radiusd: FreeRADIUS Version 3.0.4, for host x86_64-redhat-linux-gnu, built on Nov 14 2016 at 10:21:43
Copyright (C) 1999-2014 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
including dictionary file /usr/share/freeradius/dictionary.dhcp
including dictionary file /usr/share/freeradius/dictionary.vqp
including dictionary file /etc/raddb/dictionary
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/mods-enabled/
including configuration file /etc/raddb/mods-enabled/exec
including configuration file /etc/raddb/mods-enabled/dynamic_clients
including configuration file /etc/raddb/mods-enabled/sradutmp
including configuration file /etc/raddb/mods-enabled/logintime
including configuration file /etc/raddb/mods-enabled/ntlm_auth
including configuration file /etc/raddb/mods-enabled/detail.log
including configuration file /etc/raddb/mods-enabled/passwd
including configuration file /etc/raddb/mods-enabled/digest
including configuration file /etc/raddb/mods-enabled/expiration
including configuration file /etc/raddb/mods-enabled/wimax
including configuration file /etc/raddb/mods-enabled/detail
including configuration file /etc/raddb/mods-enabled/chap
including configuration file /etc/raddb/mods-enabled/pap
including configuration file /etc/raddb/mods-enabled/mschap
including configuration file /etc/raddb/mods-enabled/soh
including configuration file /etc/raddb/mods-enabled/utf8
including configuration file /etc/raddb/mods-enabled/attr_filter
including configuration file /etc/raddb/mods-enabled/echo
including configuration file /etc/raddb/mods-enabled/cache_eap
including configuration file /etc/raddb/mods-enabled/dhcp
including configuration file /etc/raddb/mods-enabled/eap
including configuration file /etc/raddb/mods-enabled/files
including configuration file /etc/raddb/mods-enabled/preprocess
including configuration file /etc/raddb/mods-enabled/always
including configuration file /etc/raddb/mods-enabled/unpack
including configuration file /etc/raddb/mods-enabled/radutmp
including configuration file /etc/raddb/mods-enabled/unix
including configuration file /etc/raddb/mods-enabled/replicate
including configuration file /etc/raddb/mods-enabled/expr
including configuration file /etc/raddb/mods-enabled/linelog
including configuration file /etc/raddb/mods-enabled/realm
including files in directory /etc/raddb/policy.d/
including configuration file /etc/raddb/policy.d/filter
including configuration file /etc/raddb/policy.d/operator-name
including configuration file /etc/raddb/policy.d/accounting
including configuration file /etc/raddb/policy.d/dhcp
including configuration file /etc/raddb/policy.d/canonicalization
including configuration file /etc/raddb/policy.d/eap
including configuration file /etc/raddb/policy.d/debug
including configuration file /etc/raddb/policy.d/control
including configuration file /etc/raddb/policy.d/cui
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/inner-tunnel
including configuration file /etc/raddb/sites-enabled/default
main {
 security {
 	user = "radiusd"
 	group = "radiusd"
 	allow_core_dumps = no
 }
}
main {
	name = "radiusd"
	prefix = "/usr"
	localstatedir = "/var"
	sbindir = "/usr/sbin"
	logdir = "/var/log/radius"
	run_dir = "/var/run/radiusd"
	libdir = "/usr/lib64/freeradius"
	radacctdir = "/var/log/radius/radacct"
	hostname_lookups = no
	max_request_time = 30
	cleanup_delay = 5
	max_requests = 1024
	pidfile = "/var/run/radiusd/radiusd.pid"
	checkrad = "/usr/sbin/checkrad"
	debug_level = 0
	proxy_requests = yes
 log {
 	stripped_names = no
 	auth = yes
 	auth_badpass = yes
 	auth_goodpass = no
 	colourise = yes
 	msg_denied = "You are already logged in - access denied"
 }
 security {
 	max_attributes = 200
 	reject_delay = 1
 	status_server = yes
 }
}
radiusd: #### Loading Realms and Home Servers ####
 proxy server {
 	retry_delay = 5
 	retry_count = 3
 	default_fallback = no
 	dead_time = 120
 	wake_all_if_all_dead = no
 }
 home_server localhost {
 	ipaddr = 127.0.0.1
 	port = 1812
 	type = "auth"
 	secret = <<< secret >>>
 	response_window = 20.000000
 	response_timeouts = 1
 	max_outstanding = 65536
 	zombie_period = 40
 	status_check = "status-server"
 	ping_interval = 30
 	check_interval = 30
 	check_timeout = 4
 	num_answers_to_alive = 3
 	revive_interval = 120
  coa {
  	irt = 2
  	mrt = 16
  	mrc = 5
  	mrd = 30
  }
  limit {
  	max_connections = 16
  	max_requests = 0
  	lifetime = 0
  	idle_timeout = 0
  }
 }
 home_server_pool my_auth_failover {
	type = fail-over
	home_server = localhost
 }
 realm example.com {
	auth_pool = my_auth_failover
 }
 realm LOCAL {
 }
radiusd: #### Loading Clients ####
 client bts1 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
 	shortname = "BS1"
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client bts1.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client bts2 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
 	shortname = "BS2"
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client bts2.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client bts3 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
 	shortname = "BS3"
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client bts3.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client bts4 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
 	shortname = "BS4"
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client bts4.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client bts5 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
 	shortname = "BS5"
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client bts5.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client bts6 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
 	shortname = "BS6"
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client bts6.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client router1 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
 	shortname = "switch"
 	nas_type = "cisco"
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client router1.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client asr9_router-ea {
 	require_message_authenticator = no
 	secret = <<< secret >>>
 	shortname = "switch"
 	nas_type = "cisco"
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client asr9_router-ea.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client RMS_32switch {
 	require_message_authenticator = no
 	secret = <<< secret >>>
 	shortname = "switch"
 	nas_type = "cisco"
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client RMS_32switch.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client DP1_32switch {
 	require_message_authenticator = no
 	secret = <<< secret >>>
 	shortname = "switch"
 	nas_type = "cisco"
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client DP1_32switch.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client DD_32switch {
 	require_message_authenticator = no
 	secret = <<< secret >>>
 	shortname = "switch"
 	nas_type = "cisco"
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client DD_32switch.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client router2 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
 	shortname = "switch"
 	nas_type = "cisco"
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client router2.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client RMS_33switch {
 	require_message_authenticator = no
 	secret = <<< secret >>>
 	shortname = "switch"
 	nas_type = "cisco"
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client RMS_33switch.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client DP1_33switch {
 	require_message_authenticator = no
 	secret = <<< secret >>>
 	shortname = "switch"
 	nas_type = "cisco"
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client DP1_33switch.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client DD_33switch {
 	require_message_authenticator = no
 	secret = <<< secret >>>
 	shortname = "switch"
 	nas_type = "cisco"
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client DD_33switch.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe1 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe1.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe2 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe2.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe3 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe3.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe4 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe4.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe5 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe5.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe6 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe6.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe7 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe7.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe8 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe8.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe9 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe9.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe10 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe10.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe11 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe11.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe12 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe12.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe13 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe13.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe14 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe14.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe15 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe15.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe16 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe16.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe17 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe17.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe18 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe18.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe19 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe19.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe20 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe20.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe21 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe21.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe22 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe22.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe23 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe23.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe24 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe24.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe25 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe25.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe26 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe26.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe27 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe27.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe28 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe28.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe29 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe29.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe30 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe30.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe31 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe31.  Please fix your configuration
Support for old-style clients will be removed in a future release
 client cpe32 {
 	require_message_authenticator = no
 	secret = <<< secret >>>
  limit {
  	max_connections = 16
  	lifetime = 0
  	idle_timeout = 30
  }
 }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client cpe32.  Please fix your configuration
Support for old-style clients will be removed in a future release
radiusd: #### Instantiating modules ####
 instantiate {
 }
 modules {
  # Loaded module rlm_exec
  # Instantiating module "exec" from file /etc/raddb/mods-enabled/exec
  exec {
  	wait = no
  	input_pairs = "request"
  	shell_escape = yes
  	timeout = 10
  }
  # Loaded module rlm_dynamic_clients
  # Instantiating module "dynamic_clients" from file /etc/raddb/mods-enabled/dynamic_clients
  # Loaded module rlm_radutmp
  # Instantiating module "sradutmp" from file /etc/raddb/mods-enabled/sradutmp
  radutmp sradutmp {
  	filename = "/var/log/radius/sradutmp"
  	username = "%{User-Name}"
  	case_sensitive = yes
  	check_with_nas = yes
  	permissions = 420
  	caller_id = no
  }
  # Loaded module rlm_logintime
  # Instantiating module "logintime" from file /etc/raddb/mods-enabled/logintime
  logintime {
  	minimum_timeout = 60
  }
  # Instantiating module "ntlm_auth" from file /etc/raddb/mods-enabled/ntlm_auth
  exec ntlm_auth {
  	wait = yes
  	program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
  	shell_escape = yes
  }
  # Loaded module rlm_detail
  # Instantiating module "auth_log" from file /etc/raddb/mods-enabled/detail.log
  detail auth_log {
  	filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
  	header = "%t"
  	permissions = 384
  	locking = no
  	log_packet_header = no
  }
rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
  # Instantiating module "reply_log" from file /etc/raddb/mods-enabled/detail.log
  detail reply_log {
  	filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
  	header = "%t"
  	permissions = 384
  	locking = no
  	log_packet_header = no
  }
  # Instantiating module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log
  detail pre_proxy_log {
  	filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
  	header = "%t"
  	permissions = 384
  	locking = no
  	log_packet_header = no
  }
  # Instantiating module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log
  detail post_proxy_log {
  	filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
  	header = "%t"
  	permissions = 384
  	locking = no
  	log_packet_header = no
  }
  # Loaded module rlm_passwd
  # Instantiating module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
  passwd etc_passwd {
  	filename = "/etc/passwd"
  	format = "*User-Name:Crypt-Password:"
  	delimiter = ":"
  	ignore_nislike = no
  	ignore_empty = yes
  	allow_multiple_keys = no
  	hash_size = 100
  }
rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
  # Loaded module rlm_digest
  # Instantiating module "digest" from file /etc/raddb/mods-enabled/digest
  # Loaded module rlm_expiration
  # Instantiating module "expiration" from file /etc/raddb/mods-enabled/expiration
  # Loaded module rlm_wimax
  # Instantiating module "wimax" from file /etc/raddb/mods-enabled/wimax
  wimax {
  	delete_mppe_keys = no
  }
  # Instantiating module "detail" from file /etc/raddb/mods-enabled/detail
  detail {
  	filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  	header = "%t"
  	permissions = 384
  	locking = no
  	log_packet_header = no
  }
  # Loaded module rlm_chap
  # Instantiating module "chap" from file /etc/raddb/mods-enabled/chap
  # Loaded module rlm_pap
  # Instantiating module "pap" from file /etc/raddb/mods-enabled/pap
  pap {
  	normalise = yes
  }
  # Loaded module rlm_mschap
  # Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap
  mschap {
  	use_mppe = yes
  	require_encryption = no
  	require_strong = no
  	with_ntdomain_hack = yes
   passchange {
   }
  	allow_retry = yes
  }
  # Loaded module rlm_soh
  # Instantiating module "soh" from file /etc/raddb/mods-enabled/soh
  soh {
  	dhcp = yes
  }
  # Loaded module rlm_utf8
  # Instantiating module "utf8" from file /etc/raddb/mods-enabled/utf8
  # Loaded module rlm_attr_filter
  # Instantiating module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter
  attr_filter attr_filter.post-proxy {
  	filename = "/etc/raddb/mods-config/attr_filter/post-proxy"
  	key = "%{Realm}"
  	relaxed = no
  }
reading pairlist file /etc/raddb/mods-config/attr_filter/post-proxy
  # Instantiating module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter
  attr_filter attr_filter.pre-proxy {
  	filename = "/etc/raddb/mods-config/attr_filter/pre-proxy"
  	key = "%{Realm}"
  	relaxed = no
  }
reading pairlist file /etc/raddb/mods-config/attr_filter/pre-proxy
  # Instantiating module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter
  attr_filter attr_filter.access_reject {
  	filename = "/etc/raddb/mods-config/attr_filter/access_reject"
  	key = "%{User-Name}"
  	relaxed = no
  }
reading pairlist file /etc/raddb/mods-config/attr_filter/access_reject
  # Instantiating module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter
  attr_filter attr_filter.access_challenge {
  	filename = "/etc/raddb/mods-config/attr_filter/access_challenge"
  	key = "%{User-Name}"
  	relaxed = no
  }
reading pairlist file /etc/raddb/mods-config/attr_filter/access_challenge
  # Instantiating module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter
  attr_filter attr_filter.accounting_response {
  	filename = "/etc/raddb/mods-config/attr_filter/accounting_response"
  	key = "%{User-Name}"
  	relaxed = no
  }
reading pairlist file /etc/raddb/mods-config/attr_filter/accounting_response
  # Instantiating module "echo" from file /etc/raddb/mods-enabled/echo
  exec echo {
  	wait = yes
  	program = "/bin/echo %{User-Name}"
  	input_pairs = "request"
  	output_pairs = "reply"
  	shell_escape = yes
  }
  # Loaded module rlm_cache
  # Instantiating module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
  cache cache_eap {
  	key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
  	ttl = 15
  	max_entries = 16384
  	epoch = 0
  	add_stats = no
  }
  # Loaded module rlm_dhcp
  # Instantiating module "dhcp" from file /etc/raddb/mods-enabled/dhcp
  # Loaded module rlm_eap
  # Instantiating module "eap" from file /etc/raddb/mods-enabled/eap
  eap {
  	default_eap_type = "ttls"
  	timer_expire = 200
  	ignore_unknown_eap_types = no
  	mod_accounting_username_bug = no
  	max_sessions = 1024
  }
   # Linked to sub-module rlm_eap_md5
   # Linked to sub-module rlm_eap_leap
   # Linked to sub-module rlm_eap_gtc
   gtc {
   	challenge = "Password: "
   	auth_type = "PAP"
   }
   # Linked to sub-module rlm_eap_tls
   tls {
   	tls = "tls-common"
   }
   tls-config tls-common {
   	rsa_key_exchange = no
   	dh_key_exchange = yes
   	rsa_key_length = 512
   	dh_key_length = 512
   	verify_depth = 0
   	ca_path = "/etc/raddb/certs"
   	pem_file_type = yes
   	private_key_file = "/etc/raddb/certs/serverkey.pem"
   	certificate_file = "/etc/raddb/certs/servercert.pem"
   	ca_file = "/etc/raddb/certs/cacert.pem"
   	private_key_password = <<< secret >>>
   	dh_file = "/etc/raddb/certs/dh"
   	fragment_size = 1024
   	include_length = yes
   	check_crl = no
   	cipher_list = "DEFAULT"
   	ecdh_curve = "prime256v1"
    cache {
    	enable = yes
    	lifetime = 24
    	max_entries = 255
    }
    verify {
    }
    ocsp {
    	enable = no
    	override_cert_url = yes
    	url = "http://127.0.0.1/ocsp/"
    	use_nonce = yes
    	timeout = 0
    	softfail = yes
    }
   }
   # Linked to sub-module rlm_eap_ttls
   ttls {
   	tls = "tls-common"
   	default_eap_type = "md5"
   	copy_request_to_tunnel = no
   	use_tunneled_reply = no
   	virtual_server = "inner-tunnel"
   	include_length = yes
   	require_client_cert = no
   }
Using cached TLS configuration from previous invocation
   # Linked to sub-module rlm_eap_peap
   peap {
   	tls = "tls-common"
   	default_method = "mschapv2"
   	copy_request_to_tunnel = no
   	use_tunneled_reply = no
   	proxy_tunneled_request_as_eap = yes
   	virtual_server = "inner-tunnel"
   	soh = no
   	require_client_cert = no
   }
Using cached TLS configuration from previous invocation
   # Linked to sub-module rlm_eap_mschapv2
   mschapv2 {
   	with_ntdomain_hack = no
   	send_error = no
   }
  # Loaded module rlm_files
  # Instantiating module "files" from file /etc/raddb/mods-enabled/files
  files {
  	filename = "/etc/raddb/mods-config/files/authorize"
  	usersfile = "/etc/raddb/mods-config/files/authorize"
  	acctusersfile = "/etc/raddb/mods-config/files/accounting"
  	preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy"
  	compat = "cistron"
  }
reading pairlist file /etc/raddb/mods-config/files/authorize
[/etc/raddb/mods-config/files/authorize]:91 Cistron compatibility checks for entry CPE1@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:93 Cistron compatibility checks for entry CPE2@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:95 Cistron compatibility checks for entry CPE3@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:97 Cistron compatibility checks for entry CPE4@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:99 Cistron compatibility checks for entry CPE5@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:101 Cistron compatibility checks for entry CPE5@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:103 Cistron compatibility checks for entry CPE6@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:105 Cistron compatibility checks for entry CPE7@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:107 Cistron compatibility checks for entry CPE8@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:109 Cistron compatibility checks for entry CPE9@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:111 Cistron compatibility checks for entry CPE10@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:113 Cistron compatibility checks for entry CPE11@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:115 Cistron compatibility checks for entry CPE12@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:117 Cistron compatibility checks for entry CPE13@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:119 Cistron compatibility checks for entry CPE14@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:121 Cistron compatibility checks for entry CPE15@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:123 Cistron compatibility checks for entry CPE16@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:125 Cistron compatibility checks for entry CPE17@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:127 Cistron compatibility checks for entry CPE18@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:129 Cistron compatibility checks for entry CPE19@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:131 Cistron compatibility checks for entry CPE20@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:133 Cistron compatibility checks for entry CPE21@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:135 Cistron compatibility checks for entry CPE22@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:137 Cistron compatibility checks for entry CPE23@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:139 Cistron compatibility checks for entry CPE24@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:141 Cistron compatibility checks for entry CPE25@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:143 Cistron compatibility checks for entry CPE26@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:145 Cistron compatibility checks for entry CPE27@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:147 Cistron compatibility checks for entry CPE28@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:149 Cistron compatibility checks for entry CPE29@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:151 Cistron compatibility checks for entry CPE30@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:153 Cistron compatibility checks for entry CPE31@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:155 Cistron compatibility checks for entry CPE32@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:159 Cistron compatibility checks for entry dummy ...
[/etc/raddb/mods-config/files/authorize]:163 Cistron compatibility checks for entry cisco ...
[/etc/raddb/mods-config/files/authorize]:169 Cistron compatibility checks for entry admin ...
reading pairlist file /etc/raddb/mods-config/files/authorize
[/etc/raddb/mods-config/files/authorize]:91 Cistron compatibility checks for entry CPE1@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:93 Cistron compatibility checks for entry CPE2@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:95 Cistron compatibility checks for entry CPE3@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:97 Cistron compatibility checks for entry CPE4@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:99 Cistron compatibility checks for entry CPE5@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:101 Cistron compatibility checks for entry CPE5@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:103 Cistron compatibility checks for entry CPE6@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:105 Cistron compatibility checks for entry CPE7@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:107 Cistron compatibility checks for entry CPE8@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:109 Cistron compatibility checks for entry CPE9@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:111 Cistron compatibility checks for entry CPE10@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:113 Cistron compatibility checks for entry CPE11@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:115 Cistron compatibility checks for entry CPE12@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:117 Cistron compatibility checks for entry CPE13@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:119 Cistron compatibility checks for entry CPE14@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:121 Cistron compatibility checks for entry CPE15@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:123 Cistron compatibility checks for entry CPE16@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:125 Cistron compatibility checks for entry CPE17@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:127 Cistron compatibility checks for entry CPE18@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:129 Cistron compatibility checks for entry CPE19@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:131 Cistron compatibility checks for entry CPE20@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:133 Cistron compatibility checks for entry CPE21@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:135 Cistron compatibility checks for entry CPE22@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:137 Cistron compatibility checks for entry CPE23@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:139 Cistron compatibility checks for entry CPE24@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:141 Cistron compatibility checks for entry CPE25@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:143 Cistron compatibility checks for entry CPE26@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:145 Cistron compatibility checks for entry CPE27@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:147 Cistron compatibility checks for entry CPE28@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:149 Cistron compatibility checks for entry CPE29@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:151 Cistron compatibility checks for entry CPE30@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:153 Cistron compatibility checks for entry CPE31@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:155 Cistron compatibility checks for entry CPE32@siemens.com ...
[/etc/raddb/mods-config/files/authorize]:159 Cistron compatibility checks for entry dummy ...
[/etc/raddb/mods-config/files/authorize]:163 Cistron compatibility checks for entry cisco ...
[/etc/raddb/mods-config/files/authorize]:169 Cistron compatibility checks for entry admin ...
reading pairlist file /etc/raddb/mods-config/files/accounting
reading pairlist file /etc/raddb/mods-config/files/pre-proxy
  # Loaded module rlm_preprocess
  # Instantiating module "preprocess" from file /etc/raddb/mods-enabled/preprocess
  preprocess {
  	huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups"
  	hints = "/etc/raddb/mods-config/preprocess/hints"
  	with_ascend_hack = no
  	ascend_channels_per_line = 23
  	with_ntdomain_hack = no
  	with_specialix_jetstream_hack = no
  	with_cisco_vsa_hack = no
  	with_alvarion_vsa_hack = no
  }
reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups
reading pairlist file /etc/raddb/mods-config/preprocess/hints
  # Loaded module rlm_always
  # Instantiating module "reject" from file /etc/raddb/mods-enabled/always
  always reject {
  	rcode = "reject"
  	simulcount = 0
  	mpp = no
  }
  # Instantiating module "fail" from file /etc/raddb/mods-enabled/always
  always fail {
  	rcode = "fail"
  	simulcount = 0
  	mpp = no
  }
  # Instantiating module "ok" from file /etc/raddb/mods-enabled/always
  always ok {
  	rcode = "ok"
  	simulcount = 0
  	mpp = no
  }
  # Instantiating module "handled" from file /etc/raddb/mods-enabled/always
  always handled {
  	rcode = "handled"
  	simulcount = 0
  	mpp = no
  }
  # Instantiating module "invalid" from file /etc/raddb/mods-enabled/always
  always invalid {
  	rcode = "invalid"
  	simulcount = 0
  	mpp = no
  }
  # Instantiating module "userlock" from file /etc/raddb/mods-enabled/always
  always userlock {
  	rcode = "userlock"
  	simulcount = 0
  	mpp = no
  }
  # Instantiating module "notfound" from file /etc/raddb/mods-enabled/always
  always notfound {
  	rcode = "notfound"
  	simulcount = 0
  	mpp = no
  }
  # Instantiating module "noop" from file /etc/raddb/mods-enabled/always
  always noop {
  	rcode = "noop"
  	simulcount = 0
  	mpp = no
  }
  # Instantiating module "updated" from file /etc/raddb/mods-enabled/always
  always updated {
  	rcode = "updated"
  	simulcount = 0
  	mpp = no
  }
  # Loaded module rlm_unpack
  # Instantiating module "unpack" from file /etc/raddb/mods-enabled/unpack
  # Instantiating module "radutmp" from file /etc/raddb/mods-enabled/radutmp
  radutmp {
  	filename = "/var/log/radius/radutmp"
  	username = "%{User-Name}"
  	case_sensitive = yes
  	check_with_nas = yes
  	permissions = 384
  	caller_id = yes
  }
  # Loaded module rlm_unix
  # Instantiating module "unix" from file /etc/raddb/mods-enabled/unix
  unix {
  	radwtmp = "/var/log/radius/radwtmp"
  }
  # Loaded module rlm_replicate
  # Instantiating module "replicate" from file /etc/raddb/mods-enabled/replicate
  # Loaded module rlm_expr
  # Instantiating module "expr" from file /etc/raddb/mods-enabled/expr
  expr {
  	safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  }
  # Loaded module rlm_linelog
  # Instantiating module "linelog" from file /etc/raddb/mods-enabled/linelog
  linelog {
  	filename = "/var/log/radius/linelog"
  	permissions = 384
  	format = "This is a log message for %{User-Name}"
  	reference = "messages.%{%{Packet-Type}:-default}"
  }
  # Instantiating module "log_accounting" from file /etc/raddb/mods-enabled/linelog
  linelog log_accounting {
  	filename = "/var/log/radius/linelog-accounting"
  	permissions = 384
  	format = ""
  	reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
  }
  # Loaded module rlm_realm
  # Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm
  realm IPASS {
  	format = "prefix"
  	delimiter = "/"
  	ignore_default = no
  	ignore_null = no
  }
  # Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm
  realm suffix {
  	format = "suffix"
  	delimiter = "@"
  	ignore_default = no
  	ignore_null = no
  }
  # Instantiating module "realmpercent" from file /etc/raddb/mods-enabled/realm
  realm realmpercent {
  	format = "suffix"
  	delimiter = "%"
  	ignore_default = no
  	ignore_null = no
  }
  # Instantiating module "ntdomain" from file /etc/raddb/mods-enabled/realm
  realm ntdomain {
  	format = "prefix"
  	delimiter = "\"
  	ignore_default = no
  	ignore_null = no
  }
 } # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/raddb/radiusd.conf
} # server
server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
 # Loading authenticate {...}
 # Loading authorize {...}
Ignoring "sql" (see raddb/mods-available/README.rst)
Ignoring "ldap" (see raddb/mods-available/README.rst)
 # Loading session {...}
 # Loading post-proxy {...}
 # Loading post-auth {...}
} # server inner-tunnel
server default { # from file /etc/raddb/sites-enabled/default
 # Creating Auth-Type = digest
 # Loading authenticate {...}
 # Loading authorize {...}
 # Loading preacct {...}
 # Loading accounting {...}
 # Loading post-proxy {...}
 # Loading post-auth {...}
} # server default
radiusd: #### Opening IP addresses and Ports ####
listen {
  	type = "auth"
  	ipaddr = 127.0.0.1
  	port = 18120
}
listen {
  	type = "auth"
  	ipaddr = *
  	port = 0
   limit {
   	max_connections = 16
   	lifetime = 0
   	idle_timeout = 30
   }
}
listen {
  	type = "acct"
  	ipaddr = *
  	port = 0
   limit {
   	max_connections = 16
   	lifetime = 0
   	idle_timeout = 30
   }
}
listen {
  	type = "auth"
  	ipv6addr = ::
  	port = 0
   limit {
   	max_connections = 16
   	lifetime = 0
   	idle_timeout = 30
   }
}
listen {
  	type = "acct"
  	ipv6addr = ::
  	port = 0
   limit {
   	max_connections = 16
   	lifetime = 0
   	idle_timeout = 30
   }
}
Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel
Listening on auth address * port 1812 as server default
Listening on acct address * port 1813 as server default
Listening on auth address :: port 1812 as server default
Listening on acct address :: port 1813 as server default
Opening new proxy socket 'proxy address * port 0'
Listening on proxy address * port 38802
Ready to process requests
Received Access-Request Id 1 from 192.168.99.121:49210 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(0) Received Access-Request packet from host 192.168.99.121 port 49210, id=1, length=49
(0) 	NAS-Identifier = 'BS'
(0) 	User-Name = 'dummy'
(0) 	User-Password = '*PASSWORD*'
(0) # Executing section authorize from file /etc/raddb/sites-enabled/default
(0)   authorize {
(0)   filter_username filter_username {
(0)     if (!&User-Name) 
(0)     if (!&User-Name)  -> FALSE
(0)     if (&User-Name =~ / /) 
(0)     if (&User-Name =~ / /)  -> FALSE
(0)     if (&User-Name =~ /@.*@/ ) 
(0)     if (&User-Name =~ /@.*@/ )  -> FALSE
(0)     if (&User-Name =~ /\\.\\./ ) 
(0)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(0)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(0)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(0)     if (&User-Name =~ /\\.$/)  
(0)     if (&User-Name =~ /\\.$/)   -> FALSE
(0)     if (&User-Name =~ /@\\./)  
(0)     if (&User-Name =~ /@\\./)   -> FALSE
(0)   } # filter_username filter_username = notfound
(0)   [preprocess] = ok
(0)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(0)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(0)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(0)  auth_log : EXPAND %t
(0)  auth_log :    --> Wed Feb 14 20:03:20 2018
(0)   [auth_log] = ok
(0)   [chap] = noop
(0)   [mschap] = noop
(0)   [digest] = noop
(0)   [wimax] = noop
(0)  suffix : Checking for suffix after "@"
(0)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(0)  suffix : No such realm "NULL"
(0)   [suffix] = noop
(0)  eap : No EAP-Message, not doing EAP
(0)   [eap] = noop
(0)  files : users: Matched entry dummy at line 159
(0)   [files] = ok
(0)   [expiration] = noop
(0)   [logintime] = noop
(0)   [pap] = updated
(0)  } #  authorize = updated
(0) Found Auth-Type = PAP
(0) # Executing group from file /etc/raddb/sites-enabled/default
(0)  Auth-Type PAP {
(0)  pap : Login attempt with password
(0)  pap : User authenticated successfully
(0)   [pap] = ok
(0)  } # Auth-Type PAP = ok
(0) Login OK: [dummy] (from client BS1 port 0)
(0) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(0)   post-auth {
(0)   [exec] = noop
(0)   update reply {
(0) 	Session-Timeout := 1800
(0)   } # update reply = noop
(0)   remove_reply_message_if_eap remove_reply_message_if_eap {
(0)     if (&reply:EAP-Message && &reply:Reply-Message) 
(0)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(0)    else else {
(0)     [noop] = noop
(0)    } # else else = noop
(0)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(0)  } #  post-auth = noop
(0) Sending Access-Accept packet to host 192.168.99.121 port 49210, id=1, length=0
(0) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.121:49210
	Session-Timeout := 1800
(0) Finished request
Waking up in 0.3 seconds.
Waking up in 4.6 seconds.
Received Access-Request Id 1 from 192.168.99.123:49286 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(1) Received Access-Request packet from host 192.168.99.123 port 49286, id=1, length=49
(1) 	NAS-Identifier = 'BS'
(1) 	User-Name = 'dummy'
(1) 	User-Password = '*PASSWORD*'
(1) # Executing section authorize from file /etc/raddb/sites-enabled/default
(1)   authorize {
(1)   filter_username filter_username {
(1)     if (!&User-Name) 
(1)     if (!&User-Name)  -> FALSE
(1)     if (&User-Name =~ / /) 
(1)     if (&User-Name =~ / /)  -> FALSE
(1)     if (&User-Name =~ /@.*@/ ) 
(1)     if (&User-Name =~ /@.*@/ )  -> FALSE
(1)     if (&User-Name =~ /\\.\\./ ) 
(1)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(1)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(1)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(1)     if (&User-Name =~ /\\.$/)  
(1)     if (&User-Name =~ /\\.$/)   -> FALSE
(1)     if (&User-Name =~ /@\\./)  
(1)     if (&User-Name =~ /@\\./)   -> FALSE
(1)   } # filter_username filter_username = notfound
(1)   [preprocess] = ok
(1)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(1)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(1)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(1)  auth_log : EXPAND %t
(1)  auth_log :    --> Wed Feb 14 20:03:24 2018
(1)   [auth_log] = ok
(1)   [chap] = noop
(1)   [mschap] = noop
(1)   [digest] = noop
(1)   [wimax] = noop
(1)  suffix : Checking for suffix after "@"
(1)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(1)  suffix : No such realm "NULL"
(1)   [suffix] = noop
(1)  eap : No EAP-Message, not doing EAP
(1)   [eap] = noop
(1)  files : users: Matched entry dummy at line 159
(1)   [files] = ok
(1)   [expiration] = noop
(1)   [logintime] = noop
(1)   [pap] = updated
(1)  } #  authorize = updated
(1) Found Auth-Type = PAP
(1) # Executing group from file /etc/raddb/sites-enabled/default
(1)  Auth-Type PAP {
(1)  pap : Login attempt with password
(1)  pap : User authenticated successfully
(1)   [pap] = ok
(1)  } # Auth-Type PAP = ok
(1) Login OK: [dummy] (from client BS3 port 0)
(1) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(1)   post-auth {
(1)   [exec] = noop
(1)   update reply {
(1) 	Session-Timeout := 1800
(1)   } # update reply = noop
(1)   remove_reply_message_if_eap remove_reply_message_if_eap {
(1)     if (&reply:EAP-Message && &reply:Reply-Message) 
(1)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(1)    else else {
(1)     [noop] = noop
(1)    } # else else = noop
(1)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(1)  } #  post-auth = noop
(1) Sending Access-Accept packet to host 192.168.99.123 port 49286, id=1, length=0
(1) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.123:49286
	Session-Timeout := 1800
(1) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 1 from 192.168.99.124:49285 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(2) Received Access-Request packet from host 192.168.99.124 port 49285, id=1, length=49
(2) 	NAS-Identifier = 'BS'
(2) 	User-Name = 'dummy'
(2) 	User-Password = '*PASSWORD*'
(2) # Executing section authorize from file /etc/raddb/sites-enabled/default
(2)   authorize {
(2)   filter_username filter_username {
(2)     if (!&User-Name) 
(2)     if (!&User-Name)  -> FALSE
(2)     if (&User-Name =~ / /) 
(2)     if (&User-Name =~ / /)  -> FALSE
(2)     if (&User-Name =~ /@.*@/ ) 
(2)     if (&User-Name =~ /@.*@/ )  -> FALSE
(2)     if (&User-Name =~ /\\.\\./ ) 
(2)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(2)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(2)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(2)     if (&User-Name =~ /\\.$/)  
(2)     if (&User-Name =~ /\\.$/)   -> FALSE
(2)     if (&User-Name =~ /@\\./)  
(2)     if (&User-Name =~ /@\\./)   -> FALSE
(2)   } # filter_username filter_username = notfound
(2)   [preprocess] = ok
(2)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(2)  auth_log :    --> /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(2)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(2)  auth_log : EXPAND %t
(2)  auth_log :    --> Wed Feb 14 20:03:24 2018
(2)   [auth_log] = ok
(2)   [chap] = noop
(2)   [mschap] = noop
(2)   [digest] = noop
(2)   [wimax] = noop
(2)  suffix : Checking for suffix after "@"
(2)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(2)  suffix : No such realm "NULL"
(2)   [suffix] = noop
(2)  eap : No EAP-Message, not doing EAP
(2)   [eap] = noop
(2)  files : users: Matched entry dummy at line 159
(2)   [files] = ok
(2)   [expiration] = noop
(2)   [logintime] = noop
(2)   [pap] = updated
(2)  } #  authorize = updated
(2) Found Auth-Type = PAP
(2) # Executing group from file /etc/raddb/sites-enabled/default
(2)  Auth-Type PAP {
(2)  pap : Login attempt with password
(2)  pap : User authenticated successfully
(2)   [pap] = ok
(2)  } # Auth-Type PAP = ok
(2) Login OK: [dummy] (from client BS4 port 0)
(2) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(2)   post-auth {
(2)   [exec] = noop
(2)   update reply {
(2) 	Session-Timeout := 1800
(2)   } # update reply = noop
(2)   remove_reply_message_if_eap remove_reply_message_if_eap {
(2)     if (&reply:EAP-Message && &reply:Reply-Message) 
(2)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(2)    else else {
(2)     [noop] = noop
(2)    } # else else = noop
(2)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(2)  } #  post-auth = noop
(2) Sending Access-Accept packet to host 192.168.99.124 port 49285, id=1, length=0
(2) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.124:49285
	Session-Timeout := 1800
(2) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 1 from 192.168.99.122:49321 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(3) Received Access-Request packet from host 192.168.99.122 port 49321, id=1, length=49
(3) 	NAS-Identifier = 'BS'
(3) 	User-Name = 'dummy'
(3) 	User-Password = '*PASSWORD*'
(3) # Executing section authorize from file /etc/raddb/sites-enabled/default
(3)   authorize {
(3)   filter_username filter_username {
(3)     if (!&User-Name) 
(3)     if (!&User-Name)  -> FALSE
(3)     if (&User-Name =~ / /) 
(3)     if (&User-Name =~ / /)  -> FALSE
(3)     if (&User-Name =~ /@.*@/ ) 
(3)     if (&User-Name =~ /@.*@/ )  -> FALSE
(3)     if (&User-Name =~ /\\.\\./ ) 
(3)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(3)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(3)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(3)     if (&User-Name =~ /\\.$/)  
(3)     if (&User-Name =~ /\\.$/)   -> FALSE
(3)     if (&User-Name =~ /@\\./)  
(3)     if (&User-Name =~ /@\\./)   -> FALSE
(3)   } # filter_username filter_username = notfound
(3)   [preprocess] = ok
(3)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(3)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(3)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(3)  auth_log : EXPAND %t
(3)  auth_log :    --> Wed Feb 14 20:03:24 2018
(3)   [auth_log] = ok
(3)   [chap] = noop
(3)   [mschap] = noop
(3)   [digest] = noop
(3)   [wimax] = noop
(3)  suffix : Checking for suffix after "@"
(3)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(3)  suffix : No such realm "NULL"
(3)   [suffix] = noop
(3)  eap : No EAP-Message, not doing EAP
(3)   [eap] = noop
(3)  files : users: Matched entry dummy at line 159
(3)   [files] = ok
(3)   [expiration] = noop
(3)   [logintime] = noop
(3)   [pap] = updated
(3)  } #  authorize = updated
(3) Found Auth-Type = PAP
(3) # Executing group from file /etc/raddb/sites-enabled/default
(3)  Auth-Type PAP {
(3)  pap : Login attempt with password
(3)  pap : User authenticated successfully
(3)   [pap] = ok
(3)  } # Auth-Type PAP = ok
(3) Login OK: [dummy] (from client BS2 port 0)
(3) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(3)   post-auth {
(3)   [exec] = noop
(3)   update reply {
(3) 	Session-Timeout := 1800
(3)   } # update reply = noop
(3)   remove_reply_message_if_eap remove_reply_message_if_eap {
(3)     if (&reply:EAP-Message && &reply:Reply-Message) 
(3)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(3)    else else {
(3)     [noop] = noop
(3)    } # else else = noop
(3)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(3)  } #  post-auth = noop
(3) Sending Access-Accept packet to host 192.168.99.122 port 49321, id=1, length=0
(3) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.122:49321
	Session-Timeout := 1800
(3) Finished request
Waking up in 0.2 seconds.
Waking up in 0.5 seconds.
(0) Cleaning up request packet ID 1 with timestamp +4
Waking up in 3.8 seconds.
(1) Cleaning up request packet ID 1 with timestamp +8
(2) Cleaning up request packet ID 1 with timestamp +8
Waking up in 0.2 seconds.
(3) Cleaning up request packet ID 1 with timestamp +8
Ready to process requests
Received Access-Request Id 1 from 192.168.99.121:49210 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(4) Received Access-Request packet from host 192.168.99.121 port 49210, id=1, length=49
(4) 	NAS-Identifier = 'BS'
(4) 	User-Name = 'dummy'
(4) 	User-Password = '*PASSWORD*'
(4) # Executing section authorize from file /etc/raddb/sites-enabled/default
(4)   authorize {
(4)   filter_username filter_username {
(4)     if (!&User-Name) 
(4)     if (!&User-Name)  -> FALSE
(4)     if (&User-Name =~ / /) 
(4)     if (&User-Name =~ / /)  -> FALSE
(4)     if (&User-Name =~ /@.*@/ ) 
(4)     if (&User-Name =~ /@.*@/ )  -> FALSE
(4)     if (&User-Name =~ /\\.\\./ ) 
(4)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(4)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(4)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(4)     if (&User-Name =~ /\\.$/)  
(4)     if (&User-Name =~ /\\.$/)   -> FALSE
(4)     if (&User-Name =~ /@\\./)  
(4)     if (&User-Name =~ /@\\./)   -> FALSE
(4)   } # filter_username filter_username = notfound
(4)   [preprocess] = ok
(4)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(4)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(4)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(4)  auth_log : EXPAND %t
(4)  auth_log :    --> Wed Feb 14 20:03:30 2018
(4)   [auth_log] = ok
(4)   [chap] = noop
(4)   [mschap] = noop
(4)   [digest] = noop
(4)   [wimax] = noop
(4)  suffix : Checking for suffix after "@"
(4)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(4)  suffix : No such realm "NULL"
(4)   [suffix] = noop
(4)  eap : No EAP-Message, not doing EAP
(4)   [eap] = noop
(4)  files : users: Matched entry dummy at line 159
(4)   [files] = ok
(4)   [expiration] = noop
(4)   [logintime] = noop
(4)   [pap] = updated
(4)  } #  authorize = updated
(4) Found Auth-Type = PAP
(4) # Executing group from file /etc/raddb/sites-enabled/default
(4)  Auth-Type PAP {
(4)  pap : Login attempt with password
(4)  pap : User authenticated successfully
(4)   [pap] = ok
(4)  } # Auth-Type PAP = ok
(4) Login OK: [dummy] (from client BS1 port 0)
(4) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(4)   post-auth {
(4)   [exec] = noop
(4)   update reply {
(4) 	Session-Timeout := 1800
(4)   } # update reply = noop
(4)   remove_reply_message_if_eap remove_reply_message_if_eap {
(4)     if (&reply:EAP-Message && &reply:Reply-Message) 
(4)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(4)    else else {
(4)     [noop] = noop
(4)    } # else else = noop
(4)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(4)  } #  post-auth = noop
(4) Sending Access-Accept packet to host 192.168.99.121 port 49210, id=1, length=0
(4) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.121:49210
	Session-Timeout := 1800
(4) Finished request
Waking up in 0.3 seconds.
Waking up in 4.6 seconds.
Received Access-Request Id 1 from 192.168.99.123:49286 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(5) Received Access-Request packet from host 192.168.99.123 port 49286, id=1, length=49
(5) 	NAS-Identifier = 'BS'
(5) 	User-Name = 'dummy'
(5) 	User-Password = '*PASSWORD*'
(5) # Executing section authorize from file /etc/raddb/sites-enabled/default
(5)   authorize {
(5)   filter_username filter_username {
(5)     if (!&User-Name) 
(5)     if (!&User-Name)  -> FALSE
(5)     if (&User-Name =~ / /) 
(5)     if (&User-Name =~ / /)  -> FALSE
(5)     if (&User-Name =~ /@.*@/ ) 
(5)     if (&User-Name =~ /@.*@/ )  -> FALSE
(5)     if (&User-Name =~ /\\.\\./ ) 
(5)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(5)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(5)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(5)     if (&User-Name =~ /\\.$/)  
(5)     if (&User-Name =~ /\\.$/)   -> FALSE
(5)     if (&User-Name =~ /@\\./)  
(5)     if (&User-Name =~ /@\\./)   -> FALSE
(5)   } # filter_username filter_username = notfound
(5)   [preprocess] = ok
(5)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(5)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(5)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(5)  auth_log : EXPAND %t
(5)  auth_log :    --> Wed Feb 14 20:03:34 2018
(5)   [auth_log] = ok
(5)   [chap] = noop
(5)   [mschap] = noop
(5)   [digest] = noop
(5)   [wimax] = noop
(5)  suffix : Checking for suffix after "@"
(5)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(5)  suffix : No such realm "NULL"
(5)   [suffix] = noop
(5)  eap : No EAP-Message, not doing EAP
(5)   [eap] = noop
(5)  files : users: Matched entry dummy at line 159
(5)   [files] = ok
(5)   [expiration] = noop
(5)   [logintime] = noop
(5)   [pap] = updated
(5)  } #  authorize = updated
(5) Found Auth-Type = PAP
(5) # Executing group from file /etc/raddb/sites-enabled/default
(5)  Auth-Type PAP {
(5)  pap : Login attempt with password
(5)  pap : User authenticated successfully
(5)   [pap] = ok
(5)  } # Auth-Type PAP = ok
(5) Login OK: [dummy] (from client BS3 port 0)
(5) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(5)   post-auth {
(5)   [exec] = noop
(5)   update reply {
(5) 	Session-Timeout := 1800
(5)   } # update reply = noop
(5)   remove_reply_message_if_eap remove_reply_message_if_eap {
(5)     if (&reply:EAP-Message && &reply:Reply-Message) 
(5)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(5)    else else {
(5)     [noop] = noop
(5)    } # else else = noop
(5)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(5)  } #  post-auth = noop
(5) Sending Access-Accept packet to host 192.168.99.123 port 49286, id=1, length=0
(5) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.123:49286
	Session-Timeout := 1800
(5) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 1 from 192.168.99.124:49285 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(6) Received Access-Request packet from host 192.168.99.124 port 49285, id=1, length=49
(6) 	NAS-Identifier = 'BS'
(6) 	User-Name = 'dummy'
(6) 	User-Password = '*PASSWORD*'
(6) # Executing section authorize from file /etc/raddb/sites-enabled/default
(6)   authorize {
(6)   filter_username filter_username {
(6)     if (!&User-Name) 
(6)     if (!&User-Name)  -> FALSE
(6)     if (&User-Name =~ / /) 
(6)     if (&User-Name =~ / /)  -> FALSE
(6)     if (&User-Name =~ /@.*@/ ) 
(6)     if (&User-Name =~ /@.*@/ )  -> FALSE
(6)     if (&User-Name =~ /\\.\\./ ) 
(6)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(6)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(6)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(6)     if (&User-Name =~ /\\.$/)  
(6)     if (&User-Name =~ /\\.$/)   -> FALSE
(6)     if (&User-Name =~ /@\\./)  
(6)     if (&User-Name =~ /@\\./)   -> FALSE
(6)   } # filter_username filter_username = notfound
(6)   [preprocess] = ok
(6)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(6)  auth_log :    --> /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(6)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(6)  auth_log : EXPAND %t
(6)  auth_log :    --> Wed Feb 14 20:03:34 2018
(6)   [auth_log] = ok
(6)   [chap] = noop
(6)   [mschap] = noop
(6)   [digest] = noop
(6)   [wimax] = noop
(6)  suffix : Checking for suffix after "@"
(6)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(6)  suffix : No such realm "NULL"
(6)   [suffix] = noop
(6)  eap : No EAP-Message, not doing EAP
(6)   [eap] = noop
(6)  files : users: Matched entry dummy at line 159
(6)   [files] = ok
(6)   [expiration] = noop
(6)   [logintime] = noop
(6)   [pap] = updated
(6)  } #  authorize = updated
(6) Found Auth-Type = PAP
(6) # Executing group from file /etc/raddb/sites-enabled/default
(6)  Auth-Type PAP {
(6)  pap : Login attempt with password
(6)  pap : User authenticated successfully
(6)   [pap] = ok
(6)  } # Auth-Type PAP = ok
(6) Login OK: [dummy] (from client BS4 port 0)
(6) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(6)   post-auth {
(6)   [exec] = noop
(6)   update reply {
(6) 	Session-Timeout := 1800
(6)   } # update reply = noop
(6)   remove_reply_message_if_eap remove_reply_message_if_eap {
(6)     if (&reply:EAP-Message && &reply:Reply-Message) 
(6)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(6)    else else {
(6)     [noop] = noop
(6)    } # else else = noop
(6)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(6)  } #  post-auth = noop
(6) Sending Access-Accept packet to host 192.168.99.124 port 49285, id=1, length=0
(6) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.124:49285
	Session-Timeout := 1800
(6) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 1 from 192.168.99.122:49321 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(7) Received Access-Request packet from host 192.168.99.122 port 49321, id=1, length=49
(7) 	NAS-Identifier = 'BS'
(7) 	User-Name = 'dummy'
(7) 	User-Password = '*PASSWORD*'
(7) # Executing section authorize from file /etc/raddb/sites-enabled/default
(7)   authorize {
(7)   filter_username filter_username {
(7)     if (!&User-Name) 
(7)     if (!&User-Name)  -> FALSE
(7)     if (&User-Name =~ / /) 
(7)     if (&User-Name =~ / /)  -> FALSE
(7)     if (&User-Name =~ /@.*@/ ) 
(7)     if (&User-Name =~ /@.*@/ )  -> FALSE
(7)     if (&User-Name =~ /\\.\\./ ) 
(7)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(7)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(7)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(7)     if (&User-Name =~ /\\.$/)  
(7)     if (&User-Name =~ /\\.$/)   -> FALSE
(7)     if (&User-Name =~ /@\\./)  
(7)     if (&User-Name =~ /@\\./)   -> FALSE
(7)   } # filter_username filter_username = notfound
(7)   [preprocess] = ok
(7)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(7)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(7)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(7)  auth_log : EXPAND %t
(7)  auth_log :    --> Wed Feb 14 20:03:34 2018
(7)   [auth_log] = ok
(7)   [chap] = noop
(7)   [mschap] = noop
(7)   [digest] = noop
(7)   [wimax] = noop
(7)  suffix : Checking for suffix after "@"
(7)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(7)  suffix : No such realm "NULL"
(7)   [suffix] = noop
(7)  eap : No EAP-Message, not doing EAP
(7)   [eap] = noop
(7)  files : users: Matched entry dummy at line 159
(7)   [files] = ok
(7)   [expiration] = noop
(7)   [logintime] = noop
(7)   [pap] = updated
(7)  } #  authorize = updated
(7) Found Auth-Type = PAP
(7) # Executing group from file /etc/raddb/sites-enabled/default
(7)  Auth-Type PAP {
(7)  pap : Login attempt with password
(7)  pap : User authenticated successfully
(7)   [pap] = ok
(7)  } # Auth-Type PAP = ok
(7) Login OK: [dummy] (from client BS2 port 0)
(7) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(7)   post-auth {
(7)   [exec] = noop
(7)   update reply {
(7) 	Session-Timeout := 1800
(7)   } # update reply = noop
(7)   remove_reply_message_if_eap remove_reply_message_if_eap {
(7)     if (&reply:EAP-Message && &reply:Reply-Message) 
(7)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(7)    else else {
(7)     [noop] = noop
(7)    } # else else = noop
(7)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(7)  } #  post-auth = noop
(7) Sending Access-Accept packet to host 192.168.99.122 port 49321, id=1, length=0
(7) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.122:49321
	Session-Timeout := 1800
(7) Finished request
Waking up in 0.2 seconds.
Waking up in 0.5 seconds.
(4) Cleaning up request packet ID 1 with timestamp +14
Waking up in 3.8 seconds.
(5) Cleaning up request packet ID 1 with timestamp +18
(6) Cleaning up request packet ID 1 with timestamp +18
Waking up in 0.2 seconds.
(7) Cleaning up request packet ID 1 with timestamp +18
Ready to process requests
Received Access-Request Id 1 from 192.168.99.121:49210 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(8) Received Access-Request packet from host 192.168.99.121 port 49210, id=1, length=49
(8) 	NAS-Identifier = 'BS'
(8) 	User-Name = 'dummy'
(8) 	User-Password = '*PASSWORD*'
(8) # Executing section authorize from file /etc/raddb/sites-enabled/default
(8)   authorize {
(8)   filter_username filter_username {
(8)     if (!&User-Name) 
(8)     if (!&User-Name)  -> FALSE
(8)     if (&User-Name =~ / /) 
(8)     if (&User-Name =~ / /)  -> FALSE
(8)     if (&User-Name =~ /@.*@/ ) 
(8)     if (&User-Name =~ /@.*@/ )  -> FALSE
(8)     if (&User-Name =~ /\\.\\./ ) 
(8)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(8)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(8)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(8)     if (&User-Name =~ /\\.$/)  
(8)     if (&User-Name =~ /\\.$/)   -> FALSE
(8)     if (&User-Name =~ /@\\./)  
(8)     if (&User-Name =~ /@\\./)   -> FALSE
(8)   } # filter_username filter_username = notfound
(8)   [preprocess] = ok
(8)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(8)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(8)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(8)  auth_log : EXPAND %t
(8)  auth_log :    --> Wed Feb 14 20:03:40 2018
(8)   [auth_log] = ok
(8)   [chap] = noop
(8)   [mschap] = noop
(8)   [digest] = noop
(8)   [wimax] = noop
(8)  suffix : Checking for suffix after "@"
(8)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(8)  suffix : No such realm "NULL"
(8)   [suffix] = noop
(8)  eap : No EAP-Message, not doing EAP
(8)   [eap] = noop
(8)  files : users: Matched entry dummy at line 159
(8)   [files] = ok
(8)   [expiration] = noop
(8)   [logintime] = noop
(8)   [pap] = updated
(8)  } #  authorize = updated
(8) Found Auth-Type = PAP
(8) # Executing group from file /etc/raddb/sites-enabled/default
(8)  Auth-Type PAP {
(8)  pap : Login attempt with password
(8)  pap : User authenticated successfully
(8)   [pap] = ok
(8)  } # Auth-Type PAP = ok
(8) Login OK: [dummy] (from client BS1 port 0)
(8) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(8)   post-auth {
(8)   [exec] = noop
(8)   update reply {
(8) 	Session-Timeout := 1800
(8)   } # update reply = noop
(8)   remove_reply_message_if_eap remove_reply_message_if_eap {
(8)     if (&reply:EAP-Message && &reply:Reply-Message) 
(8)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(8)    else else {
(8)     [noop] = noop
(8)    } # else else = noop
(8)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(8)  } #  post-auth = noop
(8) Sending Access-Accept packet to host 192.168.99.121 port 49210, id=1, length=0
(8) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.121:49210
	Session-Timeout := 1800
(8) Finished request
Waking up in 0.3 seconds.
Waking up in 4.6 seconds.
Received Access-Request Id 1 from 192.168.99.123:49286 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(9) Received Access-Request packet from host 192.168.99.123 port 49286, id=1, length=49
(9) 	NAS-Identifier = 'BS'
(9) 	User-Name = 'dummy'
(9) 	User-Password = '*PASSWORD*'
(9) # Executing section authorize from file /etc/raddb/sites-enabled/default
(9)   authorize {
(9)   filter_username filter_username {
(9)     if (!&User-Name) 
(9)     if (!&User-Name)  -> FALSE
(9)     if (&User-Name =~ / /) 
(9)     if (&User-Name =~ / /)  -> FALSE
(9)     if (&User-Name =~ /@.*@/ ) 
(9)     if (&User-Name =~ /@.*@/ )  -> FALSE
(9)     if (&User-Name =~ /\\.\\./ ) 
(9)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(9)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(9)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(9)     if (&User-Name =~ /\\.$/)  
(9)     if (&User-Name =~ /\\.$/)   -> FALSE
(9)     if (&User-Name =~ /@\\./)  
(9)     if (&User-Name =~ /@\\./)   -> FALSE
(9)   } # filter_username filter_username = notfound
(9)   [preprocess] = ok
(9)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(9)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(9)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(9)  auth_log : EXPAND %t
(9)  auth_log :    --> Wed Feb 14 20:03:44 2018
(9)   [auth_log] = ok
(9)   [chap] = noop
(9)   [mschap] = noop
(9)   [digest] = noop
(9)   [wimax] = noop
(9)  suffix : Checking for suffix after "@"
(9)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(9)  suffix : No such realm "NULL"
(9)   [suffix] = noop
(9)  eap : No EAP-Message, not doing EAP
(9)   [eap] = noop
(9)  files : users: Matched entry dummy at line 159
(9)   [files] = ok
(9)   [expiration] = noop
(9)   [logintime] = noop
(9)   [pap] = updated
(9)  } #  authorize = updated
(9) Found Auth-Type = PAP
(9) # Executing group from file /etc/raddb/sites-enabled/default
(9)  Auth-Type PAP {
(9)  pap : Login attempt with password
(9)  pap : User authenticated successfully
(9)   [pap] = ok
(9)  } # Auth-Type PAP = ok
(9) Login OK: [dummy] (from client BS3 port 0)
(9) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(9)   post-auth {
(9)   [exec] = noop
(9)   update reply {
(9) 	Session-Timeout := 1800
(9)   } # update reply = noop
(9)   remove_reply_message_if_eap remove_reply_message_if_eap {
(9)     if (&reply:EAP-Message && &reply:Reply-Message) 
(9)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(9)    else else {
(9)     [noop] = noop
(9)    } # else else = noop
(9)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(9)  } #  post-auth = noop
(9) Sending Access-Accept packet to host 192.168.99.123 port 49286, id=1, length=0
(9) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.123:49286
	Session-Timeout := 1800
(9) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 1 from 192.168.99.124:49285 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(10) Received Access-Request packet from host 192.168.99.124 port 49285, id=1, length=49
(10) 	NAS-Identifier = 'BS'
(10) 	User-Name = 'dummy'
(10) 	User-Password = '*PASSWORD*'
(10) # Executing section authorize from file /etc/raddb/sites-enabled/default
(10)   authorize {
(10)   filter_username filter_username {
(10)     if (!&User-Name) 
(10)     if (!&User-Name)  -> FALSE
(10)     if (&User-Name =~ / /) 
(10)     if (&User-Name =~ / /)  -> FALSE
(10)     if (&User-Name =~ /@.*@/ ) 
(10)     if (&User-Name =~ /@.*@/ )  -> FALSE
(10)     if (&User-Name =~ /\\.\\./ ) 
(10)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(10)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(10)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(10)     if (&User-Name =~ /\\.$/)  
(10)     if (&User-Name =~ /\\.$/)   -> FALSE
(10)     if (&User-Name =~ /@\\./)  
(10)     if (&User-Name =~ /@\\./)   -> FALSE
(10)   } # filter_username filter_username = notfound
(10)   [preprocess] = ok
(10)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(10)  auth_log :    --> /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(10)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(10)  auth_log : EXPAND %t
(10)  auth_log :    --> Wed Feb 14 20:03:44 2018
(10)   [auth_log] = ok
(10)   [chap] = noop
(10)   [mschap] = noop
(10)   [digest] = noop
(10)   [wimax] = noop
(10)  suffix : Checking for suffix after "@"
(10)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(10)  suffix : No such realm "NULL"
(10)   [suffix] = noop
(10)  eap : No EAP-Message, not doing EAP
(10)   [eap] = noop
(10)  files : users: Matched entry dummy at line 159
(10)   [files] = ok
(10)   [expiration] = noop
(10)   [logintime] = noop
(10)   [pap] = updated
(10)  } #  authorize = updated
(10) Found Auth-Type = PAP
(10) # Executing group from file /etc/raddb/sites-enabled/default
(10)  Auth-Type PAP {
(10)  pap : Login attempt with password
(10)  pap : User authenticated successfully
(10)   [pap] = ok
(10)  } # Auth-Type PAP = ok
(10) Login OK: [dummy] (from client BS4 port 0)
(10) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(10)   post-auth {
(10)   [exec] = noop
(10)   update reply {
(10) 	Session-Timeout := 1800
(10)   } # update reply = noop
(10)   remove_reply_message_if_eap remove_reply_message_if_eap {
(10)     if (&reply:EAP-Message && &reply:Reply-Message) 
(10)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(10)    else else {
(10)     [noop] = noop
(10)    } # else else = noop
(10)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(10)  } #  post-auth = noop
(10) Sending Access-Accept packet to host 192.168.99.124 port 49285, id=1, length=0
(10) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.124:49285
	Session-Timeout := 1800
(10) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 1 from 192.168.99.122:49321 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(11) Received Access-Request packet from host 192.168.99.122 port 49321, id=1, length=49
(11) 	NAS-Identifier = 'BS'
(11) 	User-Name = 'dummy'
(11) 	User-Password = '*PASSWORD*'
(11) # Executing section authorize from file /etc/raddb/sites-enabled/default
(11)   authorize {
(11)   filter_username filter_username {
(11)     if (!&User-Name) 
(11)     if (!&User-Name)  -> FALSE
(11)     if (&User-Name =~ / /) 
(11)     if (&User-Name =~ / /)  -> FALSE
(11)     if (&User-Name =~ /@.*@/ ) 
(11)     if (&User-Name =~ /@.*@/ )  -> FALSE
(11)     if (&User-Name =~ /\\.\\./ ) 
(11)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(11)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(11)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(11)     if (&User-Name =~ /\\.$/)  
(11)     if (&User-Name =~ /\\.$/)   -> FALSE
(11)     if (&User-Name =~ /@\\./)  
(11)     if (&User-Name =~ /@\\./)   -> FALSE
(11)   } # filter_username filter_username = notfound
(11)   [preprocess] = ok
(11)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(11)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(11)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(11)  auth_log : EXPAND %t
(11)  auth_log :    --> Wed Feb 14 20:03:44 2018
(11)   [auth_log] = ok
(11)   [chap] = noop
(11)   [mschap] = noop
(11)   [digest] = noop
(11)   [wimax] = noop
(11)  suffix : Checking for suffix after "@"
(11)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(11)  suffix : No such realm "NULL"
(11)   [suffix] = noop
(11)  eap : No EAP-Message, not doing EAP
(11)   [eap] = noop
(11)  files : users: Matched entry dummy at line 159
(11)   [files] = ok
(11)   [expiration] = noop
(11)   [logintime] = noop
(11)   [pap] = updated
(11)  } #  authorize = updated
(11) Found Auth-Type = PAP
(11) # Executing group from file /etc/raddb/sites-enabled/default
(11)  Auth-Type PAP {
(11)  pap : Login attempt with password
(11)  pap : User authenticated successfully
(11)   [pap] = ok
(11)  } # Auth-Type PAP = ok
(11) Login OK: [dummy] (from client BS2 port 0)
(11) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(11)   post-auth {
(11)   [exec] = noop
(11)   update reply {
(11) 	Session-Timeout := 1800
(11)   } # update reply = noop
(11)   remove_reply_message_if_eap remove_reply_message_if_eap {
(11)     if (&reply:EAP-Message && &reply:Reply-Message) 
(11)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(11)    else else {
(11)     [noop] = noop
(11)    } # else else = noop
(11)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(11)  } #  post-auth = noop
(11) Sending Access-Accept packet to host 192.168.99.122 port 49321, id=1, length=0
(11) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.122:49321
	Session-Timeout := 1800
(11) Finished request
Waking up in 0.2 seconds.
Waking up in 0.5 seconds.
(8) Cleaning up request packet ID 1 with timestamp +24
Waking up in 3.8 seconds.
(9) Cleaning up request packet ID 1 with timestamp +28
(10) Cleaning up request packet ID 1 with timestamp +28
Waking up in 0.2 seconds.
(11) Cleaning up request packet ID 1 with timestamp +28
Ready to process requests
Received Access-Request Id 1 from 192.168.99.121:49210 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(12) Received Access-Request packet from host 192.168.99.121 port 49210, id=1, length=49
(12) 	NAS-Identifier = 'BS'
(12) 	User-Name = 'dummy'
(12) 	User-Password = '*PASSWORD*'
(12) # Executing section authorize from file /etc/raddb/sites-enabled/default
(12)   authorize {
(12)   filter_username filter_username {
(12)     if (!&User-Name) 
(12)     if (!&User-Name)  -> FALSE
(12)     if (&User-Name =~ / /) 
(12)     if (&User-Name =~ / /)  -> FALSE
(12)     if (&User-Name =~ /@.*@/ ) 
(12)     if (&User-Name =~ /@.*@/ )  -> FALSE
(12)     if (&User-Name =~ /\\.\\./ ) 
(12)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(12)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(12)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(12)     if (&User-Name =~ /\\.$/)  
(12)     if (&User-Name =~ /\\.$/)   -> FALSE
(12)     if (&User-Name =~ /@\\./)  
(12)     if (&User-Name =~ /@\\./)   -> FALSE
(12)   } # filter_username filter_username = notfound
(12)   [preprocess] = ok
(12)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(12)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(12)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(12)  auth_log : EXPAND %t
(12)  auth_log :    --> Wed Feb 14 20:03:50 2018
(12)   [auth_log] = ok
(12)   [chap] = noop
(12)   [mschap] = noop
(12)   [digest] = noop
(12)   [wimax] = noop
(12)  suffix : Checking for suffix after "@"
(12)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(12)  suffix : No such realm "NULL"
(12)   [suffix] = noop
(12)  eap : No EAP-Message, not doing EAP
(12)   [eap] = noop
(12)  files : users: Matched entry dummy at line 159
(12)   [files] = ok
(12)   [expiration] = noop
(12)   [logintime] = noop
(12)   [pap] = updated
(12)  } #  authorize = updated
(12) Found Auth-Type = PAP
(12) # Executing group from file /etc/raddb/sites-enabled/default
(12)  Auth-Type PAP {
(12)  pap : Login attempt with password
(12)  pap : User authenticated successfully
(12)   [pap] = ok
(12)  } # Auth-Type PAP = ok
(12) Login OK: [dummy] (from client BS1 port 0)
(12) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(12)   post-auth {
(12)   [exec] = noop
(12)   update reply {
(12) 	Session-Timeout := 1800
(12)   } # update reply = noop
(12)   remove_reply_message_if_eap remove_reply_message_if_eap {
(12)     if (&reply:EAP-Message && &reply:Reply-Message) 
(12)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(12)    else else {
(12)     [noop] = noop
(12)    } # else else = noop
(12)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(12)  } #  post-auth = noop
(12) Sending Access-Accept packet to host 192.168.99.121 port 49210, id=1, length=0
(12) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.121:49210
	Session-Timeout := 1800
(12) Finished request
Waking up in 0.3 seconds.
Waking up in 4.6 seconds.
Received Access-Request Id 1 from 192.168.99.123:49286 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(13) Received Access-Request packet from host 192.168.99.123 port 49286, id=1, length=49
(13) 	NAS-Identifier = 'BS'
(13) 	User-Name = 'dummy'
(13) 	User-Password = '*PASSWORD*'
(13) # Executing section authorize from file /etc/raddb/sites-enabled/default
(13)   authorize {
(13)   filter_username filter_username {
(13)     if (!&User-Name) 
(13)     if (!&User-Name)  -> FALSE
(13)     if (&User-Name =~ / /) 
(13)     if (&User-Name =~ / /)  -> FALSE
(13)     if (&User-Name =~ /@.*@/ ) 
(13)     if (&User-Name =~ /@.*@/ )  -> FALSE
(13)     if (&User-Name =~ /\\.\\./ ) 
(13)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(13)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(13)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(13)     if (&User-Name =~ /\\.$/)  
(13)     if (&User-Name =~ /\\.$/)   -> FALSE
(13)     if (&User-Name =~ /@\\./)  
(13)     if (&User-Name =~ /@\\./)   -> FALSE
(13)   } # filter_username filter_username = notfound
(13)   [preprocess] = ok
(13)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(13)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(13)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(13)  auth_log : EXPAND %t
(13)  auth_log :    --> Wed Feb 14 20:03:54 2018
(13)   [auth_log] = ok
(13)   [chap] = noop
(13)   [mschap] = noop
(13)   [digest] = noop
(13)   [wimax] = noop
(13)  suffix : Checking for suffix after "@"
(13)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(13)  suffix : No such realm "NULL"
(13)   [suffix] = noop
(13)  eap : No EAP-Message, not doing EAP
(13)   [eap] = noop
(13)  files : users: Matched entry dummy at line 159
(13)   [files] = ok
(13)   [expiration] = noop
(13)   [logintime] = noop
(13)   [pap] = updated
(13)  } #  authorize = updated
(13) Found Auth-Type = PAP
(13) # Executing group from file /etc/raddb/sites-enabled/default
(13)  Auth-Type PAP {
(13)  pap : Login attempt with password
(13)  pap : User authenticated successfully
(13)   [pap] = ok
(13)  } # Auth-Type PAP = ok
(13) Login OK: [dummy] (from client BS3 port 0)
(13) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(13)   post-auth {
(13)   [exec] = noop
(13)   update reply {
(13) 	Session-Timeout := 1800
(13)   } # update reply = noop
(13)   remove_reply_message_if_eap remove_reply_message_if_eap {
(13)     if (&reply:EAP-Message && &reply:Reply-Message) 
(13)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(13)    else else {
(13)     [noop] = noop
(13)    } # else else = noop
(13)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(13)  } #  post-auth = noop
(13) Sending Access-Accept packet to host 192.168.99.123 port 49286, id=1, length=0
(13) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.123:49286
	Session-Timeout := 1800
(13) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 1 from 192.168.99.124:49285 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(14) Received Access-Request packet from host 192.168.99.124 port 49285, id=1, length=49
(14) 	NAS-Identifier = 'BS'
(14) 	User-Name = 'dummy'
(14) 	User-Password = '*PASSWORD*'
(14) # Executing section authorize from file /etc/raddb/sites-enabled/default
(14)   authorize {
(14)   filter_username filter_username {
(14)     if (!&User-Name) 
(14)     if (!&User-Name)  -> FALSE
(14)     if (&User-Name =~ / /) 
(14)     if (&User-Name =~ / /)  -> FALSE
(14)     if (&User-Name =~ /@.*@/ ) 
(14)     if (&User-Name =~ /@.*@/ )  -> FALSE
(14)     if (&User-Name =~ /\\.\\./ ) 
(14)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(14)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(14)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(14)     if (&User-Name =~ /\\.$/)  
(14)     if (&User-Name =~ /\\.$/)   -> FALSE
(14)     if (&User-Name =~ /@\\./)  
(14)     if (&User-Name =~ /@\\./)   -> FALSE
(14)   } # filter_username filter_username = notfound
(14)   [preprocess] = ok
(14)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(14)  auth_log :    --> /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(14)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(14)  auth_log : EXPAND %t
(14)  auth_log :    --> Wed Feb 14 20:03:54 2018
(14)   [auth_log] = ok
(14)   [chap] = noop
(14)   [mschap] = noop
(14)   [digest] = noop
(14)   [wimax] = noop
(14)  suffix : Checking for suffix after "@"
(14)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(14)  suffix : No such realm "NULL"
(14)   [suffix] = noop
(14)  eap : No EAP-Message, not doing EAP
(14)   [eap] = noop
(14)  files : users: Matched entry dummy at line 159
(14)   [files] = ok
(14)   [expiration] = noop
(14)   [logintime] = noop
(14)   [pap] = updated
(14)  } #  authorize = updated
(14) Found Auth-Type = PAP
(14) # Executing group from file /etc/raddb/sites-enabled/default
(14)  Auth-Type PAP {
(14)  pap : Login attempt with password
(14)  pap : User authenticated successfully
(14)   [pap] = ok
(14)  } # Auth-Type PAP = ok
(14) Login OK: [dummy] (from client BS4 port 0)
(14) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(14)   post-auth {
(14)   [exec] = noop
(14)   update reply {
(14) 	Session-Timeout := 1800
(14)   } # update reply = noop
(14)   remove_reply_message_if_eap remove_reply_message_if_eap {
(14)     if (&reply:EAP-Message && &reply:Reply-Message) 
(14)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(14)    else else {
(14)     [noop] = noop
(14)    } # else else = noop
(14)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(14)  } #  post-auth = noop
(14) Sending Access-Accept packet to host 192.168.99.124 port 49285, id=1, length=0
(14) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.124:49285
	Session-Timeout := 1800
(14) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 1 from 192.168.99.122:49321 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(15) Received Access-Request packet from host 192.168.99.122 port 49321, id=1, length=49
(15) 	NAS-Identifier = 'BS'
(15) 	User-Name = 'dummy'
(15) 	User-Password = '*PASSWORD*'
(15) # Executing section authorize from file /etc/raddb/sites-enabled/default
(15)   authorize {
(15)   filter_username filter_username {
(15)     if (!&User-Name) 
(15)     if (!&User-Name)  -> FALSE
(15)     if (&User-Name =~ / /) 
(15)     if (&User-Name =~ / /)  -> FALSE
(15)     if (&User-Name =~ /@.*@/ ) 
(15)     if (&User-Name =~ /@.*@/ )  -> FALSE
(15)     if (&User-Name =~ /\\.\\./ ) 
(15)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(15)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(15)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(15)     if (&User-Name =~ /\\.$/)  
(15)     if (&User-Name =~ /\\.$/)   -> FALSE
(15)     if (&User-Name =~ /@\\./)  
(15)     if (&User-Name =~ /@\\./)   -> FALSE
(15)   } # filter_username filter_username = notfound
(15)   [preprocess] = ok
(15)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(15)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(15)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(15)  auth_log : EXPAND %t
(15)  auth_log :    --> Wed Feb 14 20:03:54 2018
(15)   [auth_log] = ok
(15)   [chap] = noop
(15)   [mschap] = noop
(15)   [digest] = noop
(15)   [wimax] = noop
(15)  suffix : Checking for suffix after "@"
(15)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(15)  suffix : No such realm "NULL"
(15)   [suffix] = noop
(15)  eap : No EAP-Message, not doing EAP
(15)   [eap] = noop
(15)  files : users: Matched entry dummy at line 159
(15)   [files] = ok
(15)   [expiration] = noop
(15)   [logintime] = noop
(15)   [pap] = updated
(15)  } #  authorize = updated
(15) Found Auth-Type = PAP
(15) # Executing group from file /etc/raddb/sites-enabled/default
(15)  Auth-Type PAP {
(15)  pap : Login attempt with password
(15)  pap : User authenticated successfully
(15)   [pap] = ok
(15)  } # Auth-Type PAP = ok
(15) Login OK: [dummy] (from client BS2 port 0)
(15) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(15)   post-auth {
(15)   [exec] = noop
(15)   update reply {
(15) 	Session-Timeout := 1800
(15)   } # update reply = noop
(15)   remove_reply_message_if_eap remove_reply_message_if_eap {
(15)     if (&reply:EAP-Message && &reply:Reply-Message) 
(15)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(15)    else else {
(15)     [noop] = noop
(15)    } # else else = noop
(15)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(15)  } #  post-auth = noop
(15) Sending Access-Accept packet to host 192.168.99.122 port 49321, id=1, length=0
(15) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.122:49321
	Session-Timeout := 1800
(15) Finished request
Waking up in 0.2 seconds.
Waking up in 0.5 seconds.
(12) Cleaning up request packet ID 1 with timestamp +34
Waking up in 3.8 seconds.
(13) Cleaning up request packet ID 1 with timestamp +38
(14) Cleaning up request packet ID 1 with timestamp +38
Waking up in 0.2 seconds.
(15) Cleaning up request packet ID 1 with timestamp +38
Ready to process requests
Received Access-Request Id 1 from 192.168.99.121:49210 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(16) Received Access-Request packet from host 192.168.99.121 port 49210, id=1, length=49
(16) 	NAS-Identifier = 'BS'
(16) 	User-Name = 'dummy'
(16) 	User-Password = '*PASSWORD*'
(16) # Executing section authorize from file /etc/raddb/sites-enabled/default
(16)   authorize {
(16)   filter_username filter_username {
(16)     if (!&User-Name) 
(16)     if (!&User-Name)  -> FALSE
(16)     if (&User-Name =~ / /) 
(16)     if (&User-Name =~ / /)  -> FALSE
(16)     if (&User-Name =~ /@.*@/ ) 
(16)     if (&User-Name =~ /@.*@/ )  -> FALSE
(16)     if (&User-Name =~ /\\.\\./ ) 
(16)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(16)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(16)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(16)     if (&User-Name =~ /\\.$/)  
(16)     if (&User-Name =~ /\\.$/)   -> FALSE
(16)     if (&User-Name =~ /@\\./)  
(16)     if (&User-Name =~ /@\\./)   -> FALSE
(16)   } # filter_username filter_username = notfound
(16)   [preprocess] = ok
(16)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(16)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(16)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(16)  auth_log : EXPAND %t
(16)  auth_log :    --> Wed Feb 14 20:04:00 2018
(16)   [auth_log] = ok
(16)   [chap] = noop
(16)   [mschap] = noop
(16)   [digest] = noop
(16)   [wimax] = noop
(16)  suffix : Checking for suffix after "@"
(16)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(16)  suffix : No such realm "NULL"
(16)   [suffix] = noop
(16)  eap : No EAP-Message, not doing EAP
(16)   [eap] = noop
(16)  files : users: Matched entry dummy at line 159
(16)   [files] = ok
(16)   [expiration] = noop
(16)   [logintime] = noop
(16)   [pap] = updated
(16)  } #  authorize = updated
(16) Found Auth-Type = PAP
(16) # Executing group from file /etc/raddb/sites-enabled/default
(16)  Auth-Type PAP {
(16)  pap : Login attempt with password
(16)  pap : User authenticated successfully
(16)   [pap] = ok
(16)  } # Auth-Type PAP = ok
(16) Login OK: [dummy] (from client BS1 port 0)
(16) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(16)   post-auth {
(16)   [exec] = noop
(16)   update reply {
(16) 	Session-Timeout := 1800
(16)   } # update reply = noop
(16)   remove_reply_message_if_eap remove_reply_message_if_eap {
(16)     if (&reply:EAP-Message && &reply:Reply-Message) 
(16)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(16)    else else {
(16)     [noop] = noop
(16)    } # else else = noop
(16)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(16)  } #  post-auth = noop
(16) Sending Access-Accept packet to host 192.168.99.121 port 49210, id=1, length=0
(16) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.121:49210
	Session-Timeout := 1800
(16) Finished request
Waking up in 0.3 seconds.
Waking up in 4.6 seconds.
Received Access-Request Id 1 from 192.168.99.123:49286 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(17) Received Access-Request packet from host 192.168.99.123 port 49286, id=1, length=49
(17) 	NAS-Identifier = 'BS'
(17) 	User-Name = 'dummy'
(17) 	User-Password = '*PASSWORD*'
(17) # Executing section authorize from file /etc/raddb/sites-enabled/default
(17)   authorize {
(17)   filter_username filter_username {
(17)     if (!&User-Name) 
(17)     if (!&User-Name)  -> FALSE
(17)     if (&User-Name =~ / /) 
(17)     if (&User-Name =~ / /)  -> FALSE
(17)     if (&User-Name =~ /@.*@/ ) 
(17)     if (&User-Name =~ /@.*@/ )  -> FALSE
(17)     if (&User-Name =~ /\\.\\./ ) 
(17)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(17)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(17)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(17)     if (&User-Name =~ /\\.$/)  
(17)     if (&User-Name =~ /\\.$/)   -> FALSE
(17)     if (&User-Name =~ /@\\./)  
(17)     if (&User-Name =~ /@\\./)   -> FALSE
(17)   } # filter_username filter_username = notfound
(17)   [preprocess] = ok
(17)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(17)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(17)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(17)  auth_log : EXPAND %t
(17)  auth_log :    --> Wed Feb 14 20:04:04 2018
(17)   [auth_log] = ok
(17)   [chap] = noop
(17)   [mschap] = noop
(17)   [digest] = noop
(17)   [wimax] = noop
(17)  suffix : Checking for suffix after "@"
(17)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(17)  suffix : No such realm "NULL"
(17)   [suffix] = noop
(17)  eap : No EAP-Message, not doing EAP
(17)   [eap] = noop
(17)  files : users: Matched entry dummy at line 159
(17)   [files] = ok
(17)   [expiration] = noop
(17)   [logintime] = noop
(17)   [pap] = updated
(17)  } #  authorize = updated
(17) Found Auth-Type = PAP
(17) # Executing group from file /etc/raddb/sites-enabled/default
(17)  Auth-Type PAP {
(17)  pap : Login attempt with password
(17)  pap : User authenticated successfully
(17)   [pap] = ok
(17)  } # Auth-Type PAP = ok
(17) Login OK: [dummy] (from client BS3 port 0)
(17) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(17)   post-auth {
(17)   [exec] = noop
(17)   update reply {
(17) 	Session-Timeout := 1800
(17)   } # update reply = noop
(17)   remove_reply_message_if_eap remove_reply_message_if_eap {
(17)     if (&reply:EAP-Message && &reply:Reply-Message) 
(17)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(17)    else else {
(17)     [noop] = noop
(17)    } # else else = noop
(17)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(17)  } #  post-auth = noop
(17) Sending Access-Accept packet to host 192.168.99.123 port 49286, id=1, length=0
(17) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.123:49286
	Session-Timeout := 1800
(17) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 1 from 192.168.99.124:49285 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(18) Received Access-Request packet from host 192.168.99.124 port 49285, id=1, length=49
(18) 	NAS-Identifier = 'BS'
(18) 	User-Name = 'dummy'
(18) 	User-Password = '*PASSWORD*'
(18) # Executing section authorize from file /etc/raddb/sites-enabled/default
(18)   authorize {
(18)   filter_username filter_username {
(18)     if (!&User-Name) 
(18)     if (!&User-Name)  -> FALSE
(18)     if (&User-Name =~ / /) 
(18)     if (&User-Name =~ / /)  -> FALSE
(18)     if (&User-Name =~ /@.*@/ ) 
(18)     if (&User-Name =~ /@.*@/ )  -> FALSE
(18)     if (&User-Name =~ /\\.\\./ ) 
(18)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(18)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(18)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(18)     if (&User-Name =~ /\\.$/)  
(18)     if (&User-Name =~ /\\.$/)   -> FALSE
(18)     if (&User-Name =~ /@\\./)  
(18)     if (&User-Name =~ /@\\./)   -> FALSE
(18)   } # filter_username filter_username = notfound
(18)   [preprocess] = ok
(18)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(18)  auth_log :    --> /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(18)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(18)  auth_log : EXPAND %t
(18)  auth_log :    --> Wed Feb 14 20:04:04 2018
(18)   [auth_log] = ok
(18)   [chap] = noop
(18)   [mschap] = noop
(18)   [digest] = noop
(18)   [wimax] = noop
(18)  suffix : Checking for suffix after "@"
(18)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(18)  suffix : No such realm "NULL"
(18)   [suffix] = noop
(18)  eap : No EAP-Message, not doing EAP
(18)   [eap] = noop
(18)  files : users: Matched entry dummy at line 159
(18)   [files] = ok
(18)   [expiration] = noop
(18)   [logintime] = noop
(18)   [pap] = updated
(18)  } #  authorize = updated
(18) Found Auth-Type = PAP
(18) # Executing group from file /etc/raddb/sites-enabled/default
(18)  Auth-Type PAP {
(18)  pap : Login attempt with password
(18)  pap : User authenticated successfully
(18)   [pap] = ok
(18)  } # Auth-Type PAP = ok
(18) Login OK: [dummy] (from client BS4 port 0)
(18) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(18)   post-auth {
(18)   [exec] = noop
(18)   update reply {
(18) 	Session-Timeout := 1800
(18)   } # update reply = noop
(18)   remove_reply_message_if_eap remove_reply_message_if_eap {
(18)     if (&reply:EAP-Message && &reply:Reply-Message) 
(18)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(18)    else else {
(18)     [noop] = noop
(18)    } # else else = noop
(18)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(18)  } #  post-auth = noop
(18) Sending Access-Accept packet to host 192.168.99.124 port 49285, id=1, length=0
(18) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.124:49285
	Session-Timeout := 1800
(18) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 1 from 192.168.99.122:49321 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(19) Received Access-Request packet from host 192.168.99.122 port 49321, id=1, length=49
(19) 	NAS-Identifier = 'BS'
(19) 	User-Name = 'dummy'
(19) 	User-Password = '*PASSWORD*'
(19) # Executing section authorize from file /etc/raddb/sites-enabled/default
(19)   authorize {
(19)   filter_username filter_username {
(19)     if (!&User-Name) 
(19)     if (!&User-Name)  -> FALSE
(19)     if (&User-Name =~ / /) 
(19)     if (&User-Name =~ / /)  -> FALSE
(19)     if (&User-Name =~ /@.*@/ ) 
(19)     if (&User-Name =~ /@.*@/ )  -> FALSE
(19)     if (&User-Name =~ /\\.\\./ ) 
(19)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(19)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(19)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(19)     if (&User-Name =~ /\\.$/)  
(19)     if (&User-Name =~ /\\.$/)   -> FALSE
(19)     if (&User-Name =~ /@\\./)  
(19)     if (&User-Name =~ /@\\./)   -> FALSE
(19)   } # filter_username filter_username = notfound
(19)   [preprocess] = ok
(19)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(19)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(19)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(19)  auth_log : EXPAND %t
(19)  auth_log :    --> Wed Feb 14 20:04:04 2018
(19)   [auth_log] = ok
(19)   [chap] = noop
(19)   [mschap] = noop
(19)   [digest] = noop
(19)   [wimax] = noop
(19)  suffix : Checking for suffix after "@"
(19)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(19)  suffix : No such realm "NULL"
(19)   [suffix] = noop
(19)  eap : No EAP-Message, not doing EAP
(19)   [eap] = noop
(19)  files : users: Matched entry dummy at line 159
(19)   [files] = ok
(19)   [expiration] = noop
(19)   [logintime] = noop
(19)   [pap] = updated
(19)  } #  authorize = updated
(19) Found Auth-Type = PAP
(19) # Executing group from file /etc/raddb/sites-enabled/default
(19)  Auth-Type PAP {
(19)  pap : Login attempt with password
(19)  pap : User authenticated successfully
(19)   [pap] = ok
(19)  } # Auth-Type PAP = ok
(19) Login OK: [dummy] (from client BS2 port 0)
(19) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(19)   post-auth {
(19)   [exec] = noop
(19)   update reply {
(19) 	Session-Timeout := 1800
(19)   } # update reply = noop
(19)   remove_reply_message_if_eap remove_reply_message_if_eap {
(19)     if (&reply:EAP-Message && &reply:Reply-Message) 
(19)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(19)    else else {
(19)     [noop] = noop
(19)    } # else else = noop
(19)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(19)  } #  post-auth = noop
(19) Sending Access-Accept packet to host 192.168.99.122 port 49321, id=1, length=0
(19) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.122:49321
	Session-Timeout := 1800
(19) Finished request
Waking up in 0.2 seconds.
Waking up in 0.5 seconds.
(16) Cleaning up request packet ID 1 with timestamp +44
Waking up in 3.8 seconds.
(17) Cleaning up request packet ID 1 with timestamp +48
(18) Cleaning up request packet ID 1 with timestamp +48
Waking up in 0.2 seconds.
(19) Cleaning up request packet ID 1 with timestamp +48
Ready to process requests
Received Access-Request Id 1 from 192.168.99.121:49210 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(20) Received Access-Request packet from host 192.168.99.121 port 49210, id=1, length=49
(20) 	NAS-Identifier = 'BS'
(20) 	User-Name = 'dummy'
(20) 	User-Password = '*PASSWORD*'
(20) # Executing section authorize from file /etc/raddb/sites-enabled/default
(20)   authorize {
(20)   filter_username filter_username {
(20)     if (!&User-Name) 
(20)     if (!&User-Name)  -> FALSE
(20)     if (&User-Name =~ / /) 
(20)     if (&User-Name =~ / /)  -> FALSE
(20)     if (&User-Name =~ /@.*@/ ) 
(20)     if (&User-Name =~ /@.*@/ )  -> FALSE
(20)     if (&User-Name =~ /\\.\\./ ) 
(20)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(20)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(20)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(20)     if (&User-Name =~ /\\.$/)  
(20)     if (&User-Name =~ /\\.$/)   -> FALSE
(20)     if (&User-Name =~ /@\\./)  
(20)     if (&User-Name =~ /@\\./)   -> FALSE
(20)   } # filter_username filter_username = notfound
(20)   [preprocess] = ok
(20)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(20)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(20)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(20)  auth_log : EXPAND %t
(20)  auth_log :    --> Wed Feb 14 20:04:10 2018
(20)   [auth_log] = ok
(20)   [chap] = noop
(20)   [mschap] = noop
(20)   [digest] = noop
(20)   [wimax] = noop
(20)  suffix : Checking for suffix after "@"
(20)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(20)  suffix : No such realm "NULL"
(20)   [suffix] = noop
(20)  eap : No EAP-Message, not doing EAP
(20)   [eap] = noop
(20)  files : users: Matched entry dummy at line 159
(20)   [files] = ok
(20)   [expiration] = noop
(20)   [logintime] = noop
(20)   [pap] = updated
(20)  } #  authorize = updated
(20) Found Auth-Type = PAP
(20) # Executing group from file /etc/raddb/sites-enabled/default
(20)  Auth-Type PAP {
(20)  pap : Login attempt with password
(20)  pap : User authenticated successfully
(20)   [pap] = ok
(20)  } # Auth-Type PAP = ok
(20) Login OK: [dummy] (from client BS1 port 0)
(20) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(20)   post-auth {
(20)   [exec] = noop
(20)   update reply {
(20) 	Session-Timeout := 1800
(20)   } # update reply = noop
(20)   remove_reply_message_if_eap remove_reply_message_if_eap {
(20)     if (&reply:EAP-Message && &reply:Reply-Message) 
(20)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(20)    else else {
(20)     [noop] = noop
(20)    } # else else = noop
(20)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(20)  } #  post-auth = noop
(20) Sending Access-Accept packet to host 192.168.99.121 port 49210, id=1, length=0
(20) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.121:49210
	Session-Timeout := 1800
(20) Finished request
Waking up in 0.3 seconds.
Waking up in 4.6 seconds.
Received Access-Request Id 1 from 192.168.99.123:49286 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(21) Received Access-Request packet from host 192.168.99.123 port 49286, id=1, length=49
(21) 	NAS-Identifier = 'BS'
(21) 	User-Name = 'dummy'
(21) 	User-Password = '*PASSWORD*'
(21) # Executing section authorize from file /etc/raddb/sites-enabled/default
(21)   authorize {
(21)   filter_username filter_username {
(21)     if (!&User-Name) 
(21)     if (!&User-Name)  -> FALSE
(21)     if (&User-Name =~ / /) 
(21)     if (&User-Name =~ / /)  -> FALSE
(21)     if (&User-Name =~ /@.*@/ ) 
(21)     if (&User-Name =~ /@.*@/ )  -> FALSE
(21)     if (&User-Name =~ /\\.\\./ ) 
(21)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(21)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(21)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(21)     if (&User-Name =~ /\\.$/)  
(21)     if (&User-Name =~ /\\.$/)   -> FALSE
(21)     if (&User-Name =~ /@\\./)  
(21)     if (&User-Name =~ /@\\./)   -> FALSE
(21)   } # filter_username filter_username = notfound
(21)   [preprocess] = ok
(21)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(21)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(21)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(21)  auth_log : EXPAND %t
(21)  auth_log :    --> Wed Feb 14 20:04:14 2018
(21)   [auth_log] = ok
(21)   [chap] = noop
(21)   [mschap] = noop
(21)   [digest] = noop
(21)   [wimax] = noop
(21)  suffix : Checking for suffix after "@"
(21)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(21)  suffix : No such realm "NULL"
(21)   [suffix] = noop
(21)  eap : No EAP-Message, not doing EAP
(21)   [eap] = noop
(21)  files : users: Matched entry dummy at line 159
(21)   [files] = ok
(21)   [expiration] = noop
(21)   [logintime] = noop
(21)   [pap] = updated
(21)  } #  authorize = updated
(21) Found Auth-Type = PAP
(21) # Executing group from file /etc/raddb/sites-enabled/default
(21)  Auth-Type PAP {
(21)  pap : Login attempt with password
(21)  pap : User authenticated successfully
(21)   [pap] = ok
(21)  } # Auth-Type PAP = ok
(21) Login OK: [dummy] (from client BS3 port 0)
(21) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(21)   post-auth {
(21)   [exec] = noop
(21)   update reply {
(21) 	Session-Timeout := 1800
(21)   } # update reply = noop
(21)   remove_reply_message_if_eap remove_reply_message_if_eap {
(21)     if (&reply:EAP-Message && &reply:Reply-Message) 
(21)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(21)    else else {
(21)     [noop] = noop
(21)    } # else else = noop
(21)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(21)  } #  post-auth = noop
(21) Sending Access-Accept packet to host 192.168.99.123 port 49286, id=1, length=0
(21) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.123:49286
	Session-Timeout := 1800
(21) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 1 from 192.168.99.124:49285 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(22) Received Access-Request packet from host 192.168.99.124 port 49285, id=1, length=49
(22) 	NAS-Identifier = 'BS'
(22) 	User-Name = 'dummy'
(22) 	User-Password = '*PASSWORD*'
(22) # Executing section authorize from file /etc/raddb/sites-enabled/default
(22)   authorize {
(22)   filter_username filter_username {
(22)     if (!&User-Name) 
(22)     if (!&User-Name)  -> FALSE
(22)     if (&User-Name =~ / /) 
(22)     if (&User-Name =~ / /)  -> FALSE
(22)     if (&User-Name =~ /@.*@/ ) 
(22)     if (&User-Name =~ /@.*@/ )  -> FALSE
(22)     if (&User-Name =~ /\\.\\./ ) 
(22)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(22)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(22)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(22)     if (&User-Name =~ /\\.$/)  
(22)     if (&User-Name =~ /\\.$/)   -> FALSE
(22)     if (&User-Name =~ /@\\./)  
(22)     if (&User-Name =~ /@\\./)   -> FALSE
(22)   } # filter_username filter_username = notfound
(22)   [preprocess] = ok
(22)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(22)  auth_log :    --> /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(22)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(22)  auth_log : EXPAND %t
(22)  auth_log :    --> Wed Feb 14 20:04:14 2018
(22)   [auth_log] = ok
(22)   [chap] = noop
(22)   [mschap] = noop
(22)   [digest] = noop
(22)   [wimax] = noop
(22)  suffix : Checking for suffix after "@"
(22)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(22)  suffix : No such realm "NULL"
(22)   [suffix] = noop
(22)  eap : No EAP-Message, not doing EAP
(22)   [eap] = noop
(22)  files : users: Matched entry dummy at line 159
(22)   [files] = ok
(22)   [expiration] = noop
(22)   [logintime] = noop
(22)   [pap] = updated
(22)  } #  authorize = updated
(22) Found Auth-Type = PAP
(22) # Executing group from file /etc/raddb/sites-enabled/default
(22)  Auth-Type PAP {
(22)  pap : Login attempt with password
(22)  pap : User authenticated successfully
(22)   [pap] = ok
(22)  } # Auth-Type PAP = ok
(22) Login OK: [dummy] (from client BS4 port 0)
(22) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(22)   post-auth {
(22)   [exec] = noop
(22)   update reply {
(22) 	Session-Timeout := 1800
(22)   } # update reply = noop
(22)   remove_reply_message_if_eap remove_reply_message_if_eap {
(22)     if (&reply:EAP-Message && &reply:Reply-Message) 
(22)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(22)    else else {
(22)     [noop] = noop
(22)    } # else else = noop
(22)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(22)  } #  post-auth = noop
(22) Sending Access-Accept packet to host 192.168.99.124 port 49285, id=1, length=0
(22) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.124:49285
	Session-Timeout := 1800
(22) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 1 from 192.168.99.122:49321 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(23) Received Access-Request packet from host 192.168.99.122 port 49321, id=1, length=49
(23) 	NAS-Identifier = 'BS'
(23) 	User-Name = 'dummy'
(23) 	User-Password = '*PASSWORD*'
(23) # Executing section authorize from file /etc/raddb/sites-enabled/default
(23)   authorize {
(23)   filter_username filter_username {
(23)     if (!&User-Name) 
(23)     if (!&User-Name)  -> FALSE
(23)     if (&User-Name =~ / /) 
(23)     if (&User-Name =~ / /)  -> FALSE
(23)     if (&User-Name =~ /@.*@/ ) 
(23)     if (&User-Name =~ /@.*@/ )  -> FALSE
(23)     if (&User-Name =~ /\\.\\./ ) 
(23)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(23)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(23)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(23)     if (&User-Name =~ /\\.$/)  
(23)     if (&User-Name =~ /\\.$/)   -> FALSE
(23)     if (&User-Name =~ /@\\./)  
(23)     if (&User-Name =~ /@\\./)   -> FALSE
(23)   } # filter_username filter_username = notfound
(23)   [preprocess] = ok
(23)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(23)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(23)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(23)  auth_log : EXPAND %t
(23)  auth_log :    --> Wed Feb 14 20:04:14 2018
(23)   [auth_log] = ok
(23)   [chap] = noop
(23)   [mschap] = noop
(23)   [digest] = noop
(23)   [wimax] = noop
(23)  suffix : Checking for suffix after "@"
(23)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(23)  suffix : No such realm "NULL"
(23)   [suffix] = noop
(23)  eap : No EAP-Message, not doing EAP
(23)   [eap] = noop
(23)  files : users: Matched entry dummy at line 159
(23)   [files] = ok
(23)   [expiration] = noop
(23)   [logintime] = noop
(23)   [pap] = updated
(23)  } #  authorize = updated
(23) Found Auth-Type = PAP
(23) # Executing group from file /etc/raddb/sites-enabled/default
(23)  Auth-Type PAP {
(23)  pap : Login attempt with password
(23)  pap : User authenticated successfully
(23)   [pap] = ok
(23)  } # Auth-Type PAP = ok
(23) Login OK: [dummy] (from client BS2 port 0)
(23) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(23)   post-auth {
(23)   [exec] = noop
(23)   update reply {
(23) 	Session-Timeout := 1800
(23)   } # update reply = noop
(23)   remove_reply_message_if_eap remove_reply_message_if_eap {
(23)     if (&reply:EAP-Message && &reply:Reply-Message) 
(23)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(23)    else else {
(23)     [noop] = noop
(23)    } # else else = noop
(23)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(23)  } #  post-auth = noop
(23) Sending Access-Accept packet to host 192.168.99.122 port 49321, id=1, length=0
(23) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.122:49321
	Session-Timeout := 1800
(23) Finished request
Waking up in 0.2 seconds.
Waking up in 0.5 seconds.
(20) Cleaning up request packet ID 1 with timestamp +54
Waking up in 3.8 seconds.
(21) Cleaning up request packet ID 1 with timestamp +58
(22) Cleaning up request packet ID 1 with timestamp +58
Waking up in 0.2 seconds.
(23) Cleaning up request packet ID 1 with timestamp +58
Ready to process requests
Received Access-Request Id 1 from 192.168.99.121:49210 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(24) Received Access-Request packet from host 192.168.99.121 port 49210, id=1, length=49
(24) 	NAS-Identifier = 'BS'
(24) 	User-Name = 'dummy'
(24) 	User-Password = '*PASSWORD*'
(24) # Executing section authorize from file /etc/raddb/sites-enabled/default
(24)   authorize {
(24)   filter_username filter_username {
(24)     if (!&User-Name) 
(24)     if (!&User-Name)  -> FALSE
(24)     if (&User-Name =~ / /) 
(24)     if (&User-Name =~ / /)  -> FALSE
(24)     if (&User-Name =~ /@.*@/ ) 
(24)     if (&User-Name =~ /@.*@/ )  -> FALSE
(24)     if (&User-Name =~ /\\.\\./ ) 
(24)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(24)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(24)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(24)     if (&User-Name =~ /\\.$/)  
(24)     if (&User-Name =~ /\\.$/)   -> FALSE
(24)     if (&User-Name =~ /@\\./)  
(24)     if (&User-Name =~ /@\\./)   -> FALSE
(24)   } # filter_username filter_username = notfound
(24)   [preprocess] = ok
(24)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(24)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(24)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(24)  auth_log : EXPAND %t
(24)  auth_log :    --> Wed Feb 14 20:04:20 2018
(24)   [auth_log] = ok
(24)   [chap] = noop
(24)   [mschap] = noop
(24)   [digest] = noop
(24)   [wimax] = noop
(24)  suffix : Checking for suffix after "@"
(24)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(24)  suffix : No such realm "NULL"
(24)   [suffix] = noop
(24)  eap : No EAP-Message, not doing EAP
(24)   [eap] = noop
(24)  files : users: Matched entry dummy at line 159
(24)   [files] = ok
(24)   [expiration] = noop
(24)   [logintime] = noop
(24)   [pap] = updated
(24)  } #  authorize = updated
(24) Found Auth-Type = PAP
(24) # Executing group from file /etc/raddb/sites-enabled/default
(24)  Auth-Type PAP {
(24)  pap : Login attempt with password
(24)  pap : User authenticated successfully
(24)   [pap] = ok
(24)  } # Auth-Type PAP = ok
(24) Login OK: [dummy] (from client BS1 port 0)
(24) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(24)   post-auth {
(24)   [exec] = noop
(24)   update reply {
(24) 	Session-Timeout := 1800
(24)   } # update reply = noop
(24)   remove_reply_message_if_eap remove_reply_message_if_eap {
(24)     if (&reply:EAP-Message && &reply:Reply-Message) 
(24)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(24)    else else {
(24)     [noop] = noop
(24)    } # else else = noop
(24)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(24)  } #  post-auth = noop
(24) Sending Access-Accept packet to host 192.168.99.121 port 49210, id=1, length=0
(24) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.121:49210
	Session-Timeout := 1800
(24) Finished request
Waking up in 0.3 seconds.
Waking up in 4.6 seconds.
Received Access-Request Id 138 from 192.168.99.121:49210 to 192.168.99.101:1812 length 85
	Message-Authenticator = 0x03e6f076fbe83fb57225e2b05cce499f
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02be0016014350453131407369656d656e732e636f6d
(25) Received Access-Request packet from host 192.168.99.121 port 49210, id=138, length=85
(25) 	Message-Authenticator = 0x03e6f076fbe83fb57225e2b05cce499f
(25) 	NAS-Identifier = 'BS'
(25) 	User-Name = 'CPE11@siemens.com'
(25) 	EAP-Message = 0x02be0016014350453131407369656d656e732e636f6d
(25) # Executing section authorize from file /etc/raddb/sites-enabled/default
(25)   authorize {
(25)   filter_username filter_username {
(25)     if (!&User-Name) 
(25)     if (!&User-Name)  -> FALSE
(25)     if (&User-Name =~ / /) 
(25)     if (&User-Name =~ / /)  -> FALSE
(25)     if (&User-Name =~ /@.*@/ ) 
(25)     if (&User-Name =~ /@.*@/ )  -> FALSE
(25)     if (&User-Name =~ /\\.\\./ ) 
(25)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(25)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(25)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(25)     if (&User-Name =~ /\\.$/)  
(25)     if (&User-Name =~ /\\.$/)   -> FALSE
(25)     if (&User-Name =~ /@\\./)  
(25)     if (&User-Name =~ /@\\./)   -> FALSE
(25)   } # filter_username filter_username = notfound
(25)   [preprocess] = ok
(25)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(25)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(25)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(25)  auth_log : EXPAND %t
(25)  auth_log :    --> Wed Feb 14 20:04:22 2018
(25)   [auth_log] = ok
(25)   [chap] = noop
(25)   [mschap] = noop
(25)   [digest] = noop
(25)   [wimax] = noop
(25)  suffix : Checking for suffix after "@"
(25)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(25)  suffix : No such realm "siemens.com"
(25)   [suffix] = noop
(25)  eap : Peer sent code Response (2) ID 190 length 22
(25)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(25)   [eap] = ok
(25)  } #  authorize = ok
(25) Found Auth-Type = EAP
(25) # Executing group from file /etc/raddb/sites-enabled/default
(25)   authenticate {
(25)  eap : Peer sent method Identity (1)
(25)  eap : Calling eap_ttls to process EAP data
(25)  eap_ttls : Flushing SSL sessions (of #0)
(25)  eap_ttls : Initiate
(25)  eap_ttls : Start returned 1
(25)  eap : New EAP session, adding 'State' attribute to reply 0x34b58d2c340a9811
(25)   [eap] = handled
(25)  } #  authenticate = handled
(25) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=138, length=0
(25) 	EAP-Message = 0x01bf00061520
(25) 	Message-Authenticator = 0x00000000000000000000000000000000
(25) 	State = 0x34b58d2c340a98113803a0b501531a5f
Sending Access-Challenge Id 138 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01bf00061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x34b58d2c340a98113803a0b501531a5f
(25) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 139 from 192.168.99.121:49210 to 192.168.99.101:1812 length 187
	Message-Authenticator = 0xbb67ce29d9b98542c4f1b9aa5279ca44
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02bf006a158000000060160301005b01000057030154a4b475036f4ac7b0e6d3c47900fbee5b48eb08cd66a4ae5268940a90215da800003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x34b58d2c340a98113803a0b501531a5f
(26) Received Access-Request packet from host 192.168.99.121 port 49210, id=139, length=187
(26) 	Message-Authenticator = 0xbb67ce29d9b98542c4f1b9aa5279ca44
(26) 	NAS-Identifier = 'BS'
(26) 	User-Name = 'CPE11@siemens.com'
(26) 	EAP-Message = 0x02bf006a158000000060160301005b01000057030154a4b475036f4ac7b0e6d3c47900fbee5b48eb08cd66a4ae5268940a90215da800003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(26) 	State = 0x34b58d2c340a98113803a0b501531a5f
(26) # Executing section authorize from file /etc/raddb/sites-enabled/default
(26)   authorize {
(26)   filter_username filter_username {
(26)     if (!&User-Name) 
(26)     if (!&User-Name)  -> FALSE
(26)     if (&User-Name =~ / /) 
(26)     if (&User-Name =~ / /)  -> FALSE
(26)     if (&User-Name =~ /@.*@/ ) 
(26)     if (&User-Name =~ /@.*@/ )  -> FALSE
(26)     if (&User-Name =~ /\\.\\./ ) 
(26)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(26)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(26)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(26)     if (&User-Name =~ /\\.$/)  
(26)     if (&User-Name =~ /\\.$/)   -> FALSE
(26)     if (&User-Name =~ /@\\./)  
(26)     if (&User-Name =~ /@\\./)   -> FALSE
(26)   } # filter_username filter_username = notfound
(26)   [preprocess] = ok
(26)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(26)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(26)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(26)  auth_log : EXPAND %t
(26)  auth_log :    --> Wed Feb 14 20:04:22 2018
(26)   [auth_log] = ok
(26)   [chap] = noop
(26)   [mschap] = noop
(26)   [digest] = noop
(26)   [wimax] = noop
(26)  suffix : Checking for suffix after "@"
(26)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(26)  suffix : No such realm "siemens.com"
(26)   [suffix] = noop
(26)  eap : Peer sent code Response (2) ID 191 length 106
(26)  eap : Continuing tunnel setup
(26)   [eap] = ok
(26)  } #  authorize = ok
(26) Found Auth-Type = EAP
(26) # Executing group from file /etc/raddb/sites-enabled/default
(26)   authenticate {
(26)  eap : Expiring EAP session with state 0x34b58d2c340a9811
(26)  eap : Finished EAP session with state 0x34b58d2c340a9811
(26)  eap : Previous EAP request found for state 0x34b58d2c340a9811, released from the list
(26)  eap : Peer sent method TTLS (21)
(26)  eap : EAP TTLS (21)
(26)  eap : Calling eap_ttls to process EAP data
(26)  eap_ttls : Authenticate
(26)  eap_ttls : processing EAP-TLS
  TLS Length 96
(26)  eap_ttls : Length Included
(26)  eap_ttls : eaptls_verify returned 11 
(26)  eap_ttls : (other): before/accept initialization
(26)  eap_ttls : TLS_accept: before/accept initialization
(26)  eap_ttls : <<< Unknown TLS version [length 0005] 
(26)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(26)  eap_ttls : TLS_accept: SSLv3 read client hello A
(26)  eap_ttls : >>> Unknown TLS version [length 0005] 
(26)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(26)  eap_ttls : TLS_accept: SSLv3 write server hello A
(26)  eap_ttls : >>> Unknown TLS version [length 0005] 
(26)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(26)  eap_ttls : TLS_accept: SSLv3 write certificate A
(26)  eap_ttls : >>> Unknown TLS version [length 0005] 
(26)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(26)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(26)  eap_ttls : >>> Unknown TLS version [length 0005] 
(26)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(26)  eap_ttls : TLS_accept: SSLv3 write server done A
(26)  eap_ttls : TLS_accept: SSLv3 flush data
(26)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(26)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(26)  eap_ttls : eaptls_process returned 13 
(26)  eap : New EAP session, adding 'State' attribute to reply 0x34b58d2c35759811
(26)   [eap] = handled
(26)  } #  authenticate = handled
(26) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=139, length=0
(26) 	EAP-Message = 0x01c003ec15c000000702160301004a02000046030138b44c61830a0a8d255eaa89ed22945373a900b40764e61a46e177e528f3bbcc20d4a5748fc358d3c9ccfee41a1744d20e3eb30773aac290feb0441e76897006c800390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(26) 	Message-Authenticator = 0x00000000000000000000000000000000
(26) 	State = 0x34b58d2c357598113803a0b501531a5f
Sending Access-Challenge Id 139 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c003ec15c000000702160301004a02000046030138b44c61830a0a8d255eaa89ed22945373a900b40764e61a46e177e528f3bbcc20d4a5748fc358d3c9ccfee41a1744d20e3eb30773aac290feb0441e76897006c800390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x34b58d2c357598113803a0b501531a5f
(26) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 140 from 192.168.99.121:49210 to 192.168.99.101:1812 length 87
	Message-Authenticator = 0x4477946ad78faa68c7eb2d05bb65eae0
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c000061500
	State = 0x34b58d2c357598113803a0b501531a5f
(27) Received Access-Request packet from host 192.168.99.121 port 49210, id=140, length=87
(27) 	Message-Authenticator = 0x4477946ad78faa68c7eb2d05bb65eae0
(27) 	NAS-Identifier = 'BS'
(27) 	User-Name = 'CPE11@siemens.com'
(27) 	EAP-Message = 0x02c000061500
(27) 	State = 0x34b58d2c357598113803a0b501531a5f
(27) # Executing section authorize from file /etc/raddb/sites-enabled/default
(27)   authorize {
(27)   filter_username filter_username {
(27)     if (!&User-Name) 
(27)     if (!&User-Name)  -> FALSE
(27)     if (&User-Name =~ / /) 
(27)     if (&User-Name =~ / /)  -> FALSE
(27)     if (&User-Name =~ /@.*@/ ) 
(27)     if (&User-Name =~ /@.*@/ )  -> FALSE
(27)     if (&User-Name =~ /\\.\\./ ) 
(27)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(27)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(27)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(27)     if (&User-Name =~ /\\.$/)  
(27)     if (&User-Name =~ /\\.$/)   -> FALSE
(27)     if (&User-Name =~ /@\\./)  
(27)     if (&User-Name =~ /@\\./)   -> FALSE
(27)   } # filter_username filter_username = notfound
(27)   [preprocess] = ok
(27)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(27)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(27)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(27)  auth_log : EXPAND %t
(27)  auth_log :    --> Wed Feb 14 20:04:22 2018
(27)   [auth_log] = ok
(27)   [chap] = noop
(27)   [mschap] = noop
(27)   [digest] = noop
(27)   [wimax] = noop
(27)  suffix : Checking for suffix after "@"
(27)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(27)  suffix : No such realm "siemens.com"
(27)   [suffix] = noop
(27)  eap : Peer sent code Response (2) ID 192 length 6
(27)  eap : Continuing tunnel setup
(27)   [eap] = ok
(27)  } #  authorize = ok
(27) Found Auth-Type = EAP
(27) # Executing group from file /etc/raddb/sites-enabled/default
(27)   authenticate {
(27)  eap : Expiring EAP session with state 0x34b58d2c35759811
(27)  eap : Finished EAP session with state 0x34b58d2c35759811
(27)  eap : Previous EAP request found for state 0x34b58d2c35759811, released from the list
(27)  eap : Peer sent method TTLS (21)
(27)  eap : EAP TTLS (21)
(27)  eap : Calling eap_ttls to process EAP data
(27)  eap_ttls : Authenticate
(27)  eap_ttls : processing EAP-TLS
(27)  eap_ttls : Received TLS ACK
(27)  eap_ttls : Received TLS ACK
(27)  eap_ttls : ACK handshake fragment handler
(27)  eap_ttls : eaptls_verify returned 1 
(27)  eap_ttls : eaptls_process returned 13 
(27)  eap : New EAP session, adding 'State' attribute to reply 0x34b58d2c36749811
(27)   [eap] = handled
(27)  } #  authenticate = handled
(27) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=140, length=0
(27) 	EAP-Message = 0x01c1032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(27) 	Message-Authenticator = 0x00000000000000000000000000000000
(27) 	State = 0x34b58d2c367498113803a0b501531a5f
Sending Access-Challenge Id 140 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c1032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x34b58d2c367498113803a0b501531a5f
(27) Finished request
Waking up in 0.2 seconds.
