =~ /(a)\./) -> FALSE
(8) } # if (&User-Name) = notfound
(8) } # policy filter_username = notfound
(8) [preprocess] = ok
(8) suffix: Checking for suffix after "@"
(8) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(8) suffix: No such realm "NULL"
(8) [suffix] = noop
(8) eap: Peer sent EAP Response (code 2) ID 62 length 96
(8) eap: Continuing tunnel setup
(8) [eap] = ok
(8) } # authorize = ok
(8) Found Auth-Type = eap
(8) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(8) authenticate {
(8) eap: Expiring EAP session with state 0x2ed1a7b42eefbd97
(8) eap: Finished EAP session with state 0x8902b1c38f3ca80a
(8) eap: Previous EAP request found for state 0x8902b1c38f3ca80a, released
from the list
(8) eap: Peer sent packet with method EAP PEAP (25)
(8) eap: Calling submodule eap_peap to process data
(8) eap_peap: Continuing EAP-TLS
(8) eap_peap: [eaptls verify] = ok
(8) eap_peap: Done initial handshake
(8) eap_peap: [eaptls process] = ok
(8) eap_peap: Session established. Decoding tunneled attributes
(8) eap_peap: PEAP state phase2
(8) eap_peap: EAP method MSCHAPv2 (26)
(8) eap_peap: Got tunneled request
(8) eap_peap: EAP-Message =
0x023e00411a023e003c31b606bd0731a6c6ea57e809ea2e3bc10f0000000000000000cadd7153e8a763c5fc880b5e2b4d21f7f635d7221bfb15f0006e75747a6572
(8) eap_peap: Setting User-Name to nutzer
(8) eap_peap: Sending tunneled request to inner-tunnel
(8) eap_peap: EAP-Message =
0x023e00411a023e003c31b606bd0731a6c6ea57e809ea2e3bc10f0000000000000000cadd7153e8a763c5fc880b5e2b4d21f7f635d7221bfb15f0006e75747a6572
(8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(8) eap_peap: User-Name = "nutzer"
(8) eap_peap: State = 0x2ed1a7b42eefbd97965fbd6ad11fccdb
(8) Virtual server inner-tunnel received request
(8) EAP-Message =
0x023e00411a023e003c31b606bd0731a6c6ea57e809ea2e3bc10f0000000000000000cadd7153e8a763c5fc880b5e2b4d21f7f635d7221bfb15f0006e75747a6572
(8) FreeRADIUS-Proxied-To = 127.0.0.1
(8) User-Name = "nutzer"
(8) State = 0x2ed1a7b42eefbd97965fbd6ad11fccdb
(8) server inner-tunnel {
(8) session-state: No cached attributes
(8) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(8) authorize {
(8) policy filter_username {
(8) if (&User-Name) {
(8) if (&User-Name) -> TRUE
(8) if (&User-Name) {
(8) if (&User-Name =~ / /) {
(8) if (&User-Name =~ / /) -> FALSE
(8) if (&User-Name =~ /@[^@]*@/ ) {
(8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(8) if (&User-Name =~ /\.\./ ) {
(8) if (&User-Name =~ /\.\./ ) -> FALSE
(8) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(8) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/))
-> FALSE
(8) if (&User-Name =~ /\.$/) {
(8) if (&User-Name =~ /\.$/) -> FALSE
(8) if (&User-Name =~ /(a)\./) {
(8) if (&User-Name =~ /(a)\./) -> FALSE
(8) } # if (&User-Name) = notfound
(8) } # policy filter_username = notfound
(8) [chap] = noop
(8) [mschap] = noop
(8) suffix: Checking for suffix after "@"
(8) suffix: No '@' in User-Name = "nutzer", looking up realm NULL
(8) suffix: No such realm "NULL"
(8) [suffix] = noop
(8) update control {
(8) &Proxy-To-Realm := LOCAL
(8) } # update control = noop
(8) eap: Peer sent EAP Response (code 2) ID 62 length 65
(8) eap: No EAP Start, assuming it's an on-going EAP conversation
(8) [eap] = updated
(8) files: users: Matched entry nutzer at line 91
(8) [files] = ok
(8) [expiration] = noop
(8) [logintime] = noop
(8) pap: WARNING: Auth-Type already set. Not setting to PAP
(8) [pap] = noop
(8) } # authorize = updated
(8) Found Auth-Type = eap
(8) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(8) authenticate {
(8) eap: Expiring EAP session with state 0x2ed1a7b42eefbd97
(8) eap: Finished EAP session with state 0x2ed1a7b42eefbd97
(8) eap: Previous EAP request found for state 0x2ed1a7b42eefbd97, released
from the list
(8) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(8) eap: Calling submodule eap_mschapv2 to process data
(8) eap_mschapv2: # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(8) eap_mschapv2: authenticate {
(8) mschap: Found Cleartext-Password, hashing to create NT-Password
(8) mschap: Creating challenge hash with username: nutzer
(8) mschap: Client is using MS-CHAPv2
(8) mschap: Adding MS-CHAPv2 MPPE keys
(8) eap_mschapv2: [mschap] = ok
(8) eap_mschapv2: } # authenticate = ok
(8) eap_mschapv2: MSCHAP Success
(8) eap: Sending EAP Request (code 1) ID 63 length 51
(8) eap: EAP session adding &reply:State = 0x2ed1a7b42feebd97
(8) [eap] = handled
(8) } # authenticate = handled
(8) } # server inner-tunnel
(8) Virtual server sending reply
(8) Reply-Message = "erfolgreich angemeldet"
(8) EAP-Message =
0x013f00331a033e002e533d35423445364534324644304332413134383033353232374230464341393333314432374234373742