Waking up in 2.6 seconds.
Received Access-Request Id 1 from 192.168.99.123:49286 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(28) Received Access-Request packet from host 192.168.99.123 port 49286, id=1, length=49
(28) 	NAS-Identifier = 'BS'
(28) 	User-Name = 'dummy'
(28) 	User-Password = '*PASSWORD*'
(28) # Executing section authorize from file /etc/raddb/sites-enabled/default
(28)   authorize {
(28)   filter_username filter_username {
(28)     if (!&User-Name) 
(28)     if (!&User-Name)  -> FALSE
(28)     if (&User-Name =~ / /) 
(28)     if (&User-Name =~ / /)  -> FALSE
(28)     if (&User-Name =~ /@.*@/ ) 
(28)     if (&User-Name =~ /@.*@/ )  -> FALSE
(28)     if (&User-Name =~ /\\.\\./ ) 
(28)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(28)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(28)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(28)     if (&User-Name =~ /\\.$/)  
(28)     if (&User-Name =~ /\\.$/)   -> FALSE
(28)     if (&User-Name =~ /@\\./)  
(28)     if (&User-Name =~ /@\\./)   -> FALSE
(28)   } # filter_username filter_username = notfound
(28)   [preprocess] = ok
(28)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(28)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(28)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(28)  auth_log : EXPAND %t
(28)  auth_log :    --> Wed Feb 14 20:04:24 2018
(28)   [auth_log] = ok
(28)   [chap] = noop
(28)   [mschap] = noop
(28)   [digest] = noop
(28)   [wimax] = noop
(28)  suffix : Checking for suffix after "@"
(28)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(28)  suffix : No such realm "NULL"
(28)   [suffix] = noop
(28)  eap : No EAP-Message, not doing EAP
(28)   [eap] = noop
(28)  files : users: Matched entry dummy at line 159
(28)   [files] = ok
(28)   [expiration] = noop
(28)   [logintime] = noop
(28)   [pap] = updated
(28)  } #  authorize = updated
(28) Found Auth-Type = PAP
(28) # Executing group from file /etc/raddb/sites-enabled/default
(28)  Auth-Type PAP {
(28)  pap : Login attempt with password
(28)  pap : User authenticated successfully
(28)   [pap] = ok
(28)  } # Auth-Type PAP = ok
(28) Login OK: [dummy] (from client BS3 port 0)
(28) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(28)   post-auth {
(28)   [exec] = noop
(28)   update reply {
(28) 	Session-Timeout := 1800
(28)   } # update reply = noop
(28)   remove_reply_message_if_eap remove_reply_message_if_eap {
(28)     if (&reply:EAP-Message && &reply:Reply-Message) 
(28)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(28)    else else {
(28)     [noop] = noop
(28)    } # else else = noop
(28)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(28)  } #  post-auth = noop
(28) Sending Access-Accept packet to host 192.168.99.123 port 49286, id=1, length=0
(28) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.123:49286
	Session-Timeout := 1800
(28) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 107 from 192.168.99.123:49286 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x13126f250bbefd1068ca2ccd45654687
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x028800150143504539407369656d656e732e636f6d
(29) Received Access-Request packet from host 192.168.99.123 port 49286, id=107, length=83
(29) 	Message-Authenticator = 0x13126f250bbefd1068ca2ccd45654687
(29) 	NAS-Identifier = 'BS'
(29) 	User-Name = 'CPE9@siemens.com'
(29) 	EAP-Message = 0x028800150143504539407369656d656e732e636f6d
(29) # Executing section authorize from file /etc/raddb/sites-enabled/default
(29)   authorize {
(29)   filter_username filter_username {
(29)     if (!&User-Name) 
(29)     if (!&User-Name)  -> FALSE
(29)     if (&User-Name =~ / /) 
(29)     if (&User-Name =~ / /)  -> FALSE
(29)     if (&User-Name =~ /@.*@/ ) 
(29)     if (&User-Name =~ /@.*@/ )  -> FALSE
(29)     if (&User-Name =~ /\\.\\./ ) 
(29)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(29)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(29)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(29)     if (&User-Name =~ /\\.$/)  
(29)     if (&User-Name =~ /\\.$/)   -> FALSE
(29)     if (&User-Name =~ /@\\./)  
(29)     if (&User-Name =~ /@\\./)   -> FALSE
(29)   } # filter_username filter_username = notfound
(29)   [preprocess] = ok
(29)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(29)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(29)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(29)  auth_log : EXPAND %t
(29)  auth_log :    --> Wed Feb 14 20:04:24 2018
(29)   [auth_log] = ok
(29)   [chap] = noop
(29)   [mschap] = noop
(29)   [digest] = noop
(29)   [wimax] = noop
(29)  suffix : Checking for suffix after "@"
(29)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(29)  suffix : No such realm "siemens.com"
(29)   [suffix] = noop
(29)  eap : Peer sent code Response (2) ID 136 length 21
(29)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(29)   [eap] = ok
(29)  } #  authorize = ok
(29) Found Auth-Type = EAP
(29) # Executing group from file /etc/raddb/sites-enabled/default
(29)   authenticate {
(29)  eap : Peer sent method Identity (1)
(29)  eap : Calling eap_ttls to process EAP data
(29)  eap_ttls : Initiate
(29)  eap_ttls : Start returned 1
(29)  eap : New EAP session, adding 'State' attribute to reply 0x57397c5557b06955
(29)   [eap] = handled
(29)  } #  authenticate = handled
(29) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=107, length=0
(29) 	EAP-Message = 0x018900061520
(29) 	Message-Authenticator = 0x00000000000000000000000000000000
(29) 	State = 0x57397c5557b069558c20ec0fcefb52a1
Sending Access-Challenge Id 107 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x018900061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x57397c5557b069558c20ec0fcefb52a1
(29) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 1 from 192.168.99.124:49285 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(30) Received Access-Request packet from host 192.168.99.124 port 49285, id=1, length=49
(30) 	NAS-Identifier = 'BS'
(30) 	User-Name = 'dummy'
(30) 	User-Password = '*PASSWORD*'
(30) # Executing section authorize from file /etc/raddb/sites-enabled/default
(30)   authorize {
(30)   filter_username filter_username {
(30)     if (!&User-Name) 
(30)     if (!&User-Name)  -> FALSE
(30)     if (&User-Name =~ / /) 
(30)     if (&User-Name =~ / /)  -> FALSE
(30)     if (&User-Name =~ /@.*@/ ) 
(30)     if (&User-Name =~ /@.*@/ )  -> FALSE
(30)     if (&User-Name =~ /\\.\\./ ) 
(30)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(30)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(30)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(30)     if (&User-Name =~ /\\.$/)  
(30)     if (&User-Name =~ /\\.$/)   -> FALSE
(30)     if (&User-Name =~ /@\\./)  
(30)     if (&User-Name =~ /@\\./)   -> FALSE
(30)   } # filter_username filter_username = notfound
(30)   [preprocess] = ok
(30)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(30)  auth_log :    --> /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(30)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(30)  auth_log : EXPAND %t
(30)  auth_log :    --> Wed Feb 14 20:04:24 2018
(30)   [auth_log] = ok
(30)   [chap] = noop
(30)   [mschap] = noop
(30)   [digest] = noop
(30)   [wimax] = noop
(30)  suffix : Checking for suffix after "@"
(30)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(30)  suffix : No such realm "NULL"
(30)   [suffix] = noop
(30)  eap : No EAP-Message, not doing EAP
(30)   [eap] = noop
(30)  files : users: Matched entry dummy at line 159
(30)   [files] = ok
(30)   [expiration] = noop
(30)   [logintime] = noop
(30)   [pap] = updated
(30)  } #  authorize = updated
(30) Found Auth-Type = PAP
(30) # Executing group from file /etc/raddb/sites-enabled/default
(30)  Auth-Type PAP {
(30)  pap : Login attempt with password
(30)  pap : User authenticated successfully
(30)   [pap] = ok
(30)  } # Auth-Type PAP = ok
(30) Login OK: [dummy] (from client BS4 port 0)
(30) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(30)   post-auth {
(30)   [exec] = noop
(30)   update reply {
(30) 	Session-Timeout := 1800
(30)   } # update reply = noop
(30)   remove_reply_message_if_eap remove_reply_message_if_eap {
(30)     if (&reply:EAP-Message && &reply:Reply-Message) 
(30)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(30)    else else {
(30)     [noop] = noop
(30)    } # else else = noop
(30)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(30)  } #  post-auth = noop
(30) Sending Access-Accept packet to host 192.168.99.124 port 49285, id=1, length=0
(30) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.124:49285
	Session-Timeout := 1800
(30) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 108 from 192.168.99.123:49286 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0xcd82832660d9ab98e3e8a889cbac6974
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x0289006a158000000060160301005b01000057030154ab17a553fb25ffca816ad1cd5958a581206ece3478e3feac3c4916b7df5d9300003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x57397c5557b069558c20ec0fcefb52a1
(31) Received Access-Request packet from host 192.168.99.123 port 49286, id=108, length=186
(31) 	Message-Authenticator = 0xcd82832660d9ab98e3e8a889cbac6974
(31) 	NAS-Identifier = 'BS'
(31) 	User-Name = 'CPE9@siemens.com'
(31) 	EAP-Message = 0x0289006a158000000060160301005b01000057030154ab17a553fb25ffca816ad1cd5958a581206ece3478e3feac3c4916b7df5d9300003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(31) 	State = 0x57397c5557b069558c20ec0fcefb52a1
(31) # Executing section authorize from file /etc/raddb/sites-enabled/default
(31)   authorize {
(31)   filter_username filter_username {
(31)     if (!&User-Name) 
(31)     if (!&User-Name)  -> FALSE
(31)     if (&User-Name =~ / /) 
(31)     if (&User-Name =~ / /)  -> FALSE
(31)     if (&User-Name =~ /@.*@/ ) 
(31)     if (&User-Name =~ /@.*@/ )  -> FALSE
(31)     if (&User-Name =~ /\\.\\./ ) 
(31)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(31)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(31)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(31)     if (&User-Name =~ /\\.$/)  
(31)     if (&User-Name =~ /\\.$/)   -> FALSE
(31)     if (&User-Name =~ /@\\./)  
(31)     if (&User-Name =~ /@\\./)   -> FALSE
(31)   } # filter_username filter_username = notfound
(31)   [preprocess] = ok
(31)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(31)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(31)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(31)  auth_log : EXPAND %t
(31)  auth_log :    --> Wed Feb 14 20:04:24 2018
(31)   [auth_log] = ok
(31)   [chap] = noop
(31)   [mschap] = noop
(31)   [digest] = noop
(31)   [wimax] = noop
(31)  suffix : Checking for suffix after "@"
(31)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(31)  suffix : No such realm "siemens.com"
(31)   [suffix] = noop
(31)  eap : Peer sent code Response (2) ID 137 length 106
(31)  eap : Continuing tunnel setup
(31)   [eap] = ok
(31)  } #  authorize = ok
(31) Found Auth-Type = EAP
(31) # Executing group from file /etc/raddb/sites-enabled/default
(31)   authenticate {
(31)  eap : Expiring EAP session with state 0x34b58d2c36749811
(31)  eap : Finished EAP session with state 0x57397c5557b06955
(31)  eap : Previous EAP request found for state 0x57397c5557b06955, released from the list
(31)  eap : Peer sent method TTLS (21)
(31)  eap : EAP TTLS (21)
(31)  eap : Calling eap_ttls to process EAP data
(31)  eap_ttls : Authenticate
(31)  eap_ttls : processing EAP-TLS
  TLS Length 96
(31)  eap_ttls : Length Included
(31)  eap_ttls : eaptls_verify returned 11 
(31)  eap_ttls : (other): before/accept initialization
(31)  eap_ttls : TLS_accept: before/accept initialization
(31)  eap_ttls : <<< Unknown TLS version [length 0005] 
(31)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(31)  eap_ttls : TLS_accept: SSLv3 read client hello A
(31)  eap_ttls : >>> Unknown TLS version [length 0005] 
(31)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(31)  eap_ttls : TLS_accept: SSLv3 write server hello A
(31)  eap_ttls : >>> Unknown TLS version [length 0005] 
(31)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(31)  eap_ttls : TLS_accept: SSLv3 write certificate A
(31)  eap_ttls : >>> Unknown TLS version [length 0005] 
(31)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(31)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(31)  eap_ttls : >>> Unknown TLS version [length 0005] 
(31)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(31)  eap_ttls : TLS_accept: SSLv3 write server done A
(31)  eap_ttls : TLS_accept: SSLv3 flush data
(31)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(31)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(31)  eap_ttls : eaptls_process returned 13 
(31)  eap : New EAP session, adding 'State' attribute to reply 0x57397c5556b36955
(31)   [eap] = handled
(31)  } #  authenticate = handled
(31) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=108, length=0
(31) 	EAP-Message = 0x018a03ec15c000000702160301004a02000046030139a180e54ac8f4575fbaa2ae5e512cc27d809e74900f2ea9923a438a66b450a5208df00de32d2944cfd2a6799cc384abbed919a584f2a1b084e0d669db9a28d7c900390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(31) 	Message-Authenticator = 0x00000000000000000000000000000000
(31) 	State = 0x57397c5556b369558c20ec0fcefb52a1
Sending Access-Challenge Id 108 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x018a03ec15c000000702160301004a02000046030139a180e54ac8f4575fbaa2ae5e512cc27d809e74900f2ea9923a438a66b450a5208df00de32d2944cfd2a6799cc384abbed919a584f2a1b084e0d669db9a28d7c900390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x57397c5556b369558c20ec0fcefb52a1
(31) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 109 from 192.168.99.123:49286 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0x85c5be15e020ef34e4d85aed8f85d478
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x028a00061500
	State = 0x57397c5556b369558c20ec0fcefb52a1
(32) Received Access-Request packet from host 192.168.99.123 port 49286, id=109, length=86
(32) 	Message-Authenticator = 0x85c5be15e020ef34e4d85aed8f85d478
(32) 	NAS-Identifier = 'BS'
(32) 	User-Name = 'CPE9@siemens.com'
(32) 	EAP-Message = 0x028a00061500
(32) 	State = 0x57397c5556b369558c20ec0fcefb52a1
(32) # Executing section authorize from file /etc/raddb/sites-enabled/default
(32)   authorize {
(32)   filter_username filter_username {
(32)     if (!&User-Name) 
(32)     if (!&User-Name)  -> FALSE
(32)     if (&User-Name =~ / /) 
(32)     if (&User-Name =~ / /)  -> FALSE
(32)     if (&User-Name =~ /@.*@/ ) 
(32)     if (&User-Name =~ /@.*@/ )  -> FALSE
(32)     if (&User-Name =~ /\\.\\./ ) 
(32)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(32)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(32)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(32)     if (&User-Name =~ /\\.$/)  
(32)     if (&User-Name =~ /\\.$/)   -> FALSE
(32)     if (&User-Name =~ /@\\./)  
(32)     if (&User-Name =~ /@\\./)   -> FALSE
(32)   } # filter_username filter_username = notfound
(32)   [preprocess] = ok
(32)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(32)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(32)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(32)  auth_log : EXPAND %t
(32)  auth_log :    --> Wed Feb 14 20:04:24 2018
(32)   [auth_log] = ok
(32)   [chap] = noop
(32)   [mschap] = noop
(32)   [digest] = noop
(32)   [wimax] = noop
(32)  suffix : Checking for suffix after "@"
(32)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(32)  suffix : No such realm "siemens.com"
(32)   [suffix] = noop
(32)  eap : Peer sent code Response (2) ID 138 length 6
(32)  eap : Continuing tunnel setup
(32)   [eap] = ok
(32)  } #  authorize = ok
(32) Found Auth-Type = EAP
(32) # Executing group from file /etc/raddb/sites-enabled/default
(32)   authenticate {
(32)  eap : Expiring EAP session with state 0x34b58d2c36749811
(32)  eap : Finished EAP session with state 0x57397c5556b36955
(32)  eap : Previous EAP request found for state 0x57397c5556b36955, released from the list
(32)  eap : Peer sent method TTLS (21)
(32)  eap : EAP TTLS (21)
(32)  eap : Calling eap_ttls to process EAP data
(32)  eap_ttls : Authenticate
(32)  eap_ttls : processing EAP-TLS
(32)  eap_ttls : Received TLS ACK
(32)  eap_ttls : Received TLS ACK
(32)  eap_ttls : ACK handshake fragment handler
(32)  eap_ttls : eaptls_verify returned 1 
(32)  eap_ttls : eaptls_process returned 13 
(32)  eap : New EAP session, adding 'State' attribute to reply 0x57397c5555b26955
(32)   [eap] = handled
(32)  } #  authenticate = handled
(32) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=109, length=0
(32) 	EAP-Message = 0x018b032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(32) 	Message-Authenticator = 0x00000000000000000000000000000000
(32) 	State = 0x57397c5555b269558c20ec0fcefb52a1
Sending Access-Challenge Id 109 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x018b032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x57397c5555b269558c20ec0fcefb52a1
(32) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 1 from 192.168.99.122:49321 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(33) Received Access-Request packet from host 192.168.99.122 port 49321, id=1, length=49
(33) 	NAS-Identifier = 'BS'
(33) 	User-Name = 'dummy'
(33) 	User-Password = '*PASSWORD*'
(33) # Executing section authorize from file /etc/raddb/sites-enabled/default
(33)   authorize {
(33)   filter_username filter_username {
(33)     if (!&User-Name) 
(33)     if (!&User-Name)  -> FALSE
(33)     if (&User-Name =~ / /) 
(33)     if (&User-Name =~ / /)  -> FALSE
(33)     if (&User-Name =~ /@.*@/ ) 
(33)     if (&User-Name =~ /@.*@/ )  -> FALSE
(33)     if (&User-Name =~ /\\.\\./ ) 
(33)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(33)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(33)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(33)     if (&User-Name =~ /\\.$/)  
(33)     if (&User-Name =~ /\\.$/)   -> FALSE
(33)     if (&User-Name =~ /@\\./)  
(33)     if (&User-Name =~ /@\\./)   -> FALSE
(33)   } # filter_username filter_username = notfound
(33)   [preprocess] = ok
(33)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(33)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(33)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(33)  auth_log : EXPAND %t
(33)  auth_log :    --> Wed Feb 14 20:04:24 2018
(33)   [auth_log] = ok
(33)   [chap] = noop
(33)   [mschap] = noop
(33)   [digest] = noop
(33)   [wimax] = noop
(33)  suffix : Checking for suffix after "@"
(33)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(33)  suffix : No such realm "NULL"
(33)   [suffix] = noop
(33)  eap : No EAP-Message, not doing EAP
(33)   [eap] = noop
(33)  files : users: Matched entry dummy at line 159
(33)   [files] = ok
(33)   [expiration] = noop
(33)   [logintime] = noop
(33)   [pap] = updated
(33)  } #  authorize = updated
(33) Found Auth-Type = PAP
(33) # Executing group from file /etc/raddb/sites-enabled/default
(33)  Auth-Type PAP {
(33)  pap : Login attempt with password
(33)  pap : User authenticated successfully
(33)   [pap] = ok
(33)  } # Auth-Type PAP = ok
(33) Login OK: [dummy] (from client BS2 port 0)
(33) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(33)   post-auth {
(33)   [exec] = noop
(33)   update reply {
(33) 	Session-Timeout := 1800
(33)   } # update reply = noop
(33)   remove_reply_message_if_eap remove_reply_message_if_eap {
(33)     if (&reply:EAP-Message && &reply:Reply-Message) 
(33)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(33)    else else {
(33)     [noop] = noop
(33)    } # else else = noop
(33)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(33)  } #  post-auth = noop
(33) Sending Access-Accept packet to host 192.168.99.122 port 49321, id=1, length=0
(33) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.122:49321
	Session-Timeout := 1800
(33) Finished request
Received Access-Request Id 85 from 192.168.99.122:49321 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x2d784e2c9163d32a2e985358c53a8f45
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02ab00150143504537407369656d656e732e636f6d
(34) Received Access-Request packet from host 192.168.99.122 port 49321, id=85, length=83
(34) 	Message-Authenticator = 0x2d784e2c9163d32a2e985358c53a8f45
(34) 	NAS-Identifier = 'BS'
(34) 	User-Name = 'CPE7@siemens.com'
(34) 	EAP-Message = 0x02ab00150143504537407369656d656e732e636f6d
(34) # Executing section authorize from file /etc/raddb/sites-enabled/default
(34)   authorize {
(34)   filter_username filter_username {
(34)     if (!&User-Name) 
(34)     if (!&User-Name)  -> FALSE
(34)     if (&User-Name =~ / /) 
(34)     if (&User-Name =~ / /)  -> FALSE
(34)     if (&User-Name =~ /@.*@/ ) 
(34)     if (&User-Name =~ /@.*@/ )  -> FALSE
(34)     if (&User-Name =~ /\\.\\./ ) 
(34)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(34)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(34)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(34)     if (&User-Name =~ /\\.$/)  
(34)     if (&User-Name =~ /\\.$/)   -> FALSE
(34)     if (&User-Name =~ /@\\./)  
(34)     if (&User-Name =~ /@\\./)   -> FALSE
(34)   } # filter_username filter_username = notfound
(34)   [preprocess] = ok
(34)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(34)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(34)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(34)  auth_log : EXPAND %t
(34)  auth_log :    --> Wed Feb 14 20:04:24 2018
(34)   [auth_log] = ok
(34)   [chap] = noop
(34)   [mschap] = noop
(34)   [digest] = noop
(34)   [wimax] = noop
(34)  suffix : Checking for suffix after "@"
(34)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(34)  suffix : No such realm "siemens.com"
(34)   [suffix] = noop
(34)  eap : Peer sent code Response (2) ID 171 length 21
(34)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(34)   [eap] = ok
(34)  } #  authorize = ok
(34) Found Auth-Type = EAP
(34) # Executing group from file /etc/raddb/sites-enabled/default
(34)   authenticate {
(34)  eap : Peer sent method Identity (1)
(34)  eap : Calling eap_ttls to process EAP data
(34)  eap_ttls : Initiate
(34)  eap_ttls : Start returned 1
(34)  eap : New EAP session, adding 'State' attribute to reply 0xc7aaf511c706e0c9
(34)   [eap] = handled
(34)  } #  authenticate = handled
(34) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=85, length=0
(34) 	EAP-Message = 0x01ac00061520
(34) 	Message-Authenticator = 0x00000000000000000000000000000000
(34) 	State = 0xc7aaf511c706e0c998804d29ec3e0e6e
Sending Access-Challenge Id 85 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01ac00061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xc7aaf511c706e0c998804d29ec3e0e6e
(34) Finished request
Received Access-Request Id 86 from 192.168.99.122:49321 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x668e96d25cff76bf9c01b63aad63bfa6
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02ac006a158000000060160301005b01000057030154ac6f9b7d0063efcfdfca753531ceec95bcb5a25a089c8f33f778f914c97ab800003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0xc7aaf511c706e0c998804d29ec3e0e6e
(35) Received Access-Request packet from host 192.168.99.122 port 49321, id=86, length=186
(35) 	Message-Authenticator = 0x668e96d25cff76bf9c01b63aad63bfa6
(35) 	NAS-Identifier = 'BS'
(35) 	User-Name = 'CPE7@siemens.com'
(35) 	EAP-Message = 0x02ac006a158000000060160301005b01000057030154ac6f9b7d0063efcfdfca753531ceec95bcb5a25a089c8f33f778f914c97ab800003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(35) 	State = 0xc7aaf511c706e0c998804d29ec3e0e6e
(35) # Executing section authorize from file /etc/raddb/sites-enabled/default
(35)   authorize {
(35)   filter_username filter_username {
(35)     if (!&User-Name) 
(35)     if (!&User-Name)  -> FALSE
(35)     if (&User-Name =~ / /) 
(35)     if (&User-Name =~ / /)  -> FALSE
(35)     if (&User-Name =~ /@.*@/ ) 
(35)     if (&User-Name =~ /@.*@/ )  -> FALSE
(35)     if (&User-Name =~ /\\.\\./ ) 
(35)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(35)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(35)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(35)     if (&User-Name =~ /\\.$/)  
(35)     if (&User-Name =~ /\\.$/)   -> FALSE
(35)     if (&User-Name =~ /@\\./)  
(35)     if (&User-Name =~ /@\\./)   -> FALSE
(35)   } # filter_username filter_username = notfound
(35)   [preprocess] = ok
(35)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(35)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(35)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(35)  auth_log : EXPAND %t
(35)  auth_log :    --> Wed Feb 14 20:04:24 2018
(35)   [auth_log] = ok
(35)   [chap] = noop
(35)   [mschap] = noop
(35)   [digest] = noop
(35)   [wimax] = noop
(35)  suffix : Checking for suffix after "@"
(35)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(35)  suffix : No such realm "siemens.com"
(35)   [suffix] = noop
(35)  eap : Peer sent code Response (2) ID 172 length 106
(35)  eap : Continuing tunnel setup
(35)   [eap] = ok
(35)  } #  authorize = ok
(35) Found Auth-Type = EAP
(35) # Executing group from file /etc/raddb/sites-enabled/default
(35)   authenticate {
(35)  eap : Expiring EAP session with state 0x34b58d2c36749811
(35)  eap : Finished EAP session with state 0xc7aaf511c706e0c9
(35)  eap : Previous EAP request found for state 0xc7aaf511c706e0c9, released from the list
(35)  eap : Peer sent method TTLS (21)
(35)  eap : EAP TTLS (21)
(35)  eap : Calling eap_ttls to process EAP data
(35)  eap_ttls : Authenticate
(35)  eap_ttls : processing EAP-TLS
  TLS Length 96
(35)  eap_ttls : Length Included
(35)  eap_ttls : eaptls_verify returned 11 
(35)  eap_ttls : (other): before/accept initialization
(35)  eap_ttls : TLS_accept: before/accept initialization
(35)  eap_ttls : <<< Unknown TLS version [length 0005] 
(35)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(35)  eap_ttls : TLS_accept: SSLv3 read client hello A
(35)  eap_ttls : >>> Unknown TLS version [length 0005] 
(35)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(35)  eap_ttls : TLS_accept: SSLv3 write server hello A
(35)  eap_ttls : >>> Unknown TLS version [length 0005] 
(35)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(35)  eap_ttls : TLS_accept: SSLv3 write certificate A
(35)  eap_ttls : >>> Unknown TLS version [length 0005] 
(35)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(35)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(35)  eap_ttls : >>> Unknown TLS version [length 0005] 
(35)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(35)  eap_ttls : TLS_accept: SSLv3 write server done A
(35)  eap_ttls : TLS_accept: SSLv3 flush data
(35)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(35)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(35)  eap_ttls : eaptls_process returned 13 
(35)  eap : New EAP session, adding 'State' attribute to reply 0xc7aaf511c607e0c9
(35)   [eap] = handled
(35)  } #  authenticate = handled
(35) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=86, length=0
(35) 	EAP-Message = 0x01ad03ec15c000000702160301004a0200004603019b27ff0094e5d3119ea3d80ce3608a77ac0dda7204ce9a8752c4963249edc10f20e1f30ce9485fac5ccda327ba33dbcad7d520623653180115981553495f63b59e00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(35) 	Message-Authenticator = 0x00000000000000000000000000000000
(35) 	State = 0xc7aaf511c607e0c998804d29ec3e0e6e
Sending Access-Challenge Id 86 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01ad03ec15c000000702160301004a0200004603019b27ff0094e5d3119ea3d80ce3608a77ac0dda7204ce9a8752c4963249edc10f20e1f30ce9485fac5ccda327ba33dbcad7d520623653180115981553495f63b59e00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xc7aaf511c607e0c998804d29ec3e0e6e
(35) Finished request
Received Access-Request Id 87 from 192.168.99.122:49321 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0x31db681143d650fd507ae9f62bffbc1f
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02ad00061500
	State = 0xc7aaf511c607e0c998804d29ec3e0e6e
(36) Received Access-Request packet from host 192.168.99.122 port 49321, id=87, length=86
(36) 	Message-Authenticator = 0x31db681143d650fd507ae9f62bffbc1f
(36) 	NAS-Identifier = 'BS'
(36) 	User-Name = 'CPE7@siemens.com'
(36) 	EAP-Message = 0x02ad00061500
(36) 	State = 0xc7aaf511c607e0c998804d29ec3e0e6e
(36) # Executing section authorize from file /etc/raddb/sites-enabled/default
(36)   authorize {
(36)   filter_username filter_username {
(36)     if (!&User-Name) 
(36)     if (!&User-Name)  -> FALSE
(36)     if (&User-Name =~ / /) 
(36)     if (&User-Name =~ / /)  -> FALSE
(36)     if (&User-Name =~ /@.*@/ ) 
(36)     if (&User-Name =~ /@.*@/ )  -> FALSE
(36)     if (&User-Name =~ /\\.\\./ ) 
(36)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(36)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(36)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(36)     if (&User-Name =~ /\\.$/)  
(36)     if (&User-Name =~ /\\.$/)   -> FALSE
(36)     if (&User-Name =~ /@\\./)  
(36)     if (&User-Name =~ /@\\./)   -> FALSE
(36)   } # filter_username filter_username = notfound
(36)   [preprocess] = ok
(36)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(36)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(36)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(36)  auth_log : EXPAND %t
(36)  auth_log :    --> Wed Feb 14 20:04:24 2018
(36)   [auth_log] = ok
(36)   [chap] = noop
(36)   [mschap] = noop
(36)   [digest] = noop
(36)   [wimax] = noop
(36)  suffix : Checking for suffix after "@"
(36)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(36)  suffix : No such realm "siemens.com"
(36)   [suffix] = noop
(36)  eap : Peer sent code Response (2) ID 173 length 6
(36)  eap : Continuing tunnel setup
(36)   [eap] = ok
(36)  } #  authorize = ok
(36) Found Auth-Type = EAP
(36) # Executing group from file /etc/raddb/sites-enabled/default
(36)   authenticate {
(36)  eap : Expiring EAP session with state 0x34b58d2c36749811
(36)  eap : Finished EAP session with state 0xc7aaf511c607e0c9
(36)  eap : Previous EAP request found for state 0xc7aaf511c607e0c9, released from the list
(36)  eap : Peer sent method TTLS (21)
(36)  eap : EAP TTLS (21)
(36)  eap : Calling eap_ttls to process EAP data
(36)  eap_ttls : Authenticate
(36)  eap_ttls : processing EAP-TLS
(36)  eap_ttls : Received TLS ACK
(36)  eap_ttls : Received TLS ACK
(36)  eap_ttls : ACK handshake fragment handler
(36)  eap_ttls : eaptls_verify returned 1 
(36)  eap_ttls : eaptls_process returned 13 
(36)  eap : New EAP session, adding 'State' attribute to reply 0xc7aaf511c504e0c9
(36)   [eap] = handled
(36)  } #  authenticate = handled
(36) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=87, length=0
(36) 	EAP-Message = 0x01ae032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(36) 	Message-Authenticator = 0x00000000000000000000000000000000
(36) 	State = 0xc7aaf511c504e0c998804d29ec3e0e6e
Sending Access-Challenge Id 87 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01ae032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xc7aaf511c504e0c998804d29ec3e0e6e
(36) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 141 from 192.168.99.121:49210 to 192.168.99.101:1812 length 289
	Message-Authenticator = 0x1c59c6f14b47791bf708be749ff303aa
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c100d01580000000c616030100861000008200803a9de37bf1b56a9f8b89455934c70cc3b09ec80a0805d55ce9416c60d4faa04dde1501006c209e46c3f0febb6e287873a483b0c3315d920348910c5137aa2b7fb0b1c667b2060479435ebe6250d2a52347a8e6d0384a9b4234eadf0a335ed1e02bfd16f5872dc1bab70a4d3ee3aa84eaf7da217591cb1ccf7183f7deb060702d1403010001011603010030447ddcebb1ab1204d322b196de64df3ff414a6af1468393db7506d418e9a989ab25d2e70aa1f9727c28cb7d0b69ac689
	State = 0x34b58d2c367498113803a0b501531a5f
(37) Received Access-Request packet from host 192.168.99.121 port 49210, id=141, length=289
(37) 	Message-Authenticator = 0x1c59c6f14b47791bf708be749ff303aa
(37) 	NAS-Identifier = 'BS'
(37) 	User-Name = 'CPE11@siemens.com'
(37) 	EAP-Message = 0x02c100d01580000000c616030100861000008200803a9de37bf1b56a9f8b89455934c70cc3b09ec80a0805d55ce9416c60d4faa04dde1501006c209e46c3f0febb6e287873a483b0c3315d920348910c5137aa2b7fb0b1c667b2060479435ebe6250d2a52347a8e6d0384a9b4234eadf0a335ed1e02bfd16f5872dc1bab70a4d3ee3aa84eaf7da217591cb1ccf7183f7deb060702d1403010001011603010030447ddcebb1ab1204d322b196de64df3ff414a6af1468393db7506d418e9a989ab25d2e70aa1f9727c28cb7d0b69ac689
(37) 	State = 0x34b58d2c367498113803a0b501531a5f
(37) # Executing section authorize from file /etc/raddb/sites-enabled/default
(37)   authorize {
(37)   filter_username filter_username {
(37)     if (!&User-Name) 
(37)     if (!&User-Name)  -> FALSE
(37)     if (&User-Name =~ / /) 
(37)     if (&User-Name =~ / /)  -> FALSE
(37)     if (&User-Name =~ /@.*@/ ) 
(37)     if (&User-Name =~ /@.*@/ )  -> FALSE
(37)     if (&User-Name =~ /\\.\\./ ) 
(37)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(37)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(37)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(37)     if (&User-Name =~ /\\.$/)  
(37)     if (&User-Name =~ /\\.$/)   -> FALSE
(37)     if (&User-Name =~ /@\\./)  
(37)     if (&User-Name =~ /@\\./)   -> FALSE
(37)   } # filter_username filter_username = notfound
(37)   [preprocess] = ok
(37)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(37)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(37)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(37)  auth_log : EXPAND %t
(37)  auth_log :    --> Wed Feb 14 20:04:24 2018
(37)   [auth_log] = ok
(37)   [chap] = noop
(37)   [mschap] = noop
(37)   [digest] = noop
(37)   [wimax] = noop
(37)  suffix : Checking for suffix after "@"
(37)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(37)  suffix : No such realm "siemens.com"
(37)   [suffix] = noop
(37)  eap : Peer sent code Response (2) ID 193 length 208
(37)  eap : Continuing tunnel setup
(37)   [eap] = ok
(37)  } #  authorize = ok
(37) Found Auth-Type = EAP
(37) # Executing group from file /etc/raddb/sites-enabled/default
(37)   authenticate {
(37)  eap : Expiring EAP session with state 0x34b58d2c36749811
(37)  eap : Finished EAP session with state 0x34b58d2c36749811
(37)  eap : Previous EAP request found for state 0x34b58d2c36749811, released from the list
(37)  eap : Peer sent method TTLS (21)
(37)  eap : EAP TTLS (21)
(37)  eap : Calling eap_ttls to process EAP data
(37)  eap_ttls : Authenticate
(37)  eap_ttls : processing EAP-TLS
  TLS Length 198
(37)  eap_ttls : Length Included
(37)  eap_ttls : eaptls_verify returned 11 
(37)  eap_ttls : <<< Unknown TLS version [length 0005] 
(37)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(37)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(37)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(37)  eap_ttls : <<< Unknown TLS version [length 0005] 
(37)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(37)  eap_ttls : <<< Unknown TLS version [length 0005] 
(37)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(37)  eap_ttls : TLS_accept: SSLv3 read finished A
(37)  eap_ttls : >>> Unknown TLS version [length 0005] 
(37)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(37)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(37)  eap_ttls : >>> Unknown TLS version [length 0005] 
(37)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(37)  eap_ttls : TLS_accept: SSLv3 write finished A
(37)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session d4a5748fc358d3c9ccfee41a1744d20e3eb30773aac290feb0441e76897006c8 to cache
(37)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(37)  eap_ttls : eaptls_process returned 13 
(37)  eap : New EAP session, adding 'State' attribute to reply 0x34b58d2c37779811
(37)   [eap] = handled
(37)  } #  authenticate = handled
(37) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=141, length=0
(37) 	EAP-Message = 0x01c2004515800000003b14030100010116030100300bb699a30bde16fa8557843ce7bc20fb8ff590d15575cd8b760366a109e37d1c338fd1cd150867d63ce003b5177e6f66
(37) 	Message-Authenticator = 0x00000000000000000000000000000000
(37) 	State = 0x34b58d2c377798113803a0b501531a5f
Sending Access-Challenge Id 141 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c2004515800000003b14030100010116030100300bb699a30bde16fa8557843ce7bc20fb8ff590d15575cd8b760366a109e37d1c338fd1cd150867d63ce003b5177e6f66
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x34b58d2c377798113803a0b501531a5f
(37) Finished request
Waking up in 0.1 seconds.
Waking up in 0.2 seconds.
(24) Cleaning up request packet ID 1 with timestamp +64
Waking up in 1.8 seconds.
Received Access-Request Id 110 from 192.168.99.123:49286 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0xe3279effda321abded8192efd678f150
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x028b00d01580000000c616030100861000008200805c8d8a2e755000a9d09f1563b51cfae4615df42f75092c9b6df625d5752dca56d62d219c28961f0dac9567acc881d1f2856f997b58b66b1828aa37577d7d2448f0a11453a6220b20dcc0125a11486ab0263453ef6391ea488cd05c2b2563a85afa584d91519b00a3760667d7e188c2925d8e8a7f79a2c7ec920c386edfc97c4914030100010116030100303243fed33f73f5c3f247fcae6751b9ca3e314c13234ff50bf320af844d56ea17eecc071e9a10009d058bdc7e1bf931e8
	State = 0x57397c5555b269558c20ec0fcefb52a1
(38) Received Access-Request packet from host 192.168.99.123 port 49286, id=110, length=288
(38) 	Message-Authenticator = 0xe3279effda321abded8192efd678f150
(38) 	NAS-Identifier = 'BS'
(38) 	User-Name = 'CPE9@siemens.com'
(38) 	EAP-Message = 0x028b00d01580000000c616030100861000008200805c8d8a2e755000a9d09f1563b51cfae4615df42f75092c9b6df625d5752dca56d62d219c28961f0dac9567acc881d1f2856f997b58b66b1828aa37577d7d2448f0a11453a6220b20dcc0125a11486ab0263453ef6391ea488cd05c2b2563a85afa584d91519b00a3760667d7e188c2925d8e8a7f79a2c7ec920c386edfc97c4914030100010116030100303243fed33f73f5c3f247fcae6751b9ca3e314c13234ff50bf320af844d56ea17eecc071e9a10009d058bdc7e1bf931e8
(38) 	State = 0x57397c5555b269558c20ec0fcefb52a1
(38) # Executing section authorize from file /etc/raddb/sites-enabled/default
(38)   authorize {
(38)   filter_username filter_username {
(38)     if (!&User-Name) 
(38)     if (!&User-Name)  -> FALSE
(38)     if (&User-Name =~ / /) 
(38)     if (&User-Name =~ / /)  -> FALSE
(38)     if (&User-Name =~ /@.*@/ ) 
(38)     if (&User-Name =~ /@.*@/ )  -> FALSE
(38)     if (&User-Name =~ /\\.\\./ ) 
(38)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(38)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(38)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(38)     if (&User-Name =~ /\\.$/)  
(38)     if (&User-Name =~ /\\.$/)   -> FALSE
(38)     if (&User-Name =~ /@\\./)  
(38)     if (&User-Name =~ /@\\./)   -> FALSE
(38)   } # filter_username filter_username = notfound
(38)   [preprocess] = ok
(38)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(38)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(38)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(38)  auth_log : EXPAND %t
(38)  auth_log :    --> Wed Feb 14 20:04:26 2018
(38)   [auth_log] = ok
(38)   [chap] = noop
(38)   [mschap] = noop
(38)   [digest] = noop
(38)   [wimax] = noop
(38)  suffix : Checking for suffix after "@"
(38)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(38)  suffix : No such realm "siemens.com"
(38)   [suffix] = noop
(38)  eap : Peer sent code Response (2) ID 139 length 208
(38)  eap : Continuing tunnel setup
(38)   [eap] = ok
(38)  } #  authorize = ok
(38) Found Auth-Type = EAP
(38) # Executing group from file /etc/raddb/sites-enabled/default
(38)   authenticate {
(38)  eap : Expiring EAP session with state 0x57397c5555b26955
(38)  eap : Finished EAP session with state 0x57397c5555b26955
(38)  eap : Previous EAP request found for state 0x57397c5555b26955, released from the list
(38)  eap : Peer sent method TTLS (21)
(38)  eap : EAP TTLS (21)
(38)  eap : Calling eap_ttls to process EAP data
(38)  eap_ttls : Authenticate
(38)  eap_ttls : processing EAP-TLS
  TLS Length 198
(38)  eap_ttls : Length Included
(38)  eap_ttls : eaptls_verify returned 11 
(38)  eap_ttls : <<< Unknown TLS version [length 0005] 
(38)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(38)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(38)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(38)  eap_ttls : <<< Unknown TLS version [length 0005] 
(38)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(38)  eap_ttls : <<< Unknown TLS version [length 0005] 
(38)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(38)  eap_ttls : TLS_accept: SSLv3 read finished A
(38)  eap_ttls : >>> Unknown TLS version [length 0005] 
(38)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(38)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(38)  eap_ttls : >>> Unknown TLS version [length 0005] 
(38)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(38)  eap_ttls : TLS_accept: SSLv3 write finished A
(38)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 8df00de32d2944cfd2a6799cc384abbed919a584f2a1b084e0d669db9a28d7c9 to cache
(38)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(38)  eap_ttls : eaptls_process returned 13 
(38)  eap : New EAP session, adding 'State' attribute to reply 0x57397c5554b56955
(38)   [eap] = handled
(38)  } #  authenticate = handled
(38) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=110, length=0
(38) 	EAP-Message = 0x018c004515800000003b1403010001011603010030e7dd613421c0ff342720c087479424b386fa5967e8bd7b29469fef1f5702ca32ab75391a58c5ca58f2ef8cf200c180a9
(38) 	Message-Authenticator = 0x00000000000000000000000000000000
(38) 	State = 0x57397c5554b569558c20ec0fcefb52a1
Sending Access-Challenge Id 110 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x018c004515800000003b1403010001011603010030e7dd613421c0ff342720c087479424b386fa5967e8bd7b29469fef1f5702ca32ab75391a58c5ca58f2ef8cf200c180a9
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x57397c5554b569558c20ec0fcefb52a1
(38) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 88 from 192.168.99.122:49321 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0xce924620c499090428cc26bc1c98ac75
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02ae00d01580000000c6160301008610000082008068805bce3144971ae4dc2e780e0113c84427ad129e499e748a1a5e75864dc90b03c71e763e79727ef6775c126c63ea149b0c4667bfde402a551773d0b58f16f7b804b15185beb4e7f5eb86d0823f2fec71cfed3f2912e6180e5a5a8428b3ce044562d5b68b6be84c284259849270afa36f3bc378701ca04f23956bccd2700482140301000101160301003076c564ff84e6d9a40e9adfe66aa5243adf2f0fb232c8f4b30edcddec4876bfce08704d28069ba06831bf3d3c0e23543c
	State = 0xc7aaf511c504e0c998804d29ec3e0e6e
(39) Received Access-Request packet from host 192.168.99.122 port 49321, id=88, length=288
(39) 	Message-Authenticator = 0xce924620c499090428cc26bc1c98ac75
(39) 	NAS-Identifier = 'BS'
(39) 	User-Name = 'CPE7@siemens.com'
(39) 	EAP-Message = 0x02ae00d01580000000c6160301008610000082008068805bce3144971ae4dc2e780e0113c84427ad129e499e748a1a5e75864dc90b03c71e763e79727ef6775c126c63ea149b0c4667bfde402a551773d0b58f16f7b804b15185beb4e7f5eb86d0823f2fec71cfed3f2912e6180e5a5a8428b3ce044562d5b68b6be84c284259849270afa36f3bc378701ca04f23956bccd2700482140301000101160301003076c564ff84e6d9a40e9adfe66aa5243adf2f0fb232c8f4b30edcddec4876bfce08704d28069ba06831bf3d3c0e23543c
(39) 	State = 0xc7aaf511c504e0c998804d29ec3e0e6e
(39) # Executing section authorize from file /etc/raddb/sites-enabled/default
(39)   authorize {
(39)   filter_username filter_username {
(39)     if (!&User-Name) 
(39)     if (!&User-Name)  -> FALSE
(39)     if (&User-Name =~ / /) 
(39)     if (&User-Name =~ / /)  -> FALSE
(39)     if (&User-Name =~ /@.*@/ ) 
(39)     if (&User-Name =~ /@.*@/ )  -> FALSE
(39)     if (&User-Name =~ /\\.\\./ ) 
(39)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(39)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(39)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(39)     if (&User-Name =~ /\\.$/)  
(39)     if (&User-Name =~ /\\.$/)   -> FALSE
(39)     if (&User-Name =~ /@\\./)  
(39)     if (&User-Name =~ /@\\./)   -> FALSE
(39)   } # filter_username filter_username = notfound
(39)   [preprocess] = ok
(39)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(39)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(39)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(39)  auth_log : EXPAND %t
(39)  auth_log :    --> Wed Feb 14 20:04:27 2018
(39)   [auth_log] = ok
(39)   [chap] = noop
(39)   [mschap] = noop
(39)   [digest] = noop
(39)   [wimax] = noop
(39)  suffix : Checking for suffix after "@"
(39)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(39)  suffix : No such realm "siemens.com"
(39)   [suffix] = noop
(39)  eap : Peer sent code Response (2) ID 174 length 208
(39)  eap : Continuing tunnel setup
(39)   [eap] = ok
(39)  } #  authorize = ok
(39) Found Auth-Type = EAP
(39) # Executing group from file /etc/raddb/sites-enabled/default
(39)   authenticate {
(39)  eap : Expiring EAP session with state 0xc7aaf511c504e0c9
(39)  eap : Finished EAP session with state 0xc7aaf511c504e0c9
(39)  eap : Previous EAP request found for state 0xc7aaf511c504e0c9, released from the list
(39)  eap : Peer sent method TTLS (21)
(39)  eap : EAP TTLS (21)
(39)  eap : Calling eap_ttls to process EAP data
(39)  eap_ttls : Authenticate
(39)  eap_ttls : processing EAP-TLS
  TLS Length 198
(39)  eap_ttls : Length Included
(39)  eap_ttls : eaptls_verify returned 11 
(39)  eap_ttls : <<< Unknown TLS version [length 0005] 
(39)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(39)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(39)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(39)  eap_ttls : <<< Unknown TLS version [length 0005] 
(39)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(39)  eap_ttls : <<< Unknown TLS version [length 0005] 
(39)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(39)  eap_ttls : TLS_accept: SSLv3 read finished A
(39)  eap_ttls : >>> Unknown TLS version [length 0005] 
(39)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(39)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(39)  eap_ttls : >>> Unknown TLS version [length 0005] 
(39)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(39)  eap_ttls : TLS_accept: SSLv3 write finished A
(39)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session e1f30ce9485fac5ccda327ba33dbcad7d520623653180115981553495f63b59e to cache
(39)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(39)  eap_ttls : eaptls_process returned 13 
(39)  eap : New EAP session, adding 'State' attribute to reply 0xc7aaf511c405e0c9
(39)   [eap] = handled
(39)  } #  authenticate = handled
(39) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=88, length=0
(39) 	EAP-Message = 0x01af004515800000003b14030100010116030100307b6103698b8822de0fe160336f83bfe5a3dd3f7455398a32e269d82d320cbb11509b98945060eb471d9bb6db7a197204
(39) 	Message-Authenticator = 0x00000000000000000000000000000000
(39) 	State = 0xc7aaf511c405e0c998804d29ec3e0e6e
Sending Access-Challenge Id 88 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01af004515800000003b14030100010116030100307b6103698b8822de0fe160336f83bfe5a3dd3f7455398a32e269d82d320cbb11509b98945060eb471d9bb6db7a197204
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xc7aaf511c405e0c998804d29ec3e0e6e
(39) Finished request
(25) Cleaning up request packet ID 138 with timestamp +66
(26) Cleaning up request packet ID 139 with timestamp +66
(27) Cleaning up request packet ID 140 with timestamp +66
Waking up in 1.8 seconds.
Received Access-Request Id 89 from 192.168.99.122:49321 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x0dfb02edd8968b10520c35f2cc4650dc
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02ac00150143504536407369656d656e732e636f6d
(40) Received Access-Request packet from host 192.168.99.122 port 49321, id=89, length=83
(40) 	Message-Authenticator = 0x0dfb02edd8968b10520c35f2cc4650dc
(40) 	NAS-Identifier = 'BS'
(40) 	User-Name = 'CPE6@siemens.com'
(40) 	EAP-Message = 0x02ac00150143504536407369656d656e732e636f6d
(40) # Executing section authorize from file /etc/raddb/sites-enabled/default
(40)   authorize {
(40)   filter_username filter_username {
(40)     if (!&User-Name) 
(40)     if (!&User-Name)  -> FALSE
(40)     if (&User-Name =~ / /) 
(40)     if (&User-Name =~ / /)  -> FALSE
(40)     if (&User-Name =~ /@.*@/ ) 
(40)     if (&User-Name =~ /@.*@/ )  -> FALSE
(40)     if (&User-Name =~ /\\.\\./ ) 
(40)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(40)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(40)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(40)     if (&User-Name =~ /\\.$/)  
(40)     if (&User-Name =~ /\\.$/)   -> FALSE
(40)     if (&User-Name =~ /@\\./)  
(40)     if (&User-Name =~ /@\\./)   -> FALSE
(40)   } # filter_username filter_username = notfound
(40)   [preprocess] = ok
(40)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(40)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(40)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(40)  auth_log : EXPAND %t
(40)  auth_log :    --> Wed Feb 14 20:04:27 2018
(40)   [auth_log] = ok
(40)   [chap] = noop
(40)   [mschap] = noop
(40)   [digest] = noop
(40)   [wimax] = noop
(40)  suffix : Checking for suffix after "@"
(40)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(40)  suffix : No such realm "siemens.com"
(40)   [suffix] = noop
(40)  eap : Peer sent code Response (2) ID 172 length 21
(40)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(40)   [eap] = ok
(40)  } #  authorize = ok
(40) Found Auth-Type = EAP
(40) # Executing group from file /etc/raddb/sites-enabled/default
(40)   authenticate {
(40)  eap : Peer sent method Identity (1)
(40)  eap : Calling eap_ttls to process EAP data
(40)  eap_ttls : Initiate
(40)  eap_ttls : Start returned 1
(40)  eap : New EAP session, adding 'State' attribute to reply 0xd5572cbcd5fa397b
(40)   [eap] = handled
(40)  } #  authenticate = handled
(40) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=89, length=0
(40) 	EAP-Message = 0x01ad00061520
(40) 	Message-Authenticator = 0x00000000000000000000000000000000
(40) 	State = 0xd5572cbcd5fa397b8d56acbc14f2201e
Sending Access-Challenge Id 89 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01ad00061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xd5572cbcd5fa397b8d56acbc14f2201e
(40) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 90 from 192.168.99.122:49321 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x0f16a65ea400eb330825e90515f614ee
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02ad006a158000000060160301005b01000057030154acd521cbc8edc85ef84ebb672de0f191379f3d88a8e42a86b6809daea3caf600003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0xd5572cbcd5fa397b8d56acbc14f2201e
(41) Received Access-Request packet from host 192.168.99.122 port 49321, id=90, length=186
(41) 	Message-Authenticator = 0x0f16a65ea400eb330825e90515f614ee
(41) 	NAS-Identifier = 'BS'
(41) 	User-Name = 'CPE6@siemens.com'
(41) 	EAP-Message = 0x02ad006a158000000060160301005b01000057030154acd521cbc8edc85ef84ebb672de0f191379f3d88a8e42a86b6809daea3caf600003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(41) 	State = 0xd5572cbcd5fa397b8d56acbc14f2201e
(41) # Executing section authorize from file /etc/raddb/sites-enabled/default
(41)   authorize {
(41)   filter_username filter_username {
(41)     if (!&User-Name) 
(41)     if (!&User-Name)  -> FALSE
(41)     if (&User-Name =~ / /) 
(41)     if (&User-Name =~ / /)  -> FALSE
(41)     if (&User-Name =~ /@.*@/ ) 
(41)     if (&User-Name =~ /@.*@/ )  -> FALSE
(41)     if (&User-Name =~ /\\.\\./ ) 
(41)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(41)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(41)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(41)     if (&User-Name =~ /\\.$/)  
(41)     if (&User-Name =~ /\\.$/)   -> FALSE
(41)     if (&User-Name =~ /@\\./)  
(41)     if (&User-Name =~ /@\\./)   -> FALSE
(41)   } # filter_username filter_username = notfound
(41)   [preprocess] = ok
(41)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(41)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(41)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(41)  auth_log : EXPAND %t
(41)  auth_log :    --> Wed Feb 14 20:04:27 2018
(41)   [auth_log] = ok
(41)   [chap] = noop
(41)   [mschap] = noop
(41)   [digest] = noop
(41)   [wimax] = noop
(41)  suffix : Checking for suffix after "@"
(41)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(41)  suffix : No such realm "siemens.com"
(41)   [suffix] = noop
(41)  eap : Peer sent code Response (2) ID 173 length 106
(41)  eap : Continuing tunnel setup
(41)   [eap] = ok
(41)  } #  authorize = ok
(41) Found Auth-Type = EAP
(41) # Executing group from file /etc/raddb/sites-enabled/default
(41)   authenticate {
(41)  eap : Expiring EAP session with state 0x34b58d2c37779811
(41)  eap : Finished EAP session with state 0xd5572cbcd5fa397b
(41)  eap : Previous EAP request found for state 0xd5572cbcd5fa397b, released from the list
(41)  eap : Peer sent method TTLS (21)
(41)  eap : EAP TTLS (21)
(41)  eap : Calling eap_ttls to process EAP data
(41)  eap_ttls : Authenticate
(41)  eap_ttls : processing EAP-TLS
  TLS Length 96
(41)  eap_ttls : Length Included
(41)  eap_ttls : eaptls_verify returned 11 
(41)  eap_ttls : (other): before/accept initialization
(41)  eap_ttls : TLS_accept: before/accept initialization
(41)  eap_ttls : <<< Unknown TLS version [length 0005] 
(41)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(41)  eap_ttls : TLS_accept: SSLv3 read client hello A
(41)  eap_ttls : >>> Unknown TLS version [length 0005] 
(41)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(41)  eap_ttls : TLS_accept: SSLv3 write server hello A
(41)  eap_ttls : >>> Unknown TLS version [length 0005] 
(41)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(41)  eap_ttls : TLS_accept: SSLv3 write certificate A
(41)  eap_ttls : >>> Unknown TLS version [length 0005] 
(41)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(41)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(41)  eap_ttls : >>> Unknown TLS version [length 0005] 
(41)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(41)  eap_ttls : TLS_accept: SSLv3 write server done A
(41)  eap_ttls : TLS_accept: SSLv3 flush data
(41)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(41)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(41)  eap_ttls : eaptls_process returned 13 
(41)  eap : New EAP session, adding 'State' attribute to reply 0xd5572cbcd4f9397b
(41)   [eap] = handled
(41)  } #  authenticate = handled
(41) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=90, length=0
(41) 	EAP-Message = 0x01ae03ec15c000000702160301004a02000046030158f4c410f0577e89d9ab1c39ecc4193853554a36b3938ecf34337b33759b28b22086e1775e8c3e0b181ab3e1e3de7c30231602a1f37d5964302554755dee14aff100390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(41) 	Message-Authenticator = 0x00000000000000000000000000000000
(41) 	State = 0xd5572cbcd4f9397b8d56acbc14f2201e
Sending Access-Challenge Id 90 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01ae03ec15c000000702160301004a02000046030158f4c410f0577e89d9ab1c39ecc4193853554a36b3938ecf34337b33759b28b22086e1775e8c3e0b181ab3e1e3de7c30231602a1f37d5964302554755dee14aff100390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xd5572cbcd4f9397b8d56acbc14f2201e
(41) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 91 from 192.168.99.122:49321 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0x129f73bb5a778492b35ee3660bc80d60
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02ae00061500
	State = 0xd5572cbcd4f9397b8d56acbc14f2201e
(42) Received Access-Request packet from host 192.168.99.122 port 49321, id=91, length=86
(42) 	Message-Authenticator = 0x129f73bb5a778492b35ee3660bc80d60
(42) 	NAS-Identifier = 'BS'
(42) 	User-Name = 'CPE6@siemens.com'
(42) 	EAP-Message = 0x02ae00061500
(42) 	State = 0xd5572cbcd4f9397b8d56acbc14f2201e
(42) # Executing section authorize from file /etc/raddb/sites-enabled/default
(42)   authorize {
(42)   filter_username filter_username {
(42)     if (!&User-Name) 
(42)     if (!&User-Name)  -> FALSE
(42)     if (&User-Name =~ / /) 
(42)     if (&User-Name =~ / /)  -> FALSE
(42)     if (&User-Name =~ /@.*@/ ) 
(42)     if (&User-Name =~ /@.*@/ )  -> FALSE
(42)     if (&User-Name =~ /\\.\\./ ) 
(42)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(42)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(42)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(42)     if (&User-Name =~ /\\.$/)  
(42)     if (&User-Name =~ /\\.$/)   -> FALSE
(42)     if (&User-Name =~ /@\\./)  
(42)     if (&User-Name =~ /@\\./)   -> FALSE
(42)   } # filter_username filter_username = notfound
(42)   [preprocess] = ok
(42)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(42)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(42)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(42)  auth_log : EXPAND %t
(42)  auth_log :    --> Wed Feb 14 20:04:27 2018
(42)   [auth_log] = ok
(42)   [chap] = noop
(42)   [mschap] = noop
(42)   [digest] = noop
(42)   [wimax] = noop
(42)  suffix : Checking for suffix after "@"
(42)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(42)  suffix : No such realm "siemens.com"
(42)   [suffix] = noop
(42)  eap : Peer sent code Response (2) ID 174 length 6
(42)  eap : Continuing tunnel setup
(42)   [eap] = ok
(42)  } #  authorize = ok
(42) Found Auth-Type = EAP
(42) # Executing group from file /etc/raddb/sites-enabled/default
(42)   authenticate {
(42)  eap : Expiring EAP session with state 0x34b58d2c37779811
(42)  eap : Finished EAP session with state 0xd5572cbcd4f9397b
(42)  eap : Previous EAP request found for state 0xd5572cbcd4f9397b, released from the list
(42)  eap : Peer sent method TTLS (21)
(42)  eap : EAP TTLS (21)
(42)  eap : Calling eap_ttls to process EAP data
(42)  eap_ttls : Authenticate
(42)  eap_ttls : processing EAP-TLS
(42)  eap_ttls : Received TLS ACK
(42)  eap_ttls : Received TLS ACK
(42)  eap_ttls : ACK handshake fragment handler
(42)  eap_ttls : eaptls_verify returned 1 
(42)  eap_ttls : eaptls_process returned 13 
(42)  eap : New EAP session, adding 'State' attribute to reply 0xd5572cbcd7f8397b
(42)   [eap] = handled
(42)  } #  authenticate = handled
(42) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=91, length=0
(42) 	EAP-Message = 0x01af032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(42) 	Message-Authenticator = 0x00000000000000000000000000000000
(42) 	State = 0xd5572cbcd7f8397b8d56acbc14f2201e
Sending Access-Challenge Id 91 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01af032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xd5572cbcd7f8397b8d56acbc14f2201e
(42) Finished request
Waking up in 0.2 seconds.
Waking up in 0.8 seconds.
(28) Cleaning up request packet ID 1 with timestamp +68
(29) Cleaning up request packet ID 107 with timestamp +68
(30) Cleaning up request packet ID 1 with timestamp +68
(31) Cleaning up request packet ID 108 with timestamp +68
(32) Cleaning up request packet ID 109 with timestamp +68
Waking up in 0.1 seconds.
(33) Cleaning up request packet ID 1 with timestamp +68
(34) Cleaning up request packet ID 85 with timestamp +68
(35) Cleaning up request packet ID 86 with timestamp +68
(36) Cleaning up request packet ID 87 with timestamp +68
(37) Cleaning up request packet ID 141 with timestamp +68
Waking up in 2.1 seconds.
Received Access-Request Id 1 from 192.168.99.121:49210 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(43) Received Access-Request packet from host 192.168.99.121 port 49210, id=1, length=49
(43) 	NAS-Identifier = 'BS'
(43) 	User-Name = 'dummy'
(43) 	User-Password = '*PASSWORD*'
(43) # Executing section authorize from file /etc/raddb/sites-enabled/default
(43)   authorize {
(43)   filter_username filter_username {
(43)     if (!&User-Name) 
(43)     if (!&User-Name)  -> FALSE
(43)     if (&User-Name =~ / /) 
(43)     if (&User-Name =~ / /)  -> FALSE
(43)     if (&User-Name =~ /@.*@/ ) 
(43)     if (&User-Name =~ /@.*@/ )  -> FALSE
(43)     if (&User-Name =~ /\\.\\./ ) 
(43)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(43)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(43)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(43)     if (&User-Name =~ /\\.$/)  
(43)     if (&User-Name =~ /\\.$/)   -> FALSE
(43)     if (&User-Name =~ /@\\./)  
(43)     if (&User-Name =~ /@\\./)   -> FALSE
(43)   } # filter_username filter_username = notfound
(43)   [preprocess] = ok
(43)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(43)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(43)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(43)  auth_log : EXPAND %t
(43)  auth_log :    --> Wed Feb 14 20:04:30 2018
(43)   [auth_log] = ok
(43)   [chap] = noop
(43)   [mschap] = noop
(43)   [digest] = noop
(43)   [wimax] = noop
(43)  suffix : Checking for suffix after "@"
(43)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(43)  suffix : No such realm "NULL"
(43)   [suffix] = noop
(43)  eap : No EAP-Message, not doing EAP
(43)   [eap] = noop
(43)  files : users: Matched entry dummy at line 159
(43)   [files] = ok
(43)   [expiration] = noop
(43)   [logintime] = noop
(43)   [pap] = updated
(43)  } #  authorize = updated
(43) Found Auth-Type = PAP
(43) # Executing group from file /etc/raddb/sites-enabled/default
(43)  Auth-Type PAP {
(43)  pap : Login attempt with password
(43)  pap : User authenticated successfully
(43)   [pap] = ok
(43)  } # Auth-Type PAP = ok
(43) Login OK: [dummy] (from client BS1 port 0)
(43) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(43)   post-auth {
(43)   [exec] = noop
(43)   update reply {
(43) 	Session-Timeout := 1800
(43)   } # update reply = noop
(43)   remove_reply_message_if_eap remove_reply_message_if_eap {
(43)     if (&reply:EAP-Message && &reply:Reply-Message) 
(43)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(43)    else else {
(43)     [noop] = noop
(43)    } # else else = noop
(43)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(43)  } #  post-auth = noop
(43) Sending Access-Accept packet to host 192.168.99.121 port 49210, id=1, length=0
(43) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.121:49210
	Session-Timeout := 1800
(43) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 111 from 192.168.99.123:49286 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0xf0888e17200be2a0df3723cbea2ab3e3
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x028900150143504538407369656d656e732e636f6d
(44) Received Access-Request packet from host 192.168.99.123 port 49286, id=111, length=83
(44) 	Message-Authenticator = 0xf0888e17200be2a0df3723cbea2ab3e3
(44) 	NAS-Identifier = 'BS'
(44) 	User-Name = 'CPE8@siemens.com'
(44) 	EAP-Message = 0x028900150143504538407369656d656e732e636f6d
(44) # Executing section authorize from file /etc/raddb/sites-enabled/default
(44)   authorize {
(44)   filter_username filter_username {
(44)     if (!&User-Name) 
(44)     if (!&User-Name)  -> FALSE
(44)     if (&User-Name =~ / /) 
(44)     if (&User-Name =~ / /)  -> FALSE
(44)     if (&User-Name =~ /@.*@/ ) 
(44)     if (&User-Name =~ /@.*@/ )  -> FALSE
(44)     if (&User-Name =~ /\\.\\./ ) 
(44)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(44)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(44)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(44)     if (&User-Name =~ /\\.$/)  
(44)     if (&User-Name =~ /\\.$/)   -> FALSE
(44)     if (&User-Name =~ /@\\./)  
(44)     if (&User-Name =~ /@\\./)   -> FALSE
(44)   } # filter_username filter_username = notfound
(44)   [preprocess] = ok
(44)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(44)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(44)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(44)  auth_log : EXPAND %t
(44)  auth_log :    --> Wed Feb 14 20:04:30 2018
(44)   [auth_log] = ok
(44)   [chap] = noop
(44)   [mschap] = noop
(44)   [digest] = noop
(44)   [wimax] = noop
(44)  suffix : Checking for suffix after "@"
(44)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(44)  suffix : No such realm "siemens.com"
(44)   [suffix] = noop
(44)  eap : Peer sent code Response (2) ID 137 length 21
(44)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(44)   [eap] = ok
(44)  } #  authorize = ok
(44) Found Auth-Type = EAP
(44) # Executing group from file /etc/raddb/sites-enabled/default
(44)   authenticate {
(44)  eap : Peer sent method Identity (1)
(44)  eap : Calling eap_ttls to process EAP data
(44)  eap_ttls : Initiate
(44)  eap_ttls : Start returned 1
(44)  eap : New EAP session, adding 'State' attribute to reply 0xe3f91a3ae3730f20
(44)   [eap] = handled
(44)  } #  authenticate = handled
(44) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=111, length=0
(44) 	EAP-Message = 0x018a00061520
(44) 	Message-Authenticator = 0x00000000000000000000000000000000
(44) 	State = 0xe3f91a3ae3730f20ea0660dc75e2b134
Sending Access-Challenge Id 111 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x018a00061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xe3f91a3ae3730f20ea0660dc75e2b134
(44) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 92 from 192.168.99.122:49321 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0x83cb7b83514c5d13fd2bbd0a53a685d5
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02af00d01580000000c61603010086100000820080216f1325e2b15d04a026f4ef76dfc36747d7d81882c33cf8c89ad7c9e9a39e2ae0a9e0751f69441f42ef29786148cd2f8633db45a716d2f11683e72df4b7ec71d37404544e279293d58d7ac66e915fc119c9f7112363e6a850ed90a178e22ee4ba9cedd40fecf9ffc42173b1c0bf8bf0c3303da958429040cb3bab10306b1ca314030100010116030100303e05c54dd3f3ed621e46e787b7e50835795af75becba595c5c026753d3b1669680cf4827a863cd6115bd47f3420ef0df
	State = 0xd5572cbcd7f8397b8d56acbc14f2201e
(45) Received Access-Request packet from host 192.168.99.122 port 49321, id=92, length=288
(45) 	Message-Authenticator = 0x83cb7b83514c5d13fd2bbd0a53a685d5
(45) 	NAS-Identifier = 'BS'
(45) 	User-Name = 'CPE6@siemens.com'
(45) 	EAP-Message = 0x02af00d01580000000c61603010086100000820080216f1325e2b15d04a026f4ef76dfc36747d7d81882c33cf8c89ad7c9e9a39e2ae0a9e0751f69441f42ef29786148cd2f8633db45a716d2f11683e72df4b7ec71d37404544e279293d58d7ac66e915fc119c9f7112363e6a850ed90a178e22ee4ba9cedd40fecf9ffc42173b1c0bf8bf0c3303da958429040cb3bab10306b1ca314030100010116030100303e05c54dd3f3ed621e46e787b7e50835795af75becba595c5c026753d3b1669680cf4827a863cd6115bd47f3420ef0df
(45) 	State = 0xd5572cbcd7f8397b8d56acbc14f2201e
(45) # Executing section authorize from file /etc/raddb/sites-enabled/default
(45)   authorize {
(45)   filter_username filter_username {
(45)     if (!&User-Name) 
(45)     if (!&User-Name)  -> FALSE
(45)     if (&User-Name =~ / /) 
(45)     if (&User-Name =~ / /)  -> FALSE
(45)     if (&User-Name =~ /@.*@/ ) 
(45)     if (&User-Name =~ /@.*@/ )  -> FALSE
(45)     if (&User-Name =~ /\\.\\./ ) 
(45)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(45)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(45)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(45)     if (&User-Name =~ /\\.$/)  
(45)     if (&User-Name =~ /\\.$/)   -> FALSE
(45)     if (&User-Name =~ /@\\./)  
(45)     if (&User-Name =~ /@\\./)   -> FALSE
(45)   } # filter_username filter_username = notfound
(45)   [preprocess] = ok
(45)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(45)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(45)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(45)  auth_log : EXPAND %t
(45)  auth_log :    --> Wed Feb 14 20:04:30 2018
(45)   [auth_log] = ok
(45)   [chap] = noop
(45)   [mschap] = noop
(45)   [digest] = noop
(45)   [wimax] = noop
(45)  suffix : Checking for suffix after "@"
(45)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(45)  suffix : No such realm "siemens.com"
(45)   [suffix] = noop
(45)  eap : Peer sent code Response (2) ID 175 length 208
(45)  eap : Continuing tunnel setup
(45)   [eap] = ok
(45)  } #  authorize = ok
(45) Found Auth-Type = EAP
(45) # Executing group from file /etc/raddb/sites-enabled/default
(45)   authenticate {
(45)  eap : Expiring EAP session with state 0x34b58d2c37779811
(45)  eap : Finished EAP session with state 0xd5572cbcd7f8397b
(45)  eap : Previous EAP request found for state 0xd5572cbcd7f8397b, released from the list
(45)  eap : Peer sent method TTLS (21)
(45)  eap : EAP TTLS (21)
(45)  eap : Calling eap_ttls to process EAP data
(45)  eap_ttls : Authenticate
(45)  eap_ttls : processing EAP-TLS
  TLS Length 198
(45)  eap_ttls : Length Included
(45)  eap_ttls : eaptls_verify returned 11 
(45)  eap_ttls : <<< Unknown TLS version [length 0005] 
(45)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(45)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(45)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(45)  eap_ttls : <<< Unknown TLS version [length 0005] 
(45)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(45)  eap_ttls : <<< Unknown TLS version [length 0005] 
(45)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(45)  eap_ttls : TLS_accept: SSLv3 read finished A
(45)  eap_ttls : >>> Unknown TLS version [length 0005] 
(45)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(45)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(45)  eap_ttls : >>> Unknown TLS version [length 0005] 
(45)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(45)  eap_ttls : TLS_accept: SSLv3 write finished A
(45)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 86e1775e8c3e0b181ab3e1e3de7c30231602a1f37d5964302554755dee14aff1 to cache
(45)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(45)  eap_ttls : eaptls_process returned 13 
(45)  eap : New EAP session, adding 'State' attribute to reply 0xd5572cbcd6e7397b
(45)   [eap] = handled
(45)  } #  authenticate = handled
(45) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=92, length=0
(45) 	EAP-Message = 0x01b0004515800000003b1403010001011603010030d94857c6b30387b0047daf2d44f1a95f05df7d0bc9fa46e8e5dcdffea0058ed68c47396020668ba0b7f995f176c1d0a2
(45) 	Message-Authenticator = 0x00000000000000000000000000000000
(45) 	State = 0xd5572cbcd6e7397b8d56acbc14f2201e
Sending Access-Challenge Id 92 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b0004515800000003b1403010001011603010030d94857c6b30387b0047daf2d44f1a95f05df7d0bc9fa46e8e5dcdffea0058ed68c47396020668ba0b7f995f176c1d0a2
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xd5572cbcd6e7397b8d56acbc14f2201e
(45) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 112 from 192.168.99.123:49286 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x1bb8ef99b44bf9cbf185bb100fd9ec0f
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x028a006a158000000060160301005b01000057030154a650b8ce9720c8b7e5d80f46171f62b1b4987d1d69a998228781a6719e66d400003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0xe3f91a3ae3730f20ea0660dc75e2b134
(46) Received Access-Request packet from host 192.168.99.123 port 49286, id=112, length=186
(46) 	Message-Authenticator = 0x1bb8ef99b44bf9cbf185bb100fd9ec0f
(46) 	NAS-Identifier = 'BS'
(46) 	User-Name = 'CPE8@siemens.com'
(46) 	EAP-Message = 0x028a006a158000000060160301005b01000057030154a650b8ce9720c8b7e5d80f46171f62b1b4987d1d69a998228781a6719e66d400003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(46) 	State = 0xe3f91a3ae3730f20ea0660dc75e2b134
(46) # Executing section authorize from file /etc/raddb/sites-enabled/default
(46)   authorize {
(46)   filter_username filter_username {
(46)     if (!&User-Name) 
(46)     if (!&User-Name)  -> FALSE
(46)     if (&User-Name =~ / /) 
(46)     if (&User-Name =~ / /)  -> FALSE
(46)     if (&User-Name =~ /@.*@/ ) 
(46)     if (&User-Name =~ /@.*@/ )  -> FALSE
(46)     if (&User-Name =~ /\\.\\./ ) 
(46)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(46)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(46)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(46)     if (&User-Name =~ /\\.$/)  
(46)     if (&User-Name =~ /\\.$/)   -> FALSE
(46)     if (&User-Name =~ /@\\./)  
(46)     if (&User-Name =~ /@\\./)   -> FALSE
(46)   } # filter_username filter_username = notfound
(46)   [preprocess] = ok
(46)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(46)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(46)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(46)  auth_log : EXPAND %t
(46)  auth_log :    --> Wed Feb 14 20:04:30 2018
(46)   [auth_log] = ok
(46)   [chap] = noop
(46)   [mschap] = noop
(46)   [digest] = noop
(46)   [wimax] = noop
(46)  suffix : Checking for suffix after "@"
(46)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(46)  suffix : No such realm "siemens.com"
(46)   [suffix] = noop
(46)  eap : Peer sent code Response (2) ID 138 length 106
(46)  eap : Continuing tunnel setup
(46)   [eap] = ok
(46)  } #  authorize = ok
(46) Found Auth-Type = EAP
(46) # Executing group from file /etc/raddb/sites-enabled/default
(46)   authenticate {
(46)  eap : Expiring EAP session with state 0x34b58d2c37779811
(46)  eap : Finished EAP session with state 0xe3f91a3ae3730f20
(46)  eap : Previous EAP request found for state 0xe3f91a3ae3730f20, released from the list
(46)  eap : Peer sent method TTLS (21)
(46)  eap : EAP TTLS (21)
(46)  eap : Calling eap_ttls to process EAP data
(46)  eap_ttls : Authenticate
(46)  eap_ttls : processing EAP-TLS
  TLS Length 96
(46)  eap_ttls : Length Included
(46)  eap_ttls : eaptls_verify returned 11 
(46)  eap_ttls : (other): before/accept initialization
(46)  eap_ttls : TLS_accept: before/accept initialization
(46)  eap_ttls : <<< Unknown TLS version [length 0005] 
(46)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(46)  eap_ttls : TLS_accept: SSLv3 read client hello A
(46)  eap_ttls : >>> Unknown TLS version [length 0005] 
(46)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(46)  eap_ttls : TLS_accept: SSLv3 write server hello A
(46)  eap_ttls : >>> Unknown TLS version [length 0005] 
(46)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(46)  eap_ttls : TLS_accept: SSLv3 write certificate A
(46)  eap_ttls : >>> Unknown TLS version [length 0005] 
(46)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(46)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(46)  eap_ttls : >>> Unknown TLS version [length 0005] 
(46)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(46)  eap_ttls : TLS_accept: SSLv3 write server done A
(46)  eap_ttls : TLS_accept: SSLv3 flush data
(46)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(46)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(46)  eap_ttls : eaptls_process returned 13 
(46)  eap : New EAP session, adding 'State' attribute to reply 0xe3f91a3ae2720f20
(46)   [eap] = handled
(46)  } #  authenticate = handled
(46) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=112, length=0
(46) 	EAP-Message = 0x018b03ec15c000000702160301004a020000460301e8f447666e1a61c87ba8833a0b889cdcbb37509feb0551b169254ac5f7a59f2a20516ffd5f1b146ef84f7fa2364966a23b982c5b3158eb2a0a42d95d5acdcbc2b100390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(46) 	Message-Authenticator = 0x00000000000000000000000000000000
(46) 	State = 0xe3f91a3ae2720f20ea0660dc75e2b134
Sending Access-Challenge Id 112 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x018b03ec15c000000702160301004a020000460301e8f447666e1a61c87ba8833a0b889cdcbb37509feb0551b169254ac5f7a59f2a20516ffd5f1b146ef84f7fa2364966a23b982c5b3158eb2a0a42d95d5acdcbc2b100390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xe3f91a3ae2720f20ea0660dc75e2b134
(46) Finished request
Received Access-Request Id 113 from 192.168.99.123:49286 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0x9c5134e9b87bf2e33d1a080cf046473a
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x028b00061500
	State = 0xe3f91a3ae2720f20ea0660dc75e2b134
(47) Received Access-Request packet from host 192.168.99.123 port 49286, id=113, length=86
(47) 	Message-Authenticator = 0x9c5134e9b87bf2e33d1a080cf046473a
(47) 	NAS-Identifier = 'BS'
(47) 	User-Name = 'CPE8@siemens.com'
(47) 	EAP-Message = 0x028b00061500
(47) 	State = 0xe3f91a3ae2720f20ea0660dc75e2b134
(47) # Executing section authorize from file /etc/raddb/sites-enabled/default
(47)   authorize {
(47)   filter_username filter_username {
(47)     if (!&User-Name) 
(47)     if (!&User-Name)  -> FALSE
(47)     if (&User-Name =~ / /) 
(47)     if (&User-Name =~ / /)  -> FALSE
(47)     if (&User-Name =~ /@.*@/ ) 
(47)     if (&User-Name =~ /@.*@/ )  -> FALSE
(47)     if (&User-Name =~ /\\.\\./ ) 
(47)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(47)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(47)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(47)     if (&User-Name =~ /\\.$/)  
(47)     if (&User-Name =~ /\\.$/)   -> FALSE
(47)     if (&User-Name =~ /@\\./)  
(47)     if (&User-Name =~ /@\\./)   -> FALSE
(47)   } # filter_username filter_username = notfound
(47)   [preprocess] = ok
(47)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(47)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(47)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(47)  auth_log : EXPAND %t
(47)  auth_log :    --> Wed Feb 14 20:04:30 2018
(47)   [auth_log] = ok
(47)   [chap] = noop
(47)   [mschap] = noop
(47)   [digest] = noop
(47)   [wimax] = noop
(47)  suffix : Checking for suffix after "@"
(47)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(47)  suffix : No such realm "siemens.com"
(47)   [suffix] = noop
(47)  eap : Peer sent code Response (2) ID 139 length 6
(47)  eap : Continuing tunnel setup
(47)   [eap] = ok
(47)  } #  authorize = ok
(47) Found Auth-Type = EAP
(47) # Executing group from file /etc/raddb/sites-enabled/default
(47)   authenticate {
(47)  eap : Expiring EAP session with state 0x34b58d2c37779811
(47)  eap : Finished EAP session with state 0xe3f91a3ae2720f20
(47)  eap : Previous EAP request found for state 0xe3f91a3ae2720f20, released from the list
(47)  eap : Peer sent method TTLS (21)
(47)  eap : EAP TTLS (21)
(47)  eap : Calling eap_ttls to process EAP data
(47)  eap_ttls : Authenticate
(47)  eap_ttls : processing EAP-TLS
(47)  eap_ttls : Received TLS ACK
(47)  eap_ttls : Received TLS ACK
(47)  eap_ttls : ACK handshake fragment handler
(47)  eap_ttls : eaptls_verify returned 1 
(47)  eap_ttls : eaptls_process returned 13 
(47)  eap : New EAP session, adding 'State' attribute to reply 0xe3f91a3ae1750f20
(47)   [eap] = handled
(47)  } #  authenticate = handled
(47) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=113, length=0
(47) 	EAP-Message = 0x018c032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(47) 	Message-Authenticator = 0x00000000000000000000000000000000
(47) 	State = 0xe3f91a3ae1750f20ea0660dc75e2b134
Sending Access-Challenge Id 113 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x018c032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xe3f91a3ae1750f20ea0660dc75e2b134
(47) Finished request
Waking up in 0.2 seconds.
Waking up in 0.8 seconds.
(38) Cleaning up request packet ID 110 with timestamp +70
Waking up in 0.2 seconds.
(39) Cleaning up request packet ID 88 with timestamp +71
Waking up in 0.8 seconds.
(40) Cleaning up request packet ID 89 with timestamp +71
(41) Cleaning up request packet ID 90 with timestamp +71
(42) Cleaning up request packet ID 91 with timestamp +71
Waking up in 2.3 seconds.
Received Access-Request Id 114 from 192.168.99.123:49286 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0x6ba50c1c74967f129aed63db61b0ef93
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x028c00d01580000000c61603010086100000820080911ed2c0f7527272e15aaa242c298e4e097ade62d3550be3a66cf4837bf29bd5c8c8426d8fcb9674f9abecf554c5785914b4e890ccb9b27204f1eff4a0379a7839b9d6c109dc272e505a6dd4847e3ac4e491cceed311e1ccb101da5a628d5c326d3d33b2733a9f120c85bd1877bb73925a5a47228c3024e06d20f8ebe2ae113f1403010001011603010030af9aa5f4b3c54e00c205e051a829aac4a8e69fe88576bd3e8ec0d56931b683306b1b15ee79311064ab83b26143e2b765
	State = 0xe3f91a3ae1750f20ea0660dc75e2b134
(48) Received Access-Request packet from host 192.168.99.123 port 49286, id=114, length=288
(48) 	Message-Authenticator = 0x6ba50c1c74967f129aed63db61b0ef93
(48) 	NAS-Identifier = 'BS'
(48) 	User-Name = 'CPE8@siemens.com'
(48) 	EAP-Message = 0x028c00d01580000000c61603010086100000820080911ed2c0f7527272e15aaa242c298e4e097ade62d3550be3a66cf4837bf29bd5c8c8426d8fcb9674f9abecf554c5785914b4e890ccb9b27204f1eff4a0379a7839b9d6c109dc272e505a6dd4847e3ac4e491cceed311e1ccb101da5a628d5c326d3d33b2733a9f120c85bd1877bb73925a5a47228c3024e06d20f8ebe2ae113f1403010001011603010030af9aa5f4b3c54e00c205e051a829aac4a8e69fe88576bd3e8ec0d56931b683306b1b15ee79311064ab83b26143e2b765
(48) 	State = 0xe3f91a3ae1750f20ea0660dc75e2b134
(48) # Executing section authorize from file /etc/raddb/sites-enabled/default
(48)   authorize {
(48)   filter_username filter_username {
(48)     if (!&User-Name) 
(48)     if (!&User-Name)  -> FALSE
(48)     if (&User-Name =~ / /) 
(48)     if (&User-Name =~ / /)  -> FALSE
(48)     if (&User-Name =~ /@.*@/ ) 
(48)     if (&User-Name =~ /@.*@/ )  -> FALSE
(48)     if (&User-Name =~ /\\.\\./ ) 
(48)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(48)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(48)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(48)     if (&User-Name =~ /\\.$/)  
(48)     if (&User-Name =~ /\\.$/)   -> FALSE
(48)     if (&User-Name =~ /@\\./)  
(48)     if (&User-Name =~ /@\\./)   -> FALSE
(48)   } # filter_username filter_username = notfound
(48)   [preprocess] = ok
(48)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(48)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(48)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(48)  auth_log : EXPAND %t
(48)  auth_log :    --> Wed Feb 14 20:04:33 2018
(48)   [auth_log] = ok
(48)   [chap] = noop
(48)   [mschap] = noop
(48)   [digest] = noop
(48)   [wimax] = noop
(48)  suffix : Checking for suffix after "@"
(48)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(48)  suffix : No such realm "siemens.com"
(48)   [suffix] = noop
(48)  eap : Peer sent code Response (2) ID 140 length 208
(48)  eap : Continuing tunnel setup
(48)   [eap] = ok
(48)  } #  authorize = ok
(48) Found Auth-Type = EAP
(48) # Executing group from file /etc/raddb/sites-enabled/default
(48)   authenticate {
(48)  eap : Expiring EAP session with state 0x34b58d2c37779811
(48)  eap : Finished EAP session with state 0xe3f91a3ae1750f20
(48)  eap : Previous EAP request found for state 0xe3f91a3ae1750f20, released from the list
(48)  eap : Peer sent method TTLS (21)
(48)  eap : EAP TTLS (21)
(48)  eap : Calling eap_ttls to process EAP data
(48)  eap_ttls : Authenticate
(48)  eap_ttls : processing EAP-TLS
  TLS Length 198
(48)  eap_ttls : Length Included
(48)  eap_ttls : eaptls_verify returned 11 
(48)  eap_ttls : <<< Unknown TLS version [length 0005] 
(48)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(48)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(48)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(48)  eap_ttls : <<< Unknown TLS version [length 0005] 
(48)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(48)  eap_ttls : <<< Unknown TLS version [length 0005] 
(48)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(48)  eap_ttls : TLS_accept: SSLv3 read finished A
(48)  eap_ttls : >>> Unknown TLS version [length 0005] 
(48)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(48)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(48)  eap_ttls : >>> Unknown TLS version [length 0005] 
(48)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(48)  eap_ttls : TLS_accept: SSLv3 write finished A
(48)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 516ffd5f1b146ef84f7fa2364966a23b982c5b3158eb2a0a42d95d5acdcbc2b1 to cache
(48)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(48)  eap_ttls : eaptls_process returned 13 
(48)  eap : New EAP session, adding 'State' attribute to reply 0xe3f91a3ae0740f20
(48)   [eap] = handled
(48)  } #  authenticate = handled
(48) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=114, length=0
(48) 	EAP-Message = 0x018d004515800000003b1403010001011603010030781038ae77f2dff5a1d66326795b0010134b5300431fcbe7b83615ef851da6e6771f4b734d45f521ae3e4d14b3ed2b28
(48) 	Message-Authenticator = 0x00000000000000000000000000000000
(48) 	State = 0xe3f91a3ae0740f20ea0660dc75e2b134
Sending Access-Challenge Id 114 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x018d004515800000003b1403010001011603010030781038ae77f2dff5a1d66326795b0010134b5300431fcbe7b83615ef851da6e6771f4b734d45f521ae3e4d14b3ed2b28
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xe3f91a3ae0740f20ea0660dc75e2b134
(48) Finished request
Waking up in 0.3 seconds.
Waking up in 1.9 seconds.
Received Access-Request Id 115 from 192.168.99.123:49286 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x020496f66e5578e71f3a92d58f139be9
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x028a00150143504539407369656d656e732e636f6d
(49) Received Access-Request packet from host 192.168.99.123 port 49286, id=115, length=83
(49) 	Message-Authenticator = 0x020496f66e5578e71f3a92d58f139be9
(49) 	NAS-Identifier = 'BS'
(49) 	User-Name = 'CPE9@siemens.com'
(49) 	EAP-Message = 0x028a00150143504539407369656d656e732e636f6d
(49) # Executing section authorize from file /etc/raddb/sites-enabled/default
(49)   authorize {
(49)   filter_username filter_username {
(49)     if (!&User-Name) 
(49)     if (!&User-Name)  -> FALSE
(49)     if (&User-Name =~ / /) 
(49)     if (&User-Name =~ / /)  -> FALSE
(49)     if (&User-Name =~ /@.*@/ ) 
(49)     if (&User-Name =~ /@.*@/ )  -> FALSE
(49)     if (&User-Name =~ /\\.\\./ ) 
(49)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(49)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(49)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(49)     if (&User-Name =~ /\\.$/)  
(49)     if (&User-Name =~ /\\.$/)   -> FALSE
(49)     if (&User-Name =~ /@\\./)  
(49)     if (&User-Name =~ /@\\./)   -> FALSE
(49)   } # filter_username filter_username = notfound
(49)   [preprocess] = ok
(49)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(49)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(49)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(49)  auth_log : EXPAND %t
(49)  auth_log :    --> Wed Feb 14 20:04:33 2018
(49)   [auth_log] = ok
(49)   [chap] = noop
(49)   [mschap] = noop
(49)   [digest] = noop
(49)   [wimax] = noop
(49)  suffix : Checking for suffix after "@"
(49)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(49)  suffix : No such realm "siemens.com"
(49)   [suffix] = noop
(49)  eap : Peer sent code Response (2) ID 138 length 21
(49)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(49)   [eap] = ok
(49)  } #  authorize = ok
(49) Found Auth-Type = EAP
(49) # Executing group from file /etc/raddb/sites-enabled/default
(49)   authenticate {
(49)  eap : Peer sent method Identity (1)
(49)  eap : Calling eap_ttls to process EAP data
(49)  eap_ttls : Initiate
(49)  eap_ttls : Start returned 1
(49)  eap : New EAP session, adding 'State' attribute to reply 0x901f404e909455bb
(49)   [eap] = handled
(49)  } #  authenticate = handled
(49) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=115, length=0
(49) 	EAP-Message = 0x018b00061520
(49) 	Message-Authenticator = 0x00000000000000000000000000000000
(49) 	State = 0x901f404e909455bb4ddd7518fd2c48ff
Sending Access-Challenge Id 115 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x018b00061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x901f404e909455bb4ddd7518fd2c48ff
(49) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 116 from 192.168.99.123:49286 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x9674427a440d9bc13f7713139d11c6cd
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x028b006a158000000060160301005b01000057030154ab17af90bd056e444fad1e8cc19cc5c0f791e3757b3b82826a5b0fc5cc3db000003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x901f404e909455bb4ddd7518fd2c48ff
(50) Received Access-Request packet from host 192.168.99.123 port 49286, id=116, length=186
(50) 	Message-Authenticator = 0x9674427a440d9bc13f7713139d11c6cd
(50) 	NAS-Identifier = 'BS'
(50) 	User-Name = 'CPE9@siemens.com'
(50) 	EAP-Message = 0x028b006a158000000060160301005b01000057030154ab17af90bd056e444fad1e8cc19cc5c0f791e3757b3b82826a5b0fc5cc3db000003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(50) 	State = 0x901f404e909455bb4ddd7518fd2c48ff
(50) # Executing section authorize from file /etc/raddb/sites-enabled/default
(50)   authorize {
(50)   filter_username filter_username {
(50)     if (!&User-Name) 
(50)     if (!&User-Name)  -> FALSE
(50)     if (&User-Name =~ / /) 
(50)     if (&User-Name =~ / /)  -> FALSE
(50)     if (&User-Name =~ /@.*@/ ) 
(50)     if (&User-Name =~ /@.*@/ )  -> FALSE
(50)     if (&User-Name =~ /\\.\\./ ) 
(50)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(50)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(50)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(50)     if (&User-Name =~ /\\.$/)  
(50)     if (&User-Name =~ /\\.$/)   -> FALSE
(50)     if (&User-Name =~ /@\\./)  
(50)     if (&User-Name =~ /@\\./)   -> FALSE
(50)   } # filter_username filter_username = notfound
(50)   [preprocess] = ok
(50)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(50)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(50)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(50)  auth_log : EXPAND %t
(50)  auth_log :    --> Wed Feb 14 20:04:34 2018
(50)   [auth_log] = ok
(50)   [chap] = noop
(50)   [mschap] = noop
(50)   [digest] = noop
(50)   [wimax] = noop
(50)  suffix : Checking for suffix after "@"
(50)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(50)  suffix : No such realm "siemens.com"
(50)   [suffix] = noop
(50)  eap : Peer sent code Response (2) ID 139 length 106
(50)  eap : Continuing tunnel setup
(50)   [eap] = ok
(50)  } #  authorize = ok
(50) Found Auth-Type = EAP
(50) # Executing group from file /etc/raddb/sites-enabled/default
(50)   authenticate {
(50)  eap : Expiring EAP session with state 0x34b58d2c37779811
(50)  eap : Finished EAP session with state 0x901f404e909455bb
(50)  eap : Previous EAP request found for state 0x901f404e909455bb, released from the list
(50)  eap : Peer sent method TTLS (21)
(50)  eap : EAP TTLS (21)
(50)  eap : Calling eap_ttls to process EAP data
(50)  eap_ttls : Authenticate
(50)  eap_ttls : processing EAP-TLS
  TLS Length 96
(50)  eap_ttls : Length Included
(50)  eap_ttls : eaptls_verify returned 11 
(50)  eap_ttls : (other): before/accept initialization
(50)  eap_ttls : TLS_accept: before/accept initialization
(50)  eap_ttls : <<< Unknown TLS version [length 0005] 
(50)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(50)  eap_ttls : TLS_accept: SSLv3 read client hello A
(50)  eap_ttls : >>> Unknown TLS version [length 0005] 
(50)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(50)  eap_ttls : TLS_accept: SSLv3 write server hello A
(50)  eap_ttls : >>> Unknown TLS version [length 0005] 
(50)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(50)  eap_ttls : TLS_accept: SSLv3 write certificate A
(50)  eap_ttls : >>> Unknown TLS version [length 0005] 
(50)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(50)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(50)  eap_ttls : >>> Unknown TLS version [length 0005] 
(50)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(50)  eap_ttls : TLS_accept: SSLv3 write server done A
(50)  eap_ttls : TLS_accept: SSLv3 flush data
(50)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(50)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(50)  eap_ttls : eaptls_process returned 13 
(50)  eap : New EAP session, adding 'State' attribute to reply 0x901f404e919355bb
(50)   [eap] = handled
(50)  } #  authenticate = handled
(50) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=116, length=0
(50) 	EAP-Message = 0x018c03ec15c000000702160301004a0200004603016059838e6444d96cd9233fcacc1502fb076908bf8206b57a1404514f69f3611e20fea4739a101e1c2ad0e1cb7df6699d50836f147ad0299b95842d41090bdc0c1900390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(50) 	Message-Authenticator = 0x00000000000000000000000000000000
(50) 	State = 0x901f404e919355bb4ddd7518fd2c48ff
Sending Access-Challenge Id 116 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x018c03ec15c000000702160301004a0200004603016059838e6444d96cd9233fcacc1502fb076908bf8206b57a1404514f69f3611e20fea4739a101e1c2ad0e1cb7df6699d50836f147ad0299b95842d41090bdc0c1900390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x901f404e919355bb4ddd7518fd2c48ff
(50) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 117 from 192.168.99.123:49286 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0x6841d98dfd0eedbc115ca859d30a5fe3
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x028c00061500
	State = 0x901f404e919355bb4ddd7518fd2c48ff
(51) Received Access-Request packet from host 192.168.99.123 port 49286, id=117, length=86
(51) 	Message-Authenticator = 0x6841d98dfd0eedbc115ca859d30a5fe3
(51) 	NAS-Identifier = 'BS'
(51) 	User-Name = 'CPE9@siemens.com'
(51) 	EAP-Message = 0x028c00061500
(51) 	State = 0x901f404e919355bb4ddd7518fd2c48ff
(51) # Executing section authorize from file /etc/raddb/sites-enabled/default
(51)   authorize {
(51)   filter_username filter_username {
(51)     if (!&User-Name) 
(51)     if (!&User-Name)  -> FALSE
(51)     if (&User-Name =~ / /) 
(51)     if (&User-Name =~ / /)  -> FALSE
(51)     if (&User-Name =~ /@.*@/ ) 
(51)     if (&User-Name =~ /@.*@/ )  -> FALSE
(51)     if (&User-Name =~ /\\.\\./ ) 
(51)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(51)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(51)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(51)     if (&User-Name =~ /\\.$/)  
(51)     if (&User-Name =~ /\\.$/)   -> FALSE
(51)     if (&User-Name =~ /@\\./)  
(51)     if (&User-Name =~ /@\\./)   -> FALSE
(51)   } # filter_username filter_username = notfound
(51)   [preprocess] = ok
(51)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(51)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(51)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(51)  auth_log : EXPAND %t
(51)  auth_log :    --> Wed Feb 14 20:04:34 2018
(51)   [auth_log] = ok
(51)   [chap] = noop
(51)   [mschap] = noop
(51)   [digest] = noop
(51)   [wimax] = noop
(51)  suffix : Checking for suffix after "@"
(51)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(51)  suffix : No such realm "siemens.com"
(51)   [suffix] = noop
(51)  eap : Peer sent code Response (2) ID 140 length 6
(51)  eap : Continuing tunnel setup
(51)   [eap] = ok
(51)  } #  authorize = ok
(51) Found Auth-Type = EAP
(51) # Executing group from file /etc/raddb/sites-enabled/default
(51)   authenticate {
(51)  eap : Expiring EAP session with state 0x34b58d2c37779811
(51)  eap : Finished EAP session with state 0x901f404e919355bb
(51)  eap : Previous EAP request found for state 0x901f404e919355bb, released from the list
(51)  eap : Peer sent method TTLS (21)
(51)  eap : EAP TTLS (21)
(51)  eap : Calling eap_ttls to process EAP data
(51)  eap_ttls : Authenticate
(51)  eap_ttls : processing EAP-TLS
(51)  eap_ttls : Received TLS ACK
(51)  eap_ttls : Received TLS ACK
(51)  eap_ttls : ACK handshake fragment handler
(51)  eap_ttls : eaptls_verify returned 1 
(51)  eap_ttls : eaptls_process returned 13 
(51)  eap : New EAP session, adding 'State' attribute to reply 0x901f404e929255bb
(51)   [eap] = handled
(51)  } #  authenticate = handled
(51) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=117, length=0
(51) 	EAP-Message = 0x018d032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(51) 	Message-Authenticator = 0x00000000000000000000000000000000
(51) 	State = 0x901f404e929255bb4ddd7518fd2c48ff
Sending Access-Challenge Id 117 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x018d032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x901f404e929255bb4ddd7518fd2c48ff
(51) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 1 from 192.168.99.123:49286 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(52) Received Access-Request packet from host 192.168.99.123 port 49286, id=1, length=49
(52) 	NAS-Identifier = 'BS'
(52) 	User-Name = 'dummy'
(52) 	User-Password = '*PASSWORD*'
(52) # Executing section authorize from file /etc/raddb/sites-enabled/default
(52)   authorize {
(52)   filter_username filter_username {
(52)     if (!&User-Name) 
(52)     if (!&User-Name)  -> FALSE
(52)     if (&User-Name =~ / /) 
(52)     if (&User-Name =~ / /)  -> FALSE
(52)     if (&User-Name =~ /@.*@/ ) 
(52)     if (&User-Name =~ /@.*@/ )  -> FALSE
(52)     if (&User-Name =~ /\\.\\./ ) 
(52)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(52)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(52)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(52)     if (&User-Name =~ /\\.$/)  
(52)     if (&User-Name =~ /\\.$/)   -> FALSE
(52)     if (&User-Name =~ /@\\./)  
(52)     if (&User-Name =~ /@\\./)   -> FALSE
(52)   } # filter_username filter_username = notfound
(52)   [preprocess] = ok
(52)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(52)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(52)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(52)  auth_log : EXPAND %t
(52)  auth_log :    --> Wed Feb 14 20:04:34 2018
(52)   [auth_log] = ok
(52)   [chap] = noop
(52)   [mschap] = noop
(52)   [digest] = noop
(52)   [wimax] = noop
(52)  suffix : Checking for suffix after "@"
(52)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(52)  suffix : No such realm "NULL"
(52)   [suffix] = noop
(52)  eap : No EAP-Message, not doing EAP
(52)   [eap] = noop
(52)  files : users: Matched entry dummy at line 159
(52)   [files] = ok
(52)   [expiration] = noop
(52)   [logintime] = noop
(52)   [pap] = updated
(52)  } #  authorize = updated
(52) Found Auth-Type = PAP
(52) # Executing group from file /etc/raddb/sites-enabled/default
(52)  Auth-Type PAP {
(52)  pap : Login attempt with password
(52)  pap : User authenticated successfully
(52)   [pap] = ok
(52)  } # Auth-Type PAP = ok
(52) Login OK: [dummy] (from client BS3 port 0)
(52) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(52)   post-auth {
(52)   [exec] = noop
(52)   update reply {
(52) 	Session-Timeout := 1800
(52)   } # update reply = noop
(52)   remove_reply_message_if_eap remove_reply_message_if_eap {
(52)     if (&reply:EAP-Message && &reply:Reply-Message) 
(52)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(52)    else else {
(52)     [noop] = noop
(52)    } # else else = noop
(52)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(52)  } #  post-auth = noop
(52) Sending Access-Accept packet to host 192.168.99.123 port 49286, id=1, length=0
(52) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.123:49286
	Session-Timeout := 1800
(52) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 142 from 192.168.99.121:49210 to 192.168.99.101:1812 length 85
	Message-Authenticator = 0x7bd5c20d2330c0a12345ecb171349bc7
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02bf0016014350453131407369656d656e732e636f6d
(53) Received Access-Request packet from host 192.168.99.121 port 49210, id=142, length=85
(53) 	Message-Authenticator = 0x7bd5c20d2330c0a12345ecb171349bc7
(53) 	NAS-Identifier = 'BS'
(53) 	User-Name = 'CPE11@siemens.com'
(53) 	EAP-Message = 0x02bf0016014350453131407369656d656e732e636f6d
(53) # Executing section authorize from file /etc/raddb/sites-enabled/default
(53)   authorize {
(53)   filter_username filter_username {
(53)     if (!&User-Name) 
(53)     if (!&User-Name)  -> FALSE
(53)     if (&User-Name =~ / /) 
(53)     if (&User-Name =~ / /)  -> FALSE
(53)     if (&User-Name =~ /@.*@/ ) 
(53)     if (&User-Name =~ /@.*@/ )  -> FALSE
(53)     if (&User-Name =~ /\\.\\./ ) 
(53)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(53)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(53)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(53)     if (&User-Name =~ /\\.$/)  
(53)     if (&User-Name =~ /\\.$/)   -> FALSE
(53)     if (&User-Name =~ /@\\./)  
(53)     if (&User-Name =~ /@\\./)   -> FALSE
(53)   } # filter_username filter_username = notfound
(53)   [preprocess] = ok
(53)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(53)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(53)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(53)  auth_log : EXPAND %t
(53)  auth_log :    --> Wed Feb 14 20:04:34 2018
(53)   [auth_log] = ok
(53)   [chap] = noop
(53)   [mschap] = noop
(53)   [digest] = noop
(53)   [wimax] = noop
(53)  suffix : Checking for suffix after "@"
(53)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(53)  suffix : No such realm "siemens.com"
(53)   [suffix] = noop
(53)  eap : Peer sent code Response (2) ID 191 length 22
(53)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(53)   [eap] = ok
(53)  } #  authorize = ok
(53) Found Auth-Type = EAP
(53) # Executing group from file /etc/raddb/sites-enabled/default
(53)   authenticate {
(53)  eap : Peer sent method Identity (1)
(53)  eap : Calling eap_ttls to process EAP data
(53)  eap_ttls : Initiate
(53)  eap_ttls : Start returned 1
(53)  eap : New EAP session, adding 'State' attribute to reply 0xd42b7cb7d4eb6981
(53)   [eap] = handled
(53)  } #  authenticate = handled
(53) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=142, length=0
(53) 	EAP-Message = 0x01c000061520
(53) 	Message-Authenticator = 0x00000000000000000000000000000000
(53) 	State = 0xd42b7cb7d4eb69815ff337d5ae82f977
Sending Access-Challenge Id 142 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c000061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xd42b7cb7d4eb69815ff337d5ae82f977
(53) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 1 from 192.168.99.124:49285 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(54) Received Access-Request packet from host 192.168.99.124 port 49285, id=1, length=49
(54) 	NAS-Identifier = 'BS'
(54) 	User-Name = 'dummy'
(54) 	User-Password = '*PASSWORD*'
(54) # Executing section authorize from file /etc/raddb/sites-enabled/default
(54)   authorize {
(54)   filter_username filter_username {
(54)     if (!&User-Name) 
(54)     if (!&User-Name)  -> FALSE
(54)     if (&User-Name =~ / /) 
(54)     if (&User-Name =~ / /)  -> FALSE
(54)     if (&User-Name =~ /@.*@/ ) 
(54)     if (&User-Name =~ /@.*@/ )  -> FALSE
(54)     if (&User-Name =~ /\\.\\./ ) 
(54)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(54)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(54)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(54)     if (&User-Name =~ /\\.$/)  
(54)     if (&User-Name =~ /\\.$/)   -> FALSE
(54)     if (&User-Name =~ /@\\./)  
(54)     if (&User-Name =~ /@\\./)   -> FALSE
(54)   } # filter_username filter_username = notfound
(54)   [preprocess] = ok
(54)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(54)  auth_log :    --> /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(54)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(54)  auth_log : EXPAND %t
(54)  auth_log :    --> Wed Feb 14 20:04:34 2018
(54)   [auth_log] = ok
(54)   [chap] = noop
(54)   [mschap] = noop
(54)   [digest] = noop
(54)   [wimax] = noop
(54)  suffix : Checking for suffix after "@"
(54)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(54)  suffix : No such realm "NULL"
(54)   [suffix] = noop
(54)  eap : No EAP-Message, not doing EAP
(54)   [eap] = noop
(54)  files : users: Matched entry dummy at line 159
(54)   [files] = ok
(54)   [expiration] = noop
(54)   [logintime] = noop
(54)   [pap] = updated
(54)  } #  authorize = updated
(54) Found Auth-Type = PAP
(54) # Executing group from file /etc/raddb/sites-enabled/default
(54)  Auth-Type PAP {
(54)  pap : Login attempt with password
(54)  pap : User authenticated successfully
(54)   [pap] = ok
(54)  } # Auth-Type PAP = ok
(54) Login OK: [dummy] (from client BS4 port 0)
(54) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(54)   post-auth {
(54)   [exec] = noop
(54)   update reply {
(54) 	Session-Timeout := 1800
(54)   } # update reply = noop
(54)   remove_reply_message_if_eap remove_reply_message_if_eap {
(54)     if (&reply:EAP-Message && &reply:Reply-Message) 
(54)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(54)    else else {
(54)     [noop] = noop
(54)    } # else else = noop
(54)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(54)  } #  post-auth = noop
(54) Sending Access-Accept packet to host 192.168.99.124 port 49285, id=1, length=0
(54) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.124:49285
	Session-Timeout := 1800
(54) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 143 from 192.168.99.121:49210 to 192.168.99.101:1812 length 187
	Message-Authenticator = 0x1c6acae36a6c93389c2d3804812f02b0
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c0006a158000000060160301005b01000057030154a4b48174b514c155e16d746e0c252134ae5b371bfa54ef4d6d3bdc12b956b500003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0xd42b7cb7d4eb69815ff337d5ae82f977
(55) Received Access-Request packet from host 192.168.99.121 port 49210, id=143, length=187
(55) 	Message-Authenticator = 0x1c6acae36a6c93389c2d3804812f02b0
(55) 	NAS-Identifier = 'BS'
(55) 	User-Name = 'CPE11@siemens.com'
(55) 	EAP-Message = 0x02c0006a158000000060160301005b01000057030154a4b48174b514c155e16d746e0c252134ae5b371bfa54ef4d6d3bdc12b956b500003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(55) 	State = 0xd42b7cb7d4eb69815ff337d5ae82f977
(55) # Executing section authorize from file /etc/raddb/sites-enabled/default
(55)   authorize {
(55)   filter_username filter_username {
(55)     if (!&User-Name) 
(55)     if (!&User-Name)  -> FALSE
(55)     if (&User-Name =~ / /) 
(55)     if (&User-Name =~ / /)  -> FALSE
(55)     if (&User-Name =~ /@.*@/ ) 
(55)     if (&User-Name =~ /@.*@/ )  -> FALSE
(55)     if (&User-Name =~ /\\.\\./ ) 
(55)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(55)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(55)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(55)     if (&User-Name =~ /\\.$/)  
(55)     if (&User-Name =~ /\\.$/)   -> FALSE
(55)     if (&User-Name =~ /@\\./)  
(55)     if (&User-Name =~ /@\\./)   -> FALSE
(55)   } # filter_username filter_username = notfound
(55)   [preprocess] = ok
(55)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(55)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(55)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(55)  auth_log : EXPAND %t
(55)  auth_log :    --> Wed Feb 14 20:04:34 2018
(55)   [auth_log] = ok
(55)   [chap] = noop
(55)   [mschap] = noop
(55)   [digest] = noop
(55)   [wimax] = noop
(55)  suffix : Checking for suffix after "@"
(55)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(55)  suffix : No such realm "siemens.com"
(55)   [suffix] = noop
(55)  eap : Peer sent code Response (2) ID 192 length 106
(55)  eap : Continuing tunnel setup
(55)   [eap] = ok
(55)  } #  authorize = ok
(55) Found Auth-Type = EAP
(55) # Executing group from file /etc/raddb/sites-enabled/default
(55)   authenticate {
(55)  eap : Expiring EAP session with state 0x34b58d2c37779811
(55)  eap : Finished EAP session with state 0xd42b7cb7d4eb6981
(55)  eap : Previous EAP request found for state 0xd42b7cb7d4eb6981, released from the list
(55)  eap : Peer sent method TTLS (21)
(55)  eap : EAP TTLS (21)
(55)  eap : Calling eap_ttls to process EAP data
(55)  eap_ttls : Authenticate
(55)  eap_ttls : processing EAP-TLS
  TLS Length 96
(55)  eap_ttls : Length Included
(55)  eap_ttls : eaptls_verify returned 11 
(55)  eap_ttls : (other): before/accept initialization
(55)  eap_ttls : TLS_accept: before/accept initialization
(55)  eap_ttls : <<< Unknown TLS version [length 0005] 
(55)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(55)  eap_ttls : TLS_accept: SSLv3 read client hello A
(55)  eap_ttls : >>> Unknown TLS version [length 0005] 
(55)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(55)  eap_ttls : TLS_accept: SSLv3 write server hello A
(55)  eap_ttls : >>> Unknown TLS version [length 0005] 
(55)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(55)  eap_ttls : TLS_accept: SSLv3 write certificate A
(55)  eap_ttls : >>> Unknown TLS version [length 0005] 
(55)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(55)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(55)  eap_ttls : >>> Unknown TLS version [length 0005] 
(55)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(55)  eap_ttls : TLS_accept: SSLv3 write server done A
(55)  eap_ttls : TLS_accept: SSLv3 flush data
(55)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(55)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(55)  eap_ttls : eaptls_process returned 13 
(55)  eap : New EAP session, adding 'State' attribute to reply 0xd42b7cb7d5ea6981
(55)   [eap] = handled
(55)  } #  authenticate = handled
(55) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=143, length=0
(55) 	EAP-Message = 0x01c103ec15c000000702160301004a0200004603013667435e12b082311559b74006dc919ad5bef4fff1c51ebac3010a0e5055af6d20cb77cf569f0c5ce0cb50c2bc826aeff43d1c48dafb0ae73a0efac399cafb8a7d00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(55) 	Message-Authenticator = 0x00000000000000000000000000000000
(55) 	State = 0xd42b7cb7d5ea69815ff337d5ae82f977
Sending Access-Challenge Id 143 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c103ec15c000000702160301004a0200004603013667435e12b082311559b74006dc919ad5bef4fff1c51ebac3010a0e5055af6d20cb77cf569f0c5ce0cb50c2bc826aeff43d1c48dafb0ae73a0efac399cafb8a7d00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xd42b7cb7d5ea69815ff337d5ae82f977
(55) Finished request
Received Access-Request Id 144 from 192.168.99.121:49210 to 192.168.99.101:1812 length 87
	Message-Authenticator = 0x0adb6f81aa52802248ae3eb68920343a
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c100061500
	State = 0xd42b7cb7d5ea69815ff337d5ae82f977
(56) Received Access-Request packet from host 192.168.99.121 port 49210, id=144, length=87
(56) 	Message-Authenticator = 0x0adb6f81aa52802248ae3eb68920343a
(56) 	NAS-Identifier = 'BS'
(56) 	User-Name = 'CPE11@siemens.com'
(56) 	EAP-Message = 0x02c100061500
(56) 	State = 0xd42b7cb7d5ea69815ff337d5ae82f977
(56) # Executing section authorize from file /etc/raddb/sites-enabled/default
(56)   authorize {
(56)   filter_username filter_username {
(56)     if (!&User-Name) 
(56)     if (!&User-Name)  -> FALSE
(56)     if (&User-Name =~ / /) 
(56)     if (&User-Name =~ / /)  -> FALSE
(56)     if (&User-Name =~ /@.*@/ ) 
(56)     if (&User-Name =~ /@.*@/ )  -> FALSE
(56)     if (&User-Name =~ /\\.\\./ ) 
(56)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(56)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(56)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(56)     if (&User-Name =~ /\\.$/)  
(56)     if (&User-Name =~ /\\.$/)   -> FALSE
(56)     if (&User-Name =~ /@\\./)  
(56)     if (&User-Name =~ /@\\./)   -> FALSE
(56)   } # filter_username filter_username = notfound
(56)   [preprocess] = ok
(56)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(56)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(56)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(56)  auth_log : EXPAND %t
(56)  auth_log :    --> Wed Feb 14 20:04:34 2018
(56)   [auth_log] = ok
(56)   [chap] = noop
(56)   [mschap] = noop
(56)   [digest] = noop
(56)   [wimax] = noop
(56)  suffix : Checking for suffix after "@"
(56)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(56)  suffix : No such realm "siemens.com"
(56)   [suffix] = noop
(56)  eap : Peer sent code Response (2) ID 193 length 6
(56)  eap : Continuing tunnel setup
(56)   [eap] = ok
(56)  } #  authorize = ok
(56) Found Auth-Type = EAP
(56) # Executing group from file /etc/raddb/sites-enabled/default
(56)   authenticate {
(56)  eap : Expiring EAP session with state 0x34b58d2c37779811
(56)  eap : Finished EAP session with state 0xd42b7cb7d5ea6981
(56)  eap : Previous EAP request found for state 0xd42b7cb7d5ea6981, released from the list
(56)  eap : Peer sent method TTLS (21)
(56)  eap : EAP TTLS (21)
(56)  eap : Calling eap_ttls to process EAP data
(56)  eap_ttls : Authenticate
(56)  eap_ttls : processing EAP-TLS
(56)  eap_ttls : Received TLS ACK
(56)  eap_ttls : Received TLS ACK
(56)  eap_ttls : ACK handshake fragment handler
(56)  eap_ttls : eaptls_verify returned 1 
(56)  eap_ttls : eaptls_process returned 13 
(56)  eap : New EAP session, adding 'State' attribute to reply 0xd42b7cb7d6e96981
(56)   [eap] = handled
(56)  } #  authenticate = handled
(56) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=144, length=0
(56) 	EAP-Message = 0x01c2032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(56) 	Message-Authenticator = 0x00000000000000000000000000000000
(56) 	State = 0xd42b7cb7d6e969815ff337d5ae82f977
Sending Access-Challenge Id 144 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c2032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xd42b7cb7d6e969815ff337d5ae82f977
(56) Finished request
Received Access-Request Id 1 from 192.168.99.122:49321 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(57) Received Access-Request packet from host 192.168.99.122 port 49321, id=1, length=49
(57) 	NAS-Identifier = 'BS'
(57) 	User-Name = 'dummy'
(57) 	User-Password = '*PASSWORD*'
(57) # Executing section authorize from file /etc/raddb/sites-enabled/default
(57)   authorize {
(57)   filter_username filter_username {
(57)     if (!&User-Name) 
(57)     if (!&User-Name)  -> FALSE
(57)     if (&User-Name =~ / /) 
(57)     if (&User-Name =~ / /)  -> FALSE
(57)     if (&User-Name =~ /@.*@/ ) 
(57)     if (&User-Name =~ /@.*@/ )  -> FALSE
(57)     if (&User-Name =~ /\\.\\./ ) 
(57)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(57)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(57)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(57)     if (&User-Name =~ /\\.$/)  
(57)     if (&User-Name =~ /\\.$/)   -> FALSE
(57)     if (&User-Name =~ /@\\./)  
(57)     if (&User-Name =~ /@\\./)   -> FALSE
(57)   } # filter_username filter_username = notfound
(57)   [preprocess] = ok
(57)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(57)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(57)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(57)  auth_log : EXPAND %t
(57)  auth_log :    --> Wed Feb 14 20:04:34 2018
(57)   [auth_log] = ok
(57)   [chap] = noop
(57)   [mschap] = noop
(57)   [digest] = noop
(57)   [wimax] = noop
(57)  suffix : Checking for suffix after "@"
(57)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(57)  suffix : No such realm "NULL"
(57)   [suffix] = noop
(57)  eap : No EAP-Message, not doing EAP
(57)   [eap] = noop
(57)  files : users: Matched entry dummy at line 159
(57)   [files] = ok
(57)   [expiration] = noop
(57)   [logintime] = noop
(57)   [pap] = updated
(57)  } #  authorize = updated
(57) Found Auth-Type = PAP
(57) # Executing group from file /etc/raddb/sites-enabled/default
(57)  Auth-Type PAP {
(57)  pap : Login attempt with password
(57)  pap : User authenticated successfully
(57)   [pap] = ok
(57)  } # Auth-Type PAP = ok
(57) Login OK: [dummy] (from client BS2 port 0)
(57) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(57)   post-auth {
(57)   [exec] = noop
(57)   update reply {
(57) 	Session-Timeout := 1800
(57)   } # update reply = noop
(57)   remove_reply_message_if_eap remove_reply_message_if_eap {
(57)     if (&reply:EAP-Message && &reply:Reply-Message) 
(57)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(57)    else else {
(57)     [noop] = noop
(57)    } # else else = noop
(57)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(57)  } #  post-auth = noop
(57) Sending Access-Accept packet to host 192.168.99.122 port 49321, id=1, length=0
(57) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.122:49321
	Session-Timeout := 1800
(57) Finished request
Waking up in 0.1 seconds.
Waking up in 0.5 seconds.
(43) Cleaning up request packet ID 1 with timestamp +74
Waking up in 0.2 seconds.
(44) Cleaning up request packet ID 111 with timestamp +74
(45) Cleaning up request packet ID 92 with timestamp +74
(46) Cleaning up request packet ID 112 with timestamp +74
Received Access-Request Id 93 from 192.168.99.122:49321 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x2a9363b21269de5c8917010f21622197
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02ad00150143504537407369656d656e732e636f6d
(58) Received Access-Request packet from host 192.168.99.122 port 49321, id=93, length=83
(58) 	Message-Authenticator = 0x2a9363b21269de5c8917010f21622197
(58) 	NAS-Identifier = 'BS'
(58) 	User-Name = 'CPE7@siemens.com'
(58) 	EAP-Message = 0x02ad00150143504537407369656d656e732e636f6d
(58) # Executing section authorize from file /etc/raddb/sites-enabled/default
(58)   authorize {
(58)   filter_username filter_username {
(58)     if (!&User-Name) 
(58)     if (!&User-Name)  -> FALSE
(58)     if (&User-Name =~ / /) 
(58)     if (&User-Name =~ / /)  -> FALSE
(58)     if (&User-Name =~ /@.*@/ ) 
(58)     if (&User-Name =~ /@.*@/ )  -> FALSE
(58)     if (&User-Name =~ /\\.\\./ ) 
(58)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(58)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(58)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(58)     if (&User-Name =~ /\\.$/)  
(58)     if (&User-Name =~ /\\.$/)   -> FALSE
(58)     if (&User-Name =~ /@\\./)  
(58)     if (&User-Name =~ /@\\./)   -> FALSE
(58)   } # filter_username filter_username = notfound
(58)   [preprocess] = ok
(58)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(58)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(58)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(58)  auth_log : EXPAND %t
(58)  auth_log :    --> Wed Feb 14 20:04:35 2018
(58)   [auth_log] = ok
(58)   [chap] = noop
(58)   [mschap] = noop
(58)   [digest] = noop
(58)   [wimax] = noop
(58)  suffix : Checking for suffix after "@"
(58)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(58)  suffix : No such realm "siemens.com"
(58)   [suffix] = noop
(58)  eap : Peer sent code Response (2) ID 173 length 21
(58)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(58)   [eap] = ok
(58)  } #  authorize = ok
(58) Found Auth-Type = EAP
(58) # Executing group from file /etc/raddb/sites-enabled/default
(58)   authenticate {
(58)  eap : Peer sent method Identity (1)
(58)  eap : Calling eap_ttls to process EAP data
(58)  eap_ttls : Initiate
(58)  eap_ttls : Start returned 1
(58)  eap : New EAP session, adding 'State' attribute to reply 0xad674794adc952eb
(58)   [eap] = handled
(58)  } #  authenticate = handled
(58) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=93, length=0
(58) 	EAP-Message = 0x01ae00061520
(58) 	Message-Authenticator = 0x00000000000000000000000000000000
(58) 	State = 0xad674794adc952eb7ece690ba90261a8
Sending Access-Challenge Id 93 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01ae00061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xad674794adc952eb7ece690ba90261a8
(58) Finished request
(47) Cleaning up request packet ID 113 with timestamp +74
Waking up in 0.3 seconds.
Received Access-Request Id 94 from 192.168.99.122:49321 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0xfeb6142ef374caaa48b0faaf534938ea
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02ae006a158000000060160301005b01000057030154ac6fa64cd68e5e7b235cb107c6aaea57e9de67cafa2c1730d28d6e6584b1c800003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0xad674794adc952eb7ece690ba90261a8
(59) Received Access-Request packet from host 192.168.99.122 port 49321, id=94, length=186
(59) 	Message-Authenticator = 0xfeb6142ef374caaa48b0faaf534938ea
(59) 	NAS-Identifier = 'BS'
(59) 	User-Name = 'CPE7@siemens.com'
(59) 	EAP-Message = 0x02ae006a158000000060160301005b01000057030154ac6fa64cd68e5e7b235cb107c6aaea57e9de67cafa2c1730d28d6e6584b1c800003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(59) 	State = 0xad674794adc952eb7ece690ba90261a8
(59) # Executing section authorize from file /etc/raddb/sites-enabled/default
(59)   authorize {
(59)   filter_username filter_username {
(59)     if (!&User-Name) 
(59)     if (!&User-Name)  -> FALSE
(59)     if (&User-Name =~ / /) 
(59)     if (&User-Name =~ / /)  -> FALSE
(59)     if (&User-Name =~ /@.*@/ ) 
(59)     if (&User-Name =~ /@.*@/ )  -> FALSE
(59)     if (&User-Name =~ /\\.\\./ ) 
(59)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(59)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(59)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(59)     if (&User-Name =~ /\\.$/)  
(59)     if (&User-Name =~ /\\.$/)   -> FALSE
(59)     if (&User-Name =~ /@\\./)  
(59)     if (&User-Name =~ /@\\./)   -> FALSE
(59)   } # filter_username filter_username = notfound
(59)   [preprocess] = ok
(59)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(59)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(59)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(59)  auth_log : EXPAND %t
(59)  auth_log :    --> Wed Feb 14 20:04:35 2018
(59)   [auth_log] = ok
(59)   [chap] = noop
(59)   [mschap] = noop
(59)   [digest] = noop
(59)   [wimax] = noop
(59)  suffix : Checking for suffix after "@"
(59)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(59)  suffix : No such realm "siemens.com"
(59)   [suffix] = noop
(59)  eap : Peer sent code Response (2) ID 174 length 106
(59)  eap : Continuing tunnel setup
(59)   [eap] = ok
(59)  } #  authorize = ok
(59) Found Auth-Type = EAP
(59) # Executing group from file /etc/raddb/sites-enabled/default
(59)   authenticate {
(59)  eap : Expiring EAP session with state 0x34b58d2c37779811
(59)  eap : Finished EAP session with state 0xad674794adc952eb
(59)  eap : Previous EAP request found for state 0xad674794adc952eb, released from the list
(59)  eap : Peer sent method TTLS (21)
(59)  eap : EAP TTLS (21)
(59)  eap : Calling eap_ttls to process EAP data
(59)  eap_ttls : Authenticate
(59)  eap_ttls : processing EAP-TLS
  TLS Length 96
(59)  eap_ttls : Length Included
(59)  eap_ttls : eaptls_verify returned 11 
(59)  eap_ttls : (other): before/accept initialization
(59)  eap_ttls : TLS_accept: before/accept initialization
(59)  eap_ttls : <<< Unknown TLS version [length 0005] 
(59)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(59)  eap_ttls : TLS_accept: SSLv3 read client hello A
(59)  eap_ttls : >>> Unknown TLS version [length 0005] 
(59)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(59)  eap_ttls : TLS_accept: SSLv3 write server hello A
(59)  eap_ttls : >>> Unknown TLS version [length 0005] 
(59)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(59)  eap_ttls : TLS_accept: SSLv3 write certificate A
(59)  eap_ttls : >>> Unknown TLS version [length 0005] 
(59)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(59)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(59)  eap_ttls : >>> Unknown TLS version [length 0005] 
(59)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(59)  eap_ttls : TLS_accept: SSLv3 write server done A
(59)  eap_ttls : TLS_accept: SSLv3 flush data
(59)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(59)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(59)  eap_ttls : eaptls_process returned 13 
(59)  eap : New EAP session, adding 'State' attribute to reply 0xad674794acc852eb
(59)   [eap] = handled
(59)  } #  authenticate = handled
(59) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=94, length=0
(59) 	EAP-Message = 0x01af03ec15c000000702160301004a020000460301640422e848dd0d22220df7d01cf338e5926b2e46e75c94b9d1b6ece8f88a804d20c8e7709d2f9ccde4c4943c91d9ea1c3901cb3b082f8dd3e8aeb7c8a86276a4ab00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(59) 	Message-Authenticator = 0x00000000000000000000000000000000
(59) 	State = 0xad674794acc852eb7ece690ba90261a8
Sending Access-Challenge Id 94 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01af03ec15c000000702160301004a020000460301640422e848dd0d22220df7d01cf338e5926b2e46e75c94b9d1b6ece8f88a804d20c8e7709d2f9ccde4c4943c91d9ea1c3901cb3b082f8dd3e8aeb7c8a86276a4ab00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xad674794acc852eb7ece690ba90261a8
(59) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 95 from 192.168.99.122:49321 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0xd65680ba9345beae26b1d44955c464cc
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02af00061500
	State = 0xad674794acc852eb7ece690ba90261a8
(60) Received Access-Request packet from host 192.168.99.122 port 49321, id=95, length=86
(60) 	Message-Authenticator = 0xd65680ba9345beae26b1d44955c464cc
(60) 	NAS-Identifier = 'BS'
(60) 	User-Name = 'CPE7@siemens.com'
(60) 	EAP-Message = 0x02af00061500
(60) 	State = 0xad674794acc852eb7ece690ba90261a8
(60) # Executing section authorize from file /etc/raddb/sites-enabled/default
(60)   authorize {
(60)   filter_username filter_username {
(60)     if (!&User-Name) 
(60)     if (!&User-Name)  -> FALSE
(60)     if (&User-Name =~ / /) 
(60)     if (&User-Name =~ / /)  -> FALSE
(60)     if (&User-Name =~ /@.*@/ ) 
(60)     if (&User-Name =~ /@.*@/ )  -> FALSE
(60)     if (&User-Name =~ /\\.\\./ ) 
(60)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(60)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(60)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(60)     if (&User-Name =~ /\\.$/)  
(60)     if (&User-Name =~ /\\.$/)   -> FALSE
(60)     if (&User-Name =~ /@\\./)  
(60)     if (&User-Name =~ /@\\./)   -> FALSE
(60)   } # filter_username filter_username = notfound
(60)   [preprocess] = ok
(60)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(60)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(60)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(60)  auth_log : EXPAND %t
(60)  auth_log :    --> Wed Feb 14 20:04:35 2018
(60)   [auth_log] = ok
(60)   [chap] = noop
(60)   [mschap] = noop
(60)   [digest] = noop
(60)   [wimax] = noop
(60)  suffix : Checking for suffix after "@"
(60)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(60)  suffix : No such realm "siemens.com"
(60)   [suffix] = noop
(60)  eap : Peer sent code Response (2) ID 175 length 6
(60)  eap : Continuing tunnel setup
(60)   [eap] = ok
(60)  } #  authorize = ok
(60) Found Auth-Type = EAP
(60) # Executing group from file /etc/raddb/sites-enabled/default
(60)   authenticate {
(60)  eap : Expiring EAP session with state 0x34b58d2c37779811
(60)  eap : Finished EAP session with state 0xad674794acc852eb
(60)  eap : Previous EAP request found for state 0xad674794acc852eb, released from the list
(60)  eap : Peer sent method TTLS (21)
(60)  eap : EAP TTLS (21)
(60)  eap : Calling eap_ttls to process EAP data
(60)  eap_ttls : Authenticate
(60)  eap_ttls : processing EAP-TLS
(60)  eap_ttls : Received TLS ACK
(60)  eap_ttls : Received TLS ACK
(60)  eap_ttls : ACK handshake fragment handler
(60)  eap_ttls : eaptls_verify returned 1 
(60)  eap_ttls : eaptls_process returned 13 
(60)  eap : New EAP session, adding 'State' attribute to reply 0xad674794afd752eb
(60)   [eap] = handled
(60)  } #  authenticate = handled
(60) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=95, length=0
(60) 	EAP-Message = 0x01b0032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(60) 	Message-Authenticator = 0x00000000000000000000000000000000
(60) 	State = 0xad674794afd752eb7ece690ba90261a8
Sending Access-Challenge Id 95 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b0032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xad674794afd752eb7ece690ba90261a8
(60) Finished request
Waking up in 0.2 seconds.
Waking up in 1.9 seconds.
Received Access-Request Id 118 from 192.168.99.123:49286 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0x77e26a7cb468de90d772d387dfc433d5
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x028d00d01580000000c616030100861000008200809d53114b474b12cb810a42e36faf6ae5e4e61cd66398b0363f7c5326876ae672ebf64c853fd5e01860bfdbab16c90a4686a8a2b12140c29d3e1405c0b0fddb6ef38c1fb9a9b2da708b91a2dd927bf974ee3b207417b9d031a0a475049de4c1b9c9d84558c1edb3faf5af5d4b11dbbce65da6621b0adf983dfefa2ebaf2f2e69314030100010116030100304e113472eb609a73d5da010661c1582bed434b0de9d11a33796f661cc4592aba9f887a6842a4752cc2e78fbaa9b859bb
	State = 0x901f404e929255bb4ddd7518fd2c48ff
(61) Received Access-Request packet from host 192.168.99.123 port 49286, id=118, length=288
(61) 	Message-Authenticator = 0x77e26a7cb468de90d772d387dfc433d5
(61) 	NAS-Identifier = 'BS'
(61) 	User-Name = 'CPE9@siemens.com'
(61) 	EAP-Message = 0x028d00d01580000000c616030100861000008200809d53114b474b12cb810a42e36faf6ae5e4e61cd66398b0363f7c5326876ae672ebf64c853fd5e01860bfdbab16c90a4686a8a2b12140c29d3e1405c0b0fddb6ef38c1fb9a9b2da708b91a2dd927bf974ee3b207417b9d031a0a475049de4c1b9c9d84558c1edb3faf5af5d4b11dbbce65da6621b0adf983dfefa2ebaf2f2e69314030100010116030100304e113472eb609a73d5da010661c1582bed434b0de9d11a33796f661cc4592aba9f887a6842a4752cc2e78fbaa9b859bb
(61) 	State = 0x901f404e929255bb4ddd7518fd2c48ff
(61) # Executing section authorize from file /etc/raddb/sites-enabled/default
(61)   authorize {
(61)   filter_username filter_username {
(61)     if (!&User-Name) 
(61)     if (!&User-Name)  -> FALSE
(61)     if (&User-Name =~ / /) 
(61)     if (&User-Name =~ / /)  -> FALSE
(61)     if (&User-Name =~ /@.*@/ ) 
(61)     if (&User-Name =~ /@.*@/ )  -> FALSE
(61)     if (&User-Name =~ /\\.\\./ ) 
(61)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(61)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(61)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(61)     if (&User-Name =~ /\\.$/)  
(61)     if (&User-Name =~ /\\.$/)   -> FALSE
(61)     if (&User-Name =~ /@\\./)  
(61)     if (&User-Name =~ /@\\./)   -> FALSE
(61)   } # filter_username filter_username = notfound
(61)   [preprocess] = ok
(61)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(61)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(61)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(61)  auth_log : EXPAND %t
(61)  auth_log :    --> Wed Feb 14 20:04:36 2018
(61)   [auth_log] = ok
(61)   [chap] = noop
(61)   [mschap] = noop
(61)   [digest] = noop
(61)   [wimax] = noop
(61)  suffix : Checking for suffix after "@"
(61)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(61)  suffix : No such realm "siemens.com"
(61)   [suffix] = noop
(61)  eap : Peer sent code Response (2) ID 141 length 208
(61)  eap : Continuing tunnel setup
(61)   [eap] = ok
(61)  } #  authorize = ok
(61) Found Auth-Type = EAP
(61) # Executing group from file /etc/raddb/sites-enabled/default
(61)   authenticate {
(61)  eap : Expiring EAP session with state 0x34b58d2c37779811
(61)  eap : Finished EAP session with state 0x901f404e929255bb
(61)  eap : Previous EAP request found for state 0x901f404e929255bb, released from the list
(61)  eap : Peer sent method TTLS (21)
(61)  eap : EAP TTLS (21)
(61)  eap : Calling eap_ttls to process EAP data
(61)  eap_ttls : Authenticate
(61)  eap_ttls : processing EAP-TLS
  TLS Length 198
(61)  eap_ttls : Length Included
(61)  eap_ttls : eaptls_verify returned 11 
(61)  eap_ttls : <<< Unknown TLS version [length 0005] 
(61)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(61)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(61)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(61)  eap_ttls : <<< Unknown TLS version [length 0005] 
(61)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(61)  eap_ttls : <<< Unknown TLS version [length 0005] 
(61)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(61)  eap_ttls : TLS_accept: SSLv3 read finished A
(61)  eap_ttls : >>> Unknown TLS version [length 0005] 
(61)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(61)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(61)  eap_ttls : >>> Unknown TLS version [length 0005] 
(61)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(61)  eap_ttls : TLS_accept: SSLv3 write finished A
(61)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session fea4739a101e1c2ad0e1cb7df6699d50836f147ad0299b95842d41090bdc0c19 to cache
(61)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(61)  eap_ttls : eaptls_process returned 13 
(61)  eap : New EAP session, adding 'State' attribute to reply 0x901f404e939155bb
(61)   [eap] = handled
(61)  } #  authenticate = handled
(61) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=118, length=0
(61) 	EAP-Message = 0x018e004515800000003b1403010001011603010030368797ad7faf7bddac0d2bbd53d2e27375118eeea3de06e3079c76f4974aec5360f76f1fdab23068e0f87b4988049e60
(61) 	Message-Authenticator = 0x00000000000000000000000000000000
(61) 	State = 0x901f404e939155bb4ddd7518fd2c48ff
Sending Access-Challenge Id 118 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x018e004515800000003b1403010001011603010030368797ad7faf7bddac0d2bbd53d2e27375118eeea3de06e3079c76f4974aec5360f76f1fdab23068e0f87b4988049e60
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x901f404e939155bb4ddd7518fd2c48ff
(61) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 145 from 192.168.99.121:49210 to 192.168.99.101:1812 length 289
	Message-Authenticator = 0x8af6f63f12e7b758d9663a2556a951ac
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c200d01580000000c616030100861000008200809fc60350473ea1f886e965af656fd2eb1de91bcc0ab46b608ae45843dfed6c75f157ba9319f79457ee9008f1fd65757eeec24b353bb03d924e314ac33a41c6531d8b0c4dc97d86a47b7a7fd56eb55ae369451094fc257a3f132c53be9c9a258ec9fcc71b63383275ee1d30ceb32539e4caa837334ee3f76f422fc1726f0dd0c4140301000101160301003052f5ab9e1a3bd45b422a40e30aee7776a3a690481fd2421aeb9c18eed59c12e5ff38280ec17a9eb077b0bd1dbb0d1b44
	State = 0xd42b7cb7d6e969815ff337d5ae82f977
(62) Received Access-Request packet from host 192.168.99.121 port 49210, id=145, length=289
(62) 	Message-Authenticator = 0x8af6f63f12e7b758d9663a2556a951ac
(62) 	NAS-Identifier = 'BS'
(62) 	User-Name = 'CPE11@siemens.com'
(62) 	EAP-Message = 0x02c200d01580000000c616030100861000008200809fc60350473ea1f886e965af656fd2eb1de91bcc0ab46b608ae45843dfed6c75f157ba9319f79457ee9008f1fd65757eeec24b353bb03d924e314ac33a41c6531d8b0c4dc97d86a47b7a7fd56eb55ae369451094fc257a3f132c53be9c9a258ec9fcc71b63383275ee1d30ceb32539e4caa837334ee3f76f422fc1726f0dd0c4140301000101160301003052f5ab9e1a3bd45b422a40e30aee7776a3a690481fd2421aeb9c18eed59c12e5ff38280ec17a9eb077b0bd1dbb0d1b44
(62) 	State = 0xd42b7cb7d6e969815ff337d5ae82f977
(62) # Executing section authorize from file /etc/raddb/sites-enabled/default
(62)   authorize {
(62)   filter_username filter_username {
(62)     if (!&User-Name) 
(62)     if (!&User-Name)  -> FALSE
(62)     if (&User-Name =~ / /) 
(62)     if (&User-Name =~ / /)  -> FALSE
(62)     if (&User-Name =~ /@.*@/ ) 
(62)     if (&User-Name =~ /@.*@/ )  -> FALSE
(62)     if (&User-Name =~ /\\.\\./ ) 
(62)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(62)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(62)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(62)     if (&User-Name =~ /\\.$/)  
(62)     if (&User-Name =~ /\\.$/)   -> FALSE
(62)     if (&User-Name =~ /@\\./)  
(62)     if (&User-Name =~ /@\\./)   -> FALSE
(62)   } # filter_username filter_username = notfound
(62)   [preprocess] = ok
(62)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(62)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(62)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(62)  auth_log : EXPAND %t
(62)  auth_log :    --> Wed Feb 14 20:04:36 2018
(62)   [auth_log] = ok
(62)   [chap] = noop
(62)   [mschap] = noop
(62)   [digest] = noop
(62)   [wimax] = noop
(62)  suffix : Checking for suffix after "@"
(62)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(62)  suffix : No such realm "siemens.com"
(62)   [suffix] = noop
(62)  eap : Peer sent code Response (2) ID 194 length 208
(62)  eap : Continuing tunnel setup
(62)   [eap] = ok
(62)  } #  authorize = ok
(62) Found Auth-Type = EAP
(62) # Executing group from file /etc/raddb/sites-enabled/default
(62)   authenticate {
(62)  eap : Expiring EAP session with state 0x34b58d2c37779811
(62)  eap : Finished EAP session with state 0xd42b7cb7d6e96981
(62)  eap : Previous EAP request found for state 0xd42b7cb7d6e96981, released from the list
(62)  eap : Peer sent method TTLS (21)
(62)  eap : EAP TTLS (21)
(62)  eap : Calling eap_ttls to process EAP data
(62)  eap_ttls : Authenticate
(62)  eap_ttls : processing EAP-TLS
  TLS Length 198
(62)  eap_ttls : Length Included
(62)  eap_ttls : eaptls_verify returned 11 
(62)  eap_ttls : <<< Unknown TLS version [length 0005] 
(62)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(62)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(62)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(62)  eap_ttls : <<< Unknown TLS version [length 0005] 
(62)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(62)  eap_ttls : <<< Unknown TLS version [length 0005] 
(62)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(62)  eap_ttls : TLS_accept: SSLv3 read finished A
(62)  eap_ttls : >>> Unknown TLS version [length 0005] 
(62)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(62)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(62)  eap_ttls : >>> Unknown TLS version [length 0005] 
(62)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(62)  eap_ttls : TLS_accept: SSLv3 write finished A
(62)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session cb77cf569f0c5ce0cb50c2bc826aeff43d1c48dafb0ae73a0efac399cafb8a7d to cache
(62)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(62)  eap_ttls : eaptls_process returned 13 
(62)  eap : New EAP session, adding 'State' attribute to reply 0xd42b7cb7d7e86981
(62)   [eap] = handled
(62)  } #  authenticate = handled
(62) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=145, length=0
(62) 	EAP-Message = 0x01c3004515800000003b14030100010116030100301534d55cefed7291347d9ebe99d511343f53c67de9f1bde27d2194c0a2ab7bfe2fdf40020e1830ca47fe008db93839f5
(62) 	Message-Authenticator = 0x00000000000000000000000000000000
(62) 	State = 0xd42b7cb7d7e869815ff337d5ae82f977
Sending Access-Challenge Id 145 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c3004515800000003b14030100010116030100301534d55cefed7291347d9ebe99d511343f53c67de9f1bde27d2194c0a2ab7bfe2fdf40020e1830ca47fe008db93839f5
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xd42b7cb7d7e869815ff337d5ae82f977
(62) Finished request
Waking up in 0.2 seconds.
Waking up in 1.0 seconds.
(48) Cleaning up request packet ID 114 with timestamp +77
Waking up in 0.9 seconds.
Received Access-Request Id 96 from 192.168.99.122:49321 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0xd365f8c743295a7fb26a29b8a0b03ff7
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02b000d01580000000c6160301008610000082008051174ae22a8f727f66d312cf438e09a7ca8961f382d4493a44328400e98588240e85c0b1c45de569c74f2130dbe9d1ce8029b280567a6f9b31b3c8e4177fb7d02e292376d257b0e9fa6e06f8c74d37a34c3b66af8aff0a22416b6e7acf509bbdbc44855156334a4aeda75a079c4e862c525c4172a8b7d5733acd2756dfbbd5d1140301000101160301003022d390c61fe8027f32f5c6f609860c51126384668f0895956e60560d9ca7a01898f53672c2e0e3b3894e98205d69b24b
	State = 0xad674794afd752eb7ece690ba90261a8
(63) Received Access-Request packet from host 192.168.99.122 port 49321, id=96, length=288
(63) 	Message-Authenticator = 0xd365f8c743295a7fb26a29b8a0b03ff7
(63) 	NAS-Identifier = 'BS'
(63) 	User-Name = 'CPE7@siemens.com'
(63) 	EAP-Message = 0x02b000d01580000000c6160301008610000082008051174ae22a8f727f66d312cf438e09a7ca8961f382d4493a44328400e98588240e85c0b1c45de569c74f2130dbe9d1ce8029b280567a6f9b31b3c8e4177fb7d02e292376d257b0e9fa6e06f8c74d37a34c3b66af8aff0a22416b6e7acf509bbdbc44855156334a4aeda75a079c4e862c525c4172a8b7d5733acd2756dfbbd5d1140301000101160301003022d390c61fe8027f32f5c6f609860c51126384668f0895956e60560d9ca7a01898f53672c2e0e3b3894e98205d69b24b
(63) 	State = 0xad674794afd752eb7ece690ba90261a8
(63) # Executing section authorize from file /etc/raddb/sites-enabled/default
(63)   authorize {
(63)   filter_username filter_username {
(63)     if (!&User-Name) 
(63)     if (!&User-Name)  -> FALSE
(63)     if (&User-Name =~ / /) 
(63)     if (&User-Name =~ / /)  -> FALSE
(63)     if (&User-Name =~ /@.*@/ ) 
(63)     if (&User-Name =~ /@.*@/ )  -> FALSE
(63)     if (&User-Name =~ /\\.\\./ ) 
(63)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(63)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(63)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(63)     if (&User-Name =~ /\\.$/)  
(63)     if (&User-Name =~ /\\.$/)   -> FALSE
(63)     if (&User-Name =~ /@\\./)  
(63)     if (&User-Name =~ /@\\./)   -> FALSE
(63)   } # filter_username filter_username = notfound
(63)   [preprocess] = ok
(63)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(63)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(63)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(63)  auth_log : EXPAND %t
(63)  auth_log :    --> Wed Feb 14 20:04:38 2018
(63)   [auth_log] = ok
(63)   [chap] = noop
(63)   [mschap] = noop
(63)   [digest] = noop
(63)   [wimax] = noop
(63)  suffix : Checking for suffix after "@"
(63)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(63)  suffix : No such realm "siemens.com"
(63)   [suffix] = noop
(63)  eap : Peer sent code Response (2) ID 176 length 208
(63)  eap : Continuing tunnel setup
(63)   [eap] = ok
(63)  } #  authorize = ok
(63) Found Auth-Type = EAP
(63) # Executing group from file /etc/raddb/sites-enabled/default
(63)   authenticate {
(63)  eap : Expiring EAP session with state 0x34b58d2c37779811
(63)  eap : Finished EAP session with state 0xad674794afd752eb
(63)  eap : Previous EAP request found for state 0xad674794afd752eb, released from the list
(63)  eap : Peer sent method TTLS (21)
(63)  eap : EAP TTLS (21)
(63)  eap : Calling eap_ttls to process EAP data
(63)  eap_ttls : Authenticate
(63)  eap_ttls : processing EAP-TLS
  TLS Length 198
(63)  eap_ttls : Length Included
(63)  eap_ttls : eaptls_verify returned 11 
(63)  eap_ttls : <<< Unknown TLS version [length 0005] 
(63)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(63)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(63)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(63)  eap_ttls : <<< Unknown TLS version [length 0005] 
(63)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(63)  eap_ttls : <<< Unknown TLS version [length 0005] 
(63)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(63)  eap_ttls : TLS_accept: SSLv3 read finished A
(63)  eap_ttls : >>> Unknown TLS version [length 0005] 
(63)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(63)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(63)  eap_ttls : >>> Unknown TLS version [length 0005] 
(63)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(63)  eap_ttls : TLS_accept: SSLv3 write finished A
(63)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session c8e7709d2f9ccde4c4943c91d9ea1c3901cb3b082f8dd3e8aeb7c8a86276a4ab to cache
(63)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(63)  eap_ttls : eaptls_process returned 13 
(63)  eap : New EAP session, adding 'State' attribute to reply 0xad674794aed652eb
(63)   [eap] = handled
(63)  } #  authenticate = handled
(63) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=96, length=0
(63) 	EAP-Message = 0x01b1004515800000003b1403010001011603010030ce745887774cdff73447af310925781431cb7c74d90b0dec105fcf3e91a6ed4ed0b694f51aa282402924dd6126d7f20a
(63) 	Message-Authenticator = 0x00000000000000000000000000000000
(63) 	State = 0xad674794aed652eb7ece690ba90261a8
Sending Access-Challenge Id 96 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b1004515800000003b1403010001011603010030ce745887774cdff73447af310925781431cb7c74d90b0dec105fcf3e91a6ed4ed0b694f51aa282402924dd6126d7f20a
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xad674794aed652eb7ece690ba90261a8
(63) Finished request
Waking up in 0.3 seconds.
Waking up in 0.5 seconds.
(49) Cleaning up request packet ID 115 with timestamp +77
(50) Cleaning up request packet ID 116 with timestamp +78
(51) Cleaning up request packet ID 117 with timestamp +78
(52) Cleaning up request packet ID 1 with timestamp +78
(53) Cleaning up request packet ID 142 with timestamp +78
(54) Cleaning up request packet ID 1 with timestamp +78
(55) Cleaning up request packet ID 143 with timestamp +78
(56) Cleaning up request packet ID 144 with timestamp +78
Waking up in 0.1 seconds.
(57) Cleaning up request packet ID 1 with timestamp +78
Waking up in 1.1 seconds.
Received Access-Request Id 97 from 192.168.99.122:49321 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x5bafda0a593647e0aa2fbaeb894cb3f7
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02ae00150143504536407369656d656e732e636f6d
(64) Received Access-Request packet from host 192.168.99.122 port 49321, id=97, length=83
(64) 	Message-Authenticator = 0x5bafda0a593647e0aa2fbaeb894cb3f7
(64) 	NAS-Identifier = 'BS'
(64) 	User-Name = 'CPE6@siemens.com'
(64) 	EAP-Message = 0x02ae00150143504536407369656d656e732e636f6d
(64) # Executing section authorize from file /etc/raddb/sites-enabled/default
(64)   authorize {
(64)   filter_username filter_username {
(64)     if (!&User-Name) 
(64)     if (!&User-Name)  -> FALSE
(64)     if (&User-Name =~ / /) 
(64)     if (&User-Name =~ / /)  -> FALSE
(64)     if (&User-Name =~ /@.*@/ ) 
(64)     if (&User-Name =~ /@.*@/ )  -> FALSE
(64)     if (&User-Name =~ /\\.\\./ ) 
(64)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(64)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(64)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(64)     if (&User-Name =~ /\\.$/)  
(64)     if (&User-Name =~ /\\.$/)   -> FALSE
(64)     if (&User-Name =~ /@\\./)  
(64)     if (&User-Name =~ /@\\./)   -> FALSE
(64)   } # filter_username filter_username = notfound
(64)   [preprocess] = ok
(64)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(64)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(64)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(64)  auth_log : EXPAND %t
(64)  auth_log :    --> Wed Feb 14 20:04:39 2018
(64)   [auth_log] = ok
(64)   [chap] = noop
(64)   [mschap] = noop
(64)   [digest] = noop
(64)   [wimax] = noop
(64)  suffix : Checking for suffix after "@"
(64)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(64)  suffix : No such realm "siemens.com"
(64)   [suffix] = noop
(64)  eap : Peer sent code Response (2) ID 174 length 21
(64)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(64)   [eap] = ok
(64)  } #  authorize = ok
(64) Found Auth-Type = EAP
(64) # Executing group from file /etc/raddb/sites-enabled/default
(64)   authenticate {
(64)  eap : Peer sent method Identity (1)
(64)  eap : Calling eap_ttls to process EAP data
(64)  eap_ttls : Initiate
(64)  eap_ttls : Start returned 1
(64)  eap : New EAP session, adding 'State' attribute to reply 0xe5a98879e5069db9
(64)   [eap] = handled
(64)  } #  authenticate = handled
(64) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=97, length=0
(64) 	EAP-Message = 0x01af00061520
(64) 	Message-Authenticator = 0x00000000000000000000000000000000
(64) 	State = 0xe5a98879e5069db9eefd98bdfceb85f8
Sending Access-Challenge Id 97 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01af00061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xe5a98879e5069db9eefd98bdfceb85f8
(64) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 98 from 192.168.99.122:49321 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x079a1c38b23c403c9dd3d8b192b14472
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02af006a158000000060160301005b01000057030154acd52d5a690359de31fb36fcbb86c829f26f5b833b565439b9bedf5cbdc97500003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0xe5a98879e5069db9eefd98bdfceb85f8
(65) Received Access-Request packet from host 192.168.99.122 port 49321, id=98, length=186
(65) 	Message-Authenticator = 0x079a1c38b23c403c9dd3d8b192b14472
(65) 	NAS-Identifier = 'BS'
(65) 	User-Name = 'CPE6@siemens.com'
(65) 	EAP-Message = 0x02af006a158000000060160301005b01000057030154acd52d5a690359de31fb36fcbb86c829f26f5b833b565439b9bedf5cbdc97500003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(65) 	State = 0xe5a98879e5069db9eefd98bdfceb85f8
(65) # Executing section authorize from file /etc/raddb/sites-enabled/default
(65)   authorize {
(65)   filter_username filter_username {
(65)     if (!&User-Name) 
(65)     if (!&User-Name)  -> FALSE
(65)     if (&User-Name =~ / /) 
(65)     if (&User-Name =~ / /)  -> FALSE
(65)     if (&User-Name =~ /@.*@/ ) 
(65)     if (&User-Name =~ /@.*@/ )  -> FALSE
(65)     if (&User-Name =~ /\\.\\./ ) 
(65)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(65)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(65)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(65)     if (&User-Name =~ /\\.$/)  
(65)     if (&User-Name =~ /\\.$/)   -> FALSE
(65)     if (&User-Name =~ /@\\./)  
(65)     if (&User-Name =~ /@\\./)   -> FALSE
(65)   } # filter_username filter_username = notfound
(65)   [preprocess] = ok
(65)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(65)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(65)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(65)  auth_log : EXPAND %t
(65)  auth_log :    --> Wed Feb 14 20:04:39 2018
(65)   [auth_log] = ok
(65)   [chap] = noop
(65)   [mschap] = noop
(65)   [digest] = noop
(65)   [wimax] = noop
(65)  suffix : Checking for suffix after "@"
(65)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(65)  suffix : No such realm "siemens.com"
(65)   [suffix] = noop
(65)  eap : Peer sent code Response (2) ID 175 length 106
(65)  eap : Continuing tunnel setup
(65)   [eap] = ok
(65)  } #  authorize = ok
(65) Found Auth-Type = EAP
(65) # Executing group from file /etc/raddb/sites-enabled/default
(65)   authenticate {
(65)  eap : Expiring EAP session with state 0x34b58d2c37779811
(65)  eap : Finished EAP session with state 0xe5a98879e5069db9
(65)  eap : Previous EAP request found for state 0xe5a98879e5069db9, released from the list
(65)  eap : Peer sent method TTLS (21)
(65)  eap : EAP TTLS (21)
(65)  eap : Calling eap_ttls to process EAP data
(65)  eap_ttls : Authenticate
(65)  eap_ttls : processing EAP-TLS
  TLS Length 96
(65)  eap_ttls : Length Included
(65)  eap_ttls : eaptls_verify returned 11 
(65)  eap_ttls : (other): before/accept initialization
(65)  eap_ttls : TLS_accept: before/accept initialization
(65)  eap_ttls : <<< Unknown TLS version [length 0005] 
(65)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(65)  eap_ttls : TLS_accept: SSLv3 read client hello A
(65)  eap_ttls : >>> Unknown TLS version [length 0005] 
(65)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(65)  eap_ttls : TLS_accept: SSLv3 write server hello A
(65)  eap_ttls : >>> Unknown TLS version [length 0005] 
(65)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(65)  eap_ttls : TLS_accept: SSLv3 write certificate A
(65)  eap_ttls : >>> Unknown TLS version [length 0005] 
(65)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(65)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(65)  eap_ttls : >>> Unknown TLS version [length 0005] 
(65)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(65)  eap_ttls : TLS_accept: SSLv3 write server done A
(65)  eap_ttls : TLS_accept: SSLv3 flush data
(65)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(65)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(65)  eap_ttls : eaptls_process returned 13 
(65)  eap : New EAP session, adding 'State' attribute to reply 0xe5a98879e4199db9
(65)   [eap] = handled
(65)  } #  authenticate = handled
(65) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=98, length=0
(65) 	EAP-Message = 0x01b003ec15c000000702160301004a020000460301d19e5e0fc930a675c4791347153689ebc8360954da7163f29bc78bdd8ca5b56d20457b938051876edfa9715f68d76d4ca688b421a9234da733315e93cf0930284200390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(65) 	Message-Authenticator = 0x00000000000000000000000000000000
(65) 	State = 0xe5a98879e4199db9eefd98bdfceb85f8
Sending Access-Challenge Id 98 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b003ec15c000000702160301004a020000460301d19e5e0fc930a675c4791347153689ebc8360954da7163f29bc78bdd8ca5b56d20457b938051876edfa9715f68d76d4ca688b421a9234da733315e93cf0930284200390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xe5a98879e4199db9eefd98bdfceb85f8
(65) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 99 from 192.168.99.122:49321 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0xdbdbd8565d289b83fe1959b7b75b0080
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02b000061500
	State = 0xe5a98879e4199db9eefd98bdfceb85f8
(66) Received Access-Request packet from host 192.168.99.122 port 49321, id=99, length=86
(66) 	Message-Authenticator = 0xdbdbd8565d289b83fe1959b7b75b0080
(66) 	NAS-Identifier = 'BS'
(66) 	User-Name = 'CPE6@siemens.com'
(66) 	EAP-Message = 0x02b000061500
(66) 	State = 0xe5a98879e4199db9eefd98bdfceb85f8
(66) # Executing section authorize from file /etc/raddb/sites-enabled/default
(66)   authorize {
(66)   filter_username filter_username {
(66)     if (!&User-Name) 
(66)     if (!&User-Name)  -> FALSE
(66)     if (&User-Name =~ / /) 
(66)     if (&User-Name =~ / /)  -> FALSE
(66)     if (&User-Name =~ /@.*@/ ) 
(66)     if (&User-Name =~ /@.*@/ )  -> FALSE
(66)     if (&User-Name =~ /\\.\\./ ) 
(66)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(66)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(66)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(66)     if (&User-Name =~ /\\.$/)  
(66)     if (&User-Name =~ /\\.$/)   -> FALSE
(66)     if (&User-Name =~ /@\\./)  
(66)     if (&User-Name =~ /@\\./)   -> FALSE
(66)   } # filter_username filter_username = notfound
(66)   [preprocess] = ok
(66)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(66)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(66)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(66)  auth_log : EXPAND %t
(66)  auth_log :    --> Wed Feb 14 20:04:39 2018
(66)   [auth_log] = ok
(66)   [chap] = noop
(66)   [mschap] = noop
(66)   [digest] = noop
(66)   [wimax] = noop
(66)  suffix : Checking for suffix after "@"
(66)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(66)  suffix : No such realm "siemens.com"
(66)   [suffix] = noop
(66)  eap : Peer sent code Response (2) ID 176 length 6
(66)  eap : Continuing tunnel setup
(66)   [eap] = ok
(66)  } #  authorize = ok
(66) Found Auth-Type = EAP
(66) # Executing group from file /etc/raddb/sites-enabled/default
(66)   authenticate {
(66)  eap : Expiring EAP session with state 0x34b58d2c37779811
(66)  eap : Finished EAP session with state 0xe5a98879e4199db9
(66)  eap : Previous EAP request found for state 0xe5a98879e4199db9, released from the list
(66)  eap : Peer sent method TTLS (21)
(66)  eap : EAP TTLS (21)
(66)  eap : Calling eap_ttls to process EAP data
(66)  eap_ttls : Authenticate
(66)  eap_ttls : processing EAP-TLS
(66)  eap_ttls : Received TLS ACK
(66)  eap_ttls : Received TLS ACK
(66)  eap_ttls : ACK handshake fragment handler
(66)  eap_ttls : eaptls_verify returned 1 
(66)  eap_ttls : eaptls_process returned 13 
(66)  eap : New EAP session, adding 'State' attribute to reply 0xe5a98879e7189db9
(66)   [eap] = handled
(66)  } #  authenticate = handled
(66) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=99, length=0
(66) 	EAP-Message = 0x01b1032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(66) 	Message-Authenticator = 0x00000000000000000000000000000000
(66) 	State = 0xe5a98879e7189db9eefd98bdfceb85f8
Sending Access-Challenge Id 99 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b1032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xe5a98879e7189db9eefd98bdfceb85f8
(66) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 1 from 192.168.99.121:49210 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(67) Received Access-Request packet from host 192.168.99.121 port 49210, id=1, length=49
(67) 	NAS-Identifier = 'BS'
(67) 	User-Name = 'dummy'
(67) 	User-Password = '*PASSWORD*'
(67) # Executing section authorize from file /etc/raddb/sites-enabled/default
(67)   authorize {
(67)   filter_username filter_username {
(67)     if (!&User-Name) 
(67)     if (!&User-Name)  -> FALSE
(67)     if (&User-Name =~ / /) 
(67)     if (&User-Name =~ / /)  -> FALSE
(67)     if (&User-Name =~ /@.*@/ ) 
(67)     if (&User-Name =~ /@.*@/ )  -> FALSE
(67)     if (&User-Name =~ /\\.\\./ ) 
(67)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(67)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(67)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(67)     if (&User-Name =~ /\\.$/)  
(67)     if (&User-Name =~ /\\.$/)   -> FALSE
(67)     if (&User-Name =~ /@\\./)  
(67)     if (&User-Name =~ /@\\./)   -> FALSE
(67)   } # filter_username filter_username = notfound
(67)   [preprocess] = ok
(67)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(67)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(67)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(67)  auth_log : EXPAND %t
(67)  auth_log :    --> Wed Feb 14 20:04:40 2018
(67)   [auth_log] = ok
(67)   [chap] = noop
(67)   [mschap] = noop
(67)   [digest] = noop
(67)   [wimax] = noop
(67)  suffix : Checking for suffix after "@"
(67)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(67)  suffix : No such realm "NULL"
(67)   [suffix] = noop
(67)  eap : No EAP-Message, not doing EAP
(67)   [eap] = noop
(67)  files : users: Matched entry dummy at line 159
(67)   [files] = ok
(67)   [expiration] = noop
(67)   [logintime] = noop
(67)   [pap] = updated
(67)  } #  authorize = updated
(67) Found Auth-Type = PAP
(67) # Executing group from file /etc/raddb/sites-enabled/default
(67)  Auth-Type PAP {
(67)  pap : Login attempt with password
(67)  pap : User authenticated successfully
(67)   [pap] = ok
(67)  } # Auth-Type PAP = ok
(67) Login OK: [dummy] (from client BS1 port 0)
(67) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(67)   post-auth {
(67)   [exec] = noop
(67)   update reply {
(67) 	Session-Timeout := 1800
(67)   } # update reply = noop
(67)   remove_reply_message_if_eap remove_reply_message_if_eap {
(67)     if (&reply:EAP-Message && &reply:Reply-Message) 
(67)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(67)    else else {
(67)     [noop] = noop
(67)    } # else else = noop
(67)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(67)  } #  post-auth = noop
(67) Sending Access-Accept packet to host 192.168.99.121 port 49210, id=1, length=0
(67) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.121:49210
	Session-Timeout := 1800
(67) Finished request
Waking up in 0.2 seconds.
(58) Cleaning up request packet ID 93 with timestamp +79
(59) Cleaning up request packet ID 94 with timestamp +79
(60) Cleaning up request packet ID 95 with timestamp +79
Waking up in 0.8 seconds.
(61) Cleaning up request packet ID 118 with timestamp +80
(62) Cleaning up request packet ID 145 with timestamp +80
Waking up in 1.4 seconds.
Received Access-Request Id 119 from 192.168.99.123:49286 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x0e3cc4e8b7599708b438a8982f73fe51
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x028b00150143504538407369656d656e732e636f6d
(68) Received Access-Request packet from host 192.168.99.123 port 49286, id=119, length=83
(68) 	Message-Authenticator = 0x0e3cc4e8b7599708b438a8982f73fe51
(68) 	NAS-Identifier = 'BS'
(68) 	User-Name = 'CPE8@siemens.com'
(68) 	EAP-Message = 0x028b00150143504538407369656d656e732e636f6d
(68) # Executing section authorize from file /etc/raddb/sites-enabled/default
(68)   authorize {
(68)   filter_username filter_username {
(68)     if (!&User-Name) 
(68)     if (!&User-Name)  -> FALSE
(68)     if (&User-Name =~ / /) 
(68)     if (&User-Name =~ / /)  -> FALSE
(68)     if (&User-Name =~ /@.*@/ ) 
(68)     if (&User-Name =~ /@.*@/ )  -> FALSE
(68)     if (&User-Name =~ /\\.\\./ ) 
(68)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(68)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(68)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(68)     if (&User-Name =~ /\\.$/)  
(68)     if (&User-Name =~ /\\.$/)   -> FALSE
(68)     if (&User-Name =~ /@\\./)  
(68)     if (&User-Name =~ /@\\./)   -> FALSE
(68)   } # filter_username filter_username = notfound
(68)   [preprocess] = ok
(68)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(68)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(68)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(68)  auth_log : EXPAND %t
(68)  auth_log :    --> Wed Feb 14 20:04:42 2018
(68)   [auth_log] = ok
(68)   [chap] = noop
(68)   [mschap] = noop
(68)   [digest] = noop
(68)   [wimax] = noop
(68)  suffix : Checking for suffix after "@"
(68)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(68)  suffix : No such realm "siemens.com"
(68)   [suffix] = noop
(68)  eap : Peer sent code Response (2) ID 139 length 21
(68)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(68)   [eap] = ok
(68)  } #  authorize = ok
(68) Found Auth-Type = EAP
(68) # Executing group from file /etc/raddb/sites-enabled/default
(68)   authenticate {
(68)  eap : Peer sent method Identity (1)
(68)  eap : Calling eap_ttls to process EAP data
(68)  eap_ttls : Initiate
(68)  eap_ttls : Start returned 1
(68)  eap : New EAP session, adding 'State' attribute to reply 0x7735533b77b94641
(68)   [eap] = handled
(68)  } #  authenticate = handled
(68) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=119, length=0
(68) 	EAP-Message = 0x018c00061520
(68) 	Message-Authenticator = 0x00000000000000000000000000000000
(68) 	State = 0x7735533b77b94641bd220e7c6731de38
Sending Access-Challenge Id 119 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x018c00061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x7735533b77b94641bd220e7c6731de38
(68) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 100 from 192.168.99.122:49321 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0xc07fc7b8439875b68d7fd889219ab766
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02b100d01580000000c61603010086100000820080a6fad46b85d21912bc75e385472de790b222f33995cc8f170dded191a68a8711ab29a9b685d88dbd2198c8238de8e4116024bf8240c9ef0fcef363206ceff8dc54e4f8e8cb0d568d5876bf471dc76519538f343c74b48883cd938d00ce3fe45247a94f0858082829c4ff9dca384892bdf61522d0a27b31142e266d7c90a141b214030100010116030100309f855dbb99ecd25f340b0195bb96de295f35c357d084bb94405c98b0993986e3d4deaf5c5f3244a45a625e9d01d64f56
	State = 0xe5a98879e7189db9eefd98bdfceb85f8
(69) Received Access-Request packet from host 192.168.99.122 port 49321, id=100, length=288
(69) 	Message-Authenticator = 0xc07fc7b8439875b68d7fd889219ab766
(69) 	NAS-Identifier = 'BS'
(69) 	User-Name = 'CPE6@siemens.com'
(69) 	EAP-Message = 0x02b100d01580000000c61603010086100000820080a6fad46b85d21912bc75e385472de790b222f33995cc8f170dded191a68a8711ab29a9b685d88dbd2198c8238de8e4116024bf8240c9ef0fcef363206ceff8dc54e4f8e8cb0d568d5876bf471dc76519538f343c74b48883cd938d00ce3fe45247a94f0858082829c4ff9dca384892bdf61522d0a27b31142e266d7c90a141b214030100010116030100309f855dbb99ecd25f340b0195bb96de295f35c357d084bb94405c98b0993986e3d4deaf5c5f3244a45a625e9d01d64f56
(69) 	State = 0xe5a98879e7189db9eefd98bdfceb85f8
(69) # Executing section authorize from file /etc/raddb/sites-enabled/default
(69)   authorize {
(69)   filter_username filter_username {
(69)     if (!&User-Name) 
(69)     if (!&User-Name)  -> FALSE
(69)     if (&User-Name =~ / /) 
(69)     if (&User-Name =~ / /)  -> FALSE
(69)     if (&User-Name =~ /@.*@/ ) 
(69)     if (&User-Name =~ /@.*@/ )  -> FALSE
(69)     if (&User-Name =~ /\\.\\./ ) 
(69)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(69)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(69)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(69)     if (&User-Name =~ /\\.$/)  
(69)     if (&User-Name =~ /\\.$/)   -> FALSE
(69)     if (&User-Name =~ /@\\./)  
(69)     if (&User-Name =~ /@\\./)   -> FALSE
(69)   } # filter_username filter_username = notfound
(69)   [preprocess] = ok
(69)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(69)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(69)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(69)  auth_log : EXPAND %t
(69)  auth_log :    --> Wed Feb 14 20:04:42 2018
(69)   [auth_log] = ok
(69)   [chap] = noop
(69)   [mschap] = noop
(69)   [digest] = noop
(69)   [wimax] = noop
(69)  suffix : Checking for suffix after "@"
(69)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(69)  suffix : No such realm "siemens.com"
(69)   [suffix] = noop
(69)  eap : Peer sent code Response (2) ID 177 length 208
(69)  eap : Continuing tunnel setup
(69)   [eap] = ok
(69)  } #  authorize = ok
(69) Found Auth-Type = EAP
(69) # Executing group from file /etc/raddb/sites-enabled/default
(69)   authenticate {
(69)  eap : Expiring EAP session with state 0x34b58d2c37779811
(69)  eap : Finished EAP session with state 0xe5a98879e7189db9
(69)  eap : Previous EAP request found for state 0xe5a98879e7189db9, released from the list
(69)  eap : Peer sent method TTLS (21)
(69)  eap : EAP TTLS (21)
(69)  eap : Calling eap_ttls to process EAP data
(69)  eap_ttls : Authenticate
(69)  eap_ttls : processing EAP-TLS
  TLS Length 198
(69)  eap_ttls : Length Included
(69)  eap_ttls : eaptls_verify returned 11 
(69)  eap_ttls : <<< Unknown TLS version [length 0005] 
(69)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(69)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(69)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(69)  eap_ttls : <<< Unknown TLS version [length 0005] 
(69)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(69)  eap_ttls : <<< Unknown TLS version [length 0005] 
(69)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(69)  eap_ttls : TLS_accept: SSLv3 read finished A
(69)  eap_ttls : >>> Unknown TLS version [length 0005] 
(69)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(69)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(69)  eap_ttls : >>> Unknown TLS version [length 0005] 
(69)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(69)  eap_ttls : TLS_accept: SSLv3 write finished A
(69)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 457b938051876edfa9715f68d76d4ca688b421a9234da733315e93cf09302842 to cache
(69)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(69)  eap_ttls : eaptls_process returned 13 
(69)  eap : New EAP session, adding 'State' attribute to reply 0xe5a98879e61b9db9
(69)   [eap] = handled
(69)  } #  authenticate = handled
(69) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=100, length=0
(69) 	EAP-Message = 0x01b2004515800000003b1403010001011603010030242a1c86bfa713e2685ca640b3a3c4a87581f49a328123a9cbd77c2a7683362c8d4e19799a6d7c8b0309963625bfe9c2
(69) 	Message-Authenticator = 0x00000000000000000000000000000000
(69) 	State = 0xe5a98879e61b9db9eefd98bdfceb85f8
Sending Access-Challenge Id 100 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b2004515800000003b1403010001011603010030242a1c86bfa713e2685ca640b3a3c4a87581f49a328123a9cbd77c2a7683362c8d4e19799a6d7c8b0309963625bfe9c2
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xe5a98879e61b9db9eefd98bdfceb85f8
(69) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 120 from 192.168.99.123:49286 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x232c6af0a5314aafacbc23d8ac678990
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x028c006a158000000060160301005b01000057030154a650c4d8b7e3d2253c6be837f003798cee8c5de111d542c6a518444ffb1bc000003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x7735533b77b94641bd220e7c6731de38
(70) Received Access-Request packet from host 192.168.99.123 port 49286, id=120, length=186
(70) 	Message-Authenticator = 0x232c6af0a5314aafacbc23d8ac678990
(70) 	NAS-Identifier = 'BS'
(70) 	User-Name = 'CPE8@siemens.com'
(70) 	EAP-Message = 0x028c006a158000000060160301005b01000057030154a650c4d8b7e3d2253c6be837f003798cee8c5de111d542c6a518444ffb1bc000003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(70) 	State = 0x7735533b77b94641bd220e7c6731de38
(70) # Executing section authorize from file /etc/raddb/sites-enabled/default
(70)   authorize {
(70)   filter_username filter_username {
(70)     if (!&User-Name) 
(70)     if (!&User-Name)  -> FALSE
(70)     if (&User-Name =~ / /) 
(70)     if (&User-Name =~ / /)  -> FALSE
(70)     if (&User-Name =~ /@.*@/ ) 
(70)     if (&User-Name =~ /@.*@/ )  -> FALSE
(70)     if (&User-Name =~ /\\.\\./ ) 
(70)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(70)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(70)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(70)     if (&User-Name =~ /\\.$/)  
(70)     if (&User-Name =~ /\\.$/)   -> FALSE
(70)     if (&User-Name =~ /@\\./)  
(70)     if (&User-Name =~ /@\\./)   -> FALSE
(70)   } # filter_username filter_username = notfound
(70)   [preprocess] = ok
(70)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(70)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(70)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(70)  auth_log : EXPAND %t
(70)  auth_log :    --> Wed Feb 14 20:04:42 2018
(70)   [auth_log] = ok
(70)   [chap] = noop
(70)   [mschap] = noop
(70)   [digest] = noop
(70)   [wimax] = noop
(70)  suffix : Checking for suffix after "@"
(70)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(70)  suffix : No such realm "siemens.com"
(70)   [suffix] = noop
(70)  eap : Peer sent code Response (2) ID 140 length 106
(70)  eap : Continuing tunnel setup
(70)   [eap] = ok
(70)  } #  authorize = ok
(70) Found Auth-Type = EAP
(70) # Executing group from file /etc/raddb/sites-enabled/default
(70)   authenticate {
(70)  eap : Expiring EAP session with state 0x34b58d2c37779811
(70)  eap : Finished EAP session with state 0x7735533b77b94641
(70)  eap : Previous EAP request found for state 0x7735533b77b94641, released from the list
(70)  eap : Peer sent method TTLS (21)
(70)  eap : EAP TTLS (21)
(70)  eap : Calling eap_ttls to process EAP data
(70)  eap_ttls : Authenticate
(70)  eap_ttls : processing EAP-TLS
  TLS Length 96
(70)  eap_ttls : Length Included
(70)  eap_ttls : eaptls_verify returned 11 
(70)  eap_ttls : (other): before/accept initialization
(70)  eap_ttls : TLS_accept: before/accept initialization
(70)  eap_ttls : <<< Unknown TLS version [length 0005] 
(70)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(70)  eap_ttls : TLS_accept: SSLv3 read client hello A
(70)  eap_ttls : >>> Unknown TLS version [length 0005] 
(70)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(70)  eap_ttls : TLS_accept: SSLv3 write server hello A
(70)  eap_ttls : >>> Unknown TLS version [length 0005] 
(70)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(70)  eap_ttls : TLS_accept: SSLv3 write certificate A
(70)  eap_ttls : >>> Unknown TLS version [length 0005] 
(70)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(70)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(70)  eap_ttls : >>> Unknown TLS version [length 0005] 
(70)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(70)  eap_ttls : TLS_accept: SSLv3 write server done A
(70)  eap_ttls : TLS_accept: SSLv3 flush data
(70)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(70)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(70)  eap_ttls : eaptls_process returned 13 
(70)  eap : New EAP session, adding 'State' attribute to reply 0x7735533b76b84641
(70)   [eap] = handled
(70)  } #  authenticate = handled
(70) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=120, length=0
(70) 	EAP-Message = 0x018d03ec15c000000702160301004a02000046030183c914f9a208cd6b4c77d180e31a3d0806ac6d5c24f2b15ff8d9e7b03f9c99d1209b0bcac614605b36a47e12004378deff45a33e0656bc5ef702ceaee0b3d6077c00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(70) 	Message-Authenticator = 0x00000000000000000000000000000000
(70) 	State = 0x7735533b76b84641bd220e7c6731de38
Sending Access-Challenge Id 120 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x018d03ec15c000000702160301004a02000046030183c914f9a208cd6b4c77d180e31a3d0806ac6d5c24f2b15ff8d9e7b03f9c99d1209b0bcac614605b36a47e12004378deff45a33e0656bc5ef702ceaee0b3d6077c00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x7735533b76b84641bd220e7c6731de38
(70) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 121 from 192.168.99.123:49286 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0xb95cf669c61850acf0eef59c85f66f51
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x028d00061500
	State = 0x7735533b76b84641bd220e7c6731de38
(71) Received Access-Request packet from host 192.168.99.123 port 49286, id=121, length=86
(71) 	Message-Authenticator = 0xb95cf669c61850acf0eef59c85f66f51
(71) 	NAS-Identifier = 'BS'
(71) 	User-Name = 'CPE8@siemens.com'
(71) 	EAP-Message = 0x028d00061500
(71) 	State = 0x7735533b76b84641bd220e7c6731de38
(71) # Executing section authorize from file /etc/raddb/sites-enabled/default
(71)   authorize {
(71)   filter_username filter_username {
(71)     if (!&User-Name) 
(71)     if (!&User-Name)  -> FALSE
(71)     if (&User-Name =~ / /) 
(71)     if (&User-Name =~ / /)  -> FALSE
(71)     if (&User-Name =~ /@.*@/ ) 
(71)     if (&User-Name =~ /@.*@/ )  -> FALSE
(71)     if (&User-Name =~ /\\.\\./ ) 
(71)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(71)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(71)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(71)     if (&User-Name =~ /\\.$/)  
(71)     if (&User-Name =~ /\\.$/)   -> FALSE
(71)     if (&User-Name =~ /@\\./)  
(71)     if (&User-Name =~ /@\\./)   -> FALSE
(71)   } # filter_username filter_username = notfound
(71)   [preprocess] = ok
(71)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(71)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(71)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(71)  auth_log : EXPAND %t
(71)  auth_log :    --> Wed Feb 14 20:04:42 2018
(71)   [auth_log] = ok
(71)   [chap] = noop
(71)   [mschap] = noop
(71)   [digest] = noop
(71)   [wimax] = noop
(71)  suffix : Checking for suffix after "@"
(71)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(71)  suffix : No such realm "siemens.com"
(71)   [suffix] = noop
(71)  eap : Peer sent code Response (2) ID 141 length 6
(71)  eap : Continuing tunnel setup
(71)   [eap] = ok
(71)  } #  authorize = ok
(71) Found Auth-Type = EAP
(71) # Executing group from file /etc/raddb/sites-enabled/default
(71)   authenticate {
(71)  eap : Expiring EAP session with state 0x34b58d2c37779811
(71)  eap : Finished EAP session with state 0x7735533b76b84641
(71)  eap : Previous EAP request found for state 0x7735533b76b84641, released from the list
(71)  eap : Peer sent method TTLS (21)
(71)  eap : EAP TTLS (21)
(71)  eap : Calling eap_ttls to process EAP data
(71)  eap_ttls : Authenticate
(71)  eap_ttls : processing EAP-TLS
(71)  eap_ttls : Received TLS ACK
(71)  eap_ttls : Received TLS ACK
(71)  eap_ttls : ACK handshake fragment handler
(71)  eap_ttls : eaptls_verify returned 1 
(71)  eap_ttls : eaptls_process returned 13 
(71)  eap : New EAP session, adding 'State' attribute to reply 0x7735533b75bb4641
(71)   [eap] = handled
(71)  } #  authenticate = handled
(71) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=121, length=0
(71) 	EAP-Message = 0x018e032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(71) 	Message-Authenticator = 0x00000000000000000000000000000000
(71) 	State = 0x7735533b75bb4641bd220e7c6731de38
Sending Access-Challenge Id 121 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x018e032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x7735533b75bb4641bd220e7c6731de38
(71) Finished request
Waking up in 0.2 seconds.
Waking up in 0.1 seconds.
(63) Cleaning up request packet ID 96 with timestamp +82
Waking up in 1.6 seconds.
Received Access-Request Id 122 from 192.168.99.123:49286 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x2de3417d433764dc426d540a91fd9cb5
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x028c00150143504539407369656d656e732e636f6d
(72) Received Access-Request packet from host 192.168.99.123 port 49286, id=122, length=83
(72) 	Message-Authenticator = 0x2de3417d433764dc426d540a91fd9cb5
(72) 	NAS-Identifier = 'BS'
(72) 	User-Name = 'CPE9@siemens.com'
(72) 	EAP-Message = 0x028c00150143504539407369656d656e732e636f6d
(72) # Executing section authorize from file /etc/raddb/sites-enabled/default
(72)   authorize {
(72)   filter_username filter_username {
(72)     if (!&User-Name) 
(72)     if (!&User-Name)  -> FALSE
(72)     if (&User-Name =~ / /) 
(72)     if (&User-Name =~ / /)  -> FALSE
(72)     if (&User-Name =~ /@.*@/ ) 
(72)     if (&User-Name =~ /@.*@/ )  -> FALSE
(72)     if (&User-Name =~ /\\.\\./ ) 
(72)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(72)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(72)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(72)     if (&User-Name =~ /\\.$/)  
(72)     if (&User-Name =~ /\\.$/)   -> FALSE
(72)     if (&User-Name =~ /@\\./)  
(72)     if (&User-Name =~ /@\\./)   -> FALSE
(72)   } # filter_username filter_username = notfound
(72)   [preprocess] = ok
(72)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(72)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(72)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(72)  auth_log : EXPAND %t
(72)  auth_log :    --> Wed Feb 14 20:04:43 2018
(72)   [auth_log] = ok
(72)   [chap] = noop
(72)   [mschap] = noop
(72)   [digest] = noop
(72)   [wimax] = noop
(72)  suffix : Checking for suffix after "@"
(72)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(72)  suffix : No such realm "siemens.com"
(72)   [suffix] = noop
(72)  eap : Peer sent code Response (2) ID 140 length 21
(72)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(72)   [eap] = ok
(72)  } #  authorize = ok
(72) Found Auth-Type = EAP
(72) # Executing group from file /etc/raddb/sites-enabled/default
(72)   authenticate {
(72)  eap : Peer sent method Identity (1)
(72)  eap : Calling eap_ttls to process EAP data
(72)  eap_ttls : Initiate
(72)  eap_ttls : Start returned 1
(72)  eap : New EAP session, adding 'State' attribute to reply 0xc1e01396c16d0642
(72)   [eap] = handled
(72)  } #  authenticate = handled
(72) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=122, length=0
(72) 	EAP-Message = 0x018d00061520
(72) 	Message-Authenticator = 0x00000000000000000000000000000000
(72) 	State = 0xc1e01396c16d0642cfc3dce5c8c07b81
Sending Access-Challenge Id 122 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x018d00061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xc1e01396c16d0642cfc3dce5c8c07b81
(72) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 123 from 192.168.99.123:49286 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x6122fdb4d43ba6810f3263d5c8e10570
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x028d006a158000000060160301005b01000057030154ab17b9125ff1ef946494aef0c38160d847ebeb72e0717b39c2f15823d449c500003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0xc1e01396c16d0642cfc3dce5c8c07b81
(73) Received Access-Request packet from host 192.168.99.123 port 49286, id=123, length=186
(73) 	Message-Authenticator = 0x6122fdb4d43ba6810f3263d5c8e10570
(73) 	NAS-Identifier = 'BS'
(73) 	User-Name = 'CPE9@siemens.com'
(73) 	EAP-Message = 0x028d006a158000000060160301005b01000057030154ab17b9125ff1ef946494aef0c38160d847ebeb72e0717b39c2f15823d449c500003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(73) 	State = 0xc1e01396c16d0642cfc3dce5c8c07b81
(73) # Executing section authorize from file /etc/raddb/sites-enabled/default
(73)   authorize {
(73)   filter_username filter_username {
(73)     if (!&User-Name) 
(73)     if (!&User-Name)  -> FALSE
(73)     if (&User-Name =~ / /) 
(73)     if (&User-Name =~ / /)  -> FALSE
(73)     if (&User-Name =~ /@.*@/ ) 
(73)     if (&User-Name =~ /@.*@/ )  -> FALSE
(73)     if (&User-Name =~ /\\.\\./ ) 
(73)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(73)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(73)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(73)     if (&User-Name =~ /\\.$/)  
(73)     if (&User-Name =~ /\\.$/)   -> FALSE
(73)     if (&User-Name =~ /@\\./)  
(73)     if (&User-Name =~ /@\\./)   -> FALSE
(73)   } # filter_username filter_username = notfound
(73)   [preprocess] = ok
(73)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(73)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(73)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(73)  auth_log : EXPAND %t
(73)  auth_log :    --> Wed Feb 14 20:04:44 2018
(73)   [auth_log] = ok
(73)   [chap] = noop
(73)   [mschap] = noop
(73)   [digest] = noop
(73)   [wimax] = noop
(73)  suffix : Checking for suffix after "@"
(73)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(73)  suffix : No such realm "siemens.com"
(73)   [suffix] = noop
(73)  eap : Peer sent code Response (2) ID 141 length 106
(73)  eap : Continuing tunnel setup
(73)   [eap] = ok
(73)  } #  authorize = ok
(73) Found Auth-Type = EAP
(73) # Executing group from file /etc/raddb/sites-enabled/default
(73)   authenticate {
(73)  eap : Expiring EAP session with state 0x34b58d2c37779811
(73)  eap : Finished EAP session with state 0xc1e01396c16d0642
(73)  eap : Previous EAP request found for state 0xc1e01396c16d0642, released from the list
(73)  eap : Peer sent method TTLS (21)
(73)  eap : EAP TTLS (21)
(73)  eap : Calling eap_ttls to process EAP data
(73)  eap_ttls : Authenticate
(73)  eap_ttls : processing EAP-TLS
  TLS Length 96
(73)  eap_ttls : Length Included
(73)  eap_ttls : eaptls_verify returned 11 
(73)  eap_ttls : (other): before/accept initialization
(73)  eap_ttls : TLS_accept: before/accept initialization
(73)  eap_ttls : <<< Unknown TLS version [length 0005] 
(73)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(73)  eap_ttls : TLS_accept: SSLv3 read client hello A
(73)  eap_ttls : >>> Unknown TLS version [length 0005] 
(73)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(73)  eap_ttls : TLS_accept: SSLv3 write server hello A
(73)  eap_ttls : >>> Unknown TLS version [length 0005] 
(73)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(73)  eap_ttls : TLS_accept: SSLv3 write certificate A
(73)  eap_ttls : >>> Unknown TLS version [length 0005] 
(73)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(73)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(73)  eap_ttls : >>> Unknown TLS version [length 0005] 
(73)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(73)  eap_ttls : TLS_accept: SSLv3 write server done A
(73)  eap_ttls : TLS_accept: SSLv3 flush data
(73)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(73)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(73)  eap_ttls : eaptls_process returned 13 
(73)  eap : New EAP session, adding 'State' attribute to reply 0xc1e01396c06e0642
(73)   [eap] = handled
(73)  } #  authenticate = handled
(73) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=123, length=0
(73) 	EAP-Message = 0x018e03ec15c000000702160301004a020000460301bf5b61a33b79afca1f371ba966e2aecb4eae98f2b6c58aa6c16d2236ebadb835203e32330f4885a3ed9ac2b4d5753a13f7d2a4d1b1efeee3c4ab58f6da95fde44500390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(73) 	Message-Authenticator = 0x00000000000000000000000000000000
(73) 	State = 0xc1e01396c06e0642cfc3dce5c8c07b81
Sending Access-Challenge Id 123 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x018e03ec15c000000702160301004a020000460301bf5b61a33b79afca1f371ba966e2aecb4eae98f2b6c58aa6c16d2236ebadb835203e32330f4885a3ed9ac2b4d5753a13f7d2a4d1b1efeee3c4ab58f6da95fde44500390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xc1e01396c06e0642cfc3dce5c8c07b81
(73) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 124 from 192.168.99.123:49286 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0xa6e5f5aa074bc59956b3015899cd3ed5
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x028e00061500
	State = 0xc1e01396c06e0642cfc3dce5c8c07b81
(74) Received Access-Request packet from host 192.168.99.123 port 49286, id=124, length=86
(74) 	Message-Authenticator = 0xa6e5f5aa074bc59956b3015899cd3ed5
(74) 	NAS-Identifier = 'BS'
(74) 	User-Name = 'CPE9@siemens.com'
(74) 	EAP-Message = 0x028e00061500
(74) 	State = 0xc1e01396c06e0642cfc3dce5c8c07b81
(74) # Executing section authorize from file /etc/raddb/sites-enabled/default
(74)   authorize {
(74)   filter_username filter_username {
(74)     if (!&User-Name) 
(74)     if (!&User-Name)  -> FALSE
(74)     if (&User-Name =~ / /) 
(74)     if (&User-Name =~ / /)  -> FALSE
(74)     if (&User-Name =~ /@.*@/ ) 
(74)     if (&User-Name =~ /@.*@/ )  -> FALSE
(74)     if (&User-Name =~ /\\.\\./ ) 
(74)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(74)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(74)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(74)     if (&User-Name =~ /\\.$/)  
(74)     if (&User-Name =~ /\\.$/)   -> FALSE
(74)     if (&User-Name =~ /@\\./)  
(74)     if (&User-Name =~ /@\\./)   -> FALSE
(74)   } # filter_username filter_username = notfound
(74)   [preprocess] = ok
(74)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(74)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(74)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(74)  auth_log : EXPAND %t
(74)  auth_log :    --> Wed Feb 14 20:04:44 2018
(74)   [auth_log] = ok
(74)   [chap] = noop
(74)   [mschap] = noop
(74)   [digest] = noop
(74)   [wimax] = noop
(74)  suffix : Checking for suffix after "@"
(74)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(74)  suffix : No such realm "siemens.com"
(74)   [suffix] = noop
(74)  eap : Peer sent code Response (2) ID 142 length 6
(74)  eap : Continuing tunnel setup
(74)   [eap] = ok
(74)  } #  authorize = ok
(74) Found Auth-Type = EAP
(74) # Executing group from file /etc/raddb/sites-enabled/default
(74)   authenticate {
(74)  eap : Expiring EAP session with state 0x34b58d2c37779811
(74)  eap : Finished EAP session with state 0xc1e01396c06e0642
(74)  eap : Previous EAP request found for state 0xc1e01396c06e0642, released from the list
(74)  eap : Peer sent method TTLS (21)
(74)  eap : EAP TTLS (21)
(74)  eap : Calling eap_ttls to process EAP data
(74)  eap_ttls : Authenticate
(74)  eap_ttls : processing EAP-TLS
(74)  eap_ttls : Received TLS ACK
(74)  eap_ttls : Received TLS ACK
(74)  eap_ttls : ACK handshake fragment handler
(74)  eap_ttls : eaptls_verify returned 1 
(74)  eap_ttls : eaptls_process returned 13 
(74)  eap : New EAP session, adding 'State' attribute to reply 0xc1e01396c36f0642
(74)   [eap] = handled
(74)  } #  authenticate = handled
(74) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=124, length=0
(74) 	EAP-Message = 0x018f032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(74) 	Message-Authenticator = 0x00000000000000000000000000000000
(74) 	State = 0xc1e01396c36f0642cfc3dce5c8c07b81
Sending Access-Challenge Id 124 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x018f032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xc1e01396c36f0642cfc3dce5c8c07b81
(74) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 1 from 192.168.99.123:49286 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(75) Received Access-Request packet from host 192.168.99.123 port 49286, id=1, length=49
(75) 	NAS-Identifier = 'BS'
(75) 	User-Name = 'dummy'
(75) 	User-Password = '*PASSWORD*'
(75) # Executing section authorize from file /etc/raddb/sites-enabled/default
(75)   authorize {
(75)   filter_username filter_username {
(75)     if (!&User-Name) 
(75)     if (!&User-Name)  -> FALSE
(75)     if (&User-Name =~ / /) 
(75)     if (&User-Name =~ / /)  -> FALSE
(75)     if (&User-Name =~ /@.*@/ ) 
(75)     if (&User-Name =~ /@.*@/ )  -> FALSE
(75)     if (&User-Name =~ /\\.\\./ ) 
(75)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(75)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(75)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(75)     if (&User-Name =~ /\\.$/)  
(75)     if (&User-Name =~ /\\.$/)   -> FALSE
(75)     if (&User-Name =~ /@\\./)  
(75)     if (&User-Name =~ /@\\./)   -> FALSE
(75)   } # filter_username filter_username = notfound
(75)   [preprocess] = ok
(75)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(75)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(75)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(75)  auth_log : EXPAND %t
(75)  auth_log :    --> Wed Feb 14 20:04:44 2018
(75)   [auth_log] = ok
(75)   [chap] = noop
(75)   [mschap] = noop
(75)   [digest] = noop
(75)   [wimax] = noop
(75)  suffix : Checking for suffix after "@"
(75)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(75)  suffix : No such realm "NULL"
(75)   [suffix] = noop
(75)  eap : No EAP-Message, not doing EAP
(75)   [eap] = noop
(75)  files : users: Matched entry dummy at line 159
(75)   [files] = ok
(75)   [expiration] = noop
(75)   [logintime] = noop
(75)   [pap] = updated
(75)  } #  authorize = updated
(75) Found Auth-Type = PAP
(75) # Executing group from file /etc/raddb/sites-enabled/default
(75)  Auth-Type PAP {
(75)  pap : Login attempt with password
(75)  pap : User authenticated successfully
(75)   [pap] = ok
(75)  } # Auth-Type PAP = ok
(75) Login OK: [dummy] (from client BS3 port 0)
(75) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(75)   post-auth {
(75)   [exec] = noop
(75)   update reply {
(75) 	Session-Timeout := 1800
(75)   } # update reply = noop
(75)   remove_reply_message_if_eap remove_reply_message_if_eap {
(75)     if (&reply:EAP-Message && &reply:Reply-Message) 
(75)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(75)    else else {
(75)     [noop] = noop
(75)    } # else else = noop
(75)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(75)  } #  post-auth = noop
(75) Sending Access-Accept packet to host 192.168.99.123 port 49286, id=1, length=0
(75) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.123:49286
	Session-Timeout := 1800
(75) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 146 from 192.168.99.121:49210 to 192.168.99.101:1812 length 85
	Message-Authenticator = 0x5031306b18843d246d66c9b1d85f9ca1
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c00016014350453131407369656d656e732e636f6d
(76) Received Access-Request packet from host 192.168.99.121 port 49210, id=146, length=85
(76) 	Message-Authenticator = 0x5031306b18843d246d66c9b1d85f9ca1
(76) 	NAS-Identifier = 'BS'
(76) 	User-Name = 'CPE11@siemens.com'
(76) 	EAP-Message = 0x02c00016014350453131407369656d656e732e636f6d
(76) # Executing section authorize from file /etc/raddb/sites-enabled/default
(76)   authorize {
(76)   filter_username filter_username {
(76)     if (!&User-Name) 
(76)     if (!&User-Name)  -> FALSE
(76)     if (&User-Name =~ / /) 
(76)     if (&User-Name =~ / /)  -> FALSE
(76)     if (&User-Name =~ /@.*@/ ) 
(76)     if (&User-Name =~ /@.*@/ )  -> FALSE
(76)     if (&User-Name =~ /\\.\\./ ) 
(76)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(76)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(76)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(76)     if (&User-Name =~ /\\.$/)  
(76)     if (&User-Name =~ /\\.$/)   -> FALSE
(76)     if (&User-Name =~ /@\\./)  
(76)     if (&User-Name =~ /@\\./)   -> FALSE
(76)   } # filter_username filter_username = notfound
(76)   [preprocess] = ok
(76)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(76)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(76)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(76)  auth_log : EXPAND %t
(76)  auth_log :    --> Wed Feb 14 20:04:44 2018
(76)   [auth_log] = ok
(76)   [chap] = noop
(76)   [mschap] = noop
(76)   [digest] = noop
(76)   [wimax] = noop
(76)  suffix : Checking for suffix after "@"
(76)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(76)  suffix : No such realm "siemens.com"
(76)   [suffix] = noop
(76)  eap : Peer sent code Response (2) ID 192 length 22
(76)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(76)   [eap] = ok
(76)  } #  authorize = ok
(76) Found Auth-Type = EAP
(76) # Executing group from file /etc/raddb/sites-enabled/default
(76)   authenticate {
(76)  eap : Peer sent method Identity (1)
(76)  eap : Calling eap_ttls to process EAP data
(76)  eap_ttls : Initiate
(76)  eap_ttls : Start returned 1
(76)  eap : New EAP session, adding 'State' attribute to reply 0x918e13c5914f0617
(76)   [eap] = handled
(76)  } #  authenticate = handled
(76) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=146, length=0
(76) 	EAP-Message = 0x01c100061520
(76) 	Message-Authenticator = 0x00000000000000000000000000000000
(76) 	State = 0x918e13c5914f061769d94ee7ca112ece
Sending Access-Challenge Id 146 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c100061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x918e13c5914f061769d94ee7ca112ece
(76) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 1 from 192.168.99.124:49285 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(77) Received Access-Request packet from host 192.168.99.124 port 49285, id=1, length=49
(77) 	NAS-Identifier = 'BS'
(77) 	User-Name = 'dummy'
(77) 	User-Password = '*PASSWORD*'
(77) # Executing section authorize from file /etc/raddb/sites-enabled/default
(77)   authorize {
(77)   filter_username filter_username {
(77)     if (!&User-Name) 
(77)     if (!&User-Name)  -> FALSE
(77)     if (&User-Name =~ / /) 
(77)     if (&User-Name =~ / /)  -> FALSE
(77)     if (&User-Name =~ /@.*@/ ) 
(77)     if (&User-Name =~ /@.*@/ )  -> FALSE
(77)     if (&User-Name =~ /\\.\\./ ) 
(77)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(77)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(77)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(77)     if (&User-Name =~ /\\.$/)  
(77)     if (&User-Name =~ /\\.$/)   -> FALSE
(77)     if (&User-Name =~ /@\\./)  
(77)     if (&User-Name =~ /@\\./)   -> FALSE
(77)   } # filter_username filter_username = notfound
(77)   [preprocess] = ok
(77)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(77)  auth_log :    --> /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(77)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(77)  auth_log : EXPAND %t
(77)  auth_log :    --> Wed Feb 14 20:04:44 2018
(77)   [auth_log] = ok
(77)   [chap] = noop
(77)   [mschap] = noop
(77)   [digest] = noop
(77)   [wimax] = noop
(77)  suffix : Checking for suffix after "@"
(77)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(77)  suffix : No such realm "NULL"
(77)   [suffix] = noop
(77)  eap : No EAP-Message, not doing EAP
(77)   [eap] = noop
(77)  files : users: Matched entry dummy at line 159
(77)   [files] = ok
(77)   [expiration] = noop
(77)   [logintime] = noop
(77)   [pap] = updated
(77)  } #  authorize = updated
(77) Found Auth-Type = PAP
(77) # Executing group from file /etc/raddb/sites-enabled/default
(77)  Auth-Type PAP {
(77)  pap : Login attempt with password
(77)  pap : User authenticated successfully
(77)   [pap] = ok
(77)  } # Auth-Type PAP = ok
(77) Login OK: [dummy] (from client BS4 port 0)
(77) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(77)   post-auth {
(77)   [exec] = noop
(77)   update reply {
(77) 	Session-Timeout := 1800
(77)   } # update reply = noop
(77)   remove_reply_message_if_eap remove_reply_message_if_eap {
(77)     if (&reply:EAP-Message && &reply:Reply-Message) 
(77)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(77)    else else {
(77)     [noop] = noop
(77)    } # else else = noop
(77)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(77)  } #  post-auth = noop
(77) Sending Access-Accept packet to host 192.168.99.124 port 49285, id=1, length=0
(77) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.124:49285
	Session-Timeout := 1800
(77) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 147 from 192.168.99.121:49210 to 192.168.99.101:1812 length 187
	Message-Authenticator = 0x8b54eb18eb138aa86a932c26be87dc7c
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c1006a158000000060160301005b01000057030154a4b48bd3c71b839c2f04a0abc2bed4168de9a7e8f8e7b346f8f5edfe2ce19b00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x918e13c5914f061769d94ee7ca112ece
(78) Received Access-Request packet from host 192.168.99.121 port 49210, id=147, length=187
(78) 	Message-Authenticator = 0x8b54eb18eb138aa86a932c26be87dc7c
(78) 	NAS-Identifier = 'BS'
(78) 	User-Name = 'CPE11@siemens.com'
(78) 	EAP-Message = 0x02c1006a158000000060160301005b01000057030154a4b48bd3c71b839c2f04a0abc2bed4168de9a7e8f8e7b346f8f5edfe2ce19b00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(78) 	State = 0x918e13c5914f061769d94ee7ca112ece
(78) # Executing section authorize from file /etc/raddb/sites-enabled/default
(78)   authorize {
(78)   filter_username filter_username {
(78)     if (!&User-Name) 
(78)     if (!&User-Name)  -> FALSE
(78)     if (&User-Name =~ / /) 
(78)     if (&User-Name =~ / /)  -> FALSE
(78)     if (&User-Name =~ /@.*@/ ) 
(78)     if (&User-Name =~ /@.*@/ )  -> FALSE
(78)     if (&User-Name =~ /\\.\\./ ) 
(78)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(78)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(78)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(78)     if (&User-Name =~ /\\.$/)  
(78)     if (&User-Name =~ /\\.$/)   -> FALSE
(78)     if (&User-Name =~ /@\\./)  
(78)     if (&User-Name =~ /@\\./)   -> FALSE
(78)   } # filter_username filter_username = notfound
(78)   [preprocess] = ok
(78)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(78)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(78)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(78)  auth_log : EXPAND %t
(78)  auth_log :    --> Wed Feb 14 20:04:44 2018
(78)   [auth_log] = ok
(78)   [chap] = noop
(78)   [mschap] = noop
(78)   [digest] = noop
(78)   [wimax] = noop
(78)  suffix : Checking for suffix after "@"
(78)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(78)  suffix : No such realm "siemens.com"
(78)   [suffix] = noop
(78)  eap : Peer sent code Response (2) ID 193 length 106
(78)  eap : Continuing tunnel setup
(78)   [eap] = ok
(78)  } #  authorize = ok
(78) Found Auth-Type = EAP
(78) # Executing group from file /etc/raddb/sites-enabled/default
(78)   authenticate {
(78)  eap : Expiring EAP session with state 0x34b58d2c37779811
(78)  eap : Finished EAP session with state 0x918e13c5914f0617
(78)  eap : Previous EAP request found for state 0x918e13c5914f0617, released from the list
(78)  eap : Peer sent method TTLS (21)
(78)  eap : EAP TTLS (21)
(78)  eap : Calling eap_ttls to process EAP data
(78)  eap_ttls : Authenticate
(78)  eap_ttls : processing EAP-TLS
  TLS Length 96
(78)  eap_ttls : Length Included
(78)  eap_ttls : eaptls_verify returned 11 
(78)  eap_ttls : (other): before/accept initialization
(78)  eap_ttls : TLS_accept: before/accept initialization
(78)  eap_ttls : <<< Unknown TLS version [length 0005] 
(78)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(78)  eap_ttls : TLS_accept: SSLv3 read client hello A
(78)  eap_ttls : >>> Unknown TLS version [length 0005] 
(78)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(78)  eap_ttls : TLS_accept: SSLv3 write server hello A
(78)  eap_ttls : >>> Unknown TLS version [length 0005] 
(78)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(78)  eap_ttls : TLS_accept: SSLv3 write certificate A
(78)  eap_ttls : >>> Unknown TLS version [length 0005] 
(78)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(78)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(78)  eap_ttls : >>> Unknown TLS version [length 0005] 
(78)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(78)  eap_ttls : TLS_accept: SSLv3 write server done A
(78)  eap_ttls : TLS_accept: SSLv3 flush data
(78)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(78)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(78)  eap_ttls : eaptls_process returned 13 
(78)  eap : New EAP session, adding 'State' attribute to reply 0x918e13c5904c0617
(78)   [eap] = handled
(78)  } #  authenticate = handled
(78) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=147, length=0
(78) 	EAP-Message = 0x01c203ec15c000000702160301004a020000460301f2187d13028d94bc461c3974536dcde4393710bca8a6bcc1fcd08dd5351c47cd208c26ed6e31782212905c048fc0b7c03e1e5fd532336d9e33472f72559284e3d800390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(78) 	Message-Authenticator = 0x00000000000000000000000000000000
(78) 	State = 0x918e13c5904c061769d94ee7ca112ece
Sending Access-Challenge Id 147 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c203ec15c000000702160301004a020000460301f2187d13028d94bc461c3974536dcde4393710bca8a6bcc1fcd08dd5351c47cd208c26ed6e31782212905c048fc0b7c03e1e5fd532336d9e33472f72559284e3d800390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x918e13c5904c061769d94ee7ca112ece
(78) Finished request
Received Access-Request Id 148 from 192.168.99.121:49210 to 192.168.99.101:1812 length 87
	Message-Authenticator = 0x9c0ad05df2f50f6d45bd5f9c79baff8c
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c200061500
	State = 0x918e13c5904c061769d94ee7ca112ece
(79) Received Access-Request packet from host 192.168.99.121 port 49210, id=148, length=87
(79) 	Message-Authenticator = 0x9c0ad05df2f50f6d45bd5f9c79baff8c
(79) 	NAS-Identifier = 'BS'
(79) 	User-Name = 'CPE11@siemens.com'
(79) 	EAP-Message = 0x02c200061500
(79) 	State = 0x918e13c5904c061769d94ee7ca112ece
(79) # Executing section authorize from file /etc/raddb/sites-enabled/default
(79)   authorize {
(79)   filter_username filter_username {
(79)     if (!&User-Name) 
(79)     if (!&User-Name)  -> FALSE
(79)     if (&User-Name =~ / /) 
(79)     if (&User-Name =~ / /)  -> FALSE
(79)     if (&User-Name =~ /@.*@/ ) 
(79)     if (&User-Name =~ /@.*@/ )  -> FALSE
(79)     if (&User-Name =~ /\\.\\./ ) 
(79)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(79)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(79)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(79)     if (&User-Name =~ /\\.$/)  
(79)     if (&User-Name =~ /\\.$/)   -> FALSE
(79)     if (&User-Name =~ /@\\./)  
(79)     if (&User-Name =~ /@\\./)   -> FALSE
(79)   } # filter_username filter_username = notfound
(79)   [preprocess] = ok
(79)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(79)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(79)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(79)  auth_log : EXPAND %t
(79)  auth_log :    --> Wed Feb 14 20:04:44 2018
(79)   [auth_log] = ok
(79)   [chap] = noop
(79)   [mschap] = noop
(79)   [digest] = noop
(79)   [wimax] = noop
(79)  suffix : Checking for suffix after "@"
(79)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(79)  suffix : No such realm "siemens.com"
(79)   [suffix] = noop
(79)  eap : Peer sent code Response (2) ID 194 length 6
(79)  eap : Continuing tunnel setup
(79)   [eap] = ok
(79)  } #  authorize = ok
(79) Found Auth-Type = EAP
(79) # Executing group from file /etc/raddb/sites-enabled/default
(79)   authenticate {
(79)  eap : Expiring EAP session with state 0x34b58d2c37779811
(79)  eap : Finished EAP session with state 0x918e13c5904c0617
(79)  eap : Previous EAP request found for state 0x918e13c5904c0617, released from the list
(79)  eap : Peer sent method TTLS (21)
(79)  eap : EAP TTLS (21)
(79)  eap : Calling eap_ttls to process EAP data
(79)  eap_ttls : Authenticate
(79)  eap_ttls : processing EAP-TLS
(79)  eap_ttls : Received TLS ACK
(79)  eap_ttls : Received TLS ACK
(79)  eap_ttls : ACK handshake fragment handler
(79)  eap_ttls : eaptls_verify returned 1 
(79)  eap_ttls : eaptls_process returned 13 
(79)  eap : New EAP session, adding 'State' attribute to reply 0x918e13c5934d0617
(79)   [eap] = handled
(79)  } #  authenticate = handled
(79) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=148, length=0
(79) 	EAP-Message = 0x01c3032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(79) 	Message-Authenticator = 0x00000000000000000000000000000000
(79) 	State = 0x918e13c5934d061769d94ee7ca112ece
Sending Access-Challenge Id 148 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c3032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x918e13c5934d061769d94ee7ca112ece
(79) Finished request
Received Access-Request Id 1 from 192.168.99.122:49321 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(80) Received Access-Request packet from host 192.168.99.122 port 49321, id=1, length=49
(80) 	NAS-Identifier = 'BS'
(80) 	User-Name = 'dummy'
(80) 	User-Password = '*PASSWORD*'
(80) # Executing section authorize from file /etc/raddb/sites-enabled/default
(80)   authorize {
(80)   filter_username filter_username {
(80)     if (!&User-Name) 
(80)     if (!&User-Name)  -> FALSE
(80)     if (&User-Name =~ / /) 
(80)     if (&User-Name =~ / /)  -> FALSE
(80)     if (&User-Name =~ /@.*@/ ) 
(80)     if (&User-Name =~ /@.*@/ )  -> FALSE
(80)     if (&User-Name =~ /\\.\\./ ) 
(80)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(80)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(80)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(80)     if (&User-Name =~ /\\.$/)  
(80)     if (&User-Name =~ /\\.$/)   -> FALSE
(80)     if (&User-Name =~ /@\\./)  
(80)     if (&User-Name =~ /@\\./)   -> FALSE
(80)   } # filter_username filter_username = notfound
(80)   [preprocess] = ok
(80)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(80)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(80)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(80)  auth_log : EXPAND %t
(80)  auth_log :    --> Wed Feb 14 20:04:44 2018
(80)   [auth_log] = ok
(80)   [chap] = noop
(80)   [mschap] = noop
(80)   [digest] = noop
(80)   [wimax] = noop
(80)  suffix : Checking for suffix after "@"
(80)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(80)  suffix : No such realm "NULL"
(80)   [suffix] = noop
(80)  eap : No EAP-Message, not doing EAP
(80)   [eap] = noop
(80)  files : users: Matched entry dummy at line 159
(80)   [files] = ok
(80)   [expiration] = noop
(80)   [logintime] = noop
(80)   [pap] = updated
(80)  } #  authorize = updated
(80) Found Auth-Type = PAP
(80) # Executing group from file /etc/raddb/sites-enabled/default
(80)  Auth-Type PAP {
(80)  pap : Login attempt with password
(80)  pap : User authenticated successfully
(80)   [pap] = ok
(80)  } # Auth-Type PAP = ok
(80) Login OK: [dummy] (from client BS2 port 0)
(80) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(80)   post-auth {
(80)   [exec] = noop
(80)   update reply {
(80) 	Session-Timeout := 1800
(80)   } # update reply = noop
(80)   remove_reply_message_if_eap remove_reply_message_if_eap {
(80)     if (&reply:EAP-Message && &reply:Reply-Message) 
(80)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(80)    else else {
(80)     [noop] = noop
(80)    } # else else = noop
(80)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(80)  } #  post-auth = noop
(80) Sending Access-Accept packet to host 192.168.99.122 port 49321, id=1, length=0
(80) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.122:49321
	Session-Timeout := 1800
(80) Finished request
Waking up in 0.1 seconds.
(64) Cleaning up request packet ID 97 with timestamp +83
(65) Cleaning up request packet ID 98 with timestamp +83
(66) Cleaning up request packet ID 99 with timestamp +83
Waking up in 0.3 seconds.
Received Access-Request Id 125 from 192.168.99.123:49286 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0xf7defb1a966e797a20ac1324fa72b08a
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x028e00d01580000000c616030100861000008200801933bbf202713411d41e8d09c19cbf82cac091b2512ba6faca9bf25602a14515f6210c843a5814cac2ea168c38bf1255a7f5816eec33baa28fe26965af256fa70523ced1f7e8fed1b591fb7cc2f7befc129a203895a7acf62f1ec71cf9ea824e7e85260982d6dbcffa7438e2eff57aa11ee448b92a0bee2b1a5b9cfc7c44717c14030100010116030100302dc0d7d7b1241f2a2f9c0885cb665c8b2151075b9ef1d59ed3ac0fe28eb4fafacaac71d5a02828ca49a42c790356c82c
	State = 0x7735533b75bb4641bd220e7c6731de38
(81) Received Access-Request packet from host 192.168.99.123 port 49286, id=125, length=288
(81) 	Message-Authenticator = 0xf7defb1a966e797a20ac1324fa72b08a
(81) 	NAS-Identifier = 'BS'
(81) 	User-Name = 'CPE8@siemens.com'
(81) 	EAP-Message = 0x028e00d01580000000c616030100861000008200801933bbf202713411d41e8d09c19cbf82cac091b2512ba6faca9bf25602a14515f6210c843a5814cac2ea168c38bf1255a7f5816eec33baa28fe26965af256fa70523ced1f7e8fed1b591fb7cc2f7befc129a203895a7acf62f1ec71cf9ea824e7e85260982d6dbcffa7438e2eff57aa11ee448b92a0bee2b1a5b9cfc7c44717c14030100010116030100302dc0d7d7b1241f2a2f9c0885cb665c8b2151075b9ef1d59ed3ac0fe28eb4fafacaac71d5a02828ca49a42c790356c82c
(81) 	State = 0x7735533b75bb4641bd220e7c6731de38
(81) # Executing section authorize from file /etc/raddb/sites-enabled/default
(81)   authorize {
(81)   filter_username filter_username {
(81)     if (!&User-Name) 
(81)     if (!&User-Name)  -> FALSE
(81)     if (&User-Name =~ / /) 
(81)     if (&User-Name =~ / /)  -> FALSE
(81)     if (&User-Name =~ /@.*@/ ) 
(81)     if (&User-Name =~ /@.*@/ )  -> FALSE
(81)     if (&User-Name =~ /\\.\\./ ) 
(81)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(81)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(81)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(81)     if (&User-Name =~ /\\.$/)  
(81)     if (&User-Name =~ /\\.$/)   -> FALSE
(81)     if (&User-Name =~ /@\\./)  
(81)     if (&User-Name =~ /@\\./)   -> FALSE
(81)   } # filter_username filter_username = notfound
(81)   [preprocess] = ok
(81)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(81)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(81)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(81)  auth_log : EXPAND %t
(81)  auth_log :    --> Wed Feb 14 20:04:45 2018
(81)   [auth_log] = ok
(81)   [chap] = noop
(81)   [mschap] = noop
(81)   [digest] = noop
(81)   [wimax] = noop
(81)  suffix : Checking for suffix after "@"
(81)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(81)  suffix : No such realm "siemens.com"
(81)   [suffix] = noop
(81)  eap : Peer sent code Response (2) ID 142 length 208
(81)  eap : Continuing tunnel setup
(81)   [eap] = ok
(81)  } #  authorize = ok
(81) Found Auth-Type = EAP
(81) # Executing group from file /etc/raddb/sites-enabled/default
(81)   authenticate {
(81)  eap : Expiring EAP session with state 0x34b58d2c37779811
(81)  eap : Finished EAP session with state 0x7735533b75bb4641
(81)  eap : Previous EAP request found for state 0x7735533b75bb4641, released from the list
(81)  eap : Peer sent method TTLS (21)
(81)  eap : EAP TTLS (21)
(81)  eap : Calling eap_ttls to process EAP data
(81)  eap_ttls : Authenticate
(81)  eap_ttls : processing EAP-TLS
  TLS Length 198
(81)  eap_ttls : Length Included
(81)  eap_ttls : eaptls_verify returned 11 
(81)  eap_ttls : <<< Unknown TLS version [length 0005] 
(81)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(81)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(81)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(81)  eap_ttls : <<< Unknown TLS version [length 0005] 
(81)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(81)  eap_ttls : <<< Unknown TLS version [length 0005] 
(81)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(81)  eap_ttls : TLS_accept: SSLv3 read finished A
(81)  eap_ttls : >>> Unknown TLS version [length 0005] 
(81)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(81)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(81)  eap_ttls : >>> Unknown TLS version [length 0005] 
(81)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(81)  eap_ttls : TLS_accept: SSLv3 write finished A
(81)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 9b0bcac614605b36a47e12004378deff45a33e0656bc5ef702ceaee0b3d6077c to cache
(81)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(81)  eap_ttls : eaptls_process returned 13 
(81)  eap : New EAP session, adding 'State' attribute to reply 0x7735533b74ba4641
(81)   [eap] = handled
(81)  } #  authenticate = handled
(81) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=125, length=0
(81) 	EAP-Message = 0x018f004515800000003b1403010001011603010030d9462b410b5206336d94304530ea5c292a62c85f600f42bd59f0977fe505ec02cf67497f5910f18f2052cdb6bcd6dfd5
(81) 	Message-Authenticator = 0x00000000000000000000000000000000
(81) 	State = 0x7735533b74ba4641bd220e7c6731de38
Sending Access-Challenge Id 125 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x018f004515800000003b1403010001011603010030d9462b410b5206336d94304530ea5c292a62c85f600f42bd59f0977fe505ec02cf67497f5910f18f2052cdb6bcd6dfd5
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x7735533b74ba4641bd220e7c6731de38
(81) Finished request
Waking up in 0.2 seconds.
(67) Cleaning up request packet ID 1 with timestamp +84
Waking up in 0.1 seconds.
Waking up in 2.1 seconds.