(8) Message-Authenticator = 0x00000000000000000000000000000000
(8) State = 0x2ed1a7b42feebd97965fbd6ad11fccdb
(8) eap_peap: Got tunneled reply code 11
(8) eap_peap: Reply-Message = "erfolgreich angemeldet"
(8) eap_peap: EAP-Message =
0x013f00331a033e002e533d35423445364534324644304332413134383033353232374230464341393333314432374234373742
(8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(8) eap_peap: State = 0x2ed1a7b42feebd97965fbd6ad11fccdb
(8) eap_peap: Got tunneled reply RADIUS code 11
(8) eap_peap: Reply-Message = "erfolgreich angemeldet"
(8) eap_peap: EAP-Message =
0x013f00331a033e002e533d35423445364534324644304332413134383033353232374230464341393333314432374234373742
(8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(8) eap_peap: State = 0x2ed1a7b42feebd97965fbd6ad11fccdb
(8) eap_peap: Got tunneled Access-Challenge
(8) eap: Sending EAP Request (code 1) ID 63 length 82
(8) eap: EAP session adding &reply:State = 0x8902b1c38e3da80a
(8) [eap] = handled
(8) } # authenticate = handled
(8) Using Post-Auth-Type Challenge
(8) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(8) Challenge { ... } # empty sub-section is ignored
(8) session-state: Saving cached attributes
(8) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(8) TLS-Session-Version = "TLS 1.2"
(8) Sent Access-Challenge Id 230 from [Radius-Server--IP]:1812 to
[AccessPoint-IP]:52784 length 0
(8) EAP-Message =
0x013f005219001703030047ecfac5b9f026fdb5c3949b4fa25b0f03ff2444a0346e2d2bfbf4c7d85ed0631c51ba88fd1d3d834630413cf4a81496b1e60b9fb3f44bc2b1c9f8e17541dd9d3790c97e2a5480ea
(8) Message-Authenticator = 0x00000000000000000000000000000000
(8) State = 0x8902b1c38e3da80ae70679604528de30
(8) Finished request
Waking up in 4.7 seconds.
(9) Received Access-Request Id 231 from [AccessPoint-IP]:52784 to
[Radius-Server--IP]:1812 length 243
(9) User-Name = "anonymous"
(9) Called-Station-Id = "10-FE-ED-EB-5D-2C:OpenWrt-Radius"
(9) NAS-Port-Type = Wireless-802.11
(9) Service-Type = Framed-User
(9) NAS-Port = 1
(9) Calling-Station-Id = "52-A4-4F-C1-D8-2F"
(9) Connect-Info = "CONNECT 54Mbps 802.11g"
(9) Acct-Session-Id = "5F953B94262D8D47"
(9) WLAN-Pairwise-Cipher = 1027076
(9) WLAN-Group-Cipher = 1027076
(9) WLAN-AKM-Suite = 1027073
(9) Framed-MTU = 1400
(9) EAP-Message =
0x023f00251900170303001a0000000000000003cbe55c8fa673ed763ec11b9886929012cfb6
(9) State = 0x8902b1c38e3da80ae70679604528de30
(9) Message-Authenticator = 0xb176355d068fcaa4270ee4357402dffa
(9) Restoring &session-state
(9) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES128-GCM-SHA256"
(9) &session-state:TLS-Session-Version = "TLS 1.2"
(9) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(9) authorize {
(9) policy filter_username {
(9) if (&User-Name) {
(9) if (&User-Name) -> TRUE
(9) if (&User-Name) {
(9) if (&User-Name =~ / /) {
(9) if (&User-Name =~ / /) -> FALSE
(9) if (&User-Name =~ /@[^@]*@/ ) {
(9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(9) if (&User-Name =~ /\.\./ ) {
(9) if (&User-Name =~ /\.\./ ) -> FALSE
(9) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(9) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) ->
FALSE
(9) if (&User-Name =~ /\.$/) {
(9) if (&User-Name =~ /\.$/) -> FALSE
(9) if (&User-Name =~ /(a)\./) {
(9) if (&User-Name =~ /(a)\./) -> FALSE
(9) } # if (&User-Name) = notfound
(9) } # policy filter_username = notfound
(9) [preprocess] = ok
(9) suffix: Checking for suffix after "@"
(9) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(9) suffix: No such realm "NULL"
(9) [suffix] = noop
(9) eap: Peer sent EAP Response (code 2) ID 63 length 37
(9) eap: Continuing tunnel setup
(9) [eap] = ok
(9) } # authorize = ok
(9) Found Auth-Type = eap
(9) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(9) authenticate {
(9) eap: Expiring EAP session with state 0x2ed1a7b42feebd97
(9) eap: Finished EAP session with state 0x8902b1c38e3da80a
(9) eap: Previous EAP request found for state 0x8902b1c38e3da80a, released
from the list
(9) eap: Peer sent packet with method EAP PEAP (25)
(9) eap: Calling submodule eap_peap to process data
(9) eap_peap: Continuing EAP-TLS
(9) eap_peap: [eaptls verify] = ok
(9) eap_peap: Done initial handshake
(9) eap_peap: [eaptls process] = ok
(9) eap_peap: Session established. Decoding tunneled attributes
(9) eap_peap: PEAP state phase2
(9) eap_peap: EAP method MSCHAPv2 (26)
(9) eap_peap: Got tunneled request
(9) eap_peap: EAP-Message = 0x023f00061a03
(9) eap_peap: Setting User-Name to nutzer
(9) eap_peap: Sending tunneled request to inner-tunnel
(9) eap_peap: EAP-Message = 0x023f00061a03
(9) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(9) eap_peap: User-Name = "nutzer"