Received Access-Request Id 101 from 192.168.99.122:49321 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x9c9cbb45e003affed660db8fcaf4b1ab
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02af00150143504537407369656d656e732e636f6d
(82) Received Access-Request packet from host 192.168.99.122 port 49321, id=101, length=83
(82) 	Message-Authenticator = 0x9c9cbb45e003affed660db8fcaf4b1ab
(82) 	NAS-Identifier = 'BS'
(82) 	User-Name = 'CPE7@siemens.com'
(82) 	EAP-Message = 0x02af00150143504537407369656d656e732e636f6d
(82) # Executing section authorize from file /etc/raddb/sites-enabled/default
(82)   authorize {
(82)   filter_username filter_username {
(82)     if (!&User-Name) 
(82)     if (!&User-Name)  -> FALSE
(82)     if (&User-Name =~ / /) 
(82)     if (&User-Name =~ / /)  -> FALSE
(82)     if (&User-Name =~ /@.*@/ ) 
(82)     if (&User-Name =~ /@.*@/ )  -> FALSE
(82)     if (&User-Name =~ /\\.\\./ ) 
(82)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(82)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(82)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(82)     if (&User-Name =~ /\\.$/)  
(82)     if (&User-Name =~ /\\.$/)   -> FALSE
(82)     if (&User-Name =~ /@\\./)  
(82)     if (&User-Name =~ /@\\./)   -> FALSE
(82)   } # filter_username filter_username = notfound
(82)   [preprocess] = ok
(82)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(82)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(82)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(82)  auth_log : EXPAND %t
(82)  auth_log :    --> Wed Feb 14 20:04:45 2018
(82)   [auth_log] = ok
(82)   [chap] = noop
(82)   [mschap] = noop
(82)   [digest] = noop
(82)   [wimax] = noop
(82)  suffix : Checking for suffix after "@"
(82)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(82)  suffix : No such realm "siemens.com"
(82)   [suffix] = noop
(82)  eap : Peer sent code Response (2) ID 175 length 21
(82)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(82)   [eap] = ok
(82)  } #  authorize = ok
(82) Found Auth-Type = EAP
(82) # Executing group from file /etc/raddb/sites-enabled/default
(82)   authenticate {
(82)  eap : Peer sent method Identity (1)
(82)  eap : Calling eap_ttls to process EAP data
(82)  eap_ttls : Initiate
(82)  eap_ttls : Start returned 1
(82)  eap : New EAP session, adding 'State' attribute to reply 0xda00939bdab086e6
(82)   [eap] = handled
(82)  } #  authenticate = handled
(82) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=101, length=0
(82) 	EAP-Message = 0x01b000061520
(82) 	Message-Authenticator = 0x00000000000000000000000000000000
(82) 	State = 0xda00939bdab086e60b0a81a1d667764b
Sending Access-Challenge Id 101 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b000061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xda00939bdab086e60b0a81a1d667764b
(82) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 102 from 192.168.99.122:49321 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x1e5b8348f9a388b627b36fe24f713db1
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02b0006a158000000060160301005b01000057030154ac6fb0ed74ac4b51878a357e1fb34c8d5c46203b117a9241afa26092a4a6ce00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0xda00939bdab086e60b0a81a1d667764b
(83) Received Access-Request packet from host 192.168.99.122 port 49321, id=102, length=186
(83) 	Message-Authenticator = 0x1e5b8348f9a388b627b36fe24f713db1
(83) 	NAS-Identifier = 'BS'
(83) 	User-Name = 'CPE7@siemens.com'
(83) 	EAP-Message = 0x02b0006a158000000060160301005b01000057030154ac6fb0ed74ac4b51878a357e1fb34c8d5c46203b117a9241afa26092a4a6ce00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(83) 	State = 0xda00939bdab086e60b0a81a1d667764b
(83) # Executing section authorize from file /etc/raddb/sites-enabled/default
(83)   authorize {
(83)   filter_username filter_username {
(83)     if (!&User-Name) 
(83)     if (!&User-Name)  -> FALSE
(83)     if (&User-Name =~ / /) 
(83)     if (&User-Name =~ / /)  -> FALSE
(83)     if (&User-Name =~ /@.*@/ ) 
(83)     if (&User-Name =~ /@.*@/ )  -> FALSE
(83)     if (&User-Name =~ /\\.\\./ ) 
(83)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(83)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(83)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(83)     if (&User-Name =~ /\\.$/)  
(83)     if (&User-Name =~ /\\.$/)   -> FALSE
(83)     if (&User-Name =~ /@\\./)  
(83)     if (&User-Name =~ /@\\./)   -> FALSE
(83)   } # filter_username filter_username = notfound
(83)   [preprocess] = ok
(83)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(83)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(83)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(83)  auth_log : EXPAND %t
(83)  auth_log :    --> Wed Feb 14 20:04:45 2018
(83)   [auth_log] = ok
(83)   [chap] = noop
(83)   [mschap] = noop
(83)   [digest] = noop
(83)   [wimax] = noop
(83)  suffix : Checking for suffix after "@"
(83)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(83)  suffix : No such realm "siemens.com"
(83)   [suffix] = noop
(83)  eap : Peer sent code Response (2) ID 176 length 106
(83)  eap : Continuing tunnel setup
(83)   [eap] = ok
(83)  } #  authorize = ok
(83) Found Auth-Type = EAP
(83) # Executing group from file /etc/raddb/sites-enabled/default
(83)   authenticate {
(83)  eap : Expiring EAP session with state 0x34b58d2c37779811
(83)  eap : Finished EAP session with state 0xda00939bdab086e6
(83)  eap : Previous EAP request found for state 0xda00939bdab086e6, released from the list
(83)  eap : Peer sent method TTLS (21)
(83)  eap : EAP TTLS (21)
(83)  eap : Calling eap_ttls to process EAP data
(83)  eap_ttls : Authenticate
(83)  eap_ttls : processing EAP-TLS
  TLS Length 96
(83)  eap_ttls : Length Included
(83)  eap_ttls : eaptls_verify returned 11 
(83)  eap_ttls : (other): before/accept initialization
(83)  eap_ttls : TLS_accept: before/accept initialization
(83)  eap_ttls : <<< Unknown TLS version [length 0005] 
(83)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(83)  eap_ttls : TLS_accept: SSLv3 read client hello A
(83)  eap_ttls : >>> Unknown TLS version [length 0005] 
(83)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(83)  eap_ttls : TLS_accept: SSLv3 write server hello A
(83)  eap_ttls : >>> Unknown TLS version [length 0005] 
(83)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(83)  eap_ttls : TLS_accept: SSLv3 write certificate A
(83)  eap_ttls : >>> Unknown TLS version [length 0005] 
(83)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(83)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(83)  eap_ttls : >>> Unknown TLS version [length 0005] 
(83)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(83)  eap_ttls : TLS_accept: SSLv3 write server done A
(83)  eap_ttls : TLS_accept: SSLv3 flush data
(83)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(83)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(83)  eap_ttls : eaptls_process returned 13 
(83)  eap : New EAP session, adding 'State' attribute to reply 0xda00939bdbb186e6
(83)   [eap] = handled
(83)  } #  authenticate = handled
(83) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=102, length=0
(83) 	EAP-Message = 0x01b103ec15c000000702160301004a0200004603015a82eb28b55de937f51e837324434c947c5c46a85c5d9b9de1742d814160bf0d20654a3d857b3e824c66b68723e4c6a73bb967adaeffef6122758ca9c85b47e7e000390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(83) 	Message-Authenticator = 0x00000000000000000000000000000000
(83) 	State = 0xda00939bdbb186e60b0a81a1d667764b
Sending Access-Challenge Id 102 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b103ec15c000000702160301004a0200004603015a82eb28b55de937f51e837324434c947c5c46a85c5d9b9de1742d814160bf0d20654a3d857b3e824c66b68723e4c6a73bb967adaeffef6122758ca9c85b47e7e000390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xda00939bdbb186e60b0a81a1d667764b
(83) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 103 from 192.168.99.122:49321 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0x16fd0d70ac5341a5e17f7c4aae53c0c7
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02b100061500
	State = 0xda00939bdbb186e60b0a81a1d667764b
(84) Received Access-Request packet from host 192.168.99.122 port 49321, id=103, length=86
(84) 	Message-Authenticator = 0x16fd0d70ac5341a5e17f7c4aae53c0c7
(84) 	NAS-Identifier = 'BS'
(84) 	User-Name = 'CPE7@siemens.com'
(84) 	EAP-Message = 0x02b100061500
(84) 	State = 0xda00939bdbb186e60b0a81a1d667764b
(84) # Executing section authorize from file /etc/raddb/sites-enabled/default
(84)   authorize {
(84)   filter_username filter_username {
(84)     if (!&User-Name) 
(84)     if (!&User-Name)  -> FALSE
(84)     if (&User-Name =~ / /) 
(84)     if (&User-Name =~ / /)  -> FALSE
(84)     if (&User-Name =~ /@.*@/ ) 
(84)     if (&User-Name =~ /@.*@/ )  -> FALSE
(84)     if (&User-Name =~ /\\.\\./ ) 
(84)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(84)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(84)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(84)     if (&User-Name =~ /\\.$/)  
(84)     if (&User-Name =~ /\\.$/)   -> FALSE
(84)     if (&User-Name =~ /@\\./)  
(84)     if (&User-Name =~ /@\\./)   -> FALSE
(84)   } # filter_username filter_username = notfound
(84)   [preprocess] = ok
(84)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(84)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(84)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(84)  auth_log : EXPAND %t
(84)  auth_log :    --> Wed Feb 14 20:04:45 2018
(84)   [auth_log] = ok
(84)   [chap] = noop
(84)   [mschap] = noop
(84)   [digest] = noop
(84)   [wimax] = noop
(84)  suffix : Checking for suffix after "@"
(84)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(84)  suffix : No such realm "siemens.com"
(84)   [suffix] = noop
(84)  eap : Peer sent code Response (2) ID 177 length 6
(84)  eap : Continuing tunnel setup
(84)   [eap] = ok
(84)  } #  authorize = ok
(84) Found Auth-Type = EAP
(84) # Executing group from file /etc/raddb/sites-enabled/default
(84)   authenticate {
(84)  eap : Expiring EAP session with state 0x34b58d2c37779811
(84)  eap : Finished EAP session with state 0xda00939bdbb186e6
(84)  eap : Previous EAP request found for state 0xda00939bdbb186e6, released from the list
(84)  eap : Peer sent method TTLS (21)
(84)  eap : EAP TTLS (21)
(84)  eap : Calling eap_ttls to process EAP data
(84)  eap_ttls : Authenticate
(84)  eap_ttls : processing EAP-TLS
(84)  eap_ttls : Received TLS ACK
(84)  eap_ttls : Received TLS ACK
(84)  eap_ttls : ACK handshake fragment handler
(84)  eap_ttls : eaptls_verify returned 1 
(84)  eap_ttls : eaptls_process returned 13 
(84)  eap : New EAP session, adding 'State' attribute to reply 0xda00939bd8b286e6
(84)   [eap] = handled
(84)  } #  authenticate = handled
(84) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=103, length=0
(84) 	EAP-Message = 0x01b2032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(84) 	Message-Authenticator = 0x00000000000000000000000000000000
(84) 	State = 0xda00939bd8b286e60b0a81a1d667764b
Sending Access-Challenge Id 103 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b2032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xda00939bd8b286e60b0a81a1d667764b
(84) Finished request
Waking up in 0.2 seconds.
Waking up in 1.4 seconds.
Received Access-Request Id 126 from 192.168.99.123:49286 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0xc82d4bfe5461d706242123c0082f92ba
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x028f00d01580000000c61603010086100000820080508dea4aab6f774fb277690b5d23118f33f36312ae80958c4f56cd2717a79ddd7b24b547ad905c79bad56d13567d7a988ed8efc1f451e4c9b356a174d95dd5f7d71c38474b4e0341704995980a66c91b4d5326dd0870607f42fb9be010e0f93bb3668b0da75890b605cdc5f2236bbdeaf335429306ffc3f49a5893a6e1993e1c1403010001011603010030a1d60be952c3f0e86413925c2f7f53e72df1648be080c0f92b2dfbde87346145a39c98fb210c78fcd0fc41b21ecf74c9
	State = 0xc1e01396c36f0642cfc3dce5c8c07b81
(85) Received Access-Request packet from host 192.168.99.123 port 49286, id=126, length=288
(85) 	Message-Authenticator = 0xc82d4bfe5461d706242123c0082f92ba
(85) 	NAS-Identifier = 'BS'
(85) 	User-Name = 'CPE9@siemens.com'
(85) 	EAP-Message = 0x028f00d01580000000c61603010086100000820080508dea4aab6f774fb277690b5d23118f33f36312ae80958c4f56cd2717a79ddd7b24b547ad905c79bad56d13567d7a988ed8efc1f451e4c9b356a174d95dd5f7d71c38474b4e0341704995980a66c91b4d5326dd0870607f42fb9be010e0f93bb3668b0da75890b605cdc5f2236bbdeaf335429306ffc3f49a5893a6e1993e1c1403010001011603010030a1d60be952c3f0e86413925c2f7f53e72df1648be080c0f92b2dfbde87346145a39c98fb210c78fcd0fc41b21ecf74c9
(85) 	State = 0xc1e01396c36f0642cfc3dce5c8c07b81
(85) # Executing section authorize from file /etc/raddb/sites-enabled/default
(85)   authorize {
(85)   filter_username filter_username {
(85)     if (!&User-Name) 
(85)     if (!&User-Name)  -> FALSE
(85)     if (&User-Name =~ / /) 
(85)     if (&User-Name =~ / /)  -> FALSE
(85)     if (&User-Name =~ /@.*@/ ) 
(85)     if (&User-Name =~ /@.*@/ )  -> FALSE
(85)     if (&User-Name =~ /\\.\\./ ) 
(85)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(85)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(85)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(85)     if (&User-Name =~ /\\.$/)  
(85)     if (&User-Name =~ /\\.$/)   -> FALSE
(85)     if (&User-Name =~ /@\\./)  
(85)     if (&User-Name =~ /@\\./)   -> FALSE
(85)   } # filter_username filter_username = notfound
(85)   [preprocess] = ok
(85)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(85)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(85)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(85)  auth_log : EXPAND %t
(85)  auth_log :    --> Wed Feb 14 20:04:46 2018
(85)   [auth_log] = ok
(85)   [chap] = noop
(85)   [mschap] = noop
(85)   [digest] = noop
(85)   [wimax] = noop
(85)  suffix : Checking for suffix after "@"
(85)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(85)  suffix : No such realm "siemens.com"
(85)   [suffix] = noop
(85)  eap : Peer sent code Response (2) ID 143 length 208
(85)  eap : Continuing tunnel setup
(85)   [eap] = ok
(85)  } #  authorize = ok
(85) Found Auth-Type = EAP
(85) # Executing group from file /etc/raddb/sites-enabled/default
(85)   authenticate {
(85)  eap : Expiring EAP session with state 0x34b58d2c37779811
(85)  eap : Finished EAP session with state 0xc1e01396c36f0642
(85)  eap : Previous EAP request found for state 0xc1e01396c36f0642, released from the list
(85)  eap : Peer sent method TTLS (21)
(85)  eap : EAP TTLS (21)
(85)  eap : Calling eap_ttls to process EAP data
(85)  eap_ttls : Authenticate
(85)  eap_ttls : processing EAP-TLS
  TLS Length 198
(85)  eap_ttls : Length Included
(85)  eap_ttls : eaptls_verify returned 11 
(85)  eap_ttls : <<< Unknown TLS version [length 0005] 
(85)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(85)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(85)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(85)  eap_ttls : <<< Unknown TLS version [length 0005] 
(85)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(85)  eap_ttls : <<< Unknown TLS version [length 0005] 
(85)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(85)  eap_ttls : TLS_accept: SSLv3 read finished A
(85)  eap_ttls : >>> Unknown TLS version [length 0005] 
(85)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(85)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(85)  eap_ttls : >>> Unknown TLS version [length 0005] 
(85)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(85)  eap_ttls : TLS_accept: SSLv3 write finished A
(85)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 3e32330f4885a3ed9ac2b4d5753a13f7d2a4d1b1efeee3c4ab58f6da95fde445 to cache
(85)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(85)  eap_ttls : eaptls_process returned 13 
(85)  eap : New EAP session, adding 'State' attribute to reply 0xc1e01396c2700642
(85)   [eap] = handled
(85)  } #  authenticate = handled
(85) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=126, length=0
(85) 	EAP-Message = 0x0190004515800000003b140301000101160301003035cd09c9adade3dfb26fac6d8a62d928f85a6fd435315e2bd7ef4d7d3e0ae246e86815c821f33e11b33369b7baebe45f
(85) 	Message-Authenticator = 0x00000000000000000000000000000000
(85) 	State = 0xc1e01396c2700642cfc3dce5c8c07b81
Sending Access-Challenge Id 126 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x0190004515800000003b140301000101160301003035cd09c9adade3dfb26fac6d8a62d928f85a6fd435315e2bd7ef4d7d3e0ae246e86815c821f33e11b33369b7baebe45f
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xc1e01396c2700642cfc3dce5c8c07b81
(85) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 149 from 192.168.99.121:49210 to 192.168.99.101:1812 length 289
	Message-Authenticator = 0x289be4592c7f129350526f8a355c9be6
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c300d01580000000c6160301008610000082008045316666ac8f6140d5ceef39eff6b1b7585a11263b70acf506ec629829f286d8d70c8af902c070c4b0ba0bd46020dbf02a262f958bd2e1bca6d33819c25ea60dca660fc360980270a91cff0bd78f823de032bf62ed3a69434790e747ae478182af4be6a2157869806d36aebb3ef2bd6ee7d98f9af1abf24d1c965294f9c40e0e1403010001011603010030335e6e3647e3aee4580b48d626fcec7ab29bc8560541384436139883d4e13cc33bc9250c34d867e9d0b9fa0f4f98e1eb
	State = 0x918e13c5934d061769d94ee7ca112ece
(86) Received Access-Request packet from host 192.168.99.121 port 49210, id=149, length=289
(86) 	Message-Authenticator = 0x289be4592c7f129350526f8a355c9be6
(86) 	NAS-Identifier = 'BS'
(86) 	User-Name = 'CPE11@siemens.com'
(86) 	EAP-Message = 0x02c300d01580000000c6160301008610000082008045316666ac8f6140d5ceef39eff6b1b7585a11263b70acf506ec629829f286d8d70c8af902c070c4b0ba0bd46020dbf02a262f958bd2e1bca6d33819c25ea60dca660fc360980270a91cff0bd78f823de032bf62ed3a69434790e747ae478182af4be6a2157869806d36aebb3ef2bd6ee7d98f9af1abf24d1c965294f9c40e0e1403010001011603010030335e6e3647e3aee4580b48d626fcec7ab29bc8560541384436139883d4e13cc33bc9250c34d867e9d0b9fa0f4f98e1eb
(86) 	State = 0x918e13c5934d061769d94ee7ca112ece
(86) # Executing section authorize from file /etc/raddb/sites-enabled/default
(86)   authorize {
(86)   filter_username filter_username {
(86)     if (!&User-Name) 
(86)     if (!&User-Name)  -> FALSE
(86)     if (&User-Name =~ / /) 
(86)     if (&User-Name =~ / /)  -> FALSE
(86)     if (&User-Name =~ /@.*@/ ) 
(86)     if (&User-Name =~ /@.*@/ )  -> FALSE
(86)     if (&User-Name =~ /\\.\\./ ) 
(86)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(86)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(86)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(86)     if (&User-Name =~ /\\.$/)  
(86)     if (&User-Name =~ /\\.$/)   -> FALSE
(86)     if (&User-Name =~ /@\\./)  
(86)     if (&User-Name =~ /@\\./)   -> FALSE
(86)   } # filter_username filter_username = notfound
(86)   [preprocess] = ok
(86)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(86)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(86)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(86)  auth_log : EXPAND %t
(86)  auth_log :    --> Wed Feb 14 20:04:46 2018
(86)   [auth_log] = ok
(86)   [chap] = noop
(86)   [mschap] = noop
(86)   [digest] = noop
(86)   [wimax] = noop
(86)  suffix : Checking for suffix after "@"
(86)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(86)  suffix : No such realm "siemens.com"
(86)   [suffix] = noop
(86)  eap : Peer sent code Response (2) ID 195 length 208
(86)  eap : Continuing tunnel setup
(86)   [eap] = ok
(86)  } #  authorize = ok
(86) Found Auth-Type = EAP
(86) # Executing group from file /etc/raddb/sites-enabled/default
(86)   authenticate {
(86)  eap : Expiring EAP session with state 0x34b58d2c37779811
(86)  eap : Finished EAP session with state 0x918e13c5934d0617
(86)  eap : Previous EAP request found for state 0x918e13c5934d0617, released from the list
(86)  eap : Peer sent method TTLS (21)
(86)  eap : EAP TTLS (21)
(86)  eap : Calling eap_ttls to process EAP data
(86)  eap_ttls : Authenticate
(86)  eap_ttls : processing EAP-TLS
  TLS Length 198
(86)  eap_ttls : Length Included
(86)  eap_ttls : eaptls_verify returned 11 
(86)  eap_ttls : <<< Unknown TLS version [length 0005] 
(86)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(86)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(86)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(86)  eap_ttls : <<< Unknown TLS version [length 0005] 
(86)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(86)  eap_ttls : <<< Unknown TLS version [length 0005] 
(86)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(86)  eap_ttls : TLS_accept: SSLv3 read finished A
(86)  eap_ttls : >>> Unknown TLS version [length 0005] 
(86)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(86)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(86)  eap_ttls : >>> Unknown TLS version [length 0005] 
(86)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(86)  eap_ttls : TLS_accept: SSLv3 write finished A
(86)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 8c26ed6e31782212905c048fc0b7c03e1e5fd532336d9e33472f72559284e3d8 to cache
(86)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(86)  eap_ttls : eaptls_process returned 13 
(86)  eap : New EAP session, adding 'State' attribute to reply 0x918e13c5924a0617
(86)   [eap] = handled
(86)  } #  authenticate = handled
(86) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=149, length=0
(86) 	EAP-Message = 0x01c4004515800000003b1403010001011603010030107f3d9b02158dd60b75e1353dace8ba6173abf8c350f6ef8ecb2ac10971d691cbf6b62f1405b7280ab31e6dacb617a3
(86) 	Message-Authenticator = 0x00000000000000000000000000000000
(86) 	State = 0x918e13c5924a061769d94ee7ca112ece
Sending Access-Challenge Id 149 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c4004515800000003b1403010001011603010030107f3d9b02158dd60b75e1353dace8ba6173abf8c350f6ef8ecb2ac10971d691cbf6b62f1405b7280ab31e6dacb617a3
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x918e13c5924a061769d94ee7ca112ece
(86) Finished request
Waking up in 0.2 seconds.
Waking up in 0.1 seconds.
Waking up in 0.4 seconds.
(68) Cleaning up request packet ID 119 with timestamp +86
(69) Cleaning up request packet ID 100 with timestamp +86
(70) Cleaning up request packet ID 120 with timestamp +86
(71) Cleaning up request packet ID 121 with timestamp +86
Waking up in 1.3 seconds.
Received Access-Request Id 104 from 192.168.99.122:49321 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0x84dbb4f4b2c87ca86897355d7a66376f
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02b200d01580000000c616030100861000008200802136995b359dc8e89403870b4d030bd1eeb58a660fc93b27db7228e8592546bb82e67f0804e20364fa8424969b803c3cc4c4ffd983f06564c72ae708fa29e44cfa1e11d983c9241485bff2898b7577df6a59a5b71edddc8c6205cb9311f93f371a31d75b9adcd02f466fc95e82a1249bdf1b034e176dd2294ff926a101f017ff1403010001011603010030425b992a2c744a38587b9697564a2b6d954e9f5a9e18a83e9d0e36905ee1ca0e1e786afdb3521dc8a43626da555a7dc7
	State = 0xda00939bd8b286e60b0a81a1d667764b
(87) Received Access-Request packet from host 192.168.99.122 port 49321, id=104, length=288
(87) 	Message-Authenticator = 0x84dbb4f4b2c87ca86897355d7a66376f
(87) 	NAS-Identifier = 'BS'
(87) 	User-Name = 'CPE7@siemens.com'
(87) 	EAP-Message = 0x02b200d01580000000c616030100861000008200802136995b359dc8e89403870b4d030bd1eeb58a660fc93b27db7228e8592546bb82e67f0804e20364fa8424969b803c3cc4c4ffd983f06564c72ae708fa29e44cfa1e11d983c9241485bff2898b7577df6a59a5b71edddc8c6205cb9311f93f371a31d75b9adcd02f466fc95e82a1249bdf1b034e176dd2294ff926a101f017ff1403010001011603010030425b992a2c744a38587b9697564a2b6d954e9f5a9e18a83e9d0e36905ee1ca0e1e786afdb3521dc8a43626da555a7dc7
(87) 	State = 0xda00939bd8b286e60b0a81a1d667764b
(87) # Executing section authorize from file /etc/raddb/sites-enabled/default
(87)   authorize {
(87)   filter_username filter_username {
(87)     if (!&User-Name) 
(87)     if (!&User-Name)  -> FALSE
(87)     if (&User-Name =~ / /) 
(87)     if (&User-Name =~ / /)  -> FALSE
(87)     if (&User-Name =~ /@.*@/ ) 
(87)     if (&User-Name =~ /@.*@/ )  -> FALSE
(87)     if (&User-Name =~ /\\.\\./ ) 
(87)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(87)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(87)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(87)     if (&User-Name =~ /\\.$/)  
(87)     if (&User-Name =~ /\\.$/)   -> FALSE
(87)     if (&User-Name =~ /@\\./)  
(87)     if (&User-Name =~ /@\\./)   -> FALSE
(87)   } # filter_username filter_username = notfound
(87)   [preprocess] = ok
(87)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(87)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(87)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(87)  auth_log : EXPAND %t
(87)  auth_log :    --> Wed Feb 14 20:04:48 2018
(87)   [auth_log] = ok
(87)   [chap] = noop
(87)   [mschap] = noop
(87)   [digest] = noop
(87)   [wimax] = noop
(87)  suffix : Checking for suffix after "@"
(87)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(87)  suffix : No such realm "siemens.com"
(87)   [suffix] = noop
(87)  eap : Peer sent code Response (2) ID 178 length 208
(87)  eap : Continuing tunnel setup
(87)   [eap] = ok
(87)  } #  authorize = ok
(87) Found Auth-Type = EAP
(87) # Executing group from file /etc/raddb/sites-enabled/default
(87)   authenticate {
(87)  eap : Expiring EAP session with state 0x34b58d2c37779811
(87)  eap : Finished EAP session with state 0xda00939bd8b286e6
(87)  eap : Previous EAP request found for state 0xda00939bd8b286e6, released from the list
(87)  eap : Peer sent method TTLS (21)
(87)  eap : EAP TTLS (21)
(87)  eap : Calling eap_ttls to process EAP data
(87)  eap_ttls : Authenticate
(87)  eap_ttls : processing EAP-TLS
  TLS Length 198
(87)  eap_ttls : Length Included
(87)  eap_ttls : eaptls_verify returned 11 
(87)  eap_ttls : <<< Unknown TLS version [length 0005] 
(87)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(87)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(87)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(87)  eap_ttls : <<< Unknown TLS version [length 0005] 
(87)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(87)  eap_ttls : <<< Unknown TLS version [length 0005] 
(87)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(87)  eap_ttls : TLS_accept: SSLv3 read finished A
(87)  eap_ttls : >>> Unknown TLS version [length 0005] 
(87)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(87)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(87)  eap_ttls : >>> Unknown TLS version [length 0005] 
(87)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(87)  eap_ttls : TLS_accept: SSLv3 write finished A
(87)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 654a3d857b3e824c66b68723e4c6a73bb967adaeffef6122758ca9c85b47e7e0 to cache
(87)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(87)  eap_ttls : eaptls_process returned 13 
(87)  eap : New EAP session, adding 'State' attribute to reply 0xda00939bd9b386e6
(87)   [eap] = handled
(87)  } #  authenticate = handled
(87) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=104, length=0
(87) 	EAP-Message = 0x01b3004515800000003b14030100010116030100305e62292e4a1a51b37d967464cbac6e8071e5ba22e460d6e87fd7fe564bef1cd9e2068fb0baac63db7f13aacb4008d475
(87) 	Message-Authenticator = 0x00000000000000000000000000000000
(87) 	State = 0xda00939bd9b386e60b0a81a1d667764b
Sending Access-Challenge Id 104 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b3004515800000003b14030100010116030100305e62292e4a1a51b37d967464cbac6e8071e5ba22e460d6e87fd7fe564bef1cd9e2068fb0baac63db7f13aacb4008d475
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xda00939bd9b386e60b0a81a1d667764b
(87) Finished request
Waking up in 0.3 seconds.
Waking up in 0.5 seconds.
(72) Cleaning up request packet ID 122 with timestamp +87
(73) Cleaning up request packet ID 123 with timestamp +88
(74) Cleaning up request packet ID 124 with timestamp +88
(75) Cleaning up request packet ID 1 with timestamp +88
(76) Cleaning up request packet ID 146 with timestamp +88
(77) Cleaning up request packet ID 1 with timestamp +88
(78) Cleaning up request packet ID 147 with timestamp +88
(79) Cleaning up request packet ID 148 with timestamp +88
Waking up in 0.1 seconds.
(80) Cleaning up request packet ID 1 with timestamp +88
Waking up in 0.6 seconds.
Received Access-Request Id 105 from 192.168.99.122:49321 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x8252958032e4a580dd05b3faf3fe387a
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02b000150143504536407369656d656e732e636f6d
(88) Received Access-Request packet from host 192.168.99.122 port 49321, id=105, length=83
(88) 	Message-Authenticator = 0x8252958032e4a580dd05b3faf3fe387a
(88) 	NAS-Identifier = 'BS'
(88) 	User-Name = 'CPE6@siemens.com'
(88) 	EAP-Message = 0x02b000150143504536407369656d656e732e636f6d
(88) # Executing section authorize from file /etc/raddb/sites-enabled/default
(88)   authorize {
(88)   filter_username filter_username {
(88)     if (!&User-Name) 
(88)     if (!&User-Name)  -> FALSE
(88)     if (&User-Name =~ / /) 
(88)     if (&User-Name =~ / /)  -> FALSE
(88)     if (&User-Name =~ /@.*@/ ) 
(88)     if (&User-Name =~ /@.*@/ )  -> FALSE
(88)     if (&User-Name =~ /\\.\\./ ) 
(88)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(88)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(88)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(88)     if (&User-Name =~ /\\.$/)  
(88)     if (&User-Name =~ /\\.$/)   -> FALSE
(88)     if (&User-Name =~ /@\\./)  
(88)     if (&User-Name =~ /@\\./)   -> FALSE
(88)   } # filter_username filter_username = notfound
(88)   [preprocess] = ok
(88)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(88)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(88)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(88)  auth_log : EXPAND %t
(88)  auth_log :    --> Wed Feb 14 20:04:49 2018
(88)   [auth_log] = ok
(88)   [chap] = noop
(88)   [mschap] = noop
(88)   [digest] = noop
(88)   [wimax] = noop
(88)  suffix : Checking for suffix after "@"
(88)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(88)  suffix : No such realm "siemens.com"
(88)   [suffix] = noop
(88)  eap : Peer sent code Response (2) ID 176 length 21
(88)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(88)   [eap] = ok
(88)  } #  authorize = ok
(88) Found Auth-Type = EAP
(88) # Executing group from file /etc/raddb/sites-enabled/default
(88)   authenticate {
(88)  eap : Peer sent method Identity (1)
(88)  eap : Calling eap_ttls to process EAP data
(88)  eap_ttls : Initiate
(88)  eap_ttls : Start returned 1
(88)  eap : New EAP session, adding 'State' attribute to reply 0x7bdccc847b6dd9d8
(88)   [eap] = handled
(88)  } #  authenticate = handled
(88) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=105, length=0
(88) 	EAP-Message = 0x01b100061520
(88) 	Message-Authenticator = 0x00000000000000000000000000000000
(88) 	State = 0x7bdccc847b6dd9d81e901bc75a0a3660
Sending Access-Challenge Id 105 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b100061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x7bdccc847b6dd9d81e901bc75a0a3660
(88) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 106 from 192.168.99.122:49321 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x581bac2170eda6e603e379349e1650f3
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02b1006a158000000060160301005b01000057030154acd537b1099da145cc63f770cff91e82f7630225ecd49c841e6e2d1296c27c00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x7bdccc847b6dd9d81e901bc75a0a3660
(89) Received Access-Request packet from host 192.168.99.122 port 49321, id=106, length=186
(89) 	Message-Authenticator = 0x581bac2170eda6e603e379349e1650f3
(89) 	NAS-Identifier = 'BS'
(89) 	User-Name = 'CPE6@siemens.com'
(89) 	EAP-Message = 0x02b1006a158000000060160301005b01000057030154acd537b1099da145cc63f770cff91e82f7630225ecd49c841e6e2d1296c27c00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(89) 	State = 0x7bdccc847b6dd9d81e901bc75a0a3660
(89) # Executing section authorize from file /etc/raddb/sites-enabled/default
(89)   authorize {
(89)   filter_username filter_username {
(89)     if (!&User-Name) 
(89)     if (!&User-Name)  -> FALSE
(89)     if (&User-Name =~ / /) 
(89)     if (&User-Name =~ / /)  -> FALSE
(89)     if (&User-Name =~ /@.*@/ ) 
(89)     if (&User-Name =~ /@.*@/ )  -> FALSE
(89)     if (&User-Name =~ /\\.\\./ ) 
(89)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(89)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(89)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(89)     if (&User-Name =~ /\\.$/)  
(89)     if (&User-Name =~ /\\.$/)   -> FALSE
(89)     if (&User-Name =~ /@\\./)  
(89)     if (&User-Name =~ /@\\./)   -> FALSE
(89)   } # filter_username filter_username = notfound
(89)   [preprocess] = ok
(89)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(89)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(89)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(89)  auth_log : EXPAND %t
(89)  auth_log :    --> Wed Feb 14 20:04:49 2018
(89)   [auth_log] = ok
(89)   [chap] = noop
(89)   [mschap] = noop
(89)   [digest] = noop
(89)   [wimax] = noop
(89)  suffix : Checking for suffix after "@"
(89)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(89)  suffix : No such realm "siemens.com"
(89)   [suffix] = noop
(89)  eap : Peer sent code Response (2) ID 177 length 106
(89)  eap : Continuing tunnel setup
(89)   [eap] = ok
(89)  } #  authorize = ok
(89) Found Auth-Type = EAP
(89) # Executing group from file /etc/raddb/sites-enabled/default
(89)   authenticate {
(89)  eap : Expiring EAP session with state 0x34b58d2c37779811
(89)  eap : Finished EAP session with state 0x7bdccc847b6dd9d8
(89)  eap : Previous EAP request found for state 0x7bdccc847b6dd9d8, released from the list
(89)  eap : Peer sent method TTLS (21)
(89)  eap : EAP TTLS (21)
(89)  eap : Calling eap_ttls to process EAP data
(89)  eap_ttls : Authenticate
(89)  eap_ttls : processing EAP-TLS
  TLS Length 96
(89)  eap_ttls : Length Included
(89)  eap_ttls : eaptls_verify returned 11 
(89)  eap_ttls : (other): before/accept initialization
(89)  eap_ttls : TLS_accept: before/accept initialization
(89)  eap_ttls : <<< Unknown TLS version [length 0005] 
(89)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(89)  eap_ttls : TLS_accept: SSLv3 read client hello A
(89)  eap_ttls : >>> Unknown TLS version [length 0005] 
(89)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(89)  eap_ttls : TLS_accept: SSLv3 write server hello A
(89)  eap_ttls : >>> Unknown TLS version [length 0005] 
(89)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(89)  eap_ttls : TLS_accept: SSLv3 write certificate A
(89)  eap_ttls : >>> Unknown TLS version [length 0005] 
(89)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(89)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(89)  eap_ttls : >>> Unknown TLS version [length 0005] 
(89)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(89)  eap_ttls : TLS_accept: SSLv3 write server done A
(89)  eap_ttls : TLS_accept: SSLv3 flush data
(89)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(89)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(89)  eap_ttls : eaptls_process returned 13 
(89)  eap : New EAP session, adding 'State' attribute to reply 0x7bdccc847a6ed9d8
(89)   [eap] = handled
(89)  } #  authenticate = handled
(89) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=106, length=0
(89) 	EAP-Message = 0x01b203ec15c000000702160301004a020000460301c7680d03e4ac8ee01d8e25db337d22495ac5a07cc77894f4b2ffe8e1e3762e2d200c5a7eb4d31ea709e75474a378280c71539785bd4bde08fdba1a1ea00863261a00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(89) 	Message-Authenticator = 0x00000000000000000000000000000000
(89) 	State = 0x7bdccc847a6ed9d81e901bc75a0a3660
Sending Access-Challenge Id 106 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b203ec15c000000702160301004a020000460301c7680d03e4ac8ee01d8e25db337d22495ac5a07cc77894f4b2ffe8e1e3762e2d200c5a7eb4d31ea709e75474a378280c71539785bd4bde08fdba1a1ea00863261a00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x7bdccc847a6ed9d81e901bc75a0a3660
(89) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 107 from 192.168.99.122:49321 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0xa650b864150aa2660b7826e36afad015
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02b200061500
	State = 0x7bdccc847a6ed9d81e901bc75a0a3660
(90) Received Access-Request packet from host 192.168.99.122 port 49321, id=107, length=86
(90) 	Message-Authenticator = 0xa650b864150aa2660b7826e36afad015
(90) 	NAS-Identifier = 'BS'
(90) 	User-Name = 'CPE6@siemens.com'
(90) 	EAP-Message = 0x02b200061500
(90) 	State = 0x7bdccc847a6ed9d81e901bc75a0a3660
(90) # Executing section authorize from file /etc/raddb/sites-enabled/default
(90)   authorize {
(90)   filter_username filter_username {
(90)     if (!&User-Name) 
(90)     if (!&User-Name)  -> FALSE
(90)     if (&User-Name =~ / /) 
(90)     if (&User-Name =~ / /)  -> FALSE
(90)     if (&User-Name =~ /@.*@/ ) 
(90)     if (&User-Name =~ /@.*@/ )  -> FALSE
(90)     if (&User-Name =~ /\\.\\./ ) 
(90)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(90)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(90)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(90)     if (&User-Name =~ /\\.$/)  
(90)     if (&User-Name =~ /\\.$/)   -> FALSE
(90)     if (&User-Name =~ /@\\./)  
(90)     if (&User-Name =~ /@\\./)   -> FALSE
(90)   } # filter_username filter_username = notfound
(90)   [preprocess] = ok
(90)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(90)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(90)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(90)  auth_log : EXPAND %t
(90)  auth_log :    --> Wed Feb 14 20:04:49 2018
(90)   [auth_log] = ok
(90)   [chap] = noop
(90)   [mschap] = noop
(90)   [digest] = noop
(90)   [wimax] = noop
(90)  suffix : Checking for suffix after "@"
(90)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(90)  suffix : No such realm "siemens.com"
(90)   [suffix] = noop
(90)  eap : Peer sent code Response (2) ID 178 length 6
(90)  eap : Continuing tunnel setup
(90)   [eap] = ok
(90)  } #  authorize = ok
(90) Found Auth-Type = EAP
(90) # Executing group from file /etc/raddb/sites-enabled/default
(90)   authenticate {
(90)  eap : Expiring EAP session with state 0x34b58d2c37779811
(90)  eap : Finished EAP session with state 0x7bdccc847a6ed9d8
(90)  eap : Previous EAP request found for state 0x7bdccc847a6ed9d8, released from the list
(90)  eap : Peer sent method TTLS (21)
(90)  eap : EAP TTLS (21)
(90)  eap : Calling eap_ttls to process EAP data
(90)  eap_ttls : Authenticate
(90)  eap_ttls : processing EAP-TLS
(90)  eap_ttls : Received TLS ACK
(90)  eap_ttls : Received TLS ACK
(90)  eap_ttls : ACK handshake fragment handler
(90)  eap_ttls : eaptls_verify returned 1 
(90)  eap_ttls : eaptls_process returned 13 
(90)  eap : New EAP session, adding 'State' attribute to reply 0x7bdccc84796fd9d8
(90)   [eap] = handled
(90)  } #  authenticate = handled
(90) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=107, length=0
(90) 	EAP-Message = 0x01b3032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(90) 	Message-Authenticator = 0x00000000000000000000000000000000
(90) 	State = 0x7bdccc84796fd9d81e901bc75a0a3660
Sending Access-Challenge Id 107 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b3032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x7bdccc84796fd9d81e901bc75a0a3660
(90) Finished request
Waking up in 0.1 seconds.
(81) Cleaning up request packet ID 125 with timestamp +89
Received Access-Request Id 1 from 192.168.99.121:49210 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(91) Received Access-Request packet from host 192.168.99.121 port 49210, id=1, length=49
(91) 	NAS-Identifier = 'BS'
(91) 	User-Name = 'dummy'
(91) 	User-Password = '*PASSWORD*'
(91) # Executing section authorize from file /etc/raddb/sites-enabled/default
(91)   authorize {
(91)   filter_username filter_username {
(91)     if (!&User-Name) 
(91)     if (!&User-Name)  -> FALSE
(91)     if (&User-Name =~ / /) 
(91)     if (&User-Name =~ / /)  -> FALSE
(91)     if (&User-Name =~ /@.*@/ ) 
(91)     if (&User-Name =~ /@.*@/ )  -> FALSE
(91)     if (&User-Name =~ /\\.\\./ ) 
(91)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(91)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(91)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(91)     if (&User-Name =~ /\\.$/)  
(91)     if (&User-Name =~ /\\.$/)   -> FALSE
(91)     if (&User-Name =~ /@\\./)  
(91)     if (&User-Name =~ /@\\./)   -> FALSE
(91)   } # filter_username filter_username = notfound
(91)   [preprocess] = ok
(91)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(91)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(91)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(91)  auth_log : EXPAND %t
(91)  auth_log :    --> Wed Feb 14 20:04:50 2018
(91)   [auth_log] = ok
(91)   [chap] = noop
(91)   [mschap] = noop
(91)   [digest] = noop
(91)   [wimax] = noop
(91)  suffix : Checking for suffix after "@"
(91)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(91)  suffix : No such realm "NULL"
(91)   [suffix] = noop
(91)  eap : No EAP-Message, not doing EAP
(91)   [eap] = noop
(91)  files : users: Matched entry dummy at line 159
(91)   [files] = ok
(91)   [expiration] = noop
(91)   [logintime] = noop
(91)   [pap] = updated
(91)  } #  authorize = updated
(91) Found Auth-Type = PAP
(91) # Executing group from file /etc/raddb/sites-enabled/default
(91)  Auth-Type PAP {
(91)  pap : Login attempt with password
(91)  pap : User authenticated successfully
(91)   [pap] = ok
(91)  } # Auth-Type PAP = ok
(91) Login OK: [dummy] (from client BS1 port 0)
(91) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(91)   post-auth {
(91)   [exec] = noop
(91)   update reply {
(91) 	Session-Timeout := 1800
(91)   } # update reply = noop
(91)   remove_reply_message_if_eap remove_reply_message_if_eap {
(91)     if (&reply:EAP-Message && &reply:Reply-Message) 
(91)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(91)    else else {
(91)     [noop] = noop
(91)    } # else else = noop
(91)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(91)  } #  post-auth = noop
(91) Sending Access-Accept packet to host 192.168.99.121 port 49210, id=1, length=0
(91) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.121:49210
	Session-Timeout := 1800
(91) Finished request
Waking up in 0.2 seconds.
(82) Cleaning up request packet ID 101 with timestamp +89
(83) Cleaning up request packet ID 102 with timestamp +89
(84) Cleaning up request packet ID 103 with timestamp +89
Waking up in 0.8 seconds.
(85) Cleaning up request packet ID 126 with timestamp +90
Waking up in 0.1 seconds.
(86) Cleaning up request packet ID 149 with timestamp +90
Waking up in 1.4 seconds.
Received Access-Request Id 108 from 192.168.99.122:49321 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0x96cd46b63c2f97d0bd1c32f197725c90
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02b300d01580000000c616030100861000008200803f9472b27446e2d5fa54a0bb09b68804896b12be32d2e5074252da77b54186af5560aad0a8054519dbc08a0f2f758a89e66016bd2d6566c5c15826291c7dc92df133263c1fad5ec152132744b32a7b8186375502249b8530b652da1a54eef2f2fadf187f9ff2bee64cb09b3bb864c51518bd29c3d6e27e2dcd9f5918fca01a4e1403010001011603010030185e034eeef08a8b24b344406d3dee84e608957c3b4de57fbba991235d0c0fca20645219e7d8715282818c5b5973315d
	State = 0x7bdccc84796fd9d81e901bc75a0a3660
(92) Received Access-Request packet from host 192.168.99.122 port 49321, id=108, length=288
(92) 	Message-Authenticator = 0x96cd46b63c2f97d0bd1c32f197725c90
(92) 	NAS-Identifier = 'BS'
(92) 	User-Name = 'CPE6@siemens.com'
(92) 	EAP-Message = 0x02b300d01580000000c616030100861000008200803f9472b27446e2d5fa54a0bb09b68804896b12be32d2e5074252da77b54186af5560aad0a8054519dbc08a0f2f758a89e66016bd2d6566c5c15826291c7dc92df133263c1fad5ec152132744b32a7b8186375502249b8530b652da1a54eef2f2fadf187f9ff2bee64cb09b3bb864c51518bd29c3d6e27e2dcd9f5918fca01a4e1403010001011603010030185e034eeef08a8b24b344406d3dee84e608957c3b4de57fbba991235d0c0fca20645219e7d8715282818c5b5973315d
(92) 	State = 0x7bdccc84796fd9d81e901bc75a0a3660
(92) # Executing section authorize from file /etc/raddb/sites-enabled/default
(92)   authorize {
(92)   filter_username filter_username {
(92)     if (!&User-Name) 
(92)     if (!&User-Name)  -> FALSE
(92)     if (&User-Name =~ / /) 
(92)     if (&User-Name =~ / /)  -> FALSE
(92)     if (&User-Name =~ /@.*@/ ) 
(92)     if (&User-Name =~ /@.*@/ )  -> FALSE
(92)     if (&User-Name =~ /\\.\\./ ) 
(92)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(92)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(92)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(92)     if (&User-Name =~ /\\.$/)  
(92)     if (&User-Name =~ /\\.$/)   -> FALSE
(92)     if (&User-Name =~ /@\\./)  
(92)     if (&User-Name =~ /@\\./)   -> FALSE
(92)   } # filter_username filter_username = notfound
(92)   [preprocess] = ok
(92)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(92)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(92)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(92)  auth_log : EXPAND %t
(92)  auth_log :    --> Wed Feb 14 20:04:52 2018
(92)   [auth_log] = ok
(92)   [chap] = noop
(92)   [mschap] = noop
(92)   [digest] = noop
(92)   [wimax] = noop
(92)  suffix : Checking for suffix after "@"
(92)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(92)  suffix : No such realm "siemens.com"
(92)   [suffix] = noop
(92)  eap : Peer sent code Response (2) ID 179 length 208
(92)  eap : Continuing tunnel setup
(92)   [eap] = ok
(92)  } #  authorize = ok
(92) Found Auth-Type = EAP
(92) # Executing group from file /etc/raddb/sites-enabled/default
(92)   authenticate {
(92)  eap : Expiring EAP session with state 0x34b58d2c37779811
(92)  eap : Finished EAP session with state 0x7bdccc84796fd9d8
(92)  eap : Previous EAP request found for state 0x7bdccc84796fd9d8, released from the list
(92)  eap : Peer sent method TTLS (21)
(92)  eap : EAP TTLS (21)
(92)  eap : Calling eap_ttls to process EAP data
(92)  eap_ttls : Authenticate
(92)  eap_ttls : processing EAP-TLS
  TLS Length 198
(92)  eap_ttls : Length Included
(92)  eap_ttls : eaptls_verify returned 11 
(92)  eap_ttls : <<< Unknown TLS version [length 0005] 
(92)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(92)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(92)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(92)  eap_ttls : <<< Unknown TLS version [length 0005] 
(92)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(92)  eap_ttls : <<< Unknown TLS version [length 0005] 
(92)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(92)  eap_ttls : TLS_accept: SSLv3 read finished A
(92)  eap_ttls : >>> Unknown TLS version [length 0005] 
(92)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(92)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(92)  eap_ttls : >>> Unknown TLS version [length 0005] 
(92)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(92)  eap_ttls : TLS_accept: SSLv3 write finished A
(92)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 0c5a7eb4d31ea709e75474a378280c71539785bd4bde08fdba1a1ea00863261a to cache
(92)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(92)  eap_ttls : eaptls_process returned 13 
(92)  eap : New EAP session, adding 'State' attribute to reply 0x7bdccc847868d9d8
(92)   [eap] = handled
(92)  } #  authenticate = handled
(92) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=108, length=0
(92) 	EAP-Message = 0x01b4004515800000003b1403010001011603010030eb75f503cfae7fc7f5659e2c22a0bfc8905cd781bf6808a86cde3e991963f57af8b8214fbda54bff1987dd8506c0e68b
(92) 	Message-Authenticator = 0x00000000000000000000000000000000
(92) 	State = 0x7bdccc847868d9d81e901bc75a0a3660
Sending Access-Challenge Id 108 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b4004515800000003b1403010001011603010030eb75f503cfae7fc7f5659e2c22a0bfc8905cd781bf6808a86cde3e991963f57af8b8214fbda54bff1987dd8506c0e68b
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x7bdccc847868d9d81e901bc75a0a3660
(92) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 127 from 192.168.99.123:49286 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x4cf74554953d85316a48fd93e6ffe62b
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x028d00150143504538407369656d656e732e636f6d
(93) Received Access-Request packet from host 192.168.99.123 port 49286, id=127, length=83
(93) 	Message-Authenticator = 0x4cf74554953d85316a48fd93e6ffe62b
(93) 	NAS-Identifier = 'BS'
(93) 	User-Name = 'CPE8@siemens.com'
(93) 	EAP-Message = 0x028d00150143504538407369656d656e732e636f6d
(93) # Executing section authorize from file /etc/raddb/sites-enabled/default
(93)   authorize {
(93)   filter_username filter_username {
(93)     if (!&User-Name) 
(93)     if (!&User-Name)  -> FALSE
(93)     if (&User-Name =~ / /) 
(93)     if (&User-Name =~ / /)  -> FALSE
(93)     if (&User-Name =~ /@.*@/ ) 
(93)     if (&User-Name =~ /@.*@/ )  -> FALSE
(93)     if (&User-Name =~ /\\.\\./ ) 
(93)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(93)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(93)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(93)     if (&User-Name =~ /\\.$/)  
(93)     if (&User-Name =~ /\\.$/)   -> FALSE
(93)     if (&User-Name =~ /@\\./)  
(93)     if (&User-Name =~ /@\\./)   -> FALSE
(93)   } # filter_username filter_username = notfound
(93)   [preprocess] = ok
(93)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(93)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(93)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(93)  auth_log : EXPAND %t
(93)  auth_log :    --> Wed Feb 14 20:04:52 2018
(93)   [auth_log] = ok
(93)   [chap] = noop
(93)   [mschap] = noop
(93)   [digest] = noop
(93)   [wimax] = noop
(93)  suffix : Checking for suffix after "@"
(93)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(93)  suffix : No such realm "siemens.com"
(93)   [suffix] = noop
(93)  eap : Peer sent code Response (2) ID 141 length 21
(93)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(93)   [eap] = ok
(93)  } #  authorize = ok
(93) Found Auth-Type = EAP
(93) # Executing group from file /etc/raddb/sites-enabled/default
(93)   authenticate {
(93)  eap : Peer sent method Identity (1)
(93)  eap : Calling eap_ttls to process EAP data
(93)  eap_ttls : Initiate
(93)  eap_ttls : Start returned 1
(93)  eap : New EAP session, adding 'State' attribute to reply 0x920e3f7892802a8f
(93)   [eap] = handled
(93)  } #  authenticate = handled
(93) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=127, length=0
(93) 	EAP-Message = 0x018e00061520
(93) 	Message-Authenticator = 0x00000000000000000000000000000000
(93) 	State = 0x920e3f7892802a8fb7987fa5de5f4c2b
Sending Access-Challenge Id 127 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x018e00061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x920e3f7892802a8fb7987fa5de5f4c2b
(93) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 128 from 192.168.99.123:49286 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x939547dd56ebb395ba34146ed4f31584
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x028e006a158000000060160301005b01000057030154a650ce9920da73bd1fd18db919ab3cc5b081802de60262d560d4926d6e30d400003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x920e3f7892802a8fb7987fa5de5f4c2b
(94) Received Access-Request packet from host 192.168.99.123 port 49286, id=128, length=186
(94) 	Message-Authenticator = 0x939547dd56ebb395ba34146ed4f31584
(94) 	NAS-Identifier = 'BS'
(94) 	User-Name = 'CPE8@siemens.com'
(94) 	EAP-Message = 0x028e006a158000000060160301005b01000057030154a650ce9920da73bd1fd18db919ab3cc5b081802de60262d560d4926d6e30d400003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(94) 	State = 0x920e3f7892802a8fb7987fa5de5f4c2b
(94) # Executing section authorize from file /etc/raddb/sites-enabled/default
(94)   authorize {
(94)   filter_username filter_username {
(94)     if (!&User-Name) 
(94)     if (!&User-Name)  -> FALSE
(94)     if (&User-Name =~ / /) 
(94)     if (&User-Name =~ / /)  -> FALSE
(94)     if (&User-Name =~ /@.*@/ ) 
(94)     if (&User-Name =~ /@.*@/ )  -> FALSE
(94)     if (&User-Name =~ /\\.\\./ ) 
(94)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(94)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(94)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(94)     if (&User-Name =~ /\\.$/)  
(94)     if (&User-Name =~ /\\.$/)   -> FALSE
(94)     if (&User-Name =~ /@\\./)  
(94)     if (&User-Name =~ /@\\./)   -> FALSE
(94)   } # filter_username filter_username = notfound
(94)   [preprocess] = ok
(94)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(94)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(94)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(94)  auth_log : EXPAND %t
(94)  auth_log :    --> Wed Feb 14 20:04:52 2018
(94)   [auth_log] = ok
(94)   [chap] = noop
(94)   [mschap] = noop
(94)   [digest] = noop
(94)   [wimax] = noop
(94)  suffix : Checking for suffix after "@"
(94)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(94)  suffix : No such realm "siemens.com"
(94)   [suffix] = noop
(94)  eap : Peer sent code Response (2) ID 142 length 106
(94)  eap : Continuing tunnel setup
(94)   [eap] = ok
(94)  } #  authorize = ok
(94) Found Auth-Type = EAP
(94) # Executing group from file /etc/raddb/sites-enabled/default
(94)   authenticate {
(94)  eap : Expiring EAP session with state 0x34b58d2c37779811
(94)  eap : Finished EAP session with state 0x920e3f7892802a8f
(94)  eap : Previous EAP request found for state 0x920e3f7892802a8f, released from the list
(94)  eap : Peer sent method TTLS (21)
(94)  eap : EAP TTLS (21)
(94)  eap : Calling eap_ttls to process EAP data
(94)  eap_ttls : Authenticate
(94)  eap_ttls : processing EAP-TLS
  TLS Length 96
(94)  eap_ttls : Length Included
(94)  eap_ttls : eaptls_verify returned 11 
(94)  eap_ttls : (other): before/accept initialization
(94)  eap_ttls : TLS_accept: before/accept initialization
(94)  eap_ttls : <<< Unknown TLS version [length 0005] 
(94)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(94)  eap_ttls : TLS_accept: SSLv3 read client hello A
(94)  eap_ttls : >>> Unknown TLS version [length 0005] 
(94)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(94)  eap_ttls : TLS_accept: SSLv3 write server hello A
(94)  eap_ttls : >>> Unknown TLS version [length 0005] 
(94)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(94)  eap_ttls : TLS_accept: SSLv3 write certificate A
(94)  eap_ttls : >>> Unknown TLS version [length 0005] 
(94)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(94)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(94)  eap_ttls : >>> Unknown TLS version [length 0005] 
(94)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(94)  eap_ttls : TLS_accept: SSLv3 write server done A
(94)  eap_ttls : TLS_accept: SSLv3 flush data
(94)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(94)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(94)  eap_ttls : eaptls_process returned 13 
(94)  eap : New EAP session, adding 'State' attribute to reply 0x920e3f7893812a8f
(94)   [eap] = handled
(94)  } #  authenticate = handled
(94) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=128, length=0
(94) 	EAP-Message = 0x018f03ec15c000000702160301004a020000460301b4c136551a38b298eb2312ab504692c512223db14b5e3d7ff0b9fe45fb92317620825c735e8f6b01aed63a4c14f289e5715c6a52aa0887d11d5d274cb0163fbe0b00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(94) 	Message-Authenticator = 0x00000000000000000000000000000000
(94) 	State = 0x920e3f7893812a8fb7987fa5de5f4c2b
Sending Access-Challenge Id 128 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x018f03ec15c000000702160301004a020000460301b4c136551a38b298eb2312ab504692c512223db14b5e3d7ff0b9fe45fb92317620825c735e8f6b01aed63a4c14f289e5715c6a52aa0887d11d5d274cb0163fbe0b00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x920e3f7893812a8fb7987fa5de5f4c2b
(94) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 129 from 192.168.99.123:49286 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0x30382b76d56a0e6ff2545beb629c0ced
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x028f00061500
	State = 0x920e3f7893812a8fb7987fa5de5f4c2b
(95) Received Access-Request packet from host 192.168.99.123 port 49286, id=129, length=86
(95) 	Message-Authenticator = 0x30382b76d56a0e6ff2545beb629c0ced
(95) 	NAS-Identifier = 'BS'
(95) 	User-Name = 'CPE8@siemens.com'
(95) 	EAP-Message = 0x028f00061500
(95) 	State = 0x920e3f7893812a8fb7987fa5de5f4c2b
(95) # Executing section authorize from file /etc/raddb/sites-enabled/default
(95)   authorize {
(95)   filter_username filter_username {
(95)     if (!&User-Name) 
(95)     if (!&User-Name)  -> FALSE
(95)     if (&User-Name =~ / /) 
(95)     if (&User-Name =~ / /)  -> FALSE
(95)     if (&User-Name =~ /@.*@/ ) 
(95)     if (&User-Name =~ /@.*@/ )  -> FALSE
(95)     if (&User-Name =~ /\\.\\./ ) 
(95)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(95)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(95)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(95)     if (&User-Name =~ /\\.$/)  
(95)     if (&User-Name =~ /\\.$/)   -> FALSE
(95)     if (&User-Name =~ /@\\./)  
(95)     if (&User-Name =~ /@\\./)   -> FALSE
(95)   } # filter_username filter_username = notfound
(95)   [preprocess] = ok
(95)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(95)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(95)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(95)  auth_log : EXPAND %t
(95)  auth_log :    --> Wed Feb 14 20:04:52 2018
(95)   [auth_log] = ok
(95)   [chap] = noop
(95)   [mschap] = noop
(95)   [digest] = noop
(95)   [wimax] = noop
(95)  suffix : Checking for suffix after "@"
(95)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(95)  suffix : No such realm "siemens.com"
(95)   [suffix] = noop
(95)  eap : Peer sent code Response (2) ID 143 length 6
(95)  eap : Continuing tunnel setup
(95)   [eap] = ok
(95)  } #  authorize = ok
(95) Found Auth-Type = EAP
(95) # Executing group from file /etc/raddb/sites-enabled/default
(95)   authenticate {
(95)  eap : Expiring EAP session with state 0x34b58d2c37779811
(95)  eap : Finished EAP session with state 0x920e3f7893812a8f
(95)  eap : Previous EAP request found for state 0x920e3f7893812a8f, released from the list
(95)  eap : Peer sent method TTLS (21)
(95)  eap : EAP TTLS (21)
(95)  eap : Calling eap_ttls to process EAP data
(95)  eap_ttls : Authenticate
(95)  eap_ttls : processing EAP-TLS
(95)  eap_ttls : Received TLS ACK
(95)  eap_ttls : Received TLS ACK
(95)  eap_ttls : ACK handshake fragment handler
(95)  eap_ttls : eaptls_verify returned 1 
(95)  eap_ttls : eaptls_process returned 13 
(95)  eap : New EAP session, adding 'State' attribute to reply 0x920e3f78909e2a8f
(95)   [eap] = handled
(95)  } #  authenticate = handled
(95) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=129, length=0
(95) 	EAP-Message = 0x0190032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(95) 	Message-Authenticator = 0x00000000000000000000000000000000
(95) 	State = 0x920e3f78909e2a8fb7987fa5de5f4c2b
Sending Access-Challenge Id 129 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x0190032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x920e3f78909e2a8fb7987fa5de5f4c2b
(95) Finished request
Waking up in 0.1 seconds.
Waking up in 0.1 seconds.
(87) Cleaning up request packet ID 104 with timestamp +92
Waking up in 1.6 seconds.
Received Access-Request Id 130 from 192.168.99.123:49286 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x7d16e9701b59f7fc7fc8fbe7c4681ceb
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x028e00150143504539407369656d656e732e636f6d
(96) Received Access-Request packet from host 192.168.99.123 port 49286, id=130, length=83
(96) 	Message-Authenticator = 0x7d16e9701b59f7fc7fc8fbe7c4681ceb
(96) 	NAS-Identifier = 'BS'
(96) 	User-Name = 'CPE9@siemens.com'
(96) 	EAP-Message = 0x028e00150143504539407369656d656e732e636f6d
(96) # Executing section authorize from file /etc/raddb/sites-enabled/default
(96)   authorize {
(96)   filter_username filter_username {
(96)     if (!&User-Name) 
(96)     if (!&User-Name)  -> FALSE
(96)     if (&User-Name =~ / /) 
(96)     if (&User-Name =~ / /)  -> FALSE
(96)     if (&User-Name =~ /@.*@/ ) 
(96)     if (&User-Name =~ /@.*@/ )  -> FALSE
(96)     if (&User-Name =~ /\\.\\./ ) 
(96)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(96)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(96)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(96)     if (&User-Name =~ /\\.$/)  
(96)     if (&User-Name =~ /\\.$/)   -> FALSE
(96)     if (&User-Name =~ /@\\./)  
(96)     if (&User-Name =~ /@\\./)   -> FALSE
(96)   } # filter_username filter_username = notfound
(96)   [preprocess] = ok
(96)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(96)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(96)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(96)  auth_log : EXPAND %t
(96)  auth_log :    --> Wed Feb 14 20:04:54 2018
(96)   [auth_log] = ok
(96)   [chap] = noop
(96)   [mschap] = noop
(96)   [digest] = noop
(96)   [wimax] = noop
(96)  suffix : Checking for suffix after "@"
(96)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(96)  suffix : No such realm "siemens.com"
(96)   [suffix] = noop
(96)  eap : Peer sent code Response (2) ID 142 length 21
(96)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(96)   [eap] = ok
(96)  } #  authorize = ok
(96) Found Auth-Type = EAP
(96) # Executing group from file /etc/raddb/sites-enabled/default
(96)   authenticate {
(96)  eap : Peer sent method Identity (1)
(96)  eap : Calling eap_ttls to process EAP data
(96)  eap_ttls : Initiate
(96)  eap_ttls : Start returned 1
(96)  eap : New EAP session, adding 'State' attribute to reply 0x5f327f6f5fbd6ac1
(96)   [eap] = handled
(96)  } #  authenticate = handled
(96) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=130, length=0
(96) 	EAP-Message = 0x018f00061520
(96) 	Message-Authenticator = 0x00000000000000000000000000000000
(96) 	State = 0x5f327f6f5fbd6ac1405a5905256e67e5
Sending Access-Challenge Id 130 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x018f00061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x5f327f6f5fbd6ac1405a5905256e67e5
(96) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 131 from 192.168.99.123:49286 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x076d9c4aa317c342e0639a851b356571
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x028f006a158000000060160301005b01000057030154ab17c3a5446b777adc993644f088bba79ab3510e36b34228fffc205d3bf66200003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x5f327f6f5fbd6ac1405a5905256e67e5
(97) Received Access-Request packet from host 192.168.99.123 port 49286, id=131, length=186
(97) 	Message-Authenticator = 0x076d9c4aa317c342e0639a851b356571
(97) 	NAS-Identifier = 'BS'
(97) 	User-Name = 'CPE9@siemens.com'
(97) 	EAP-Message = 0x028f006a158000000060160301005b01000057030154ab17c3a5446b777adc993644f088bba79ab3510e36b34228fffc205d3bf66200003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(97) 	State = 0x5f327f6f5fbd6ac1405a5905256e67e5
(97) # Executing section authorize from file /etc/raddb/sites-enabled/default
(97)   authorize {
(97)   filter_username filter_username {
(97)     if (!&User-Name) 
(97)     if (!&User-Name)  -> FALSE
(97)     if (&User-Name =~ / /) 
(97)     if (&User-Name =~ / /)  -> FALSE
(97)     if (&User-Name =~ /@.*@/ ) 
(97)     if (&User-Name =~ /@.*@/ )  -> FALSE
(97)     if (&User-Name =~ /\\.\\./ ) 
(97)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(97)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(97)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(97)     if (&User-Name =~ /\\.$/)  
(97)     if (&User-Name =~ /\\.$/)   -> FALSE
(97)     if (&User-Name =~ /@\\./)  
(97)     if (&User-Name =~ /@\\./)   -> FALSE
(97)   } # filter_username filter_username = notfound
(97)   [preprocess] = ok
(97)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(97)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(97)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(97)  auth_log : EXPAND %t
(97)  auth_log :    --> Wed Feb 14 20:04:54 2018
(97)   [auth_log] = ok
(97)   [chap] = noop
(97)   [mschap] = noop
(97)   [digest] = noop
(97)   [wimax] = noop
(97)  suffix : Checking for suffix after "@"
(97)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(97)  suffix : No such realm "siemens.com"
(97)   [suffix] = noop
(97)  eap : Peer sent code Response (2) ID 143 length 106
(97)  eap : Continuing tunnel setup
(97)   [eap] = ok
(97)  } #  authorize = ok
(97) Found Auth-Type = EAP
(97) # Executing group from file /etc/raddb/sites-enabled/default
(97)   authenticate {
(97)  eap : Expiring EAP session with state 0x34b58d2c37779811
(97)  eap : Finished EAP session with state 0x5f327f6f5fbd6ac1
(97)  eap : Previous EAP request found for state 0x5f327f6f5fbd6ac1, released from the list
(97)  eap : Peer sent method TTLS (21)
(97)  eap : EAP TTLS (21)
(97)  eap : Calling eap_ttls to process EAP data
(97)  eap_ttls : Authenticate
(97)  eap_ttls : processing EAP-TLS
  TLS Length 96
(97)  eap_ttls : Length Included
(97)  eap_ttls : eaptls_verify returned 11 
(97)  eap_ttls : (other): before/accept initialization
(97)  eap_ttls : TLS_accept: before/accept initialization
(97)  eap_ttls : <<< Unknown TLS version [length 0005] 
(97)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(97)  eap_ttls : TLS_accept: SSLv3 read client hello A
(97)  eap_ttls : >>> Unknown TLS version [length 0005] 
(97)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(97)  eap_ttls : TLS_accept: SSLv3 write server hello A
(97)  eap_ttls : >>> Unknown TLS version [length 0005] 
(97)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(97)  eap_ttls : TLS_accept: SSLv3 write certificate A
(97)  eap_ttls : >>> Unknown TLS version [length 0005] 
(97)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(97)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(97)  eap_ttls : >>> Unknown TLS version [length 0005] 
(97)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(97)  eap_ttls : TLS_accept: SSLv3 write server done A
(97)  eap_ttls : TLS_accept: SSLv3 flush data
(97)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(97)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(97)  eap_ttls : eaptls_process returned 13 
(97)  eap : New EAP session, adding 'State' attribute to reply 0x5f327f6f5ea26ac1
(97)   [eap] = handled
(97)  } #  authenticate = handled
(97) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=131, length=0
(97) 	EAP-Message = 0x019003ec15c000000702160301004a020000460301929736c46040765f2467f5547ff58c43c04843d1a8b55c3827380ce6927b16e6206e92c800fc9798cf4f408215ae8a0284c09e18372e40263e66aa3a094c729c2100390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(97) 	Message-Authenticator = 0x00000000000000000000000000000000
(97) 	State = 0x5f327f6f5ea26ac1405a5905256e67e5
Sending Access-Challenge Id 131 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019003ec15c000000702160301004a020000460301929736c46040765f2467f5547ff58c43c04843d1a8b55c3827380ce6927b16e6206e92c800fc9798cf4f408215ae8a0284c09e18372e40263e66aa3a094c729c2100390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x5f327f6f5ea26ac1405a5905256e67e5
(97) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 132 from 192.168.99.123:49286 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0xfc1ddbe2d9d2e48dd3c072b4efe85222
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x029000061500
	State = 0x5f327f6f5ea26ac1405a5905256e67e5
(98) Received Access-Request packet from host 192.168.99.123 port 49286, id=132, length=86
(98) 	Message-Authenticator = 0xfc1ddbe2d9d2e48dd3c072b4efe85222
(98) 	NAS-Identifier = 'BS'
(98) 	User-Name = 'CPE9@siemens.com'
(98) 	EAP-Message = 0x029000061500
(98) 	State = 0x5f327f6f5ea26ac1405a5905256e67e5
(98) # Executing section authorize from file /etc/raddb/sites-enabled/default
(98)   authorize {
(98)   filter_username filter_username {
(98)     if (!&User-Name) 
(98)     if (!&User-Name)  -> FALSE
(98)     if (&User-Name =~ / /) 
(98)     if (&User-Name =~ / /)  -> FALSE
(98)     if (&User-Name =~ /@.*@/ ) 
(98)     if (&User-Name =~ /@.*@/ )  -> FALSE
(98)     if (&User-Name =~ /\\.\\./ ) 
(98)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(98)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(98)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(98)     if (&User-Name =~ /\\.$/)  
(98)     if (&User-Name =~ /\\.$/)   -> FALSE
(98)     if (&User-Name =~ /@\\./)  
(98)     if (&User-Name =~ /@\\./)   -> FALSE
(98)   } # filter_username filter_username = notfound
(98)   [preprocess] = ok
(98)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(98)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(98)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(98)  auth_log : EXPAND %t
(98)  auth_log :    --> Wed Feb 14 20:04:54 2018
(98)   [auth_log] = ok
(98)   [chap] = noop
(98)   [mschap] = noop
(98)   [digest] = noop
(98)   [wimax] = noop
(98)  suffix : Checking for suffix after "@"
(98)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(98)  suffix : No such realm "siemens.com"
(98)   [suffix] = noop
(98)  eap : Peer sent code Response (2) ID 144 length 6
(98)  eap : Continuing tunnel setup
(98)   [eap] = ok
(98)  } #  authorize = ok
(98) Found Auth-Type = EAP
(98) # Executing group from file /etc/raddb/sites-enabled/default
(98)   authenticate {
(98)  eap : Expiring EAP session with state 0x34b58d2c37779811
(98)  eap : Finished EAP session with state 0x5f327f6f5ea26ac1
(98)  eap : Previous EAP request found for state 0x5f327f6f5ea26ac1, released from the list
(98)  eap : Peer sent method TTLS (21)
(98)  eap : EAP TTLS (21)
(98)  eap : Calling eap_ttls to process EAP data
(98)  eap_ttls : Authenticate
(98)  eap_ttls : processing EAP-TLS
(98)  eap_ttls : Received TLS ACK
(98)  eap_ttls : Received TLS ACK
(98)  eap_ttls : ACK handshake fragment handler
(98)  eap_ttls : eaptls_verify returned 1 
(98)  eap_ttls : eaptls_process returned 13 
(98)  eap : New EAP session, adding 'State' attribute to reply 0x5f327f6f5da36ac1
(98)   [eap] = handled
(98)  } #  authenticate = handled
(98) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=132, length=0
(98) 	EAP-Message = 0x0191032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(98) 	Message-Authenticator = 0x00000000000000000000000000000000
(98) 	State = 0x5f327f6f5da36ac1405a5905256e67e5
Sending Access-Challenge Id 132 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x0191032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x5f327f6f5da36ac1405a5905256e67e5
(98) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 1 from 192.168.99.123:49286 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(99) Received Access-Request packet from host 192.168.99.123 port 49286, id=1, length=49
(99) 	NAS-Identifier = 'BS'
(99) 	User-Name = 'dummy'
(99) 	User-Password = '*PASSWORD*'
(99) # Executing section authorize from file /etc/raddb/sites-enabled/default
(99)   authorize {
(99)   filter_username filter_username {
(99)     if (!&User-Name) 
(99)     if (!&User-Name)  -> FALSE
(99)     if (&User-Name =~ / /) 
(99)     if (&User-Name =~ / /)  -> FALSE
(99)     if (&User-Name =~ /@.*@/ ) 
(99)     if (&User-Name =~ /@.*@/ )  -> FALSE
(99)     if (&User-Name =~ /\\.\\./ ) 
(99)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(99)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(99)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(99)     if (&User-Name =~ /\\.$/)  
(99)     if (&User-Name =~ /\\.$/)   -> FALSE
(99)     if (&User-Name =~ /@\\./)  
(99)     if (&User-Name =~ /@\\./)   -> FALSE
(99)   } # filter_username filter_username = notfound
(99)   [preprocess] = ok
(99)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(99)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(99)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(99)  auth_log : EXPAND %t
(99)  auth_log :    --> Wed Feb 14 20:04:54 2018
(99)   [auth_log] = ok
(99)   [chap] = noop
(99)   [mschap] = noop
(99)   [digest] = noop
(99)   [wimax] = noop
(99)  suffix : Checking for suffix after "@"
(99)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(99)  suffix : No such realm "NULL"
(99)   [suffix] = noop
(99)  eap : No EAP-Message, not doing EAP
(99)   [eap] = noop
(99)  files : users: Matched entry dummy at line 159
(99)   [files] = ok
(99)   [expiration] = noop
(99)   [logintime] = noop
(99)   [pap] = updated
(99)  } #  authorize = updated
(99) Found Auth-Type = PAP
(99) # Executing group from file /etc/raddb/sites-enabled/default
(99)  Auth-Type PAP {
(99)  pap : Login attempt with password
(99)  pap : User authenticated successfully
(99)   [pap] = ok
(99)  } # Auth-Type PAP = ok
(99) Login OK: [dummy] (from client BS3 port 0)
(99) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(99)   post-auth {
(99)   [exec] = noop
(99)   update reply {
(99) 	Session-Timeout := 1800
(99)   } # update reply = noop
(99)   remove_reply_message_if_eap remove_reply_message_if_eap {
(99)     if (&reply:EAP-Message && &reply:Reply-Message) 
(99)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(99)    else else {
(99)     [noop] = noop
(99)    } # else else = noop
(99)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(99)  } #  post-auth = noop
(99) Sending Access-Accept packet to host 192.168.99.123 port 49286, id=1, length=0
(99) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.123:49286
	Session-Timeout := 1800
(99) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 150 from 192.168.99.121:49210 to 192.168.99.101:1812 length 85
	Message-Authenticator = 0xb665d81cc904aa540d6cac6ad21ec1df
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c10016014350453131407369656d656e732e636f6d
(100) Received Access-Request packet from host 192.168.99.121 port 49210, id=150, length=85
(100) 	Message-Authenticator = 0xb665d81cc904aa540d6cac6ad21ec1df
(100) 	NAS-Identifier = 'BS'
(100) 	User-Name = 'CPE11@siemens.com'
(100) 	EAP-Message = 0x02c10016014350453131407369656d656e732e636f6d
(100) # Executing section authorize from file /etc/raddb/sites-enabled/default
(100)   authorize {
(100)   filter_username filter_username {
(100)     if (!&User-Name) 
(100)     if (!&User-Name)  -> FALSE
(100)     if (&User-Name =~ / /) 
(100)     if (&User-Name =~ / /)  -> FALSE
(100)     if (&User-Name =~ /@.*@/ ) 
(100)     if (&User-Name =~ /@.*@/ )  -> FALSE
(100)     if (&User-Name =~ /\\.\\./ ) 
(100)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(100)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(100)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(100)     if (&User-Name =~ /\\.$/)  
(100)     if (&User-Name =~ /\\.$/)   -> FALSE
(100)     if (&User-Name =~ /@\\./)  
(100)     if (&User-Name =~ /@\\./)   -> FALSE
(100)   } # filter_username filter_username = notfound
(100)   [preprocess] = ok
(100)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(100)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(100)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(100)  auth_log : EXPAND %t
(100)  auth_log :    --> Wed Feb 14 20:04:54 2018
(100)   [auth_log] = ok
(100)   [chap] = noop
(100)   [mschap] = noop
(100)   [digest] = noop
(100)   [wimax] = noop
(100)  suffix : Checking for suffix after "@"
(100)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(100)  suffix : No such realm "siemens.com"
(100)   [suffix] = noop
(100)  eap : Peer sent code Response (2) ID 193 length 22
(100)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(100)   [eap] = ok
(100)  } #  authorize = ok
(100) Found Auth-Type = EAP
(100) # Executing group from file /etc/raddb/sites-enabled/default
(100)   authenticate {
(100)  eap : Peer sent method Identity (1)
(100)  eap : Calling eap_ttls to process EAP data
(100)  eap_ttls : Initiate
(100)  eap_ttls : Start returned 1
(100)  eap : New EAP session, adding 'State' attribute to reply 0xb389e17fb34bf453
(100)   [eap] = handled
(100)  } #  authenticate = handled
(100) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=150, length=0
(100) 	EAP-Message = 0x01c200061520
(100) 	Message-Authenticator = 0x00000000000000000000000000000000
(100) 	State = 0xb389e17fb34bf4530af414f830487063
Sending Access-Challenge Id 150 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c200061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xb389e17fb34bf4530af414f830487063
(100) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 1 from 192.168.99.124:49285 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(101) Received Access-Request packet from host 192.168.99.124 port 49285, id=1, length=49
(101) 	NAS-Identifier = 'BS'
(101) 	User-Name = 'dummy'
(101) 	User-Password = '*PASSWORD*'
(101) # Executing section authorize from file /etc/raddb/sites-enabled/default
(101)   authorize {
(101)   filter_username filter_username {
(101)     if (!&User-Name) 
(101)     if (!&User-Name)  -> FALSE
(101)     if (&User-Name =~ / /) 
(101)     if (&User-Name =~ / /)  -> FALSE
(101)     if (&User-Name =~ /@.*@/ ) 
(101)     if (&User-Name =~ /@.*@/ )  -> FALSE
(101)     if (&User-Name =~ /\\.\\./ ) 
(101)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(101)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(101)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(101)     if (&User-Name =~ /\\.$/)  
(101)     if (&User-Name =~ /\\.$/)   -> FALSE
(101)     if (&User-Name =~ /@\\./)  
(101)     if (&User-Name =~ /@\\./)   -> FALSE
(101)   } # filter_username filter_username = notfound
(101)   [preprocess] = ok
(101)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(101)  auth_log :    --> /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(101)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(101)  auth_log : EXPAND %t
(101)  auth_log :    --> Wed Feb 14 20:04:54 2018
(101)   [auth_log] = ok
(101)   [chap] = noop
(101)   [mschap] = noop
(101)   [digest] = noop
(101)   [wimax] = noop
(101)  suffix : Checking for suffix after "@"
(101)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(101)  suffix : No such realm "NULL"
(101)   [suffix] = noop
(101)  eap : No EAP-Message, not doing EAP
(101)   [eap] = noop
(101)  files : users: Matched entry dummy at line 159
(101)   [files] = ok
(101)   [expiration] = noop
(101)   [logintime] = noop
(101)   [pap] = updated
(101)  } #  authorize = updated
(101) Found Auth-Type = PAP
(101) # Executing group from file /etc/raddb/sites-enabled/default
(101)  Auth-Type PAP {
(101)  pap : Login attempt with password
(101)  pap : User authenticated successfully
(101)   [pap] = ok
(101)  } # Auth-Type PAP = ok
(101) Login OK: [dummy] (from client BS4 port 0)
(101) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(101)   post-auth {
(101)   [exec] = noop
(101)   update reply {
(101) 	Session-Timeout := 1800
(101)   } # update reply = noop
(101)   remove_reply_message_if_eap remove_reply_message_if_eap {
(101)     if (&reply:EAP-Message && &reply:Reply-Message) 
(101)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(101)    else else {
(101)     [noop] = noop
(101)    } # else else = noop
(101)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(101)  } #  post-auth = noop
(101) Sending Access-Accept packet to host 192.168.99.124 port 49285, id=1, length=0
(101) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.124:49285
	Session-Timeout := 1800
(101) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 151 from 192.168.99.121:49210 to 192.168.99.101:1812 length 187
	Message-Authenticator = 0x9aaf1f4aa0d873a9872b645788f7ee45
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c2006a158000000060160301005b01000057030154a4b495a90b6a9d838f2977ff7161b405091340cb1a3bd6fcf2d61fd43a317500003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0xb389e17fb34bf4530af414f830487063
(102) Received Access-Request packet from host 192.168.99.121 port 49210, id=151, length=187
(102) 	Message-Authenticator = 0x9aaf1f4aa0d873a9872b645788f7ee45
(102) 	NAS-Identifier = 'BS'
(102) 	User-Name = 'CPE11@siemens.com'
(102) 	EAP-Message = 0x02c2006a158000000060160301005b01000057030154a4b495a90b6a9d838f2977ff7161b405091340cb1a3bd6fcf2d61fd43a317500003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(102) 	State = 0xb389e17fb34bf4530af414f830487063
(102) # Executing section authorize from file /etc/raddb/sites-enabled/default
(102)   authorize {
(102)   filter_username filter_username {
(102)     if (!&User-Name) 
(102)     if (!&User-Name)  -> FALSE
(102)     if (&User-Name =~ / /) 
(102)     if (&User-Name =~ / /)  -> FALSE
(102)     if (&User-Name =~ /@.*@/ ) 
(102)     if (&User-Name =~ /@.*@/ )  -> FALSE
(102)     if (&User-Name =~ /\\.\\./ ) 
(102)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(102)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(102)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(102)     if (&User-Name =~ /\\.$/)  
(102)     if (&User-Name =~ /\\.$/)   -> FALSE
(102)     if (&User-Name =~ /@\\./)  
(102)     if (&User-Name =~ /@\\./)   -> FALSE
(102)   } # filter_username filter_username = notfound
(102)   [preprocess] = ok
(102)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(102)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(102)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(102)  auth_log : EXPAND %t
(102)  auth_log :    --> Wed Feb 14 20:04:54 2018
(102)   [auth_log] = ok
(102)   [chap] = noop
(102)   [mschap] = noop
(102)   [digest] = noop
(102)   [wimax] = noop
(102)  suffix : Checking for suffix after "@"
(102)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(102)  suffix : No such realm "siemens.com"
(102)   [suffix] = noop
(102)  eap : Peer sent code Response (2) ID 194 length 106
(102)  eap : Continuing tunnel setup
(102)   [eap] = ok
(102)  } #  authorize = ok
(102) Found Auth-Type = EAP
(102) # Executing group from file /etc/raddb/sites-enabled/default
(102)   authenticate {
(102)  eap : Expiring EAP session with state 0x34b58d2c37779811
(102)  eap : Finished EAP session with state 0xb389e17fb34bf453
(102)  eap : Previous EAP request found for state 0xb389e17fb34bf453, released from the list
(102)  eap : Peer sent method TTLS (21)
(102)  eap : EAP TTLS (21)
(102)  eap : Calling eap_ttls to process EAP data
(102)  eap_ttls : Authenticate
(102)  eap_ttls : processing EAP-TLS
  TLS Length 96
(102)  eap_ttls : Length Included
(102)  eap_ttls : eaptls_verify returned 11 
(102)  eap_ttls : (other): before/accept initialization
(102)  eap_ttls : TLS_accept: before/accept initialization
(102)  eap_ttls : <<< Unknown TLS version [length 0005] 
(102)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(102)  eap_ttls : TLS_accept: SSLv3 read client hello A
(102)  eap_ttls : >>> Unknown TLS version [length 0005] 
(102)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(102)  eap_ttls : TLS_accept: SSLv3 write server hello A
(102)  eap_ttls : >>> Unknown TLS version [length 0005] 
(102)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(102)  eap_ttls : TLS_accept: SSLv3 write certificate A
(102)  eap_ttls : >>> Unknown TLS version [length 0005] 
(102)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(102)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(102)  eap_ttls : >>> Unknown TLS version [length 0005] 
(102)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(102)  eap_ttls : TLS_accept: SSLv3 write server done A
(102)  eap_ttls : TLS_accept: SSLv3 flush data
(102)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(102)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(102)  eap_ttls : eaptls_process returned 13 
(102)  eap : New EAP session, adding 'State' attribute to reply 0xb389e17fb24af453
(102)   [eap] = handled
(102)  } #  authenticate = handled
(102) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=151, length=0
(102) 	EAP-Message = 0x01c303ec15c000000702160301004a02000046030128ace09b36aedd2941cefe44510a331e39211244934715f242904ebca31df2772083d36cb6bd69c398b33b1b6503eea5ef61e84c8327e960219bb4237ec7fc671f00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(102) 	Message-Authenticator = 0x00000000000000000000000000000000
(102) 	State = 0xb389e17fb24af4530af414f830487063
Sending Access-Challenge Id 151 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c303ec15c000000702160301004a02000046030128ace09b36aedd2941cefe44510a331e39211244934715f242904ebca31df2772083d36cb6bd69c398b33b1b6503eea5ef61e84c8327e960219bb4237ec7fc671f00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xb389e17fb24af4530af414f830487063
(102) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 152 from 192.168.99.121:49210 to 192.168.99.101:1812 length 87
	Message-Authenticator = 0x0bae280d324f2cce6480f00d862cfbb3
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c300061500
	State = 0xb389e17fb24af4530af414f830487063
(103) Received Access-Request packet from host 192.168.99.121 port 49210, id=152, length=87
(103) 	Message-Authenticator = 0x0bae280d324f2cce6480f00d862cfbb3
(103) 	NAS-Identifier = 'BS'
(103) 	User-Name = 'CPE11@siemens.com'
(103) 	EAP-Message = 0x02c300061500
(103) 	State = 0xb389e17fb24af4530af414f830487063
(103) # Executing section authorize from file /etc/raddb/sites-enabled/default
(103)   authorize {
(103)   filter_username filter_username {
(103)     if (!&User-Name) 
(103)     if (!&User-Name)  -> FALSE
(103)     if (&User-Name =~ / /) 
(103)     if (&User-Name =~ / /)  -> FALSE
(103)     if (&User-Name =~ /@.*@/ ) 
(103)     if (&User-Name =~ /@.*@/ )  -> FALSE
(103)     if (&User-Name =~ /\\.\\./ ) 
(103)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(103)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(103)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(103)     if (&User-Name =~ /\\.$/)  
(103)     if (&User-Name =~ /\\.$/)   -> FALSE
(103)     if (&User-Name =~ /@\\./)  
(103)     if (&User-Name =~ /@\\./)   -> FALSE
(103)   } # filter_username filter_username = notfound
(103)   [preprocess] = ok
(103)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(103)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(103)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(103)  auth_log : EXPAND %t
(103)  auth_log :    --> Wed Feb 14 20:04:54 2018
(103)   [auth_log] = ok
(103)   [chap] = noop
(103)   [mschap] = noop
(103)   [digest] = noop
(103)   [wimax] = noop
(103)  suffix : Checking for suffix after "@"
(103)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(103)  suffix : No such realm "siemens.com"
(103)   [suffix] = noop
(103)  eap : Peer sent code Response (2) ID 195 length 6
(103)  eap : Continuing tunnel setup
(103)   [eap] = ok
(103)  } #  authorize = ok
(103) Found Auth-Type = EAP
(103) # Executing group from file /etc/raddb/sites-enabled/default
(103)   authenticate {
(103)  eap : Expiring EAP session with state 0x34b58d2c37779811
(103)  eap : Finished EAP session with state 0xb389e17fb24af453
(103)  eap : Previous EAP request found for state 0xb389e17fb24af453, released from the list
(103)  eap : Peer sent method TTLS (21)
(103)  eap : EAP TTLS (21)
(103)  eap : Calling eap_ttls to process EAP data
(103)  eap_ttls : Authenticate
(103)  eap_ttls : processing EAP-TLS
(103)  eap_ttls : Received TLS ACK
(103)  eap_ttls : Received TLS ACK
(103)  eap_ttls : ACK handshake fragment handler
(103)  eap_ttls : eaptls_verify returned 1 
(103)  eap_ttls : eaptls_process returned 13 
(103)  eap : New EAP session, adding 'State' attribute to reply 0xb389e17fb14df453
(103)   [eap] = handled
(103)  } #  authenticate = handled
(103) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=152, length=0
(103) 	EAP-Message = 0x01c4032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(103) 	Message-Authenticator = 0x00000000000000000000000000000000
(103) 	State = 0xb389e17fb14df4530af414f830487063
Sending Access-Challenge Id 152 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c4032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xb389e17fb14df4530af414f830487063
(103) Finished request
Received Access-Request Id 1 from 192.168.99.122:49321 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(104) Received Access-Request packet from host 192.168.99.122 port 49321, id=1, length=49
(104) 	NAS-Identifier = 'BS'
(104) 	User-Name = 'dummy'
(104) 	User-Password = '*PASSWORD*'
(104) # Executing section authorize from file /etc/raddb/sites-enabled/default
(104)   authorize {
(104)   filter_username filter_username {
(104)     if (!&User-Name) 
(104)     if (!&User-Name)  -> FALSE
(104)     if (&User-Name =~ / /) 
(104)     if (&User-Name =~ / /)  -> FALSE
(104)     if (&User-Name =~ /@.*@/ ) 
(104)     if (&User-Name =~ /@.*@/ )  -> FALSE
(104)     if (&User-Name =~ /\\.\\./ ) 
(104)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(104)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(104)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(104)     if (&User-Name =~ /\\.$/)  
(104)     if (&User-Name =~ /\\.$/)   -> FALSE
(104)     if (&User-Name =~ /@\\./)  
(104)     if (&User-Name =~ /@\\./)   -> FALSE
(104)   } # filter_username filter_username = notfound
(104)   [preprocess] = ok
(104)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(104)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(104)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(104)  auth_log : EXPAND %t
(104)  auth_log :    --> Wed Feb 14 20:04:54 2018
(104)   [auth_log] = ok
(104)   [chap] = noop
(104)   [mschap] = noop
(104)   [digest] = noop
(104)   [wimax] = noop
(104)  suffix : Checking for suffix after "@"
(104)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(104)  suffix : No such realm "NULL"
(104)   [suffix] = noop
(104)  eap : No EAP-Message, not doing EAP
(104)   [eap] = noop
(104)  files : users: Matched entry dummy at line 159
(104)   [files] = ok
(104)   [expiration] = noop
(104)   [logintime] = noop
(104)   [pap] = updated
(104)  } #  authorize = updated
(104) Found Auth-Type = PAP
(104) # Executing group from file /etc/raddb/sites-enabled/default
(104)  Auth-Type PAP {
(104)  pap : Login attempt with password
(104)  pap : User authenticated successfully
(104)   [pap] = ok
(104)  } # Auth-Type PAP = ok
(104) Login OK: [dummy] (from client BS2 port 0)
(104) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(104)   post-auth {
(104)   [exec] = noop
(104)   update reply {
(104) 	Session-Timeout := 1800
(104)   } # update reply = noop
(104)   remove_reply_message_if_eap remove_reply_message_if_eap {
(104)     if (&reply:EAP-Message && &reply:Reply-Message) 
(104)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(104)    else else {
(104)     [noop] = noop
(104)    } # else else = noop
(104)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(104)  } #  post-auth = noop
(104) Sending Access-Accept packet to host 192.168.99.122 port 49321, id=1, length=0
(104) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.122:49321
	Session-Timeout := 1800
(104) Finished request
Waking up in 0.1 seconds.
(88) Cleaning up request packet ID 105 with timestamp +93
(89) Cleaning up request packet ID 106 with timestamp +93
(90) Cleaning up request packet ID 107 with timestamp +93
Waking up in 0.3 seconds.
Received Access-Request Id 133 from 192.168.99.123:49286 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0xb9a7ee1e0e423081705ec1ee236f926f
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x029000d01580000000c616030100861000008200806f9aed4a9e1146d8d1a664c349b2bc5a2e8e8908dfeba4c6c5e4fe5cd4dde5cfdcdf19eb06d115fb1bfa7f63ec5f70f848982980ac78bcad806cbb0747f2a0d9ebff7a2d15f5571ee95bcca7caf945d8aef7414b7338a8d8283e1345cd07add1ddbd94ef7fbffd5cfb2feab900c30de577387cf7928a78c776eb5809833a009014030100010116030100302b8d64ce98a3117b80e7a47e6c6525e6a1b5ae3ae9d55c92a884543220f1162ffec6cb85e1bb48be0a40c14057df7be2
	State = 0x920e3f78909e2a8fb7987fa5de5f4c2b
(105) Received Access-Request packet from host 192.168.99.123 port 49286, id=133, length=288
(105) 	Message-Authenticator = 0xb9a7ee1e0e423081705ec1ee236f926f
(105) 	NAS-Identifier = 'BS'
(105) 	User-Name = 'CPE8@siemens.com'
(105) 	EAP-Message = 0x029000d01580000000c616030100861000008200806f9aed4a9e1146d8d1a664c349b2bc5a2e8e8908dfeba4c6c5e4fe5cd4dde5cfdcdf19eb06d115fb1bfa7f63ec5f70f848982980ac78bcad806cbb0747f2a0d9ebff7a2d15f5571ee95bcca7caf945d8aef7414b7338a8d8283e1345cd07add1ddbd94ef7fbffd5cfb2feab900c30de577387cf7928a78c776eb5809833a009014030100010116030100302b8d64ce98a3117b80e7a47e6c6525e6a1b5ae3ae9d55c92a884543220f1162ffec6cb85e1bb48be0a40c14057df7be2
(105) 	State = 0x920e3f78909e2a8fb7987fa5de5f4c2b
(105) # Executing section authorize from file /etc/raddb/sites-enabled/default
(105)   authorize {
(105)   filter_username filter_username {
(105)     if (!&User-Name) 
(105)     if (!&User-Name)  -> FALSE
(105)     if (&User-Name =~ / /) 
(105)     if (&User-Name =~ / /)  -> FALSE
(105)     if (&User-Name =~ /@.*@/ ) 
(105)     if (&User-Name =~ /@.*@/ )  -> FALSE
(105)     if (&User-Name =~ /\\.\\./ ) 
(105)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(105)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(105)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(105)     if (&User-Name =~ /\\.$/)  
(105)     if (&User-Name =~ /\\.$/)   -> FALSE
(105)     if (&User-Name =~ /@\\./)  
(105)     if (&User-Name =~ /@\\./)   -> FALSE
(105)   } # filter_username filter_username = notfound
(105)   [preprocess] = ok
(105)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(105)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(105)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(105)  auth_log : EXPAND %t
(105)  auth_log :    --> Wed Feb 14 20:04:55 2018
(105)   [auth_log] = ok
(105)   [chap] = noop
(105)   [mschap] = noop
(105)   [digest] = noop
(105)   [wimax] = noop
(105)  suffix : Checking for suffix after "@"
(105)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(105)  suffix : No such realm "siemens.com"
(105)   [suffix] = noop
(105)  eap : Peer sent code Response (2) ID 144 length 208
(105)  eap : Continuing tunnel setup
(105)   [eap] = ok
(105)  } #  authorize = ok
(105) Found Auth-Type = EAP
(105) # Executing group from file /etc/raddb/sites-enabled/default
(105)   authenticate {
(105)  eap : Expiring EAP session with state 0x34b58d2c37779811
(105)  eap : Finished EAP session with state 0x920e3f78909e2a8f
(105)  eap : Previous EAP request found for state 0x920e3f78909e2a8f, released from the list
(105)  eap : Peer sent method TTLS (21)
(105)  eap : EAP TTLS (21)
(105)  eap : Calling eap_ttls to process EAP data
(105)  eap_ttls : Authenticate
(105)  eap_ttls : processing EAP-TLS
  TLS Length 198
(105)  eap_ttls : Length Included
(105)  eap_ttls : eaptls_verify returned 11 
(105)  eap_ttls : <<< Unknown TLS version [length 0005] 
(105)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(105)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(105)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(105)  eap_ttls : <<< Unknown TLS version [length 0005] 
(105)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(105)  eap_ttls : <<< Unknown TLS version [length 0005] 
(105)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(105)  eap_ttls : TLS_accept: SSLv3 read finished A
(105)  eap_ttls : >>> Unknown TLS version [length 0005] 
(105)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(105)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(105)  eap_ttls : >>> Unknown TLS version [length 0005] 
(105)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(105)  eap_ttls : TLS_accept: SSLv3 write finished A
(105)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 825c735e8f6b01aed63a4c14f289e5715c6a52aa0887d11d5d274cb0163fbe0b to cache
(105)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(105)  eap_ttls : eaptls_process returned 13 
(105)  eap : New EAP session, adding 'State' attribute to reply 0x920e3f78919f2a8f
(105)   [eap] = handled
(105)  } #  authenticate = handled
(105) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=133, length=0
(105) 	EAP-Message = 0x0191004515800000003b1403010001011603010030845e6f95e30b861aeb2ad73164b43c19cb5ed895fcdb11f0e6c5cc557c00446d8f418a3c91e249eb17eff534e100df31
(105) 	Message-Authenticator = 0x00000000000000000000000000000000
(105) 	State = 0x920e3f78919f2a8fb7987fa5de5f4c2b
Sending Access-Challenge Id 133 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x0191004515800000003b1403010001011603010030845e6f95e30b861aeb2ad73164b43c19cb5ed895fcdb11f0e6c5cc557c00446d8f418a3c91e249eb17eff534e100df31
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x920e3f78919f2a8fb7987fa5de5f4c2b
(105) Finished request
Waking up in 0.2 seconds.
(91) Cleaning up request packet ID 1 with timestamp +94
Waking up in 0.1 seconds.
Waking up in 2.0 seconds.
Received Access-Request Id 109 from 192.168.99.122:49321 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0xbf09ff68465018c74ca7150f0cf63c5b
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02b100150143504537407369656d656e732e636f6d
(106) Received Access-Request packet from host 192.168.99.122 port 49321, id=109, length=83
(106) 	Message-Authenticator = 0xbf09ff68465018c74ca7150f0cf63c5b
(106) 	NAS-Identifier = 'BS'
(106) 	User-Name = 'CPE7@siemens.com'
(106) 	EAP-Message = 0x02b100150143504537407369656d656e732e636f6d
(106) # Executing section authorize from file /etc/raddb/sites-enabled/default
(106)   authorize {
(106)   filter_username filter_username {
(106)     if (!&User-Name) 
(106)     if (!&User-Name)  -> FALSE
(106)     if (&User-Name =~ / /) 
(106)     if (&User-Name =~ / /)  -> FALSE
(106)     if (&User-Name =~ /@.*@/ ) 
(106)     if (&User-Name =~ /@.*@/ )  -> FALSE
(106)     if (&User-Name =~ /\\.\\./ ) 
(106)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(106)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(106)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(106)     if (&User-Name =~ /\\.$/)  
(106)     if (&User-Name =~ /\\.$/)   -> FALSE
(106)     if (&User-Name =~ /@\\./)  
(106)     if (&User-Name =~ /@\\./)   -> FALSE
(106)   } # filter_username filter_username = notfound
(106)   [preprocess] = ok
(106)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(106)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(106)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(106)  auth_log : EXPAND %t
(106)  auth_log :    --> Wed Feb 14 20:04:55 2018
(106)   [auth_log] = ok
(106)   [chap] = noop
(106)   [mschap] = noop
(106)   [digest] = noop
(106)   [wimax] = noop
(106)  suffix : Checking for suffix after "@"
(106)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(106)  suffix : No such realm "siemens.com"
(106)   [suffix] = noop
(106)  eap : Peer sent code Response (2) ID 177 length 21
(106)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(106)   [eap] = ok
(106)  } #  authorize = ok
(106) Found Auth-Type = EAP
(106) # Executing group from file /etc/raddb/sites-enabled/default
(106)   authenticate {
(106)  eap : Peer sent method Identity (1)
(106)  eap : Calling eap_ttls to process EAP data
(106)  eap_ttls : Initiate
(106)  eap_ttls : Start returned 1
(106)  eap : New EAP session, adding 'State' attribute to reply 0xbdcf9115bd7d84cb
(106)   [eap] = handled
(106)  } #  authenticate = handled
(106) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=109, length=0
(106) 	EAP-Message = 0x01b200061520
(106) 	Message-Authenticator = 0x00000000000000000000000000000000
(106) 	State = 0xbdcf9115bd7d84cb04796716200342df
Sending Access-Challenge Id 109 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b200061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xbdcf9115bd7d84cb04796716200342df
(106) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 110 from 192.168.99.122:49321 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x79babc5a419a9a679538a61fc330f232
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02b2006a158000000060160301005b01000057030154ac6fba7d5c065998c33a4f12526f0d4a2f028091a189b0d1586901e0db042a00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0xbdcf9115bd7d84cb04796716200342df
(107) Received Access-Request packet from host 192.168.99.122 port 49321, id=110, length=186
(107) 	Message-Authenticator = 0x79babc5a419a9a679538a61fc330f232
(107) 	NAS-Identifier = 'BS'
(107) 	User-Name = 'CPE7@siemens.com'
(107) 	EAP-Message = 0x02b2006a158000000060160301005b01000057030154ac6fba7d5c065998c33a4f12526f0d4a2f028091a189b0d1586901e0db042a00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(107) 	State = 0xbdcf9115bd7d84cb04796716200342df
(107) # Executing section authorize from file /etc/raddb/sites-enabled/default
(107)   authorize {
(107)   filter_username filter_username {
(107)     if (!&User-Name) 
(107)     if (!&User-Name)  -> FALSE
(107)     if (&User-Name =~ / /) 
(107)     if (&User-Name =~ / /)  -> FALSE
(107)     if (&User-Name =~ /@.*@/ ) 
(107)     if (&User-Name =~ /@.*@/ )  -> FALSE
(107)     if (&User-Name =~ /\\.\\./ ) 
(107)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(107)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(107)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(107)     if (&User-Name =~ /\\.$/)  
(107)     if (&User-Name =~ /\\.$/)   -> FALSE
(107)     if (&User-Name =~ /@\\./)  
(107)     if (&User-Name =~ /@\\./)   -> FALSE
(107)   } # filter_username filter_username = notfound
(107)   [preprocess] = ok
(107)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(107)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(107)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(107)  auth_log : EXPAND %t
(107)  auth_log :    --> Wed Feb 14 20:04:55 2018
(107)   [auth_log] = ok
(107)   [chap] = noop
(107)   [mschap] = noop
(107)   [digest] = noop
(107)   [wimax] = noop
(107)  suffix : Checking for suffix after "@"
(107)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(107)  suffix : No such realm "siemens.com"
(107)   [suffix] = noop
(107)  eap : Peer sent code Response (2) ID 178 length 106
(107)  eap : Continuing tunnel setup
(107)   [eap] = ok
(107)  } #  authorize = ok
(107) Found Auth-Type = EAP
(107) # Executing group from file /etc/raddb/sites-enabled/default
(107)   authenticate {
(107)  eap : Expiring EAP session with state 0x34b58d2c37779811
(107)  eap : Finished EAP session with state 0xbdcf9115bd7d84cb
(107)  eap : Previous EAP request found for state 0xbdcf9115bd7d84cb, released from the list
(107)  eap : Peer sent method TTLS (21)
(107)  eap : EAP TTLS (21)
(107)  eap : Calling eap_ttls to process EAP data
(107)  eap_ttls : Authenticate
(107)  eap_ttls : processing EAP-TLS
  TLS Length 96
(107)  eap_ttls : Length Included
(107)  eap_ttls : eaptls_verify returned 11 
(107)  eap_ttls : (other): before/accept initialization
(107)  eap_ttls : TLS_accept: before/accept initialization
(107)  eap_ttls : <<< Unknown TLS version [length 0005] 
(107)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(107)  eap_ttls : TLS_accept: SSLv3 read client hello A
(107)  eap_ttls : >>> Unknown TLS version [length 0005] 
(107)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(107)  eap_ttls : TLS_accept: SSLv3 write server hello A
(107)  eap_ttls : >>> Unknown TLS version [length 0005] 
(107)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(107)  eap_ttls : TLS_accept: SSLv3 write certificate A
(107)  eap_ttls : >>> Unknown TLS version [length 0005] 
(107)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(107)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(107)  eap_ttls : >>> Unknown TLS version [length 0005] 
(107)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(107)  eap_ttls : TLS_accept: SSLv3 write server done A
(107)  eap_ttls : TLS_accept: SSLv3 flush data
(107)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(107)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(107)  eap_ttls : eaptls_process returned 13 
(107)  eap : New EAP session, adding 'State' attribute to reply 0xbdcf9115bc7c84cb
(107)   [eap] = handled
(107)  } #  authenticate = handled
(107) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=110, length=0
(107) 	EAP-Message = 0x01b303ec15c000000702160301004a020000460301433548b5da6a274d8b104b7928e1d685af7aae6ba18ce823f8add86500d4ac1520ed1a53cbe1a0aafa90d0ce8e515d37587d5543b48b2502c2e901d1a1f61926ad00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(107) 	Message-Authenticator = 0x00000000000000000000000000000000
(107) 	State = 0xbdcf9115bc7c84cb04796716200342df
Sending Access-Challenge Id 110 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b303ec15c000000702160301004a020000460301433548b5da6a274d8b104b7928e1d685af7aae6ba18ce823f8add86500d4ac1520ed1a53cbe1a0aafa90d0ce8e515d37587d5543b48b2502c2e901d1a1f61926ad00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xbdcf9115bc7c84cb04796716200342df
(107) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 111 from 192.168.99.122:49321 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0xcb96dede64cbbd5e464125e92dcffe72
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02b300061500
	State = 0xbdcf9115bc7c84cb04796716200342df
(108) Received Access-Request packet from host 192.168.99.122 port 49321, id=111, length=86
(108) 	Message-Authenticator = 0xcb96dede64cbbd5e464125e92dcffe72
(108) 	NAS-Identifier = 'BS'
(108) 	User-Name = 'CPE7@siemens.com'
(108) 	EAP-Message = 0x02b300061500
(108) 	State = 0xbdcf9115bc7c84cb04796716200342df
(108) # Executing section authorize from file /etc/raddb/sites-enabled/default
(108)   authorize {
(108)   filter_username filter_username {
(108)     if (!&User-Name) 
(108)     if (!&User-Name)  -> FALSE
(108)     if (&User-Name =~ / /) 
(108)     if (&User-Name =~ / /)  -> FALSE
(108)     if (&User-Name =~ /@.*@/ ) 
(108)     if (&User-Name =~ /@.*@/ )  -> FALSE
(108)     if (&User-Name =~ /\\.\\./ ) 
(108)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(108)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(108)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(108)     if (&User-Name =~ /\\.$/)  
(108)     if (&User-Name =~ /\\.$/)   -> FALSE
(108)     if (&User-Name =~ /@\\./)  
(108)     if (&User-Name =~ /@\\./)   -> FALSE
(108)   } # filter_username filter_username = notfound
(108)   [preprocess] = ok
(108)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(108)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(108)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(108)  auth_log : EXPAND %t
(108)  auth_log :    --> Wed Feb 14 20:04:55 2018
(108)   [auth_log] = ok
(108)   [chap] = noop
(108)   [mschap] = noop
(108)   [digest] = noop
(108)   [wimax] = noop
(108)  suffix : Checking for suffix after "@"
(108)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(108)  suffix : No such realm "siemens.com"
(108)   [suffix] = noop
(108)  eap : Peer sent code Response (2) ID 179 length 6
(108)  eap : Continuing tunnel setup
(108)   [eap] = ok
(108)  } #  authorize = ok
(108) Found Auth-Type = EAP
(108) # Executing group from file /etc/raddb/sites-enabled/default
(108)   authenticate {
(108)  eap : Expiring EAP session with state 0x34b58d2c37779811
(108)  eap : Finished EAP session with state 0xbdcf9115bc7c84cb
(108)  eap : Previous EAP request found for state 0xbdcf9115bc7c84cb, released from the list
(108)  eap : Peer sent method TTLS (21)
(108)  eap : EAP TTLS (21)
(108)  eap : Calling eap_ttls to process EAP data
(108)  eap_ttls : Authenticate
(108)  eap_ttls : processing EAP-TLS
(108)  eap_ttls : Received TLS ACK
(108)  eap_ttls : Received TLS ACK
(108)  eap_ttls : ACK handshake fragment handler
(108)  eap_ttls : eaptls_verify returned 1 
(108)  eap_ttls : eaptls_process returned 13 
(108)  eap : New EAP session, adding 'State' attribute to reply 0xbdcf9115bf7b84cb
(108)   [eap] = handled
(108)  } #  authenticate = handled
(108) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=111, length=0
(108) 	EAP-Message = 0x01b4032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(108) 	Message-Authenticator = 0x00000000000000000000000000000000
(108) 	State = 0xbdcf9115bf7b84cb04796716200342df
Sending Access-Challenge Id 111 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b4032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xbdcf9115bf7b84cb04796716200342df
(108) Finished request
Waking up in 0.2 seconds.
Waking up in 1.4 seconds.
Received Access-Request Id 134 from 192.168.99.123:49286 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0x50716acd2c36b06e14c9982cc59f372c
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x029100d01580000000c6160301008610000082008015a4c35178a72f4ccb83fed1dd4469ecafdd1a6e918ee50989268c9a7e497c9b6a8f1a6c1ec493c183ec2d4ae7d915e6b5b72979aa355b18f9f896e483d819cc1f8f7d6ce9c81013f34d0dc29aad79f329bdafbeb6f071219c90863ded14a5fda426baad0718d72e502be8fcceea7468194b36755a3299a3154cd35500f0ba471403010001011603010030ac465bb21144058adf141da8895f9ca4960d4851efb66b6d5be1bee743fcb07bdd092d3180133dcb544493e7e8588280
	State = 0x5f327f6f5da36ac1405a5905256e67e5
(109) Received Access-Request packet from host 192.168.99.123 port 49286, id=134, length=288
(109) 	Message-Authenticator = 0x50716acd2c36b06e14c9982cc59f372c
(109) 	NAS-Identifier = 'BS'
(109) 	User-Name = 'CPE9@siemens.com'
(109) 	EAP-Message = 0x029100d01580000000c6160301008610000082008015a4c35178a72f4ccb83fed1dd4469ecafdd1a6e918ee50989268c9a7e497c9b6a8f1a6c1ec493c183ec2d4ae7d915e6b5b72979aa355b18f9f896e483d819cc1f8f7d6ce9c81013f34d0dc29aad79f329bdafbeb6f071219c90863ded14a5fda426baad0718d72e502be8fcceea7468194b36755a3299a3154cd35500f0ba471403010001011603010030ac465bb21144058adf141da8895f9ca4960d4851efb66b6d5be1bee743fcb07bdd092d3180133dcb544493e7e8588280
(109) 	State = 0x5f327f6f5da36ac1405a5905256e67e5
(109) # Executing section authorize from file /etc/raddb/sites-enabled/default
(109)   authorize {
(109)   filter_username filter_username {
(109)     if (!&User-Name) 
(109)     if (!&User-Name)  -> FALSE
(109)     if (&User-Name =~ / /) 
(109)     if (&User-Name =~ / /)  -> FALSE
(109)     if (&User-Name =~ /@.*@/ ) 
(109)     if (&User-Name =~ /@.*@/ )  -> FALSE
(109)     if (&User-Name =~ /\\.\\./ ) 
(109)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(109)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(109)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(109)     if (&User-Name =~ /\\.$/)  
(109)     if (&User-Name =~ /\\.$/)   -> FALSE
(109)     if (&User-Name =~ /@\\./)  
(109)     if (&User-Name =~ /@\\./)   -> FALSE
(109)   } # filter_username filter_username = notfound
(109)   [preprocess] = ok
(109)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(109)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(109)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(109)  auth_log : EXPAND %t
(109)  auth_log :    --> Wed Feb 14 20:04:56 2018
(109)   [auth_log] = ok
(109)   [chap] = noop
(109)   [mschap] = noop
(109)   [digest] = noop
(109)   [wimax] = noop
(109)  suffix : Checking for suffix after "@"
(109)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(109)  suffix : No such realm "siemens.com"
(109)   [suffix] = noop
(109)  eap : Peer sent code Response (2) ID 145 length 208
(109)  eap : Continuing tunnel setup
(109)   [eap] = ok
(109)  } #  authorize = ok
(109) Found Auth-Type = EAP
(109) # Executing group from file /etc/raddb/sites-enabled/default
(109)   authenticate {
(109)  eap : Expiring EAP session with state 0x34b58d2c37779811
(109)  eap : Finished EAP session with state 0x5f327f6f5da36ac1
(109)  eap : Previous EAP request found for state 0x5f327f6f5da36ac1, released from the list
(109)  eap : Peer sent method TTLS (21)
(109)  eap : EAP TTLS (21)
(109)  eap : Calling eap_ttls to process EAP data
(109)  eap_ttls : Authenticate
(109)  eap_ttls : processing EAP-TLS
  TLS Length 198
(109)  eap_ttls : Length Included
(109)  eap_ttls : eaptls_verify returned 11 
(109)  eap_ttls : <<< Unknown TLS version [length 0005] 
(109)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(109)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(109)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(109)  eap_ttls : <<< Unknown TLS version [length 0005] 
(109)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(109)  eap_ttls : <<< Unknown TLS version [length 0005] 
(109)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(109)  eap_ttls : TLS_accept: SSLv3 read finished A
(109)  eap_ttls : >>> Unknown TLS version [length 0005] 
(109)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(109)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(109)  eap_ttls : >>> Unknown TLS version [length 0005] 
(109)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(109)  eap_ttls : TLS_accept: SSLv3 write finished A
(109)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 6e92c800fc9798cf4f408215ae8a0284c09e18372e40263e66aa3a094c729c21 to cache
(109)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(109)  eap_ttls : eaptls_process returned 13 
(109)  eap : New EAP session, adding 'State' attribute to reply 0x5f327f6f5ca06ac1
(109)   [eap] = handled
(109)  } #  authenticate = handled
(109) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=134, length=0
(109) 	EAP-Message = 0x0192004515800000003b14030100010116030100303089929b19bf0d2a694e69305a474ab5a5f529ed5c3f6b5d2ff0b0d0ab6c480e7214caaf937773e321fbe159016e3625
(109) 	Message-Authenticator = 0x00000000000000000000000000000000
(109) 	State = 0x5f327f6f5ca06ac1405a5905256e67e5
Sending Access-Challenge Id 134 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x0192004515800000003b14030100010116030100303089929b19bf0d2a694e69305a474ab5a5f529ed5c3f6b5d2ff0b0d0ab6c480e7214caaf937773e321fbe159016e3625
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x5f327f6f5ca06ac1405a5905256e67e5
(109) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 153 from 192.168.99.121:49210 to 192.168.99.101:1812 length 289
	Message-Authenticator = 0xd79d17a50af57d3ba80e6f2d0164229d
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c400d01580000000c6160301008610000082008003e849a14576ae89e653e4cd83ee2ff27e46ca99450f544524d329d817a55bfbe92ee6e45a2e9be47a4d7972849f69e86cb0057342bbe032bd176202cb6613f3521fb512cba875a39d19445a5cf38119d9448cc468d80d223cf080e517f5f72bbf079016c5d4e37197dc74fcf1b034ab77a72473e96402ba2996e61147af0ad314030100010116030100305117bb2605b17d746dbe19282bd4cb28802154093df36c770ffdf27b6e69d94f865f32bcff6fa54fdc2d0241a2e8956d
	State = 0xb389e17fb14df4530af414f830487063
(110) Received Access-Request packet from host 192.168.99.121 port 49210, id=153, length=289
(110) 	Message-Authenticator = 0xd79d17a50af57d3ba80e6f2d0164229d
(110) 	NAS-Identifier = 'BS'
(110) 	User-Name = 'CPE11@siemens.com'
(110) 	EAP-Message = 0x02c400d01580000000c6160301008610000082008003e849a14576ae89e653e4cd83ee2ff27e46ca99450f544524d329d817a55bfbe92ee6e45a2e9be47a4d7972849f69e86cb0057342bbe032bd176202cb6613f3521fb512cba875a39d19445a5cf38119d9448cc468d80d223cf080e517f5f72bbf079016c5d4e37197dc74fcf1b034ab77a72473e96402ba2996e61147af0ad314030100010116030100305117bb2605b17d746dbe19282bd4cb28802154093df36c770ffdf27b6e69d94f865f32bcff6fa54fdc2d0241a2e8956d
(110) 	State = 0xb389e17fb14df4530af414f830487063
(110) # Executing section authorize from file /etc/raddb/sites-enabled/default
(110)   authorize {
(110)   filter_username filter_username {
(110)     if (!&User-Name) 
(110)     if (!&User-Name)  -> FALSE
(110)     if (&User-Name =~ / /) 
(110)     if (&User-Name =~ / /)  -> FALSE
(110)     if (&User-Name =~ /@.*@/ ) 
(110)     if (&User-Name =~ /@.*@/ )  -> FALSE
(110)     if (&User-Name =~ /\\.\\./ ) 
(110)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(110)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(110)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(110)     if (&User-Name =~ /\\.$/)  
(110)     if (&User-Name =~ /\\.$/)   -> FALSE
(110)     if (&User-Name =~ /@\\./)  
(110)     if (&User-Name =~ /@\\./)   -> FALSE
(110)   } # filter_username filter_username = notfound
(110)   [preprocess] = ok
(110)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(110)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(110)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(110)  auth_log : EXPAND %t
(110)  auth_log :    --> Wed Feb 14 20:04:56 2018
(110)   [auth_log] = ok
(110)   [chap] = noop
(110)   [mschap] = noop
(110)   [digest] = noop
(110)   [wimax] = noop
(110)  suffix : Checking for suffix after "@"
(110)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(110)  suffix : No such realm "siemens.com"
(110)   [suffix] = noop
(110)  eap : Peer sent code Response (2) ID 196 length 208
(110)  eap : Continuing tunnel setup
(110)   [eap] = ok
(110)  } #  authorize = ok
(110) Found Auth-Type = EAP
(110) # Executing group from file /etc/raddb/sites-enabled/default
(110)   authenticate {
(110)  eap : Expiring EAP session with state 0x34b58d2c37779811
(110)  eap : Finished EAP session with state 0xb389e17fb14df453
(110)  eap : Previous EAP request found for state 0xb389e17fb14df453, released from the list
(110)  eap : Peer sent method TTLS (21)
(110)  eap : EAP TTLS (21)
(110)  eap : Calling eap_ttls to process EAP data
(110)  eap_ttls : Authenticate
(110)  eap_ttls : processing EAP-TLS
  TLS Length 198
(110)  eap_ttls : Length Included
(110)  eap_ttls : eaptls_verify returned 11 
(110)  eap_ttls : <<< Unknown TLS version [length 0005] 
(110)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(110)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(110)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(110)  eap_ttls : <<< Unknown TLS version [length 0005] 
(110)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(110)  eap_ttls : <<< Unknown TLS version [length 0005] 
(110)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(110)  eap_ttls : TLS_accept: SSLv3 read finished A
(110)  eap_ttls : >>> Unknown TLS version [length 0005] 
(110)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(110)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(110)  eap_ttls : >>> Unknown TLS version [length 0005] 
(110)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(110)  eap_ttls : TLS_accept: SSLv3 write finished A
(110)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 83d36cb6bd69c398b33b1b6503eea5ef61e84c8327e960219bb4237ec7fc671f to cache
(110)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(110)  eap_ttls : eaptls_process returned 13 
(110)  eap : New EAP session, adding 'State' attribute to reply 0xb389e17fb04cf453
(110)   [eap] = handled
(110)  } #  authenticate = handled
(110) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=153, length=0
(110) 	EAP-Message = 0x01c5004515800000003b14030100010116030100305f38329c81c776fca37efcbba3e648b5c959aa52bcf1822a077a306e1ee4547792318e6862ff286c4d1732d2a34c2fc1
(110) 	Message-Authenticator = 0x00000000000000000000000000000000
(110) 	State = 0xb389e17fb04cf4530af414f830487063
Sending Access-Challenge Id 153 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c5004515800000003b14030100010116030100305f38329c81c776fca37efcbba3e648b5c959aa52bcf1822a077a306e1ee4547792318e6862ff286c4d1732d2a34c2fc1
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xb389e17fb04cf4530af414f830487063
(110) Finished request
Waking up in 0.2 seconds.
Waking up in 0.4 seconds.
(92) Cleaning up request packet ID 108 with timestamp +96
(93) Cleaning up request packet ID 127 with timestamp +96
(94) Cleaning up request packet ID 128 with timestamp +96
(95) Cleaning up request packet ID 129 with timestamp +96
Waking up in 1.3 seconds.
Received Access-Request Id 112 from 192.168.99.122:49321 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0x8da712bff6a1879c854ea82c7c383830
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02b400d01580000000c61603010086100000820080aa008c8934fe32e2eb25ccf995eba8dbfc174d9c622992e5ce5692af9dd21fe9134c6e9561b2f93e33550c418a5941980a356c02f62faf6ea334c07f5d41159dffd8bf760459a5c7bfcb3b1af95bfa9367baf9f548a3aa3999952889129a7e4c25fba55d115717a83071cf048c1b2aa46cd49c8d5778efa45ee7914b931dada414030100010116030100304a1b102ce1c782ef65c38d83bceef425fc1cbeb268972e151877f7eb305ba3cddfab2a6b6737e4dd3edaa4a36a2aab39
	State = 0xbdcf9115bf7b84cb04796716200342df
(111) Received Access-Request packet from host 192.168.99.122 port 49321, id=112, length=288
(111) 	Message-Authenticator = 0x8da712bff6a1879c854ea82c7c383830
(111) 	NAS-Identifier = 'BS'
(111) 	User-Name = 'CPE7@siemens.com'
(111) 	EAP-Message = 0x02b400d01580000000c61603010086100000820080aa008c8934fe32e2eb25ccf995eba8dbfc174d9c622992e5ce5692af9dd21fe9134c6e9561b2f93e33550c418a5941980a356c02f62faf6ea334c07f5d41159dffd8bf760459a5c7bfcb3b1af95bfa9367baf9f548a3aa3999952889129a7e4c25fba55d115717a83071cf048c1b2aa46cd49c8d5778efa45ee7914b931dada414030100010116030100304a1b102ce1c782ef65c38d83bceef425fc1cbeb268972e151877f7eb305ba3cddfab2a6b6737e4dd3edaa4a36a2aab39
(111) 	State = 0xbdcf9115bf7b84cb04796716200342df
(111) # Executing section authorize from file /etc/raddb/sites-enabled/default
(111)   authorize {
(111)   filter_username filter_username {
(111)     if (!&User-Name) 
(111)     if (!&User-Name)  -> FALSE
(111)     if (&User-Name =~ / /) 
(111)     if (&User-Name =~ / /)  -> FALSE
(111)     if (&User-Name =~ /@.*@/ ) 
(111)     if (&User-Name =~ /@.*@/ )  -> FALSE
(111)     if (&User-Name =~ /\\.\\./ ) 
(111)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(111)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(111)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(111)     if (&User-Name =~ /\\.$/)  
(111)     if (&User-Name =~ /\\.$/)   -> FALSE
(111)     if (&User-Name =~ /@\\./)  
(111)     if (&User-Name =~ /@\\./)   -> FALSE
(111)   } # filter_username filter_username = notfound
(111)   [preprocess] = ok
(111)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(111)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(111)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(111)  auth_log : EXPAND %t
(111)  auth_log :    --> Wed Feb 14 20:04:58 2018
(111)   [auth_log] = ok
(111)   [chap] = noop
(111)   [mschap] = noop
(111)   [digest] = noop
(111)   [wimax] = noop
(111)  suffix : Checking for suffix after "@"
(111)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(111)  suffix : No such realm "siemens.com"
(111)   [suffix] = noop
(111)  eap : Peer sent code Response (2) ID 180 length 208
(111)  eap : Continuing tunnel setup
(111)   [eap] = ok
(111)  } #  authorize = ok
(111) Found Auth-Type = EAP
(111) # Executing group from file /etc/raddb/sites-enabled/default
(111)   authenticate {
(111)  eap : Expiring EAP session with state 0x34b58d2c37779811
(111)  eap : Finished EAP session with state 0xbdcf9115bf7b84cb
(111)  eap : Previous EAP request found for state 0xbdcf9115bf7b84cb, released from the list
(111)  eap : Peer sent method TTLS (21)
(111)  eap : EAP TTLS (21)
(111)  eap : Calling eap_ttls to process EAP data
(111)  eap_ttls : Authenticate
(111)  eap_ttls : processing EAP-TLS
  TLS Length 198
(111)  eap_ttls : Length Included
(111)  eap_ttls : eaptls_verify returned 11 
(111)  eap_ttls : <<< Unknown TLS version [length 0005] 
(111)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(111)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(111)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(111)  eap_ttls : <<< Unknown TLS version [length 0005] 
(111)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(111)  eap_ttls : <<< Unknown TLS version [length 0005] 
(111)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(111)  eap_ttls : TLS_accept: SSLv3 read finished A
(111)  eap_ttls : >>> Unknown TLS version [length 0005] 
(111)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(111)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(111)  eap_ttls : >>> Unknown TLS version [length 0005] 
(111)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(111)  eap_ttls : TLS_accept: SSLv3 write finished A
(111)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session ed1a53cbe1a0aafa90d0ce8e515d37587d5543b48b2502c2e901d1a1f61926ad to cache
(111)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(111)  eap_ttls : eaptls_process returned 13 
(111)  eap : New EAP session, adding 'State' attribute to reply 0xbdcf9115be7a84cb
(111)   [eap] = handled
(111)  } #  authenticate = handled
(111) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=112, length=0
(111) 	EAP-Message = 0x01b5004515800000003b140301000101160301003076d6fe6547fa8041805168e7d5d9340f09780c363d45211ccb5fcc232b9edc1594e1c7219b6928363c8bedb526803b48
(111) 	Message-Authenticator = 0x00000000000000000000000000000000
(111) 	State = 0xbdcf9115be7a84cb04796716200342df
Sending Access-Challenge Id 112 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b5004515800000003b140301000101160301003076d6fe6547fa8041805168e7d5d9340f09780c363d45211ccb5fcc232b9edc1594e1c7219b6928363c8bedb526803b48
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xbdcf9115be7a84cb04796716200342df
(111) Finished request
Waking up in 0.3 seconds.
Waking up in 0.5 seconds.
(96) Cleaning up request packet ID 130 with timestamp +98
(97) Cleaning up request packet ID 131 with timestamp +98
(98) Cleaning up request packet ID 132 with timestamp +98
(99) Cleaning up request packet ID 1 with timestamp +98
(100) Cleaning up request packet ID 150 with timestamp +98
(101) Cleaning up request packet ID 1 with timestamp +98
(102) Cleaning up request packet ID 151 with timestamp +98
(103) Cleaning up request packet ID 152 with timestamp +98
Waking up in 0.1 seconds.
(104) Cleaning up request packet ID 1 with timestamp +98
Waking up in 0.6 seconds.
Received Access-Request Id 113 from 192.168.99.122:49321 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0xb62846a7e21fdbcde3c7277a70177582
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02b200150143504536407369656d656e732e636f6d
(112) Received Access-Request packet from host 192.168.99.122 port 49321, id=113, length=83
(112) 	Message-Authenticator = 0xb62846a7e21fdbcde3c7277a70177582
(112) 	NAS-Identifier = 'BS'
(112) 	User-Name = 'CPE6@siemens.com'
(112) 	EAP-Message = 0x02b200150143504536407369656d656e732e636f6d
(112) # Executing section authorize from file /etc/raddb/sites-enabled/default
(112)   authorize {
(112)   filter_username filter_username {
(112)     if (!&User-Name) 
(112)     if (!&User-Name)  -> FALSE
(112)     if (&User-Name =~ / /) 
(112)     if (&User-Name =~ / /)  -> FALSE
(112)     if (&User-Name =~ /@.*@/ ) 
(112)     if (&User-Name =~ /@.*@/ )  -> FALSE
(112)     if (&User-Name =~ /\\.\\./ ) 
(112)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(112)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(112)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(112)     if (&User-Name =~ /\\.$/)  
(112)     if (&User-Name =~ /\\.$/)   -> FALSE
(112)     if (&User-Name =~ /@\\./)  
(112)     if (&User-Name =~ /@\\./)   -> FALSE
(112)   } # filter_username filter_username = notfound
(112)   [preprocess] = ok
(112)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(112)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(112)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(112)  auth_log : EXPAND %t
(112)  auth_log :    --> Wed Feb 14 20:04:59 2018
(112)   [auth_log] = ok
(112)   [chap] = noop
(112)   [mschap] = noop
(112)   [digest] = noop
(112)   [wimax] = noop
(112)  suffix : Checking for suffix after "@"
(112)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(112)  suffix : No such realm "siemens.com"
(112)   [suffix] = noop
(112)  eap : Peer sent code Response (2) ID 178 length 21
(112)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(112)   [eap] = ok
(112)  } #  authorize = ok
(112) Found Auth-Type = EAP
(112) # Executing group from file /etc/raddb/sites-enabled/default
(112)   authenticate {
(112)  eap : Peer sent method Identity (1)
(112)  eap : Calling eap_ttls to process EAP data
(112)  eap_ttls : Initiate
(112)  eap_ttls : Start returned 1
(112)  eap : New EAP session, adding 'State' attribute to reply 0x78484d8678fb58d6
(112)   [eap] = handled
(112)  } #  authenticate = handled
(112) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=113, length=0
(112) 	EAP-Message = 0x01b300061520
(112) 	Message-Authenticator = 0x00000000000000000000000000000000
(112) 	State = 0x78484d8678fb58d68ad56c60d995f85c
Sending Access-Challenge Id 113 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b300061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x78484d8678fb58d68ad56c60d995f85c
(112) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 114 from 192.168.99.122:49321 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0xc0a38ba0a6d33505106bcaef3e24131d
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02b3006a158000000060160301005b01000057030154acd5416b2a09ec6015e2468d83886ca6e779c33c66123e658c1182751364cf00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x78484d8678fb58d68ad56c60d995f85c
(113) Received Access-Request packet from host 192.168.99.122 port 49321, id=114, length=186
(113) 	Message-Authenticator = 0xc0a38ba0a6d33505106bcaef3e24131d
(113) 	NAS-Identifier = 'BS'
(113) 	User-Name = 'CPE6@siemens.com'
(113) 	EAP-Message = 0x02b3006a158000000060160301005b01000057030154acd5416b2a09ec6015e2468d83886ca6e779c33c66123e658c1182751364cf00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(113) 	State = 0x78484d8678fb58d68ad56c60d995f85c
(113) # Executing section authorize from file /etc/raddb/sites-enabled/default
(113)   authorize {
(113)   filter_username filter_username {
(113)     if (!&User-Name) 
(113)     if (!&User-Name)  -> FALSE
(113)     if (&User-Name =~ / /) 
(113)     if (&User-Name =~ / /)  -> FALSE
(113)     if (&User-Name =~ /@.*@/ ) 
(113)     if (&User-Name =~ /@.*@/ )  -> FALSE
(113)     if (&User-Name =~ /\\.\\./ ) 
(113)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(113)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(113)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(113)     if (&User-Name =~ /\\.$/)  
(113)     if (&User-Name =~ /\\.$/)   -> FALSE
(113)     if (&User-Name =~ /@\\./)  
(113)     if (&User-Name =~ /@\\./)   -> FALSE
(113)   } # filter_username filter_username = notfound
(113)   [preprocess] = ok
(113)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(113)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(113)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(113)  auth_log : EXPAND %t
(113)  auth_log :    --> Wed Feb 14 20:04:59 2018
(113)   [auth_log] = ok
(113)   [chap] = noop
(113)   [mschap] = noop
(113)   [digest] = noop
(113)   [wimax] = noop
(113)  suffix : Checking for suffix after "@"
(113)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(113)  suffix : No such realm "siemens.com"
(113)   [suffix] = noop
(113)  eap : Peer sent code Response (2) ID 179 length 106
(113)  eap : Continuing tunnel setup
(113)   [eap] = ok
(113)  } #  authorize = ok
(113) Found Auth-Type = EAP
(113) # Executing group from file /etc/raddb/sites-enabled/default
(113)   authenticate {
(113)  eap : Expiring EAP session with state 0x34b58d2c37779811
(113)  eap : Finished EAP session with state 0x78484d8678fb58d6
(113)  eap : Previous EAP request found for state 0x78484d8678fb58d6, released from the list
(113)  eap : Peer sent method TTLS (21)
(113)  eap : EAP TTLS (21)
(113)  eap : Calling eap_ttls to process EAP data
(113)  eap_ttls : Authenticate
(113)  eap_ttls : processing EAP-TLS
  TLS Length 96
(113)  eap_ttls : Length Included
(113)  eap_ttls : eaptls_verify returned 11 
(113)  eap_ttls : (other): before/accept initialization
(113)  eap_ttls : TLS_accept: before/accept initialization
(113)  eap_ttls : <<< Unknown TLS version [length 0005] 
(113)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(113)  eap_ttls : TLS_accept: SSLv3 read client hello A
(113)  eap_ttls : >>> Unknown TLS version [length 0005] 
(113)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(113)  eap_ttls : TLS_accept: SSLv3 write server hello A
(113)  eap_ttls : >>> Unknown TLS version [length 0005] 
(113)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(113)  eap_ttls : TLS_accept: SSLv3 write certificate A
(113)  eap_ttls : >>> Unknown TLS version [length 0005] 
(113)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(113)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(113)  eap_ttls : >>> Unknown TLS version [length 0005] 
(113)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(113)  eap_ttls : TLS_accept: SSLv3 write server done A
(113)  eap_ttls : TLS_accept: SSLv3 flush data
(113)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(113)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(113)  eap_ttls : eaptls_process returned 13 
(113)  eap : New EAP session, adding 'State' attribute to reply 0x78484d8679fc58d6
(113)   [eap] = handled
(113)  } #  authenticate = handled
(113) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=114, length=0
(113) 	EAP-Message = 0x01b403ec15c000000702160301004a0200004603016cf05a2818a34e20c6b679ece7be14952e5ffed4a78abc01d9a891f0c9233d7b203bd8b54d0b9e3055e01445cf198fc6b11a11ceb9e570dcc0227f70928fe2c29a00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(113) 	Message-Authenticator = 0x00000000000000000000000000000000
(113) 	State = 0x78484d8679fc58d68ad56c60d995f85c
Sending Access-Challenge Id 114 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b403ec15c000000702160301004a0200004603016cf05a2818a34e20c6b679ece7be14952e5ffed4a78abc01d9a891f0c9233d7b203bd8b54d0b9e3055e01445cf198fc6b11a11ceb9e570dcc0227f70928fe2c29a00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x78484d8679fc58d68ad56c60d995f85c
(113) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 115 from 192.168.99.122:49321 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0xbe0cfa40b82fbc8cfafa0a89174fb6c6
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02b400061500
	State = 0x78484d8679fc58d68ad56c60d995f85c
(114) Received Access-Request packet from host 192.168.99.122 port 49321, id=115, length=86
(114) 	Message-Authenticator = 0xbe0cfa40b82fbc8cfafa0a89174fb6c6
(114) 	NAS-Identifier = 'BS'
(114) 	User-Name = 'CPE6@siemens.com'
(114) 	EAP-Message = 0x02b400061500
(114) 	State = 0x78484d8679fc58d68ad56c60d995f85c
(114) # Executing section authorize from file /etc/raddb/sites-enabled/default
(114)   authorize {
(114)   filter_username filter_username {
(114)     if (!&User-Name) 
(114)     if (!&User-Name)  -> FALSE
(114)     if (&User-Name =~ / /) 
(114)     if (&User-Name =~ / /)  -> FALSE
(114)     if (&User-Name =~ /@.*@/ ) 
(114)     if (&User-Name =~ /@.*@/ )  -> FALSE
(114)     if (&User-Name =~ /\\.\\./ ) 
(114)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(114)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(114)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(114)     if (&User-Name =~ /\\.$/)  
(114)     if (&User-Name =~ /\\.$/)   -> FALSE
(114)     if (&User-Name =~ /@\\./)  
(114)     if (&User-Name =~ /@\\./)   -> FALSE
(114)   } # filter_username filter_username = notfound
(114)   [preprocess] = ok
(114)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(114)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(114)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(114)  auth_log : EXPAND %t
(114)  auth_log :    --> Wed Feb 14 20:04:59 2018
(114)   [auth_log] = ok
(114)   [chap] = noop
(114)   [mschap] = noop
(114)   [digest] = noop
(114)   [wimax] = noop
(114)  suffix : Checking for suffix after "@"
(114)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(114)  suffix : No such realm "siemens.com"
(114)   [suffix] = noop
(114)  eap : Peer sent code Response (2) ID 180 length 6
(114)  eap : Continuing tunnel setup
(114)   [eap] = ok
(114)  } #  authorize = ok
(114) Found Auth-Type = EAP
(114) # Executing group from file /etc/raddb/sites-enabled/default
(114)   authenticate {
(114)  eap : Expiring EAP session with state 0x34b58d2c37779811
(114)  eap : Finished EAP session with state 0x78484d8679fc58d6
(114)  eap : Previous EAP request found for state 0x78484d8679fc58d6, released from the list
(114)  eap : Peer sent method TTLS (21)
(114)  eap : EAP TTLS (21)
(114)  eap : Calling eap_ttls to process EAP data
(114)  eap_ttls : Authenticate
(114)  eap_ttls : processing EAP-TLS
(114)  eap_ttls : Received TLS ACK
(114)  eap_ttls : Received TLS ACK
(114)  eap_ttls : ACK handshake fragment handler
(114)  eap_ttls : eaptls_verify returned 1 
(114)  eap_ttls : eaptls_process returned 13 
(114)  eap : New EAP session, adding 'State' attribute to reply 0x78484d867afd58d6
(114)   [eap] = handled
(114)  } #  authenticate = handled
(114) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=115, length=0
(114) 	EAP-Message = 0x01b5032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(114) 	Message-Authenticator = 0x00000000000000000000000000000000
(114) 	State = 0x78484d867afd58d68ad56c60d995f85c
Sending Access-Challenge Id 115 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b5032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x78484d867afd58d68ad56c60d995f85c
(114) Finished request
Waking up in 0.1 seconds.
(105) Cleaning up request packet ID 133 with timestamp +99
Waking up in 0.1 seconds.
Received Access-Request Id 1 from 192.168.99.121:49210 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(115) Received Access-Request packet from host 192.168.99.121 port 49210, id=1, length=49
(115) 	NAS-Identifier = 'BS'
(115) 	User-Name = 'dummy'
(115) 	User-Password = '*PASSWORD*'
(115) # Executing section authorize from file /etc/raddb/sites-enabled/default
(115)   authorize {
(115)   filter_username filter_username {
(115)     if (!&User-Name) 
(115)     if (!&User-Name)  -> FALSE
(115)     if (&User-Name =~ / /) 
(115)     if (&User-Name =~ / /)  -> FALSE
(115)     if (&User-Name =~ /@.*@/ ) 
(115)     if (&User-Name =~ /@.*@/ )  -> FALSE
(115)     if (&User-Name =~ /\\.\\./ ) 
(115)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(115)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(115)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(115)     if (&User-Name =~ /\\.$/)  
(115)     if (&User-Name =~ /\\.$/)   -> FALSE
(115)     if (&User-Name =~ /@\\./)  
(115)     if (&User-Name =~ /@\\./)   -> FALSE
(115)   } # filter_username filter_username = notfound
(115)   [preprocess] = ok
(115)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(115)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(115)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(115)  auth_log : EXPAND %t
(115)  auth_log :    --> Wed Feb 14 20:05:00 2018
(115)   [auth_log] = ok
(115)   [chap] = noop
(115)   [mschap] = noop
(115)   [digest] = noop
(115)   [wimax] = noop
(115)  suffix : Checking for suffix after "@"
(115)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(115)  suffix : No such realm "NULL"
(115)   [suffix] = noop
(115)  eap : No EAP-Message, not doing EAP
(115)   [eap] = noop
(115)  files : users: Matched entry dummy at line 159
(115)   [files] = ok
(115)   [expiration] = noop
(115)   [logintime] = noop
(115)   [pap] = updated
(115)  } #  authorize = updated
(115) Found Auth-Type = PAP
(115) # Executing group from file /etc/raddb/sites-enabled/default
(115)  Auth-Type PAP {
(115)  pap : Login attempt with password
(115)  pap : User authenticated successfully
(115)   [pap] = ok
(115)  } # Auth-Type PAP = ok
(115) Login OK: [dummy] (from client BS1 port 0)
(115) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(115)   post-auth {
(115)   [exec] = noop
(115)   update reply {
(115) 	Session-Timeout := 1800
(115)   } # update reply = noop
(115)   remove_reply_message_if_eap remove_reply_message_if_eap {
(115)     if (&reply:EAP-Message && &reply:Reply-Message) 
(115)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(115)    else else {
(115)     [noop] = noop
(115)    } # else else = noop
(115)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(115)  } #  post-auth = noop
(115) Sending Access-Accept packet to host 192.168.99.121 port 49210, id=1, length=0
(115) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.121:49210
	Session-Timeout := 1800
(115) Finished request
Waking up in 0.2 seconds.
(106) Cleaning up request packet ID 109 with timestamp +99
(107) Cleaning up request packet ID 110 with timestamp +99
(108) Cleaning up request packet ID 111 with timestamp +99
Waking up in 0.8 seconds.
(109) Cleaning up request packet ID 134 with timestamp +100
(110) Cleaning up request packet ID 153 with timestamp +100
Waking up in 1.4 seconds.
Received Access-Request Id 135 from 192.168.99.123:49286 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x5f5fefc13a18f22ed3a8200419510f1c
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x028f00150143504538407369656d656e732e636f6d
(116) Received Access-Request packet from host 192.168.99.123 port 49286, id=135, length=83
(116) 	Message-Authenticator = 0x5f5fefc13a18f22ed3a8200419510f1c
(116) 	NAS-Identifier = 'BS'
(116) 	User-Name = 'CPE8@siemens.com'
(116) 	EAP-Message = 0x028f00150143504538407369656d656e732e636f6d
(116) # Executing section authorize from file /etc/raddb/sites-enabled/default
(116)   authorize {
(116)   filter_username filter_username {
(116)     if (!&User-Name) 
(116)     if (!&User-Name)  -> FALSE
(116)     if (&User-Name =~ / /) 
(116)     if (&User-Name =~ / /)  -> FALSE
(116)     if (&User-Name =~ /@.*@/ ) 
(116)     if (&User-Name =~ /@.*@/ )  -> FALSE
(116)     if (&User-Name =~ /\\.\\./ ) 
(116)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(116)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(116)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(116)     if (&User-Name =~ /\\.$/)  
(116)     if (&User-Name =~ /\\.$/)   -> FALSE
(116)     if (&User-Name =~ /@\\./)  
(116)     if (&User-Name =~ /@\\./)   -> FALSE
(116)   } # filter_username filter_username = notfound
(116)   [preprocess] = ok
(116)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(116)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(116)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(116)  auth_log : EXPAND %t
(116)  auth_log :    --> Wed Feb 14 20:05:02 2018
(116)   [auth_log] = ok
(116)   [chap] = noop
(116)   [mschap] = noop
(116)   [digest] = noop
(116)   [wimax] = noop
(116)  suffix : Checking for suffix after "@"
(116)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(116)  suffix : No such realm "siemens.com"
(116)   [suffix] = noop
(116)  eap : Peer sent code Response (2) ID 143 length 21
(116)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(116)   [eap] = ok
(116)  } #  authorize = ok
(116) Found Auth-Type = EAP
(116) # Executing group from file /etc/raddb/sites-enabled/default
(116)   authenticate {
(116)  eap : Peer sent method Identity (1)
(116)  eap : Calling eap_ttls to process EAP data
(116)  eap_ttls : Initiate
(116)  eap_ttls : Start returned 1
(116)  eap : New EAP session, adding 'State' attribute to reply 0xe8df682ee84f7d7a
(116)   [eap] = handled
(116)  } #  authenticate = handled
(116) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=135, length=0
(116) 	EAP-Message = 0x019000061520
(116) 	Message-Authenticator = 0x00000000000000000000000000000000
(116) 	State = 0xe8df682ee84f7d7aa2e41343dc80ec4d
Sending Access-Challenge Id 135 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019000061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xe8df682ee84f7d7aa2e41343dc80ec4d
(116) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 116 from 192.168.99.122:49321 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0xdb2b288fe35fde427b1d7fbc5b75bf04
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02b500d01580000000c616030100861000008200808ab8e4ed8c2c7fa97fa93cd2fdc7d0ffb18caa5e696abfaddda1158032d470452304e91fb1e0d8ff45f042f1836d7bad74a5e4fc2f9fa8b646e282d77f0b165341dbcac73a28bbdb7f78f270d5b9499b7385c30cfd0dc002dbc581d5b0f95b86ade200e6e698d19b102fbbcbf4bd4d06049e383513a9ae711dacd423547381891403010001011603010030a292985c0b4a38cf17999ef51c299992db866abdb968a7f0c1476eec4d2549352fdd394def666d62c672e2308f120977
	State = 0x78484d867afd58d68ad56c60d995f85c
(117) Received Access-Request packet from host 192.168.99.122 port 49321, id=116, length=288
(117) 	Message-Authenticator = 0xdb2b288fe35fde427b1d7fbc5b75bf04
(117) 	NAS-Identifier = 'BS'
(117) 	User-Name = 'CPE6@siemens.com'
(117) 	EAP-Message = 0x02b500d01580000000c616030100861000008200808ab8e4ed8c2c7fa97fa93cd2fdc7d0ffb18caa5e696abfaddda1158032d470452304e91fb1e0d8ff45f042f1836d7bad74a5e4fc2f9fa8b646e282d77f0b165341dbcac73a28bbdb7f78f270d5b9499b7385c30cfd0dc002dbc581d5b0f95b86ade200e6e698d19b102fbbcbf4bd4d06049e383513a9ae711dacd423547381891403010001011603010030a292985c0b4a38cf17999ef51c299992db866abdb968a7f0c1476eec4d2549352fdd394def666d62c672e2308f120977
(117) 	State = 0x78484d867afd58d68ad56c60d995f85c
(117) # Executing section authorize from file /etc/raddb/sites-enabled/default
(117)   authorize {
(117)   filter_username filter_username {
(117)     if (!&User-Name) 
(117)     if (!&User-Name)  -> FALSE
(117)     if (&User-Name =~ / /) 
(117)     if (&User-Name =~ / /)  -> FALSE
(117)     if (&User-Name =~ /@.*@/ ) 
(117)     if (&User-Name =~ /@.*@/ )  -> FALSE
(117)     if (&User-Name =~ /\\.\\./ ) 
(117)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(117)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(117)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(117)     if (&User-Name =~ /\\.$/)  
(117)     if (&User-Name =~ /\\.$/)   -> FALSE
(117)     if (&User-Name =~ /@\\./)  
(117)     if (&User-Name =~ /@\\./)   -> FALSE
(117)   } # filter_username filter_username = notfound
(117)   [preprocess] = ok
(117)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(117)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(117)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(117)  auth_log : EXPAND %t
(117)  auth_log :    --> Wed Feb 14 20:05:02 2018
(117)   [auth_log] = ok
(117)   [chap] = noop
(117)   [mschap] = noop
(117)   [digest] = noop
(117)   [wimax] = noop
(117)  suffix : Checking for suffix after "@"
(117)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(117)  suffix : No such realm "siemens.com"
(117)   [suffix] = noop
(117)  eap : Peer sent code Response (2) ID 181 length 208
(117)  eap : Continuing tunnel setup
(117)   [eap] = ok
(117)  } #  authorize = ok
(117) Found Auth-Type = EAP
(117) # Executing group from file /etc/raddb/sites-enabled/default
(117)   authenticate {
(117)  eap : Expiring EAP session with state 0x34b58d2c37779811
(117)  eap : Finished EAP session with state 0x78484d867afd58d6
(117)  eap : Previous EAP request found for state 0x78484d867afd58d6, released from the list
(117)  eap : Peer sent method TTLS (21)
(117)  eap : EAP TTLS (21)
(117)  eap : Calling eap_ttls to process EAP data
(117)  eap_ttls : Authenticate
(117)  eap_ttls : processing EAP-TLS
  TLS Length 198
(117)  eap_ttls : Length Included
(117)  eap_ttls : eaptls_verify returned 11 
(117)  eap_ttls : <<< Unknown TLS version [length 0005] 
(117)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(117)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(117)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(117)  eap_ttls : <<< Unknown TLS version [length 0005] 
(117)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(117)  eap_ttls : <<< Unknown TLS version [length 0005] 
(117)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(117)  eap_ttls : TLS_accept: SSLv3 read finished A
(117)  eap_ttls : >>> Unknown TLS version [length 0005] 
(117)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(117)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(117)  eap_ttls : >>> Unknown TLS version [length 0005] 
(117)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(117)  eap_ttls : TLS_accept: SSLv3 write finished A
(117)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 3bd8b54d0b9e3055e01445cf198fc6b11a11ceb9e570dcc0227f70928fe2c29a to cache
(117)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(117)  eap_ttls : eaptls_process returned 13 
(117)  eap : New EAP session, adding 'State' attribute to reply 0x78484d867bfe58d6
(117)   [eap] = handled
(117)  } #  authenticate = handled
(117) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=116, length=0
(117) 	EAP-Message = 0x01b6004515800000003b140301000101160301003006aa7c99a6903b9d37c1a29d0f4e84534dcac690936469a3986c3a61bfdce0b26d1123ec1ab9d63f9c2d93caf3bdd52a
(117) 	Message-Authenticator = 0x00000000000000000000000000000000
(117) 	State = 0x78484d867bfe58d68ad56c60d995f85c
Sending Access-Challenge Id 116 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b6004515800000003b140301000101160301003006aa7c99a6903b9d37c1a29d0f4e84534dcac690936469a3986c3a61bfdce0b26d1123ec1ab9d63f9c2d93caf3bdd52a
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x78484d867bfe58d68ad56c60d995f85c
(117) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 136 from 192.168.99.123:49286 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x3f0f87cb4b5f05e41cd6048b5d9ea658
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x0290006a158000000060160301005b01000057030154a650d8a54ca352fe1c584ecbc41a5303d53c06677094cd29efa544ccb8dda100003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0xe8df682ee84f7d7aa2e41343dc80ec4d
(118) Received Access-Request packet from host 192.168.99.123 port 49286, id=136, length=186
(118) 	Message-Authenticator = 0x3f0f87cb4b5f05e41cd6048b5d9ea658
(118) 	NAS-Identifier = 'BS'
(118) 	User-Name = 'CPE8@siemens.com'
(118) 	EAP-Message = 0x0290006a158000000060160301005b01000057030154a650d8a54ca352fe1c584ecbc41a5303d53c06677094cd29efa544ccb8dda100003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(118) 	State = 0xe8df682ee84f7d7aa2e41343dc80ec4d
(118) # Executing section authorize from file /etc/raddb/sites-enabled/default
(118)   authorize {
(118)   filter_username filter_username {
(118)     if (!&User-Name) 
(118)     if (!&User-Name)  -> FALSE
(118)     if (&User-Name =~ / /) 
(118)     if (&User-Name =~ / /)  -> FALSE
(118)     if (&User-Name =~ /@.*@/ ) 
(118)     if (&User-Name =~ /@.*@/ )  -> FALSE
(118)     if (&User-Name =~ /\\.\\./ ) 
(118)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(118)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(118)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(118)     if (&User-Name =~ /\\.$/)  
(118)     if (&User-Name =~ /\\.$/)   -> FALSE
(118)     if (&User-Name =~ /@\\./)  
(118)     if (&User-Name =~ /@\\./)   -> FALSE
(118)   } # filter_username filter_username = notfound
(118)   [preprocess] = ok
(118)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(118)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(118)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(118)  auth_log : EXPAND %t
(118)  auth_log :    --> Wed Feb 14 20:05:02 2018
(118)   [auth_log] = ok
(118)   [chap] = noop
(118)   [mschap] = noop
(118)   [digest] = noop
(118)   [wimax] = noop
(118)  suffix : Checking for suffix after "@"
(118)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(118)  suffix : No such realm "siemens.com"
(118)   [suffix] = noop
(118)  eap : Peer sent code Response (2) ID 144 length 106
(118)  eap : Continuing tunnel setup
(118)   [eap] = ok
(118)  } #  authorize = ok
(118) Found Auth-Type = EAP
(118) # Executing group from file /etc/raddb/sites-enabled/default
(118)   authenticate {
(118)  eap : Expiring EAP session with state 0x34b58d2c37779811
(118)  eap : Finished EAP session with state 0xe8df682ee84f7d7a
(118)  eap : Previous EAP request found for state 0xe8df682ee84f7d7a, released from the list
(118)  eap : Peer sent method TTLS (21)
(118)  eap : EAP TTLS (21)
(118)  eap : Calling eap_ttls to process EAP data
(118)  eap_ttls : Authenticate
(118)  eap_ttls : processing EAP-TLS
  TLS Length 96
(118)  eap_ttls : Length Included
(118)  eap_ttls : eaptls_verify returned 11 
(118)  eap_ttls : (other): before/accept initialization
(118)  eap_ttls : TLS_accept: before/accept initialization
(118)  eap_ttls : <<< Unknown TLS version [length 0005] 
(118)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(118)  eap_ttls : TLS_accept: SSLv3 read client hello A
(118)  eap_ttls : >>> Unknown TLS version [length 0005] 
(118)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(118)  eap_ttls : TLS_accept: SSLv3 write server hello A
(118)  eap_ttls : >>> Unknown TLS version [length 0005] 
(118)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(118)  eap_ttls : TLS_accept: SSLv3 write certificate A
(118)  eap_ttls : >>> Unknown TLS version [length 0005] 
(118)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(118)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(118)  eap_ttls : >>> Unknown TLS version [length 0005] 
(118)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(118)  eap_ttls : TLS_accept: SSLv3 write server done A
(118)  eap_ttls : TLS_accept: SSLv3 flush data
(118)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(118)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(118)  eap_ttls : eaptls_process returned 13 
(118)  eap : New EAP session, adding 'State' attribute to reply 0xe8df682ee94e7d7a
(118)   [eap] = handled
(118)  } #  authenticate = handled
(118) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=136, length=0
(118) 	EAP-Message = 0x019103ec15c000000702160301004a020000460301609b2f5e560fd45dcd8e9661bcd372e9f0cd2e3642302ed22768576b0b2e485e20847ee0b64eb28de81765eef2cca0922f58d6937a67fff7bb4ea1878aae55e57f00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(118) 	Message-Authenticator = 0x00000000000000000000000000000000
(118) 	State = 0xe8df682ee94e7d7aa2e41343dc80ec4d
Sending Access-Challenge Id 136 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019103ec15c000000702160301004a020000460301609b2f5e560fd45dcd8e9661bcd372e9f0cd2e3642302ed22768576b0b2e485e20847ee0b64eb28de81765eef2cca0922f58d6937a67fff7bb4ea1878aae55e57f00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xe8df682ee94e7d7aa2e41343dc80ec4d
(118) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 137 from 192.168.99.123:49286 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0x58266fbf7554fcf5179c968269aa531e
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x029100061500
	State = 0xe8df682ee94e7d7aa2e41343dc80ec4d
(119) Received Access-Request packet from host 192.168.99.123 port 49286, id=137, length=86
(119) 	Message-Authenticator = 0x58266fbf7554fcf5179c968269aa531e
(119) 	NAS-Identifier = 'BS'
(119) 	User-Name = 'CPE8@siemens.com'
(119) 	EAP-Message = 0x029100061500
(119) 	State = 0xe8df682ee94e7d7aa2e41343dc80ec4d
(119) # Executing section authorize from file /etc/raddb/sites-enabled/default
(119)   authorize {
(119)   filter_username filter_username {
(119)     if (!&User-Name) 
(119)     if (!&User-Name)  -> FALSE
(119)     if (&User-Name =~ / /) 
(119)     if (&User-Name =~ / /)  -> FALSE
(119)     if (&User-Name =~ /@.*@/ ) 
(119)     if (&User-Name =~ /@.*@/ )  -> FALSE
(119)     if (&User-Name =~ /\\.\\./ ) 
(119)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(119)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(119)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(119)     if (&User-Name =~ /\\.$/)  
(119)     if (&User-Name =~ /\\.$/)   -> FALSE
(119)     if (&User-Name =~ /@\\./)  
(119)     if (&User-Name =~ /@\\./)   -> FALSE
(119)   } # filter_username filter_username = notfound
(119)   [preprocess] = ok
(119)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(119)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(119)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(119)  auth_log : EXPAND %t
(119)  auth_log :    --> Wed Feb 14 20:05:02 2018
(119)   [auth_log] = ok
(119)   [chap] = noop
(119)   [mschap] = noop
(119)   [digest] = noop
(119)   [wimax] = noop
(119)  suffix : Checking for suffix after "@"
(119)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(119)  suffix : No such realm "siemens.com"
(119)   [suffix] = noop
(119)  eap : Peer sent code Response (2) ID 145 length 6
(119)  eap : Continuing tunnel setup
(119)   [eap] = ok
(119)  } #  authorize = ok
(119) Found Auth-Type = EAP
(119) # Executing group from file /etc/raddb/sites-enabled/default
(119)   authenticate {
(119)  eap : Expiring EAP session with state 0x34b58d2c37779811
(119)  eap : Finished EAP session with state 0xe8df682ee94e7d7a
(119)  eap : Previous EAP request found for state 0xe8df682ee94e7d7a, released from the list
(119)  eap : Peer sent method TTLS (21)
(119)  eap : EAP TTLS (21)
(119)  eap : Calling eap_ttls to process EAP data
(119)  eap_ttls : Authenticate
(119)  eap_ttls : processing EAP-TLS
(119)  eap_ttls : Received TLS ACK
(119)  eap_ttls : Received TLS ACK
(119)  eap_ttls : ACK handshake fragment handler
(119)  eap_ttls : eaptls_verify returned 1 
(119)  eap_ttls : eaptls_process returned 13 
(119)  eap : New EAP session, adding 'State' attribute to reply 0xe8df682eea4d7d7a
(119)   [eap] = handled
(119)  } #  authenticate = handled
(119) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=137, length=0
(119) 	EAP-Message = 0x0192032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(119) 	Message-Authenticator = 0x00000000000000000000000000000000
(119) 	State = 0xe8df682eea4d7d7aa2e41343dc80ec4d
Sending Access-Challenge Id 137 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x0192032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xe8df682eea4d7d7aa2e41343dc80ec4d
(119) Finished request
Waking up in 0.2 seconds.
Waking up in 0.1 seconds.
(111) Cleaning up request packet ID 112 with timestamp +102
Waking up in 1.6 seconds.
Received Access-Request Id 138 from 192.168.99.123:49286 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0xa1154c8a0da56348fb8828c1ac563746
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x029000150143504539407369656d656e732e636f6d
(120) Received Access-Request packet from host 192.168.99.123 port 49286, id=138, length=83
(120) 	Message-Authenticator = 0xa1154c8a0da56348fb8828c1ac563746
(120) 	NAS-Identifier = 'BS'
(120) 	User-Name = 'CPE9@siemens.com'
(120) 	EAP-Message = 0x029000150143504539407369656d656e732e636f6d
(120) # Executing section authorize from file /etc/raddb/sites-enabled/default
(120)   authorize {
(120)   filter_username filter_username {
(120)     if (!&User-Name) 
(120)     if (!&User-Name)  -> FALSE
(120)     if (&User-Name =~ / /) 
(120)     if (&User-Name =~ / /)  -> FALSE
(120)     if (&User-Name =~ /@.*@/ ) 
(120)     if (&User-Name =~ /@.*@/ )  -> FALSE
(120)     if (&User-Name =~ /\\.\\./ ) 
(120)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(120)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(120)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(120)     if (&User-Name =~ /\\.$/)  
(120)     if (&User-Name =~ /\\.$/)   -> FALSE
(120)     if (&User-Name =~ /@\\./)  
(120)     if (&User-Name =~ /@\\./)   -> FALSE
(120)   } # filter_username filter_username = notfound
(120)   [preprocess] = ok
(120)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(120)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(120)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(120)  auth_log : EXPAND %t
(120)  auth_log :    --> Wed Feb 14 20:05:03 2018
(120)   [auth_log] = ok
(120)   [chap] = noop
(120)   [mschap] = noop
(120)   [digest] = noop
(120)   [wimax] = noop
(120)  suffix : Checking for suffix after "@"
(120)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(120)  suffix : No such realm "siemens.com"
(120)   [suffix] = noop
(120)  eap : Peer sent code Response (2) ID 144 length 21
(120)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(120)   [eap] = ok
(120)  } #  authorize = ok
(120) Found Auth-Type = EAP
(120) # Executing group from file /etc/raddb/sites-enabled/default
(120)   authenticate {
(120)  eap : Peer sent method Identity (1)
(120)  eap : Calling eap_ttls to process EAP data
(120)  eap_ttls : Initiate
(120)  eap_ttls : Start returned 1
(120)  eap : New EAP session, adding 'State' attribute to reply 0xab500cc8abc119e2
(120)   [eap] = handled
(120)  } #  authenticate = handled
(120) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=138, length=0
(120) 	EAP-Message = 0x019100061520
(120) 	Message-Authenticator = 0x00000000000000000000000000000000
(120) 	State = 0xab500cc8abc119e2f4500992f57ca398
Sending Access-Challenge Id 138 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019100061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xab500cc8abc119e2f4500992f57ca398
(120) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 139 from 192.168.99.123:49286 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x6b86b0fb2279274831bd001a55185b09
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x0291006a158000000060160301005b01000057030154ab17cda1093305b5748d064943dfc0ae4519d114914eeb8a5c552883a3195f00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0xab500cc8abc119e2f4500992f57ca398
(121) Received Access-Request packet from host 192.168.99.123 port 49286, id=139, length=186
(121) 	Message-Authenticator = 0x6b86b0fb2279274831bd001a55185b09
(121) 	NAS-Identifier = 'BS'
(121) 	User-Name = 'CPE9@siemens.com'
(121) 	EAP-Message = 0x0291006a158000000060160301005b01000057030154ab17cda1093305b5748d064943dfc0ae4519d114914eeb8a5c552883a3195f00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(121) 	State = 0xab500cc8abc119e2f4500992f57ca398
(121) # Executing section authorize from file /etc/raddb/sites-enabled/default
(121)   authorize {
(121)   filter_username filter_username {
(121)     if (!&User-Name) 
(121)     if (!&User-Name)  -> FALSE
(121)     if (&User-Name =~ / /) 
(121)     if (&User-Name =~ / /)  -> FALSE
(121)     if (&User-Name =~ /@.*@/ ) 
(121)     if (&User-Name =~ /@.*@/ )  -> FALSE
(121)     if (&User-Name =~ /\\.\\./ ) 
(121)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(121)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(121)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(121)     if (&User-Name =~ /\\.$/)  
(121)     if (&User-Name =~ /\\.$/)   -> FALSE
(121)     if (&User-Name =~ /@\\./)  
(121)     if (&User-Name =~ /@\\./)   -> FALSE
(121)   } # filter_username filter_username = notfound
(121)   [preprocess] = ok
(121)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(121)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(121)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(121)  auth_log : EXPAND %t
(121)  auth_log :    --> Wed Feb 14 20:05:04 2018
(121)   [auth_log] = ok
(121)   [chap] = noop
(121)   [mschap] = noop
(121)   [digest] = noop
(121)   [wimax] = noop
(121)  suffix : Checking for suffix after "@"
(121)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(121)  suffix : No such realm "siemens.com"
(121)   [suffix] = noop
(121)  eap : Peer sent code Response (2) ID 145 length 106
(121)  eap : Continuing tunnel setup
(121)   [eap] = ok
(121)  } #  authorize = ok
(121) Found Auth-Type = EAP
(121) # Executing group from file /etc/raddb/sites-enabled/default
(121)   authenticate {
(121)  eap : Expiring EAP session with state 0x34b58d2c37779811
(121)  eap : Finished EAP session with state 0xab500cc8abc119e2
(121)  eap : Previous EAP request found for state 0xab500cc8abc119e2, released from the list
(121)  eap : Peer sent method TTLS (21)
(121)  eap : EAP TTLS (21)
(121)  eap : Calling eap_ttls to process EAP data
(121)  eap_ttls : Authenticate
(121)  eap_ttls : processing EAP-TLS
  TLS Length 96
(121)  eap_ttls : Length Included
(121)  eap_ttls : eaptls_verify returned 11 
(121)  eap_ttls : (other): before/accept initialization
(121)  eap_ttls : TLS_accept: before/accept initialization
(121)  eap_ttls : <<< Unknown TLS version [length 0005] 
(121)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(121)  eap_ttls : TLS_accept: SSLv3 read client hello A
(121)  eap_ttls : >>> Unknown TLS version [length 0005] 
(121)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(121)  eap_ttls : TLS_accept: SSLv3 write server hello A
(121)  eap_ttls : >>> Unknown TLS version [length 0005] 
(121)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(121)  eap_ttls : TLS_accept: SSLv3 write certificate A
(121)  eap_ttls : >>> Unknown TLS version [length 0005] 
(121)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(121)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(121)  eap_ttls : >>> Unknown TLS version [length 0005] 
(121)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(121)  eap_ttls : TLS_accept: SSLv3 write server done A
(121)  eap_ttls : TLS_accept: SSLv3 flush data
(121)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(121)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(121)  eap_ttls : eaptls_process returned 13 
(121)  eap : New EAP session, adding 'State' attribute to reply 0xab500cc8aac219e2
(121)   [eap] = handled
(121)  } #  authenticate = handled
(121) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=139, length=0
(121) 	EAP-Message = 0x019203ec15c000000702160301004a0200004603019f9d2736a21cadaafb93368c27b1279bea8edff562fb72f686dc7a3e4a233c6220d358ea3bdff4460a08684aaed729c46da4a3e360604d652a631e83b02456fc9200390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(121) 	Message-Authenticator = 0x00000000000000000000000000000000
(121) 	State = 0xab500cc8aac219e2f4500992f57ca398
Sending Access-Challenge Id 139 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019203ec15c000000702160301004a0200004603019f9d2736a21cadaafb93368c27b1279bea8edff562fb72f686dc7a3e4a233c6220d358ea3bdff4460a08684aaed729c46da4a3e360604d652a631e83b02456fc9200390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xab500cc8aac219e2f4500992f57ca398
(121) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 140 from 192.168.99.123:49286 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0xe5d218da043908b7841febc3c3f1b4be
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x029200061500
	State = 0xab500cc8aac219e2f4500992f57ca398
(122) Received Access-Request packet from host 192.168.99.123 port 49286, id=140, length=86
(122) 	Message-Authenticator = 0xe5d218da043908b7841febc3c3f1b4be
(122) 	NAS-Identifier = 'BS'
(122) 	User-Name = 'CPE9@siemens.com'
(122) 	EAP-Message = 0x029200061500
(122) 	State = 0xab500cc8aac219e2f4500992f57ca398
(122) # Executing section authorize from file /etc/raddb/sites-enabled/default
(122)   authorize {
(122)   filter_username filter_username {
(122)     if (!&User-Name) 
(122)     if (!&User-Name)  -> FALSE
(122)     if (&User-Name =~ / /) 
(122)     if (&User-Name =~ / /)  -> FALSE
(122)     if (&User-Name =~ /@.*@/ ) 
(122)     if (&User-Name =~ /@.*@/ )  -> FALSE
(122)     if (&User-Name =~ /\\.\\./ ) 
(122)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(122)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(122)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(122)     if (&User-Name =~ /\\.$/)  
(122)     if (&User-Name =~ /\\.$/)   -> FALSE
(122)     if (&User-Name =~ /@\\./)  
(122)     if (&User-Name =~ /@\\./)   -> FALSE
(122)   } # filter_username filter_username = notfound
(122)   [preprocess] = ok
(122)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(122)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(122)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(122)  auth_log : EXPAND %t
(122)  auth_log :    --> Wed Feb 14 20:05:04 2018
(122)   [auth_log] = ok
(122)   [chap] = noop
(122)   [mschap] = noop
(122)   [digest] = noop
(122)   [wimax] = noop
(122)  suffix : Checking for suffix after "@"
(122)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(122)  suffix : No such realm "siemens.com"
(122)   [suffix] = noop
(122)  eap : Peer sent code Response (2) ID 146 length 6
(122)  eap : Continuing tunnel setup
(122)   [eap] = ok
(122)  } #  authorize = ok
(122) Found Auth-Type = EAP
(122) # Executing group from file /etc/raddb/sites-enabled/default
(122)   authenticate {
(122)  eap : Expiring EAP session with state 0x34b58d2c37779811
(122)  eap : Finished EAP session with state 0xab500cc8aac219e2
(122)  eap : Previous EAP request found for state 0xab500cc8aac219e2, released from the list
(122)  eap : Peer sent method TTLS (21)
(122)  eap : EAP TTLS (21)
(122)  eap : Calling eap_ttls to process EAP data
(122)  eap_ttls : Authenticate
(122)  eap_ttls : processing EAP-TLS
(122)  eap_ttls : Received TLS ACK
(122)  eap_ttls : Received TLS ACK
(122)  eap_ttls : ACK handshake fragment handler
(122)  eap_ttls : eaptls_verify returned 1 
(122)  eap_ttls : eaptls_process returned 13 
(122)  eap : New EAP session, adding 'State' attribute to reply 0xab500cc8a9c319e2
(122)   [eap] = handled
(122)  } #  authenticate = handled
(122) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=140, length=0
(122) 	EAP-Message = 0x0193032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(122) 	Message-Authenticator = 0x00000000000000000000000000000000
(122) 	State = 0xab500cc8a9c319e2f4500992f57ca398
Sending Access-Challenge Id 140 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x0193032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xab500cc8a9c319e2f4500992f57ca398
(122) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 1 from 192.168.99.123:49286 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(123) Received Access-Request packet from host 192.168.99.123 port 49286, id=1, length=49
(123) 	NAS-Identifier = 'BS'
(123) 	User-Name = 'dummy'
(123) 	User-Password = '*PASSWORD*'
(123) # Executing section authorize from file /etc/raddb/sites-enabled/default
(123)   authorize {
(123)   filter_username filter_username {
(123)     if (!&User-Name) 
(123)     if (!&User-Name)  -> FALSE
(123)     if (&User-Name =~ / /) 
(123)     if (&User-Name =~ / /)  -> FALSE
(123)     if (&User-Name =~ /@.*@/ ) 
(123)     if (&User-Name =~ /@.*@/ )  -> FALSE
(123)     if (&User-Name =~ /\\.\\./ ) 
(123)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(123)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(123)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(123)     if (&User-Name =~ /\\.$/)  
(123)     if (&User-Name =~ /\\.$/)   -> FALSE
(123)     if (&User-Name =~ /@\\./)  
(123)     if (&User-Name =~ /@\\./)   -> FALSE
(123)   } # filter_username filter_username = notfound
(123)   [preprocess] = ok
(123)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(123)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(123)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(123)  auth_log : EXPAND %t
(123)  auth_log :    --> Wed Feb 14 20:05:04 2018
(123)   [auth_log] = ok
(123)   [chap] = noop
(123)   [mschap] = noop
(123)   [digest] = noop
(123)   [wimax] = noop
(123)  suffix : Checking for suffix after "@"
(123)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(123)  suffix : No such realm "NULL"
(123)   [suffix] = noop
(123)  eap : No EAP-Message, not doing EAP
(123)   [eap] = noop
(123)  files : users: Matched entry dummy at line 159
(123)   [files] = ok
(123)   [expiration] = noop
(123)   [logintime] = noop
(123)   [pap] = updated
(123)  } #  authorize = updated
(123) Found Auth-Type = PAP
(123) # Executing group from file /etc/raddb/sites-enabled/default
(123)  Auth-Type PAP {
(123)  pap : Login attempt with password
(123)  pap : User authenticated successfully
(123)   [pap] = ok
(123)  } # Auth-Type PAP = ok
(123) Login OK: [dummy] (from client BS3 port 0)
(123) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(123)   post-auth {
(123)   [exec] = noop
(123)   update reply {
(123) 	Session-Timeout := 1800
(123)   } # update reply = noop
(123)   remove_reply_message_if_eap remove_reply_message_if_eap {
(123)     if (&reply:EAP-Message && &reply:Reply-Message) 
(123)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(123)    else else {
(123)     [noop] = noop
(123)    } # else else = noop
(123)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(123)  } #  post-auth = noop
(123) Sending Access-Accept packet to host 192.168.99.123 port 49286, id=1, length=0
(123) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.123:49286
	Session-Timeout := 1800
(123) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 154 from 192.168.99.121:49210 to 192.168.99.101:1812 length 85
	Message-Authenticator = 0xd8a0be50a4912654c998384ad4549dd4
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c20016014350453131407369656d656e732e636f6d
(124) Received Access-Request packet from host 192.168.99.121 port 49210, id=154, length=85
(124) 	Message-Authenticator = 0xd8a0be50a4912654c998384ad4549dd4
(124) 	NAS-Identifier = 'BS'
(124) 	User-Name = 'CPE11@siemens.com'
(124) 	EAP-Message = 0x02c20016014350453131407369656d656e732e636f6d
(124) # Executing section authorize from file /etc/raddb/sites-enabled/default
(124)   authorize {
(124)   filter_username filter_username {
(124)     if (!&User-Name) 
(124)     if (!&User-Name)  -> FALSE
(124)     if (&User-Name =~ / /) 
(124)     if (&User-Name =~ / /)  -> FALSE
(124)     if (&User-Name =~ /@.*@/ ) 
(124)     if (&User-Name =~ /@.*@/ )  -> FALSE
(124)     if (&User-Name =~ /\\.\\./ ) 
(124)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(124)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(124)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(124)     if (&User-Name =~ /\\.$/)  
(124)     if (&User-Name =~ /\\.$/)   -> FALSE
(124)     if (&User-Name =~ /@\\./)  
(124)     if (&User-Name =~ /@\\./)   -> FALSE
(124)   } # filter_username filter_username = notfound
(124)   [preprocess] = ok
(124)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(124)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(124)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(124)  auth_log : EXPAND %t
(124)  auth_log :    --> Wed Feb 14 20:05:04 2018
(124)   [auth_log] = ok
(124)   [chap] = noop
(124)   [mschap] = noop
(124)   [digest] = noop
(124)   [wimax] = noop
(124)  suffix : Checking for suffix after "@"
(124)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(124)  suffix : No such realm "siemens.com"
(124)   [suffix] = noop
(124)  eap : Peer sent code Response (2) ID 194 length 22
(124)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(124)   [eap] = ok
(124)  } #  authorize = ok
(124) Found Auth-Type = EAP
(124) # Executing group from file /etc/raddb/sites-enabled/default
(124)   authenticate {
(124)  eap : Peer sent method Identity (1)
(124)  eap : Calling eap_ttls to process EAP data
(124)  eap_ttls : Initiate
(124)  eap_ttls : Start returned 1
(124)  eap : New EAP session, adding 'State' attribute to reply 0x04bae4030479f171
(124)   [eap] = handled
(124)  } #  authenticate = handled
(124) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=154, length=0
(124) 	EAP-Message = 0x01c300061520
(124) 	Message-Authenticator = 0x00000000000000000000000000000000
(124) 	State = 0x04bae4030479f171f2e5fb89d067c7e6
Sending Access-Challenge Id 154 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c300061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x04bae4030479f171f2e5fb89d067c7e6
(124) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 1 from 192.168.99.124:49285 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(125) Received Access-Request packet from host 192.168.99.124 port 49285, id=1, length=49
(125) 	NAS-Identifier = 'BS'
(125) 	User-Name = 'dummy'
(125) 	User-Password = '*PASSWORD*'
(125) # Executing section authorize from file /etc/raddb/sites-enabled/default
(125)   authorize {
(125)   filter_username filter_username {
(125)     if (!&User-Name) 
(125)     if (!&User-Name)  -> FALSE
(125)     if (&User-Name =~ / /) 
(125)     if (&User-Name =~ / /)  -> FALSE
(125)     if (&User-Name =~ /@.*@/ ) 
(125)     if (&User-Name =~ /@.*@/ )  -> FALSE
(125)     if (&User-Name =~ /\\.\\./ ) 
(125)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(125)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(125)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(125)     if (&User-Name =~ /\\.$/)  
(125)     if (&User-Name =~ /\\.$/)   -> FALSE
(125)     if (&User-Name =~ /@\\./)  
(125)     if (&User-Name =~ /@\\./)   -> FALSE
(125)   } # filter_username filter_username = notfound
(125)   [preprocess] = ok
(125)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(125)  auth_log :    --> /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(125)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(125)  auth_log : EXPAND %t
(125)  auth_log :    --> Wed Feb 14 20:05:04 2018
(125)   [auth_log] = ok
(125)   [chap] = noop
(125)   [mschap] = noop
(125)   [digest] = noop
(125)   [wimax] = noop
(125)  suffix : Checking for suffix after "@"
(125)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(125)  suffix : No such realm "NULL"
(125)   [suffix] = noop
(125)  eap : No EAP-Message, not doing EAP
(125)   [eap] = noop
(125)  files : users: Matched entry dummy at line 159
(125)   [files] = ok
(125)   [expiration] = noop
(125)   [logintime] = noop
(125)   [pap] = updated
(125)  } #  authorize = updated
(125) Found Auth-Type = PAP
(125) # Executing group from file /etc/raddb/sites-enabled/default
(125)  Auth-Type PAP {
(125)  pap : Login attempt with password
(125)  pap : User authenticated successfully
(125)   [pap] = ok
(125)  } # Auth-Type PAP = ok
(125) Login OK: [dummy] (from client BS4 port 0)
(125) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(125)   post-auth {
(125)   [exec] = noop
(125)   update reply {
(125) 	Session-Timeout := 1800
(125)   } # update reply = noop
(125)   remove_reply_message_if_eap remove_reply_message_if_eap {
(125)     if (&reply:EAP-Message && &reply:Reply-Message) 
(125)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(125)    else else {
(125)     [noop] = noop
(125)    } # else else = noop
(125)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(125)  } #  post-auth = noop
(125) Sending Access-Accept packet to host 192.168.99.124 port 49285, id=1, length=0
(125) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.124:49285
	Session-Timeout := 1800
(125) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 155 from 192.168.99.121:49210 to 192.168.99.101:1812 length 187
	Message-Authenticator = 0xdcbe2b011cf1bd03a2ca13fa4436c845
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c3006a158000000060160301005b01000057030154a4b49fb850ef87e577bdc333a3f15214b075a499ed10ebd428ede8620ba9f300003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x04bae4030479f171f2e5fb89d067c7e6
(126) Received Access-Request packet from host 192.168.99.121 port 49210, id=155, length=187
(126) 	Message-Authenticator = 0xdcbe2b011cf1bd03a2ca13fa4436c845
(126) 	NAS-Identifier = 'BS'
(126) 	User-Name = 'CPE11@siemens.com'
(126) 	EAP-Message = 0x02c3006a158000000060160301005b01000057030154a4b49fb850ef87e577bdc333a3f15214b075a499ed10ebd428ede8620ba9f300003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(126) 	State = 0x04bae4030479f171f2e5fb89d067c7e6
(126) # Executing section authorize from file /etc/raddb/sites-enabled/default
(126)   authorize {
(126)   filter_username filter_username {
(126)     if (!&User-Name) 
(126)     if (!&User-Name)  -> FALSE
(126)     if (&User-Name =~ / /) 
(126)     if (&User-Name =~ / /)  -> FALSE
(126)     if (&User-Name =~ /@.*@/ ) 
(126)     if (&User-Name =~ /@.*@/ )  -> FALSE
(126)     if (&User-Name =~ /\\.\\./ ) 
(126)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(126)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(126)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(126)     if (&User-Name =~ /\\.$/)  
(126)     if (&User-Name =~ /\\.$/)   -> FALSE
(126)     if (&User-Name =~ /@\\./)  
(126)     if (&User-Name =~ /@\\./)   -> FALSE
(126)   } # filter_username filter_username = notfound
(126)   [preprocess] = ok
(126)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(126)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(126)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(126)  auth_log : EXPAND %t
(126)  auth_log :    --> Wed Feb 14 20:05:04 2018
(126)   [auth_log] = ok
(126)   [chap] = noop
(126)   [mschap] = noop
(126)   [digest] = noop
(126)   [wimax] = noop
(126)  suffix : Checking for suffix after "@"
(126)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(126)  suffix : No such realm "siemens.com"
(126)   [suffix] = noop
(126)  eap : Peer sent code Response (2) ID 195 length 106
(126)  eap : Continuing tunnel setup
(126)   [eap] = ok
(126)  } #  authorize = ok
(126) Found Auth-Type = EAP
(126) # Executing group from file /etc/raddb/sites-enabled/default
(126)   authenticate {
(126)  eap : Expiring EAP session with state 0x34b58d2c37779811
(126)  eap : Finished EAP session with state 0x04bae4030479f171
(126)  eap : Previous EAP request found for state 0x04bae4030479f171, released from the list
(126)  eap : Peer sent method TTLS (21)
(126)  eap : EAP TTLS (21)
(126)  eap : Calling eap_ttls to process EAP data
(126)  eap_ttls : Authenticate
(126)  eap_ttls : processing EAP-TLS
  TLS Length 96
(126)  eap_ttls : Length Included
(126)  eap_ttls : eaptls_verify returned 11 
(126)  eap_ttls : (other): before/accept initialization
(126)  eap_ttls : TLS_accept: before/accept initialization
(126)  eap_ttls : <<< Unknown TLS version [length 0005] 
(126)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(126)  eap_ttls : TLS_accept: SSLv3 read client hello A
(126)  eap_ttls : >>> Unknown TLS version [length 0005] 
(126)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(126)  eap_ttls : TLS_accept: SSLv3 write server hello A
(126)  eap_ttls : >>> Unknown TLS version [length 0005] 
(126)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(126)  eap_ttls : TLS_accept: SSLv3 write certificate A
(126)  eap_ttls : >>> Unknown TLS version [length 0005] 
(126)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(126)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(126)  eap_ttls : >>> Unknown TLS version [length 0005] 
(126)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(126)  eap_ttls : TLS_accept: SSLv3 write server done A
(126)  eap_ttls : TLS_accept: SSLv3 flush data
(126)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(126)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(126)  eap_ttls : eaptls_process returned 13 
(126)  eap : New EAP session, adding 'State' attribute to reply 0x04bae403057ef171
(126)   [eap] = handled
(126)  } #  authenticate = handled
(126) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=155, length=0
(126) 	EAP-Message = 0x01c403ec15c000000702160301004a0200004603018c4b7ca391841f0aa2e3d472fa657b2a877a274b88c21b68a3bfeebed91a1a3d206e648bb0fd8950c7df4f0c60d2d0588c23aac28b16643690e0fa4094ec13109300390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(126) 	Message-Authenticator = 0x00000000000000000000000000000000
(126) 	State = 0x04bae403057ef171f2e5fb89d067c7e6
Sending Access-Challenge Id 155 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c403ec15c000000702160301004a0200004603018c4b7ca391841f0aa2e3d472fa657b2a877a274b88c21b68a3bfeebed91a1a3d206e648bb0fd8950c7df4f0c60d2d0588c23aac28b16643690e0fa4094ec13109300390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x04bae403057ef171f2e5fb89d067c7e6
(126) Finished request
Received Access-Request Id 156 from 192.168.99.121:49210 to 192.168.99.101:1812 length 87
	Message-Authenticator = 0x9006bddcab84bdfa6702094ba9af22a1
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c400061500
	State = 0x04bae403057ef171f2e5fb89d067c7e6
(127) Received Access-Request packet from host 192.168.99.121 port 49210, id=156, length=87
(127) 	Message-Authenticator = 0x9006bddcab84bdfa6702094ba9af22a1
(127) 	NAS-Identifier = 'BS'
(127) 	User-Name = 'CPE11@siemens.com'
(127) 	EAP-Message = 0x02c400061500
(127) 	State = 0x04bae403057ef171f2e5fb89d067c7e6
(127) # Executing section authorize from file /etc/raddb/sites-enabled/default
(127)   authorize {
(127)   filter_username filter_username {
(127)     if (!&User-Name) 
(127)     if (!&User-Name)  -> FALSE
(127)     if (&User-Name =~ / /) 
(127)     if (&User-Name =~ / /)  -> FALSE
(127)     if (&User-Name =~ /@.*@/ ) 
(127)     if (&User-Name =~ /@.*@/ )  -> FALSE
(127)     if (&User-Name =~ /\\.\\./ ) 
(127)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(127)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(127)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(127)     if (&User-Name =~ /\\.$/)  
(127)     if (&User-Name =~ /\\.$/)   -> FALSE
(127)     if (&User-Name =~ /@\\./)  
(127)     if (&User-Name =~ /@\\./)   -> FALSE
(127)   } # filter_username filter_username = notfound
(127)   [preprocess] = ok
(127)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(127)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(127)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(127)  auth_log : EXPAND %t
(127)  auth_log :    --> Wed Feb 14 20:05:04 2018
(127)   [auth_log] = ok
(127)   [chap] = noop
(127)   [mschap] = noop
(127)   [digest] = noop
(127)   [wimax] = noop
(127)  suffix : Checking for suffix after "@"
(127)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(127)  suffix : No such realm "siemens.com"
(127)   [suffix] = noop
(127)  eap : Peer sent code Response (2) ID 196 length 6
(127)  eap : Continuing tunnel setup
(127)   [eap] = ok
(127)  } #  authorize = ok
(127) Found Auth-Type = EAP
(127) # Executing group from file /etc/raddb/sites-enabled/default
(127)   authenticate {
(127)  eap : Expiring EAP session with state 0x34b58d2c37779811
(127)  eap : Finished EAP session with state 0x04bae403057ef171
(127)  eap : Previous EAP request found for state 0x04bae403057ef171, released from the list
(127)  eap : Peer sent method TTLS (21)
(127)  eap : EAP TTLS (21)
(127)  eap : Calling eap_ttls to process EAP data
(127)  eap_ttls : Authenticate
(127)  eap_ttls : processing EAP-TLS
(127)  eap_ttls : Received TLS ACK
(127)  eap_ttls : Received TLS ACK
(127)  eap_ttls : ACK handshake fragment handler
(127)  eap_ttls : eaptls_verify returned 1 
(127)  eap_ttls : eaptls_process returned 13 
(127)  eap : New EAP session, adding 'State' attribute to reply 0x04bae403067ff171
(127)   [eap] = handled
(127)  } #  authenticate = handled
(127) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=156, length=0
(127) 	EAP-Message = 0x01c5032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(127) 	Message-Authenticator = 0x00000000000000000000000000000000
(127) 	State = 0x04bae403067ff171f2e5fb89d067c7e6
Sending Access-Challenge Id 156 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c5032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x04bae403067ff171f2e5fb89d067c7e6
(127) Finished request
Received Access-Request Id 1 from 192.168.99.122:49321 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(128) Received Access-Request packet from host 192.168.99.122 port 49321, id=1, length=49
(128) 	NAS-Identifier = 'BS'
(128) 	User-Name = 'dummy'
(128) 	User-Password = '*PASSWORD*'
(128) # Executing section authorize from file /etc/raddb/sites-enabled/default
(128)   authorize {
(128)   filter_username filter_username {
(128)     if (!&User-Name) 
(128)     if (!&User-Name)  -> FALSE
(128)     if (&User-Name =~ / /) 
(128)     if (&User-Name =~ / /)  -> FALSE
(128)     if (&User-Name =~ /@.*@/ ) 
(128)     if (&User-Name =~ /@.*@/ )  -> FALSE
(128)     if (&User-Name =~ /\\.\\./ ) 
(128)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(128)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(128)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(128)     if (&User-Name =~ /\\.$/)  
(128)     if (&User-Name =~ /\\.$/)   -> FALSE
(128)     if (&User-Name =~ /@\\./)  
(128)     if (&User-Name =~ /@\\./)   -> FALSE
(128)   } # filter_username filter_username = notfound
(128)   [preprocess] = ok
(128)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(128)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(128)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(128)  auth_log : EXPAND %t
(128)  auth_log :    --> Wed Feb 14 20:05:04 2018
(128)   [auth_log] = ok
(128)   [chap] = noop
(128)   [mschap] = noop
(128)   [digest] = noop
(128)   [wimax] = noop
(128)  suffix : Checking for suffix after "@"
(128)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(128)  suffix : No such realm "NULL"
(128)   [suffix] = noop
(128)  eap : No EAP-Message, not doing EAP
(128)   [eap] = noop
(128)  files : users: Matched entry dummy at line 159
(128)   [files] = ok
(128)   [expiration] = noop
(128)   [logintime] = noop
(128)   [pap] = updated
(128)  } #  authorize = updated
(128) Found Auth-Type = PAP
(128) # Executing group from file /etc/raddb/sites-enabled/default
(128)  Auth-Type PAP {
(128)  pap : Login attempt with password
(128)  pap : User authenticated successfully
(128)   [pap] = ok
(128)  } # Auth-Type PAP = ok
(128) Login OK: [dummy] (from client BS2 port 0)
(128) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(128)   post-auth {
(128)   [exec] = noop
(128)   update reply {
(128) 	Session-Timeout := 1800
(128)   } # update reply = noop
(128)   remove_reply_message_if_eap remove_reply_message_if_eap {
(128)     if (&reply:EAP-Message && &reply:Reply-Message) 
(128)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(128)    else else {
(128)     [noop] = noop
(128)    } # else else = noop
(128)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(128)  } #  post-auth = noop
(128) Sending Access-Accept packet to host 192.168.99.122 port 49321, id=1, length=0
(128) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.122:49321
	Session-Timeout := 1800
(128) Finished request
Waking up in 0.1 seconds.
(112) Cleaning up request packet ID 113 with timestamp +103
(113) Cleaning up request packet ID 114 with timestamp +103
(114) Cleaning up request packet ID 115 with timestamp +103
Waking up in 0.3 seconds.
Received Access-Request Id 141 from 192.168.99.123:49286 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0xb65f3cea101c82aaba283dcd110dc891
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x029200d01580000000c616030100861000008200808f9a3bb23bd29677dd706c38f071fb48e3e6aa6b20a8268442337e9c2b807863a168847f72e16cde0b863d77c8d602351913a9f265525ffb23bf24cf5d671b1e394d45ed6c3feed4dbe524969f77214945e150224019f67a5f8eb88eeb8bf91cd1ba23c8f9188621c80a6c5661789abcfbdfbb50e549b678065a339681eb18b5140301000101160301003059c404f1e06b4a66c2200ce7e24c960668fcb6d9be1942fcd265c43ce847417fa3950de626eca08b9e62b20d7ee5f23d
	State = 0xe8df682eea4d7d7aa2e41343dc80ec4d
(129) Received Access-Request packet from host 192.168.99.123 port 49286, id=141, length=288
(129) 	Message-Authenticator = 0xb65f3cea101c82aaba283dcd110dc891
(129) 	NAS-Identifier = 'BS'
(129) 	User-Name = 'CPE8@siemens.com'
(129) 	EAP-Message = 0x029200d01580000000c616030100861000008200808f9a3bb23bd29677dd706c38f071fb48e3e6aa6b20a8268442337e9c2b807863a168847f72e16cde0b863d77c8d602351913a9f265525ffb23bf24cf5d671b1e394d45ed6c3feed4dbe524969f77214945e150224019f67a5f8eb88eeb8bf91cd1ba23c8f9188621c80a6c5661789abcfbdfbb50e549b678065a339681eb18b5140301000101160301003059c404f1e06b4a66c2200ce7e24c960668fcb6d9be1942fcd265c43ce847417fa3950de626eca08b9e62b20d7ee5f23d
(129) 	State = 0xe8df682eea4d7d7aa2e41343dc80ec4d
(129) # Executing section authorize from file /etc/raddb/sites-enabled/default
(129)   authorize {
(129)   filter_username filter_username {
(129)     if (!&User-Name) 
(129)     if (!&User-Name)  -> FALSE
(129)     if (&User-Name =~ / /) 
(129)     if (&User-Name =~ / /)  -> FALSE
(129)     if (&User-Name =~ /@.*@/ ) 
(129)     if (&User-Name =~ /@.*@/ )  -> FALSE
(129)     if (&User-Name =~ /\\.\\./ ) 
(129)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(129)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(129)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(129)     if (&User-Name =~ /\\.$/)  
(129)     if (&User-Name =~ /\\.$/)   -> FALSE
(129)     if (&User-Name =~ /@\\./)  
(129)     if (&User-Name =~ /@\\./)   -> FALSE
(129)   } # filter_username filter_username = notfound
(129)   [preprocess] = ok
(129)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(129)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(129)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(129)  auth_log : EXPAND %t
(129)  auth_log :    --> Wed Feb 14 20:05:05 2018
(129)   [auth_log] = ok
(129)   [chap] = noop
(129)   [mschap] = noop
(129)   [digest] = noop
(129)   [wimax] = noop
(129)  suffix : Checking for suffix after "@"
(129)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(129)  suffix : No such realm "siemens.com"
(129)   [suffix] = noop
(129)  eap : Peer sent code Response (2) ID 146 length 208
(129)  eap : Continuing tunnel setup
(129)   [eap] = ok
(129)  } #  authorize = ok
(129) Found Auth-Type = EAP
(129) # Executing group from file /etc/raddb/sites-enabled/default
(129)   authenticate {
(129)  eap : Expiring EAP session with state 0x34b58d2c37779811
(129)  eap : Finished EAP session with state 0xe8df682eea4d7d7a
(129)  eap : Previous EAP request found for state 0xe8df682eea4d7d7a, released from the list
(129)  eap : Peer sent method TTLS (21)
(129)  eap : EAP TTLS (21)
(129)  eap : Calling eap_ttls to process EAP data
(129)  eap_ttls : Authenticate
(129)  eap_ttls : processing EAP-TLS
  TLS Length 198
(129)  eap_ttls : Length Included
(129)  eap_ttls : eaptls_verify returned 11 
(129)  eap_ttls : <<< Unknown TLS version [length 0005] 
(129)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(129)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(129)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(129)  eap_ttls : <<< Unknown TLS version [length 0005] 
(129)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(129)  eap_ttls : <<< Unknown TLS version [length 0005] 
(129)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(129)  eap_ttls : TLS_accept: SSLv3 read finished A
(129)  eap_ttls : >>> Unknown TLS version [length 0005] 
(129)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(129)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(129)  eap_ttls : >>> Unknown TLS version [length 0005] 
(129)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(129)  eap_ttls : TLS_accept: SSLv3 write finished A
(129)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 847ee0b64eb28de81765eef2cca0922f58d6937a67fff7bb4ea1878aae55e57f to cache
(129)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(129)  eap_ttls : eaptls_process returned 13 
(129)  eap : New EAP session, adding 'State' attribute to reply 0xe8df682eeb4c7d7a
(129)   [eap] = handled
(129)  } #  authenticate = handled
(129) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=141, length=0
(129) 	EAP-Message = 0x0193004515800000003b1403010001011603010030027c3de1a53702e1d7f0537bce4067260dd288015268e23d01235a47f304896f96f6852ad3866deaf645eaa6d22a5501
(129) 	Message-Authenticator = 0x00000000000000000000000000000000
(129) 	State = 0xe8df682eeb4c7d7aa2e41343dc80ec4d
Sending Access-Challenge Id 141 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x0193004515800000003b1403010001011603010030027c3de1a53702e1d7f0537bce4067260dd288015268e23d01235a47f304896f96f6852ad3866deaf645eaa6d22a5501
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xe8df682eeb4c7d7aa2e41343dc80ec4d
(129) Finished request
Waking up in 0.2 seconds.
(115) Cleaning up request packet ID 1 with timestamp +104
Waking up in 0.1 seconds.
Waking up in 2.1 seconds.
Received Access-Request Id 117 from 192.168.99.122:49321 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0xa1caa702a0f1c6361f6d2e3d11718cc4
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02b300150143504537407369656d656e732e636f6d
(130) Received Access-Request packet from host 192.168.99.122 port 49321, id=117, length=83
(130) 	Message-Authenticator = 0xa1caa702a0f1c6361f6d2e3d11718cc4
(130) 	NAS-Identifier = 'BS'
(130) 	User-Name = 'CPE7@siemens.com'
(130) 	EAP-Message = 0x02b300150143504537407369656d656e732e636f6d
(130) # Executing section authorize from file /etc/raddb/sites-enabled/default
(130)   authorize {
(130)   filter_username filter_username {
(130)     if (!&User-Name) 
(130)     if (!&User-Name)  -> FALSE
(130)     if (&User-Name =~ / /) 
(130)     if (&User-Name =~ / /)  -> FALSE
(130)     if (&User-Name =~ /@.*@/ ) 
(130)     if (&User-Name =~ /@.*@/ )  -> FALSE
(130)     if (&User-Name =~ /\\.\\./ ) 
(130)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(130)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(130)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(130)     if (&User-Name =~ /\\.$/)  
(130)     if (&User-Name =~ /\\.$/)   -> FALSE
(130)     if (&User-Name =~ /@\\./)  
(130)     if (&User-Name =~ /@\\./)   -> FALSE
(130)   } # filter_username filter_username = notfound
(130)   [preprocess] = ok
(130)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(130)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(130)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(130)  auth_log : EXPAND %t
(130)  auth_log :    --> Wed Feb 14 20:05:05 2018
(130)   [auth_log] = ok
(130)   [chap] = noop
(130)   [mschap] = noop
(130)   [digest] = noop
(130)   [wimax] = noop
(130)  suffix : Checking for suffix after "@"
(130)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(130)  suffix : No such realm "siemens.com"
(130)   [suffix] = noop
(130)  eap : Peer sent code Response (2) ID 179 length 21
(130)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(130)   [eap] = ok
(130)  } #  authorize = ok
(130) Found Auth-Type = EAP
(130) # Executing group from file /etc/raddb/sites-enabled/default
(130)   authenticate {
(130)  eap : Peer sent method Identity (1)
(130)  eap : Calling eap_ttls to process EAP data
(130)  eap_ttls : Initiate
(130)  eap_ttls : Start returned 1
(130)  eap : New EAP session, adding 'State' attribute to reply 0x018b2354013f3697
(130)   [eap] = handled
(130)  } #  authenticate = handled
(130) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=117, length=0
(130) 	EAP-Message = 0x01b400061520
(130) 	Message-Authenticator = 0x00000000000000000000000000000000
(130) 	State = 0x018b2354013f369781f77908c1cff321
Sending Access-Challenge Id 117 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b400061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x018b2354013f369781f77908c1cff321
(130) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 118 from 192.168.99.122:49321 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0xe3aeddd166bcee44e17c6bcada709343
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02b4006a158000000060160301005b01000057030154ac6fc4f86450b32ee53c40f39c3ce4f5d6b1ba93055f6dde238b8cdd6ca35000003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x018b2354013f369781f77908c1cff321
(131) Received Access-Request packet from host 192.168.99.122 port 49321, id=118, length=186
(131) 	Message-Authenticator = 0xe3aeddd166bcee44e17c6bcada709343
(131) 	NAS-Identifier = 'BS'
(131) 	User-Name = 'CPE7@siemens.com'
(131) 	EAP-Message = 0x02b4006a158000000060160301005b01000057030154ac6fc4f86450b32ee53c40f39c3ce4f5d6b1ba93055f6dde238b8cdd6ca35000003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(131) 	State = 0x018b2354013f369781f77908c1cff321
(131) # Executing section authorize from file /etc/raddb/sites-enabled/default
(131)   authorize {
(131)   filter_username filter_username {
(131)     if (!&User-Name) 
(131)     if (!&User-Name)  -> FALSE
(131)     if (&User-Name =~ / /) 
(131)     if (&User-Name =~ / /)  -> FALSE
(131)     if (&User-Name =~ /@.*@/ ) 
(131)     if (&User-Name =~ /@.*@/ )  -> FALSE
(131)     if (&User-Name =~ /\\.\\./ ) 
(131)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(131)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(131)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(131)     if (&User-Name =~ /\\.$/)  
(131)     if (&User-Name =~ /\\.$/)   -> FALSE
(131)     if (&User-Name =~ /@\\./)  
(131)     if (&User-Name =~ /@\\./)   -> FALSE
(131)   } # filter_username filter_username = notfound
(131)   [preprocess] = ok
(131)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(131)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(131)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(131)  auth_log : EXPAND %t
(131)  auth_log :    --> Wed Feb 14 20:05:05 2018
(131)   [auth_log] = ok
(131)   [chap] = noop
(131)   [mschap] = noop
(131)   [digest] = noop
(131)   [wimax] = noop
(131)  suffix : Checking for suffix after "@"
(131)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(131)  suffix : No such realm "siemens.com"
(131)   [suffix] = noop
(131)  eap : Peer sent code Response (2) ID 180 length 106
(131)  eap : Continuing tunnel setup
(131)   [eap] = ok
(131)  } #  authorize = ok
(131) Found Auth-Type = EAP
(131) # Executing group from file /etc/raddb/sites-enabled/default
(131)   authenticate {
(131)  eap : Expiring EAP session with state 0x34b58d2c37779811
(131)  eap : Finished EAP session with state 0x018b2354013f3697
(131)  eap : Previous EAP request found for state 0x018b2354013f3697, released from the list
(131)  eap : Peer sent method TTLS (21)
(131)  eap : EAP TTLS (21)
(131)  eap : Calling eap_ttls to process EAP data
(131)  eap_ttls : Authenticate
(131)  eap_ttls : processing EAP-TLS
  TLS Length 96
(131)  eap_ttls : Length Included
(131)  eap_ttls : eaptls_verify returned 11 
(131)  eap_ttls : (other): before/accept initialization
(131)  eap_ttls : TLS_accept: before/accept initialization
(131)  eap_ttls : <<< Unknown TLS version [length 0005] 
(131)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(131)  eap_ttls : TLS_accept: SSLv3 read client hello A
(131)  eap_ttls : >>> Unknown TLS version [length 0005] 
(131)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(131)  eap_ttls : TLS_accept: SSLv3 write server hello A
(131)  eap_ttls : >>> Unknown TLS version [length 0005] 
(131)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(131)  eap_ttls : TLS_accept: SSLv3 write certificate A
(131)  eap_ttls : >>> Unknown TLS version [length 0005] 
(131)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(131)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(131)  eap_ttls : >>> Unknown TLS version [length 0005] 
(131)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(131)  eap_ttls : TLS_accept: SSLv3 write server done A
(131)  eap_ttls : TLS_accept: SSLv3 flush data
(131)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(131)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(131)  eap_ttls : eaptls_process returned 13 
(131)  eap : New EAP session, adding 'State' attribute to reply 0x018b2354003e3697
(131)   [eap] = handled
(131)  } #  authenticate = handled
(131) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=118, length=0
(131) 	EAP-Message = 0x01b503ec15c000000702160301004a02000046030169944c400114403c6e148ec62eff0e60e9267fadb5b7ef448b6034ad7668d31b2050c26426702a68251d68b9afb19ba8fba8edc5595e632ef107de8ee4a91a4b8f00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(131) 	Message-Authenticator = 0x00000000000000000000000000000000
(131) 	State = 0x018b2354003e369781f77908c1cff321
Sending Access-Challenge Id 118 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b503ec15c000000702160301004a02000046030169944c400114403c6e148ec62eff0e60e9267fadb5b7ef448b6034ad7668d31b2050c26426702a68251d68b9afb19ba8fba8edc5595e632ef107de8ee4a91a4b8f00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x018b2354003e369781f77908c1cff321
(131) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 119 from 192.168.99.122:49321 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0x4435120a6b7a86f38823b16fe3844e05
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02b500061500
	State = 0x018b2354003e369781f77908c1cff321
(132) Received Access-Request packet from host 192.168.99.122 port 49321, id=119, length=86
(132) 	Message-Authenticator = 0x4435120a6b7a86f38823b16fe3844e05
(132) 	NAS-Identifier = 'BS'
(132) 	User-Name = 'CPE7@siemens.com'
(132) 	EAP-Message = 0x02b500061500
(132) 	State = 0x018b2354003e369781f77908c1cff321
(132) # Executing section authorize from file /etc/raddb/sites-enabled/default
(132)   authorize {
(132)   filter_username filter_username {
(132)     if (!&User-Name) 
(132)     if (!&User-Name)  -> FALSE
(132)     if (&User-Name =~ / /) 
(132)     if (&User-Name =~ / /)  -> FALSE
(132)     if (&User-Name =~ /@.*@/ ) 
(132)     if (&User-Name =~ /@.*@/ )  -> FALSE
(132)     if (&User-Name =~ /\\.\\./ ) 
(132)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(132)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(132)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(132)     if (&User-Name =~ /\\.$/)  
(132)     if (&User-Name =~ /\\.$/)   -> FALSE
(132)     if (&User-Name =~ /@\\./)  
(132)     if (&User-Name =~ /@\\./)   -> FALSE
(132)   } # filter_username filter_username = notfound
(132)   [preprocess] = ok
(132)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(132)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(132)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(132)  auth_log : EXPAND %t
(132)  auth_log :    --> Wed Feb 14 20:05:05 2018
(132)   [auth_log] = ok
(132)   [chap] = noop
(132)   [mschap] = noop
(132)   [digest] = noop
(132)   [wimax] = noop
(132)  suffix : Checking for suffix after "@"
(132)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(132)  suffix : No such realm "siemens.com"
(132)   [suffix] = noop
(132)  eap : Peer sent code Response (2) ID 181 length 6
(132)  eap : Continuing tunnel setup
(132)   [eap] = ok
(132)  } #  authorize = ok
(132) Found Auth-Type = EAP
(132) # Executing group from file /etc/raddb/sites-enabled/default
(132)   authenticate {
(132)  eap : Expiring EAP session with state 0x34b58d2c37779811
(132)  eap : Finished EAP session with state 0x018b2354003e3697
(132)  eap : Previous EAP request found for state 0x018b2354003e3697, released from the list
(132)  eap : Peer sent method TTLS (21)
(132)  eap : EAP TTLS (21)
(132)  eap : Calling eap_ttls to process EAP data
(132)  eap_ttls : Authenticate
(132)  eap_ttls : processing EAP-TLS
(132)  eap_ttls : Received TLS ACK
(132)  eap_ttls : Received TLS ACK
(132)  eap_ttls : ACK handshake fragment handler
(132)  eap_ttls : eaptls_verify returned 1 
(132)  eap_ttls : eaptls_process returned 13 
(132)  eap : New EAP session, adding 'State' attribute to reply 0x018b2354033d3697
(132)   [eap] = handled
(132)  } #  authenticate = handled
(132) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=119, length=0
(132) 	EAP-Message = 0x01b6032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(132) 	Message-Authenticator = 0x00000000000000000000000000000000
(132) 	State = 0x018b2354033d369781f77908c1cff321
Sending Access-Challenge Id 119 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b6032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x018b2354033d369781f77908c1cff321
(132) Finished request
Waking up in 0.2 seconds.
Waking up in 1.4 seconds.
Received Access-Request Id 142 from 192.168.99.123:49286 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0xb189878d5614a08f79c96adcca1c49d7
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x029300d01580000000c61603010086100000820080723cc164ab98b3eb2afd463ab074927875bbd79d1d4b496738e0874126bba726d0bd9a2f97ddfe38ee1773e06826f382ddcae230e1afabbaac91ffcbe600a6f2e6f0f7696daa9f9b93a3f81164891f79082f448099a18f3667c1ca4b887b01553bbd388ff8dff69fcd140d73dea0e43965b558727586026707b60d4c4b4619df14030100010116030100305dd421015de31e04b1bdb81f8b5a9990d91a0270d850ab111c45e1344329ab637d0606138afdccbae3dd6c3a6272f045
	State = 0xab500cc8a9c319e2f4500992f57ca398
(133) Received Access-Request packet from host 192.168.99.123 port 49286, id=142, length=288
(133) 	Message-Authenticator = 0xb189878d5614a08f79c96adcca1c49d7
(133) 	NAS-Identifier = 'BS'
(133) 	User-Name = 'CPE9@siemens.com'
(133) 	EAP-Message = 0x029300d01580000000c61603010086100000820080723cc164ab98b3eb2afd463ab074927875bbd79d1d4b496738e0874126bba726d0bd9a2f97ddfe38ee1773e06826f382ddcae230e1afabbaac91ffcbe600a6f2e6f0f7696daa9f9b93a3f81164891f79082f448099a18f3667c1ca4b887b01553bbd388ff8dff69fcd140d73dea0e43965b558727586026707b60d4c4b4619df14030100010116030100305dd421015de31e04b1bdb81f8b5a9990d91a0270d850ab111c45e1344329ab637d0606138afdccbae3dd6c3a6272f045
(133) 	State = 0xab500cc8a9c319e2f4500992f57ca398
(133) # Executing section authorize from file /etc/raddb/sites-enabled/default
(133)   authorize {
(133)   filter_username filter_username {
(133)     if (!&User-Name) 
(133)     if (!&User-Name)  -> FALSE
(133)     if (&User-Name =~ / /) 
(133)     if (&User-Name =~ / /)  -> FALSE
(133)     if (&User-Name =~ /@.*@/ ) 
(133)     if (&User-Name =~ /@.*@/ )  -> FALSE
(133)     if (&User-Name =~ /\\.\\./ ) 
(133)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(133)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(133)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(133)     if (&User-Name =~ /\\.$/)  
(133)     if (&User-Name =~ /\\.$/)   -> FALSE
(133)     if (&User-Name =~ /@\\./)  
(133)     if (&User-Name =~ /@\\./)   -> FALSE
(133)   } # filter_username filter_username = notfound
(133)   [preprocess] = ok
(133)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(133)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(133)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(133)  auth_log : EXPAND %t
(133)  auth_log :    --> Wed Feb 14 20:05:06 2018
(133)   [auth_log] = ok
(133)   [chap] = noop
(133)   [mschap] = noop
(133)   [digest] = noop
(133)   [wimax] = noop
(133)  suffix : Checking for suffix after "@"
(133)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(133)  suffix : No such realm "siemens.com"
(133)   [suffix] = noop
(133)  eap : Peer sent code Response (2) ID 147 length 208
(133)  eap : Continuing tunnel setup
(133)   [eap] = ok
(133)  } #  authorize = ok
(133) Found Auth-Type = EAP
(133) # Executing group from file /etc/raddb/sites-enabled/default
(133)   authenticate {
(133)  eap : Expiring EAP session with state 0x34b58d2c37779811
(133)  eap : Finished EAP session with state 0xab500cc8a9c319e2
(133)  eap : Previous EAP request found for state 0xab500cc8a9c319e2, released from the list
(133)  eap : Peer sent method TTLS (21)
(133)  eap : EAP TTLS (21)
(133)  eap : Calling eap_ttls to process EAP data
(133)  eap_ttls : Authenticate
(133)  eap_ttls : processing EAP-TLS
  TLS Length 198
(133)  eap_ttls : Length Included
(133)  eap_ttls : eaptls_verify returned 11 
(133)  eap_ttls : <<< Unknown TLS version [length 0005] 
(133)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(133)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(133)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(133)  eap_ttls : <<< Unknown TLS version [length 0005] 
(133)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(133)  eap_ttls : <<< Unknown TLS version [length 0005] 
(133)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(133)  eap_ttls : TLS_accept: SSLv3 read finished A
(133)  eap_ttls : >>> Unknown TLS version [length 0005] 
(133)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(133)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(133)  eap_ttls : >>> Unknown TLS version [length 0005] 
(133)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(133)  eap_ttls : TLS_accept: SSLv3 write finished A
(133)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session d358ea3bdff4460a08684aaed729c46da4a3e360604d652a631e83b02456fc92 to cache
(133)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(133)  eap_ttls : eaptls_process returned 13 
(133)  eap : New EAP session, adding 'State' attribute to reply 0xab500cc8a8c419e2
(133)   [eap] = handled
(133)  } #  authenticate = handled
(133) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=142, length=0
(133) 	EAP-Message = 0x0194004515800000003b1403010001011603010030f33e8493ac5f3f2bc33084ce7f840c1cfb48f239258e6d5106b3daa551ed125e75bf25ab92b67a57f0cb2be66f57203b
(133) 	Message-Authenticator = 0x00000000000000000000000000000000
(133) 	State = 0xab500cc8a8c419e2f4500992f57ca398
Sending Access-Challenge Id 142 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x0194004515800000003b1403010001011603010030f33e8493ac5f3f2bc33084ce7f840c1cfb48f239258e6d5106b3daa551ed125e75bf25ab92b67a57f0cb2be66f57203b
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xab500cc8a8c419e2f4500992f57ca398
(133) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 157 from 192.168.99.121:49210 to 192.168.99.101:1812 length 289
	Message-Authenticator = 0x5b83c534ebc1ebad9f03ee5b1a4cf1cc
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c500d01580000000c616030100861000008200808495a47411d69693ad46a3bb51266cb7a7b6ebb8773ad839dd1227401cf72383ebfbd96fd178179add5c4c8232eafb109667ccbe8d3d3365ad64e1ecfe999716cd9dffb9ca23a0da37842a7713a5c2e0393901c19eb2211310b7becd6d76176b4659bdb016ef173ac9253adbd62b437d4b295b5c6863f94a63330e8d2b66a19c1403010001011603010030c914b0239267363ef4bf953339d60c46208105619fa2508d72f3cbdbb6157adcd832ffcbcb2895959525005886274a95
	State = 0x04bae403067ff171f2e5fb89d067c7e6
(134) Received Access-Request packet from host 192.168.99.121 port 49210, id=157, length=289
(134) 	Message-Authenticator = 0x5b83c534ebc1ebad9f03ee5b1a4cf1cc
(134) 	NAS-Identifier = 'BS'
(134) 	User-Name = 'CPE11@siemens.com'
(134) 	EAP-Message = 0x02c500d01580000000c616030100861000008200808495a47411d69693ad46a3bb51266cb7a7b6ebb8773ad839dd1227401cf72383ebfbd96fd178179add5c4c8232eafb109667ccbe8d3d3365ad64e1ecfe999716cd9dffb9ca23a0da37842a7713a5c2e0393901c19eb2211310b7becd6d76176b4659bdb016ef173ac9253adbd62b437d4b295b5c6863f94a63330e8d2b66a19c1403010001011603010030c914b0239267363ef4bf953339d60c46208105619fa2508d72f3cbdbb6157adcd832ffcbcb2895959525005886274a95
(134) 	State = 0x04bae403067ff171f2e5fb89d067c7e6
(134) # Executing section authorize from file /etc/raddb/sites-enabled/default
(134)   authorize {
(134)   filter_username filter_username {
(134)     if (!&User-Name) 
(134)     if (!&User-Name)  -> FALSE
(134)     if (&User-Name =~ / /) 
(134)     if (&User-Name =~ / /)  -> FALSE
(134)     if (&User-Name =~ /@.*@/ ) 
(134)     if (&User-Name =~ /@.*@/ )  -> FALSE
(134)     if (&User-Name =~ /\\.\\./ ) 
(134)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(134)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(134)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(134)     if (&User-Name =~ /\\.$/)  
(134)     if (&User-Name =~ /\\.$/)   -> FALSE
(134)     if (&User-Name =~ /@\\./)  
(134)     if (&User-Name =~ /@\\./)   -> FALSE
(134)   } # filter_username filter_username = notfound
(134)   [preprocess] = ok
(134)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(134)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(134)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(134)  auth_log : EXPAND %t
(134)  auth_log :    --> Wed Feb 14 20:05:06 2018
(134)   [auth_log] = ok
(134)   [chap] = noop
(134)   [mschap] = noop
(134)   [digest] = noop
(134)   [wimax] = noop
(134)  suffix : Checking for suffix after "@"
(134)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(134)  suffix : No such realm "siemens.com"
(134)   [suffix] = noop
(134)  eap : Peer sent code Response (2) ID 197 length 208
(134)  eap : Continuing tunnel setup
(134)   [eap] = ok
(134)  } #  authorize = ok
(134) Found Auth-Type = EAP
(134) # Executing group from file /etc/raddb/sites-enabled/default
(134)   authenticate {
(134)  eap : Expiring EAP session with state 0x34b58d2c37779811
(134)  eap : Finished EAP session with state 0x04bae403067ff171
(134)  eap : Previous EAP request found for state 0x04bae403067ff171, released from the list
(134)  eap : Peer sent method TTLS (21)
(134)  eap : EAP TTLS (21)
(134)  eap : Calling eap_ttls to process EAP data
(134)  eap_ttls : Authenticate
(134)  eap_ttls : processing EAP-TLS
  TLS Length 198
(134)  eap_ttls : Length Included
(134)  eap_ttls : eaptls_verify returned 11 
(134)  eap_ttls : <<< Unknown TLS version [length 0005] 
(134)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(134)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(134)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(134)  eap_ttls : <<< Unknown TLS version [length 0005] 
(134)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(134)  eap_ttls : <<< Unknown TLS version [length 0005] 
(134)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(134)  eap_ttls : TLS_accept: SSLv3 read finished A
(134)  eap_ttls : >>> Unknown TLS version [length 0005] 
(134)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(134)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(134)  eap_ttls : >>> Unknown TLS version [length 0005] 
(134)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(134)  eap_ttls : TLS_accept: SSLv3 write finished A
(134)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 6e648bb0fd8950c7df4f0c60d2d0588c23aac28b16643690e0fa4094ec131093 to cache
(134)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(134)  eap_ttls : eaptls_process returned 13 
(134)  eap : New EAP session, adding 'State' attribute to reply 0x04bae403077cf171
(134)   [eap] = handled
(134)  } #  authenticate = handled
(134) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=157, length=0
(134) 	EAP-Message = 0x01c6004515800000003b1403010001011603010030dfb88e4bebd6e7b61b90818ce0c329f34560f0d992ce700eb3fae4c7f2e753ceed5cd90523088d6becc0589f95f21fef
(134) 	Message-Authenticator = 0x00000000000000000000000000000000
(134) 	State = 0x04bae403077cf171f2e5fb89d067c7e6
Sending Access-Challenge Id 157 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c6004515800000003b1403010001011603010030dfb88e4bebd6e7b61b90818ce0c329f34560f0d992ce700eb3fae4c7f2e753ceed5cd90523088d6becc0589f95f21fef
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x04bae403077cf171f2e5fb89d067c7e6
(134) Finished request
Waking up in 0.2 seconds.
Waking up in 0.4 seconds.
(116) Cleaning up request packet ID 135 with timestamp +106
(117) Cleaning up request packet ID 116 with timestamp +106
(118) Cleaning up request packet ID 136 with timestamp +106
(119) Cleaning up request packet ID 137 with timestamp +106
Waking up in 1.3 seconds.