(9) eap_peap: State = 0x2ed1a7b42feebd97965fbd6ad11fccdb
(9) Virtual server inner-tunnel received request
(9) EAP-Message = 0x023f00061a03
(9) FreeRADIUS-Proxied-To = 127.0.0.1
(9) User-Name = "nutzer"
(9) State = 0x2ed1a7b42feebd97965fbd6ad11fccdb
(9) server inner-tunnel {
(9) session-state: No cached attributes
(9) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(9) authorize {
(9) policy filter_username {
(9) if (&User-Name) {
(9) if (&User-Name) -> TRUE
(9) if (&User-Name) {
(9) if (&User-Name =~ / /) {
(9) if (&User-Name =~ / /) -> FALSE
(9) if (&User-Name =~ /@[^@]*@/ ) {
(9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(9) if (&User-Name =~ /\.\./ ) {
(9) if (&User-Name =~ /\.\./ ) -> FALSE
(9) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(9) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/))
-> FALSE
(9) if (&User-Name =~ /\.$/) {
(9) if (&User-Name =~ /\.$/) -> FALSE
(9) if (&User-Name =~ /(a)\./) {
(9) if (&User-Name =~ /(a)\./) -> FALSE
(9) } # if (&User-Name) = notfound
(9) } # policy filter_username = notfound
(9) [chap] = noop
(9) [mschap] = noop
(9) suffix: Checking for suffix after "@"
(9) suffix: No '@' in User-Name = "nutzer", looking up realm NULL
(9) suffix: No such realm "NULL"
(9) [suffix] = noop
(9) update control {
(9) &Proxy-To-Realm := LOCAL
(9) } # update control = noop
(9) eap: Peer sent EAP Response (code 2) ID 63 length 6
(9) eap: No EAP Start, assuming it's an on-going EAP conversation
(9) [eap] = updated
(9) files: users: Matched entry nutzer at line 91
(9) [files] = ok
(9) [expiration] = noop
(9) [logintime] = noop
(9) pap: WARNING: Auth-Type already set. Not setting to PAP
(9) [pap] = noop
(9) } # authorize = updated
(9) Found Auth-Type = eap
(9) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(9) authenticate {
(9) eap: Expiring EAP session with state 0x2ed1a7b42feebd97
(9) eap: Finished EAP session with state 0x2ed1a7b42feebd97
(9) eap: Previous EAP request found for state 0x2ed1a7b42feebd97, released
from the list
(9) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(9) eap: Calling submodule eap_mschapv2 to process data
(9) eap: Sending EAP Success (code 3) ID 63 length 4
(9) eap: Freeing handler
(9) [eap] = ok
(9) } # authenticate = ok
(9) # Executing section post-auth from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(9) post-auth {
(9) if (0) {
(9) if (0) -> FALSE
(9) } # post-auth = noop
(9) } # server inner-tunnel
(9) Virtual server sending reply
(9) Reply-Message = "erfolgreich angemeldet"
(9) MS-MPPE-Encryption-Policy = Encryption-Allowed
(9) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(9) MS-MPPE-Send-Key = 0x50d5bd156a50d58e85d2a076d798831e
(9) MS-MPPE-Recv-Key = 0x7c8f5601917212d1327bbdea5c8da66f
(9) EAP-Message = 0x033f0004
(9) Message-Authenticator = 0x00000000000000000000000000000000
(9) User-Name = "nutzer"
(9) eap_peap: Got tunneled reply code 2
(9) eap_peap: Reply-Message = "erfolgreich angemeldet"
(9) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed
(9) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(9) eap_peap: MS-MPPE-Send-Key = 0x50d5bd156a50d58e85d2a076d798831e
(9) eap_peap: MS-MPPE-Recv-Key = 0x7c8f5601917212d1327bbdea5c8da66f
(9) eap_peap: EAP-Message = 0x033f0004
(9) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(9) eap_peap: User-Name = "nutzer"
(9) eap_peap: Got tunneled reply RADIUS code 2
(9) eap_peap: Reply-Message = "erfolgreich angemeldet"
(9) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed
(9) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(9) eap_peap: MS-MPPE-Send-Key = 0x50d5bd156a50d58e85d2a076d798831e
(9) eap_peap: MS-MPPE-Recv-Key = 0x7c8f5601917212d1327bbdea5c8da66f
(9) eap_peap: EAP-Message = 0x033f0004
(9) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(9) eap_peap: User-Name = "nutzer"
(9) eap_peap: Tunneled authentication was successful
(9) eap_peap: SUCCESS
(9) eap: Sending EAP Request (code 1) ID 64 length 46
(9) eap: EAP session adding &reply:State = 0x8902b1c38142a80a
(9) [eap] = handled
(9) } # authenticate = handled
(9) Using Post-Auth-Type Challenge
(9) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(9) Challenge { ... } # empty sub-section is ignored
(9) session-state: Saving cached attributes
(9) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(9) TLS-Session-Version = "TLS 1.2"
(9) Sent Access-Challenge Id 231 from [Radius-Server--IP]:1812 to
[AccessPoint-IP]:52784 length 0
(9) EAP-Message =
0x0140002e19001703030023ecfac5b9f026fdb6def9d75642a91809a7691d8810651f43efe154f80e86ae57b96fad
(9) Message-Authenticator = 0x00000000000000000000000000000000
(9) State = 0x8902b1c38142a80ae70679604528de30
(9) Finished request
Waking up in 4.7 seconds.
(10) Received Access-Request Id 232 from [AccessPoint-IP]:52784 to
[Radius-Server--IP]:1812 length 252
(10) User-Name = "anonymous"
(10) Called-Station-Id = "10-FE-ED-EB-5D-2C:OpenWrt-Radius"
(10) NAS-Port-Type = Wireless-802.11
(10) Service-Type = Framed-User
(10) NAS-Port = 1
(10) Calling-Station-Id = "52-A4-4F-C1-D8-2F"
(10) Connect-Info = "CONNECT 54Mbps 802.11g"
(10) Acct-Session-Id = "5F953B94262D8D47"
(10) WLAN-Pairwise-Cipher = 1027076
(10) WLAN-Group-Cipher = 1027076
(10) WLAN-AKM-Suite = 1027073
(10) Framed-MTU = 1400
(10) EAP-Message =
0x0240002e190017030300230000000000000004598be5cd17bc1cc280dbafa093e71b66a27b56747cca541ccc74d7
(10) State = 0x8902b1c38142a80ae70679604528de30
(10) Message-Authenticator = 0x77415c7c2ccfdce32bf004396980be98
(10) Restoring &session-state
(10) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES128-GCM-SHA256"
(10) &session-state:TLS-Session-Version = "TLS 1.2"
(10) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(10) authorize {
(10) policy filter_username {
(10) if (&User-Name) {
(10) if (&User-Name) -> TRUE
(10) if (&User-Name) {
(10) if (&User-Name =~ / /) {
(10) if (&User-Name =~ / /) -> FALSE
(10) if (&User-Name =~ /@[^@]*@/ ) {
(10) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(10) if (&User-Name =~ /\.\./ ) {
(10) if (&User-Name =~ /\.\./ ) -> FALSE
(10) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(10) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/))
-> FALSE
(10) if (&User-Name =~ /\.$/) {
(10) if (&User-Name =~ /\.$/) -> FALSE
(10) if (&User-Name =~ /(a)\./) {
(10) if (&User-Name =~ /(a)\./) -> FALSE
(10) } # if (&User-Name) = notfound
(10) } # policy filter_username = notfound
(10) [preprocess] = ok
(10) suffix: Checking for suffix after "@"
(10) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(10) suffix: No such realm "NULL"
(10) [suffix] = noop
(10) eap: Peer sent EAP Response (code 2) ID 64 length 46
(10) eap: Continuing tunnel setup
(10) [eap] = ok
(10) } # authorize = ok
(10) Found Auth-Type = eap
(10) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(10) authenticate {
(10) eap: Expiring EAP session with state 0x8902b1c38142a80a
(10) eap: Finished EAP session with state 0x8902b1c38142a80a
(10) eap: Previous EAP request found for state 0x8902b1c38142a80a, released
from the list
(10) eap: Peer sent packet with method EAP PEAP (25)
(10) eap: Calling submodule eap_peap to process data
(10) eap_peap: Continuing EAP-TLS
(10) eap_peap: [eaptls verify] = ok
(10) eap_peap: Done initial handshake
(10) eap_peap: [eaptls process] = ok
(10) eap_peap: Session established. Decoding tunneled attributes
(10) eap_peap: PEAP state send tlv success
(10) eap_peap: Received EAP-TLV response
(10) eap_peap: Success
(10) eap: Sending EAP Success (code 3) ID 64 length 4
(10) eap: Freeing handler
(10) [eap] = ok
(10) } # authenticate = ok
(10) # Executing section post-auth from file
/etc/freeradius/3.0/sites-enabled/default
(10) post-auth {
(10) if (session-state:User-Name && reply:User-Name &&
request:User-Name && (reply:User-Name == request:User-Name)) {
(10) if (session-state:User-Name && reply:User-Name &&
request:User-Name && (reply:User-Name == request:User-Name)) -> FALSE
(10) update {
(10) &reply::TLS-Session-Cipher-Suite +=
&session-state:TLS-Session-Cipher-Suite[*] -> 'ECDHE-RSA-AES128-GCM-SHA256'
(10) &reply::TLS-Session-Version +=
&session-state:TLS-Session-Version[*] -> 'TLS 1.2'
(10) } # update = noop
(10) [exec] = noop
(10) policy remove_reply_message_if_eap {
(10) if (&reply:EAP-Message && &reply:Reply-Message) {
(10) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(10) else {
(10) [noop] = noop
(10) } # else = noop
(10) } # policy remove_reply_message_if_eap = noop
(10) } # post-auth = noop
(10) Sent Access-Accept Id 232 from [Radius-Server--IP]:1812 to
[AccessPoint-IP]:52784 length 0
(10) MS-MPPE-Recv-Key =
0xc00afb4a5bcb38d545ce954afbe9bd270d9d2d9eff388c9e26334c496739119d
(10) MS-MPPE-Send-Key =
0x0d596e21fc68bc9283e2f40c94a5a23b2ebc525f199b38613ef307594d68d4cc
(10) EAP-Message = 0x03400004
(10) Message-Authenticator = 0x00000000000000000000000000000000
(10) User-Name = "anonymous"
(10) Finished request
Waking up in 4.7 seconds.
2
1
I am attempting to setup a freeRADIUS server in a lab environment on Ubuntu 18.04. This server is used to test a WPA supplicant implementation on a piece of portable hardware. I feel reasonably confident the supplicant and nas (Cisco 2950) are configured correctly. I am very much unfamiliar with freeradius - that means I could get pretty far using the available documentation until I ran into trouble. Now I have no idea what to do.