Received Access-Request Id 120 from 192.168.99.122:49321 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0x1c5b2beaa74063a15cb4592b407f47d4
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02b600d01580000000c616030100861000008200803e7565f20f9ad2ada2381b2a0b2bad35d651141f865d099c0f2f6f092a18ca83c0c431a22e6e753417e0cb9dbce19d16db65d727c4e4b3c865963f0cce7ef95cd81c86ce118eb19b7b42962eff3cacbc850f5cf849a5a9328ab8d897ffe98b3e382d5e4c797722eb3331403111a2efff7268c19240b78f1d3fdce7977a124fc014030100010116030100303b191e24c3ebce16fb8c8cc7f4a101201b0c1aea40ede811aa17e204b64088530620031ca569e53d68eb0977a40e4b9e
	State = 0x018b2354033d369781f77908c1cff321
(135) Received Access-Request packet from host 192.168.99.122 port 49321, id=120, length=288
(135) 	Message-Authenticator = 0x1c5b2beaa74063a15cb4592b407f47d4
(135) 	NAS-Identifier = 'BS'
(135) 	User-Name = 'CPE7@siemens.com'
(135) 	EAP-Message = 0x02b600d01580000000c616030100861000008200803e7565f20f9ad2ada2381b2a0b2bad35d651141f865d099c0f2f6f092a18ca83c0c431a22e6e753417e0cb9dbce19d16db65d727c4e4b3c865963f0cce7ef95cd81c86ce118eb19b7b42962eff3cacbc850f5cf849a5a9328ab8d897ffe98b3e382d5e4c797722eb3331403111a2efff7268c19240b78f1d3fdce7977a124fc014030100010116030100303b191e24c3ebce16fb8c8cc7f4a101201b0c1aea40ede811aa17e204b64088530620031ca569e53d68eb0977a40e4b9e
(135) 	State = 0x018b2354033d369781f77908c1cff321
(135) # Executing section authorize from file /etc/raddb/sites-enabled/default
(135)   authorize {
(135)   filter_username filter_username {
(135)     if (!&User-Name) 
(135)     if (!&User-Name)  -> FALSE
(135)     if (&User-Name =~ / /) 
(135)     if (&User-Name =~ / /)  -> FALSE
(135)     if (&User-Name =~ /@.*@/ ) 
(135)     if (&User-Name =~ /@.*@/ )  -> FALSE
(135)     if (&User-Name =~ /\\.\\./ ) 
(135)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(135)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(135)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(135)     if (&User-Name =~ /\\.$/)  
(135)     if (&User-Name =~ /\\.$/)   -> FALSE
(135)     if (&User-Name =~ /@\\./)  
(135)     if (&User-Name =~ /@\\./)   -> FALSE
(135)   } # filter_username filter_username = notfound
(135)   [preprocess] = ok
(135)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(135)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(135)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(135)  auth_log : EXPAND %t
(135)  auth_log :    --> Wed Feb 14 20:05:08 2018
(135)   [auth_log] = ok
(135)   [chap] = noop
(135)   [mschap] = noop
(135)   [digest] = noop
(135)   [wimax] = noop
(135)  suffix : Checking for suffix after "@"
(135)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(135)  suffix : No such realm "siemens.com"
(135)   [suffix] = noop
(135)  eap : Peer sent code Response (2) ID 182 length 208
(135)  eap : Continuing tunnel setup
(135)   [eap] = ok
(135)  } #  authorize = ok
(135) Found Auth-Type = EAP
(135) # Executing group from file /etc/raddb/sites-enabled/default
(135)   authenticate {
(135)  eap : Expiring EAP session with state 0x34b58d2c37779811
(135)  eap : Finished EAP session with state 0x018b2354033d3697
(135)  eap : Previous EAP request found for state 0x018b2354033d3697, released from the list
(135)  eap : Peer sent method TTLS (21)
(135)  eap : EAP TTLS (21)
(135)  eap : Calling eap_ttls to process EAP data
(135)  eap_ttls : Authenticate
(135)  eap_ttls : processing EAP-TLS
  TLS Length 198
(135)  eap_ttls : Length Included
(135)  eap_ttls : eaptls_verify returned 11 
(135)  eap_ttls : <<< Unknown TLS version [length 0005] 
(135)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(135)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(135)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(135)  eap_ttls : <<< Unknown TLS version [length 0005] 
(135)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(135)  eap_ttls : <<< Unknown TLS version [length 0005] 
(135)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(135)  eap_ttls : TLS_accept: SSLv3 read finished A
(135)  eap_ttls : >>> Unknown TLS version [length 0005] 
(135)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(135)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(135)  eap_ttls : >>> Unknown TLS version [length 0005] 
(135)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(135)  eap_ttls : TLS_accept: SSLv3 write finished A
(135)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 50c26426702a68251d68b9afb19ba8fba8edc5595e632ef107de8ee4a91a4b8f to cache
(135)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(135)  eap_ttls : eaptls_process returned 13 
(135)  eap : New EAP session, adding 'State' attribute to reply 0x018b2354023c3697
(135)   [eap] = handled
(135)  } #  authenticate = handled
(135) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=120, length=0
(135) 	EAP-Message = 0x01b7004515800000003b1403010001011603010030a2f28332fd79cfe50298311275779837c0ec4356918992945a2c3f7d25c6a09ecde92a3e03177a93ae67da8d1fa8f7b1
(135) 	Message-Authenticator = 0x00000000000000000000000000000000
(135) 	State = 0x018b2354023c369781f77908c1cff321
Sending Access-Challenge Id 120 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b7004515800000003b1403010001011603010030a2f28332fd79cfe50298311275779837c0ec4356918992945a2c3f7d25c6a09ecde92a3e03177a93ae67da8d1fa8f7b1
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x018b2354023c369781f77908c1cff321
(135) Finished request
Waking up in 0.3 seconds.
Waking up in 0.5 seconds.
(120) Cleaning up request packet ID 138 with timestamp +107
(121) Cleaning up request packet ID 139 with timestamp +108
(122) Cleaning up request packet ID 140 with timestamp +108
(123) Cleaning up request packet ID 1 with timestamp +108
(124) Cleaning up request packet ID 154 with timestamp +108
(125) Cleaning up request packet ID 1 with timestamp +108
(126) Cleaning up request packet ID 155 with timestamp +108
(127) Cleaning up request packet ID 156 with timestamp +108
Waking up in 0.1 seconds.
(128) Cleaning up request packet ID 1 with timestamp +108
Waking up in 0.6 seconds.
Received Access-Request Id 121 from 192.168.99.122:49321 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x0912782b09df63348d5ae25b6ec27efa
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02b400150143504536407369656d656e732e636f6d
(136) Received Access-Request packet from host 192.168.99.122 port 49321, id=121, length=83
(136) 	Message-Authenticator = 0x0912782b09df63348d5ae25b6ec27efa
(136) 	NAS-Identifier = 'BS'
(136) 	User-Name = 'CPE6@siemens.com'
(136) 	EAP-Message = 0x02b400150143504536407369656d656e732e636f6d
(136) # Executing section authorize from file /etc/raddb/sites-enabled/default
(136)   authorize {
(136)   filter_username filter_username {
(136)     if (!&User-Name) 
(136)     if (!&User-Name)  -> FALSE
(136)     if (&User-Name =~ / /) 
(136)     if (&User-Name =~ / /)  -> FALSE
(136)     if (&User-Name =~ /@.*@/ ) 
(136)     if (&User-Name =~ /@.*@/ )  -> FALSE
(136)     if (&User-Name =~ /\\.\\./ ) 
(136)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(136)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(136)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(136)     if (&User-Name =~ /\\.$/)  
(136)     if (&User-Name =~ /\\.$/)   -> FALSE
(136)     if (&User-Name =~ /@\\./)  
(136)     if (&User-Name =~ /@\\./)   -> FALSE
(136)   } # filter_username filter_username = notfound
(136)   [preprocess] = ok
(136)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(136)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(136)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(136)  auth_log : EXPAND %t
(136)  auth_log :    --> Wed Feb 14 20:05:09 2018
(136)   [auth_log] = ok
(136)   [chap] = noop
(136)   [mschap] = noop
(136)   [digest] = noop
(136)   [wimax] = noop
(136)  suffix : Checking for suffix after "@"
(136)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(136)  suffix : No such realm "siemens.com"
(136)   [suffix] = noop
(136)  eap : Peer sent code Response (2) ID 180 length 21
(136)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(136)   [eap] = ok
(136)  } #  authorize = ok
(136) Found Auth-Type = EAP
(136) # Executing group from file /etc/raddb/sites-enabled/default
(136)   authenticate {
(136)  eap : Peer sent method Identity (1)
(136)  eap : Calling eap_ttls to process EAP data
(136)  eap_ttls : Initiate
(136)  eap_ttls : Start returned 1
(136)  eap : New EAP session, adding 'State' attribute to reply 0x2cb7fd692c02e88c
(136)   [eap] = handled
(136)  } #  authenticate = handled
(136) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=121, length=0
(136) 	EAP-Message = 0x01b500061520
(136) 	Message-Authenticator = 0x00000000000000000000000000000000
(136) 	State = 0x2cb7fd692c02e88c69f79becfba431d2
Sending Access-Challenge Id 121 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b500061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x2cb7fd692c02e88c69f79becfba431d2
(136) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 122 from 192.168.99.122:49321 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x1fbf34a1cb734dbc3a94e196fe794d70
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02b5006a158000000060160301005b01000057030154acd54b1d442f270f6c5c8c1f43c1774f17fa71c2d3b4a32473723e68234b6d00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x2cb7fd692c02e88c69f79becfba431d2
(137) Received Access-Request packet from host 192.168.99.122 port 49321, id=122, length=186
(137) 	Message-Authenticator = 0x1fbf34a1cb734dbc3a94e196fe794d70
(137) 	NAS-Identifier = 'BS'
(137) 	User-Name = 'CPE6@siemens.com'
(137) 	EAP-Message = 0x02b5006a158000000060160301005b01000057030154acd54b1d442f270f6c5c8c1f43c1774f17fa71c2d3b4a32473723e68234b6d00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(137) 	State = 0x2cb7fd692c02e88c69f79becfba431d2
(137) # Executing section authorize from file /etc/raddb/sites-enabled/default
(137)   authorize {
(137)   filter_username filter_username {
(137)     if (!&User-Name) 
(137)     if (!&User-Name)  -> FALSE
(137)     if (&User-Name =~ / /) 
(137)     if (&User-Name =~ / /)  -> FALSE
(137)     if (&User-Name =~ /@.*@/ ) 
(137)     if (&User-Name =~ /@.*@/ )  -> FALSE
(137)     if (&User-Name =~ /\\.\\./ ) 
(137)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(137)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(137)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(137)     if (&User-Name =~ /\\.$/)  
(137)     if (&User-Name =~ /\\.$/)   -> FALSE
(137)     if (&User-Name =~ /@\\./)  
(137)     if (&User-Name =~ /@\\./)   -> FALSE
(137)   } # filter_username filter_username = notfound
(137)   [preprocess] = ok
(137)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(137)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(137)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(137)  auth_log : EXPAND %t
(137)  auth_log :    --> Wed Feb 14 20:05:09 2018
(137)   [auth_log] = ok
(137)   [chap] = noop
(137)   [mschap] = noop
(137)   [digest] = noop
(137)   [wimax] = noop
(137)  suffix : Checking for suffix after "@"
(137)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(137)  suffix : No such realm "siemens.com"
(137)   [suffix] = noop
(137)  eap : Peer sent code Response (2) ID 181 length 106
(137)  eap : Continuing tunnel setup
(137)   [eap] = ok
(137)  } #  authorize = ok
(137) Found Auth-Type = EAP
(137) # Executing group from file /etc/raddb/sites-enabled/default
(137)   authenticate {
(137)  eap : Expiring EAP session with state 0x34b58d2c37779811
(137)  eap : Finished EAP session with state 0x2cb7fd692c02e88c
(137)  eap : Previous EAP request found for state 0x2cb7fd692c02e88c, released from the list
(137)  eap : Peer sent method TTLS (21)
(137)  eap : EAP TTLS (21)
(137)  eap : Calling eap_ttls to process EAP data
(137)  eap_ttls : Authenticate
(137)  eap_ttls : processing EAP-TLS
  TLS Length 96
(137)  eap_ttls : Length Included
(137)  eap_ttls : eaptls_verify returned 11 
(137)  eap_ttls : (other): before/accept initialization
(137)  eap_ttls : TLS_accept: before/accept initialization
(137)  eap_ttls : <<< Unknown TLS version [length 0005] 
(137)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(137)  eap_ttls : TLS_accept: SSLv3 read client hello A
(137)  eap_ttls : >>> Unknown TLS version [length 0005] 
(137)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(137)  eap_ttls : TLS_accept: SSLv3 write server hello A
(137)  eap_ttls : >>> Unknown TLS version [length 0005] 
(137)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(137)  eap_ttls : TLS_accept: SSLv3 write certificate A
(137)  eap_ttls : >>> Unknown TLS version [length 0005] 
(137)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(137)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(137)  eap_ttls : >>> Unknown TLS version [length 0005] 
(137)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(137)  eap_ttls : TLS_accept: SSLv3 write server done A
(137)  eap_ttls : TLS_accept: SSLv3 flush data
(137)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(137)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(137)  eap_ttls : eaptls_process returned 13 
(137)  eap : New EAP session, adding 'State' attribute to reply 0x2cb7fd692d01e88c
(137)   [eap] = handled
(137)  } #  authenticate = handled
(137) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=122, length=0
(137) 	EAP-Message = 0x01b603ec15c000000702160301004a020000460301e1c8447fdd9a5e15ce53d6d5ddbc01fe140eead9abd921058a565969f7e3267c20d1383fbd3defb81ecd52b7610a0013f7bc80769826fefdea59370141fc1324c200390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(137) 	Message-Authenticator = 0x00000000000000000000000000000000
(137) 	State = 0x2cb7fd692d01e88c69f79becfba431d2
Sending Access-Challenge Id 122 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b603ec15c000000702160301004a020000460301e1c8447fdd9a5e15ce53d6d5ddbc01fe140eead9abd921058a565969f7e3267c20d1383fbd3defb81ecd52b7610a0013f7bc80769826fefdea59370141fc1324c200390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x2cb7fd692d01e88c69f79becfba431d2
(137) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 123 from 192.168.99.122:49321 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0x1709e15e3c27f5a79b73a97954f1a2ad
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02b600061500
	State = 0x2cb7fd692d01e88c69f79becfba431d2
(138) Received Access-Request packet from host 192.168.99.122 port 49321, id=123, length=86
(138) 	Message-Authenticator = 0x1709e15e3c27f5a79b73a97954f1a2ad
(138) 	NAS-Identifier = 'BS'
(138) 	User-Name = 'CPE6@siemens.com'
(138) 	EAP-Message = 0x02b600061500
(138) 	State = 0x2cb7fd692d01e88c69f79becfba431d2
(138) # Executing section authorize from file /etc/raddb/sites-enabled/default
(138)   authorize {
(138)   filter_username filter_username {
(138)     if (!&User-Name) 
(138)     if (!&User-Name)  -> FALSE
(138)     if (&User-Name =~ / /) 
(138)     if (&User-Name =~ / /)  -> FALSE
(138)     if (&User-Name =~ /@.*@/ ) 
(138)     if (&User-Name =~ /@.*@/ )  -> FALSE
(138)     if (&User-Name =~ /\\.\\./ ) 
(138)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(138)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(138)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(138)     if (&User-Name =~ /\\.$/)  
(138)     if (&User-Name =~ /\\.$/)   -> FALSE
(138)     if (&User-Name =~ /@\\./)  
(138)     if (&User-Name =~ /@\\./)   -> FALSE
(138)   } # filter_username filter_username = notfound
(138)   [preprocess] = ok
(138)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(138)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(138)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(138)  auth_log : EXPAND %t
(138)  auth_log :    --> Wed Feb 14 20:05:09 2018
(138)   [auth_log] = ok
(138)   [chap] = noop
(138)   [mschap] = noop
(138)   [digest] = noop
(138)   [wimax] = noop
(138)  suffix : Checking for suffix after "@"
(138)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(138)  suffix : No such realm "siemens.com"
(138)   [suffix] = noop
(138)  eap : Peer sent code Response (2) ID 182 length 6
(138)  eap : Continuing tunnel setup
(138)   [eap] = ok
(138)  } #  authorize = ok
(138) Found Auth-Type = EAP
(138) # Executing group from file /etc/raddb/sites-enabled/default
(138)   authenticate {
(138)  eap : Expiring EAP session with state 0x34b58d2c37779811
(138)  eap : Finished EAP session with state 0x2cb7fd692d01e88c
(138)  eap : Previous EAP request found for state 0x2cb7fd692d01e88c, released from the list
(138)  eap : Peer sent method TTLS (21)
(138)  eap : EAP TTLS (21)
(138)  eap : Calling eap_ttls to process EAP data
(138)  eap_ttls : Authenticate
(138)  eap_ttls : processing EAP-TLS
(138)  eap_ttls : Received TLS ACK
(138)  eap_ttls : Received TLS ACK
(138)  eap_ttls : ACK handshake fragment handler
(138)  eap_ttls : eaptls_verify returned 1 
(138)  eap_ttls : eaptls_process returned 13 
(138)  eap : New EAP session, adding 'State' attribute to reply 0x2cb7fd692e00e88c
(138)   [eap] = handled
(138)  } #  authenticate = handled
(138) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=123, length=0
(138) 	EAP-Message = 0x01b7032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(138) 	Message-Authenticator = 0x00000000000000000000000000000000
(138) 	State = 0x2cb7fd692e00e88c69f79becfba431d2
Sending Access-Challenge Id 123 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b7032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x2cb7fd692e00e88c69f79becfba431d2
(138) Finished request
(129) Cleaning up request packet ID 141 with timestamp +109
Waking up in 0.1 seconds.
Received Access-Request Id 1 from 192.168.99.121:49210 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(139) Received Access-Request packet from host 192.168.99.121 port 49210, id=1, length=49
(139) 	NAS-Identifier = 'BS'
(139) 	User-Name = 'dummy'
(139) 	User-Password = '*PASSWORD*'
(139) # Executing section authorize from file /etc/raddb/sites-enabled/default
(139)   authorize {
(139)   filter_username filter_username {
(139)     if (!&User-Name) 
(139)     if (!&User-Name)  -> FALSE
(139)     if (&User-Name =~ / /) 
(139)     if (&User-Name =~ / /)  -> FALSE
(139)     if (&User-Name =~ /@.*@/ ) 
(139)     if (&User-Name =~ /@.*@/ )  -> FALSE
(139)     if (&User-Name =~ /\\.\\./ ) 
(139)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(139)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(139)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(139)     if (&User-Name =~ /\\.$/)  
(139)     if (&User-Name =~ /\\.$/)   -> FALSE
(139)     if (&User-Name =~ /@\\./)  
(139)     if (&User-Name =~ /@\\./)   -> FALSE
(139)   } # filter_username filter_username = notfound
(139)   [preprocess] = ok
(139)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(139)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(139)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(139)  auth_log : EXPAND %t
(139)  auth_log :    --> Wed Feb 14 20:05:10 2018
(139)   [auth_log] = ok
(139)   [chap] = noop
(139)   [mschap] = noop
(139)   [digest] = noop
(139)   [wimax] = noop
(139)  suffix : Checking for suffix after "@"
(139)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(139)  suffix : No such realm "NULL"
(139)   [suffix] = noop
(139)  eap : No EAP-Message, not doing EAP
(139)   [eap] = noop
(139)  files : users: Matched entry dummy at line 159
(139)   [files] = ok
(139)   [expiration] = noop
(139)   [logintime] = noop
(139)   [pap] = updated
(139)  } #  authorize = updated
(139) Found Auth-Type = PAP
(139) # Executing group from file /etc/raddb/sites-enabled/default
(139)  Auth-Type PAP {
(139)  pap : Login attempt with password
(139)  pap : User authenticated successfully
(139)   [pap] = ok
(139)  } # Auth-Type PAP = ok
(139) Login OK: [dummy] (from client BS1 port 0)
(139) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(139)   post-auth {
(139)   [exec] = noop
(139)   update reply {
(139) 	Session-Timeout := 1800
(139)   } # update reply = noop
(139)   remove_reply_message_if_eap remove_reply_message_if_eap {
(139)     if (&reply:EAP-Message && &reply:Reply-Message) 
(139)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(139)    else else {
(139)     [noop] = noop
(139)    } # else else = noop
(139)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(139)  } #  post-auth = noop
(139) Sending Access-Accept packet to host 192.168.99.121 port 49210, id=1, length=0
(139) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.121:49210
	Session-Timeout := 1800
(139) Finished request
Waking up in 0.2 seconds.
(130) Cleaning up request packet ID 117 with timestamp +109
(131) Cleaning up request packet ID 118 with timestamp +109
(132) Cleaning up request packet ID 119 with timestamp +109
Waking up in 0.8 seconds.
(133) Cleaning up request packet ID 142 with timestamp +110
(134) Cleaning up request packet ID 157 with timestamp +110
Waking up in 1.4 seconds.
Received Access-Request Id 143 from 192.168.99.123:49286 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x69197d9864c26b96d489a4c89cd646a3
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x029100150143504538407369656d656e732e636f6d
(140) Received Access-Request packet from host 192.168.99.123 port 49286, id=143, length=83
(140) 	Message-Authenticator = 0x69197d9864c26b96d489a4c89cd646a3
(140) 	NAS-Identifier = 'BS'
(140) 	User-Name = 'CPE8@siemens.com'
(140) 	EAP-Message = 0x029100150143504538407369656d656e732e636f6d
(140) # Executing section authorize from file /etc/raddb/sites-enabled/default
(140)   authorize {
(140)   filter_username filter_username {
(140)     if (!&User-Name) 
(140)     if (!&User-Name)  -> FALSE
(140)     if (&User-Name =~ / /) 
(140)     if (&User-Name =~ / /)  -> FALSE
(140)     if (&User-Name =~ /@.*@/ ) 
(140)     if (&User-Name =~ /@.*@/ )  -> FALSE
(140)     if (&User-Name =~ /\\.\\./ ) 
(140)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(140)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(140)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(140)     if (&User-Name =~ /\\.$/)  
(140)     if (&User-Name =~ /\\.$/)   -> FALSE
(140)     if (&User-Name =~ /@\\./)  
(140)     if (&User-Name =~ /@\\./)   -> FALSE
(140)   } # filter_username filter_username = notfound
(140)   [preprocess] = ok
(140)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(140)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(140)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(140)  auth_log : EXPAND %t
(140)  auth_log :    --> Wed Feb 14 20:05:12 2018
(140)   [auth_log] = ok
(140)   [chap] = noop
(140)   [mschap] = noop
(140)   [digest] = noop
(140)   [wimax] = noop
(140)  suffix : Checking for suffix after "@"
(140)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(140)  suffix : No such realm "siemens.com"
(140)   [suffix] = noop
(140)  eap : Peer sent code Response (2) ID 145 length 21
(140)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(140)   [eap] = ok
(140)  } #  authorize = ok
(140) Found Auth-Type = EAP
(140) # Executing group from file /etc/raddb/sites-enabled/default
(140)   authenticate {
(140)  eap : Peer sent method Identity (1)
(140)  eap : Calling eap_ttls to process EAP data
(140)  eap_ttls : Initiate
(140)  eap_ttls : Start returned 1
(140)  eap : New EAP session, adding 'State' attribute to reply 0xfaeb330dfa7926fb
(140)   [eap] = handled
(140)  } #  authenticate = handled
(140) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=143, length=0
(140) 	EAP-Message = 0x019200061520
(140) 	Message-Authenticator = 0x00000000000000000000000000000000
(140) 	State = 0xfaeb330dfa7926fb5cb9abcbf9345b4f
Sending Access-Challenge Id 143 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019200061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xfaeb330dfa7926fb5cb9abcbf9345b4f
(140) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 124 from 192.168.99.122:49321 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0x1e3c9a2cce9d942fcd5251932adab208
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02b700d01580000000c616030100861000008200809acf6ce3de4e8535588cf519721c8cf10e1789cad5cf153942214186d0cc660205677fd2bf633934651b75b8d9871f26007aa4c88d03c8c0a9dde3d4152c490dfb4506243649a223264121989b041ad2b3843a25bfb97be416188c55b9591f9109322a7bf3e35e4ac2a19ea7cac5e56b205ca1fbfeb5c7aadec2187e112c0b91140301000101160301003015465d63bcc1566162792e22b07a690471c68ba9018dd8743c11952fdaa8bded66a5dfef91a1cfe97f8d8d2d6a9c569d
	State = 0x2cb7fd692e00e88c69f79becfba431d2
(141) Received Access-Request packet from host 192.168.99.122 port 49321, id=124, length=288
(141) 	Message-Authenticator = 0x1e3c9a2cce9d942fcd5251932adab208
(141) 	NAS-Identifier = 'BS'
(141) 	User-Name = 'CPE6@siemens.com'
(141) 	EAP-Message = 0x02b700d01580000000c616030100861000008200809acf6ce3de4e8535588cf519721c8cf10e1789cad5cf153942214186d0cc660205677fd2bf633934651b75b8d9871f26007aa4c88d03c8c0a9dde3d4152c490dfb4506243649a223264121989b041ad2b3843a25bfb97be416188c55b9591f9109322a7bf3e35e4ac2a19ea7cac5e56b205ca1fbfeb5c7aadec2187e112c0b91140301000101160301003015465d63bcc1566162792e22b07a690471c68ba9018dd8743c11952fdaa8bded66a5dfef91a1cfe97f8d8d2d6a9c569d
(141) 	State = 0x2cb7fd692e00e88c69f79becfba431d2
(141) # Executing section authorize from file /etc/raddb/sites-enabled/default
(141)   authorize {
(141)   filter_username filter_username {
(141)     if (!&User-Name) 
(141)     if (!&User-Name)  -> FALSE
(141)     if (&User-Name =~ / /) 
(141)     if (&User-Name =~ / /)  -> FALSE
(141)     if (&User-Name =~ /@.*@/ ) 
(141)     if (&User-Name =~ /@.*@/ )  -> FALSE
(141)     if (&User-Name =~ /\\.\\./ ) 
(141)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(141)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(141)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(141)     if (&User-Name =~ /\\.$/)  
(141)     if (&User-Name =~ /\\.$/)   -> FALSE
(141)     if (&User-Name =~ /@\\./)  
(141)     if (&User-Name =~ /@\\./)   -> FALSE
(141)   } # filter_username filter_username = notfound
(141)   [preprocess] = ok
(141)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(141)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(141)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(141)  auth_log : EXPAND %t
(141)  auth_log :    --> Wed Feb 14 20:05:12 2018
(141)   [auth_log] = ok
(141)   [chap] = noop
(141)   [mschap] = noop
(141)   [digest] = noop
(141)   [wimax] = noop
(141)  suffix : Checking for suffix after "@"
(141)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(141)  suffix : No such realm "siemens.com"
(141)   [suffix] = noop
(141)  eap : Peer sent code Response (2) ID 183 length 208
(141)  eap : Continuing tunnel setup
(141)   [eap] = ok
(141)  } #  authorize = ok
(141) Found Auth-Type = EAP
(141) # Executing group from file /etc/raddb/sites-enabled/default
(141)   authenticate {
(141)  eap : Expiring EAP session with state 0x34b58d2c37779811
(141)  eap : Finished EAP session with state 0x2cb7fd692e00e88c
(141)  eap : Previous EAP request found for state 0x2cb7fd692e00e88c, released from the list
(141)  eap : Peer sent method TTLS (21)
(141)  eap : EAP TTLS (21)
(141)  eap : Calling eap_ttls to process EAP data
(141)  eap_ttls : Authenticate
(141)  eap_ttls : processing EAP-TLS
  TLS Length 198
(141)  eap_ttls : Length Included
(141)  eap_ttls : eaptls_verify returned 11 
(141)  eap_ttls : <<< Unknown TLS version [length 0005] 
(141)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(141)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(141)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(141)  eap_ttls : <<< Unknown TLS version [length 0005] 
(141)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(141)  eap_ttls : <<< Unknown TLS version [length 0005] 
(141)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(141)  eap_ttls : TLS_accept: SSLv3 read finished A
(141)  eap_ttls : >>> Unknown TLS version [length 0005] 
(141)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(141)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(141)  eap_ttls : >>> Unknown TLS version [length 0005] 
(141)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(141)  eap_ttls : TLS_accept: SSLv3 write finished A
(141)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session d1383fbd3defb81ecd52b7610a0013f7bc80769826fefdea59370141fc1324c2 to cache
(141)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(141)  eap_ttls : eaptls_process returned 13 
(141)  eap : New EAP session, adding 'State' attribute to reply 0x2cb7fd692f0fe88c
(141)   [eap] = handled
(141)  } #  authenticate = handled
(141) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=124, length=0
(141) 	EAP-Message = 0x01b8004515800000003b14030100010116030100309cc9d2ec7b4ed6b9207448be621a58b02238fbd3775a07106b97cf523aaea47e1cedbb92ccdedbb672268a154a4c3ec2
(141) 	Message-Authenticator = 0x00000000000000000000000000000000
(141) 	State = 0x2cb7fd692f0fe88c69f79becfba431d2
Sending Access-Challenge Id 124 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b8004515800000003b14030100010116030100309cc9d2ec7b4ed6b9207448be621a58b02238fbd3775a07106b97cf523aaea47e1cedbb92ccdedbb672268a154a4c3ec2
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x2cb7fd692f0fe88c69f79becfba431d2
(141) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 144 from 192.168.99.123:49286 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0xb96a42062061bd8c4dd66cab27463cc1
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x0292006a158000000060160301005b01000057030154a650e24cf12aadf050b5256ff49cd92801c0cdbad2e66bea9aa5fe5b3db4ad00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0xfaeb330dfa7926fb5cb9abcbf9345b4f
(142) Received Access-Request packet from host 192.168.99.123 port 49286, id=144, length=186
(142) 	Message-Authenticator = 0xb96a42062061bd8c4dd66cab27463cc1
(142) 	NAS-Identifier = 'BS'
(142) 	User-Name = 'CPE8@siemens.com'
(142) 	EAP-Message = 0x0292006a158000000060160301005b01000057030154a650e24cf12aadf050b5256ff49cd92801c0cdbad2e66bea9aa5fe5b3db4ad00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(142) 	State = 0xfaeb330dfa7926fb5cb9abcbf9345b4f
(142) # Executing section authorize from file /etc/raddb/sites-enabled/default
(142)   authorize {
(142)   filter_username filter_username {
(142)     if (!&User-Name) 
(142)     if (!&User-Name)  -> FALSE
(142)     if (&User-Name =~ / /) 
(142)     if (&User-Name =~ / /)  -> FALSE
(142)     if (&User-Name =~ /@.*@/ ) 
(142)     if (&User-Name =~ /@.*@/ )  -> FALSE
(142)     if (&User-Name =~ /\\.\\./ ) 
(142)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(142)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(142)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(142)     if (&User-Name =~ /\\.$/)  
(142)     if (&User-Name =~ /\\.$/)   -> FALSE
(142)     if (&User-Name =~ /@\\./)  
(142)     if (&User-Name =~ /@\\./)   -> FALSE
(142)   } # filter_username filter_username = notfound
(142)   [preprocess] = ok
(142)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(142)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(142)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(142)  auth_log : EXPAND %t
(142)  auth_log :    --> Wed Feb 14 20:05:12 2018
(142)   [auth_log] = ok
(142)   [chap] = noop
(142)   [mschap] = noop
(142)   [digest] = noop
(142)   [wimax] = noop
(142)  suffix : Checking for suffix after "@"
(142)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(142)  suffix : No such realm "siemens.com"
(142)   [suffix] = noop
(142)  eap : Peer sent code Response (2) ID 146 length 106
(142)  eap : Continuing tunnel setup
(142)   [eap] = ok
(142)  } #  authorize = ok
(142) Found Auth-Type = EAP
(142) # Executing group from file /etc/raddb/sites-enabled/default
(142)   authenticate {
(142)  eap : Expiring EAP session with state 0x34b58d2c37779811
(142)  eap : Finished EAP session with state 0xfaeb330dfa7926fb
(142)  eap : Previous EAP request found for state 0xfaeb330dfa7926fb, released from the list
(142)  eap : Peer sent method TTLS (21)
(142)  eap : EAP TTLS (21)
(142)  eap : Calling eap_ttls to process EAP data
(142)  eap_ttls : Authenticate
(142)  eap_ttls : processing EAP-TLS
  TLS Length 96
(142)  eap_ttls : Length Included
(142)  eap_ttls : eaptls_verify returned 11 
(142)  eap_ttls : (other): before/accept initialization
(142)  eap_ttls : TLS_accept: before/accept initialization
(142)  eap_ttls : <<< Unknown TLS version [length 0005] 
(142)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(142)  eap_ttls : TLS_accept: SSLv3 read client hello A
(142)  eap_ttls : >>> Unknown TLS version [length 0005] 
(142)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(142)  eap_ttls : TLS_accept: SSLv3 write server hello A
(142)  eap_ttls : >>> Unknown TLS version [length 0005] 
(142)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(142)  eap_ttls : TLS_accept: SSLv3 write certificate A
(142)  eap_ttls : >>> Unknown TLS version [length 0005] 
(142)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(142)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(142)  eap_ttls : >>> Unknown TLS version [length 0005] 
(142)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(142)  eap_ttls : TLS_accept: SSLv3 write server done A
(142)  eap_ttls : TLS_accept: SSLv3 flush data
(142)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(142)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(142)  eap_ttls : eaptls_process returned 13 
(142)  eap : New EAP session, adding 'State' attribute to reply 0xfaeb330dfb7826fb
(142)   [eap] = handled
(142)  } #  authenticate = handled
(142) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=144, length=0
(142) 	EAP-Message = 0x019303ec15c000000702160301004a020000460301164d3f69929bcf80cf7c61879e881f79d816e66f111c768af2ee29b5c9f3540b20355fe358fa9eb4757001c5b4bc3f8b35360d172cae7edb10a0a60f2cc775d46c00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(142) 	Message-Authenticator = 0x00000000000000000000000000000000
(142) 	State = 0xfaeb330dfb7826fb5cb9abcbf9345b4f
Sending Access-Challenge Id 144 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019303ec15c000000702160301004a020000460301164d3f69929bcf80cf7c61879e881f79d816e66f111c768af2ee29b5c9f3540b20355fe358fa9eb4757001c5b4bc3f8b35360d172cae7edb10a0a60f2cc775d46c00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xfaeb330dfb7826fb5cb9abcbf9345b4f
(142) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 145 from 192.168.99.123:49286 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0xad46035276a09869468a48de87c15c67
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x029300061500
	State = 0xfaeb330dfb7826fb5cb9abcbf9345b4f
(143) Received Access-Request packet from host 192.168.99.123 port 49286, id=145, length=86
(143) 	Message-Authenticator = 0xad46035276a09869468a48de87c15c67
(143) 	NAS-Identifier = 'BS'
(143) 	User-Name = 'CPE8@siemens.com'
(143) 	EAP-Message = 0x029300061500
(143) 	State = 0xfaeb330dfb7826fb5cb9abcbf9345b4f
(143) # Executing section authorize from file /etc/raddb/sites-enabled/default
(143)   authorize {
(143)   filter_username filter_username {
(143)     if (!&User-Name) 
(143)     if (!&User-Name)  -> FALSE
(143)     if (&User-Name =~ / /) 
(143)     if (&User-Name =~ / /)  -> FALSE
(143)     if (&User-Name =~ /@.*@/ ) 
(143)     if (&User-Name =~ /@.*@/ )  -> FALSE
(143)     if (&User-Name =~ /\\.\\./ ) 
(143)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(143)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(143)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(143)     if (&User-Name =~ /\\.$/)  
(143)     if (&User-Name =~ /\\.$/)   -> FALSE
(143)     if (&User-Name =~ /@\\./)  
(143)     if (&User-Name =~ /@\\./)   -> FALSE
(143)   } # filter_username filter_username = notfound
(143)   [preprocess] = ok
(143)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(143)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(143)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(143)  auth_log : EXPAND %t
(143)  auth_log :    --> Wed Feb 14 20:05:12 2018
(143)   [auth_log] = ok
(143)   [chap] = noop
(143)   [mschap] = noop
(143)   [digest] = noop
(143)   [wimax] = noop
(143)  suffix : Checking for suffix after "@"
(143)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(143)  suffix : No such realm "siemens.com"
(143)   [suffix] = noop
(143)  eap : Peer sent code Response (2) ID 147 length 6
(143)  eap : Continuing tunnel setup
(143)   [eap] = ok
(143)  } #  authorize = ok
(143) Found Auth-Type = EAP
(143) # Executing group from file /etc/raddb/sites-enabled/default
(143)   authenticate {
(143)  eap : Expiring EAP session with state 0x34b58d2c37779811
(143)  eap : Finished EAP session with state 0xfaeb330dfb7826fb
(143)  eap : Previous EAP request found for state 0xfaeb330dfb7826fb, released from the list
(143)  eap : Peer sent method TTLS (21)
(143)  eap : EAP TTLS (21)
(143)  eap : Calling eap_ttls to process EAP data
(143)  eap_ttls : Authenticate
(143)  eap_ttls : processing EAP-TLS
(143)  eap_ttls : Received TLS ACK
(143)  eap_ttls : Received TLS ACK
(143)  eap_ttls : ACK handshake fragment handler
(143)  eap_ttls : eaptls_verify returned 1 
(143)  eap_ttls : eaptls_process returned 13 
(143)  eap : New EAP session, adding 'State' attribute to reply 0xfaeb330df87f26fb
(143)   [eap] = handled
(143)  } #  authenticate = handled
(143) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=145, length=0
(143) 	EAP-Message = 0x0194032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(143) 	Message-Authenticator = 0x00000000000000000000000000000000
(143) 	State = 0xfaeb330df87f26fb5cb9abcbf9345b4f
Sending Access-Challenge Id 145 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x0194032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xfaeb330df87f26fb5cb9abcbf9345b4f
(143) Finished request
Waking up in 0.2 seconds.
Waking up in 0.1 seconds.
(135) Cleaning up request packet ID 120 with timestamp +112
Waking up in 1.6 seconds.
Received Access-Request Id 146 from 192.168.99.123:49286 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0xfaef3bd472477dba1cd8a28d5f90263a
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x029200150143504539407369656d656e732e636f6d
(144) Received Access-Request packet from host 192.168.99.123 port 49286, id=146, length=83
(144) 	Message-Authenticator = 0xfaef3bd472477dba1cd8a28d5f90263a
(144) 	NAS-Identifier = 'BS'
(144) 	User-Name = 'CPE9@siemens.com'
(144) 	EAP-Message = 0x029200150143504539407369656d656e732e636f6d
(144) # Executing section authorize from file /etc/raddb/sites-enabled/default
(144)   authorize {
(144)   filter_username filter_username {
(144)     if (!&User-Name) 
(144)     if (!&User-Name)  -> FALSE
(144)     if (&User-Name =~ / /) 
(144)     if (&User-Name =~ / /)  -> FALSE
(144)     if (&User-Name =~ /@.*@/ ) 
(144)     if (&User-Name =~ /@.*@/ )  -> FALSE
(144)     if (&User-Name =~ /\\.\\./ ) 
(144)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(144)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(144)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(144)     if (&User-Name =~ /\\.$/)  
(144)     if (&User-Name =~ /\\.$/)   -> FALSE
(144)     if (&User-Name =~ /@\\./)  
(144)     if (&User-Name =~ /@\\./)   -> FALSE
(144)   } # filter_username filter_username = notfound
(144)   [preprocess] = ok
(144)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(144)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(144)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(144)  auth_log : EXPAND %t
(144)  auth_log :    --> Wed Feb 14 20:05:13 2018
(144)   [auth_log] = ok
(144)   [chap] = noop
(144)   [mschap] = noop
(144)   [digest] = noop
(144)   [wimax] = noop
(144)  suffix : Checking for suffix after "@"
(144)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(144)  suffix : No such realm "siemens.com"
(144)   [suffix] = noop
(144)  eap : Peer sent code Response (2) ID 146 length 21
(144)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(144)   [eap] = ok
(144)  } #  authorize = ok
(144) Found Auth-Type = EAP
(144) # Executing group from file /etc/raddb/sites-enabled/default
(144)   authenticate {
(144)  eap : Peer sent method Identity (1)
(144)  eap : Calling eap_ttls to process EAP data
(144)  eap_ttls : Initiate
(144)  eap_ttls : Start returned 1
(144)  eap : New EAP session, adding 'State' attribute to reply 0x094421ea09d73460
(144)   [eap] = handled
(144)  } #  authenticate = handled
(144) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=146, length=0
(144) 	EAP-Message = 0x019300061520
(144) 	Message-Authenticator = 0x00000000000000000000000000000000
(144) 	State = 0x094421ea09d734607dad19382981c336
Sending Access-Challenge Id 146 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019300061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x094421ea09d734607dad19382981c336
(144) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 147 from 192.168.99.123:49286 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x3975bf08deac13ef5a093817b5360111
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x0293006a158000000060160301005b01000057030154ab17d76fb0a85d8d7981260109b94b2e41e04771541d34735327cc5d75d4fa00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x094421ea09d734607dad19382981c336
(145) Received Access-Request packet from host 192.168.99.123 port 49286, id=147, length=186
(145) 	Message-Authenticator = 0x3975bf08deac13ef5a093817b5360111
(145) 	NAS-Identifier = 'BS'
(145) 	User-Name = 'CPE9@siemens.com'
(145) 	EAP-Message = 0x0293006a158000000060160301005b01000057030154ab17d76fb0a85d8d7981260109b94b2e41e04771541d34735327cc5d75d4fa00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(145) 	State = 0x094421ea09d734607dad19382981c336
(145) # Executing section authorize from file /etc/raddb/sites-enabled/default
(145)   authorize {
(145)   filter_username filter_username {
(145)     if (!&User-Name) 
(145)     if (!&User-Name)  -> FALSE
(145)     if (&User-Name =~ / /) 
(145)     if (&User-Name =~ / /)  -> FALSE
(145)     if (&User-Name =~ /@.*@/ ) 
(145)     if (&User-Name =~ /@.*@/ )  -> FALSE
(145)     if (&User-Name =~ /\\.\\./ ) 
(145)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(145)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(145)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(145)     if (&User-Name =~ /\\.$/)  
(145)     if (&User-Name =~ /\\.$/)   -> FALSE
(145)     if (&User-Name =~ /@\\./)  
(145)     if (&User-Name =~ /@\\./)   -> FALSE
(145)   } # filter_username filter_username = notfound
(145)   [preprocess] = ok
(145)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(145)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(145)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(145)  auth_log : EXPAND %t
(145)  auth_log :    --> Wed Feb 14 20:05:14 2018
(145)   [auth_log] = ok
(145)   [chap] = noop
(145)   [mschap] = noop
(145)   [digest] = noop
(145)   [wimax] = noop
(145)  suffix : Checking for suffix after "@"
(145)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(145)  suffix : No such realm "siemens.com"
(145)   [suffix] = noop
(145)  eap : Peer sent code Response (2) ID 147 length 106
(145)  eap : Continuing tunnel setup
(145)   [eap] = ok
(145)  } #  authorize = ok
(145) Found Auth-Type = EAP
(145) # Executing group from file /etc/raddb/sites-enabled/default
(145)   authenticate {
(145)  eap : Expiring EAP session with state 0x34b58d2c37779811
(145)  eap : Finished EAP session with state 0x094421ea09d73460
(145)  eap : Previous EAP request found for state 0x094421ea09d73460, released from the list
(145)  eap : Peer sent method TTLS (21)
(145)  eap : EAP TTLS (21)
(145)  eap : Calling eap_ttls to process EAP data
(145)  eap_ttls : Authenticate
(145)  eap_ttls : processing EAP-TLS
  TLS Length 96
(145)  eap_ttls : Length Included
(145)  eap_ttls : eaptls_verify returned 11 
(145)  eap_ttls : (other): before/accept initialization
(145)  eap_ttls : TLS_accept: before/accept initialization
(145)  eap_ttls : <<< Unknown TLS version [length 0005] 
(145)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(145)  eap_ttls : TLS_accept: SSLv3 read client hello A
(145)  eap_ttls : >>> Unknown TLS version [length 0005] 
(145)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(145)  eap_ttls : TLS_accept: SSLv3 write server hello A
(145)  eap_ttls : >>> Unknown TLS version [length 0005] 
(145)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(145)  eap_ttls : TLS_accept: SSLv3 write certificate A
(145)  eap_ttls : >>> Unknown TLS version [length 0005] 
(145)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(145)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(145)  eap_ttls : >>> Unknown TLS version [length 0005] 
(145)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(145)  eap_ttls : TLS_accept: SSLv3 write server done A
(145)  eap_ttls : TLS_accept: SSLv3 flush data
(145)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(145)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(145)  eap_ttls : eaptls_process returned 13 
(145)  eap : New EAP session, adding 'State' attribute to reply 0x094421ea08d03460
(145)   [eap] = handled
(145)  } #  authenticate = handled
(145) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=147, length=0
(145) 	EAP-Message = 0x019403ec15c000000702160301004a0200004603010e84222241b193a93b812f906b104044940a15920a697240c08f07951c197efe203c12060f0f1135e8f55f67fba2b7f7aab0236b9694b65dbb120a079a3a1c89a000390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(145) 	Message-Authenticator = 0x00000000000000000000000000000000
(145) 	State = 0x094421ea08d034607dad19382981c336
Sending Access-Challenge Id 147 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019403ec15c000000702160301004a0200004603010e84222241b193a93b812f906b104044940a15920a697240c08f07951c197efe203c12060f0f1135e8f55f67fba2b7f7aab0236b9694b65dbb120a079a3a1c89a000390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x094421ea08d034607dad19382981c336
(145) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 148 from 192.168.99.123:49286 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0xe2167b3871118017d416005d7da8c615
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x029400061500
	State = 0x094421ea08d034607dad19382981c336
(146) Received Access-Request packet from host 192.168.99.123 port 49286, id=148, length=86
(146) 	Message-Authenticator = 0xe2167b3871118017d416005d7da8c615
(146) 	NAS-Identifier = 'BS'
(146) 	User-Name = 'CPE9@siemens.com'
(146) 	EAP-Message = 0x029400061500
(146) 	State = 0x094421ea08d034607dad19382981c336
(146) # Executing section authorize from file /etc/raddb/sites-enabled/default
(146)   authorize {
(146)   filter_username filter_username {
(146)     if (!&User-Name) 
(146)     if (!&User-Name)  -> FALSE
(146)     if (&User-Name =~ / /) 
(146)     if (&User-Name =~ / /)  -> FALSE
(146)     if (&User-Name =~ /@.*@/ ) 
(146)     if (&User-Name =~ /@.*@/ )  -> FALSE
(146)     if (&User-Name =~ /\\.\\./ ) 
(146)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(146)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(146)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(146)     if (&User-Name =~ /\\.$/)  
(146)     if (&User-Name =~ /\\.$/)   -> FALSE
(146)     if (&User-Name =~ /@\\./)  
(146)     if (&User-Name =~ /@\\./)   -> FALSE
(146)   } # filter_username filter_username = notfound
(146)   [preprocess] = ok
(146)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(146)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(146)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(146)  auth_log : EXPAND %t
(146)  auth_log :    --> Wed Feb 14 20:05:14 2018
(146)   [auth_log] = ok
(146)   [chap] = noop
(146)   [mschap] = noop
(146)   [digest] = noop
(146)   [wimax] = noop
(146)  suffix : Checking for suffix after "@"
(146)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(146)  suffix : No such realm "siemens.com"
(146)   [suffix] = noop
(146)  eap : Peer sent code Response (2) ID 148 length 6
(146)  eap : Continuing tunnel setup
(146)   [eap] = ok
(146)  } #  authorize = ok
(146) Found Auth-Type = EAP
(146) # Executing group from file /etc/raddb/sites-enabled/default
(146)   authenticate {
(146)  eap : Expiring EAP session with state 0x34b58d2c37779811
(146)  eap : Finished EAP session with state 0x094421ea08d03460
(146)  eap : Previous EAP request found for state 0x094421ea08d03460, released from the list
(146)  eap : Peer sent method TTLS (21)
(146)  eap : EAP TTLS (21)
(146)  eap : Calling eap_ttls to process EAP data
(146)  eap_ttls : Authenticate
(146)  eap_ttls : processing EAP-TLS
(146)  eap_ttls : Received TLS ACK
(146)  eap_ttls : Received TLS ACK
(146)  eap_ttls : ACK handshake fragment handler
(146)  eap_ttls : eaptls_verify returned 1 
(146)  eap_ttls : eaptls_process returned 13 
(146)  eap : New EAP session, adding 'State' attribute to reply 0x094421ea0bd13460
(146)   [eap] = handled
(146)  } #  authenticate = handled
(146) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=148, length=0
(146) 	EAP-Message = 0x0195032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(146) 	Message-Authenticator = 0x00000000000000000000000000000000
(146) 	State = 0x094421ea0bd134607dad19382981c336
Sending Access-Challenge Id 148 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x0195032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x094421ea0bd134607dad19382981c336
(146) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 1 from 192.168.99.123:49286 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(147) Received Access-Request packet from host 192.168.99.123 port 49286, id=1, length=49
(147) 	NAS-Identifier = 'BS'
(147) 	User-Name = 'dummy'
(147) 	User-Password = '*PASSWORD*'
(147) # Executing section authorize from file /etc/raddb/sites-enabled/default
(147)   authorize {
(147)   filter_username filter_username {
(147)     if (!&User-Name) 
(147)     if (!&User-Name)  -> FALSE
(147)     if (&User-Name =~ / /) 
(147)     if (&User-Name =~ / /)  -> FALSE
(147)     if (&User-Name =~ /@.*@/ ) 
(147)     if (&User-Name =~ /@.*@/ )  -> FALSE
(147)     if (&User-Name =~ /\\.\\./ ) 
(147)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(147)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(147)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(147)     if (&User-Name =~ /\\.$/)  
(147)     if (&User-Name =~ /\\.$/)   -> FALSE
(147)     if (&User-Name =~ /@\\./)  
(147)     if (&User-Name =~ /@\\./)   -> FALSE
(147)   } # filter_username filter_username = notfound
(147)   [preprocess] = ok
(147)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(147)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(147)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(147)  auth_log : EXPAND %t
(147)  auth_log :    --> Wed Feb 14 20:05:14 2018
(147)   [auth_log] = ok
(147)   [chap] = noop
(147)   [mschap] = noop
(147)   [digest] = noop
(147)   [wimax] = noop
(147)  suffix : Checking for suffix after "@"
(147)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(147)  suffix : No such realm "NULL"
(147)   [suffix] = noop
(147)  eap : No EAP-Message, not doing EAP
(147)   [eap] = noop
(147)  files : users: Matched entry dummy at line 159
(147)   [files] = ok
(147)   [expiration] = noop
(147)   [logintime] = noop
(147)   [pap] = updated
(147)  } #  authorize = updated
(147) Found Auth-Type = PAP
(147) # Executing group from file /etc/raddb/sites-enabled/default
(147)  Auth-Type PAP {
(147)  pap : Login attempt with password
(147)  pap : User authenticated successfully
(147)   [pap] = ok
(147)  } # Auth-Type PAP = ok
(147) Login OK: [dummy] (from client BS3 port 0)
(147) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(147)   post-auth {
(147)   [exec] = noop
(147)   update reply {
(147) 	Session-Timeout := 1800
(147)   } # update reply = noop
(147)   remove_reply_message_if_eap remove_reply_message_if_eap {
(147)     if (&reply:EAP-Message && &reply:Reply-Message) 
(147)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(147)    else else {
(147)     [noop] = noop
(147)    } # else else = noop
(147)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(147)  } #  post-auth = noop
(147) Sending Access-Accept packet to host 192.168.99.123 port 49286, id=1, length=0
(147) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.123:49286
	Session-Timeout := 1800
(147) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 158 from 192.168.99.121:49210 to 192.168.99.101:1812 length 85
	Message-Authenticator = 0xef36da7fdb497429bdd97e67300a5290
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c30016014350453131407369656d656e732e636f6d
(148) Received Access-Request packet from host 192.168.99.121 port 49210, id=158, length=85
(148) 	Message-Authenticator = 0xef36da7fdb497429bdd97e67300a5290
(148) 	NAS-Identifier = 'BS'
(148) 	User-Name = 'CPE11@siemens.com'
(148) 	EAP-Message = 0x02c30016014350453131407369656d656e732e636f6d
(148) # Executing section authorize from file /etc/raddb/sites-enabled/default
(148)   authorize {
(148)   filter_username filter_username {
(148)     if (!&User-Name) 
(148)     if (!&User-Name)  -> FALSE
(148)     if (&User-Name =~ / /) 
(148)     if (&User-Name =~ / /)  -> FALSE
(148)     if (&User-Name =~ /@.*@/ ) 
(148)     if (&User-Name =~ /@.*@/ )  -> FALSE
(148)     if (&User-Name =~ /\\.\\./ ) 
(148)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(148)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(148)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(148)     if (&User-Name =~ /\\.$/)  
(148)     if (&User-Name =~ /\\.$/)   -> FALSE
(148)     if (&User-Name =~ /@\\./)  
(148)     if (&User-Name =~ /@\\./)   -> FALSE
(148)   } # filter_username filter_username = notfound
(148)   [preprocess] = ok
(148)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(148)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(148)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(148)  auth_log : EXPAND %t
(148)  auth_log :    --> Wed Feb 14 20:05:14 2018
(148)   [auth_log] = ok
(148)   [chap] = noop
(148)   [mschap] = noop
(148)   [digest] = noop
(148)   [wimax] = noop
(148)  suffix : Checking for suffix after "@"
(148)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(148)  suffix : No such realm "siemens.com"
(148)   [suffix] = noop
(148)  eap : Peer sent code Response (2) ID 195 length 22
(148)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(148)   [eap] = ok
(148)  } #  authorize = ok
(148) Found Auth-Type = EAP
(148) # Executing group from file /etc/raddb/sites-enabled/default
(148)   authenticate {
(148)  eap : Peer sent method Identity (1)
(148)  eap : Calling eap_ttls to process EAP data
(148)  eap_ttls : Initiate
(148)  eap_ttls : Start returned 1
(148)  eap : New EAP session, adding 'State' attribute to reply 0x1102ed6411c6f8cd
(148)   [eap] = handled
(148)  } #  authenticate = handled
(148) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=158, length=0
(148) 	EAP-Message = 0x01c400061520
(148) 	Message-Authenticator = 0x00000000000000000000000000000000
(148) 	State = 0x1102ed6411c6f8cdc43bf4bd72a8bf9a
Sending Access-Challenge Id 158 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c400061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x1102ed6411c6f8cdc43bf4bd72a8bf9a
(148) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 1 from 192.168.99.124:49285 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(149) Received Access-Request packet from host 192.168.99.124 port 49285, id=1, length=49
(149) 	NAS-Identifier = 'BS'
(149) 	User-Name = 'dummy'
(149) 	User-Password = '*PASSWORD*'
(149) # Executing section authorize from file /etc/raddb/sites-enabled/default
(149)   authorize {
(149)   filter_username filter_username {
(149)     if (!&User-Name) 
(149)     if (!&User-Name)  -> FALSE
(149)     if (&User-Name =~ / /) 
(149)     if (&User-Name =~ / /)  -> FALSE
(149)     if (&User-Name =~ /@.*@/ ) 
(149)     if (&User-Name =~ /@.*@/ )  -> FALSE
(149)     if (&User-Name =~ /\\.\\./ ) 
(149)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(149)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(149)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(149)     if (&User-Name =~ /\\.$/)  
(149)     if (&User-Name =~ /\\.$/)   -> FALSE
(149)     if (&User-Name =~ /@\\./)  
(149)     if (&User-Name =~ /@\\./)   -> FALSE
(149)   } # filter_username filter_username = notfound
(149)   [preprocess] = ok
(149)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(149)  auth_log :    --> /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(149)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(149)  auth_log : EXPAND %t
(149)  auth_log :    --> Wed Feb 14 20:05:14 2018
(149)   [auth_log] = ok
(149)   [chap] = noop
(149)   [mschap] = noop
(149)   [digest] = noop
(149)   [wimax] = noop
(149)  suffix : Checking for suffix after "@"
(149)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(149)  suffix : No such realm "NULL"
(149)   [suffix] = noop
(149)  eap : No EAP-Message, not doing EAP
(149)   [eap] = noop
(149)  files : users: Matched entry dummy at line 159
(149)   [files] = ok
(149)   [expiration] = noop
(149)   [logintime] = noop
(149)   [pap] = updated
(149)  } #  authorize = updated
(149) Found Auth-Type = PAP
(149) # Executing group from file /etc/raddb/sites-enabled/default
(149)  Auth-Type PAP {
(149)  pap : Login attempt with password
(149)  pap : User authenticated successfully
(149)   [pap] = ok
(149)  } # Auth-Type PAP = ok
(149) Login OK: [dummy] (from client BS4 port 0)
(149) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(149)   post-auth {
(149)   [exec] = noop
(149)   update reply {
(149) 	Session-Timeout := 1800
(149)   } # update reply = noop
(149)   remove_reply_message_if_eap remove_reply_message_if_eap {
(149)     if (&reply:EAP-Message && &reply:Reply-Message) 
(149)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(149)    else else {
(149)     [noop] = noop
(149)    } # else else = noop
(149)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(149)  } #  post-auth = noop
(149) Sending Access-Accept packet to host 192.168.99.124 port 49285, id=1, length=0
(149) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.124:49285
	Session-Timeout := 1800
(149) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 159 from 192.168.99.121:49210 to 192.168.99.101:1812 length 187
	Message-Authenticator = 0xe8df947e0e983c7b9dada341ff4bfbe1
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c4006a158000000060160301005b01000057030154a4b4a9e71168050ef04eff6199911459c40a4f903b1029c5f3f0595e3c117e00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x1102ed6411c6f8cdc43bf4bd72a8bf9a
(150) Received Access-Request packet from host 192.168.99.121 port 49210, id=159, length=187
(150) 	Message-Authenticator = 0xe8df947e0e983c7b9dada341ff4bfbe1
(150) 	NAS-Identifier = 'BS'
(150) 	User-Name = 'CPE11@siemens.com'
(150) 	EAP-Message = 0x02c4006a158000000060160301005b01000057030154a4b4a9e71168050ef04eff6199911459c40a4f903b1029c5f3f0595e3c117e00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(150) 	State = 0x1102ed6411c6f8cdc43bf4bd72a8bf9a
(150) # Executing section authorize from file /etc/raddb/sites-enabled/default
(150)   authorize {
(150)   filter_username filter_username {
(150)     if (!&User-Name) 
(150)     if (!&User-Name)  -> FALSE
(150)     if (&User-Name =~ / /) 
(150)     if (&User-Name =~ / /)  -> FALSE
(150)     if (&User-Name =~ /@.*@/ ) 
(150)     if (&User-Name =~ /@.*@/ )  -> FALSE
(150)     if (&User-Name =~ /\\.\\./ ) 
(150)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(150)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(150)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(150)     if (&User-Name =~ /\\.$/)  
(150)     if (&User-Name =~ /\\.$/)   -> FALSE
(150)     if (&User-Name =~ /@\\./)  
(150)     if (&User-Name =~ /@\\./)   -> FALSE
(150)   } # filter_username filter_username = notfound
(150)   [preprocess] = ok
(150)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(150)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(150)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(150)  auth_log : EXPAND %t
(150)  auth_log :    --> Wed Feb 14 20:05:14 2018
(150)   [auth_log] = ok
(150)   [chap] = noop
(150)   [mschap] = noop
(150)   [digest] = noop
(150)   [wimax] = noop
(150)  suffix : Checking for suffix after "@"
(150)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(150)  suffix : No such realm "siemens.com"
(150)   [suffix] = noop
(150)  eap : Peer sent code Response (2) ID 196 length 106
(150)  eap : Continuing tunnel setup
(150)   [eap] = ok
(150)  } #  authorize = ok
(150) Found Auth-Type = EAP
(150) # Executing group from file /etc/raddb/sites-enabled/default
(150)   authenticate {
(150)  eap : Expiring EAP session with state 0x34b58d2c37779811
(150)  eap : Finished EAP session with state 0x1102ed6411c6f8cd
(150)  eap : Previous EAP request found for state 0x1102ed6411c6f8cd, released from the list
(150)  eap : Peer sent method TTLS (21)
(150)  eap : EAP TTLS (21)
(150)  eap : Calling eap_ttls to process EAP data
(150)  eap_ttls : Authenticate
(150)  eap_ttls : processing EAP-TLS
  TLS Length 96
(150)  eap_ttls : Length Included
(150)  eap_ttls : eaptls_verify returned 11 
(150)  eap_ttls : (other): before/accept initialization
(150)  eap_ttls : TLS_accept: before/accept initialization
(150)  eap_ttls : <<< Unknown TLS version [length 0005] 
(150)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(150)  eap_ttls : TLS_accept: SSLv3 read client hello A
(150)  eap_ttls : >>> Unknown TLS version [length 0005] 
(150)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(150)  eap_ttls : TLS_accept: SSLv3 write server hello A
(150)  eap_ttls : >>> Unknown TLS version [length 0005] 
(150)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(150)  eap_ttls : TLS_accept: SSLv3 write certificate A
(150)  eap_ttls : >>> Unknown TLS version [length 0005] 
(150)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(150)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(150)  eap_ttls : >>> Unknown TLS version [length 0005] 
(150)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(150)  eap_ttls : TLS_accept: SSLv3 write server done A
(150)  eap_ttls : TLS_accept: SSLv3 flush data
(150)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(150)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(150)  eap_ttls : eaptls_process returned 13 
(150)  eap : New EAP session, adding 'State' attribute to reply 0x1102ed6410c7f8cd
(150)   [eap] = handled
(150)  } #  authenticate = handled
(150) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=159, length=0
(150) 	EAP-Message = 0x01c503ec15c000000702160301004a020000460301b572efca2ffcbcbdaf0ff52ce4a27b4c86fd10d193ef7d10d35f584104dc86c32005bbd01135936febe1365b00234ded10c10c9367b94a91cf487f8520c2d6bf1c00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(150) 	Message-Authenticator = 0x00000000000000000000000000000000
(150) 	State = 0x1102ed6410c7f8cdc43bf4bd72a8bf9a
Sending Access-Challenge Id 159 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c503ec15c000000702160301004a020000460301b572efca2ffcbcbdaf0ff52ce4a27b4c86fd10d193ef7d10d35f584104dc86c32005bbd01135936febe1365b00234ded10c10c9367b94a91cf487f8520c2d6bf1c00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x1102ed6410c7f8cdc43bf4bd72a8bf9a
(150) Finished request
Received Access-Request Id 160 from 192.168.99.121:49210 to 192.168.99.101:1812 length 87
	Message-Authenticator = 0xb3db556b04b298707528cfdc07101dce
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c500061500
	State = 0x1102ed6410c7f8cdc43bf4bd72a8bf9a
(151) Received Access-Request packet from host 192.168.99.121 port 49210, id=160, length=87
(151) 	Message-Authenticator = 0xb3db556b04b298707528cfdc07101dce
(151) 	NAS-Identifier = 'BS'
(151) 	User-Name = 'CPE11@siemens.com'
(151) 	EAP-Message = 0x02c500061500
(151) 	State = 0x1102ed6410c7f8cdc43bf4bd72a8bf9a
(151) # Executing section authorize from file /etc/raddb/sites-enabled/default
(151)   authorize {
(151)   filter_username filter_username {
(151)     if (!&User-Name) 
(151)     if (!&User-Name)  -> FALSE
(151)     if (&User-Name =~ / /) 
(151)     if (&User-Name =~ / /)  -> FALSE
(151)     if (&User-Name =~ /@.*@/ ) 
(151)     if (&User-Name =~ /@.*@/ )  -> FALSE
(151)     if (&User-Name =~ /\\.\\./ ) 
(151)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(151)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(151)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(151)     if (&User-Name =~ /\\.$/)  
(151)     if (&User-Name =~ /\\.$/)   -> FALSE
(151)     if (&User-Name =~ /@\\./)  
(151)     if (&User-Name =~ /@\\./)   -> FALSE
(151)   } # filter_username filter_username = notfound
(151)   [preprocess] = ok
(151)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(151)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(151)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(151)  auth_log : EXPAND %t
(151)  auth_log :    --> Wed Feb 14 20:05:14 2018
(151)   [auth_log] = ok
(151)   [chap] = noop
(151)   [mschap] = noop
(151)   [digest] = noop
(151)   [wimax] = noop
(151)  suffix : Checking for suffix after "@"
(151)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(151)  suffix : No such realm "siemens.com"
(151)   [suffix] = noop
(151)  eap : Peer sent code Response (2) ID 197 length 6
(151)  eap : Continuing tunnel setup
(151)   [eap] = ok
(151)  } #  authorize = ok
(151) Found Auth-Type = EAP
(151) # Executing group from file /etc/raddb/sites-enabled/default
(151)   authenticate {
(151)  eap : Expiring EAP session with state 0x34b58d2c37779811
(151)  eap : Finished EAP session with state 0x1102ed6410c7f8cd
(151)  eap : Previous EAP request found for state 0x1102ed6410c7f8cd, released from the list
(151)  eap : Peer sent method TTLS (21)
(151)  eap : EAP TTLS (21)
(151)  eap : Calling eap_ttls to process EAP data
(151)  eap_ttls : Authenticate
(151)  eap_ttls : processing EAP-TLS
(151)  eap_ttls : Received TLS ACK
(151)  eap_ttls : Received TLS ACK
(151)  eap_ttls : ACK handshake fragment handler
(151)  eap_ttls : eaptls_verify returned 1 
(151)  eap_ttls : eaptls_process returned 13 
(151)  eap : New EAP session, adding 'State' attribute to reply 0x1102ed6413c4f8cd
(151)   [eap] = handled
(151)  } #  authenticate = handled
(151) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=160, length=0
(151) 	EAP-Message = 0x01c6032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(151) 	Message-Authenticator = 0x00000000000000000000000000000000
(151) 	State = 0x1102ed6413c4f8cdc43bf4bd72a8bf9a
Sending Access-Challenge Id 160 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c6032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x1102ed6413c4f8cdc43bf4bd72a8bf9a
(151) Finished request
Received Access-Request Id 1 from 192.168.99.122:49321 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(152) Received Access-Request packet from host 192.168.99.122 port 49321, id=1, length=49
(152) 	NAS-Identifier = 'BS'
(152) 	User-Name = 'dummy'
(152) 	User-Password = '*PASSWORD*'
(152) # Executing section authorize from file /etc/raddb/sites-enabled/default
(152)   authorize {
(152)   filter_username filter_username {
(152)     if (!&User-Name) 
(152)     if (!&User-Name)  -> FALSE
(152)     if (&User-Name =~ / /) 
(152)     if (&User-Name =~ / /)  -> FALSE
(152)     if (&User-Name =~ /@.*@/ ) 
(152)     if (&User-Name =~ /@.*@/ )  -> FALSE
(152)     if (&User-Name =~ /\\.\\./ ) 
(152)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(152)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(152)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(152)     if (&User-Name =~ /\\.$/)  
(152)     if (&User-Name =~ /\\.$/)   -> FALSE
(152)     if (&User-Name =~ /@\\./)  
(152)     if (&User-Name =~ /@\\./)   -> FALSE
(152)   } # filter_username filter_username = notfound
(152)   [preprocess] = ok
(152)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(152)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(152)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(152)  auth_log : EXPAND %t
(152)  auth_log :    --> Wed Feb 14 20:05:14 2018
(152)   [auth_log] = ok
(152)   [chap] = noop
(152)   [mschap] = noop
(152)   [digest] = noop
(152)   [wimax] = noop
(152)  suffix : Checking for suffix after "@"
(152)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(152)  suffix : No such realm "NULL"
(152)   [suffix] = noop
(152)  eap : No EAP-Message, not doing EAP
(152)   [eap] = noop
(152)  files : users: Matched entry dummy at line 159
(152)   [files] = ok
(152)   [expiration] = noop
(152)   [logintime] = noop
(152)   [pap] = updated
(152)  } #  authorize = updated
(152) Found Auth-Type = PAP
(152) # Executing group from file /etc/raddb/sites-enabled/default
(152)  Auth-Type PAP {
(152)  pap : Login attempt with password
(152)  pap : User authenticated successfully
(152)   [pap] = ok
(152)  } # Auth-Type PAP = ok
(152) Login OK: [dummy] (from client BS2 port 0)
(152) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(152)   post-auth {
(152)   [exec] = noop
(152)   update reply {
(152) 	Session-Timeout := 1800
(152)   } # update reply = noop
(152)   remove_reply_message_if_eap remove_reply_message_if_eap {
(152)     if (&reply:EAP-Message && &reply:Reply-Message) 
(152)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(152)    else else {
(152)     [noop] = noop
(152)    } # else else = noop
(152)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(152)  } #  post-auth = noop
(152) Sending Access-Accept packet to host 192.168.99.122 port 49321, id=1, length=0
(152) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.122:49321
	Session-Timeout := 1800
(152) Finished request
Waking up in 0.1 seconds.
(136) Cleaning up request packet ID 121 with timestamp +113
(137) Cleaning up request packet ID 122 with timestamp +113
(138) Cleaning up request packet ID 123 with timestamp +113
Waking up in 0.3 seconds.
Received Access-Request Id 149 from 192.168.99.123:49286 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0x6ac9dd3839558aa5acfd3cc0a48f208c
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x029400d01580000000c6160301008610000082008070ed76ca9c69de67ed414ede4b34437db11be654e457c47b95f93de04054d70ac7f88248baa55b1537a515a5648721e3a330f5e72531315dfe21c4629d09e3c0bda0b190ab37bf93491df0d7b9e1f9e22059569b06b34137a24e1bfee53e331fc16d5fe8763eef6ef1c11d022c8cb49b380be25c7b28f6d3a74d45967f6d97d21403010001011603010030838234c1d0e44eeb042c066c75617e1895980be4c711e3454b947001071d7a0bd675f836243fa8a73f12c96ef6f15114
	State = 0xfaeb330df87f26fb5cb9abcbf9345b4f
(153) Received Access-Request packet from host 192.168.99.123 port 49286, id=149, length=288
(153) 	Message-Authenticator = 0x6ac9dd3839558aa5acfd3cc0a48f208c
(153) 	NAS-Identifier = 'BS'
(153) 	User-Name = 'CPE8@siemens.com'
(153) 	EAP-Message = 0x029400d01580000000c6160301008610000082008070ed76ca9c69de67ed414ede4b34437db11be654e457c47b95f93de04054d70ac7f88248baa55b1537a515a5648721e3a330f5e72531315dfe21c4629d09e3c0bda0b190ab37bf93491df0d7b9e1f9e22059569b06b34137a24e1bfee53e331fc16d5fe8763eef6ef1c11d022c8cb49b380be25c7b28f6d3a74d45967f6d97d21403010001011603010030838234c1d0e44eeb042c066c75617e1895980be4c711e3454b947001071d7a0bd675f836243fa8a73f12c96ef6f15114
(153) 	State = 0xfaeb330df87f26fb5cb9abcbf9345b4f
(153) # Executing section authorize from file /etc/raddb/sites-enabled/default
(153)   authorize {
(153)   filter_username filter_username {
(153)     if (!&User-Name) 
(153)     if (!&User-Name)  -> FALSE
(153)     if (&User-Name =~ / /) 
(153)     if (&User-Name =~ / /)  -> FALSE
(153)     if (&User-Name =~ /@.*@/ ) 
(153)     if (&User-Name =~ /@.*@/ )  -> FALSE
(153)     if (&User-Name =~ /\\.\\./ ) 
(153)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(153)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(153)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(153)     if (&User-Name =~ /\\.$/)  
(153)     if (&User-Name =~ /\\.$/)   -> FALSE
(153)     if (&User-Name =~ /@\\./)  
(153)     if (&User-Name =~ /@\\./)   -> FALSE
(153)   } # filter_username filter_username = notfound
(153)   [preprocess] = ok
(153)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(153)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(153)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(153)  auth_log : EXPAND %t
(153)  auth_log :    --> Wed Feb 14 20:05:15 2018
(153)   [auth_log] = ok
(153)   [chap] = noop
(153)   [mschap] = noop
(153)   [digest] = noop
(153)   [wimax] = noop
(153)  suffix : Checking for suffix after "@"
(153)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(153)  suffix : No such realm "siemens.com"
(153)   [suffix] = noop
(153)  eap : Peer sent code Response (2) ID 148 length 208
(153)  eap : Continuing tunnel setup
(153)   [eap] = ok
(153)  } #  authorize = ok
(153) Found Auth-Type = EAP
(153) # Executing group from file /etc/raddb/sites-enabled/default
(153)   authenticate {
(153)  eap : Expiring EAP session with state 0x34b58d2c37779811
(153)  eap : Finished EAP session with state 0xfaeb330df87f26fb
(153)  eap : Previous EAP request found for state 0xfaeb330df87f26fb, released from the list
(153)  eap : Peer sent method TTLS (21)
(153)  eap : EAP TTLS (21)
(153)  eap : Calling eap_ttls to process EAP data
(153)  eap_ttls : Authenticate
(153)  eap_ttls : processing EAP-TLS
  TLS Length 198
(153)  eap_ttls : Length Included
(153)  eap_ttls : eaptls_verify returned 11 
(153)  eap_ttls : <<< Unknown TLS version [length 0005] 
(153)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(153)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(153)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(153)  eap_ttls : <<< Unknown TLS version [length 0005] 
(153)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(153)  eap_ttls : <<< Unknown TLS version [length 0005] 
(153)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(153)  eap_ttls : TLS_accept: SSLv3 read finished A
(153)  eap_ttls : >>> Unknown TLS version [length 0005] 
(153)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(153)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(153)  eap_ttls : >>> Unknown TLS version [length 0005] 
(153)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(153)  eap_ttls : TLS_accept: SSLv3 write finished A
(153)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 355fe358fa9eb4757001c5b4bc3f8b35360d172cae7edb10a0a60f2cc775d46c to cache
(153)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(153)  eap_ttls : eaptls_process returned 13 
(153)  eap : New EAP session, adding 'State' attribute to reply 0xfaeb330df97e26fb
(153)   [eap] = handled
(153)  } #  authenticate = handled
(153) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=149, length=0
(153) 	EAP-Message = 0x0195004515800000003b14030100010116030100307bd07f96f3526fe2826f1e0dc550f3723677cfbdc8df381283bdb850f56ab32740e6d6f125b2469b3106a834060063be
(153) 	Message-Authenticator = 0x00000000000000000000000000000000
(153) 	State = 0xfaeb330df97e26fb5cb9abcbf9345b4f
Sending Access-Challenge Id 149 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x0195004515800000003b14030100010116030100307bd07f96f3526fe2826f1e0dc550f3723677cfbdc8df381283bdb850f56ab32740e6d6f125b2469b3106a834060063be
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xfaeb330df97e26fb5cb9abcbf9345b4f
(153) Finished request
Waking up in 0.2 seconds.
(139) Cleaning up request packet ID 1 with timestamp +114
Waking up in 0.1 seconds.
Waking up in 2.1 seconds.
Received Access-Request Id 125 from 192.168.99.122:49321 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0xff7ebba7677159fe4b29883d0e9cd30e
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02b500150143504537407369656d656e732e636f6d
(154) Received Access-Request packet from host 192.168.99.122 port 49321, id=125, length=83
(154) 	Message-Authenticator = 0xff7ebba7677159fe4b29883d0e9cd30e
(154) 	NAS-Identifier = 'BS'
(154) 	User-Name = 'CPE7@siemens.com'
(154) 	EAP-Message = 0x02b500150143504537407369656d656e732e636f6d
(154) # Executing section authorize from file /etc/raddb/sites-enabled/default
(154)   authorize {
(154)   filter_username filter_username {
(154)     if (!&User-Name) 
(154)     if (!&User-Name)  -> FALSE
(154)     if (&User-Name =~ / /) 
(154)     if (&User-Name =~ / /)  -> FALSE
(154)     if (&User-Name =~ /@.*@/ ) 
(154)     if (&User-Name =~ /@.*@/ )  -> FALSE
(154)     if (&User-Name =~ /\\.\\./ ) 
(154)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(154)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(154)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(154)     if (&User-Name =~ /\\.$/)  
(154)     if (&User-Name =~ /\\.$/)   -> FALSE
(154)     if (&User-Name =~ /@\\./)  
(154)     if (&User-Name =~ /@\\./)   -> FALSE
(154)   } # filter_username filter_username = notfound
(154)   [preprocess] = ok
(154)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(154)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(154)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(154)  auth_log : EXPAND %t
(154)  auth_log :    --> Wed Feb 14 20:05:15 2018
(154)   [auth_log] = ok
(154)   [chap] = noop
(154)   [mschap] = noop
(154)   [digest] = noop
(154)   [wimax] = noop
(154)  suffix : Checking for suffix after "@"
(154)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(154)  suffix : No such realm "siemens.com"
(154)   [suffix] = noop
(154)  eap : Peer sent code Response (2) ID 181 length 21
(154)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(154)   [eap] = ok
(154)  } #  authorize = ok
(154) Found Auth-Type = EAP
(154) # Executing group from file /etc/raddb/sites-enabled/default
(154)   authenticate {
(154)  eap : Peer sent method Identity (1)
(154)  eap : Calling eap_ttls to process EAP data
(154)  eap_ttls : Initiate
(154)  eap_ttls : Start returned 1
(154)  eap : New EAP session, adding 'State' attribute to reply 0xaf9f0a90af291f9b
(154)   [eap] = handled
(154)  } #  authenticate = handled
(154) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=125, length=0
(154) 	EAP-Message = 0x01b600061520
(154) 	Message-Authenticator = 0x00000000000000000000000000000000
(154) 	State = 0xaf9f0a90af291f9bb1ffebec4ae18a94
Sending Access-Challenge Id 125 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b600061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xaf9f0a90af291f9bb1ffebec4ae18a94
(154) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 126 from 192.168.99.122:49321 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0xba058fcb95b34f027d93d2492a637ad5
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02b6006a158000000060160301005b01000057030154ac6fce56383f6963e8b813de80ad5d3619f2025f2da0f5dce396120e56290c00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0xaf9f0a90af291f9bb1ffebec4ae18a94
(155) Received Access-Request packet from host 192.168.99.122 port 49321, id=126, length=186
(155) 	Message-Authenticator = 0xba058fcb95b34f027d93d2492a637ad5
(155) 	NAS-Identifier = 'BS'
(155) 	User-Name = 'CPE7@siemens.com'
(155) 	EAP-Message = 0x02b6006a158000000060160301005b01000057030154ac6fce56383f6963e8b813de80ad5d3619f2025f2da0f5dce396120e56290c00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(155) 	State = 0xaf9f0a90af291f9bb1ffebec4ae18a94
(155) # Executing section authorize from file /etc/raddb/sites-enabled/default
(155)   authorize {
(155)   filter_username filter_username {
(155)     if (!&User-Name) 
(155)     if (!&User-Name)  -> FALSE
(155)     if (&User-Name =~ / /) 
(155)     if (&User-Name =~ / /)  -> FALSE
(155)     if (&User-Name =~ /@.*@/ ) 
(155)     if (&User-Name =~ /@.*@/ )  -> FALSE
(155)     if (&User-Name =~ /\\.\\./ ) 
(155)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(155)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(155)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(155)     if (&User-Name =~ /\\.$/)  
(155)     if (&User-Name =~ /\\.$/)   -> FALSE
(155)     if (&User-Name =~ /@\\./)  
(155)     if (&User-Name =~ /@\\./)   -> FALSE
(155)   } # filter_username filter_username = notfound
(155)   [preprocess] = ok
(155)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(155)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(155)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(155)  auth_log : EXPAND %t
(155)  auth_log :    --> Wed Feb 14 20:05:15 2018
(155)   [auth_log] = ok
(155)   [chap] = noop
(155)   [mschap] = noop
(155)   [digest] = noop
(155)   [wimax] = noop
(155)  suffix : Checking for suffix after "@"
(155)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(155)  suffix : No such realm "siemens.com"
(155)   [suffix] = noop
(155)  eap : Peer sent code Response (2) ID 182 length 106
(155)  eap : Continuing tunnel setup
(155)   [eap] = ok
(155)  } #  authorize = ok
(155) Found Auth-Type = EAP
(155) # Executing group from file /etc/raddb/sites-enabled/default
(155)   authenticate {
(155)  eap : Expiring EAP session with state 0x34b58d2c37779811
(155)  eap : Finished EAP session with state 0xaf9f0a90af291f9b
(155)  eap : Previous EAP request found for state 0xaf9f0a90af291f9b, released from the list
(155)  eap : Peer sent method TTLS (21)
(155)  eap : EAP TTLS (21)
(155)  eap : Calling eap_ttls to process EAP data
(155)  eap_ttls : Authenticate
(155)  eap_ttls : processing EAP-TLS
  TLS Length 96
(155)  eap_ttls : Length Included
(155)  eap_ttls : eaptls_verify returned 11 
(155)  eap_ttls : (other): before/accept initialization
(155)  eap_ttls : TLS_accept: before/accept initialization
(155)  eap_ttls : <<< Unknown TLS version [length 0005] 
(155)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(155)  eap_ttls : TLS_accept: SSLv3 read client hello A
(155)  eap_ttls : >>> Unknown TLS version [length 0005] 
(155)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(155)  eap_ttls : TLS_accept: SSLv3 write server hello A
(155)  eap_ttls : >>> Unknown TLS version [length 0005] 
(155)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(155)  eap_ttls : TLS_accept: SSLv3 write certificate A
(155)  eap_ttls : >>> Unknown TLS version [length 0005] 
(155)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(155)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(155)  eap_ttls : >>> Unknown TLS version [length 0005] 
(155)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(155)  eap_ttls : TLS_accept: SSLv3 write server done A
(155)  eap_ttls : TLS_accept: SSLv3 flush data
(155)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(155)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(155)  eap_ttls : eaptls_process returned 13 
(155)  eap : New EAP session, adding 'State' attribute to reply 0xaf9f0a90ae281f9b
(155)   [eap] = handled
(155)  } #  authenticate = handled
(155) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=126, length=0
(155) 	EAP-Message = 0x01b703ec15c000000702160301004a020000460301140c8ad2d61bcfb15d258abafe2780fbce12d337a93fcc763a8008ddc19d646d200aa1e9989e6760cc1a04ca2f24949c06755f465d0656b51b1523221fe52c4ffb00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(155) 	Message-Authenticator = 0x00000000000000000000000000000000
(155) 	State = 0xaf9f0a90ae281f9bb1ffebec4ae18a94
Sending Access-Challenge Id 126 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b703ec15c000000702160301004a020000460301140c8ad2d61bcfb15d258abafe2780fbce12d337a93fcc763a8008ddc19d646d200aa1e9989e6760cc1a04ca2f24949c06755f465d0656b51b1523221fe52c4ffb00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xaf9f0a90ae281f9bb1ffebec4ae18a94
(155) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 127 from 192.168.99.122:49321 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0x765ac0734b3e135689326807087e56d5
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02b700061500
	State = 0xaf9f0a90ae281f9bb1ffebec4ae18a94
(156) Received Access-Request packet from host 192.168.99.122 port 49321, id=127, length=86
(156) 	Message-Authenticator = 0x765ac0734b3e135689326807087e56d5
(156) 	NAS-Identifier = 'BS'
(156) 	User-Name = 'CPE7@siemens.com'
(156) 	EAP-Message = 0x02b700061500
(156) 	State = 0xaf9f0a90ae281f9bb1ffebec4ae18a94
(156) # Executing section authorize from file /etc/raddb/sites-enabled/default
(156)   authorize {
(156)   filter_username filter_username {
(156)     if (!&User-Name) 
(156)     if (!&User-Name)  -> FALSE
(156)     if (&User-Name =~ / /) 
(156)     if (&User-Name =~ / /)  -> FALSE
(156)     if (&User-Name =~ /@.*@/ ) 
(156)     if (&User-Name =~ /@.*@/ )  -> FALSE
(156)     if (&User-Name =~ /\\.\\./ ) 
(156)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(156)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(156)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(156)     if (&User-Name =~ /\\.$/)  
(156)     if (&User-Name =~ /\\.$/)   -> FALSE
(156)     if (&User-Name =~ /@\\./)  
(156)     if (&User-Name =~ /@\\./)   -> FALSE
(156)   } # filter_username filter_username = notfound
(156)   [preprocess] = ok
(156)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(156)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(156)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(156)  auth_log : EXPAND %t
(156)  auth_log :    --> Wed Feb 14 20:05:15 2018
(156)   [auth_log] = ok
(156)   [chap] = noop
(156)   [mschap] = noop
(156)   [digest] = noop
(156)   [wimax] = noop
(156)  suffix : Checking for suffix after "@"
(156)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(156)  suffix : No such realm "siemens.com"
(156)   [suffix] = noop
(156)  eap : Peer sent code Response (2) ID 183 length 6
(156)  eap : Continuing tunnel setup
(156)   [eap] = ok
(156)  } #  authorize = ok
(156) Found Auth-Type = EAP
(156) # Executing group from file /etc/raddb/sites-enabled/default
(156)   authenticate {
(156)  eap : Expiring EAP session with state 0x34b58d2c37779811
(156)  eap : Finished EAP session with state 0xaf9f0a90ae281f9b
(156)  eap : Previous EAP request found for state 0xaf9f0a90ae281f9b, released from the list
(156)  eap : Peer sent method TTLS (21)
(156)  eap : EAP TTLS (21)
(156)  eap : Calling eap_ttls to process EAP data
(156)  eap_ttls : Authenticate
(156)  eap_ttls : processing EAP-TLS
(156)  eap_ttls : Received TLS ACK
(156)  eap_ttls : Received TLS ACK
(156)  eap_ttls : ACK handshake fragment handler
(156)  eap_ttls : eaptls_verify returned 1 
(156)  eap_ttls : eaptls_process returned 13 
(156)  eap : New EAP session, adding 'State' attribute to reply 0xaf9f0a90ad271f9b
(156)   [eap] = handled
(156)  } #  authenticate = handled
(156) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=127, length=0
(156) 	EAP-Message = 0x01b8032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(156) 	Message-Authenticator = 0x00000000000000000000000000000000
(156) 	State = 0xaf9f0a90ad271f9bb1ffebec4ae18a94
Sending Access-Challenge Id 127 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b8032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xaf9f0a90ad271f9bb1ffebec4ae18a94
(156) Finished request
Waking up in 0.1 seconds.
Waking up in 1.4 seconds.
Received Access-Request Id 150 from 192.168.99.123:49286 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0x3225079cfadd88ad040cd037c7658015
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x029500d01580000000c6160301008610000082008001f2dadde0451f4471f04b44ef2d206528f17282d9c76dcafb3fc6380aed892ede1b89a05f80b5fdca256e49c2be2ca0b75adf8a36b461e066ac41079cf8982260cb73e10c551e6da998b59469e5a9a52ae836b3c8911f6a4da975e52d83c5dd2c073835bf131255f1911d7d6a036053f19d3d80b46937331415d471f58500e314030100010116030100309a6b4984a2aca591ebf0096361ed66e1fc0e49e9f4bacda387093a9f54464e0f94e17c79ccd42d3f8405de2968b65a73
	State = 0x094421ea0bd134607dad19382981c336
(157) Received Access-Request packet from host 192.168.99.123 port 49286, id=150, length=288
(157) 	Message-Authenticator = 0x3225079cfadd88ad040cd037c7658015
(157) 	NAS-Identifier = 'BS'
(157) 	User-Name = 'CPE9@siemens.com'
(157) 	EAP-Message = 0x029500d01580000000c6160301008610000082008001f2dadde0451f4471f04b44ef2d206528f17282d9c76dcafb3fc6380aed892ede1b89a05f80b5fdca256e49c2be2ca0b75adf8a36b461e066ac41079cf8982260cb73e10c551e6da998b59469e5a9a52ae836b3c8911f6a4da975e52d83c5dd2c073835bf131255f1911d7d6a036053f19d3d80b46937331415d471f58500e314030100010116030100309a6b4984a2aca591ebf0096361ed66e1fc0e49e9f4bacda387093a9f54464e0f94e17c79ccd42d3f8405de2968b65a73
(157) 	State = 0x094421ea0bd134607dad19382981c336
(157) # Executing section authorize from file /etc/raddb/sites-enabled/default
(157)   authorize {
(157)   filter_username filter_username {
(157)     if (!&User-Name) 
(157)     if (!&User-Name)  -> FALSE
(157)     if (&User-Name =~ / /) 
(157)     if (&User-Name =~ / /)  -> FALSE
(157)     if (&User-Name =~ /@.*@/ ) 
(157)     if (&User-Name =~ /@.*@/ )  -> FALSE
(157)     if (&User-Name =~ /\\.\\./ ) 
(157)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(157)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(157)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(157)     if (&User-Name =~ /\\.$/)  
(157)     if (&User-Name =~ /\\.$/)   -> FALSE
(157)     if (&User-Name =~ /@\\./)  
(157)     if (&User-Name =~ /@\\./)   -> FALSE
(157)   } # filter_username filter_username = notfound
(157)   [preprocess] = ok
(157)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(157)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(157)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(157)  auth_log : EXPAND %t
(157)  auth_log :    --> Wed Feb 14 20:05:16 2018
(157)   [auth_log] = ok
(157)   [chap] = noop
(157)   [mschap] = noop
(157)   [digest] = noop
(157)   [wimax] = noop
(157)  suffix : Checking for suffix after "@"
(157)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(157)  suffix : No such realm "siemens.com"
(157)   [suffix] = noop
(157)  eap : Peer sent code Response (2) ID 149 length 208
(157)  eap : Continuing tunnel setup
(157)   [eap] = ok
(157)  } #  authorize = ok
(157) Found Auth-Type = EAP
(157) # Executing group from file /etc/raddb/sites-enabled/default
(157)   authenticate {
(157)  eap : Expiring EAP session with state 0x34b58d2c37779811
(157)  eap : Finished EAP session with state 0x094421ea0bd13460
(157)  eap : Previous EAP request found for state 0x094421ea0bd13460, released from the list
(157)  eap : Peer sent method TTLS (21)
(157)  eap : EAP TTLS (21)
(157)  eap : Calling eap_ttls to process EAP data
(157)  eap_ttls : Authenticate
(157)  eap_ttls : processing EAP-TLS
  TLS Length 198
(157)  eap_ttls : Length Included
(157)  eap_ttls : eaptls_verify returned 11 
(157)  eap_ttls : <<< Unknown TLS version [length 0005] 
(157)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(157)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(157)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(157)  eap_ttls : <<< Unknown TLS version [length 0005] 
(157)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(157)  eap_ttls : <<< Unknown TLS version [length 0005] 
(157)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(157)  eap_ttls : TLS_accept: SSLv3 read finished A
(157)  eap_ttls : >>> Unknown TLS version [length 0005] 
(157)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(157)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(157)  eap_ttls : >>> Unknown TLS version [length 0005] 
(157)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(157)  eap_ttls : TLS_accept: SSLv3 write finished A
(157)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 3c12060f0f1135e8f55f67fba2b7f7aab0236b9694b65dbb120a079a3a1c89a0 to cache
(157)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(157)  eap_ttls : eaptls_process returned 13 
(157)  eap : New EAP session, adding 'State' attribute to reply 0x094421ea0ad23460
(157)   [eap] = handled
(157)  } #  authenticate = handled
(157) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=150, length=0
(157) 	EAP-Message = 0x0196004515800000003b1403010001011603010030227e04fa2bae0bf010fcda0b5e96bb39964294cb205fd4432c0b007c501e985e831ef60063557ebebd27cdb5b46218f3
(157) 	Message-Authenticator = 0x00000000000000000000000000000000
(157) 	State = 0x094421ea0ad234607dad19382981c336
Sending Access-Challenge Id 150 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x0196004515800000003b1403010001011603010030227e04fa2bae0bf010fcda0b5e96bb39964294cb205fd4432c0b007c501e985e831ef60063557ebebd27cdb5b46218f3
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x094421ea0ad234607dad19382981c336
(157) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 161 from 192.168.99.121:49210 to 192.168.99.101:1812 length 289
	Message-Authenticator = 0x4493ce960da8977b1bbaaa2f5961457a
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c600d01580000000c61603010086100000820080388a213ad2a5a4948f84f63d4c61c245e6da3c95b67b434a45b9262ea3261caf31ac45cf3f959acb161efe002f971508a21bada89ad3352558eac7c92e91acfbcd1c9c8782a239632dd7d722e9b00fe0db7cd23aead37d89c0ba94dc0d3451073061ec9006b113808e4130c16f7bc2e97891c9170ebde1a709f01af092455eb61403010001011603010030ba0a53c3b6cb0b56ffca2e7caefe09406bef1a951499391abf76340ad4b7244e36b770a6c58e560b31cb630616c4eee3
	State = 0x1102ed6413c4f8cdc43bf4bd72a8bf9a
(158) Received Access-Request packet from host 192.168.99.121 port 49210, id=161, length=289
(158) 	Message-Authenticator = 0x4493ce960da8977b1bbaaa2f5961457a
(158) 	NAS-Identifier = 'BS'
(158) 	User-Name = 'CPE11@siemens.com'
(158) 	EAP-Message = 0x02c600d01580000000c61603010086100000820080388a213ad2a5a4948f84f63d4c61c245e6da3c95b67b434a45b9262ea3261caf31ac45cf3f959acb161efe002f971508a21bada89ad3352558eac7c92e91acfbcd1c9c8782a239632dd7d722e9b00fe0db7cd23aead37d89c0ba94dc0d3451073061ec9006b113808e4130c16f7bc2e97891c9170ebde1a709f01af092455eb61403010001011603010030ba0a53c3b6cb0b56ffca2e7caefe09406bef1a951499391abf76340ad4b7244e36b770a6c58e560b31cb630616c4eee3
(158) 	State = 0x1102ed6413c4f8cdc43bf4bd72a8bf9a
(158) # Executing section authorize from file /etc/raddb/sites-enabled/default
(158)   authorize {
(158)   filter_username filter_username {
(158)     if (!&User-Name) 
(158)     if (!&User-Name)  -> FALSE
(158)     if (&User-Name =~ / /) 
(158)     if (&User-Name =~ / /)  -> FALSE
(158)     if (&User-Name =~ /@.*@/ ) 
(158)     if (&User-Name =~ /@.*@/ )  -> FALSE
(158)     if (&User-Name =~ /\\.\\./ ) 
(158)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(158)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(158)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(158)     if (&User-Name =~ /\\.$/)  
(158)     if (&User-Name =~ /\\.$/)   -> FALSE
(158)     if (&User-Name =~ /@\\./)  
(158)     if (&User-Name =~ /@\\./)   -> FALSE
(158)   } # filter_username filter_username = notfound
(158)   [preprocess] = ok
(158)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(158)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(158)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(158)  auth_log : EXPAND %t
(158)  auth_log :    --> Wed Feb 14 20:05:16 2018
(158)   [auth_log] = ok
(158)   [chap] = noop
(158)   [mschap] = noop
(158)   [digest] = noop
(158)   [wimax] = noop
(158)  suffix : Checking for suffix after "@"
(158)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(158)  suffix : No such realm "siemens.com"
(158)   [suffix] = noop
(158)  eap : Peer sent code Response (2) ID 198 length 208
(158)  eap : Continuing tunnel setup
(158)   [eap] = ok
(158)  } #  authorize = ok
(158) Found Auth-Type = EAP
(158) # Executing group from file /etc/raddb/sites-enabled/default
(158)   authenticate {
(158)  eap : Expiring EAP session with state 0x34b58d2c37779811
(158)  eap : Finished EAP session with state 0x1102ed6413c4f8cd
(158)  eap : Previous EAP request found for state 0x1102ed6413c4f8cd, released from the list
(158)  eap : Peer sent method TTLS (21)
(158)  eap : EAP TTLS (21)
(158)  eap : Calling eap_ttls to process EAP data
(158)  eap_ttls : Authenticate
(158)  eap_ttls : processing EAP-TLS
  TLS Length 198
(158)  eap_ttls : Length Included
(158)  eap_ttls : eaptls_verify returned 11 
(158)  eap_ttls : <<< Unknown TLS version [length 0005] 
(158)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(158)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(158)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(158)  eap_ttls : <<< Unknown TLS version [length 0005] 
(158)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(158)  eap_ttls : <<< Unknown TLS version [length 0005] 
(158)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(158)  eap_ttls : TLS_accept: SSLv3 read finished A
(158)  eap_ttls : >>> Unknown TLS version [length 0005] 
(158)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(158)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(158)  eap_ttls : >>> Unknown TLS version [length 0005] 
(158)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(158)  eap_ttls : TLS_accept: SSLv3 write finished A
(158)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 05bbd01135936febe1365b00234ded10c10c9367b94a91cf487f8520c2d6bf1c to cache
(158)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(158)  eap_ttls : eaptls_process returned 13 
(158)  eap : New EAP session, adding 'State' attribute to reply 0x1102ed6412c5f8cd
(158)   [eap] = handled
(158)  } #  authenticate = handled
(158) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=161, length=0
(158) 	EAP-Message = 0x01c7004515800000003b1403010001011603010030a2949af9412f534b6ac60fccc4a9431374083c1cdaa1d7f666ea662ee3f04d9e24969b7b1fdbf7f4fd0001bc7717732f
(158) 	Message-Authenticator = 0x00000000000000000000000000000000
(158) 	State = 0x1102ed6412c5f8cdc43bf4bd72a8bf9a
Sending Access-Challenge Id 161 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c7004515800000003b1403010001011603010030a2949af9412f534b6ac60fccc4a9431374083c1cdaa1d7f666ea662ee3f04d9e24969b7b1fdbf7f4fd0001bc7717732f
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x1102ed6412c5f8cdc43bf4bd72a8bf9a
(158) Finished request
Waking up in 0.2 seconds.
Waking up in 0.1 seconds.
Waking up in 0.4 seconds.
(140) Cleaning up request packet ID 143 with timestamp +116
(141) Cleaning up request packet ID 124 with timestamp +116
(142) Cleaning up request packet ID 144 with timestamp +116
(143) Cleaning up request packet ID 145 with timestamp +116
Waking up in 1.3 seconds.
Received Access-Request Id 128 from 192.168.99.122:49321 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0x37ff8d195beac9db4322ebdbe2af471f
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02b800d01580000000c616030100861000008200805ce516c4a50e7374fe7b2bf759c5c94ca87dafeb1b1d3e6836439be555f26fca4d25e425ff56d3aff5e0d9c57d301a2d90eef8437ac09375ce32b03730fe93eabc5038c5a6a92b4bc0489093755e4a9972fa460091c1bcce05f55e22441eb1645d99d91e8268c9cbeba02413de5a7e1d0d97ded3df18ea008f0e6219ca69386a140301000101160301003021ee520dbabc42b7013ee3462a24e8b37afd78b31b24022929d21c5f4ecba43523c77d8cc009f00110baa7ba7afacaa8
	State = 0xaf9f0a90ad271f9bb1ffebec4ae18a94
(159) Received Access-Request packet from host 192.168.99.122 port 49321, id=128, length=288
(159) 	Message-Authenticator = 0x37ff8d195beac9db4322ebdbe2af471f
(159) 	NAS-Identifier = 'BS'
(159) 	User-Name = 'CPE7@siemens.com'
(159) 	EAP-Message = 0x02b800d01580000000c616030100861000008200805ce516c4a50e7374fe7b2bf759c5c94ca87dafeb1b1d3e6836439be555f26fca4d25e425ff56d3aff5e0d9c57d301a2d90eef8437ac09375ce32b03730fe93eabc5038c5a6a92b4bc0489093755e4a9972fa460091c1bcce05f55e22441eb1645d99d91e8268c9cbeba02413de5a7e1d0d97ded3df18ea008f0e6219ca69386a140301000101160301003021ee520dbabc42b7013ee3462a24e8b37afd78b31b24022929d21c5f4ecba43523c77d8cc009f00110baa7ba7afacaa8
(159) 	State = 0xaf9f0a90ad271f9bb1ffebec4ae18a94
(159) # Executing section authorize from file /etc/raddb/sites-enabled/default
(159)   authorize {
(159)   filter_username filter_username {
(159)     if (!&User-Name) 
(159)     if (!&User-Name)  -> FALSE
(159)     if (&User-Name =~ / /) 
(159)     if (&User-Name =~ / /)  -> FALSE
(159)     if (&User-Name =~ /@.*@/ ) 
(159)     if (&User-Name =~ /@.*@/ )  -> FALSE
(159)     if (&User-Name =~ /\\.\\./ ) 
(159)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(159)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(159)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(159)     if (&User-Name =~ /\\.$/)  
(159)     if (&User-Name =~ /\\.$/)   -> FALSE
(159)     if (&User-Name =~ /@\\./)  
(159)     if (&User-Name =~ /@\\./)   -> FALSE
(159)   } # filter_username filter_username = notfound
(159)   [preprocess] = ok
(159)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(159)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(159)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(159)  auth_log : EXPAND %t
(159)  auth_log :    --> Wed Feb 14 20:05:18 2018
(159)   [auth_log] = ok
(159)   [chap] = noop
(159)   [mschap] = noop
(159)   [digest] = noop
(159)   [wimax] = noop
(159)  suffix : Checking for suffix after "@"
(159)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(159)  suffix : No such realm "siemens.com"
(159)   [suffix] = noop
(159)  eap : Peer sent code Response (2) ID 184 length 208
(159)  eap : Continuing tunnel setup
(159)   [eap] = ok
(159)  } #  authorize = ok
(159) Found Auth-Type = EAP
(159) # Executing group from file /etc/raddb/sites-enabled/default
(159)   authenticate {
(159)  eap : Expiring EAP session with state 0x34b58d2c37779811
(159)  eap : Finished EAP session with state 0xaf9f0a90ad271f9b
(159)  eap : Previous EAP request found for state 0xaf9f0a90ad271f9b, released from the list
(159)  eap : Peer sent method TTLS (21)
(159)  eap : EAP TTLS (21)
(159)  eap : Calling eap_ttls to process EAP data
(159)  eap_ttls : Authenticate
(159)  eap_ttls : processing EAP-TLS
  TLS Length 198
(159)  eap_ttls : Length Included
(159)  eap_ttls : eaptls_verify returned 11 
(159)  eap_ttls : <<< Unknown TLS version [length 0005] 
(159)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(159)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(159)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(159)  eap_ttls : <<< Unknown TLS version [length 0005] 
(159)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(159)  eap_ttls : <<< Unknown TLS version [length 0005] 
(159)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(159)  eap_ttls : TLS_accept: SSLv3 read finished A
(159)  eap_ttls : >>> Unknown TLS version [length 0005] 
(159)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(159)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(159)  eap_ttls : >>> Unknown TLS version [length 0005] 
(159)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(159)  eap_ttls : TLS_accept: SSLv3 write finished A
(159)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 0aa1e9989e6760cc1a04ca2f24949c06755f465d0656b51b1523221fe52c4ffb to cache
(159)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(159)  eap_ttls : eaptls_process returned 13 
(159)  eap : New EAP session, adding 'State' attribute to reply 0xaf9f0a90ac261f9b
(159)   [eap] = handled
(159)  } #  authenticate = handled
(159) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=128, length=0
(159) 	EAP-Message = 0x01b9004515800000003b1403010001011603010030d2510e752f3eb18c2ef9d80b8a8c2844994b65c55be18b22f95f4eacf40c43609519c96571260cdb40ac9f18fb9f3021
(159) 	Message-Authenticator = 0x00000000000000000000000000000000
(159) 	State = 0xaf9f0a90ac261f9bb1ffebec4ae18a94
Sending Access-Challenge Id 128 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b9004515800000003b1403010001011603010030d2510e752f3eb18c2ef9d80b8a8c2844994b65c55be18b22f95f4eacf40c43609519c96571260cdb40ac9f18fb9f3021
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xaf9f0a90ac261f9bb1ffebec4ae18a94
(159) Finished request
Waking up in 0.3 seconds.
Waking up in 0.5 seconds.
(144) Cleaning up request packet ID 146 with timestamp +117
(145) Cleaning up request packet ID 147 with timestamp +118
(146) Cleaning up request packet ID 148 with timestamp +118
(147) Cleaning up request packet ID 1 with timestamp +118
(148) Cleaning up request packet ID 158 with timestamp +118
(149) Cleaning up request packet ID 1 with timestamp +118
(150) Cleaning up request packet ID 159 with timestamp +118
(151) Cleaning up request packet ID 160 with timestamp +118
Waking up in 0.1 seconds.
(152) Cleaning up request packet ID 1 with timestamp +118
Waking up in 0.6 seconds.
Received Access-Request Id 129 from 192.168.99.122:49321 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x7582ef360d58afc12dc591ddd3274ebc
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02b600150143504536407369656d656e732e636f6d
(160) Received Access-Request packet from host 192.168.99.122 port 49321, id=129, length=83
(160) 	Message-Authenticator = 0x7582ef360d58afc12dc591ddd3274ebc
(160) 	NAS-Identifier = 'BS'
(160) 	User-Name = 'CPE6@siemens.com'
(160) 	EAP-Message = 0x02b600150143504536407369656d656e732e636f6d
(160) # Executing section authorize from file /etc/raddb/sites-enabled/default
(160)   authorize {
(160)   filter_username filter_username {
(160)     if (!&User-Name) 
(160)     if (!&User-Name)  -> FALSE
(160)     if (&User-Name =~ / /) 
(160)     if (&User-Name =~ / /)  -> FALSE
(160)     if (&User-Name =~ /@.*@/ ) 
(160)     if (&User-Name =~ /@.*@/ )  -> FALSE
(160)     if (&User-Name =~ /\\.\\./ ) 
(160)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(160)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(160)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(160)     if (&User-Name =~ /\\.$/)  
(160)     if (&User-Name =~ /\\.$/)   -> FALSE
(160)     if (&User-Name =~ /@\\./)  
(160)     if (&User-Name =~ /@\\./)   -> FALSE
(160)   } # filter_username filter_username = notfound
(160)   [preprocess] = ok
(160)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(160)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(160)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(160)  auth_log : EXPAND %t
(160)  auth_log :    --> Wed Feb 14 20:05:19 2018
(160)   [auth_log] = ok
(160)   [chap] = noop
(160)   [mschap] = noop
(160)   [digest] = noop
(160)   [wimax] = noop
(160)  suffix : Checking for suffix after "@"
(160)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(160)  suffix : No such realm "siemens.com"
(160)   [suffix] = noop
(160)  eap : Peer sent code Response (2) ID 182 length 21
(160)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(160)   [eap] = ok
(160)  } #  authorize = ok
(160) Found Auth-Type = EAP
(160) # Executing group from file /etc/raddb/sites-enabled/default
(160)   authenticate {
(160)  eap : Peer sent method Identity (1)
(160)  eap : Calling eap_ttls to process EAP data
(160)  eap_ttls : Initiate
(160)  eap_ttls : Start returned 1
(160)  eap : New EAP session, adding 'State' attribute to reply 0x1b08417f1bbf544e
(160)   [eap] = handled
(160)  } #  authenticate = handled
(160) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=129, length=0
(160) 	EAP-Message = 0x01b700061520
(160) 	Message-Authenticator = 0x00000000000000000000000000000000
(160) 	State = 0x1b08417f1bbf544e990b195b627601c4
Sending Access-Challenge Id 129 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b700061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x1b08417f1bbf544e990b195b627601c4
(160) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 130 from 192.168.99.122:49321 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0xccb538dd89eed829cf4c664821db9de7
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02b7006a158000000060160301005b01000057030154acd555090955a53882e8f2995938a543e27b7fcaf0fe0126ce7f560960eacb00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x1b08417f1bbf544e990b195b627601c4
(161) Received Access-Request packet from host 192.168.99.122 port 49321, id=130, length=186
(161) 	Message-Authenticator = 0xccb538dd89eed829cf4c664821db9de7
(161) 	NAS-Identifier = 'BS'
(161) 	User-Name = 'CPE6@siemens.com'
(161) 	EAP-Message = 0x02b7006a158000000060160301005b01000057030154acd555090955a53882e8f2995938a543e27b7fcaf0fe0126ce7f560960eacb00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(161) 	State = 0x1b08417f1bbf544e990b195b627601c4
(161) # Executing section authorize from file /etc/raddb/sites-enabled/default
(161)   authorize {
(161)   filter_username filter_username {
(161)     if (!&User-Name) 
(161)     if (!&User-Name)  -> FALSE
(161)     if (&User-Name =~ / /) 
(161)     if (&User-Name =~ / /)  -> FALSE
(161)     if (&User-Name =~ /@.*@/ ) 
(161)     if (&User-Name =~ /@.*@/ )  -> FALSE
(161)     if (&User-Name =~ /\\.\\./ ) 
(161)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(161)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(161)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(161)     if (&User-Name =~ /\\.$/)  
(161)     if (&User-Name =~ /\\.$/)   -> FALSE
(161)     if (&User-Name =~ /@\\./)  
(161)     if (&User-Name =~ /@\\./)   -> FALSE
(161)   } # filter_username filter_username = notfound
(161)   [preprocess] = ok
(161)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(161)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(161)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(161)  auth_log : EXPAND %t
(161)  auth_log :    --> Wed Feb 14 20:05:19 2018
(161)   [auth_log] = ok
(161)   [chap] = noop
(161)   [mschap] = noop
(161)   [digest] = noop
(161)   [wimax] = noop
(161)  suffix : Checking for suffix after "@"
(161)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(161)  suffix : No such realm "siemens.com"
(161)   [suffix] = noop
(161)  eap : Peer sent code Response (2) ID 183 length 106
(161)  eap : Continuing tunnel setup
(161)   [eap] = ok
(161)  } #  authorize = ok
(161) Found Auth-Type = EAP
(161) # Executing group from file /etc/raddb/sites-enabled/default
(161)   authenticate {
(161)  eap : Expiring EAP session with state 0x34b58d2c37779811
(161)  eap : Finished EAP session with state 0x1b08417f1bbf544e
(161)  eap : Previous EAP request found for state 0x1b08417f1bbf544e, released from the list
(161)  eap : Peer sent method TTLS (21)
(161)  eap : EAP TTLS (21)
(161)  eap : Calling eap_ttls to process EAP data
(161)  eap_ttls : Authenticate
(161)  eap_ttls : processing EAP-TLS
  TLS Length 96
(161)  eap_ttls : Length Included
(161)  eap_ttls : eaptls_verify returned 11 
(161)  eap_ttls : (other): before/accept initialization
(161)  eap_ttls : TLS_accept: before/accept initialization
(161)  eap_ttls : <<< Unknown TLS version [length 0005] 
(161)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(161)  eap_ttls : TLS_accept: SSLv3 read client hello A
(161)  eap_ttls : >>> Unknown TLS version [length 0005] 
(161)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(161)  eap_ttls : TLS_accept: SSLv3 write server hello A
(161)  eap_ttls : >>> Unknown TLS version [length 0005] 
(161)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(161)  eap_ttls : TLS_accept: SSLv3 write certificate A
(161)  eap_ttls : >>> Unknown TLS version [length 0005] 
(161)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(161)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(161)  eap_ttls : >>> Unknown TLS version [length 0005] 
(161)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(161)  eap_ttls : TLS_accept: SSLv3 write server done A
(161)  eap_ttls : TLS_accept: SSLv3 flush data
(161)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(161)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(161)  eap_ttls : eaptls_process returned 13 
(161)  eap : New EAP session, adding 'State' attribute to reply 0x1b08417f1ab0544e
(161)   [eap] = handled
(161)  } #  authenticate = handled
(161) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=130, length=0
(161) 	EAP-Message = 0x01b803ec15c000000702160301004a02000046030112e65cd38a51b7bef88e962780f9dcdb42da5af4be788c974a32df9d9d21411f2018c0dceaae8cadf7a54a7f60be9b6dae33ce59790dcb78a6b94bc88dbee6a97b00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(161) 	Message-Authenticator = 0x00000000000000000000000000000000
(161) 	State = 0x1b08417f1ab0544e990b195b627601c4
Sending Access-Challenge Id 130 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b803ec15c000000702160301004a02000046030112e65cd38a51b7bef88e962780f9dcdb42da5af4be788c974a32df9d9d21411f2018c0dceaae8cadf7a54a7f60be9b6dae33ce59790dcb78a6b94bc88dbee6a97b00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x1b08417f1ab0544e990b195b627601c4
(161) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 131 from 192.168.99.122:49321 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0x5aa71e45399f553b5fbcddb5f00dacc1
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02b800061500
	State = 0x1b08417f1ab0544e990b195b627601c4
(162) Received Access-Request packet from host 192.168.99.122 port 49321, id=131, length=86
(162) 	Message-Authenticator = 0x5aa71e45399f553b5fbcddb5f00dacc1
(162) 	NAS-Identifier = 'BS'
(162) 	User-Name = 'CPE6@siemens.com'
(162) 	EAP-Message = 0x02b800061500
(162) 	State = 0x1b08417f1ab0544e990b195b627601c4
(162) # Executing section authorize from file /etc/raddb/sites-enabled/default
(162)   authorize {
(162)   filter_username filter_username {
(162)     if (!&User-Name) 
(162)     if (!&User-Name)  -> FALSE
(162)     if (&User-Name =~ / /) 
(162)     if (&User-Name =~ / /)  -> FALSE
(162)     if (&User-Name =~ /@.*@/ ) 
(162)     if (&User-Name =~ /@.*@/ )  -> FALSE
(162)     if (&User-Name =~ /\\.\\./ ) 
(162)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(162)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(162)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(162)     if (&User-Name =~ /\\.$/)  
(162)     if (&User-Name =~ /\\.$/)   -> FALSE
(162)     if (&User-Name =~ /@\\./)  
(162)     if (&User-Name =~ /@\\./)   -> FALSE
(162)   } # filter_username filter_username = notfound
(162)   [preprocess] = ok
(162)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(162)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(162)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(162)  auth_log : EXPAND %t
(162)  auth_log :    --> Wed Feb 14 20:05:19 2018
(162)   [auth_log] = ok
(162)   [chap] = noop
(162)   [mschap] = noop
(162)   [digest] = noop
(162)   [wimax] = noop
(162)  suffix : Checking for suffix after "@"
(162)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(162)  suffix : No such realm "siemens.com"
(162)   [suffix] = noop
(162)  eap : Peer sent code Response (2) ID 184 length 6
(162)  eap : Continuing tunnel setup
(162)   [eap] = ok
(162)  } #  authorize = ok
(162) Found Auth-Type = EAP
(162) # Executing group from file /etc/raddb/sites-enabled/default
(162)   authenticate {
(162)  eap : Expiring EAP session with state 0x34b58d2c37779811
(162)  eap : Finished EAP session with state 0x1b08417f1ab0544e
(162)  eap : Previous EAP request found for state 0x1b08417f1ab0544e, released from the list
(162)  eap : Peer sent method TTLS (21)
(162)  eap : EAP TTLS (21)
(162)  eap : Calling eap_ttls to process EAP data
(162)  eap_ttls : Authenticate
(162)  eap_ttls : processing EAP-TLS
(162)  eap_ttls : Received TLS ACK
(162)  eap_ttls : Received TLS ACK
(162)  eap_ttls : ACK handshake fragment handler
(162)  eap_ttls : eaptls_verify returned 1 
(162)  eap_ttls : eaptls_process returned 13 
(162)  eap : New EAP session, adding 'State' attribute to reply 0x1b08417f19b1544e
(162)   [eap] = handled
(162)  } #  authenticate = handled
(162) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=131, length=0
(162) 	EAP-Message = 0x01b9032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(162) 	Message-Authenticator = 0x00000000000000000000000000000000
(162) 	State = 0x1b08417f19b1544e990b195b627601c4
Sending Access-Challenge Id 131 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b9032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x1b08417f19b1544e990b195b627601c4
(162) Finished request
(153) Cleaning up request packet ID 149 with timestamp +119
Waking up in 0.1 seconds.