Everything seems to be working according to the guide up until making production certs. I have performed eapol_test tests using the snakeoil certs.
Note: I have created the user "bob" and still have the pwd "hello" at the top of my "users" file. I am using user "bob" and pwd: "hello" when I attempt to connect from the supplicant
When I create production certs (deployingradius.com instructions) and attempt to authenticate I see the following error (log is followed by excerpts of my .cnf files):
________________________________________________________________________________________
(5) Received Access-Request Id 95 from 192.168.1.150:1812 to 192.168.1.77:1812 length 133
(5) NAS-IP-Address = 192.168.1.150
(5) NAS-Port = 50006
(5) NAS-Port-Type = Ethernet
(5) User-Name = "anonymous"
(5) Called-Station-Id = "00-19-55-14-71-86"
(5) Calling-Station-Id = "00-0E-CC-01-00-12"
(5) Service-Type = Framed-User
(5) Framed-MTU = 1500
(5) EAP-Message = 0x0200000e01616e6f6e796d6f7573
(5) Message-Authenticator = 0xf874795e57a7144af1993e43a9137bb2
(5) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(5) authorize {
(5) policy filter_username {
(5) if (&User-Name) {
(5) if (&User-Name) -> TRUE
(5) if (&User-Name) {
(5) if (&User-Name =~ / /) {
(5) if (&User-Name =~ / /) -> FALSE
(5) if (&User-Name =~ /@[^@]*@/ ) {
(5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(5) if (&User-Name =~ /\.\./ ) {
(5) if (&User-Name =~ /\.\./ ) -> FALSE
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(5) if (&User-Name =~ /\.$/) {
(5) if (&User-Name =~ /\.$/) -> FALSE
(5) if (&User-Name =~ /(a)\./) {
(5) if (&User-Name =~ /(a)\./) -> FALSE
(5) } # if (&User-Name) = notfound
(5) } # policy filter_username = notfound
(5) [preprocess] = ok
(5) [chap] = noop
(5) [mschap] = noop
(5) [digest] = noop
(5) suffix: Checking for suffix after "@"
(5) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(5) suffix: No such realm "NULL"
(5) [suffix] = noop
(5) eap: Peer sent EAP Response (code 2) ID 0 length 14
(5) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(5) [eap] = ok
(5) } # authorize = ok
(5) Found Auth-Type = eap
(5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(5) authenticate {
(5) eap: Peer sent packet with method EAP Identity (1)
(5) eap: Calling submodule eap_md5 to process data
(5) eap_md5: Issuing MD5 Challenge
(5) eap: Sending EAP Request (code 1) ID 1 length 22
(5) eap: EAP session adding &reply:State = 0x4cc7d48a4cc6d040
(5) [eap] = handled
(5) } # authenticate = handled
(5) Using Post-Auth-Type Challenge
(5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(5) Challenge { ... } # empty sub-section is ignored
(5) Sent Access-Challenge Id 95 from 192.168.1.77:1812 to 192.168.1.150:1812 length 0
(5) EAP-Message = 0x01010016041080eea1bd20abc6b82a858b58e295682d
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0x4cc7d48a4cc6d0402157ab210e499381
(5) Finished request
Waking up in 4.9 seconds.
(6) Received Access-Request Id 96 from 192.168.1.150:1812 to 192.168.1.77:1812 length 143
(6) NAS-IP-Address = 192.168.1.150
(6) NAS-Port = 50006
(6) NAS-Port-Type = Ethernet
(6) User-Name = "anonymous"
(6) Called-Station-Id = "00-19-55-14-71-86"
(6) Calling-Station-Id = "00-0E-CC-01-00-12"
(6) Service-Type = Framed-User
(6) Framed-MTU = 1500
(6) State = 0x4cc7d48a4cc6d0402157ab210e499381
(6) EAP-Message = 0x020100060319
(6) Message-Authenticator = 0x879827383b947031784d9d31f879a0be
(6) session-state: No cached attributes
(6) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(6) authorize {
(6) policy filter_username {
(6) if (&User-Name) {
(6) if (&User-Name) -> TRUE
(6) if (&User-Name) {
(6) if (&User-Name =~ / /) {
(6) if (&User-Name =~ / /) -> FALSE
(6) if (&User-Name =~ /@[^@]*@/ ) {
(6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(6) if (&User-Name =~ /\.\./ ) {
(6) if (&User-Name =~ /\.\./ ) -> FALSE
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(6) if (&User-Name =~ /\.$/) {
(6) if (&User-Name =~ /\.$/) -> FALSE
(6) if (&User-Name =~ /(a)\./) {
(6) if (&User-Name =~ /(a)\./) -> FALSE
(6) } # if (&User-Name) = notfound
(6) } # policy filter_username = notfound
(6) [preprocess] = ok
(6) [chap] = noop
(6) [mschap] = noop
(6) [digest] = noop
(6) suffix: Checking for suffix after "@"
(6) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(6) suffix: No such realm "NULL"
(6) [suffix] = noop
(6) eap: Peer sent EAP Response (code 2) ID 1 length 6
(6) eap: No EAP Start, assuming it's an on-going EAP conversation
(6) [eap] = updated
(6) [files] = noop
(6) [expiration] = noop
(6) [logintime] = noop
Not doing PAP as Auth-Type is already set.
(6) [pap] = noop
(6) } # authorize = updated
(6) Found Auth-Type = eap
(6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(6) authenticate {
(6) eap: Expiring EAP session with state 0x4cc7d48a4cc6d040
(6) eap: Finished EAP session with state 0x4cc7d48a4cc6d040
(6) eap: Previous EAP request found for state 0x4cc7d48a4cc6d040, released from the list
(6) eap: Peer sent packet with method EAP NAK (3)
(6) eap: Found mutually acceptable type PEAP (25)
(6) eap: Calling submodule eap_peap to process data
(6) eap_peap: Initiating new TLS session
(6) eap_peap: [eaptls start] = request
(6) eap: Sending EAP Request (code 1) ID 2 length 6
(6) eap: EAP session adding &reply:State = 0x4cc7d48a4dc5cd40
(6) [eap] = handled
(6) } # authenticate = handled
(6) Using Post-Auth-Type Challenge
(6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(6) Challenge { ... } # empty sub-section is ignored
(6) Sent Access-Challenge Id 96 from 192.168.1.77:1812 to 192.168.1.150:1812 length 0
(6) EAP-Message = 0x010200061920
(6) Message-Authenticator = 0x00000000000000000000000000000000
(6) State = 0x4cc7d48a4dc5cd402157ab210e499381
(6) Finished request
Waking up in 4.9 seconds.
(7) Received Access-Request Id 97 from 192.168.1.150:1812 to 192.168.1.77:1812 length 337
(7) NAS-IP-Address = 192.168.1.150
(7) NAS-Port = 50006
(7) NAS-Port-Type = Ethernet
(7) User-Name = "anonymous"
(7) Called-Station-Id = "00-19-55-14-71-86"
(7) Calling-Station-Id = "00-0E-CC-01-00-12"
(7) Service-Type = Framed-User
(7) Framed-MTU = 1500
(7) State = 0x4cc7d48a4dc5cd402157ab210e499381
(7) EAP-Message = 0x020200c81980000000be16030100b9010000b50303cf55ef6b065e75187d44a00b78abdd5a9ee6ee2df1619e75404464ed71f1fe10000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff01000054000b000403000102000a000c000a001d0017001e001900180016000000170000000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602
(7) Message-Authenticator = 0x21101c165e65a656d50272c5b281668d
(7) session-state: No cached attributes
(7) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(7) authorize {
(7) policy filter_username {
(7) if (&User-Name) {
(7) if (&User-Name) -> TRUE
(7) if (&User-Name) {
(7) if (&User-Name =~ / /) {
(7) if (&User-Name =~ / /) -> FALSE
(7) if (&User-Name =~ /@[^@]*@/ ) {
(7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(7) if (&User-Name =~ /\.\./ ) {
(7) if (&User-Name =~ /\.\./ ) -> FALSE
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(7) if (&User-Name =~ /\.$/) {
(7) if (&User-Name =~ /\.$/) -> FALSE
(7) if (&User-Name =~ /(a)\./) {
(7) if (&User-Name =~ /(a)\./) -> FALSE
(7) } # if (&User-Name) = notfound
(7) } # policy filter_username = notfound
(7) [preprocess] = ok
(7) [chap] = noop
(7) [mschap] = noop
(7) [digest] = noop
(7) suffix: Checking for suffix after "@"
(7) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(7) suffix: No such realm "NULL"
(7) [suffix] = noop
(7) eap: Peer sent EAP Response (code 2) ID 2 length 200
(7) eap: Continuing tunnel setup
(7) [eap] = ok
(7) } # authorize = ok
(7) Found Auth-Type = eap
(7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(7) authenticate {
(7) eap: Expiring EAP session with state 0x4cc7d48a4dc5cd40
(7) eap: Finished EAP session with state 0x4cc7d48a4dc5cd40
(7) eap: Previous EAP request found for state 0x4cc7d48a4dc5cd40, released from the list
(7) eap: Peer sent packet with method EAP PEAP (25)
(7) eap: Calling submodule eap_peap to process data
(7) eap_peap: Continuing EAP-TLS
(7) eap_peap: Peer indicated complete TLS record size will be 190 bytes
(7) eap_peap: Got complete TLS record (190 bytes)
(7) eap_peap: [eaptls verify] = length included
(7) eap_peap: (other): before SSL initialization
(7) eap_peap: TLS_accept: before SSL initialization
(7) eap_peap: TLS_accept: before SSL initialization
(7) eap_peap: <<< recv TLS 1.3 [length 00b9]
(7) eap_peap: TLS_accept: SSLv3/TLS read client hello
(7) eap_peap: >>> send TLS 1.2 [length 003d]
(7) eap_peap: TLS_accept: SSLv3/TLS write server hello
(7) eap_peap: >>> send TLS 1.2 [length 02de]
(7) eap_peap: TLS_accept: SSLv3/TLS write certificate
(7) eap_peap: >>> send TLS 1.2 [length 014d]
(7) eap_peap: TLS_accept: SSLv3/TLS write key exchange
(7) eap_peap: >>> send TLS 1.2 [length 0004]
(7) eap_peap: TLS_accept: SSLv3/TLS write server done
(7) eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server done
(7) eap_peap: TLS - In Handshake Phase
(7) eap_peap: TLS - got 1152 bytes of data
(7) eap_peap: [eaptls process] = handled
(7) eap: Sending EAP Request (code 1) ID 3 length 1004
(7) eap: EAP session adding &reply:State = 0x4cc7d48a4ec4cd40
(7) [eap] = handled
(7) } # authenticate = handled
(7) Using Post-Auth-Type Challenge
(7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(7) Challenge { ... } # empty sub-section is ignored
(7) Sent Access-Challenge Id 97 from 192.168.1.77:1812 to 192.168.1.150:1812 length 0
(7) EAP-Message = 0x010303ec19c000000480160303003d020000390303a74cffbf343fd7c8b109ec3ea47ccc50fbb5149af11b6a32ca56d993ea01a8c900c030000011ff01000100000b0004030001020017000016030302de0b0002da0002d70002d4308202d0308201b8a003020102021419d6f93d1218741c7f2fa6ede241a78132b401ac300d06092a864886f70d01010b05003011310f300d06035504030c067562756e7475301e170d3232303132363031313931335a170d3332303132343031313931335a3011310f300d06035504030c067562756e747530820122300d06092a864886f70d01010105000382010f003082010a0282010100d656ad371181abcd6dc6f07509488dc77d22f6155af16aa35c5309c976fa9420fb38f8b8cbc39a1c2bb7eb1feabd7b240773e067e3b5549ffa3f5824a69b1b7784c8f4e63aa63a1cf9749dbc3bc5501053c57cb0a2e259cc980310d47f32f306a6606828c81f64df02505498228575742e23311a7b600705c40465800fe7b8ad76d948
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) State = 0x4cc7d48a4ec4cd402157ab210e499381
(7) Finished request
Waking up in 4.9 seconds.