Received Access-Request Id 1 from 192.168.99.121:49210 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(163) Received Access-Request packet from host 192.168.99.121 port 49210, id=1, length=49
(163) 	NAS-Identifier = 'BS'
(163) 	User-Name = 'dummy'
(163) 	User-Password = '*PASSWORD*'
(163) # Executing section authorize from file /etc/raddb/sites-enabled/default
(163)   authorize {
(163)   filter_username filter_username {
(163)     if (!&User-Name) 
(163)     if (!&User-Name)  -> FALSE
(163)     if (&User-Name =~ / /) 
(163)     if (&User-Name =~ / /)  -> FALSE
(163)     if (&User-Name =~ /@.*@/ ) 
(163)     if (&User-Name =~ /@.*@/ )  -> FALSE
(163)     if (&User-Name =~ /\\.\\./ ) 
(163)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(163)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(163)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(163)     if (&User-Name =~ /\\.$/)  
(163)     if (&User-Name =~ /\\.$/)   -> FALSE
(163)     if (&User-Name =~ /@\\./)  
(163)     if (&User-Name =~ /@\\./)   -> FALSE
(163)   } # filter_username filter_username = notfound
(163)   [preprocess] = ok
(163)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(163)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(163)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(163)  auth_log : EXPAND %t
(163)  auth_log :    --> Wed Feb 14 20:05:20 2018
(163)   [auth_log] = ok
(163)   [chap] = noop
(163)   [mschap] = noop
(163)   [digest] = noop
(163)   [wimax] = noop
(163)  suffix : Checking for suffix after "@"
(163)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(163)  suffix : No such realm "NULL"
(163)   [suffix] = noop
(163)  eap : No EAP-Message, not doing EAP
(163)   [eap] = noop
(163)  files : users: Matched entry dummy at line 159
(163)   [files] = ok
(163)   [expiration] = noop
(163)   [logintime] = noop
(163)   [pap] = updated
(163)  } #  authorize = updated
(163) Found Auth-Type = PAP
(163) # Executing group from file /etc/raddb/sites-enabled/default
(163)  Auth-Type PAP {
(163)  pap : Login attempt with password
(163)  pap : User authenticated successfully
(163)   [pap] = ok
(163)  } # Auth-Type PAP = ok
(163) Login OK: [dummy] (from client BS1 port 0)
(163) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(163)   post-auth {
(163)   [exec] = noop
(163)   update reply {
(163) 	Session-Timeout := 1800
(163)   } # update reply = noop
(163)   remove_reply_message_if_eap remove_reply_message_if_eap {
(163)     if (&reply:EAP-Message && &reply:Reply-Message) 
(163)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(163)    else else {
(163)     [noop] = noop
(163)    } # else else = noop
(163)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(163)  } #  post-auth = noop
(163) Sending Access-Accept packet to host 192.168.99.121 port 49210, id=1, length=0
(163) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.121:49210
	Session-Timeout := 1800
(163) Finished request
Waking up in 0.2 seconds.
(154) Cleaning up request packet ID 125 with timestamp +119
(155) Cleaning up request packet ID 126 with timestamp +119
(156) Cleaning up request packet ID 127 with timestamp +119
Waking up in 0.8 seconds.
(157) Cleaning up request packet ID 150 with timestamp +120
Waking up in 0.1 seconds.
(158) Cleaning up request packet ID 161 with timestamp +120
Waking up in 1.4 seconds.
Received Access-Request Id 132 from 192.168.99.122:49321 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0xa51e52f84a4f9130aa941982d4690ac3
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02b900d01580000000c616030100861000008200800a46a750b2933eccf65ac7bd898266e896aa91ad55ca32a5edff20f4d6ff3ea2968656997b3e1eadc6f877136c0ecf1f70c01dc9f6741e0124e27e6f72d6212f37d0eafcf862b213c5e1db829329da4fa468f825b51f3d5bb5497d19d5f8dbb2780313520c5840cd9cc500732bf2a572f6c56280e374ae9bb315120d4e3fed8314030100010116030100304bdbd15d2664750442fc609955700115ae4469aca08dbf62509673ffc28648c10773f8ae4067adc1fbfd5b5a226f836c
	State = 0x1b08417f19b1544e990b195b627601c4
(164) Received Access-Request packet from host 192.168.99.122 port 49321, id=132, length=288
(164) 	Message-Authenticator = 0xa51e52f84a4f9130aa941982d4690ac3
(164) 	NAS-Identifier = 'BS'
(164) 	User-Name = 'CPE6@siemens.com'
(164) 	EAP-Message = 0x02b900d01580000000c616030100861000008200800a46a750b2933eccf65ac7bd898266e896aa91ad55ca32a5edff20f4d6ff3ea2968656997b3e1eadc6f877136c0ecf1f70c01dc9f6741e0124e27e6f72d6212f37d0eafcf862b213c5e1db829329da4fa468f825b51f3d5bb5497d19d5f8dbb2780313520c5840cd9cc500732bf2a572f6c56280e374ae9bb315120d4e3fed8314030100010116030100304bdbd15d2664750442fc609955700115ae4469aca08dbf62509673ffc28648c10773f8ae4067adc1fbfd5b5a226f836c
(164) 	State = 0x1b08417f19b1544e990b195b627601c4
(164) # Executing section authorize from file /etc/raddb/sites-enabled/default
(164)   authorize {
(164)   filter_username filter_username {
(164)     if (!&User-Name) 
(164)     if (!&User-Name)  -> FALSE
(164)     if (&User-Name =~ / /) 
(164)     if (&User-Name =~ / /)  -> FALSE
(164)     if (&User-Name =~ /@.*@/ ) 
(164)     if (&User-Name =~ /@.*@/ )  -> FALSE
(164)     if (&User-Name =~ /\\.\\./ ) 
(164)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(164)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(164)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(164)     if (&User-Name =~ /\\.$/)  
(164)     if (&User-Name =~ /\\.$/)   -> FALSE
(164)     if (&User-Name =~ /@\\./)  
(164)     if (&User-Name =~ /@\\./)   -> FALSE
(164)   } # filter_username filter_username = notfound
(164)   [preprocess] = ok
(164)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(164)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(164)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(164)  auth_log : EXPAND %t
(164)  auth_log :    --> Wed Feb 14 20:05:22 2018
(164)   [auth_log] = ok
(164)   [chap] = noop
(164)   [mschap] = noop
(164)   [digest] = noop
(164)   [wimax] = noop
(164)  suffix : Checking for suffix after "@"
(164)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(164)  suffix : No such realm "siemens.com"
(164)   [suffix] = noop
(164)  eap : Peer sent code Response (2) ID 185 length 208
(164)  eap : Continuing tunnel setup
(164)   [eap] = ok
(164)  } #  authorize = ok
(164) Found Auth-Type = EAP
(164) # Executing group from file /etc/raddb/sites-enabled/default
(164)   authenticate {
(164)  eap : Expiring EAP session with state 0x34b58d2c37779811
(164)  eap : Finished EAP session with state 0x1b08417f19b1544e
(164)  eap : Previous EAP request found for state 0x1b08417f19b1544e, released from the list
(164)  eap : Peer sent method TTLS (21)
(164)  eap : EAP TTLS (21)
(164)  eap : Calling eap_ttls to process EAP data
(164)  eap_ttls : Authenticate
(164)  eap_ttls : processing EAP-TLS
  TLS Length 198
(164)  eap_ttls : Length Included
(164)  eap_ttls : eaptls_verify returned 11 
(164)  eap_ttls : <<< Unknown TLS version [length 0005] 
(164)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(164)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(164)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(164)  eap_ttls : <<< Unknown TLS version [length 0005] 
(164)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(164)  eap_ttls : <<< Unknown TLS version [length 0005] 
(164)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(164)  eap_ttls : TLS_accept: SSLv3 read finished A
(164)  eap_ttls : >>> Unknown TLS version [length 0005] 
(164)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(164)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(164)  eap_ttls : >>> Unknown TLS version [length 0005] 
(164)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(164)  eap_ttls : TLS_accept: SSLv3 write finished A
(164)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 18c0dceaae8cadf7a54a7f60be9b6dae33ce59790dcb78a6b94bc88dbee6a97b to cache
(164)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(164)  eap_ttls : eaptls_process returned 13 
(164)  eap : New EAP session, adding 'State' attribute to reply 0x1b08417f18b2544e
(164)   [eap] = handled
(164)  } #  authenticate = handled
(164) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=132, length=0
(164) 	EAP-Message = 0x01ba004515800000003b14030100010116030100307c4a2077ae020cb19ae805b6eef2004adf4065a9e6020d0326371807cca4c5621bddf6ccb725af67348770c6c9e85d15
(164) 	Message-Authenticator = 0x00000000000000000000000000000000
(164) 	State = 0x1b08417f18b2544e990b195b627601c4
Sending Access-Challenge Id 132 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01ba004515800000003b14030100010116030100307c4a2077ae020cb19ae805b6eef2004adf4065a9e6020d0326371807cca4c5621bddf6ccb725af67348770c6c9e85d15
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x1b08417f18b2544e990b195b627601c4
(164) Finished request
Waking up in 0.3 seconds.
Waking up in 0.3 seconds.
(159) Cleaning up request packet ID 128 with timestamp +122
Waking up in 1.6 seconds.
Received Access-Request Id 151 from 192.168.99.123:49286 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0xb45581163f2e2b912ac60f9abc246012
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x029400150143504539407369656d656e732e636f6d
(165) Received Access-Request packet from host 192.168.99.123 port 49286, id=151, length=83
(165) 	Message-Authenticator = 0xb45581163f2e2b912ac60f9abc246012
(165) 	NAS-Identifier = 'BS'
(165) 	User-Name = 'CPE9@siemens.com'
(165) 	EAP-Message = 0x029400150143504539407369656d656e732e636f6d
(165) # Executing section authorize from file /etc/raddb/sites-enabled/default
(165)   authorize {
(165)   filter_username filter_username {
(165)     if (!&User-Name) 
(165)     if (!&User-Name)  -> FALSE
(165)     if (&User-Name =~ / /) 
(165)     if (&User-Name =~ / /)  -> FALSE
(165)     if (&User-Name =~ /@.*@/ ) 
(165)     if (&User-Name =~ /@.*@/ )  -> FALSE
(165)     if (&User-Name =~ /\\.\\./ ) 
(165)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(165)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(165)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(165)     if (&User-Name =~ /\\.$/)  
(165)     if (&User-Name =~ /\\.$/)   -> FALSE
(165)     if (&User-Name =~ /@\\./)  
(165)     if (&User-Name =~ /@\\./)   -> FALSE
(165)   } # filter_username filter_username = notfound
(165)   [preprocess] = ok
(165)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(165)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(165)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(165)  auth_log : EXPAND %t
(165)  auth_log :    --> Wed Feb 14 20:05:23 2018
(165)   [auth_log] = ok
(165)   [chap] = noop
(165)   [mschap] = noop
(165)   [digest] = noop
(165)   [wimax] = noop
(165)  suffix : Checking for suffix after "@"
(165)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(165)  suffix : No such realm "siemens.com"
(165)   [suffix] = noop
(165)  eap : Peer sent code Response (2) ID 148 length 21
(165)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(165)   [eap] = ok
(165)  } #  authorize = ok
(165) Found Auth-Type = EAP
(165) # Executing group from file /etc/raddb/sites-enabled/default
(165)   authenticate {
(165)  eap : Peer sent method Identity (1)
(165)  eap : Calling eap_ttls to process EAP data
(165)  eap_ttls : Initiate
(165)  eap_ttls : Start returned 1
(165)  eap : New EAP session, adding 'State' attribute to reply 0x9486222b94133753
(165)   [eap] = handled
(165)  } #  authenticate = handled
(165) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=151, length=0
(165) 	EAP-Message = 0x019500061520
(165) 	Message-Authenticator = 0x00000000000000000000000000000000
(165) 	State = 0x9486222b9413375354eb42325ef573fb
Sending Access-Challenge Id 151 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019500061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x9486222b9413375354eb42325ef573fb
(165) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 152 from 192.168.99.123:49286 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x103f91da315788c839cddee32e2189ef
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x0295006a158000000060160301005b01000057030154ab17e17548ec51b21930464e96339eeb524fb3d7f2235cb51c0aa3869651fe00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x9486222b9413375354eb42325ef573fb
(166) Received Access-Request packet from host 192.168.99.123 port 49286, id=152, length=186
(166) 	Message-Authenticator = 0x103f91da315788c839cddee32e2189ef
(166) 	NAS-Identifier = 'BS'
(166) 	User-Name = 'CPE9@siemens.com'
(166) 	EAP-Message = 0x0295006a158000000060160301005b01000057030154ab17e17548ec51b21930464e96339eeb524fb3d7f2235cb51c0aa3869651fe00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(166) 	State = 0x9486222b9413375354eb42325ef573fb
(166) # Executing section authorize from file /etc/raddb/sites-enabled/default
(166)   authorize {
(166)   filter_username filter_username {
(166)     if (!&User-Name) 
(166)     if (!&User-Name)  -> FALSE
(166)     if (&User-Name =~ / /) 
(166)     if (&User-Name =~ / /)  -> FALSE
(166)     if (&User-Name =~ /@.*@/ ) 
(166)     if (&User-Name =~ /@.*@/ )  -> FALSE
(166)     if (&User-Name =~ /\\.\\./ ) 
(166)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(166)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(166)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(166)     if (&User-Name =~ /\\.$/)  
(166)     if (&User-Name =~ /\\.$/)   -> FALSE
(166)     if (&User-Name =~ /@\\./)  
(166)     if (&User-Name =~ /@\\./)   -> FALSE
(166)   } # filter_username filter_username = notfound
(166)   [preprocess] = ok
(166)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(166)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(166)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(166)  auth_log : EXPAND %t
(166)  auth_log :    --> Wed Feb 14 20:05:24 2018
(166)   [auth_log] = ok
(166)   [chap] = noop
(166)   [mschap] = noop
(166)   [digest] = noop
(166)   [wimax] = noop
(166)  suffix : Checking for suffix after "@"
(166)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(166)  suffix : No such realm "siemens.com"
(166)   [suffix] = noop
(166)  eap : Peer sent code Response (2) ID 149 length 106
(166)  eap : Continuing tunnel setup
(166)   [eap] = ok
(166)  } #  authorize = ok
(166) Found Auth-Type = EAP
(166) # Executing group from file /etc/raddb/sites-enabled/default
(166)   authenticate {
(166)  eap : Expiring EAP session with state 0x34b58d2c37779811
(166)  eap : Finished EAP session with state 0x9486222b94133753
(166)  eap : Previous EAP request found for state 0x9486222b94133753, released from the list
(166)  eap : Peer sent method TTLS (21)
(166)  eap : EAP TTLS (21)
(166)  eap : Calling eap_ttls to process EAP data
(166)  eap_ttls : Authenticate
(166)  eap_ttls : processing EAP-TLS
  TLS Length 96
(166)  eap_ttls : Length Included
(166)  eap_ttls : eaptls_verify returned 11 
(166)  eap_ttls : (other): before/accept initialization
(166)  eap_ttls : TLS_accept: before/accept initialization
(166)  eap_ttls : <<< Unknown TLS version [length 0005] 
(166)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(166)  eap_ttls : TLS_accept: SSLv3 read client hello A
(166)  eap_ttls : >>> Unknown TLS version [length 0005] 
(166)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(166)  eap_ttls : TLS_accept: SSLv3 write server hello A
(166)  eap_ttls : >>> Unknown TLS version [length 0005] 
(166)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(166)  eap_ttls : TLS_accept: SSLv3 write certificate A
(166)  eap_ttls : >>> Unknown TLS version [length 0005] 
(166)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(166)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(166)  eap_ttls : >>> Unknown TLS version [length 0005] 
(166)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(166)  eap_ttls : TLS_accept: SSLv3 write server done A
(166)  eap_ttls : TLS_accept: SSLv3 flush data
(166)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(166)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(166)  eap_ttls : eaptls_process returned 13 
(166)  eap : New EAP session, adding 'State' attribute to reply 0x9486222b95103753
(166)   [eap] = handled
(166)  } #  authenticate = handled
(166) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=152, length=0
(166) 	EAP-Message = 0x019603ec15c000000702160301004a02000046030148ed98efc4d634304bf5bbf4faf4805817e9eb3d9ff4f5697f756a4e1999a116208467ef2a1dc7fd4d061dd1d1842227e7431d9af9a7c9562e41d788a9651bec6400390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(166) 	Message-Authenticator = 0x00000000000000000000000000000000
(166) 	State = 0x9486222b9510375354eb42325ef573fb
Sending Access-Challenge Id 152 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019603ec15c000000702160301004a02000046030148ed98efc4d634304bf5bbf4faf4805817e9eb3d9ff4f5697f756a4e1999a116208467ef2a1dc7fd4d061dd1d1842227e7431d9af9a7c9562e41d788a9651bec6400390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x9486222b9510375354eb42325ef573fb
(166) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 153 from 192.168.99.123:49286 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0x117ac78b96227dcd52658319f430199d
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x029600061500
	State = 0x9486222b9510375354eb42325ef573fb
(167) Received Access-Request packet from host 192.168.99.123 port 49286, id=153, length=86
(167) 	Message-Authenticator = 0x117ac78b96227dcd52658319f430199d
(167) 	NAS-Identifier = 'BS'
(167) 	User-Name = 'CPE9@siemens.com'
(167) 	EAP-Message = 0x029600061500
(167) 	State = 0x9486222b9510375354eb42325ef573fb
(167) # Executing section authorize from file /etc/raddb/sites-enabled/default
(167)   authorize {
(167)   filter_username filter_username {
(167)     if (!&User-Name) 
(167)     if (!&User-Name)  -> FALSE
(167)     if (&User-Name =~ / /) 
(167)     if (&User-Name =~ / /)  -> FALSE
(167)     if (&User-Name =~ /@.*@/ ) 
(167)     if (&User-Name =~ /@.*@/ )  -> FALSE
(167)     if (&User-Name =~ /\\.\\./ ) 
(167)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(167)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(167)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(167)     if (&User-Name =~ /\\.$/)  
(167)     if (&User-Name =~ /\\.$/)   -> FALSE
(167)     if (&User-Name =~ /@\\./)  
(167)     if (&User-Name =~ /@\\./)   -> FALSE
(167)   } # filter_username filter_username = notfound
(167)   [preprocess] = ok
(167)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(167)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(167)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(167)  auth_log : EXPAND %t
(167)  auth_log :    --> Wed Feb 14 20:05:24 2018
(167)   [auth_log] = ok
(167)   [chap] = noop
(167)   [mschap] = noop
(167)   [digest] = noop
(167)   [wimax] = noop
(167)  suffix : Checking for suffix after "@"
(167)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(167)  suffix : No such realm "siemens.com"
(167)   [suffix] = noop
(167)  eap : Peer sent code Response (2) ID 150 length 6
(167)  eap : Continuing tunnel setup
(167)   [eap] = ok
(167)  } #  authorize = ok
(167) Found Auth-Type = EAP
(167) # Executing group from file /etc/raddb/sites-enabled/default
(167)   authenticate {
(167)  eap : Expiring EAP session with state 0x34b58d2c37779811
(167)  eap : Finished EAP session with state 0x9486222b95103753
(167)  eap : Previous EAP request found for state 0x9486222b95103753, released from the list
(167)  eap : Peer sent method TTLS (21)
(167)  eap : EAP TTLS (21)
(167)  eap : Calling eap_ttls to process EAP data
(167)  eap_ttls : Authenticate
(167)  eap_ttls : processing EAP-TLS
(167)  eap_ttls : Received TLS ACK
(167)  eap_ttls : Received TLS ACK
(167)  eap_ttls : ACK handshake fragment handler
(167)  eap_ttls : eaptls_verify returned 1 
(167)  eap_ttls : eaptls_process returned 13 
(167)  eap : New EAP session, adding 'State' attribute to reply 0x9486222b96113753
(167)   [eap] = handled
(167)  } #  authenticate = handled
(167) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=153, length=0
(167) 	EAP-Message = 0x0197032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(167) 	Message-Authenticator = 0x00000000000000000000000000000000
(167) 	State = 0x9486222b9611375354eb42325ef573fb
Sending Access-Challenge Id 153 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x0197032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x9486222b9611375354eb42325ef573fb
(167) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 1 from 192.168.99.123:49286 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(168) Received Access-Request packet from host 192.168.99.123 port 49286, id=1, length=49
(168) 	NAS-Identifier = 'BS'
(168) 	User-Name = 'dummy'
(168) 	User-Password = '*PASSWORD*'
(168) # Executing section authorize from file /etc/raddb/sites-enabled/default
(168)   authorize {
(168)   filter_username filter_username {
(168)     if (!&User-Name) 
(168)     if (!&User-Name)  -> FALSE
(168)     if (&User-Name =~ / /) 
(168)     if (&User-Name =~ / /)  -> FALSE
(168)     if (&User-Name =~ /@.*@/ ) 
(168)     if (&User-Name =~ /@.*@/ )  -> FALSE
(168)     if (&User-Name =~ /\\.\\./ ) 
(168)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(168)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(168)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(168)     if (&User-Name =~ /\\.$/)  
(168)     if (&User-Name =~ /\\.$/)   -> FALSE
(168)     if (&User-Name =~ /@\\./)  
(168)     if (&User-Name =~ /@\\./)   -> FALSE
(168)   } # filter_username filter_username = notfound
(168)   [preprocess] = ok
(168)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(168)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(168)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(168)  auth_log : EXPAND %t
(168)  auth_log :    --> Wed Feb 14 20:05:24 2018
(168)   [auth_log] = ok
(168)   [chap] = noop
(168)   [mschap] = noop
(168)   [digest] = noop
(168)   [wimax] = noop
(168)  suffix : Checking for suffix after "@"
(168)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(168)  suffix : No such realm "NULL"
(168)   [suffix] = noop
(168)  eap : No EAP-Message, not doing EAP
(168)   [eap] = noop
(168)  files : users: Matched entry dummy at line 159
(168)   [files] = ok
(168)   [expiration] = noop
(168)   [logintime] = noop
(168)   [pap] = updated
(168)  } #  authorize = updated
(168) Found Auth-Type = PAP
(168) # Executing group from file /etc/raddb/sites-enabled/default
(168)  Auth-Type PAP {
(168)  pap : Login attempt with password
(168)  pap : User authenticated successfully
(168)   [pap] = ok
(168)  } # Auth-Type PAP = ok
(168) Login OK: [dummy] (from client BS3 port 0)
(168) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(168)   post-auth {
(168)   [exec] = noop
(168)   update reply {
(168) 	Session-Timeout := 1800
(168)   } # update reply = noop
(168)   remove_reply_message_if_eap remove_reply_message_if_eap {
(168)     if (&reply:EAP-Message && &reply:Reply-Message) 
(168)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(168)    else else {
(168)     [noop] = noop
(168)    } # else else = noop
(168)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(168)  } #  post-auth = noop
(168) Sending Access-Accept packet to host 192.168.99.123 port 49286, id=1, length=0
(168) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.123:49286
	Session-Timeout := 1800
(168) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 162 from 192.168.99.121:49210 to 192.168.99.101:1812 length 85
	Message-Authenticator = 0x130955337440f9a9fceb7e75ee6a5292
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c40016014350453131407369656d656e732e636f6d
(169) Received Access-Request packet from host 192.168.99.121 port 49210, id=162, length=85
(169) 	Message-Authenticator = 0x130955337440f9a9fceb7e75ee6a5292
(169) 	NAS-Identifier = 'BS'
(169) 	User-Name = 'CPE11@siemens.com'
(169) 	EAP-Message = 0x02c40016014350453131407369656d656e732e636f6d
(169) # Executing section authorize from file /etc/raddb/sites-enabled/default
(169)   authorize {
(169)   filter_username filter_username {
(169)     if (!&User-Name) 
(169)     if (!&User-Name)  -> FALSE
(169)     if (&User-Name =~ / /) 
(169)     if (&User-Name =~ / /)  -> FALSE
(169)     if (&User-Name =~ /@.*@/ ) 
(169)     if (&User-Name =~ /@.*@/ )  -> FALSE
(169)     if (&User-Name =~ /\\.\\./ ) 
(169)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(169)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(169)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(169)     if (&User-Name =~ /\\.$/)  
(169)     if (&User-Name =~ /\\.$/)   -> FALSE
(169)     if (&User-Name =~ /@\\./)  
(169)     if (&User-Name =~ /@\\./)   -> FALSE
(169)   } # filter_username filter_username = notfound
(169)   [preprocess] = ok
(169)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(169)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(169)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(169)  auth_log : EXPAND %t
(169)  auth_log :    --> Wed Feb 14 20:05:24 2018
(169)   [auth_log] = ok
(169)   [chap] = noop
(169)   [mschap] = noop
(169)   [digest] = noop
(169)   [wimax] = noop
(169)  suffix : Checking for suffix after "@"
(169)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(169)  suffix : No such realm "siemens.com"
(169)   [suffix] = noop
(169)  eap : Peer sent code Response (2) ID 196 length 22
(169)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(169)   [eap] = ok
(169)  } #  authorize = ok
(169) Found Auth-Type = EAP
(169) # Executing group from file /etc/raddb/sites-enabled/default
(169)   authenticate {
(169)  eap : Peer sent method Identity (1)
(169)  eap : Calling eap_ttls to process EAP data
(169)  eap_ttls : Initiate
(169)  eap_ttls : Start returned 1
(169)  eap : New EAP session, adding 'State' attribute to reply 0x7b3b66d77bfe737e
(169)   [eap] = handled
(169)  } #  authenticate = handled
(169) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=162, length=0
(169) 	EAP-Message = 0x01c500061520
(169) 	Message-Authenticator = 0x00000000000000000000000000000000
(169) 	State = 0x7b3b66d77bfe737e4fb104ccaa73094f
Sending Access-Challenge Id 162 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c500061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x7b3b66d77bfe737e4fb104ccaa73094f
(169) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 1 from 192.168.99.124:49285 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(170) Received Access-Request packet from host 192.168.99.124 port 49285, id=1, length=49
(170) 	NAS-Identifier = 'BS'
(170) 	User-Name = 'dummy'
(170) 	User-Password = '*PASSWORD*'
(170) # Executing section authorize from file /etc/raddb/sites-enabled/default
(170)   authorize {
(170)   filter_username filter_username {
(170)     if (!&User-Name) 
(170)     if (!&User-Name)  -> FALSE
(170)     if (&User-Name =~ / /) 
(170)     if (&User-Name =~ / /)  -> FALSE
(170)     if (&User-Name =~ /@.*@/ ) 
(170)     if (&User-Name =~ /@.*@/ )  -> FALSE
(170)     if (&User-Name =~ /\\.\\./ ) 
(170)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(170)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(170)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(170)     if (&User-Name =~ /\\.$/)  
(170)     if (&User-Name =~ /\\.$/)   -> FALSE
(170)     if (&User-Name =~ /@\\./)  
(170)     if (&User-Name =~ /@\\./)   -> FALSE
(170)   } # filter_username filter_username = notfound
(170)   [preprocess] = ok
(170)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(170)  auth_log :    --> /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(170)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(170)  auth_log : EXPAND %t
(170)  auth_log :    --> Wed Feb 14 20:05:24 2018
(170)   [auth_log] = ok
(170)   [chap] = noop
(170)   [mschap] = noop
(170)   [digest] = noop
(170)   [wimax] = noop
(170)  suffix : Checking for suffix after "@"
(170)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(170)  suffix : No such realm "NULL"
(170)   [suffix] = noop
(170)  eap : No EAP-Message, not doing EAP
(170)   [eap] = noop
(170)  files : users: Matched entry dummy at line 159
(170)   [files] = ok
(170)   [expiration] = noop
(170)   [logintime] = noop
(170)   [pap] = updated
(170)  } #  authorize = updated
(170) Found Auth-Type = PAP
(170) # Executing group from file /etc/raddb/sites-enabled/default
(170)  Auth-Type PAP {
(170)  pap : Login attempt with password
(170)  pap : User authenticated successfully
(170)   [pap] = ok
(170)  } # Auth-Type PAP = ok
(170) Login OK: [dummy] (from client BS4 port 0)
(170) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(170)   post-auth {
(170)   [exec] = noop
(170)   update reply {
(170) 	Session-Timeout := 1800
(170)   } # update reply = noop
(170)   remove_reply_message_if_eap remove_reply_message_if_eap {
(170)     if (&reply:EAP-Message && &reply:Reply-Message) 
(170)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(170)    else else {
(170)     [noop] = noop
(170)    } # else else = noop
(170)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(170)  } #  post-auth = noop
(170) Sending Access-Accept packet to host 192.168.99.124 port 49285, id=1, length=0
(170) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.124:49285
	Session-Timeout := 1800
(170) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 163 from 192.168.99.121:49210 to 192.168.99.101:1812 length 187
	Message-Authenticator = 0x49f35c1bcf0553313a94d5be9dc67abc
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c5006a158000000060160301005b01000057030154a4b4b3fd81af66d44d9043c26f0ac7de1d0e553cc9324a5492b87f2377190000003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x7b3b66d77bfe737e4fb104ccaa73094f
(171) Received Access-Request packet from host 192.168.99.121 port 49210, id=163, length=187
(171) 	Message-Authenticator = 0x49f35c1bcf0553313a94d5be9dc67abc
(171) 	NAS-Identifier = 'BS'
(171) 	User-Name = 'CPE11@siemens.com'
(171) 	EAP-Message = 0x02c5006a158000000060160301005b01000057030154a4b4b3fd81af66d44d9043c26f0ac7de1d0e553cc9324a5492b87f2377190000003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(171) 	State = 0x7b3b66d77bfe737e4fb104ccaa73094f
(171) # Executing section authorize from file /etc/raddb/sites-enabled/default
(171)   authorize {
(171)   filter_username filter_username {
(171)     if (!&User-Name) 
(171)     if (!&User-Name)  -> FALSE
(171)     if (&User-Name =~ / /) 
(171)     if (&User-Name =~ / /)  -> FALSE
(171)     if (&User-Name =~ /@.*@/ ) 
(171)     if (&User-Name =~ /@.*@/ )  -> FALSE
(171)     if (&User-Name =~ /\\.\\./ ) 
(171)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(171)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(171)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(171)     if (&User-Name =~ /\\.$/)  
(171)     if (&User-Name =~ /\\.$/)   -> FALSE
(171)     if (&User-Name =~ /@\\./)  
(171)     if (&User-Name =~ /@\\./)   -> FALSE
(171)   } # filter_username filter_username = notfound
(171)   [preprocess] = ok
(171)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(171)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(171)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(171)  auth_log : EXPAND %t
(171)  auth_log :    --> Wed Feb 14 20:05:24 2018
(171)   [auth_log] = ok
(171)   [chap] = noop
(171)   [mschap] = noop
(171)   [digest] = noop
(171)   [wimax] = noop
(171)  suffix : Checking for suffix after "@"
(171)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(171)  suffix : No such realm "siemens.com"
(171)   [suffix] = noop
(171)  eap : Peer sent code Response (2) ID 197 length 106
(171)  eap : Continuing tunnel setup
(171)   [eap] = ok
(171)  } #  authorize = ok
(171) Found Auth-Type = EAP
(171) # Executing group from file /etc/raddb/sites-enabled/default
(171)   authenticate {
(171)  eap : Expiring EAP session with state 0x34b58d2c37779811
(171)  eap : Finished EAP session with state 0x7b3b66d77bfe737e
(171)  eap : Previous EAP request found for state 0x7b3b66d77bfe737e, released from the list
(171)  eap : Peer sent method TTLS (21)
(171)  eap : EAP TTLS (21)
(171)  eap : Calling eap_ttls to process EAP data
(171)  eap_ttls : Authenticate
(171)  eap_ttls : processing EAP-TLS
  TLS Length 96
(171)  eap_ttls : Length Included
(171)  eap_ttls : eaptls_verify returned 11 
(171)  eap_ttls : (other): before/accept initialization
(171)  eap_ttls : TLS_accept: before/accept initialization
(171)  eap_ttls : <<< Unknown TLS version [length 0005] 
(171)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(171)  eap_ttls : TLS_accept: SSLv3 read client hello A
(171)  eap_ttls : >>> Unknown TLS version [length 0005] 
(171)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(171)  eap_ttls : TLS_accept: SSLv3 write server hello A
(171)  eap_ttls : >>> Unknown TLS version [length 0005] 
(171)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(171)  eap_ttls : TLS_accept: SSLv3 write certificate A
(171)  eap_ttls : >>> Unknown TLS version [length 0005] 
(171)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(171)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(171)  eap_ttls : >>> Unknown TLS version [length 0005] 
(171)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(171)  eap_ttls : TLS_accept: SSLv3 write server done A
(171)  eap_ttls : TLS_accept: SSLv3 flush data
(171)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(171)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(171)  eap_ttls : eaptls_process returned 13 
(171)  eap : New EAP session, adding 'State' attribute to reply 0x7b3b66d77afd737e
(171)   [eap] = handled
(171)  } #  authenticate = handled
(171) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=163, length=0
(171) 	EAP-Message = 0x01c603ec15c000000702160301004a0200004603016e530b3d92442eef6136ca9e2d0d2ebc4e443188cb1679ec75141838e813b6bd206bc57a76b3da4ff86ef98a96797d46dc01d05955f0e97934cf6b6dcb32e5be8f00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(171) 	Message-Authenticator = 0x00000000000000000000000000000000
(171) 	State = 0x7b3b66d77afd737e4fb104ccaa73094f
Sending Access-Challenge Id 163 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c603ec15c000000702160301004a0200004603016e530b3d92442eef6136ca9e2d0d2ebc4e443188cb1679ec75141838e813b6bd206bc57a76b3da4ff86ef98a96797d46dc01d05955f0e97934cf6b6dcb32e5be8f00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x7b3b66d77afd737e4fb104ccaa73094f
(171) Finished request
Received Access-Request Id 164 from 192.168.99.121:49210 to 192.168.99.101:1812 length 87
	Message-Authenticator = 0x68a3c3c72b4d6fd2ebfe3ed1e7ee82f5
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c600061500
	State = 0x7b3b66d77afd737e4fb104ccaa73094f
(172) Received Access-Request packet from host 192.168.99.121 port 49210, id=164, length=87
(172) 	Message-Authenticator = 0x68a3c3c72b4d6fd2ebfe3ed1e7ee82f5
(172) 	NAS-Identifier = 'BS'
(172) 	User-Name = 'CPE11@siemens.com'
(172) 	EAP-Message = 0x02c600061500
(172) 	State = 0x7b3b66d77afd737e4fb104ccaa73094f
(172) # Executing section authorize from file /etc/raddb/sites-enabled/default
(172)   authorize {
(172)   filter_username filter_username {
(172)     if (!&User-Name) 
(172)     if (!&User-Name)  -> FALSE
(172)     if (&User-Name =~ / /) 
(172)     if (&User-Name =~ / /)  -> FALSE
(172)     if (&User-Name =~ /@.*@/ ) 
(172)     if (&User-Name =~ /@.*@/ )  -> FALSE
(172)     if (&User-Name =~ /\\.\\./ ) 
(172)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(172)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(172)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(172)     if (&User-Name =~ /\\.$/)  
(172)     if (&User-Name =~ /\\.$/)   -> FALSE
(172)     if (&User-Name =~ /@\\./)  
(172)     if (&User-Name =~ /@\\./)   -> FALSE
(172)   } # filter_username filter_username = notfound
(172)   [preprocess] = ok
(172)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(172)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(172)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(172)  auth_log : EXPAND %t
(172)  auth_log :    --> Wed Feb 14 20:05:24 2018
(172)   [auth_log] = ok
(172)   [chap] = noop
(172)   [mschap] = noop
(172)   [digest] = noop
(172)   [wimax] = noop
(172)  suffix : Checking for suffix after "@"
(172)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(172)  suffix : No such realm "siemens.com"
(172)   [suffix] = noop
(172)  eap : Peer sent code Response (2) ID 198 length 6
(172)  eap : Continuing tunnel setup
(172)   [eap] = ok
(172)  } #  authorize = ok
(172) Found Auth-Type = EAP
(172) # Executing group from file /etc/raddb/sites-enabled/default
(172)   authenticate {
(172)  eap : Expiring EAP session with state 0x34b58d2c37779811
(172)  eap : Finished EAP session with state 0x7b3b66d77afd737e
(172)  eap : Previous EAP request found for state 0x7b3b66d77afd737e, released from the list
(172)  eap : Peer sent method TTLS (21)
(172)  eap : EAP TTLS (21)
(172)  eap : Calling eap_ttls to process EAP data
(172)  eap_ttls : Authenticate
(172)  eap_ttls : processing EAP-TLS
(172)  eap_ttls : Received TLS ACK
(172)  eap_ttls : Received TLS ACK
(172)  eap_ttls : ACK handshake fragment handler
(172)  eap_ttls : eaptls_verify returned 1 
(172)  eap_ttls : eaptls_process returned 13 
(172)  eap : New EAP session, adding 'State' attribute to reply 0x7b3b66d779fc737e
(172)   [eap] = handled
(172)  } #  authenticate = handled
(172) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=164, length=0
(172) 	EAP-Message = 0x01c7032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(172) 	Message-Authenticator = 0x00000000000000000000000000000000
(172) 	State = 0x7b3b66d779fc737e4fb104ccaa73094f
Sending Access-Challenge Id 164 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c7032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x7b3b66d779fc737e4fb104ccaa73094f
(172) Finished request
Received Access-Request Id 1 from 192.168.99.122:49321 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(173) Received Access-Request packet from host 192.168.99.122 port 49321, id=1, length=49
(173) 	NAS-Identifier = 'BS'
(173) 	User-Name = 'dummy'
(173) 	User-Password = '*PASSWORD*'
(173) # Executing section authorize from file /etc/raddb/sites-enabled/default
(173)   authorize {
(173)   filter_username filter_username {
(173)     if (!&User-Name) 
(173)     if (!&User-Name)  -> FALSE
(173)     if (&User-Name =~ / /) 
(173)     if (&User-Name =~ / /)  -> FALSE
(173)     if (&User-Name =~ /@.*@/ ) 
(173)     if (&User-Name =~ /@.*@/ )  -> FALSE
(173)     if (&User-Name =~ /\\.\\./ ) 
(173)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(173)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(173)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(173)     if (&User-Name =~ /\\.$/)  
(173)     if (&User-Name =~ /\\.$/)   -> FALSE
(173)     if (&User-Name =~ /@\\./)  
(173)     if (&User-Name =~ /@\\./)   -> FALSE
(173)   } # filter_username filter_username = notfound
(173)   [preprocess] = ok
(173)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(173)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(173)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(173)  auth_log : EXPAND %t
(173)  auth_log :    --> Wed Feb 14 20:05:24 2018
(173)   [auth_log] = ok
(173)   [chap] = noop
(173)   [mschap] = noop
(173)   [digest] = noop
(173)   [wimax] = noop
(173)  suffix : Checking for suffix after "@"
(173)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(173)  suffix : No such realm "NULL"
(173)   [suffix] = noop
(173)  eap : No EAP-Message, not doing EAP
(173)   [eap] = noop
(173)  files : users: Matched entry dummy at line 159
(173)   [files] = ok
(173)   [expiration] = noop
(173)   [logintime] = noop
(173)   [pap] = updated
(173)  } #  authorize = updated
(173) Found Auth-Type = PAP
(173) # Executing group from file /etc/raddb/sites-enabled/default
(173)  Auth-Type PAP {
(173)  pap : Login attempt with password
(173)  pap : User authenticated successfully
(173)   [pap] = ok
(173)  } # Auth-Type PAP = ok
(173) Login OK: [dummy] (from client BS2 port 0)
(173) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(173)   post-auth {
(173)   [exec] = noop
(173)   update reply {
(173) 	Session-Timeout := 1800
(173)   } # update reply = noop
(173)   remove_reply_message_if_eap remove_reply_message_if_eap {
(173)     if (&reply:EAP-Message && &reply:Reply-Message) 
(173)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(173)    else else {
(173)     [noop] = noop
(173)    } # else else = noop
(173)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(173)  } #  post-auth = noop
(173) Sending Access-Accept packet to host 192.168.99.122 port 49321, id=1, length=0
(173) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.122:49321
	Session-Timeout := 1800
(173) Finished request
Received Access-Request Id 154 from 192.168.99.123:49286 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x92a8a9e53843238232488005da2e14c2
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x029300150143504538407369656d656e732e636f6d
(174) Received Access-Request packet from host 192.168.99.123 port 49286, id=154, length=83
(174) 	Message-Authenticator = 0x92a8a9e53843238232488005da2e14c2
(174) 	NAS-Identifier = 'BS'
(174) 	User-Name = 'CPE8@siemens.com'
(174) 	EAP-Message = 0x029300150143504538407369656d656e732e636f6d
(174) # Executing section authorize from file /etc/raddb/sites-enabled/default
(174)   authorize {
(174)   filter_username filter_username {
(174)     if (!&User-Name) 
(174)     if (!&User-Name)  -> FALSE
(174)     if (&User-Name =~ / /) 
(174)     if (&User-Name =~ / /)  -> FALSE
(174)     if (&User-Name =~ /@.*@/ ) 
(174)     if (&User-Name =~ /@.*@/ )  -> FALSE
(174)     if (&User-Name =~ /\\.\\./ ) 
(174)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(174)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(174)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(174)     if (&User-Name =~ /\\.$/)  
(174)     if (&User-Name =~ /\\.$/)   -> FALSE
(174)     if (&User-Name =~ /@\\./)  
(174)     if (&User-Name =~ /@\\./)   -> FALSE
(174)   } # filter_username filter_username = notfound
(174)   [preprocess] = ok
(174)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(174)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(174)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(174)  auth_log : EXPAND %t
(174)  auth_log :    --> Wed Feb 14 20:05:24 2018
(174)   [auth_log] = ok
(174)   [chap] = noop
(174)   [mschap] = noop
(174)   [digest] = noop
(174)   [wimax] = noop
(174)  suffix : Checking for suffix after "@"
(174)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(174)  suffix : No such realm "siemens.com"
(174)   [suffix] = noop
(174)  eap : Peer sent code Response (2) ID 147 length 21
(174)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(174)   [eap] = ok
(174)  } #  authorize = ok
(174) Found Auth-Type = EAP
(174) # Executing group from file /etc/raddb/sites-enabled/default
(174)   authenticate {
(174)  eap : Peer sent method Identity (1)
(174)  eap : Calling eap_ttls to process EAP data
(174)  eap_ttls : Initiate
(174)  eap_ttls : Start returned 1
(174)  eap : New EAP session, adding 'State' attribute to reply 0x6a18e0096a8cf53a
(174)   [eap] = handled
(174)  } #  authenticate = handled
(174) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=154, length=0
(174) 	EAP-Message = 0x019400061520
(174) 	Message-Authenticator = 0x00000000000000000000000000000000
(174) 	State = 0x6a18e0096a8cf53a5dd1c90a79b26365
Sending Access-Challenge Id 154 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019400061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x6a18e0096a8cf53a5dd1c90a79b26365
(174) Finished request
Received Access-Request Id 155 from 192.168.99.123:49286 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x35fe37c3c3359ac064baa089365c8be9
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x0294006a158000000060160301005b01000057030154a650ee40b0da77036796ebaac64fcd73608e16ae2f3c37be53af949454e12300003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x6a18e0096a8cf53a5dd1c90a79b26365
(175) Received Access-Request packet from host 192.168.99.123 port 49286, id=155, length=186
(175) 	Message-Authenticator = 0x35fe37c3c3359ac064baa089365c8be9
(175) 	NAS-Identifier = 'BS'
(175) 	User-Name = 'CPE8@siemens.com'
(175) 	EAP-Message = 0x0294006a158000000060160301005b01000057030154a650ee40b0da77036796ebaac64fcd73608e16ae2f3c37be53af949454e12300003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(175) 	State = 0x6a18e0096a8cf53a5dd1c90a79b26365
(175) # Executing section authorize from file /etc/raddb/sites-enabled/default
(175)   authorize {
(175)   filter_username filter_username {
(175)     if (!&User-Name) 
(175)     if (!&User-Name)  -> FALSE
(175)     if (&User-Name =~ / /) 
(175)     if (&User-Name =~ / /)  -> FALSE
(175)     if (&User-Name =~ /@.*@/ ) 
(175)     if (&User-Name =~ /@.*@/ )  -> FALSE
(175)     if (&User-Name =~ /\\.\\./ ) 
(175)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(175)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(175)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(175)     if (&User-Name =~ /\\.$/)  
(175)     if (&User-Name =~ /\\.$/)   -> FALSE
(175)     if (&User-Name =~ /@\\./)  
(175)     if (&User-Name =~ /@\\./)   -> FALSE
(175)   } # filter_username filter_username = notfound
(175)   [preprocess] = ok
(175)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(175)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(175)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(175)  auth_log : EXPAND %t
(175)  auth_log :    --> Wed Feb 14 20:05:24 2018
(175)   [auth_log] = ok
(175)   [chap] = noop
(175)   [mschap] = noop
(175)   [digest] = noop
(175)   [wimax] = noop
(175)  suffix : Checking for suffix after "@"
(175)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(175)  suffix : No such realm "siemens.com"
(175)   [suffix] = noop
(175)  eap : Peer sent code Response (2) ID 148 length 106
(175)  eap : Continuing tunnel setup
(175)   [eap] = ok
(175)  } #  authorize = ok
(175) Found Auth-Type = EAP
(175) # Executing group from file /etc/raddb/sites-enabled/default
(175)   authenticate {
(175)  eap : Expiring EAP session with state 0x34b58d2c37779811
(175)  eap : Finished EAP session with state 0x6a18e0096a8cf53a
(175)  eap : Previous EAP request found for state 0x6a18e0096a8cf53a, released from the list
(175)  eap : Peer sent method TTLS (21)
(175)  eap : EAP TTLS (21)
(175)  eap : Calling eap_ttls to process EAP data
(175)  eap_ttls : Authenticate
(175)  eap_ttls : processing EAP-TLS
  TLS Length 96
(175)  eap_ttls : Length Included
(175)  eap_ttls : eaptls_verify returned 11 
(175)  eap_ttls : (other): before/accept initialization
(175)  eap_ttls : TLS_accept: before/accept initialization
(175)  eap_ttls : <<< Unknown TLS version [length 0005] 
(175)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(175)  eap_ttls : TLS_accept: SSLv3 read client hello A
(175)  eap_ttls : >>> Unknown TLS version [length 0005] 
(175)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(175)  eap_ttls : TLS_accept: SSLv3 write server hello A
(175)  eap_ttls : >>> Unknown TLS version [length 0005] 
(175)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(175)  eap_ttls : TLS_accept: SSLv3 write certificate A
(175)  eap_ttls : >>> Unknown TLS version [length 0005] 
(175)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(175)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(175)  eap_ttls : >>> Unknown TLS version [length 0005] 
(175)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(175)  eap_ttls : TLS_accept: SSLv3 write server done A
(175)  eap_ttls : TLS_accept: SSLv3 flush data
(175)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(175)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(175)  eap_ttls : eaptls_process returned 13 
(175)  eap : New EAP session, adding 'State' attribute to reply 0x6a18e0096b8df53a
(175)   [eap] = handled
(175)  } #  authenticate = handled
(175) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=155, length=0
(175) 	EAP-Message = 0x019503ec15c000000702160301004a02000046030102002c9e8fd76182d3b91530782da312cdb112cb5cb1e321eea073dab5df3b8720df42325f6e22f31c9e5c832a8e95de20acfff5c583f79a64a75963476be64afc00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(175) 	Message-Authenticator = 0x00000000000000000000000000000000
(175) 	State = 0x6a18e0096b8df53a5dd1c90a79b26365
Sending Access-Challenge Id 155 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019503ec15c000000702160301004a02000046030102002c9e8fd76182d3b91530782da312cdb112cb5cb1e321eea073dab5df3b8720df42325f6e22f31c9e5c832a8e95de20acfff5c583f79a64a75963476be64afc00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x6a18e0096b8df53a5dd1c90a79b26365
(175) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 156 from 192.168.99.123:49286 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0x8dd24dceab91bae4ae7a6ffd99c0694c
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x029500061500
	State = 0x6a18e0096b8df53a5dd1c90a79b26365
(176) Received Access-Request packet from host 192.168.99.123 port 49286, id=156, length=86
(176) 	Message-Authenticator = 0x8dd24dceab91bae4ae7a6ffd99c0694c
(176) 	NAS-Identifier = 'BS'
(176) 	User-Name = 'CPE8@siemens.com'
(176) 	EAP-Message = 0x029500061500
(176) 	State = 0x6a18e0096b8df53a5dd1c90a79b26365
(176) # Executing section authorize from file /etc/raddb/sites-enabled/default
(176)   authorize {
(176)   filter_username filter_username {
(176)     if (!&User-Name) 
(176)     if (!&User-Name)  -> FALSE
(176)     if (&User-Name =~ / /) 
(176)     if (&User-Name =~ / /)  -> FALSE
(176)     if (&User-Name =~ /@.*@/ ) 
(176)     if (&User-Name =~ /@.*@/ )  -> FALSE
(176)     if (&User-Name =~ /\\.\\./ ) 
(176)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(176)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(176)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(176)     if (&User-Name =~ /\\.$/)  
(176)     if (&User-Name =~ /\\.$/)   -> FALSE
(176)     if (&User-Name =~ /@\\./)  
(176)     if (&User-Name =~ /@\\./)   -> FALSE
(176)   } # filter_username filter_username = notfound
(176)   [preprocess] = ok
(176)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(176)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(176)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(176)  auth_log : EXPAND %t
(176)  auth_log :    --> Wed Feb 14 20:05:24 2018
(176)   [auth_log] = ok
(176)   [chap] = noop
(176)   [mschap] = noop
(176)   [digest] = noop
(176)   [wimax] = noop
(176)  suffix : Checking for suffix after "@"
(176)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(176)  suffix : No such realm "siemens.com"
(176)   [suffix] = noop
(176)  eap : Peer sent code Response (2) ID 149 length 6
(176)  eap : Continuing tunnel setup
(176)   [eap] = ok
(176)  } #  authorize = ok
(176) Found Auth-Type = EAP
(176) # Executing group from file /etc/raddb/sites-enabled/default
(176)   authenticate {
(176)  eap : Expiring EAP session with state 0x34b58d2c37779811
(176)  eap : Finished EAP session with state 0x6a18e0096b8df53a
(176)  eap : Previous EAP request found for state 0x6a18e0096b8df53a, released from the list
(176)  eap : Peer sent method TTLS (21)
(176)  eap : EAP TTLS (21)
(176)  eap : Calling eap_ttls to process EAP data
(176)  eap_ttls : Authenticate
(176)  eap_ttls : processing EAP-TLS
(176)  eap_ttls : Received TLS ACK
(176)  eap_ttls : Received TLS ACK
(176)  eap_ttls : ACK handshake fragment handler
(176)  eap_ttls : eaptls_verify returned 1 
(176)  eap_ttls : eaptls_process returned 13 
(176)  eap : New EAP session, adding 'State' attribute to reply 0x6a18e009688ef53a
(176)   [eap] = handled
(176)  } #  authenticate = handled
(176) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=156, length=0
(176) 	EAP-Message = 0x0196032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(176) 	Message-Authenticator = 0x00000000000000000000000000000000
(176) 	State = 0x6a18e009688ef53a5dd1c90a79b26365
Sending Access-Challenge Id 156 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x0196032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x6a18e009688ef53a5dd1c90a79b26365
(176) Finished request
Waking up in 0.1 seconds.
(160) Cleaning up request packet ID 129 with timestamp +123
(161) Cleaning up request packet ID 130 with timestamp +123
(162) Cleaning up request packet ID 131 with timestamp +123
Waking up in 0.3 seconds.
(163) Cleaning up request packet ID 1 with timestamp +124
Waking up in 2.2 seconds.
Received Access-Request Id 133 from 192.168.99.122:49321 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x54434b19b7f925d771ba300ac8bba906
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02b700150143504537407369656d656e732e636f6d
(177) Received Access-Request packet from host 192.168.99.122 port 49321, id=133, length=83
(177) 	Message-Authenticator = 0x54434b19b7f925d771ba300ac8bba906
(177) 	NAS-Identifier = 'BS'
(177) 	User-Name = 'CPE7@siemens.com'
(177) 	EAP-Message = 0x02b700150143504537407369656d656e732e636f6d
(177) # Executing section authorize from file /etc/raddb/sites-enabled/default
(177)   authorize {
(177)   filter_username filter_username {
(177)     if (!&User-Name) 
(177)     if (!&User-Name)  -> FALSE
(177)     if (&User-Name =~ / /) 
(177)     if (&User-Name =~ / /)  -> FALSE
(177)     if (&User-Name =~ /@.*@/ ) 
(177)     if (&User-Name =~ /@.*@/ )  -> FALSE
(177)     if (&User-Name =~ /\\.\\./ ) 
(177)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(177)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(177)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(177)     if (&User-Name =~ /\\.$/)  
(177)     if (&User-Name =~ /\\.$/)   -> FALSE
(177)     if (&User-Name =~ /@\\./)  
(177)     if (&User-Name =~ /@\\./)   -> FALSE
(177)   } # filter_username filter_username = notfound
(177)   [preprocess] = ok
(177)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(177)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(177)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(177)  auth_log : EXPAND %t
(177)  auth_log :    --> Wed Feb 14 20:05:25 2018
(177)   [auth_log] = ok
(177)   [chap] = noop
(177)   [mschap] = noop
(177)   [digest] = noop
(177)   [wimax] = noop
(177)  suffix : Checking for suffix after "@"
(177)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(177)  suffix : No such realm "siemens.com"
(177)   [suffix] = noop
(177)  eap : Peer sent code Response (2) ID 183 length 21
(177)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(177)   [eap] = ok
(177)  } #  authorize = ok
(177) Found Auth-Type = EAP
(177) # Executing group from file /etc/raddb/sites-enabled/default
(177)   authenticate {
(177)  eap : Peer sent method Identity (1)
(177)  eap : Calling eap_ttls to process EAP data
(177)  eap_ttls : Initiate
(177)  eap_ttls : Start returned 1
(177)  eap : New EAP session, adding 'State' attribute to reply 0x9ec176319e7963e5
(177)   [eap] = handled
(177)  } #  authenticate = handled
(177) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=133, length=0
(177) 	EAP-Message = 0x01b800061520
(177) 	Message-Authenticator = 0x00000000000000000000000000000000
(177) 	State = 0x9ec176319e7963e5a70ab74b04805e0c
Sending Access-Challenge Id 133 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b800061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x9ec176319e7963e5a70ab74b04805e0c
(177) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 134 from 192.168.99.122:49321 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x18313b0185d0ece8f57897a2650b1b0b
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02b8006a158000000060160301005b01000057030154ac6fd83b0554702373a2a81eab11de4d4c345fec4e1fce6d80c24f18df556600003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x9ec176319e7963e5a70ab74b04805e0c
(178) Received Access-Request packet from host 192.168.99.122 port 49321, id=134, length=186
(178) 	Message-Authenticator = 0x18313b0185d0ece8f57897a2650b1b0b
(178) 	NAS-Identifier = 'BS'
(178) 	User-Name = 'CPE7@siemens.com'
(178) 	EAP-Message = 0x02b8006a158000000060160301005b01000057030154ac6fd83b0554702373a2a81eab11de4d4c345fec4e1fce6d80c24f18df556600003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(178) 	State = 0x9ec176319e7963e5a70ab74b04805e0c
(178) # Executing section authorize from file /etc/raddb/sites-enabled/default
(178)   authorize {
(178)   filter_username filter_username {
(178)     if (!&User-Name) 
(178)     if (!&User-Name)  -> FALSE
(178)     if (&User-Name =~ / /) 
(178)     if (&User-Name =~ / /)  -> FALSE
(178)     if (&User-Name =~ /@.*@/ ) 
(178)     if (&User-Name =~ /@.*@/ )  -> FALSE
(178)     if (&User-Name =~ /\\.\\./ ) 
(178)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(178)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(178)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(178)     if (&User-Name =~ /\\.$/)  
(178)     if (&User-Name =~ /\\.$/)   -> FALSE
(178)     if (&User-Name =~ /@\\./)  
(178)     if (&User-Name =~ /@\\./)   -> FALSE
(178)   } # filter_username filter_username = notfound
(178)   [preprocess] = ok
(178)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(178)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(178)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(178)  auth_log : EXPAND %t
(178)  auth_log :    --> Wed Feb 14 20:05:25 2018
(178)   [auth_log] = ok
(178)   [chap] = noop
(178)   [mschap] = noop
(178)   [digest] = noop
(178)   [wimax] = noop
(178)  suffix : Checking for suffix after "@"
(178)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(178)  suffix : No such realm "siemens.com"
(178)   [suffix] = noop
(178)  eap : Peer sent code Response (2) ID 184 length 106
(178)  eap : Continuing tunnel setup
(178)   [eap] = ok
(178)  } #  authorize = ok
(178) Found Auth-Type = EAP
(178) # Executing group from file /etc/raddb/sites-enabled/default
(178)   authenticate {
(178)  eap : Expiring EAP session with state 0x34b58d2c37779811
(178)  eap : Finished EAP session with state 0x9ec176319e7963e5
(178)  eap : Previous EAP request found for state 0x9ec176319e7963e5, released from the list
(178)  eap : Peer sent method TTLS (21)
(178)  eap : EAP TTLS (21)
(178)  eap : Calling eap_ttls to process EAP data
(178)  eap_ttls : Authenticate
(178)  eap_ttls : processing EAP-TLS
  TLS Length 96
(178)  eap_ttls : Length Included
(178)  eap_ttls : eaptls_verify returned 11 
(178)  eap_ttls : (other): before/accept initialization
(178)  eap_ttls : TLS_accept: before/accept initialization
(178)  eap_ttls : <<< Unknown TLS version [length 0005] 
(178)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(178)  eap_ttls : TLS_accept: SSLv3 read client hello A
(178)  eap_ttls : >>> Unknown TLS version [length 0005] 
(178)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(178)  eap_ttls : TLS_accept: SSLv3 write server hello A
(178)  eap_ttls : >>> Unknown TLS version [length 0005] 
(178)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(178)  eap_ttls : TLS_accept: SSLv3 write certificate A
(178)  eap_ttls : >>> Unknown TLS version [length 0005] 
(178)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(178)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(178)  eap_ttls : >>> Unknown TLS version [length 0005] 
(178)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(178)  eap_ttls : TLS_accept: SSLv3 write server done A
(178)  eap_ttls : TLS_accept: SSLv3 flush data
(178)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(178)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(178)  eap_ttls : eaptls_process returned 13 
(178)  eap : New EAP session, adding 'State' attribute to reply 0x9ec176319f7863e5
(178)   [eap] = handled
(178)  } #  authenticate = handled
(178) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=134, length=0
(178) 	EAP-Message = 0x01b903ec15c000000702160301004a02000046030199f7fd6c04e0b2a7aed7a3f82aceb5dd5eeffab9741dc4a0a15a7031b6b46d8f208b10cb6c13928b8313a5937d5fc33418ab99dc263b026547c9260acfe59262c900390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(178) 	Message-Authenticator = 0x00000000000000000000000000000000
(178) 	State = 0x9ec176319f7863e5a70ab74b04805e0c
Sending Access-Challenge Id 134 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b903ec15c000000702160301004a02000046030199f7fd6c04e0b2a7aed7a3f82aceb5dd5eeffab9741dc4a0a15a7031b6b46d8f208b10cb6c13928b8313a5937d5fc33418ab99dc263b026547c9260acfe59262c900390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x9ec176319f7863e5a70ab74b04805e0c
(178) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 135 from 192.168.99.122:49321 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0x2ff9cbff888c4ce53dc6a2b8b84a1414
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02b900061500
	State = 0x9ec176319f7863e5a70ab74b04805e0c
(179) Received Access-Request packet from host 192.168.99.122 port 49321, id=135, length=86
(179) 	Message-Authenticator = 0x2ff9cbff888c4ce53dc6a2b8b84a1414
(179) 	NAS-Identifier = 'BS'
(179) 	User-Name = 'CPE7@siemens.com'
(179) 	EAP-Message = 0x02b900061500
(179) 	State = 0x9ec176319f7863e5a70ab74b04805e0c
(179) # Executing section authorize from file /etc/raddb/sites-enabled/default
(179)   authorize {
(179)   filter_username filter_username {
(179)     if (!&User-Name) 
(179)     if (!&User-Name)  -> FALSE
(179)     if (&User-Name =~ / /) 
(179)     if (&User-Name =~ / /)  -> FALSE
(179)     if (&User-Name =~ /@.*@/ ) 
(179)     if (&User-Name =~ /@.*@/ )  -> FALSE
(179)     if (&User-Name =~ /\\.\\./ ) 
(179)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(179)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(179)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(179)     if (&User-Name =~ /\\.$/)  
(179)     if (&User-Name =~ /\\.$/)   -> FALSE
(179)     if (&User-Name =~ /@\\./)  
(179)     if (&User-Name =~ /@\\./)   -> FALSE
(179)   } # filter_username filter_username = notfound
(179)   [preprocess] = ok
(179)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(179)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(179)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(179)  auth_log : EXPAND %t
(179)  auth_log :    --> Wed Feb 14 20:05:25 2018
(179)   [auth_log] = ok
(179)   [chap] = noop
(179)   [mschap] = noop
(179)   [digest] = noop
(179)   [wimax] = noop
(179)  suffix : Checking for suffix after "@"
(179)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(179)  suffix : No such realm "siemens.com"
(179)   [suffix] = noop
(179)  eap : Peer sent code Response (2) ID 185 length 6
(179)  eap : Continuing tunnel setup
(179)   [eap] = ok
(179)  } #  authorize = ok
(179) Found Auth-Type = EAP
(179) # Executing group from file /etc/raddb/sites-enabled/default
(179)   authenticate {
(179)  eap : Expiring EAP session with state 0x34b58d2c37779811
(179)  eap : Finished EAP session with state 0x9ec176319f7863e5
(179)  eap : Previous EAP request found for state 0x9ec176319f7863e5, released from the list
(179)  eap : Peer sent method TTLS (21)
(179)  eap : EAP TTLS (21)
(179)  eap : Calling eap_ttls to process EAP data
(179)  eap_ttls : Authenticate
(179)  eap_ttls : processing EAP-TLS
(179)  eap_ttls : Received TLS ACK
(179)  eap_ttls : Received TLS ACK
(179)  eap_ttls : ACK handshake fragment handler
(179)  eap_ttls : eaptls_verify returned 1 
(179)  eap_ttls : eaptls_process returned 13 
(179)  eap : New EAP session, adding 'State' attribute to reply 0x9ec176319c7b63e5
(179)   [eap] = handled
(179)  } #  authenticate = handled
(179) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=135, length=0
(179) 	EAP-Message = 0x01ba032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(179) 	Message-Authenticator = 0x00000000000000000000000000000000
(179) 	State = 0x9ec176319c7b63e5a70ab74b04805e0c
Sending Access-Challenge Id 135 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01ba032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x9ec176319c7b63e5a70ab74b04805e0c
(179) Finished request
Waking up in 0.2 seconds.
Waking up in 1.4 seconds.
Received Access-Request Id 157 from 192.168.99.123:49286 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0xe6c45058dbfb11f6333fbf233b61c8d7
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x029700d01580000000c616030100861000008200804539cafff48ab4e23285fb2cbd0fa8c38ebcc2c5c87675372125909ad640b63664291d6773c0533c87755b90638230e871877d86cf2f97cb4a42a589603641eff581b0bc5be621262e2e8f59e19df4e620f248ad51afe1f9b0a8845413e123a78c7ba571e44e8e8283d7629af20bf0353bbb7a49b41155f571f4b250b85b939e140301000101160301003001aec9a04467c2ce49306f425339155564f418f94898fba848681debb90f048642fe35e5868363e82235cd2b4c00e757
	State = 0x9486222b9611375354eb42325ef573fb
(180) Received Access-Request packet from host 192.168.99.123 port 49286, id=157, length=288
(180) 	Message-Authenticator = 0xe6c45058dbfb11f6333fbf233b61c8d7
(180) 	NAS-Identifier = 'BS'
(180) 	User-Name = 'CPE9@siemens.com'
(180) 	EAP-Message = 0x029700d01580000000c616030100861000008200804539cafff48ab4e23285fb2cbd0fa8c38ebcc2c5c87675372125909ad640b63664291d6773c0533c87755b90638230e871877d86cf2f97cb4a42a589603641eff581b0bc5be621262e2e8f59e19df4e620f248ad51afe1f9b0a8845413e123a78c7ba571e44e8e8283d7629af20bf0353bbb7a49b41155f571f4b250b85b939e140301000101160301003001aec9a04467c2ce49306f425339155564f418f94898fba848681debb90f048642fe35e5868363e82235cd2b4c00e757
(180) 	State = 0x9486222b9611375354eb42325ef573fb
(180) # Executing section authorize from file /etc/raddb/sites-enabled/default
(180)   authorize {
(180)   filter_username filter_username {
(180)     if (!&User-Name) 
(180)     if (!&User-Name)  -> FALSE
(180)     if (&User-Name =~ / /) 
(180)     if (&User-Name =~ / /)  -> FALSE
(180)     if (&User-Name =~ /@.*@/ ) 
(180)     if (&User-Name =~ /@.*@/ )  -> FALSE
(180)     if (&User-Name =~ /\\.\\./ ) 
(180)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(180)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(180)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(180)     if (&User-Name =~ /\\.$/)  
(180)     if (&User-Name =~ /\\.$/)   -> FALSE
(180)     if (&User-Name =~ /@\\./)  
(180)     if (&User-Name =~ /@\\./)   -> FALSE
(180)   } # filter_username filter_username = notfound
(180)   [preprocess] = ok
(180)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(180)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(180)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(180)  auth_log : EXPAND %t
(180)  auth_log :    --> Wed Feb 14 20:05:26 2018
(180)   [auth_log] = ok
(180)   [chap] = noop
(180)   [mschap] = noop
(180)   [digest] = noop
(180)   [wimax] = noop
(180)  suffix : Checking for suffix after "@"
(180)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(180)  suffix : No such realm "siemens.com"
(180)   [suffix] = noop
(180)  eap : Peer sent code Response (2) ID 151 length 208
(180)  eap : Continuing tunnel setup
(180)   [eap] = ok
(180)  } #  authorize = ok
(180) Found Auth-Type = EAP
(180) # Executing group from file /etc/raddb/sites-enabled/default
(180)   authenticate {
(180)  eap : Expiring EAP session with state 0x34b58d2c37779811
(180)  eap : Finished EAP session with state 0x9486222b96113753
(180)  eap : Previous EAP request found for state 0x9486222b96113753, released from the list
(180)  eap : Peer sent method TTLS (21)
(180)  eap : EAP TTLS (21)
(180)  eap : Calling eap_ttls to process EAP data
(180)  eap_ttls : Authenticate
(180)  eap_ttls : processing EAP-TLS
  TLS Length 198
(180)  eap_ttls : Length Included
(180)  eap_ttls : eaptls_verify returned 11 
(180)  eap_ttls : <<< Unknown TLS version [length 0005] 
(180)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(180)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(180)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(180)  eap_ttls : <<< Unknown TLS version [length 0005] 
(180)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(180)  eap_ttls : <<< Unknown TLS version [length 0005] 
(180)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(180)  eap_ttls : TLS_accept: SSLv3 read finished A
(180)  eap_ttls : >>> Unknown TLS version [length 0005] 
(180)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(180)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(180)  eap_ttls : >>> Unknown TLS version [length 0005] 
(180)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(180)  eap_ttls : TLS_accept: SSLv3 write finished A
(180)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 8467ef2a1dc7fd4d061dd1d1842227e7431d9af9a7c9562e41d788a9651bec64 to cache
(180)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(180)  eap_ttls : eaptls_process returned 13 
(180)  eap : New EAP session, adding 'State' attribute to reply 0x9486222b971e3753
(180)   [eap] = handled
(180)  } #  authenticate = handled
(180) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=157, length=0
(180) 	EAP-Message = 0x0198004515800000003b14030100010116030100300d040564516f1c8423a4fa5f112f70866b33308d579f5991b9727fe3750ac8de4565e702668bf9992b74a2f474e4201c
(180) 	Message-Authenticator = 0x00000000000000000000000000000000
(180) 	State = 0x9486222b971e375354eb42325ef573fb
Sending Access-Challenge Id 157 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x0198004515800000003b14030100010116030100300d040564516f1c8423a4fa5f112f70866b33308d579f5991b9727fe3750ac8de4565e702668bf9992b74a2f474e4201c
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x9486222b971e375354eb42325ef573fb
(180) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 165 from 192.168.99.121:49210 to 192.168.99.101:1812 length 289
	Message-Authenticator = 0xf6fe7d071820885bc5c18f8c6675a55d
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c700d01580000000c6160301008610000082008077626859b2fa6223e165469d07298c6bc8d86d2aec4a21718ef45add844d683899101a1eece43cbb1591129a6e7ce5eb7d06a770552cc9d546b2f9119b1651e538799ce041933205c7656800944fe70aad13929a709c958342c0f8eb0decc6a6512d6fb5d2ac756092d42dc0d508cf3e3ecc919fa26495a43b573ba2c1f19473140301000101160301003099eaa9e31596ef2077fd028dd86f9de8e81dcb1e15f3f07891fb67b51fe84bc0510d277ebf92194ad88a1a73e1be5a8b
	State = 0x7b3b66d779fc737e4fb104ccaa73094f
(181) Received Access-Request packet from host 192.168.99.121 port 49210, id=165, length=289
(181) 	Message-Authenticator = 0xf6fe7d071820885bc5c18f8c6675a55d
(181) 	NAS-Identifier = 'BS'
(181) 	User-Name = 'CPE11@siemens.com'
(181) 	EAP-Message = 0x02c700d01580000000c6160301008610000082008077626859b2fa6223e165469d07298c6bc8d86d2aec4a21718ef45add844d683899101a1eece43cbb1591129a6e7ce5eb7d06a770552cc9d546b2f9119b1651e538799ce041933205c7656800944fe70aad13929a709c958342c0f8eb0decc6a6512d6fb5d2ac756092d42dc0d508cf3e3ecc919fa26495a43b573ba2c1f19473140301000101160301003099eaa9e31596ef2077fd028dd86f9de8e81dcb1e15f3f07891fb67b51fe84bc0510d277ebf92194ad88a1a73e1be5a8b
(181) 	State = 0x7b3b66d779fc737e4fb104ccaa73094f
(181) # Executing section authorize from file /etc/raddb/sites-enabled/default
(181)   authorize {
(181)   filter_username filter_username {
(181)     if (!&User-Name) 
(181)     if (!&User-Name)  -> FALSE
(181)     if (&User-Name =~ / /) 
(181)     if (&User-Name =~ / /)  -> FALSE
(181)     if (&User-Name =~ /@.*@/ ) 
(181)     if (&User-Name =~ /@.*@/ )  -> FALSE
(181)     if (&User-Name =~ /\\.\\./ ) 
(181)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(181)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(181)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(181)     if (&User-Name =~ /\\.$/)  
(181)     if (&User-Name =~ /\\.$/)   -> FALSE
(181)     if (&User-Name =~ /@\\./)  
(181)     if (&User-Name =~ /@\\./)   -> FALSE
(181)   } # filter_username filter_username = notfound
(181)   [preprocess] = ok
(181)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(181)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(181)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(181)  auth_log : EXPAND %t
(181)  auth_log :    --> Wed Feb 14 20:05:26 2018
(181)   [auth_log] = ok
(181)   [chap] = noop
(181)   [mschap] = noop
(181)   [digest] = noop
(181)   [wimax] = noop
(181)  suffix : Checking for suffix after "@"
(181)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(181)  suffix : No such realm "siemens.com"
(181)   [suffix] = noop
(181)  eap : Peer sent code Response (2) ID 199 length 208
(181)  eap : Continuing tunnel setup
(181)   [eap] = ok
(181)  } #  authorize = ok
(181) Found Auth-Type = EAP
(181) # Executing group from file /etc/raddb/sites-enabled/default
(181)   authenticate {
(181)  eap : Expiring EAP session with state 0x34b58d2c37779811
(181)  eap : Finished EAP session with state 0x7b3b66d779fc737e
(181)  eap : Previous EAP request found for state 0x7b3b66d779fc737e, released from the list
(181)  eap : Peer sent method TTLS (21)
(181)  eap : EAP TTLS (21)
(181)  eap : Calling eap_ttls to process EAP data
(181)  eap_ttls : Authenticate
(181)  eap_ttls : processing EAP-TLS
  TLS Length 198
(181)  eap_ttls : Length Included
(181)  eap_ttls : eaptls_verify returned 11 
(181)  eap_ttls : <<< Unknown TLS version [length 0005] 
(181)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(181)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(181)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(181)  eap_ttls : <<< Unknown TLS version [length 0005] 
(181)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(181)  eap_ttls : <<< Unknown TLS version [length 0005] 
(181)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(181)  eap_ttls : TLS_accept: SSLv3 read finished A
(181)  eap_ttls : >>> Unknown TLS version [length 0005] 
(181)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(181)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(181)  eap_ttls : >>> Unknown TLS version [length 0005] 
(181)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(181)  eap_ttls : TLS_accept: SSLv3 write finished A
(181)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 6bc57a76b3da4ff86ef98a96797d46dc01d05955f0e97934cf6b6dcb32e5be8f to cache
(181)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(181)  eap_ttls : eaptls_process returned 13 
(181)  eap : New EAP session, adding 'State' attribute to reply 0x7b3b66d778f3737e
(181)   [eap] = handled
(181)  } #  authenticate = handled
(181) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=165, length=0
(181) 	EAP-Message = 0x01c8004515800000003b140301000101160301003008451d1c0abf6ce4494e191fe1be4ecde919e70be8213607860015d5694c4b8c4fda9f2a17f9ea6b2f36cfe6f02f9945
(181) 	Message-Authenticator = 0x00000000000000000000000000000000
(181) 	State = 0x7b3b66d778f3737e4fb104ccaa73094f
Sending Access-Challenge Id 165 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c8004515800000003b140301000101160301003008451d1c0abf6ce4494e191fe1be4ecde919e70be8213607860015d5694c4b8c4fda9f2a17f9ea6b2f36cfe6f02f9945
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x7b3b66d778f3737e4fb104ccaa73094f
(181) Finished request
Waking up in 0.2 seconds.
Waking up in 0.1 seconds.
Waking up in 0.4 seconds.
Received Access-Request Id 158 from 192.168.99.123:49286 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0x0646664fd2e8a3424fbe32d7098b50d6
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x029600d01580000000c616030100861000008200808a656301105eb1d67d75a42c8aacb5b6d1883fc69dcfe81edc178cf00956a0d5d395ad6107ebcc5450cbf17a8524e2e876039cd230a03a72bb8869de69e492729087eadeb2952ff1cab1029ef63e9c458de8eed99c9abf5e5dd72639aabb3242a953c5e440944e5a599ef141ddb5165eb4a95c44a5054195d9b7d12af3b7d7d11403010001011603010030ab1950df144deab583d8b773e7caa2dec2b313f952a8d21812673b231bc98dd1b635184515add8bc3b26db1e2e465ac1
	State = 0x6a18e009688ef53a5dd1c90a79b26365
(182) Received Access-Request packet from host 192.168.99.123 port 49286, id=158, length=288
(182) 	Message-Authenticator = 0x0646664fd2e8a3424fbe32d7098b50d6
(182) 	NAS-Identifier = 'BS'
(182) 	User-Name = 'CPE8@siemens.com'
(182) 	EAP-Message = 0x029600d01580000000c616030100861000008200808a656301105eb1d67d75a42c8aacb5b6d1883fc69dcfe81edc178cf00956a0d5d395ad6107ebcc5450cbf17a8524e2e876039cd230a03a72bb8869de69e492729087eadeb2952ff1cab1029ef63e9c458de8eed99c9abf5e5dd72639aabb3242a953c5e440944e5a599ef141ddb5165eb4a95c44a5054195d9b7d12af3b7d7d11403010001011603010030ab1950df144deab583d8b773e7caa2dec2b313f952a8d21812673b231bc98dd1b635184515add8bc3b26db1e2e465ac1
(182) 	State = 0x6a18e009688ef53a5dd1c90a79b26365
(182) # Executing section authorize from file /etc/raddb/sites-enabled/default
(182)   authorize {
(182)   filter_username filter_username {
(182)     if (!&User-Name) 
(182)     if (!&User-Name)  -> FALSE
(182)     if (&User-Name =~ / /) 
(182)     if (&User-Name =~ / /)  -> FALSE
(182)     if (&User-Name =~ /@.*@/ ) 
(182)     if (&User-Name =~ /@.*@/ )  -> FALSE
(182)     if (&User-Name =~ /\\.\\./ ) 
(182)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(182)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(182)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(182)     if (&User-Name =~ /\\.$/)  
(182)     if (&User-Name =~ /\\.$/)   -> FALSE
(182)     if (&User-Name =~ /@\\./)  
(182)     if (&User-Name =~ /@\\./)   -> FALSE
(182)   } # filter_username filter_username = notfound
(182)   [preprocess] = ok
(182)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(182)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(182)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(182)  auth_log : EXPAND %t
(182)  auth_log :    --> Wed Feb 14 20:05:27 2018
(182)   [auth_log] = ok
(182)   [chap] = noop
(182)   [mschap] = noop
(182)   [digest] = noop
(182)   [wimax] = noop
(182)  suffix : Checking for suffix after "@"
(182)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(182)  suffix : No such realm "siemens.com"
(182)   [suffix] = noop
(182)  eap : Peer sent code Response (2) ID 150 length 208
(182)  eap : Continuing tunnel setup
(182)   [eap] = ok
(182)  } #  authorize = ok
(182) Found Auth-Type = EAP
(182) # Executing group from file /etc/raddb/sites-enabled/default
(182)   authenticate {
(182)  eap : Expiring EAP session with state 0x34b58d2c37779811
(182)  eap : Finished EAP session with state 0x6a18e009688ef53a
(182)  eap : Previous EAP request found for state 0x6a18e009688ef53a, released from the list
(182)  eap : Peer sent method TTLS (21)
(182)  eap : EAP TTLS (21)
(182)  eap : Calling eap_ttls to process EAP data
(182)  eap_ttls : Authenticate
(182)  eap_ttls : processing EAP-TLS
  TLS Length 198
(182)  eap_ttls : Length Included
(182)  eap_ttls : eaptls_verify returned 11 
(182)  eap_ttls : <<< Unknown TLS version [length 0005] 
(182)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(182)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(182)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(182)  eap_ttls : <<< Unknown TLS version [length 0005] 
(182)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(182)  eap_ttls : <<< Unknown TLS version [length 0005] 
(182)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(182)  eap_ttls : TLS_accept: SSLv3 read finished A
(182)  eap_ttls : >>> Unknown TLS version [length 0005] 
(182)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(182)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(182)  eap_ttls : >>> Unknown TLS version [length 0005] 
(182)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(182)  eap_ttls : TLS_accept: SSLv3 write finished A
(182)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session df42325f6e22f31c9e5c832a8e95de20acfff5c583f79a64a75963476be64afc to cache
(182)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(182)  eap_ttls : eaptls_process returned 13 
(182)  eap : New EAP session, adding 'State' attribute to reply 0x6a18e009698ff53a
(182)   [eap] = handled
(182)  } #  authenticate = handled
(182) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=158, length=0
(182) 	EAP-Message = 0x0197004515800000003b140301000101160301003048644db8a13943d5798f3874d5d74038c3d895be2a2360215afd103b045a6c5ac42b523fcb5748f10b02e131eb31be29
(182) 	Message-Authenticator = 0x00000000000000000000000000000000
(182) 	State = 0x6a18e009698ff53a5dd1c90a79b26365
Sending Access-Challenge Id 158 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x0197004515800000003b140301000101160301003048644db8a13943d5798f3874d5d74038c3d895be2a2360215afd103b045a6c5ac42b523fcb5748f10b02e131eb31be29
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x6a18e009698ff53a5dd1c90a79b26365
(182) Finished request
Waking up in 0.3 seconds.
(164) Cleaning up request packet ID 132 with timestamp +126
Waking up in 1.5 seconds.
Received Access-Request Id 136 from 192.168.99.122:49321 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0xc39caccebd2c6e139517a0399e1ef3f2
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02ba00d01580000000c6160301008610000082008093e9e6b307834a36cfcfbc6a56758d3bf314bf36645895eec5f493cff194c434fec93f4fed1a95e612ec7a3ff7340f6bb97349bf8ee4bef26980dd2e560308be3ba626b1142bb72f767e2d15ad92c29752c7499b6919cc5be65e1eb0a14a0418fabdfdb1b7dc81ee40232546f77bb50bd7cc07091341c23be6f023bac05ec7d614030100010116030100305bc6b39e28072445235bc644d065f4dc8bd22a2f2c327aad87212dbeb0b2e653ea9249c5abb91d1e0f69838dbc709adb
	State = 0x9ec176319c7b63e5a70ab74b04805e0c
(183) Received Access-Request packet from host 192.168.99.122 port 49321, id=136, length=288
(183) 	Message-Authenticator = 0xc39caccebd2c6e139517a0399e1ef3f2
(183) 	NAS-Identifier = 'BS'
(183) 	User-Name = 'CPE7@siemens.com'
(183) 	EAP-Message = 0x02ba00d01580000000c6160301008610000082008093e9e6b307834a36cfcfbc6a56758d3bf314bf36645895eec5f493cff194c434fec93f4fed1a95e612ec7a3ff7340f6bb97349bf8ee4bef26980dd2e560308be3ba626b1142bb72f767e2d15ad92c29752c7499b6919cc5be65e1eb0a14a0418fabdfdb1b7dc81ee40232546f77bb50bd7cc07091341c23be6f023bac05ec7d614030100010116030100305bc6b39e28072445235bc644d065f4dc8bd22a2f2c327aad87212dbeb0b2e653ea9249c5abb91d1e0f69838dbc709adb
(183) 	State = 0x9ec176319c7b63e5a70ab74b04805e0c
(183) # Executing section authorize from file /etc/raddb/sites-enabled/default
(183)   authorize {
(183)   filter_username filter_username {
(183)     if (!&User-Name) 
(183)     if (!&User-Name)  -> FALSE
(183)     if (&User-Name =~ / /) 
(183)     if (&User-Name =~ / /)  -> FALSE
(183)     if (&User-Name =~ /@.*@/ ) 
(183)     if (&User-Name =~ /@.*@/ )  -> FALSE
(183)     if (&User-Name =~ /\\.\\./ ) 
(183)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(183)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(183)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(183)     if (&User-Name =~ /\\.$/)  
(183)     if (&User-Name =~ /\\.$/)   -> FALSE
(183)     if (&User-Name =~ /@\\./)  
(183)     if (&User-Name =~ /@\\./)   -> FALSE
(183)   } # filter_username filter_username = notfound
(183)   [preprocess] = ok
(183)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(183)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(183)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(183)  auth_log : EXPAND %t
(183)  auth_log :    --> Wed Feb 14 20:05:28 2018
(183)   [auth_log] = ok
(183)   [chap] = noop
(183)   [mschap] = noop
(183)   [digest] = noop
(183)   [wimax] = noop
(183)  suffix : Checking for suffix after "@"
(183)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(183)  suffix : No such realm "siemens.com"
(183)   [suffix] = noop
(183)  eap : Peer sent code Response (2) ID 186 length 208
(183)  eap : Continuing tunnel setup
(183)   [eap] = ok
(183)  } #  authorize = ok
(183) Found Auth-Type = EAP
(183) # Executing group from file /etc/raddb/sites-enabled/default
(183)   authenticate {
(183)  eap : Expiring EAP session with state 0x34b58d2c37779811
(183)  eap : Finished EAP session with state 0x9ec176319c7b63e5
(183)  eap : Previous EAP request found for state 0x9ec176319c7b63e5, released from the list
(183)  eap : Peer sent method TTLS (21)
(183)  eap : EAP TTLS (21)
(183)  eap : Calling eap_ttls to process EAP data
(183)  eap_ttls : Authenticate
(183)  eap_ttls : processing EAP-TLS
  TLS Length 198
(183)  eap_ttls : Length Included
(183)  eap_ttls : eaptls_verify returned 11 
(183)  eap_ttls : <<< Unknown TLS version [length 0005] 
(183)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(183)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(183)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(183)  eap_ttls : <<< Unknown TLS version [length 0005] 
(183)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(183)  eap_ttls : <<< Unknown TLS version [length 0005] 
(183)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(183)  eap_ttls : TLS_accept: SSLv3 read finished A
(183)  eap_ttls : >>> Unknown TLS version [length 0005] 
(183)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(183)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(183)  eap_ttls : >>> Unknown TLS version [length 0005] 
(183)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(183)  eap_ttls : TLS_accept: SSLv3 write finished A
(183)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 8b10cb6c13928b8313a5937d5fc33418ab99dc263b026547c9260acfe59262c9 to cache
(183)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(183)  eap_ttls : eaptls_process returned 13 
(183)  eap : New EAP session, adding 'State' attribute to reply 0x9ec176319d7a63e5
(183)   [eap] = handled
(183)  } #  authenticate = handled
(183) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=136, length=0
(183) 	EAP-Message = 0x01bb004515800000003b14030100010116030100303d009936fe6e51c014d107095023aa4c93887a21d24350c35ed04109dcecf6c418bb0a8ad659bca4064bdb1bbd763bbf
(183) 	Message-Authenticator = 0x00000000000000000000000000000000
(183) 	State = 0x9ec176319d7a63e5a70ab74b04805e0c
Sending Access-Challenge Id 136 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01bb004515800000003b14030100010116030100303d009936fe6e51c014d107095023aa4c93887a21d24350c35ed04109dcecf6c418bb0a8ad659bca4064bdb1bbd763bbf
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x9ec176319d7a63e5a70ab74b04805e0c
(183) Finished request
Waking up in 0.3 seconds.
Waking up in 0.5 seconds.
(165) Cleaning up request packet ID 151 with timestamp +127
(166) Cleaning up request packet ID 152 with timestamp +128
(167) Cleaning up request packet ID 153 with timestamp +128
(168) Cleaning up request packet ID 1 with timestamp +128
(169) Cleaning up request packet ID 162 with timestamp +128
(170) Cleaning up request packet ID 1 with timestamp +128
(171) Cleaning up request packet ID 163 with timestamp +128
(172) Cleaning up request packet ID 164 with timestamp +128
Waking up in 0.1 seconds.
(173) Cleaning up request packet ID 1 with timestamp +128
(174) Cleaning up request packet ID 154 with timestamp +128
(175) Cleaning up request packet ID 155 with timestamp +128
(176) Cleaning up request packet ID 156 with timestamp +128
Waking up in 0.9 seconds.
Received Access-Request Id 137 from 192.168.99.122:49321 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x8bd28d6819dc932dca1b9aceab7de896
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02b800150143504536407369656d656e732e636f6d
(184) Received Access-Request packet from host 192.168.99.122 port 49321, id=137, length=83
(184) 	Message-Authenticator = 0x8bd28d6819dc932dca1b9aceab7de896
(184) 	NAS-Identifier = 'BS'
(184) 	User-Name = 'CPE6@siemens.com'
(184) 	EAP-Message = 0x02b800150143504536407369656d656e732e636f6d
(184) # Executing section authorize from file /etc/raddb/sites-enabled/default
(184)   authorize {
(184)   filter_username filter_username {
(184)     if (!&User-Name) 
(184)     if (!&User-Name)  -> FALSE
(184)     if (&User-Name =~ / /) 
(184)     if (&User-Name =~ / /)  -> FALSE
(184)     if (&User-Name =~ /@.*@/ ) 
(184)     if (&User-Name =~ /@.*@/ )  -> FALSE
(184)     if (&User-Name =~ /\\.\\./ ) 
(184)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(184)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(184)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(184)     if (&User-Name =~ /\\.$/)  
(184)     if (&User-Name =~ /\\.$/)   -> FALSE
(184)     if (&User-Name =~ /@\\./)  
(184)     if (&User-Name =~ /@\\./)   -> FALSE
(184)   } # filter_username filter_username = notfound
(184)   [preprocess] = ok
(184)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(184)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(184)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(184)  auth_log : EXPAND %t
(184)  auth_log :    --> Wed Feb 14 20:05:29 2018
(184)   [auth_log] = ok
(184)   [chap] = noop
(184)   [mschap] = noop
(184)   [digest] = noop
(184)   [wimax] = noop
(184)  suffix : Checking for suffix after "@"
(184)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(184)  suffix : No such realm "siemens.com"
(184)   [suffix] = noop
(184)  eap : Peer sent code Response (2) ID 184 length 21
(184)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(184)   [eap] = ok
(184)  } #  authorize = ok
(184) Found Auth-Type = EAP
(184) # Executing group from file /etc/raddb/sites-enabled/default
(184)   authenticate {
(184)  eap : Peer sent method Identity (1)
(184)  eap : Calling eap_ttls to process EAP data
(184)  eap_ttls : Initiate
(184)  eap_ttls : Start returned 1
(184)  eap : New EAP session, adding 'State' attribute to reply 0x41d1cbbb4168de51
(184)   [eap] = handled
(184)  } #  authenticate = handled
(184) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=137, length=0
(184) 	EAP-Message = 0x01b900061520
(184) 	Message-Authenticator = 0x00000000000000000000000000000000
(184) 	State = 0x41d1cbbb4168de511174582fb6700a7c
Sending Access-Challenge Id 137 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01b900061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x41d1cbbb4168de511174582fb6700a7c
(184) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 138 from 192.168.99.122:49321 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0xd8c9f098eead0afc3d31cd4bc214392c
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02b9006a158000000060160301005b01000057030154acd55f31636b845a32b351de28e77ea496810e8706030294897da7066dce2c00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x41d1cbbb4168de511174582fb6700a7c
(185) Received Access-Request packet from host 192.168.99.122 port 49321, id=138, length=186
(185) 	Message-Authenticator = 0xd8c9f098eead0afc3d31cd4bc214392c
(185) 	NAS-Identifier = 'BS'
(185) 	User-Name = 'CPE6@siemens.com'
(185) 	EAP-Message = 0x02b9006a158000000060160301005b01000057030154acd55f31636b845a32b351de28e77ea496810e8706030294897da7066dce2c00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(185) 	State = 0x41d1cbbb4168de511174582fb6700a7c
(185) # Executing section authorize from file /etc/raddb/sites-enabled/default
(185)   authorize {
(185)   filter_username filter_username {
(185)     if (!&User-Name) 
(185)     if (!&User-Name)  -> FALSE
(185)     if (&User-Name =~ / /) 
(185)     if (&User-Name =~ / /)  -> FALSE
(185)     if (&User-Name =~ /@.*@/ ) 
(185)     if (&User-Name =~ /@.*@/ )  -> FALSE
(185)     if (&User-Name =~ /\\.\\./ ) 
(185)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(185)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(185)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(185)     if (&User-Name =~ /\\.$/)  
(185)     if (&User-Name =~ /\\.$/)   -> FALSE
(185)     if (&User-Name =~ /@\\./)  
(185)     if (&User-Name =~ /@\\./)   -> FALSE
(185)   } # filter_username filter_username = notfound
(185)   [preprocess] = ok
(185)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(185)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(185)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(185)  auth_log : EXPAND %t
(185)  auth_log :    --> Wed Feb 14 20:05:29 2018
(185)   [auth_log] = ok
(185)   [chap] = noop
(185)   [mschap] = noop
(185)   [digest] = noop
(185)   [wimax] = noop
(185)  suffix : Checking for suffix after "@"
(185)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(185)  suffix : No such realm "siemens.com"
(185)   [suffix] = noop
(185)  eap : Peer sent code Response (2) ID 185 length 106
(185)  eap : Continuing tunnel setup
(185)   [eap] = ok
(185)  } #  authorize = ok
(185) Found Auth-Type = EAP
(185) # Executing group from file /etc/raddb/sites-enabled/default
(185)   authenticate {
(185)  eap : Expiring EAP session with state 0x34b58d2c37779811
(185)  eap : Finished EAP session with state 0x41d1cbbb4168de51
(185)  eap : Previous EAP request found for state 0x41d1cbbb4168de51, released from the list
(185)  eap : Peer sent method TTLS (21)
(185)  eap : EAP TTLS (21)
(185)  eap : Calling eap_ttls to process EAP data
(185)  eap_ttls : Authenticate
(185)  eap_ttls : processing EAP-TLS
  TLS Length 96
(185)  eap_ttls : Length Included
(185)  eap_ttls : eaptls_verify returned 11 
(185)  eap_ttls : (other): before/accept initialization
(185)  eap_ttls : TLS_accept: before/accept initialization
(185)  eap_ttls : <<< Unknown TLS version [length 0005] 
(185)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(185)  eap_ttls : TLS_accept: SSLv3 read client hello A
(185)  eap_ttls : >>> Unknown TLS version [length 0005] 
(185)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(185)  eap_ttls : TLS_accept: SSLv3 write server hello A
(185)  eap_ttls : >>> Unknown TLS version [length 0005] 
(185)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(185)  eap_ttls : TLS_accept: SSLv3 write certificate A
(185)  eap_ttls : >>> Unknown TLS version [length 0005] 
(185)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(185)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(185)  eap_ttls : >>> Unknown TLS version [length 0005] 
(185)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(185)  eap_ttls : TLS_accept: SSLv3 write server done A
(185)  eap_ttls : TLS_accept: SSLv3 flush data
(185)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(185)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(185)  eap_ttls : eaptls_process returned 13 
(185)  eap : New EAP session, adding 'State' attribute to reply 0x41d1cbbb406bde51
(185)   [eap] = handled
(185)  } #  authenticate = handled
(185) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=138, length=0
(185) 	EAP-Message = 0x01ba03ec15c000000702160301004a020000460301a4803697ececad69b806115b15562447db7604d6bf02e88a6c3bdba34f6c0f8420b1578cb36e3f82176691c843d7e5b55e60a9f058ad1884a058079022e05965ff00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(185) 	Message-Authenticator = 0x00000000000000000000000000000000
(185) 	State = 0x41d1cbbb406bde511174582fb6700a7c
Sending Access-Challenge Id 138 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01ba03ec15c000000702160301004a020000460301a4803697ececad69b806115b15562447db7604d6bf02e88a6c3bdba34f6c0f8420b1578cb36e3f82176691c843d7e5b55e60a9f058ad1884a058079022e05965ff00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x41d1cbbb406bde511174582fb6700a7c
(185) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 139 from 192.168.99.122:49321 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0x658ef2df2131e7ee0e8687353c9d71f5
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02ba00061500
	State = 0x41d1cbbb406bde511174582fb6700a7c
(186) Received Access-Request packet from host 192.168.99.122 port 49321, id=139, length=86
(186) 	Message-Authenticator = 0x658ef2df2131e7ee0e8687353c9d71f5
(186) 	NAS-Identifier = 'BS'
(186) 	User-Name = 'CPE6@siemens.com'
(186) 	EAP-Message = 0x02ba00061500
(186) 	State = 0x41d1cbbb406bde511174582fb6700a7c
(186) # Executing section authorize from file /etc/raddb/sites-enabled/default
(186)   authorize {
(186)   filter_username filter_username {
(186)     if (!&User-Name) 
(186)     if (!&User-Name)  -> FALSE
(186)     if (&User-Name =~ / /) 
(186)     if (&User-Name =~ / /)  -> FALSE
(186)     if (&User-Name =~ /@.*@/ ) 
(186)     if (&User-Name =~ /@.*@/ )  -> FALSE
(186)     if (&User-Name =~ /\\.\\./ ) 
(186)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(186)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(186)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(186)     if (&User-Name =~ /\\.$/)  
(186)     if (&User-Name =~ /\\.$/)   -> FALSE
(186)     if (&User-Name =~ /@\\./)  
(186)     if (&User-Name =~ /@\\./)   -> FALSE
(186)   } # filter_username filter_username = notfound
(186)   [preprocess] = ok
(186)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(186)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(186)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(186)  auth_log : EXPAND %t
(186)  auth_log :    --> Wed Feb 14 20:05:29 2018
(186)   [auth_log] = ok
(186)   [chap] = noop
(186)   [mschap] = noop
(186)   [digest] = noop
(186)   [wimax] = noop
(186)  suffix : Checking for suffix after "@"
(186)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(186)  suffix : No such realm "siemens.com"
(186)   [suffix] = noop
(186)  eap : Peer sent code Response (2) ID 186 length 6
(186)  eap : Continuing tunnel setup
(186)   [eap] = ok
(186)  } #  authorize = ok
(186) Found Auth-Type = EAP
(186) # Executing group from file /etc/raddb/sites-enabled/default
(186)   authenticate {
(186)  eap : Expiring EAP session with state 0x34b58d2c37779811
(186)  eap : Finished EAP session with state 0x41d1cbbb406bde51
(186)  eap : Previous EAP request found for state 0x41d1cbbb406bde51, released from the list
(186)  eap : Peer sent method TTLS (21)
(186)  eap : EAP TTLS (21)
(186)  eap : Calling eap_ttls to process EAP data
(186)  eap_ttls : Authenticate
(186)  eap_ttls : processing EAP-TLS
(186)  eap_ttls : Received TLS ACK
(186)  eap_ttls : Received TLS ACK
(186)  eap_ttls : ACK handshake fragment handler
(186)  eap_ttls : eaptls_verify returned 1 
(186)  eap_ttls : eaptls_process returned 13 
(186)  eap : New EAP session, adding 'State' attribute to reply 0x41d1cbbb436ade51
(186)   [eap] = handled
(186)  } #  authenticate = handled
(186) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=139, length=0
(186) 	EAP-Message = 0x01bb032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(186) 	Message-Authenticator = 0x00000000000000000000000000000000
(186) 	State = 0x41d1cbbb436ade511174582fb6700a7c
Sending Access-Challenge Id 139 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01bb032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x41d1cbbb436ade511174582fb6700a7c
(186) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 1 from 192.168.99.121:49210 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(187) Received Access-Request packet from host 192.168.99.121 port 49210, id=1, length=49
(187) 	NAS-Identifier = 'BS'
(187) 	User-Name = 'dummy'
(187) 	User-Password = '*PASSWORD*'
(187) # Executing section authorize from file /etc/raddb/sites-enabled/default
(187)   authorize {
(187)   filter_username filter_username {
(187)     if (!&User-Name) 
(187)     if (!&User-Name)  -> FALSE
(187)     if (&User-Name =~ / /) 
(187)     if (&User-Name =~ / /)  -> FALSE
(187)     if (&User-Name =~ /@.*@/ ) 
(187)     if (&User-Name =~ /@.*@/ )  -> FALSE
(187)     if (&User-Name =~ /\\.\\./ ) 
(187)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(187)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(187)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(187)     if (&User-Name =~ /\\.$/)  
(187)     if (&User-Name =~ /\\.$/)   -> FALSE
(187)     if (&User-Name =~ /@\\./)  
(187)     if (&User-Name =~ /@\\./)   -> FALSE
(187)   } # filter_username filter_username = notfound
(187)   [preprocess] = ok
(187)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(187)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(187)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(187)  auth_log : EXPAND %t
(187)  auth_log :    --> Wed Feb 14 20:05:30 2018
(187)   [auth_log] = ok
(187)   [chap] = noop
(187)   [mschap] = noop
(187)   [digest] = noop
(187)   [wimax] = noop
(187)  suffix : Checking for suffix after "@"
(187)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(187)  suffix : No such realm "NULL"
(187)   [suffix] = noop
(187)  eap : No EAP-Message, not doing EAP
(187)   [eap] = noop
(187)  files : users: Matched entry dummy at line 159
(187)   [files] = ok
(187)   [expiration] = noop
(187)   [logintime] = noop
(187)   [pap] = updated
(187)  } #  authorize = updated
(187) Found Auth-Type = PAP
(187) # Executing group from file /etc/raddb/sites-enabled/default
(187)  Auth-Type PAP {
(187)  pap : Login attempt with password
(187)  pap : User authenticated successfully
(187)   [pap] = ok
(187)  } # Auth-Type PAP = ok
(187) Login OK: [dummy] (from client BS1 port 0)
(187) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(187)   post-auth {
(187)   [exec] = noop
(187)   update reply {
(187) 	Session-Timeout := 1800
(187)   } # update reply = noop
(187)   remove_reply_message_if_eap remove_reply_message_if_eap {
(187)     if (&reply:EAP-Message && &reply:Reply-Message) 
(187)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(187)    else else {
(187)     [noop] = noop
(187)    } # else else = noop
(187)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(187)  } #  post-auth = noop
(187) Sending Access-Accept packet to host 192.168.99.121 port 49210, id=1, length=0
(187) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.121:49210
	Session-Timeout := 1800
(187) Finished request
Waking up in 0.2 seconds.
(177) Cleaning up request packet ID 133 with timestamp +129
(178) Cleaning up request packet ID 134 with timestamp +129
(179) Cleaning up request packet ID 135 with timestamp +129
Waking up in 0.8 seconds.
(180) Cleaning up request packet ID 157 with timestamp +130
Waking up in 0.1 seconds.
(181) Cleaning up request packet ID 165 with timestamp +130
Waking up in 0.3 seconds.
(182) Cleaning up request packet ID 158 with timestamp +131
Waking up in 1.0 seconds.