(8) Received Access-Request Id 98 from 192.168.1.150:1812 to 192.168.1.77:1812 length 143
(8) NAS-IP-Address = 192.168.1.150
(8) NAS-Port = 50006
(8) NAS-Port-Type = Ethernet
(8) User-Name = "anonymous"
(8) Called-Station-Id = "00-19-55-14-71-86"
(8) Calling-Station-Id = "00-0E-CC-01-00-12"
(8) Service-Type = Framed-User
(8) Framed-MTU = 1500
(8) State = 0x4cc7d48a4ec4cd402157ab210e499381
(8) EAP-Message = 0x020300061900
(8) Message-Authenticator = 0xb07b3ba30bd185c45325c3cbd8c40fdb
(8) session-state: No cached attributes
(8) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(8) authorize {
(8) policy filter_username {
(8) if (&User-Name) {
(8) if (&User-Name) -> TRUE
(8) if (&User-Name) {
(8) if (&User-Name =~ / /) {
(8) if (&User-Name =~ / /) -> FALSE
(8) if (&User-Name =~ /@[^@]*@/ ) {
(8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(8) if (&User-Name =~ /\.\./ ) {
(8) if (&User-Name =~ /\.\./ ) -> FALSE
(8) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(8) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(8) if (&User-Name =~ /\.$/) {
(8) if (&User-Name =~ /\.$/) -> FALSE
(8) if (&User-Name =~ /(a)\./) {
(8) if (&User-Name =~ /(a)\./) -> FALSE
(8) } # if (&User-Name) = notfound
(8) } # policy filter_username = notfound
(8) [preprocess] = ok
(8) [chap] = noop
(8) [mschap] = noop
(8) [digest] = noop
(8) suffix: Checking for suffix after "@"
(8) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(8) suffix: No such realm "NULL"
(8) [suffix] = noop
(8) eap: Peer sent EAP Response (code 2) ID 3 length 6
(8) eap: Continuing tunnel setup
(8) [eap] = ok
(8) } # authorize = ok
(8) Found Auth-Type = eap
(8) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(8) authenticate {
(8) eap: Expiring EAP session with state 0x4cc7d48a4ec4cd40
(8) eap: Finished EAP session with state 0x4cc7d48a4ec4cd40
(8) eap: Previous EAP request found for state 0x4cc7d48a4ec4cd40, released from the list
(8) eap: Peer sent packet with method EAP PEAP (25)
(8) eap: Calling submodule eap_peap to process data
(8) eap_peap: Continuing EAP-TLS
(8) eap_peap: Peer ACKed our handshake fragment
(8) eap_peap: [eaptls verify] = request
(8) eap_peap: [eaptls process] = handled
(8) eap: Sending EAP Request (code 1) ID 4 length 164
(8) eap: EAP session adding &reply:State = 0x4cc7d48a4fc3cd40
(8) [eap] = handled
(8) } # authenticate = handled
(8) Using Post-Auth-Type Challenge
(8) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(8) Challenge { ... } # empty sub-section is ignored
(8) Sent Access-Challenge Id 98 from 192.168.1.77:1812 to 192.168.1.150:1812 length 0
(8) EAP-Message = 0x010400a41900c352a5a55dc2ef5120ad94b21b7f13f48a2a0700d2267ad9686e4a0172d1de5157bb1ba0cd637466cdb079b9dcb60ff10f72686dd9c5a12d0ecfafdb4e1da0ccddc99fdff5eaf7f4a069e9f93bf10dcd4e90b13060ce5356ba7ebaf57a6f65f2bdcc2420a76d757d62e0c68016fac9fd9b511c8a01ec5ee2386b32f90bf900501e40fcc9b069dfc900a79eb8d43d3232129ec917b816030300040e000000
(8) Message-Authenticator = 0x00000000000000000000000000000000
(8) State = 0x4cc7d48a4fc3cd402157ab210e499381
(8) Finished request
Waking up in 4.9 seconds.
(9) Received Access-Request Id 99 from 192.168.1.150:1812 to 192.168.1.77:1812 length 154
(9) NAS-IP-Address = 192.168.1.150
(9) NAS-Port = 50006
(9) NAS-Port-Type = Ethernet
(9) User-Name = "anonymous"
(9) Called-Station-Id = "00-19-55-14-71-86"
(9) Calling-Station-Id = "00-0E-CC-01-00-12"
(9) Service-Type = Framed-User
(9) Framed-MTU = 1500
(9) State = 0x4cc7d48a4fc3cd402157ab210e499381
(9) EAP-Message = 0x0204001119800000000715030300020230
(9) Message-Authenticator = 0xb989e88f0ff2acc6ccbde00cbd9deb8a
(9) session-state: No cached attributes
(9) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(9) authorize {
(9) policy filter_username {
(9) if (&User-Name) {
(9) if (&User-Name) -> TRUE
(9) if (&User-Name) {
(9) if (&User-Name =~ / /) {
(9) if (&User-Name =~ / /) -> FALSE
(9) if (&User-Name =~ /@[^@]*@/ ) {
(9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(9) if (&User-Name =~ /\.\./ ) {
(9) if (&User-Name =~ /\.\./ ) -> FALSE
(9) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(9) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(9) if (&User-Name =~ /\.$/) {
(9) if (&User-Name =~ /\.$/) -> FALSE
(9) if (&User-Name =~ /(a)\./) {
(9) if (&User-Name =~ /(a)\./) -> FALSE
(9) } # if (&User-Name) = notfound
(9) } # policy filter_username = notfound
(9) [preprocess] = ok
(9) [chap] = noop
(9) [mschap] = noop
(9) [digest] = noop
(9) suffix: Checking for suffix after "@"
(9) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(9) suffix: No such realm "NULL"
(9) [suffix] = noop
(9) eap: Peer sent EAP Response (code 2) ID 4 length 17
(9) eap: Continuing tunnel setup
(9) [eap] = ok
(9) } # authorize = ok
(9) Found Auth-Type = eap
(9) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(9) authenticate {
(9) eap: Expiring EAP session with state 0x4cc7d48a4fc3cd40
(9) eap: Finished EAP session with state 0x4cc7d48a4fc3cd40
(9) eap: Previous EAP request found for state 0x4cc7d48a4fc3cd40, released from the list
(9) eap: Peer sent packet with method EAP PEAP (25)
(9) eap: Calling submodule eap_peap to process data
(9) eap_peap: Continuing EAP-TLS
(9) eap_peap: Peer indicated complete TLS record size will be 7 bytes
(9) eap_peap: Got complete TLS record (7 bytes)
(9) eap_peap: [eaptls verify] = length included
(9) eap_peap: <<< recv TLS 1.2 [length 0002]
(9) eap_peap: ERROR: TLS Alert read:fatal:unknown CA
(9) eap_peap: TLS_accept: Need to read more data: error
(9) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read): error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
(9) eap_peap: TLS - In Handshake Phase
(9) eap_peap: TLS - Application data.
(9) eap_peap: ERROR: TLS failed during operation
(9) eap_peap: ERROR: [eaptls process] = fail
(9) eap: ERROR: Failed continuing EAP PEAP (25) session. EAP sub-module failed
(9) eap: Sending EAP Failure (code 4) ID 4 length 4
(9) eap: Failed in EAP select
(9) [eap] = invalid
(9) } # authenticate = invalid
(9) Failed to authenticate the user
(9) Using Post-Auth-Type Reject
(9) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(9) Post-Auth-Type REJECT {
(9) attr_filter.access_reject: EXPAND %{User-Name}
(9) attr_filter.access_reject: --> anonymous
(9) attr_filter.access_reject: Matched entry DEFAULT at line 11
(9) [attr_filter.access_reject] = updated
(9) [eap] = noop
(9) policy remove_reply_message_if_eap {
(9) if (&reply:EAP-Message && &reply:Reply-Message) {
(9) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(9) else {
(9) [noop] = noop
(9) } # else = noop
(9) } # policy remove_reply_message_if_eap = noop
(9) } # Post-Auth-Type REJECT = updated
(9) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(9) Sending delayed response
(9) Sent Access-Reject Id 99 from 192.168.1.77:1812 to 192.168.1.150:1812 length 44
(9) EAP-Message = 0x04040004
(9) Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.9 seconds.
(5) Cleaning up request packet ID 95 with timestamp +891
(6) Cleaning up request packet ID 96 with timestamp +891
(7) Cleaning up request packet ID 97 with timestamp +891
(8) Cleaning up request packet ID 98 with timestamp +891
(9) Cleaning up request packet ID 99 with timestamp +891
Ready to process requests
_____________________________________________________
CA.CNF:
prompt = no
distinguished_name = certificate_authority
default_bits = 2048
input_password = whatever
output_password = whatever
x509_extensions = v3_ca
[certificate_authority]
countryName = US
stateOrProvinceName = WI
localityName = Waukesha
organizationName = Company
emailAddress = support(a)example.org
commonName = "Certificate Authority"
____________________________________________________
SERVER.CNF:
prompt = no
distinguished_name = server
default_bits = 2048
input_password = whatever
output_password = whatever
req_extensions = v3_req
[server]
countryName = US
stateOrProvinceName = WI
localityName = Waukesha
organizationName = Company
emailAddress = support(a)example.org
commonName = "Server Certificate"
_______________________________________________________
CLIENT.CNF:
prompt = no
distinguished_name = client
default_bits = 2048
input_password = hello
output_password = hello
[client]
countryName = US
stateOrProvinceName = WI
localityName = Waukesha
organizationName = OpenText Corp
emailAddress = support(a)example.org
commonName = support(a)example.org
_________________________________________________________
NAS info:
Switch# show run | in 192.168.1
ip address 192.168.1.150 255.255.255.0
ip default-gateway 192.168.1.1
radius-server host 192.168.1.77 auth-port 1812 acct-port 1813 key testing123
2
4