Received Access-Request Id 140 from 192.168.99.122:49321 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0xe0fd5a9cd8a43e72d4402ea3e4648876
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02bb00d01580000000c616030100861000008200801355e03eaf10aabacf4711a2348ec2b578ac0b01173e140b4527f5a2b71c4c7b28ddf35fe59b5b074e94bdee1d0d3a82291fb85d0440aae9438a7e9c370e0c16a5a6f048edbe2e57d974e6107fb4c511a9287916eafdba244ab94d3997e680fe06c0c4bcf2032fc5c38cf919c13bd2ba39a7471884b2867b38dfbcfe9860a56c14030100010116030100309577bbf85a8831aac62e4e19fbd76122b062ef4f8197d8aa8fbb43561b9bb3ad7e46827039815b7564d22efe0b0d093a
	State = 0x41d1cbbb436ade511174582fb6700a7c
(188) Received Access-Request packet from host 192.168.99.122 port 49321, id=140, length=288
(188) 	Message-Authenticator = 0xe0fd5a9cd8a43e72d4402ea3e4648876
(188) 	NAS-Identifier = 'BS'
(188) 	User-Name = 'CPE6@siemens.com'
(188) 	EAP-Message = 0x02bb00d01580000000c616030100861000008200801355e03eaf10aabacf4711a2348ec2b578ac0b01173e140b4527f5a2b71c4c7b28ddf35fe59b5b074e94bdee1d0d3a82291fb85d0440aae9438a7e9c370e0c16a5a6f048edbe2e57d974e6107fb4c511a9287916eafdba244ab94d3997e680fe06c0c4bcf2032fc5c38cf919c13bd2ba39a7471884b2867b38dfbcfe9860a56c14030100010116030100309577bbf85a8831aac62e4e19fbd76122b062ef4f8197d8aa8fbb43561b9bb3ad7e46827039815b7564d22efe0b0d093a
(188) 	State = 0x41d1cbbb436ade511174582fb6700a7c
(188) # Executing section authorize from file /etc/raddb/sites-enabled/default
(188)   authorize {
(188)   filter_username filter_username {
(188)     if (!&User-Name) 
(188)     if (!&User-Name)  -> FALSE
(188)     if (&User-Name =~ / /) 
(188)     if (&User-Name =~ / /)  -> FALSE
(188)     if (&User-Name =~ /@.*@/ ) 
(188)     if (&User-Name =~ /@.*@/ )  -> FALSE
(188)     if (&User-Name =~ /\\.\\./ ) 
(188)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(188)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(188)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(188)     if (&User-Name =~ /\\.$/)  
(188)     if (&User-Name =~ /\\.$/)   -> FALSE
(188)     if (&User-Name =~ /@\\./)  
(188)     if (&User-Name =~ /@\\./)   -> FALSE
(188)   } # filter_username filter_username = notfound
(188)   [preprocess] = ok
(188)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(188)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(188)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(188)  auth_log : EXPAND %t
(188)  auth_log :    --> Wed Feb 14 20:05:32 2018
(188)   [auth_log] = ok
(188)   [chap] = noop
(188)   [mschap] = noop
(188)   [digest] = noop
(188)   [wimax] = noop
(188)  suffix : Checking for suffix after "@"
(188)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(188)  suffix : No such realm "siemens.com"
(188)   [suffix] = noop
(188)  eap : Peer sent code Response (2) ID 187 length 208
(188)  eap : Continuing tunnel setup
(188)   [eap] = ok
(188)  } #  authorize = ok
(188) Found Auth-Type = EAP
(188) # Executing group from file /etc/raddb/sites-enabled/default
(188)   authenticate {
(188)  eap : Expiring EAP session with state 0x34b58d2c37779811
(188)  eap : Finished EAP session with state 0x41d1cbbb436ade51
(188)  eap : Previous EAP request found for state 0x41d1cbbb436ade51, released from the list
(188)  eap : Peer sent method TTLS (21)
(188)  eap : EAP TTLS (21)
(188)  eap : Calling eap_ttls to process EAP data
(188)  eap_ttls : Authenticate
(188)  eap_ttls : processing EAP-TLS
  TLS Length 198
(188)  eap_ttls : Length Included
(188)  eap_ttls : eaptls_verify returned 11 
(188)  eap_ttls : <<< Unknown TLS version [length 0005] 
(188)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(188)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(188)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(188)  eap_ttls : <<< Unknown TLS version [length 0005] 
(188)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(188)  eap_ttls : <<< Unknown TLS version [length 0005] 
(188)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(188)  eap_ttls : TLS_accept: SSLv3 read finished A
(188)  eap_ttls : >>> Unknown TLS version [length 0005] 
(188)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(188)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(188)  eap_ttls : >>> Unknown TLS version [length 0005] 
(188)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(188)  eap_ttls : TLS_accept: SSLv3 write finished A
(188)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session b1578cb36e3f82176691c843d7e5b55e60a9f058ad1884a058079022e05965ff to cache
(188)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(188)  eap_ttls : eaptls_process returned 13 
(188)  eap : New EAP session, adding 'State' attribute to reply 0x41d1cbbb426dde51
(188)   [eap] = handled
(188)  } #  authenticate = handled
(188) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=140, length=0
(188) 	EAP-Message = 0x01bc004515800000003b1403010001011603010030bd0a178075c636853f15eb7e1f03385f958b1e61cc4ac0128cd81ca57adc800fb796d8decb0b75f5dafbf4c18a40a75e
(188) 	Message-Authenticator = 0x00000000000000000000000000000000
(188) 	State = 0x41d1cbbb426dde511174582fb6700a7c
Sending Access-Challenge Id 140 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01bc004515800000003b1403010001011603010030bd0a178075c636853f15eb7e1f03385f958b1e61cc4ac0128cd81ca57adc800fb796d8decb0b75f5dafbf4c18a40a75e
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x41d1cbbb426dde511174582fb6700a7c
(188) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 159 from 192.168.99.123:49286 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x1a3a4d581c3bbfdf85cf29b96e309260
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x029500150143504538407369656d656e732e636f6d
(189) Received Access-Request packet from host 192.168.99.123 port 49286, id=159, length=83
(189) 	Message-Authenticator = 0x1a3a4d581c3bbfdf85cf29b96e309260
(189) 	NAS-Identifier = 'BS'
(189) 	User-Name = 'CPE8@siemens.com'
(189) 	EAP-Message = 0x029500150143504538407369656d656e732e636f6d
(189) # Executing section authorize from file /etc/raddb/sites-enabled/default
(189)   authorize {
(189)   filter_username filter_username {
(189)     if (!&User-Name) 
(189)     if (!&User-Name)  -> FALSE
(189)     if (&User-Name =~ / /) 
(189)     if (&User-Name =~ / /)  -> FALSE
(189)     if (&User-Name =~ /@.*@/ ) 
(189)     if (&User-Name =~ /@.*@/ )  -> FALSE
(189)     if (&User-Name =~ /\\.\\./ ) 
(189)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(189)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(189)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(189)     if (&User-Name =~ /\\.$/)  
(189)     if (&User-Name =~ /\\.$/)   -> FALSE
(189)     if (&User-Name =~ /@\\./)  
(189)     if (&User-Name =~ /@\\./)   -> FALSE
(189)   } # filter_username filter_username = notfound
(189)   [preprocess] = ok
(189)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(189)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(189)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(189)  auth_log : EXPAND %t
(189)  auth_log :    --> Wed Feb 14 20:05:32 2018
(189)   [auth_log] = ok
(189)   [chap] = noop
(189)   [mschap] = noop
(189)   [digest] = noop
(189)   [wimax] = noop
(189)  suffix : Checking for suffix after "@"
(189)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(189)  suffix : No such realm "siemens.com"
(189)   [suffix] = noop
(189)  eap : Peer sent code Response (2) ID 149 length 21
(189)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(189)   [eap] = ok
(189)  } #  authorize = ok
(189) Found Auth-Type = EAP
(189) # Executing group from file /etc/raddb/sites-enabled/default
(189)   authenticate {
(189)  eap : Peer sent method Identity (1)
(189)  eap : Calling eap_ttls to process EAP data
(189)  eap_ttls : Initiate
(189)  eap_ttls : Start returned 1
(189)  eap : New EAP session, adding 'State' attribute to reply 0xb7e7688fb7717d52
(189)   [eap] = handled
(189)  } #  authenticate = handled
(189) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=159, length=0
(189) 	EAP-Message = 0x019600061520
(189) 	Message-Authenticator = 0x00000000000000000000000000000000
(189) 	State = 0xb7e7688fb7717d52a845621ab1bc26fd
Sending Access-Challenge Id 159 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019600061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xb7e7688fb7717d52a845621ab1bc26fd
(189) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 160 from 192.168.99.123:49286 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x4fdb449cbe690491982c837f86152363
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x0296006a158000000060160301005b01000057030154a650f68762c614aed743eddcd2855d69c69136131a144232a4ffdc5dadceed00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0xb7e7688fb7717d52a845621ab1bc26fd
(190) Received Access-Request packet from host 192.168.99.123 port 49286, id=160, length=186
(190) 	Message-Authenticator = 0x4fdb449cbe690491982c837f86152363
(190) 	NAS-Identifier = 'BS'
(190) 	User-Name = 'CPE8@siemens.com'
(190) 	EAP-Message = 0x0296006a158000000060160301005b01000057030154a650f68762c614aed743eddcd2855d69c69136131a144232a4ffdc5dadceed00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(190) 	State = 0xb7e7688fb7717d52a845621ab1bc26fd
(190) # Executing section authorize from file /etc/raddb/sites-enabled/default
(190)   authorize {
(190)   filter_username filter_username {
(190)     if (!&User-Name) 
(190)     if (!&User-Name)  -> FALSE
(190)     if (&User-Name =~ / /) 
(190)     if (&User-Name =~ / /)  -> FALSE
(190)     if (&User-Name =~ /@.*@/ ) 
(190)     if (&User-Name =~ /@.*@/ )  -> FALSE
(190)     if (&User-Name =~ /\\.\\./ ) 
(190)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(190)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(190)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(190)     if (&User-Name =~ /\\.$/)  
(190)     if (&User-Name =~ /\\.$/)   -> FALSE
(190)     if (&User-Name =~ /@\\./)  
(190)     if (&User-Name =~ /@\\./)   -> FALSE
(190)   } # filter_username filter_username = notfound
(190)   [preprocess] = ok
(190)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(190)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(190)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(190)  auth_log : EXPAND %t
(190)  auth_log :    --> Wed Feb 14 20:05:32 2018
(190)   [auth_log] = ok
(190)   [chap] = noop
(190)   [mschap] = noop
(190)   [digest] = noop
(190)   [wimax] = noop
(190)  suffix : Checking for suffix after "@"
(190)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(190)  suffix : No such realm "siemens.com"
(190)   [suffix] = noop
(190)  eap : Peer sent code Response (2) ID 150 length 106
(190)  eap : Continuing tunnel setup
(190)   [eap] = ok
(190)  } #  authorize = ok
(190) Found Auth-Type = EAP
(190) # Executing group from file /etc/raddb/sites-enabled/default
(190)   authenticate {
(190)  eap : Expiring EAP session with state 0x34b58d2c37779811
(190)  eap : Finished EAP session with state 0xb7e7688fb7717d52
(190)  eap : Previous EAP request found for state 0xb7e7688fb7717d52, released from the list
(190)  eap : Peer sent method TTLS (21)
(190)  eap : EAP TTLS (21)
(190)  eap : Calling eap_ttls to process EAP data
(190)  eap_ttls : Authenticate
(190)  eap_ttls : processing EAP-TLS
  TLS Length 96
(190)  eap_ttls : Length Included
(190)  eap_ttls : eaptls_verify returned 11 
(190)  eap_ttls : (other): before/accept initialization
(190)  eap_ttls : TLS_accept: before/accept initialization
(190)  eap_ttls : <<< Unknown TLS version [length 0005] 
(190)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(190)  eap_ttls : TLS_accept: SSLv3 read client hello A
(190)  eap_ttls : >>> Unknown TLS version [length 0005] 
(190)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(190)  eap_ttls : TLS_accept: SSLv3 write server hello A
(190)  eap_ttls : >>> Unknown TLS version [length 0005] 
(190)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(190)  eap_ttls : TLS_accept: SSLv3 write certificate A
(190)  eap_ttls : >>> Unknown TLS version [length 0005] 
(190)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(190)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(190)  eap_ttls : >>> Unknown TLS version [length 0005] 
(190)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(190)  eap_ttls : TLS_accept: SSLv3 write server done A
(190)  eap_ttls : TLS_accept: SSLv3 flush data
(190)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(190)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(190)  eap_ttls : eaptls_process returned 13 
(190)  eap : New EAP session, adding 'State' attribute to reply 0xb7e7688fb6707d52
(190)   [eap] = handled
(190)  } #  authenticate = handled
(190) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=160, length=0
(190) 	EAP-Message = 0x019703ec15c000000702160301004a02000046030137b9201f58ea55b265a766d2b82d0abc0226857688a490fb3432de444243cfba2019028c90b3b518d720ced2209814ecd8531c0646e7cb4c9b1bc28929860d03b400390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(190) 	Message-Authenticator = 0x00000000000000000000000000000000
(190) 	State = 0xb7e7688fb6707d52a845621ab1bc26fd
Sending Access-Challenge Id 160 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019703ec15c000000702160301004a02000046030137b9201f58ea55b265a766d2b82d0abc0226857688a490fb3432de444243cfba2019028c90b3b518d720ced2209814ecd8531c0646e7cb4c9b1bc28929860d03b400390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xb7e7688fb6707d52a845621ab1bc26fd
(190) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 161 from 192.168.99.123:49286 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0xc52bd10b3c5ac10794d7208f123fc83a
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x029700061500
	State = 0xb7e7688fb6707d52a845621ab1bc26fd
(191) Received Access-Request packet from host 192.168.99.123 port 49286, id=161, length=86
(191) 	Message-Authenticator = 0xc52bd10b3c5ac10794d7208f123fc83a
(191) 	NAS-Identifier = 'BS'
(191) 	User-Name = 'CPE8@siemens.com'
(191) 	EAP-Message = 0x029700061500
(191) 	State = 0xb7e7688fb6707d52a845621ab1bc26fd
(191) # Executing section authorize from file /etc/raddb/sites-enabled/default
(191)   authorize {
(191)   filter_username filter_username {
(191)     if (!&User-Name) 
(191)     if (!&User-Name)  -> FALSE
(191)     if (&User-Name =~ / /) 
(191)     if (&User-Name =~ / /)  -> FALSE
(191)     if (&User-Name =~ /@.*@/ ) 
(191)     if (&User-Name =~ /@.*@/ )  -> FALSE
(191)     if (&User-Name =~ /\\.\\./ ) 
(191)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(191)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(191)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(191)     if (&User-Name =~ /\\.$/)  
(191)     if (&User-Name =~ /\\.$/)   -> FALSE
(191)     if (&User-Name =~ /@\\./)  
(191)     if (&User-Name =~ /@\\./)   -> FALSE
(191)   } # filter_username filter_username = notfound
(191)   [preprocess] = ok
(191)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(191)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(191)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(191)  auth_log : EXPAND %t
(191)  auth_log :    --> Wed Feb 14 20:05:32 2018
(191)   [auth_log] = ok
(191)   [chap] = noop
(191)   [mschap] = noop
(191)   [digest] = noop
(191)   [wimax] = noop
(191)  suffix : Checking for suffix after "@"
(191)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(191)  suffix : No such realm "siemens.com"
(191)   [suffix] = noop
(191)  eap : Peer sent code Response (2) ID 151 length 6
(191)  eap : Continuing tunnel setup
(191)   [eap] = ok
(191)  } #  authorize = ok
(191) Found Auth-Type = EAP
(191) # Executing group from file /etc/raddb/sites-enabled/default
(191)   authenticate {
(191)  eap : Expiring EAP session with state 0x34b58d2c37779811
(191)  eap : Finished EAP session with state 0xb7e7688fb6707d52
(191)  eap : Previous EAP request found for state 0xb7e7688fb6707d52, released from the list
(191)  eap : Peer sent method TTLS (21)
(191)  eap : EAP TTLS (21)
(191)  eap : Calling eap_ttls to process EAP data
(191)  eap_ttls : Authenticate
(191)  eap_ttls : processing EAP-TLS
(191)  eap_ttls : Received TLS ACK
(191)  eap_ttls : Received TLS ACK
(191)  eap_ttls : ACK handshake fragment handler
(191)  eap_ttls : eaptls_verify returned 1 
(191)  eap_ttls : eaptls_process returned 13 
(191)  eap : New EAP session, adding 'State' attribute to reply 0xb7e7688fb57f7d52
(191)   [eap] = handled
(191)  } #  authenticate = handled
(191) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=161, length=0
(191) 	EAP-Message = 0x0198032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(191) 	Message-Authenticator = 0x00000000000000000000000000000000
(191) 	State = 0xb7e7688fb57f7d52a845621ab1bc26fd
Sending Access-Challenge Id 161 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x0198032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xb7e7688fb57f7d52a845621ab1bc26fd
(191) Finished request
Waking up in 0.1 seconds.
Waking up in 0.1 seconds.
(183) Cleaning up request packet ID 136 with timestamp +132
Waking up in 1.6 seconds.
Received Access-Request Id 1 from 192.168.99.123:49286 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(192) Received Access-Request packet from host 192.168.99.123 port 49286, id=1, length=49
(192) 	NAS-Identifier = 'BS'
(192) 	User-Name = 'dummy'
(192) 	User-Password = '*PASSWORD*'
(192) # Executing section authorize from file /etc/raddb/sites-enabled/default
(192)   authorize {
(192)   filter_username filter_username {
(192)     if (!&User-Name) 
(192)     if (!&User-Name)  -> FALSE
(192)     if (&User-Name =~ / /) 
(192)     if (&User-Name =~ / /)  -> FALSE
(192)     if (&User-Name =~ /@.*@/ ) 
(192)     if (&User-Name =~ /@.*@/ )  -> FALSE
(192)     if (&User-Name =~ /\\.\\./ ) 
(192)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(192)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(192)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(192)     if (&User-Name =~ /\\.$/)  
(192)     if (&User-Name =~ /\\.$/)   -> FALSE
(192)     if (&User-Name =~ /@\\./)  
(192)     if (&User-Name =~ /@\\./)   -> FALSE
(192)   } # filter_username filter_username = notfound
(192)   [preprocess] = ok
(192)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(192)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(192)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(192)  auth_log : EXPAND %t
(192)  auth_log :    --> Wed Feb 14 20:05:34 2018
(192)   [auth_log] = ok
(192)   [chap] = noop
(192)   [mschap] = noop
(192)   [digest] = noop
(192)   [wimax] = noop
(192)  suffix : Checking for suffix after "@"
(192)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(192)  suffix : No such realm "NULL"
(192)   [suffix] = noop
(192)  eap : No EAP-Message, not doing EAP
(192)   [eap] = noop
(192)  files : users: Matched entry dummy at line 159
(192)   [files] = ok
(192)   [expiration] = noop
(192)   [logintime] = noop
(192)   [pap] = updated
(192)  } #  authorize = updated
(192) Found Auth-Type = PAP
(192) # Executing group from file /etc/raddb/sites-enabled/default
(192)  Auth-Type PAP {
(192)  pap : Login attempt with password
(192)  pap : User authenticated successfully
(192)   [pap] = ok
(192)  } # Auth-Type PAP = ok
(192) Login OK: [dummy] (from client BS3 port 0)
(192) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(192)   post-auth {
(192)   [exec] = noop
(192)   update reply {
(192) 	Session-Timeout := 1800
(192)   } # update reply = noop
(192)   remove_reply_message_if_eap remove_reply_message_if_eap {
(192)     if (&reply:EAP-Message && &reply:Reply-Message) 
(192)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(192)    else else {
(192)     [noop] = noop
(192)    } # else else = noop
(192)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(192)  } #  post-auth = noop
(192) Sending Access-Accept packet to host 192.168.99.123 port 49286, id=1, length=0
(192) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.123:49286
	Session-Timeout := 1800
(192) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 166 from 192.168.99.121:49210 to 192.168.99.101:1812 length 85
	Message-Authenticator = 0x98f727ee8c80742f029630da0fb3df2d
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c50016014350453131407369656d656e732e636f6d
(193) Received Access-Request packet from host 192.168.99.121 port 49210, id=166, length=85
(193) 	Message-Authenticator = 0x98f727ee8c80742f029630da0fb3df2d
(193) 	NAS-Identifier = 'BS'
(193) 	User-Name = 'CPE11@siemens.com'
(193) 	EAP-Message = 0x02c50016014350453131407369656d656e732e636f6d
(193) # Executing section authorize from file /etc/raddb/sites-enabled/default
(193)   authorize {
(193)   filter_username filter_username {
(193)     if (!&User-Name) 
(193)     if (!&User-Name)  -> FALSE
(193)     if (&User-Name =~ / /) 
(193)     if (&User-Name =~ / /)  -> FALSE
(193)     if (&User-Name =~ /@.*@/ ) 
(193)     if (&User-Name =~ /@.*@/ )  -> FALSE
(193)     if (&User-Name =~ /\\.\\./ ) 
(193)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(193)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(193)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(193)     if (&User-Name =~ /\\.$/)  
(193)     if (&User-Name =~ /\\.$/)   -> FALSE
(193)     if (&User-Name =~ /@\\./)  
(193)     if (&User-Name =~ /@\\./)   -> FALSE
(193)   } # filter_username filter_username = notfound
(193)   [preprocess] = ok
(193)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(193)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(193)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(193)  auth_log : EXPAND %t
(193)  auth_log :    --> Wed Feb 14 20:05:34 2018
(193)   [auth_log] = ok
(193)   [chap] = noop
(193)   [mschap] = noop
(193)   [digest] = noop
(193)   [wimax] = noop
(193)  suffix : Checking for suffix after "@"
(193)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(193)  suffix : No such realm "siemens.com"
(193)   [suffix] = noop
(193)  eap : Peer sent code Response (2) ID 197 length 22
(193)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(193)   [eap] = ok
(193)  } #  authorize = ok
(193) Found Auth-Type = EAP
(193) # Executing group from file /etc/raddb/sites-enabled/default
(193)   authenticate {
(193)  eap : Peer sent method Identity (1)
(193)  eap : Calling eap_ttls to process EAP data
(193)  eap_ttls : Initiate
(193)  eap_ttls : Start returned 1
(193)  eap : New EAP session, adding 'State' attribute to reply 0x5d1610615dd005d5
(193)   [eap] = handled
(193)  } #  authenticate = handled
(193) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=166, length=0
(193) 	EAP-Message = 0x01c600061520
(193) 	Message-Authenticator = 0x00000000000000000000000000000000
(193) 	State = 0x5d1610615dd005d57b641caa06160059
Sending Access-Challenge Id 166 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c600061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x5d1610615dd005d57b641caa06160059
(193) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 1 from 192.168.99.124:49285 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(194) Received Access-Request packet from host 192.168.99.124 port 49285, id=1, length=49
(194) 	NAS-Identifier = 'BS'
(194) 	User-Name = 'dummy'
(194) 	User-Password = '*PASSWORD*'
(194) # Executing section authorize from file /etc/raddb/sites-enabled/default
(194)   authorize {
(194)   filter_username filter_username {
(194)     if (!&User-Name) 
(194)     if (!&User-Name)  -> FALSE
(194)     if (&User-Name =~ / /) 
(194)     if (&User-Name =~ / /)  -> FALSE
(194)     if (&User-Name =~ /@.*@/ ) 
(194)     if (&User-Name =~ /@.*@/ )  -> FALSE
(194)     if (&User-Name =~ /\\.\\./ ) 
(194)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(194)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(194)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(194)     if (&User-Name =~ /\\.$/)  
(194)     if (&User-Name =~ /\\.$/)   -> FALSE
(194)     if (&User-Name =~ /@\\./)  
(194)     if (&User-Name =~ /@\\./)   -> FALSE
(194)   } # filter_username filter_username = notfound
(194)   [preprocess] = ok
(194)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(194)  auth_log :    --> /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(194)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(194)  auth_log : EXPAND %t
(194)  auth_log :    --> Wed Feb 14 20:05:34 2018
(194)   [auth_log] = ok
(194)   [chap] = noop
(194)   [mschap] = noop
(194)   [digest] = noop
(194)   [wimax] = noop
(194)  suffix : Checking for suffix after "@"
(194)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(194)  suffix : No such realm "NULL"
(194)   [suffix] = noop
(194)  eap : No EAP-Message, not doing EAP
(194)   [eap] = noop
(194)  files : users: Matched entry dummy at line 159
(194)   [files] = ok
(194)   [expiration] = noop
(194)   [logintime] = noop
(194)   [pap] = updated
(194)  } #  authorize = updated
(194) Found Auth-Type = PAP
(194) # Executing group from file /etc/raddb/sites-enabled/default
(194)  Auth-Type PAP {
(194)  pap : Login attempt with password
(194)  pap : User authenticated successfully
(194)   [pap] = ok
(194)  } # Auth-Type PAP = ok
(194) Login OK: [dummy] (from client BS4 port 0)
(194) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(194)   post-auth {
(194)   [exec] = noop
(194)   update reply {
(194) 	Session-Timeout := 1800
(194)   } # update reply = noop
(194)   remove_reply_message_if_eap remove_reply_message_if_eap {
(194)     if (&reply:EAP-Message && &reply:Reply-Message) 
(194)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(194)    else else {
(194)     [noop] = noop
(194)    } # else else = noop
(194)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(194)  } #  post-auth = noop
(194) Sending Access-Accept packet to host 192.168.99.124 port 49285, id=1, length=0
(194) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.124:49285
	Session-Timeout := 1800
(194) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 167 from 192.168.99.121:49210 to 192.168.99.101:1812 length 187
	Message-Authenticator = 0x0042d7645bdc9f549ba47ef1dbf0360c
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c6006a158000000060160301005b01000057030154a4b4bdf84ddc5c9dc227c86bf2997637611b335879e3ccd450ae7828b2066c00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x5d1610615dd005d57b641caa06160059
(195) Received Access-Request packet from host 192.168.99.121 port 49210, id=167, length=187
(195) 	Message-Authenticator = 0x0042d7645bdc9f549ba47ef1dbf0360c
(195) 	NAS-Identifier = 'BS'
(195) 	User-Name = 'CPE11@siemens.com'
(195) 	EAP-Message = 0x02c6006a158000000060160301005b01000057030154a4b4bdf84ddc5c9dc227c86bf2997637611b335879e3ccd450ae7828b2066c00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(195) 	State = 0x5d1610615dd005d57b641caa06160059
(195) # Executing section authorize from file /etc/raddb/sites-enabled/default
(195)   authorize {
(195)   filter_username filter_username {
(195)     if (!&User-Name) 
(195)     if (!&User-Name)  -> FALSE
(195)     if (&User-Name =~ / /) 
(195)     if (&User-Name =~ / /)  -> FALSE
(195)     if (&User-Name =~ /@.*@/ ) 
(195)     if (&User-Name =~ /@.*@/ )  -> FALSE
(195)     if (&User-Name =~ /\\.\\./ ) 
(195)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(195)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(195)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(195)     if (&User-Name =~ /\\.$/)  
(195)     if (&User-Name =~ /\\.$/)   -> FALSE
(195)     if (&User-Name =~ /@\\./)  
(195)     if (&User-Name =~ /@\\./)   -> FALSE
(195)   } # filter_username filter_username = notfound
(195)   [preprocess] = ok
(195)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(195)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(195)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(195)  auth_log : EXPAND %t
(195)  auth_log :    --> Wed Feb 14 20:05:34 2018
(195)   [auth_log] = ok
(195)   [chap] = noop
(195)   [mschap] = noop
(195)   [digest] = noop
(195)   [wimax] = noop
(195)  suffix : Checking for suffix after "@"
(195)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(195)  suffix : No such realm "siemens.com"
(195)   [suffix] = noop
(195)  eap : Peer sent code Response (2) ID 198 length 106
(195)  eap : Continuing tunnel setup
(195)   [eap] = ok
(195)  } #  authorize = ok
(195) Found Auth-Type = EAP
(195) # Executing group from file /etc/raddb/sites-enabled/default
(195)   authenticate {
(195)  eap : Expiring EAP session with state 0x34b58d2c37779811
(195)  eap : Finished EAP session with state 0x5d1610615dd005d5
(195)  eap : Previous EAP request found for state 0x5d1610615dd005d5, released from the list
(195)  eap : Peer sent method TTLS (21)
(195)  eap : EAP TTLS (21)
(195)  eap : Calling eap_ttls to process EAP data
(195)  eap_ttls : Authenticate
(195)  eap_ttls : processing EAP-TLS
  TLS Length 96
(195)  eap_ttls : Length Included
(195)  eap_ttls : eaptls_verify returned 11 
(195)  eap_ttls : (other): before/accept initialization
(195)  eap_ttls : TLS_accept: before/accept initialization
(195)  eap_ttls : <<< Unknown TLS version [length 0005] 
(195)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(195)  eap_ttls : TLS_accept: SSLv3 read client hello A
(195)  eap_ttls : >>> Unknown TLS version [length 0005] 
(195)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(195)  eap_ttls : TLS_accept: SSLv3 write server hello A
(195)  eap_ttls : >>> Unknown TLS version [length 0005] 
(195)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(195)  eap_ttls : TLS_accept: SSLv3 write certificate A
(195)  eap_ttls : >>> Unknown TLS version [length 0005] 
(195)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(195)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(195)  eap_ttls : >>> Unknown TLS version [length 0005] 
(195)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(195)  eap_ttls : TLS_accept: SSLv3 write server done A
(195)  eap_ttls : TLS_accept: SSLv3 flush data
(195)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(195)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(195)  eap_ttls : eaptls_process returned 13 
(195)  eap : New EAP session, adding 'State' attribute to reply 0x5d1610615cd105d5
(195)   [eap] = handled
(195)  } #  authenticate = handled
(195) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=167, length=0
(195) 	EAP-Message = 0x01c703ec15c000000702160301004a0200004603015683cd6857f3e7383c3a90bbb8e8b862f79069d9a25a6f1f8a55e3701e5c6f082070aab798f71c8d926c908e016e44f578f4dcf8db2ea230d3574c2674fd90e7fc00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(195) 	Message-Authenticator = 0x00000000000000000000000000000000
(195) 	State = 0x5d1610615cd105d57b641caa06160059
Sending Access-Challenge Id 167 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c703ec15c000000702160301004a0200004603015683cd6857f3e7383c3a90bbb8e8b862f79069d9a25a6f1f8a55e3701e5c6f082070aab798f71c8d926c908e016e44f578f4dcf8db2ea230d3574c2674fd90e7fc00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x5d1610615cd105d57b641caa06160059
(195) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 168 from 192.168.99.121:49210 to 192.168.99.101:1812 length 87
	Message-Authenticator = 0x9dfcdc6f62ee76c249074e60407e3087
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c700061500
	State = 0x5d1610615cd105d57b641caa06160059
(196) Received Access-Request packet from host 192.168.99.121 port 49210, id=168, length=87
(196) 	Message-Authenticator = 0x9dfcdc6f62ee76c249074e60407e3087
(196) 	NAS-Identifier = 'BS'
(196) 	User-Name = 'CPE11@siemens.com'
(196) 	EAP-Message = 0x02c700061500
(196) 	State = 0x5d1610615cd105d57b641caa06160059
(196) # Executing section authorize from file /etc/raddb/sites-enabled/default
(196)   authorize {
(196)   filter_username filter_username {
(196)     if (!&User-Name) 
(196)     if (!&User-Name)  -> FALSE
(196)     if (&User-Name =~ / /) 
(196)     if (&User-Name =~ / /)  -> FALSE
(196)     if (&User-Name =~ /@.*@/ ) 
(196)     if (&User-Name =~ /@.*@/ )  -> FALSE
(196)     if (&User-Name =~ /\\.\\./ ) 
(196)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(196)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(196)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(196)     if (&User-Name =~ /\\.$/)  
(196)     if (&User-Name =~ /\\.$/)   -> FALSE
(196)     if (&User-Name =~ /@\\./)  
(196)     if (&User-Name =~ /@\\./)   -> FALSE
(196)   } # filter_username filter_username = notfound
(196)   [preprocess] = ok
(196)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(196)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(196)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(196)  auth_log : EXPAND %t
(196)  auth_log :    --> Wed Feb 14 20:05:34 2018
(196)   [auth_log] = ok
(196)   [chap] = noop
(196)   [mschap] = noop
(196)   [digest] = noop
(196)   [wimax] = noop
(196)  suffix : Checking for suffix after "@"
(196)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(196)  suffix : No such realm "siemens.com"
(196)   [suffix] = noop
(196)  eap : Peer sent code Response (2) ID 199 length 6
(196)  eap : Continuing tunnel setup
(196)   [eap] = ok
(196)  } #  authorize = ok
(196) Found Auth-Type = EAP
(196) # Executing group from file /etc/raddb/sites-enabled/default
(196)   authenticate {
(196)  eap : Expiring EAP session with state 0x34b58d2c37779811
(196)  eap : Finished EAP session with state 0x5d1610615cd105d5
(196)  eap : Previous EAP request found for state 0x5d1610615cd105d5, released from the list
(196)  eap : Peer sent method TTLS (21)
(196)  eap : EAP TTLS (21)
(196)  eap : Calling eap_ttls to process EAP data
(196)  eap_ttls : Authenticate
(196)  eap_ttls : processing EAP-TLS
(196)  eap_ttls : Received TLS ACK
(196)  eap_ttls : Received TLS ACK
(196)  eap_ttls : ACK handshake fragment handler
(196)  eap_ttls : eaptls_verify returned 1 
(196)  eap_ttls : eaptls_process returned 13 
(196)  eap : New EAP session, adding 'State' attribute to reply 0x5d1610615fde05d5
(196)   [eap] = handled
(196)  } #  authenticate = handled
(196) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=168, length=0
(196) 	EAP-Message = 0x01c8032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(196) 	Message-Authenticator = 0x00000000000000000000000000000000
(196) 	State = 0x5d1610615fde05d57b641caa06160059
Sending Access-Challenge Id 168 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c8032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x5d1610615fde05d57b641caa06160059
(196) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 1 from 192.168.99.122:49321 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(197) Received Access-Request packet from host 192.168.99.122 port 49321, id=1, length=49
(197) 	NAS-Identifier = 'BS'
(197) 	User-Name = 'dummy'
(197) 	User-Password = '*PASSWORD*'
(197) # Executing section authorize from file /etc/raddb/sites-enabled/default
(197)   authorize {
(197)   filter_username filter_username {
(197)     if (!&User-Name) 
(197)     if (!&User-Name)  -> FALSE
(197)     if (&User-Name =~ / /) 
(197)     if (&User-Name =~ / /)  -> FALSE
(197)     if (&User-Name =~ /@.*@/ ) 
(197)     if (&User-Name =~ /@.*@/ )  -> FALSE
(197)     if (&User-Name =~ /\\.\\./ ) 
(197)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(197)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(197)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(197)     if (&User-Name =~ /\\.$/)  
(197)     if (&User-Name =~ /\\.$/)   -> FALSE
(197)     if (&User-Name =~ /@\\./)  
(197)     if (&User-Name =~ /@\\./)   -> FALSE
(197)   } # filter_username filter_username = notfound
(197)   [preprocess] = ok
(197)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(197)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(197)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(197)  auth_log : EXPAND %t
(197)  auth_log :    --> Wed Feb 14 20:05:34 2018
(197)   [auth_log] = ok
(197)   [chap] = noop
(197)   [mschap] = noop
(197)   [digest] = noop
(197)   [wimax] = noop
(197)  suffix : Checking for suffix after "@"
(197)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(197)  suffix : No such realm "NULL"
(197)   [suffix] = noop
(197)  eap : No EAP-Message, not doing EAP
(197)   [eap] = noop
(197)  files : users: Matched entry dummy at line 159
(197)   [files] = ok
(197)   [expiration] = noop
(197)   [logintime] = noop
(197)   [pap] = updated
(197)  } #  authorize = updated
(197) Found Auth-Type = PAP
(197) # Executing group from file /etc/raddb/sites-enabled/default
(197)  Auth-Type PAP {
(197)  pap : Login attempt with password
(197)  pap : User authenticated successfully
(197)   [pap] = ok
(197)  } # Auth-Type PAP = ok
(197) Login OK: [dummy] (from client BS2 port 0)
(197) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(197)   post-auth {
(197)   [exec] = noop
(197)   update reply {
(197) 	Session-Timeout := 1800
(197)   } # update reply = noop
(197)   remove_reply_message_if_eap remove_reply_message_if_eap {
(197)     if (&reply:EAP-Message && &reply:Reply-Message) 
(197)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(197)    else else {
(197)     [noop] = noop
(197)    } # else else = noop
(197)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(197)  } #  post-auth = noop
(197) Sending Access-Accept packet to host 192.168.99.122 port 49321, id=1, length=0
(197) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.122:49321
	Session-Timeout := 1800
(197) Finished request
Waking up in 0.1 seconds.
(184) Cleaning up request packet ID 137 with timestamp +133
(185) Cleaning up request packet ID 138 with timestamp +133
(186) Cleaning up request packet ID 139 with timestamp +133
Waking up in 0.3 seconds.
Received Access-Request Id 162 from 192.168.99.123:49286 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0x4569af31aa47077f9c264c2b18ec0be3
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x029800d01580000000c6160301008610000082008053e7d89e29c707f124ded758066b01967ef1ca5771eb74e82bbd9a8639c351d037e28e73b4c92f61cf28666740b9d1cddf277bccbda2b9afa8cfd3fdd48963bded047836bf3d707ecb0634ae8db4610b53465358154fe2add796a7599b6e36e1431f75a4e9a3ad52c3ee3e91495008bb89ef5faed2680eaae6b7f719a799bd72140301000101160301003029a08d678a2fef372d3fbdd83880c4e88bd1f9a5e8eb167586ff0f221f9d8aeda57b0001271a88b11c092f1f76e10e5a
	State = 0xb7e7688fb57f7d52a845621ab1bc26fd
(198) Received Access-Request packet from host 192.168.99.123 port 49286, id=162, length=288
(198) 	Message-Authenticator = 0x4569af31aa47077f9c264c2b18ec0be3
(198) 	NAS-Identifier = 'BS'
(198) 	User-Name = 'CPE8@siemens.com'
(198) 	EAP-Message = 0x029800d01580000000c6160301008610000082008053e7d89e29c707f124ded758066b01967ef1ca5771eb74e82bbd9a8639c351d037e28e73b4c92f61cf28666740b9d1cddf277bccbda2b9afa8cfd3fdd48963bded047836bf3d707ecb0634ae8db4610b53465358154fe2add796a7599b6e36e1431f75a4e9a3ad52c3ee3e91495008bb89ef5faed2680eaae6b7f719a799bd72140301000101160301003029a08d678a2fef372d3fbdd83880c4e88bd1f9a5e8eb167586ff0f221f9d8aeda57b0001271a88b11c092f1f76e10e5a
(198) 	State = 0xb7e7688fb57f7d52a845621ab1bc26fd
(198) # Executing section authorize from file /etc/raddb/sites-enabled/default
(198)   authorize {
(198)   filter_username filter_username {
(198)     if (!&User-Name) 
(198)     if (!&User-Name)  -> FALSE
(198)     if (&User-Name =~ / /) 
(198)     if (&User-Name =~ / /)  -> FALSE
(198)     if (&User-Name =~ /@.*@/ ) 
(198)     if (&User-Name =~ /@.*@/ )  -> FALSE
(198)     if (&User-Name =~ /\\.\\./ ) 
(198)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(198)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(198)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(198)     if (&User-Name =~ /\\.$/)  
(198)     if (&User-Name =~ /\\.$/)   -> FALSE
(198)     if (&User-Name =~ /@\\./)  
(198)     if (&User-Name =~ /@\\./)   -> FALSE
(198)   } # filter_username filter_username = notfound
(198)   [preprocess] = ok
(198)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(198)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(198)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(198)  auth_log : EXPAND %t
(198)  auth_log :    --> Wed Feb 14 20:05:35 2018
(198)   [auth_log] = ok
(198)   [chap] = noop
(198)   [mschap] = noop
(198)   [digest] = noop
(198)   [wimax] = noop
(198)  suffix : Checking for suffix after "@"
(198)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(198)  suffix : No such realm "siemens.com"
(198)   [suffix] = noop
(198)  eap : Peer sent code Response (2) ID 152 length 208
(198)  eap : Continuing tunnel setup
(198)   [eap] = ok
(198)  } #  authorize = ok
(198) Found Auth-Type = EAP
(198) # Executing group from file /etc/raddb/sites-enabled/default
(198)   authenticate {
(198)  eap : Expiring EAP session with state 0x34b58d2c37779811
(198)  eap : Finished EAP session with state 0xb7e7688fb57f7d52
(198)  eap : Previous EAP request found for state 0xb7e7688fb57f7d52, released from the list
(198)  eap : Peer sent method TTLS (21)
(198)  eap : EAP TTLS (21)
(198)  eap : Calling eap_ttls to process EAP data
(198)  eap_ttls : Authenticate
(198)  eap_ttls : processing EAP-TLS
  TLS Length 198
(198)  eap_ttls : Length Included
(198)  eap_ttls : eaptls_verify returned 11 
(198)  eap_ttls : <<< Unknown TLS version [length 0005] 
(198)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(198)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(198)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(198)  eap_ttls : <<< Unknown TLS version [length 0005] 
(198)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(198)  eap_ttls : <<< Unknown TLS version [length 0005] 
(198)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(198)  eap_ttls : TLS_accept: SSLv3 read finished A
(198)  eap_ttls : >>> Unknown TLS version [length 0005] 
(198)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(198)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(198)  eap_ttls : >>> Unknown TLS version [length 0005] 
(198)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(198)  eap_ttls : TLS_accept: SSLv3 write finished A
(198)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 19028c90b3b518d720ced2209814ecd8531c0646e7cb4c9b1bc28929860d03b4 to cache
(198)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(198)  eap_ttls : eaptls_process returned 13 
(198)  eap : New EAP session, adding 'State' attribute to reply 0xb7e7688fb47e7d52
(198)   [eap] = handled
(198)  } #  authenticate = handled
(198) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=162, length=0
(198) 	EAP-Message = 0x0199004515800000003b1403010001011603010030a090cbdf9f38991d67db8a8e471fde554cdc600f8d5acdccd4f9612282f3e3856bdacccb1614da1c37bf8210e782a1ea
(198) 	Message-Authenticator = 0x00000000000000000000000000000000
(198) 	State = 0xb7e7688fb47e7d52a845621ab1bc26fd
Sending Access-Challenge Id 162 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x0199004515800000003b1403010001011603010030a090cbdf9f38991d67db8a8e471fde554cdc600f8d5acdccd4f9612282f3e3856bdacccb1614da1c37bf8210e782a1ea
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xb7e7688fb47e7d52a845621ab1bc26fd
(198) Finished request
Waking up in 0.2 seconds.
(187) Cleaning up request packet ID 1 with timestamp +134
Waking up in 0.1 seconds.
Waking up in 2.0 seconds.
Received Access-Request Id 141 from 192.168.99.122:49321 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x21b3f171860ddf6d4711418aa1e0f05c
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02b900150143504537407369656d656e732e636f6d
(199) Received Access-Request packet from host 192.168.99.122 port 49321, id=141, length=83
(199) 	Message-Authenticator = 0x21b3f171860ddf6d4711418aa1e0f05c
(199) 	NAS-Identifier = 'BS'
(199) 	User-Name = 'CPE7@siemens.com'
(199) 	EAP-Message = 0x02b900150143504537407369656d656e732e636f6d
(199) # Executing section authorize from file /etc/raddb/sites-enabled/default
(199)   authorize {
(199)   filter_username filter_username {
(199)     if (!&User-Name) 
(199)     if (!&User-Name)  -> FALSE
(199)     if (&User-Name =~ / /) 
(199)     if (&User-Name =~ / /)  -> FALSE
(199)     if (&User-Name =~ /@.*@/ ) 
(199)     if (&User-Name =~ /@.*@/ )  -> FALSE
(199)     if (&User-Name =~ /\\.\\./ ) 
(199)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(199)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(199)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(199)     if (&User-Name =~ /\\.$/)  
(199)     if (&User-Name =~ /\\.$/)   -> FALSE
(199)     if (&User-Name =~ /@\\./)  
(199)     if (&User-Name =~ /@\\./)   -> FALSE
(199)   } # filter_username filter_username = notfound
(199)   [preprocess] = ok
(199)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(199)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(199)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(199)  auth_log : EXPAND %t
(199)  auth_log :    --> Wed Feb 14 20:05:35 2018
(199)   [auth_log] = ok
(199)   [chap] = noop
(199)   [mschap] = noop
(199)   [digest] = noop
(199)   [wimax] = noop
(199)  suffix : Checking for suffix after "@"
(199)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(199)  suffix : No such realm "siemens.com"
(199)   [suffix] = noop
(199)  eap : Peer sent code Response (2) ID 185 length 21
(199)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(199)   [eap] = ok
(199)  } #  authorize = ok
(199) Found Auth-Type = EAP
(199) # Executing group from file /etc/raddb/sites-enabled/default
(199)   authenticate {
(199)  eap : Peer sent method Identity (1)
(199)  eap : Calling eap_ttls to process EAP data
(199)  eap_ttls : Initiate
(199)  eap_ttls : Start returned 1
(199)  eap : New EAP session, adding 'State' attribute to reply 0x5d88004f5d3215d1
(199)   [eap] = handled
(199)  } #  authenticate = handled
(199) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=141, length=0
(199) 	EAP-Message = 0x01ba00061520
(199) 	Message-Authenticator = 0x00000000000000000000000000000000
(199) 	State = 0x5d88004f5d3215d139e4f184de7ed1dd
Sending Access-Challenge Id 141 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01ba00061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x5d88004f5d3215d139e4f184de7ed1dd
(199) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 142 from 192.168.99.122:49321 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x1bc4de19878d16065f6d029903ae5c86
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02ba006a158000000060160301005b01000057030154ac6fe219f60d230c2951dcea9d75865eb174ccec20352f69e99ae8cbb4ba3000003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x5d88004f5d3215d139e4f184de7ed1dd
(200) Received Access-Request packet from host 192.168.99.122 port 49321, id=142, length=186
(200) 	Message-Authenticator = 0x1bc4de19878d16065f6d029903ae5c86
(200) 	NAS-Identifier = 'BS'
(200) 	User-Name = 'CPE7@siemens.com'
(200) 	EAP-Message = 0x02ba006a158000000060160301005b01000057030154ac6fe219f60d230c2951dcea9d75865eb174ccec20352f69e99ae8cbb4ba3000003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(200) 	State = 0x5d88004f5d3215d139e4f184de7ed1dd
(200) # Executing section authorize from file /etc/raddb/sites-enabled/default
(200)   authorize {
(200)   filter_username filter_username {
(200)     if (!&User-Name) 
(200)     if (!&User-Name)  -> FALSE
(200)     if (&User-Name =~ / /) 
(200)     if (&User-Name =~ / /)  -> FALSE
(200)     if (&User-Name =~ /@.*@/ ) 
(200)     if (&User-Name =~ /@.*@/ )  -> FALSE
(200)     if (&User-Name =~ /\\.\\./ ) 
(200)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(200)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(200)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(200)     if (&User-Name =~ /\\.$/)  
(200)     if (&User-Name =~ /\\.$/)   -> FALSE
(200)     if (&User-Name =~ /@\\./)  
(200)     if (&User-Name =~ /@\\./)   -> FALSE
(200)   } # filter_username filter_username = notfound
(200)   [preprocess] = ok
(200)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(200)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(200)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(200)  auth_log : EXPAND %t
(200)  auth_log :    --> Wed Feb 14 20:05:35 2018
(200)   [auth_log] = ok
(200)   [chap] = noop
(200)   [mschap] = noop
(200)   [digest] = noop
(200)   [wimax] = noop
(200)  suffix : Checking for suffix after "@"
(200)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(200)  suffix : No such realm "siemens.com"
(200)   [suffix] = noop
(200)  eap : Peer sent code Response (2) ID 186 length 106
(200)  eap : Continuing tunnel setup
(200)   [eap] = ok
(200)  } #  authorize = ok
(200) Found Auth-Type = EAP
(200) # Executing group from file /etc/raddb/sites-enabled/default
(200)   authenticate {
(200)  eap : Expiring EAP session with state 0x34b58d2c37779811
(200)  eap : Finished EAP session with state 0x5d88004f5d3215d1
(200)  eap : Previous EAP request found for state 0x5d88004f5d3215d1, released from the list
(200)  eap : Peer sent method TTLS (21)
(200)  eap : EAP TTLS (21)
(200)  eap : Calling eap_ttls to process EAP data
(200)  eap_ttls : Authenticate
(200)  eap_ttls : processing EAP-TLS
  TLS Length 96
(200)  eap_ttls : Length Included
(200)  eap_ttls : eaptls_verify returned 11 
(200)  eap_ttls : (other): before/accept initialization
(200)  eap_ttls : TLS_accept: before/accept initialization
(200)  eap_ttls : <<< Unknown TLS version [length 0005] 
(200)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(200)  eap_ttls : TLS_accept: SSLv3 read client hello A
(200)  eap_ttls : >>> Unknown TLS version [length 0005] 
(200)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(200)  eap_ttls : TLS_accept: SSLv3 write server hello A
(200)  eap_ttls : >>> Unknown TLS version [length 0005] 
(200)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(200)  eap_ttls : TLS_accept: SSLv3 write certificate A
(200)  eap_ttls : >>> Unknown TLS version [length 0005] 
(200)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(200)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(200)  eap_ttls : >>> Unknown TLS version [length 0005] 
(200)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(200)  eap_ttls : TLS_accept: SSLv3 write server done A
(200)  eap_ttls : TLS_accept: SSLv3 flush data
(200)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(200)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(200)  eap_ttls : eaptls_process returned 13 
(200)  eap : New EAP session, adding 'State' attribute to reply 0x5d88004f5c3315d1
(200)   [eap] = handled
(200)  } #  authenticate = handled
(200) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=142, length=0
(200) 	EAP-Message = 0x01bb03ec15c000000702160301004a0200004603010a6b59b1048bea7d943f22372fd1f6023899c5e74ab1fc551d8a9a299de89b632072790cb6f090ad2c308d6c74a56acef0e81bf54fe7274f73fa44463d4a9fea6600390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(200) 	Message-Authenticator = 0x00000000000000000000000000000000
(200) 	State = 0x5d88004f5c3315d139e4f184de7ed1dd
Sending Access-Challenge Id 142 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01bb03ec15c000000702160301004a0200004603010a6b59b1048bea7d943f22372fd1f6023899c5e74ab1fc551d8a9a299de89b632072790cb6f090ad2c308d6c74a56acef0e81bf54fe7274f73fa44463d4a9fea6600390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x5d88004f5c3315d139e4f184de7ed1dd
(200) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 143 from 192.168.99.122:49321 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0x50a9243e2276942e795896e012b6183d
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02bb00061500
	State = 0x5d88004f5c3315d139e4f184de7ed1dd
(201) Received Access-Request packet from host 192.168.99.122 port 49321, id=143, length=86
(201) 	Message-Authenticator = 0x50a9243e2276942e795896e012b6183d
(201) 	NAS-Identifier = 'BS'
(201) 	User-Name = 'CPE7@siemens.com'
(201) 	EAP-Message = 0x02bb00061500
(201) 	State = 0x5d88004f5c3315d139e4f184de7ed1dd
(201) # Executing section authorize from file /etc/raddb/sites-enabled/default
(201)   authorize {
(201)   filter_username filter_username {
(201)     if (!&User-Name) 
(201)     if (!&User-Name)  -> FALSE
(201)     if (&User-Name =~ / /) 
(201)     if (&User-Name =~ / /)  -> FALSE
(201)     if (&User-Name =~ /@.*@/ ) 
(201)     if (&User-Name =~ /@.*@/ )  -> FALSE
(201)     if (&User-Name =~ /\\.\\./ ) 
(201)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(201)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(201)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(201)     if (&User-Name =~ /\\.$/)  
(201)     if (&User-Name =~ /\\.$/)   -> FALSE
(201)     if (&User-Name =~ /@\\./)  
(201)     if (&User-Name =~ /@\\./)   -> FALSE
(201)   } # filter_username filter_username = notfound
(201)   [preprocess] = ok
(201)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(201)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(201)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(201)  auth_log : EXPAND %t
(201)  auth_log :    --> Wed Feb 14 20:05:35 2018
(201)   [auth_log] = ok
(201)   [chap] = noop
(201)   [mschap] = noop
(201)   [digest] = noop
(201)   [wimax] = noop
(201)  suffix : Checking for suffix after "@"
(201)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(201)  suffix : No such realm "siemens.com"
(201)   [suffix] = noop
(201)  eap : Peer sent code Response (2) ID 187 length 6
(201)  eap : Continuing tunnel setup
(201)   [eap] = ok
(201)  } #  authorize = ok
(201) Found Auth-Type = EAP
(201) # Executing group from file /etc/raddb/sites-enabled/default
(201)   authenticate {
(201)  eap : Expiring EAP session with state 0x34b58d2c37779811
(201)  eap : Finished EAP session with state 0x5d88004f5c3315d1
(201)  eap : Previous EAP request found for state 0x5d88004f5c3315d1, released from the list
(201)  eap : Peer sent method TTLS (21)
(201)  eap : EAP TTLS (21)
(201)  eap : Calling eap_ttls to process EAP data
(201)  eap_ttls : Authenticate
(201)  eap_ttls : processing EAP-TLS
(201)  eap_ttls : Received TLS ACK
(201)  eap_ttls : Received TLS ACK
(201)  eap_ttls : ACK handshake fragment handler
(201)  eap_ttls : eaptls_verify returned 1 
(201)  eap_ttls : eaptls_process returned 13 
(201)  eap : New EAP session, adding 'State' attribute to reply 0x5d88004f5f3415d1
(201)   [eap] = handled
(201)  } #  authenticate = handled
(201) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=143, length=0
(201) 	EAP-Message = 0x01bc032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(201) 	Message-Authenticator = 0x00000000000000000000000000000000
(201) 	State = 0x5d88004f5f3415d139e4f184de7ed1dd
Sending Access-Challenge Id 143 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01bc032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x5d88004f5f3415d139e4f184de7ed1dd
(201) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 163 from 192.168.99.123:49286 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x5d66efec5abf269d4aba2e550d6eddad
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x029600150143504539407369656d656e732e636f6d
(202) Received Access-Request packet from host 192.168.99.123 port 49286, id=163, length=83
(202) 	Message-Authenticator = 0x5d66efec5abf269d4aba2e550d6eddad
(202) 	NAS-Identifier = 'BS'
(202) 	User-Name = 'CPE9@siemens.com'
(202) 	EAP-Message = 0x029600150143504539407369656d656e732e636f6d
(202) # Executing section authorize from file /etc/raddb/sites-enabled/default
(202)   authorize {
(202)   filter_username filter_username {
(202)     if (!&User-Name) 
(202)     if (!&User-Name)  -> FALSE
(202)     if (&User-Name =~ / /) 
(202)     if (&User-Name =~ / /)  -> FALSE
(202)     if (&User-Name =~ /@.*@/ ) 
(202)     if (&User-Name =~ /@.*@/ )  -> FALSE
(202)     if (&User-Name =~ /\\.\\./ ) 
(202)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(202)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(202)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(202)     if (&User-Name =~ /\\.$/)  
(202)     if (&User-Name =~ /\\.$/)   -> FALSE
(202)     if (&User-Name =~ /@\\./)  
(202)     if (&User-Name =~ /@\\./)   -> FALSE
(202)   } # filter_username filter_username = notfound
(202)   [preprocess] = ok
(202)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(202)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(202)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(202)  auth_log : EXPAND %t
(202)  auth_log :    --> Wed Feb 14 20:05:35 2018
(202)   [auth_log] = ok
(202)   [chap] = noop
(202)   [mschap] = noop
(202)   [digest] = noop
(202)   [wimax] = noop
(202)  suffix : Checking for suffix after "@"
(202)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(202)  suffix : No such realm "siemens.com"
(202)   [suffix] = noop
(202)  eap : Peer sent code Response (2) ID 150 length 21
(202)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(202)   [eap] = ok
(202)  } #  authorize = ok
(202) Found Auth-Type = EAP
(202) # Executing group from file /etc/raddb/sites-enabled/default
(202)   authenticate {
(202)  eap : Peer sent method Identity (1)
(202)  eap : Calling eap_ttls to process EAP data
(202)  eap_ttls : Initiate
(202)  eap_ttls : Start returned 1
(202)  eap : New EAP session, adding 'State' attribute to reply 0x0c2ef1750cb9e4a9
(202)   [eap] = handled
(202)  } #  authenticate = handled
(202) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=163, length=0
(202) 	EAP-Message = 0x019700061520
(202) 	Message-Authenticator = 0x00000000000000000000000000000000
(202) 	State = 0x0c2ef1750cb9e4a9cded5f65451b0f0d
Sending Access-Challenge Id 163 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019700061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x0c2ef1750cb9e4a9cded5f65451b0f0d
(202) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 164 from 192.168.99.123:49286 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x2e314f58e7c297acbf0ea46641ee252b
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x0297006a158000000060160301005b01000057030154ab17ed3bbcda4af1e402e2c7a239ea77f4f0961e88b0aba7e90ba4ce0b96ca00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x0c2ef1750cb9e4a9cded5f65451b0f0d
(203) Received Access-Request packet from host 192.168.99.123 port 49286, id=164, length=186
(203) 	Message-Authenticator = 0x2e314f58e7c297acbf0ea46641ee252b
(203) 	NAS-Identifier = 'BS'
(203) 	User-Name = 'CPE9@siemens.com'
(203) 	EAP-Message = 0x0297006a158000000060160301005b01000057030154ab17ed3bbcda4af1e402e2c7a239ea77f4f0961e88b0aba7e90ba4ce0b96ca00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(203) 	State = 0x0c2ef1750cb9e4a9cded5f65451b0f0d
(203) # Executing section authorize from file /etc/raddb/sites-enabled/default
(203)   authorize {
(203)   filter_username filter_username {
(203)     if (!&User-Name) 
(203)     if (!&User-Name)  -> FALSE
(203)     if (&User-Name =~ / /) 
(203)     if (&User-Name =~ / /)  -> FALSE
(203)     if (&User-Name =~ /@.*@/ ) 
(203)     if (&User-Name =~ /@.*@/ )  -> FALSE
(203)     if (&User-Name =~ /\\.\\./ ) 
(203)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(203)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(203)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(203)     if (&User-Name =~ /\\.$/)  
(203)     if (&User-Name =~ /\\.$/)   -> FALSE
(203)     if (&User-Name =~ /@\\./)  
(203)     if (&User-Name =~ /@\\./)   -> FALSE
(203)   } # filter_username filter_username = notfound
(203)   [preprocess] = ok
(203)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(203)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(203)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(203)  auth_log : EXPAND %t
(203)  auth_log :    --> Wed Feb 14 20:05:36 2018
(203)   [auth_log] = ok
(203)   [chap] = noop
(203)   [mschap] = noop
(203)   [digest] = noop
(203)   [wimax] = noop
(203)  suffix : Checking for suffix after "@"
(203)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(203)  suffix : No such realm "siemens.com"
(203)   [suffix] = noop
(203)  eap : Peer sent code Response (2) ID 151 length 106
(203)  eap : Continuing tunnel setup
(203)   [eap] = ok
(203)  } #  authorize = ok
(203) Found Auth-Type = EAP
(203) # Executing group from file /etc/raddb/sites-enabled/default
(203)   authenticate {
(203)  eap : Expiring EAP session with state 0x34b58d2c37779811
(203)  eap : Finished EAP session with state 0x0c2ef1750cb9e4a9
(203)  eap : Previous EAP request found for state 0x0c2ef1750cb9e4a9, released from the list
(203)  eap : Peer sent method TTLS (21)
(203)  eap : EAP TTLS (21)
(203)  eap : Calling eap_ttls to process EAP data
(203)  eap_ttls : Authenticate
(203)  eap_ttls : processing EAP-TLS
  TLS Length 96
(203)  eap_ttls : Length Included
(203)  eap_ttls : eaptls_verify returned 11 
(203)  eap_ttls : (other): before/accept initialization
(203)  eap_ttls : TLS_accept: before/accept initialization
(203)  eap_ttls : <<< Unknown TLS version [length 0005] 
(203)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(203)  eap_ttls : TLS_accept: SSLv3 read client hello A
(203)  eap_ttls : >>> Unknown TLS version [length 0005] 
(203)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(203)  eap_ttls : TLS_accept: SSLv3 write server hello A
(203)  eap_ttls : >>> Unknown TLS version [length 0005] 
(203)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(203)  eap_ttls : TLS_accept: SSLv3 write certificate A
(203)  eap_ttls : >>> Unknown TLS version [length 0005] 
(203)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(203)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(203)  eap_ttls : >>> Unknown TLS version [length 0005] 
(203)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(203)  eap_ttls : TLS_accept: SSLv3 write server done A
(203)  eap_ttls : TLS_accept: SSLv3 flush data
(203)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(203)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(203)  eap_ttls : eaptls_process returned 13 
(203)  eap : New EAP session, adding 'State' attribute to reply 0x0c2ef1750db6e4a9
(203)   [eap] = handled
(203)  } #  authenticate = handled
(203) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=164, length=0
(203) 	EAP-Message = 0x019803ec15c000000702160301004a020000460301f7384657218564e0191c890b64dd760fc6d8794f40472be9bd204283fb924e9b20bf1d2f18ad36eabf598e36a6e920bacb97b872f15738deeab864e956e3cdc01f00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(203) 	Message-Authenticator = 0x00000000000000000000000000000000
(203) 	State = 0x0c2ef1750db6e4a9cded5f65451b0f0d
Sending Access-Challenge Id 164 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019803ec15c000000702160301004a020000460301f7384657218564e0191c890b64dd760fc6d8794f40472be9bd204283fb924e9b20bf1d2f18ad36eabf598e36a6e920bacb97b872f15738deeab864e956e3cdc01f00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x0c2ef1750db6e4a9cded5f65451b0f0d
(203) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 165 from 192.168.99.123:49286 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0x4a8c25fe805fea129ef07e7b27d14249
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x029800061500
	State = 0x0c2ef1750db6e4a9cded5f65451b0f0d
(204) Received Access-Request packet from host 192.168.99.123 port 49286, id=165, length=86
(204) 	Message-Authenticator = 0x4a8c25fe805fea129ef07e7b27d14249
(204) 	NAS-Identifier = 'BS'
(204) 	User-Name = 'CPE9@siemens.com'
(204) 	EAP-Message = 0x029800061500
(204) 	State = 0x0c2ef1750db6e4a9cded5f65451b0f0d
(204) # Executing section authorize from file /etc/raddb/sites-enabled/default
(204)   authorize {
(204)   filter_username filter_username {
(204)     if (!&User-Name) 
(204)     if (!&User-Name)  -> FALSE
(204)     if (&User-Name =~ / /) 
(204)     if (&User-Name =~ / /)  -> FALSE
(204)     if (&User-Name =~ /@.*@/ ) 
(204)     if (&User-Name =~ /@.*@/ )  -> FALSE
(204)     if (&User-Name =~ /\\.\\./ ) 
(204)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(204)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(204)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(204)     if (&User-Name =~ /\\.$/)  
(204)     if (&User-Name =~ /\\.$/)   -> FALSE
(204)     if (&User-Name =~ /@\\./)  
(204)     if (&User-Name =~ /@\\./)   -> FALSE
(204)   } # filter_username filter_username = notfound
(204)   [preprocess] = ok
(204)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(204)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(204)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(204)  auth_log : EXPAND %t
(204)  auth_log :    --> Wed Feb 14 20:05:36 2018
(204)   [auth_log] = ok
(204)   [chap] = noop
(204)   [mschap] = noop
(204)   [digest] = noop
(204)   [wimax] = noop
(204)  suffix : Checking for suffix after "@"
(204)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(204)  suffix : No such realm "siemens.com"
(204)   [suffix] = noop
(204)  eap : Peer sent code Response (2) ID 152 length 6
(204)  eap : Continuing tunnel setup
(204)   [eap] = ok
(204)  } #  authorize = ok
(204) Found Auth-Type = EAP
(204) # Executing group from file /etc/raddb/sites-enabled/default
(204)   authenticate {
(204)  eap : Expiring EAP session with state 0x34b58d2c37779811
(204)  eap : Finished EAP session with state 0x0c2ef1750db6e4a9
(204)  eap : Previous EAP request found for state 0x0c2ef1750db6e4a9, released from the list
(204)  eap : Peer sent method TTLS (21)
(204)  eap : EAP TTLS (21)
(204)  eap : Calling eap_ttls to process EAP data
(204)  eap_ttls : Authenticate
(204)  eap_ttls : processing EAP-TLS
(204)  eap_ttls : Received TLS ACK
(204)  eap_ttls : Received TLS ACK
(204)  eap_ttls : ACK handshake fragment handler
(204)  eap_ttls : eaptls_verify returned 1 
(204)  eap_ttls : eaptls_process returned 13 
(204)  eap : New EAP session, adding 'State' attribute to reply 0x0c2ef1750eb7e4a9
(204)   [eap] = handled
(204)  } #  authenticate = handled
(204) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=165, length=0
(204) 	EAP-Message = 0x0199032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(204) 	Message-Authenticator = 0x00000000000000000000000000000000
(204) 	State = 0x0c2ef1750eb7e4a9cded5f65451b0f0d
Sending Access-Challenge Id 165 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x0199032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x0c2ef1750eb7e4a9cded5f65451b0f0d
(204) Finished request
Waking up in 0.2 seconds.
Waking up in 1.0 seconds.
Received Access-Request Id 169 from 192.168.99.121:49210 to 192.168.99.101:1812 length 289
	Message-Authenticator = 0x4433eb4c5a865964a4b8bc1e1cb554c4
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c800d01580000000c61603010086100000820080849fa1d98ee25c943a960f523f9cc8fdf764b7b6b5f8f7491cc3fd2e16f53fbd26ca8804da7da7a09f6fdcf83822b55ac5868ca278e76af8c83f8378796ddfb1aee7c9cd7c73ef3c554698749daae5d7c99ff4dfc8e984613902e8f49d4371d422aea28edcc2dddaffe370b84c5f0dcde6db59e808a059232d83660bf8468f431403010001011603010030800efbd61af82c394264fcf569669d2d66eb420ec4ecab794e52cb63025dc767e32694db10d9af3aaed6fd194ad198c1
	State = 0x5d1610615fde05d57b641caa06160059
(205) Received Access-Request packet from host 192.168.99.121 port 49210, id=169, length=289
(205) 	Message-Authenticator = 0x4433eb4c5a865964a4b8bc1e1cb554c4
(205) 	NAS-Identifier = 'BS'
(205) 	User-Name = 'CPE11@siemens.com'
(205) 	EAP-Message = 0x02c800d01580000000c61603010086100000820080849fa1d98ee25c943a960f523f9cc8fdf764b7b6b5f8f7491cc3fd2e16f53fbd26ca8804da7da7a09f6fdcf83822b55ac5868ca278e76af8c83f8378796ddfb1aee7c9cd7c73ef3c554698749daae5d7c99ff4dfc8e984613902e8f49d4371d422aea28edcc2dddaffe370b84c5f0dcde6db59e808a059232d83660bf8468f431403010001011603010030800efbd61af82c394264fcf569669d2d66eb420ec4ecab794e52cb63025dc767e32694db10d9af3aaed6fd194ad198c1
(205) 	State = 0x5d1610615fde05d57b641caa06160059
(205) # Executing section authorize from file /etc/raddb/sites-enabled/default
(205)   authorize {
(205)   filter_username filter_username {
(205)     if (!&User-Name) 
(205)     if (!&User-Name)  -> FALSE
(205)     if (&User-Name =~ / /) 
(205)     if (&User-Name =~ / /)  -> FALSE
(205)     if (&User-Name =~ /@.*@/ ) 
(205)     if (&User-Name =~ /@.*@/ )  -> FALSE
(205)     if (&User-Name =~ /\\.\\./ ) 
(205)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(205)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(205)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(205)     if (&User-Name =~ /\\.$/)  
(205)     if (&User-Name =~ /\\.$/)   -> FALSE
(205)     if (&User-Name =~ /@\\./)  
(205)     if (&User-Name =~ /@\\./)   -> FALSE
(205)   } # filter_username filter_username = notfound
(205)   [preprocess] = ok
(205)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(205)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(205)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(205)  auth_log : EXPAND %t
(205)  auth_log :    --> Wed Feb 14 20:05:36 2018
(205)   [auth_log] = ok
(205)   [chap] = noop
(205)   [mschap] = noop
(205)   [digest] = noop
(205)   [wimax] = noop
(205)  suffix : Checking for suffix after "@"
(205)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(205)  suffix : No such realm "siemens.com"
(205)   [suffix] = noop
(205)  eap : Peer sent code Response (2) ID 200 length 208
(205)  eap : Continuing tunnel setup
(205)   [eap] = ok
(205)  } #  authorize = ok
(205) Found Auth-Type = EAP
(205) # Executing group from file /etc/raddb/sites-enabled/default
(205)   authenticate {
(205)  eap : Expiring EAP session with state 0x34b58d2c37779811
(205)  eap : Finished EAP session with state 0x5d1610615fde05d5
(205)  eap : Previous EAP request found for state 0x5d1610615fde05d5, released from the list
(205)  eap : Peer sent method TTLS (21)
(205)  eap : EAP TTLS (21)
(205)  eap : Calling eap_ttls to process EAP data
(205)  eap_ttls : Authenticate
(205)  eap_ttls : processing EAP-TLS
  TLS Length 198
(205)  eap_ttls : Length Included
(205)  eap_ttls : eaptls_verify returned 11 
(205)  eap_ttls : <<< Unknown TLS version [length 0005] 
(205)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(205)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(205)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(205)  eap_ttls : <<< Unknown TLS version [length 0005] 
(205)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(205)  eap_ttls : <<< Unknown TLS version [length 0005] 
(205)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(205)  eap_ttls : TLS_accept: SSLv3 read finished A
(205)  eap_ttls : >>> Unknown TLS version [length 0005] 
(205)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(205)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(205)  eap_ttls : >>> Unknown TLS version [length 0005] 
(205)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(205)  eap_ttls : TLS_accept: SSLv3 write finished A
(205)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 70aab798f71c8d926c908e016e44f578f4dcf8db2ea230d3574c2674fd90e7fc to cache
(205)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(205)  eap_ttls : eaptls_process returned 13 
(205)  eap : New EAP session, adding 'State' attribute to reply 0x5d1610615edf05d5
(205)   [eap] = handled
(205)  } #  authenticate = handled
(205) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=169, length=0
(205) 	EAP-Message = 0x01c9004515800000003b140301000101160301003007aa6a44fccdd1a07f3ec8d78ac57062f08a36310b38ffc10f506f293ad0921758d131fce747e821b31987153a5ed4b4
(205) 	Message-Authenticator = 0x00000000000000000000000000000000
(205) 	State = 0x5d1610615edf05d57b641caa06160059
Sending Access-Challenge Id 169 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c9004515800000003b140301000101160301003007aa6a44fccdd1a07f3ec8d78ac57062f08a36310b38ffc10f506f293ad0921758d131fce747e821b31987153a5ed4b4
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x5d1610615edf05d57b641caa06160059
(205) Finished request
Waking up in 0.3 seconds.
Waking up in 0.4 seconds.
(188) Cleaning up request packet ID 140 with timestamp +136
(189) Cleaning up request packet ID 159 with timestamp +136
(190) Cleaning up request packet ID 160 with timestamp +136
(191) Cleaning up request packet ID 161 with timestamp +136
Waking up in 1.5 seconds.
Received Access-Request Id 144 from 192.168.99.122:49321 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0x982f953d8c13a84faf0cb4dd7b000841
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02bc00d01580000000c6160301008610000082008044456b23de64c4e86fdf222e05aa1409185f8f841949c44cdde330929a626d20c3fdc881a961bf13d8da2cafcba229404c405d86b0399342d34357d36951241d7a76cc02a7c91925723a7057e458c35be6d07691a47f9e462813923d1bff27405d096143706f14ff89ed25a0b57361935e9adc62d41a3083ef5f4f76478f82a01403010001011603010030f1917bd936d424f1d8a6e2eeba43ac8c72045998ff8c32a634f49f7e45b234981fca66eb39e0d41ab84a0df3e61b8b77
	State = 0x5d88004f5f3415d139e4f184de7ed1dd
(206) Received Access-Request packet from host 192.168.99.122 port 49321, id=144, length=288
(206) 	Message-Authenticator = 0x982f953d8c13a84faf0cb4dd7b000841
(206) 	NAS-Identifier = 'BS'
(206) 	User-Name = 'CPE7@siemens.com'
(206) 	EAP-Message = 0x02bc00d01580000000c6160301008610000082008044456b23de64c4e86fdf222e05aa1409185f8f841949c44cdde330929a626d20c3fdc881a961bf13d8da2cafcba229404c405d86b0399342d34357d36951241d7a76cc02a7c91925723a7057e458c35be6d07691a47f9e462813923d1bff27405d096143706f14ff89ed25a0b57361935e9adc62d41a3083ef5f4f76478f82a01403010001011603010030f1917bd936d424f1d8a6e2eeba43ac8c72045998ff8c32a634f49f7e45b234981fca66eb39e0d41ab84a0df3e61b8b77
(206) 	State = 0x5d88004f5f3415d139e4f184de7ed1dd
(206) # Executing section authorize from file /etc/raddb/sites-enabled/default
(206)   authorize {
(206)   filter_username filter_username {
(206)     if (!&User-Name) 
(206)     if (!&User-Name)  -> FALSE
(206)     if (&User-Name =~ / /) 
(206)     if (&User-Name =~ / /)  -> FALSE
(206)     if (&User-Name =~ /@.*@/ ) 
(206)     if (&User-Name =~ /@.*@/ )  -> FALSE
(206)     if (&User-Name =~ /\\.\\./ ) 
(206)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(206)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(206)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(206)     if (&User-Name =~ /\\.$/)  
(206)     if (&User-Name =~ /\\.$/)   -> FALSE
(206)     if (&User-Name =~ /@\\./)  
(206)     if (&User-Name =~ /@\\./)   -> FALSE
(206)   } # filter_username filter_username = notfound
(206)   [preprocess] = ok
(206)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(206)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(206)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(206)  auth_log : EXPAND %t
(206)  auth_log :    --> Wed Feb 14 20:05:38 2018
(206)   [auth_log] = ok
(206)   [chap] = noop
(206)   [mschap] = noop
(206)   [digest] = noop
(206)   [wimax] = noop
(206)  suffix : Checking for suffix after "@"
(206)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(206)  suffix : No such realm "siemens.com"
(206)   [suffix] = noop
(206)  eap : Peer sent code Response (2) ID 188 length 208
(206)  eap : Continuing tunnel setup
(206)   [eap] = ok
(206)  } #  authorize = ok
(206) Found Auth-Type = EAP
(206) # Executing group from file /etc/raddb/sites-enabled/default
(206)   authenticate {
(206)  eap : Expiring EAP session with state 0x34b58d2c37779811
(206)  eap : Finished EAP session with state 0x5d88004f5f3415d1
(206)  eap : Previous EAP request found for state 0x5d88004f5f3415d1, released from the list
(206)  eap : Peer sent method TTLS (21)
(206)  eap : EAP TTLS (21)
(206)  eap : Calling eap_ttls to process EAP data
(206)  eap_ttls : Authenticate
(206)  eap_ttls : processing EAP-TLS
  TLS Length 198
(206)  eap_ttls : Length Included
(206)  eap_ttls : eaptls_verify returned 11 
(206)  eap_ttls : <<< Unknown TLS version [length 0005] 
(206)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(206)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(206)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(206)  eap_ttls : <<< Unknown TLS version [length 0005] 
(206)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(206)  eap_ttls : <<< Unknown TLS version [length 0005] 
(206)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(206)  eap_ttls : TLS_accept: SSLv3 read finished A
(206)  eap_ttls : >>> Unknown TLS version [length 0005] 
(206)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(206)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(206)  eap_ttls : >>> Unknown TLS version [length 0005] 
(206)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(206)  eap_ttls : TLS_accept: SSLv3 write finished A
(206)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 72790cb6f090ad2c308d6c74a56acef0e81bf54fe7274f73fa44463d4a9fea66 to cache
(206)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(206)  eap_ttls : eaptls_process returned 13 
(206)  eap : New EAP session, adding 'State' attribute to reply 0x5d88004f5e3515d1
(206)   [eap] = handled
(206)  } #  authenticate = handled
(206) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=144, length=0
(206) 	EAP-Message = 0x01bd004515800000003b1403010001011603010030b4bbb039307ea572c612699b419733fa08c38c3024e5c598375e826d05c4aa81717eb49d4955f3623743d2a0e80a860a
(206) 	Message-Authenticator = 0x00000000000000000000000000000000
(206) 	State = 0x5d88004f5e3515d139e4f184de7ed1dd
Sending Access-Challenge Id 144 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01bd004515800000003b1403010001011603010030b4bbb039307ea572c612699b419733fa08c38c3024e5c598375e826d05c4aa81717eb49d4955f3623743d2a0e80a860a
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x5d88004f5e3515d139e4f184de7ed1dd
(206) Finished request
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
Received Access-Request Id 166 from 192.168.99.123:49286 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0x3c56f18a59da7ddbf5ec4ea065144d90
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x029900d01580000000c616030100861000008200807753d18201611e2afbc88c43751a8d527d87d701c303688c11f011ad4dc34214eb14be65e22879169c020033a24830d6c6c8ad4374a7c2def94b761012f8e76c5a617c0c299a024ce6c3d17994bddf89f67d01072bd814b9fa2d417ccb5fd37b63b86db79ea6079ad84b3bdba3750a107c4d5460d8b563489284a013532fcf5c14030100010116030100302c297453dda817d29043a3929892e5a5591cc1b8246d755580405cac61ff8b597b6c7ca3c8429fbaa69acc87d39888da
	State = 0x0c2ef1750eb7e4a9cded5f65451b0f0d
(207) Received Access-Request packet from host 192.168.99.123 port 49286, id=166, length=288
(207) 	Message-Authenticator = 0x3c56f18a59da7ddbf5ec4ea065144d90
(207) 	NAS-Identifier = 'BS'
(207) 	User-Name = 'CPE9@siemens.com'
(207) 	EAP-Message = 0x029900d01580000000c616030100861000008200807753d18201611e2afbc88c43751a8d527d87d701c303688c11f011ad4dc34214eb14be65e22879169c020033a24830d6c6c8ad4374a7c2def94b761012f8e76c5a617c0c299a024ce6c3d17994bddf89f67d01072bd814b9fa2d417ccb5fd37b63b86db79ea6079ad84b3bdba3750a107c4d5460d8b563489284a013532fcf5c14030100010116030100302c297453dda817d29043a3929892e5a5591cc1b8246d755580405cac61ff8b597b6c7ca3c8429fbaa69acc87d39888da
(207) 	State = 0x0c2ef1750eb7e4a9cded5f65451b0f0d
(207) # Executing section authorize from file /etc/raddb/sites-enabled/default
(207)   authorize {
(207)   filter_username filter_username {
(207)     if (!&User-Name) 
(207)     if (!&User-Name)  -> FALSE
(207)     if (&User-Name =~ / /) 
(207)     if (&User-Name =~ / /)  -> FALSE
(207)     if (&User-Name =~ /@.*@/ ) 
(207)     if (&User-Name =~ /@.*@/ )  -> FALSE
(207)     if (&User-Name =~ /\\.\\./ ) 
(207)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(207)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(207)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(207)     if (&User-Name =~ /\\.$/)  
(207)     if (&User-Name =~ /\\.$/)   -> FALSE
(207)     if (&User-Name =~ /@\\./)  
(207)     if (&User-Name =~ /@\\./)   -> FALSE
(207)   } # filter_username filter_username = notfound
(207)   [preprocess] = ok
(207)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(207)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(207)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(207)  auth_log : EXPAND %t
(207)  auth_log :    --> Wed Feb 14 20:05:38 2018
(207)   [auth_log] = ok
(207)   [chap] = noop
(207)   [mschap] = noop
(207)   [digest] = noop
(207)   [wimax] = noop
(207)  suffix : Checking for suffix after "@"
(207)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(207)  suffix : No such realm "siemens.com"
(207)   [suffix] = noop
(207)  eap : Peer sent code Response (2) ID 153 length 208
(207)  eap : Continuing tunnel setup
(207)   [eap] = ok
(207)  } #  authorize = ok
(207) Found Auth-Type = EAP
(207) # Executing group from file /etc/raddb/sites-enabled/default
(207)   authenticate {
(207)  eap : Expiring EAP session with state 0x34b58d2c37779811
(207)  eap : Finished EAP session with state 0x0c2ef1750eb7e4a9
(207)  eap : Previous EAP request found for state 0x0c2ef1750eb7e4a9, released from the list
(207)  eap : Peer sent method TTLS (21)
(207)  eap : EAP TTLS (21)
(207)  eap : Calling eap_ttls to process EAP data
(207)  eap_ttls : Authenticate
(207)  eap_ttls : processing EAP-TLS
  TLS Length 198
(207)  eap_ttls : Length Included
(207)  eap_ttls : eaptls_verify returned 11 
(207)  eap_ttls : <<< Unknown TLS version [length 0005] 
(207)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(207)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(207)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(207)  eap_ttls : <<< Unknown TLS version [length 0005] 
(207)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(207)  eap_ttls : <<< Unknown TLS version [length 0005] 
(207)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(207)  eap_ttls : TLS_accept: SSLv3 read finished A
(207)  eap_ttls : >>> Unknown TLS version [length 0005] 
(207)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(207)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(207)  eap_ttls : >>> Unknown TLS version [length 0005] 
(207)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(207)  eap_ttls : TLS_accept: SSLv3 write finished A
(207)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session bf1d2f18ad36eabf598e36a6e920bacb97b872f15738deeab864e956e3cdc01f to cache
(207)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(207)  eap_ttls : eaptls_process returned 13 
(207)  eap : New EAP session, adding 'State' attribute to reply 0x0c2ef1750fb4e4a9
(207)   [eap] = handled
(207)  } #  authenticate = handled
(207) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=166, length=0
(207) 	EAP-Message = 0x019a004515800000003b14030100010116030100306cba54585f938b9f7a3608fe7ea2a2b37756128f379e2955e0219620ab1fa89bc287c4b3297712fc23b5a78231861e26
(207) 	Message-Authenticator = 0x00000000000000000000000000000000
(207) 	State = 0x0c2ef1750fb4e4a9cded5f65451b0f0d
Sending Access-Challenge Id 166 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019a004515800000003b14030100010116030100306cba54585f938b9f7a3608fe7ea2a2b37756128f379e2955e0219620ab1fa89bc287c4b3297712fc23b5a78231861e26
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x0c2ef1750fb4e4a9cded5f65451b0f0d
(207) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 167 from 192.168.99.123:49286 to 192.168.99.101:1812 length 208
	Message-Authenticator = 0x11790fcc32a59cead5c357482a4cd1ca
	NAS-Identifier = 'BS'
	User-Name = 'CPE9@siemens.com'
	EAP-Message = 0x029a0080150017030100209bdcbcc337dde9292b18e55db3d6f61c86711fad3193d51c324735a3a4bc4a2617030100504513c15ce0018920989dc7baef198a7c1bd4ffc71eff01ba2676bb4af3e37cae08bd7e02390b16f58d10e6bc63ad08f694648da31f94a7ffe68c7a1057bcec2686c65e9dcaa3b96e9a73eb5417cfed7d
	State = 0x0c2ef1750fb4e4a9cded5f65451b0f0d
(208) Received Access-Request packet from host 192.168.99.123 port 49286, id=167, length=208
(208) 	Message-Authenticator = 0x11790fcc32a59cead5c357482a4cd1ca
(208) 	NAS-Identifier = 'BS'
(208) 	User-Name = 'CPE9@siemens.com'
(208) 	EAP-Message = 0x029a0080150017030100209bdcbcc337dde9292b18e55db3d6f61c86711fad3193d51c324735a3a4bc4a2617030100504513c15ce0018920989dc7baef198a7c1bd4ffc71eff01ba2676bb4af3e37cae08bd7e02390b16f58d10e6bc63ad08f694648da31f94a7ffe68c7a1057bcec2686c65e9dcaa3b96e9a73eb5417cfed7d
(208) 	State = 0x0c2ef1750fb4e4a9cded5f65451b0f0d
(208) # Executing section authorize from file /etc/raddb/sites-enabled/default
(208)   authorize {
(208)   filter_username filter_username {
(208)     if (!&User-Name) 
(208)     if (!&User-Name)  -> FALSE
(208)     if (&User-Name =~ / /) 
(208)     if (&User-Name =~ / /)  -> FALSE
(208)     if (&User-Name =~ /@.*@/ ) 
(208)     if (&User-Name =~ /@.*@/ )  -> FALSE
(208)     if (&User-Name =~ /\\.\\./ ) 
(208)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(208)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(208)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(208)     if (&User-Name =~ /\\.$/)  
(208)     if (&User-Name =~ /\\.$/)   -> FALSE
(208)     if (&User-Name =~ /@\\./)  
(208)     if (&User-Name =~ /@\\./)   -> FALSE
(208)   } # filter_username filter_username = notfound
(208)   [preprocess] = ok
(208)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(208)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(208)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(208)  auth_log : EXPAND %t
(208)  auth_log :    --> Wed Feb 14 20:05:38 2018
(208)   [auth_log] = ok
(208)   [chap] = noop
(208)   [mschap] = noop
(208)   [digest] = noop
(208)   [wimax] = noop
(208)  suffix : Checking for suffix after "@"
(208)  suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(208)  suffix : No such realm "siemens.com"
(208)   [suffix] = noop
(208)  eap : Peer sent code Response (2) ID 154 length 128
(208)  eap : Continuing tunnel setup
(208)   [eap] = ok
(208)  } #  authorize = ok
(208) Found Auth-Type = EAP
(208) # Executing group from file /etc/raddb/sites-enabled/default
(208)   authenticate {
(208)  eap : Expiring EAP session with state 0x34b58d2c37779811
(208)  eap : Finished EAP session with state 0x0c2ef1750fb4e4a9
(208)  eap : Previous EAP request found for state 0x0c2ef1750fb4e4a9, released from the list
(208)  eap : Peer sent method TTLS (21)
(208)  eap : EAP TTLS (21)
(208)  eap : Calling eap_ttls to process EAP data
(208)  eap_ttls : Authenticate
(208)  eap_ttls : processing EAP-TLS
(208)  eap_ttls : eaptls_verify returned 7 
(208)  eap_ttls : Done initial handshake
(208)  eap_ttls : <<< Unknown TLS version [length 0005] 
(208)  eap_ttls : <<< Unknown TLS version [length 0005] 
(208)  eap_ttls : eaptls_process returned 7 
(208)  eap_ttls : Session established.  Proceeding to decode tunneled attributes
(208)  eap_ttls : Got tunneled request
	User-Name = 'CPE9@siemens.com'
	User-Password = '*PASSWORD*'
(208)  eap_ttls : Sending tunneled request
(208)  server inner-tunnel {
(208)    Request:
	User-Name = 'CPE9@siemens.com'
	User-Password = '*PASSWORD*'
(208)  # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
(208)    authorize {
(208)    [chap] = noop
(208)    [mschap] = noop
(208)   suffix : Checking for suffix after "@"
(208)   suffix : Looking up realm "siemens.com" for User-Name = "CPE9@siemens.com"
(208)   suffix : No such realm "siemens.com"
(208)    [suffix] = noop
(208)    update control {
(208)  	Proxy-To-Realm := 'LOCAL'
(208)    } # update control = noop
(208)   eap : No EAP-Message, not doing EAP
(208)    [eap] = noop
(208)   files : users: Matched entry CPE9@siemens.com at line 109
(208)    [files] = ok
(208)    [expiration] = noop
(208)    [logintime] = noop
(208)    [pap] = updated
(208)   } #  authorize = updated
(208)  Found Auth-Type = PAP
(208)  # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(208)   Auth-Type PAP {
(208)   pap : Login attempt with password
(208)   pap : User authenticated successfully
(208)    [pap] = ok
(208)   } # Auth-Type PAP = ok
(208)  Login OK: [CPE9@siemens.com] (from client BS3 port 0 via TLS tunnel)
(208)  # Executing section post-auth from file /etc/raddb/sites-enabled/inner-tunnel
(208)   post-auth { ... } # empty sub-section is ignored
(208)    Reply:
(208)  } # server inner-tunnel
(208)  eap_ttls : Got tunneled Access-Accept
(208)  WARNING: eap_ttls : No information to cache: session caching will be disabled for session bf1d2f18ad36eabf598e36a6e920bacb97b872f15738deeab864e956e3cdc01f
  SSL: Removing session bf1d2f18ad36eabf598e36a6e920bacb97b872f15738deeab864e956e3cdc01f from the cache
(208)  eap : Freeing handler
(208)   [eap] = ok
(208)  } #  authenticate = ok
(208) Login OK: [CPE9@siemens.com] (from client BS3 port 0)
(208) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(208)   post-auth {
(208)   [exec] = noop
(208)   update reply {
(208) 	Session-Timeout := 1800
(208)   } # update reply = noop
(208)   remove_reply_message_if_eap remove_reply_message_if_eap {
(208)     if (&reply:EAP-Message && &reply:Reply-Message) 
(208)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(208)    else else {
(208)     [noop] = noop
(208)    } # else else = noop
(208)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(208)  } #  post-auth = noop
(208) Sending Access-Accept packet to host 192.168.99.123 port 49286, id=167, length=0
(208) 	MS-MPPE-Recv-Key = 0x11b2495c2831178afc9bae3073b233d36cc800bab7096e20d6f298ff05e2bfd5
(208) 	MS-MPPE-Send-Key = 0x909886fc560ad033abb9ad0869c0886f217f5560f8796dd435266e61b257776c
(208) 	EAP-MSK = 0x11b2495c2831178afc9bae3073b233d36cc800bab7096e20d6f298ff05e2bfd5909886fc560ad033abb9ad0869c0886f217f5560f8796dd435266e61b257776c
(208) 	EAP-EMSK = 0x40c2d8d2b36634528cbeb04888eacb9dd7ec60e5f366addabc0f461bb69a7e1fdaa352cbe8d42c5906e3251bd97137d082e2d337ad59bb81fd89afc0cd57c191
(208) 	EAP-Session-Id = 0x1554ab17ed3bbcda4af1e402e2c7a239ea77f4f0961e88b0aba7e90ba4ce0b96caf7384657218564e0191c890b64dd760fc6d8794f40472be9bd204283fb924e9b
(208) 	EAP-Message = 0x039a0004
(208) 	Message-Authenticator = 0x00000000000000000000000000000000
(208) 	User-Name = 'CPE9@siemens.com'
(208) 	Session-Timeout := 1800
Sending Access-Accept Id 167 from 192.168.99.101:1812 to 192.168.99.123:49286
	MS-MPPE-Recv-Key = 0x11b2495c2831178afc9bae3073b233d36cc800bab7096e20d6f298ff05e2bfd5
	MS-MPPE-Send-Key = 0x909886fc560ad033abb9ad0869c0886f217f5560f8796dd435266e61b257776c
	EAP-Message = 0x039a0004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = 'CPE9@siemens.com'
	Session-Timeout := 1800
(208) Finished request
Waking up in 0.2 seconds.
Waking up in 0.2 seconds.
(192) Cleaning up request packet ID 1 with timestamp +138
(193) Cleaning up request packet ID 166 with timestamp +138
(194) Cleaning up request packet ID 1 with timestamp +138
(195) Cleaning up request packet ID 167 with timestamp +138
(196) Cleaning up request packet ID 168 with timestamp +138
Waking up in 0.1 seconds.
(197) Cleaning up request packet ID 1 with timestamp +138
Waking up in 0.6 seconds.
Received Access-Request Id 145 from 192.168.99.122:49321 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x00d846896494fd6d1bcbbda405db3eac
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02ba00150143504536407369656d656e732e636f6d
(209) Received Access-Request packet from host 192.168.99.122 port 49321, id=145, length=83
(209) 	Message-Authenticator = 0x00d846896494fd6d1bcbbda405db3eac
(209) 	NAS-Identifier = 'BS'
(209) 	User-Name = 'CPE6@siemens.com'
(209) 	EAP-Message = 0x02ba00150143504536407369656d656e732e636f6d
(209) # Executing section authorize from file /etc/raddb/sites-enabled/default
(209)   authorize {
(209)   filter_username filter_username {
(209)     if (!&User-Name) 
(209)     if (!&User-Name)  -> FALSE
(209)     if (&User-Name =~ / /) 
(209)     if (&User-Name =~ / /)  -> FALSE
(209)     if (&User-Name =~ /@.*@/ ) 
(209)     if (&User-Name =~ /@.*@/ )  -> FALSE
(209)     if (&User-Name =~ /\\.\\./ ) 
(209)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(209)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(209)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(209)     if (&User-Name =~ /\\.$/)  
(209)     if (&User-Name =~ /\\.$/)   -> FALSE
(209)     if (&User-Name =~ /@\\./)  
(209)     if (&User-Name =~ /@\\./)   -> FALSE
(209)   } # filter_username filter_username = notfound
(209)   [preprocess] = ok
(209)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(209)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(209)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(209)  auth_log : EXPAND %t
(209)  auth_log :    --> Wed Feb 14 20:05:39 2018
(209)   [auth_log] = ok
(209)   [chap] = noop
(209)   [mschap] = noop
(209)   [digest] = noop
(209)   [wimax] = noop
(209)  suffix : Checking for suffix after "@"
(209)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(209)  suffix : No such realm "siemens.com"
(209)   [suffix] = noop
(209)  eap : Peer sent code Response (2) ID 186 length 21
(209)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(209)   [eap] = ok
(209)  } #  authorize = ok
(209) Found Auth-Type = EAP
(209) # Executing group from file /etc/raddb/sites-enabled/default
(209)   authenticate {
(209)  eap : Peer sent method Identity (1)
(209)  eap : Calling eap_ttls to process EAP data
(209)  eap_ttls : Initiate
(209)  eap_ttls : Start returned 1
(209)  eap : New EAP session, adding 'State' attribute to reply 0x2ee663df2e5d76c8
(209)   [eap] = handled
(209)  } #  authenticate = handled
(209) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=145, length=0
(209) 	EAP-Message = 0x01bb00061520
(209) 	Message-Authenticator = 0x00000000000000000000000000000000
(209) 	State = 0x2ee663df2e5d76c8b3786d55f95a2b46
Sending Access-Challenge Id 145 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01bb00061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x2ee663df2e5d76c8b3786d55f95a2b46
(209) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 146 from 192.168.99.122:49321 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x83acd473aac68c435d1ed6ff8d903f58
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02bb006a158000000060160301005b01000057030154acd569ec576b593a782fe6c402be3b809b236e1b5885bbbc8b8f1a39eb19d500003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x2ee663df2e5d76c8b3786d55f95a2b46
(210) Received Access-Request packet from host 192.168.99.122 port 49321, id=146, length=186
(210) 	Message-Authenticator = 0x83acd473aac68c435d1ed6ff8d903f58
(210) 	NAS-Identifier = 'BS'
(210) 	User-Name = 'CPE6@siemens.com'
(210) 	EAP-Message = 0x02bb006a158000000060160301005b01000057030154acd569ec576b593a782fe6c402be3b809b236e1b5885bbbc8b8f1a39eb19d500003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(210) 	State = 0x2ee663df2e5d76c8b3786d55f95a2b46
(210) # Executing section authorize from file /etc/raddb/sites-enabled/default
(210)   authorize {
(210)   filter_username filter_username {
(210)     if (!&User-Name) 
(210)     if (!&User-Name)  -> FALSE
(210)     if (&User-Name =~ / /) 
(210)     if (&User-Name =~ / /)  -> FALSE
(210)     if (&User-Name =~ /@.*@/ ) 
(210)     if (&User-Name =~ /@.*@/ )  -> FALSE
(210)     if (&User-Name =~ /\\.\\./ ) 
(210)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(210)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(210)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(210)     if (&User-Name =~ /\\.$/)  
(210)     if (&User-Name =~ /\\.$/)   -> FALSE
(210)     if (&User-Name =~ /@\\./)  
(210)     if (&User-Name =~ /@\\./)   -> FALSE
(210)   } # filter_username filter_username = notfound
(210)   [preprocess] = ok
(210)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(210)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(210)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(210)  auth_log : EXPAND %t
(210)  auth_log :    --> Wed Feb 14 20:05:39 2018
(210)   [auth_log] = ok
(210)   [chap] = noop
(210)   [mschap] = noop
(210)   [digest] = noop
(210)   [wimax] = noop
(210)  suffix : Checking for suffix after "@"
(210)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(210)  suffix : No such realm "siemens.com"
(210)   [suffix] = noop
(210)  eap : Peer sent code Response (2) ID 187 length 106
(210)  eap : Continuing tunnel setup
(210)   [eap] = ok
(210)  } #  authorize = ok
(210) Found Auth-Type = EAP
(210) # Executing group from file /etc/raddb/sites-enabled/default
(210)   authenticate {
(210)  eap : Expiring EAP session with state 0x34b58d2c37779811
(210)  eap : Finished EAP session with state 0x2ee663df2e5d76c8
(210)  eap : Previous EAP request found for state 0x2ee663df2e5d76c8, released from the list
(210)  eap : Peer sent method TTLS (21)
(210)  eap : EAP TTLS (21)
(210)  eap : Calling eap_ttls to process EAP data
(210)  eap_ttls : Authenticate
(210)  eap_ttls : processing EAP-TLS
  TLS Length 96
(210)  eap_ttls : Length Included
(210)  eap_ttls : eaptls_verify returned 11 
(210)  eap_ttls : (other): before/accept initialization
(210)  eap_ttls : TLS_accept: before/accept initialization
(210)  eap_ttls : <<< Unknown TLS version [length 0005] 
(210)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(210)  eap_ttls : TLS_accept: SSLv3 read client hello A
(210)  eap_ttls : >>> Unknown TLS version [length 0005] 
(210)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(210)  eap_ttls : TLS_accept: SSLv3 write server hello A
(210)  eap_ttls : >>> Unknown TLS version [length 0005] 
(210)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(210)  eap_ttls : TLS_accept: SSLv3 write certificate A
(210)  eap_ttls : >>> Unknown TLS version [length 0005] 
(210)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(210)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(210)  eap_ttls : >>> Unknown TLS version [length 0005] 
(210)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(210)  eap_ttls : TLS_accept: SSLv3 write server done A
(210)  eap_ttls : TLS_accept: SSLv3 flush data
(210)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(210)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(210)  eap_ttls : eaptls_process returned 13 
(210)  eap : New EAP session, adding 'State' attribute to reply 0x2ee663df2f5a76c8
(210)   [eap] = handled
(210)  } #  authenticate = handled
(210) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=146, length=0
(210) 	EAP-Message = 0x01bc03ec15c000000702160301004a020000460301135e4de8acb68a76a42bbafbb73707094f7e9de484cabd518a4c334ad13403e320b43800fc36e41871d6706b63279a68c871acad37d91293440a5ee7eafd19e4fa00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(210) 	Message-Authenticator = 0x00000000000000000000000000000000
(210) 	State = 0x2ee663df2f5a76c8b3786d55f95a2b46
Sending Access-Challenge Id 146 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01bc03ec15c000000702160301004a020000460301135e4de8acb68a76a42bbafbb73707094f7e9de484cabd518a4c334ad13403e320b43800fc36e41871d6706b63279a68c871acad37d91293440a5ee7eafd19e4fa00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x2ee663df2f5a76c8b3786d55f95a2b46
(210) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 147 from 192.168.99.122:49321 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0xc2c0e196b5f1d1b5930d937e183ec685
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02bc00061500
	State = 0x2ee663df2f5a76c8b3786d55f95a2b46
(211) Received Access-Request packet from host 192.168.99.122 port 49321, id=147, length=86
(211) 	Message-Authenticator = 0xc2c0e196b5f1d1b5930d937e183ec685
(211) 	NAS-Identifier = 'BS'
(211) 	User-Name = 'CPE6@siemens.com'
(211) 	EAP-Message = 0x02bc00061500
(211) 	State = 0x2ee663df2f5a76c8b3786d55f95a2b46
(211) # Executing section authorize from file /etc/raddb/sites-enabled/default
(211)   authorize {
(211)   filter_username filter_username {
(211)     if (!&User-Name) 
(211)     if (!&User-Name)  -> FALSE
(211)     if (&User-Name =~ / /) 
(211)     if (&User-Name =~ / /)  -> FALSE
(211)     if (&User-Name =~ /@.*@/ ) 
(211)     if (&User-Name =~ /@.*@/ )  -> FALSE
(211)     if (&User-Name =~ /\\.\\./ ) 
(211)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(211)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(211)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(211)     if (&User-Name =~ /\\.$/)  
(211)     if (&User-Name =~ /\\.$/)   -> FALSE
(211)     if (&User-Name =~ /@\\./)  
(211)     if (&User-Name =~ /@\\./)   -> FALSE
(211)   } # filter_username filter_username = notfound
(211)   [preprocess] = ok
(211)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(211)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(211)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(211)  auth_log : EXPAND %t
(211)  auth_log :    --> Wed Feb 14 20:05:39 2018
(211)   [auth_log] = ok
(211)   [chap] = noop
(211)   [mschap] = noop
(211)   [digest] = noop
(211)   [wimax] = noop
(211)  suffix : Checking for suffix after "@"
(211)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(211)  suffix : No such realm "siemens.com"
(211)   [suffix] = noop
(211)  eap : Peer sent code Response (2) ID 188 length 6
(211)  eap : Continuing tunnel setup
(211)   [eap] = ok
(211)  } #  authorize = ok
(211) Found Auth-Type = EAP
(211) # Executing group from file /etc/raddb/sites-enabled/default
(211)   authenticate {
(211)  eap : Expiring EAP session with state 0x34b58d2c37779811
(211)  eap : Finished EAP session with state 0x2ee663df2f5a76c8
(211)  eap : Previous EAP request found for state 0x2ee663df2f5a76c8, released from the list
(211)  eap : Peer sent method TTLS (21)
(211)  eap : EAP TTLS (21)
(211)  eap : Calling eap_ttls to process EAP data
(211)  eap_ttls : Authenticate
(211)  eap_ttls : processing EAP-TLS
(211)  eap_ttls : Received TLS ACK
(211)  eap_ttls : Received TLS ACK
(211)  eap_ttls : ACK handshake fragment handler
(211)  eap_ttls : eaptls_verify returned 1 
(211)  eap_ttls : eaptls_process returned 13 
(211)  eap : New EAP session, adding 'State' attribute to reply 0x2ee663df2c5b76c8
(211)   [eap] = handled
(211)  } #  authenticate = handled
(211) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=147, length=0
(211) 	EAP-Message = 0x01bd032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(211) 	Message-Authenticator = 0x00000000000000000000000000000000
(211) 	State = 0x2ee663df2c5b76c8b3786d55f95a2b46
Sending Access-Challenge Id 147 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01bd032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x2ee663df2c5b76c8b3786d55f95a2b46
(211) Finished request
Waking up in 0.1 seconds.
(198) Cleaning up request packet ID 162 with timestamp +139
Received Access-Request Id 1 from 192.168.99.121:49210 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(212) Received Access-Request packet from host 192.168.99.121 port 49210, id=1, length=49
(212) 	NAS-Identifier = 'BS'
(212) 	User-Name = 'dummy'
(212) 	User-Password = '*PASSWORD*'
(212) # Executing section authorize from file /etc/raddb/sites-enabled/default
(212)   authorize {
(212)   filter_username filter_username {
(212)     if (!&User-Name) 
(212)     if (!&User-Name)  -> FALSE
(212)     if (&User-Name =~ / /) 
(212)     if (&User-Name =~ / /)  -> FALSE
(212)     if (&User-Name =~ /@.*@/ ) 
(212)     if (&User-Name =~ /@.*@/ )  -> FALSE
(212)     if (&User-Name =~ /\\.\\./ ) 
(212)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(212)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(212)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(212)     if (&User-Name =~ /\\.$/)  
(212)     if (&User-Name =~ /\\.$/)   -> FALSE
(212)     if (&User-Name =~ /@\\./)  
(212)     if (&User-Name =~ /@\\./)   -> FALSE
(212)   } # filter_username filter_username = notfound
(212)   [preprocess] = ok
(212)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(212)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(212)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(212)  auth_log : EXPAND %t
(212)  auth_log :    --> Wed Feb 14 20:05:40 2018
(212)   [auth_log] = ok
(212)   [chap] = noop
(212)   [mschap] = noop
(212)   [digest] = noop
(212)   [wimax] = noop
(212)  suffix : Checking for suffix after "@"
(212)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(212)  suffix : No such realm "NULL"
(212)   [suffix] = noop
(212)  eap : No EAP-Message, not doing EAP
(212)   [eap] = noop
(212)  files : users: Matched entry dummy at line 159
(212)   [files] = ok
(212)   [expiration] = noop
(212)   [logintime] = noop
(212)   [pap] = updated
(212)  } #  authorize = updated
(212) Found Auth-Type = PAP
(212) # Executing group from file /etc/raddb/sites-enabled/default
(212)  Auth-Type PAP {
(212)  pap : Login attempt with password
(212)  pap : User authenticated successfully
(212)   [pap] = ok
(212)  } # Auth-Type PAP = ok
(212) Login OK: [dummy] (from client BS1 port 0)
(212) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(212)   post-auth {
(212)   [exec] = noop
(212)   update reply {
(212) 	Session-Timeout := 1800
(212)   } # update reply = noop
(212)   remove_reply_message_if_eap remove_reply_message_if_eap {
(212)     if (&reply:EAP-Message && &reply:Reply-Message) 
(212)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(212)    else else {
(212)     [noop] = noop
(212)    } # else else = noop
(212)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(212)  } #  post-auth = noop
(212) Sending Access-Accept packet to host 192.168.99.121 port 49210, id=1, length=0
(212) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.121:49210
	Session-Timeout := 1800
(212) Finished request
Waking up in 0.2 seconds.
(199) Cleaning up request packet ID 141 with timestamp +139
(200) Cleaning up request packet ID 142 with timestamp +139
(201) Cleaning up request packet ID 143 with timestamp +139
Waking up in 0.2 seconds.
(202) Cleaning up request packet ID 163 with timestamp +139
(203) Cleaning up request packet ID 164 with timestamp +140
(204) Cleaning up request packet ID 165 with timestamp +140
Waking up in 0.5 seconds.
(205) Cleaning up request packet ID 169 with timestamp +140
Waking up in 1.4 seconds.
Received Access-Request Id 148 from 192.168.99.122:49321 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0x3ddf31399eeea483a121da1fca25b00c
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02bd00d01580000000c61603010086100000820080396bbeaffe27177eac574e12a1aac79e861663ad9b450acbe1cbb30ddbdcdad8bac0a6bc162f44d2ff122300005492e572358c71f86624637edf45b5c64b8437983eddc9cdc65d6be983e0fcfd77df2db3a7bf655e62a4aced1a47b566454aad14649e4ee80dc7722d6475f9dc0ae6ec74eee6cbfbab1196f6054acfef2c6c2014030100010116030100307c86ee9895ea4622592b43db80e6d7c73beb1eb3901dd8a1861b2dbed58d056b827b6cfa211b58cada0f28d1b491d7e7
	State = 0x2ee663df2c5b76c8b3786d55f95a2b46
(213) Received Access-Request packet from host 192.168.99.122 port 49321, id=148, length=288
(213) 	Message-Authenticator = 0x3ddf31399eeea483a121da1fca25b00c
(213) 	NAS-Identifier = 'BS'
(213) 	User-Name = 'CPE6@siemens.com'
(213) 	EAP-Message = 0x02bd00d01580000000c61603010086100000820080396bbeaffe27177eac574e12a1aac79e861663ad9b450acbe1cbb30ddbdcdad8bac0a6bc162f44d2ff122300005492e572358c71f86624637edf45b5c64b8437983eddc9cdc65d6be983e0fcfd77df2db3a7bf655e62a4aced1a47b566454aad14649e4ee80dc7722d6475f9dc0ae6ec74eee6cbfbab1196f6054acfef2c6c2014030100010116030100307c86ee9895ea4622592b43db80e6d7c73beb1eb3901dd8a1861b2dbed58d056b827b6cfa211b58cada0f28d1b491d7e7
(213) 	State = 0x2ee663df2c5b76c8b3786d55f95a2b46
(213) # Executing section authorize from file /etc/raddb/sites-enabled/default
(213)   authorize {
(213)   filter_username filter_username {
(213)     if (!&User-Name) 
(213)     if (!&User-Name)  -> FALSE
(213)     if (&User-Name =~ / /) 
(213)     if (&User-Name =~ / /)  -> FALSE
(213)     if (&User-Name =~ /@.*@/ ) 
(213)     if (&User-Name =~ /@.*@/ )  -> FALSE
(213)     if (&User-Name =~ /\\.\\./ ) 
(213)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(213)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(213)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(213)     if (&User-Name =~ /\\.$/)  
(213)     if (&User-Name =~ /\\.$/)   -> FALSE
(213)     if (&User-Name =~ /@\\./)  
(213)     if (&User-Name =~ /@\\./)   -> FALSE
(213)   } # filter_username filter_username = notfound
(213)   [preprocess] = ok
(213)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(213)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(213)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(213)  auth_log : EXPAND %t
(213)  auth_log :    --> Wed Feb 14 20:05:42 2018
(213)   [auth_log] = ok
(213)   [chap] = noop
(213)   [mschap] = noop
(213)   [digest] = noop
(213)   [wimax] = noop
(213)  suffix : Checking for suffix after "@"
(213)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(213)  suffix : No such realm "siemens.com"
(213)   [suffix] = noop
(213)  eap : Peer sent code Response (2) ID 189 length 208
(213)  eap : Continuing tunnel setup
(213)   [eap] = ok
(213)  } #  authorize = ok
(213) Found Auth-Type = EAP
(213) # Executing group from file /etc/raddb/sites-enabled/default
(213)   authenticate {
(213)  eap : Expiring EAP session with state 0x34b58d2c37779811
(213)  eap : Finished EAP session with state 0x2ee663df2c5b76c8
(213)  eap : Previous EAP request found for state 0x2ee663df2c5b76c8, released from the list
(213)  eap : Peer sent method TTLS (21)
(213)  eap : EAP TTLS (21)
(213)  eap : Calling eap_ttls to process EAP data
(213)  eap_ttls : Authenticate
(213)  eap_ttls : processing EAP-TLS
  TLS Length 198
(213)  eap_ttls : Length Included
(213)  eap_ttls : eaptls_verify returned 11 
(213)  eap_ttls : <<< Unknown TLS version [length 0005] 
(213)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(213)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(213)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(213)  eap_ttls : <<< Unknown TLS version [length 0005] 
(213)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(213)  eap_ttls : <<< Unknown TLS version [length 0005] 
(213)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(213)  eap_ttls : TLS_accept: SSLv3 read finished A
(213)  eap_ttls : >>> Unknown TLS version [length 0005] 
(213)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(213)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(213)  eap_ttls : >>> Unknown TLS version [length 0005] 
(213)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(213)  eap_ttls : TLS_accept: SSLv3 write finished A
(213)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session b43800fc36e41871d6706b63279a68c871acad37d91293440a5ee7eafd19e4fa to cache
(213)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(213)  eap_ttls : eaptls_process returned 13 
(213)  eap : New EAP session, adding 'State' attribute to reply 0x2ee663df2d5876c8
(213)   [eap] = handled
(213)  } #  authenticate = handled
(213) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=148, length=0
(213) 	EAP-Message = 0x01be004515800000003b1403010001011603010030975cad3da16c39acb5b8c93727e57ff52760237dc77d84768806376928ad6596be2216f1917be31ea31efcd22287eab2
(213) 	Message-Authenticator = 0x00000000000000000000000000000000
(213) 	State = 0x2ee663df2d5876c8b3786d55f95a2b46
Sending Access-Challenge Id 148 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01be004515800000003b1403010001011603010030975cad3da16c39acb5b8c93727e57ff52760237dc77d84768806376928ad6596be2216f1917be31ea31efcd22287eab2
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x2ee663df2d5876c8b3786d55f95a2b46
(213) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 168 from 192.168.99.123:49286 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x791b2c4c3cc6e40186f0fb213a644c75
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x029700150143504538407369656d656e732e636f6d
(214) Received Access-Request packet from host 192.168.99.123 port 49286, id=168, length=83
(214) 	Message-Authenticator = 0x791b2c4c3cc6e40186f0fb213a644c75
(214) 	NAS-Identifier = 'BS'
(214) 	User-Name = 'CPE8@siemens.com'
(214) 	EAP-Message = 0x029700150143504538407369656d656e732e636f6d
(214) # Executing section authorize from file /etc/raddb/sites-enabled/default
(214)   authorize {
(214)   filter_username filter_username {
(214)     if (!&User-Name) 
(214)     if (!&User-Name)  -> FALSE
(214)     if (&User-Name =~ / /) 
(214)     if (&User-Name =~ / /)  -> FALSE
(214)     if (&User-Name =~ /@.*@/ ) 
(214)     if (&User-Name =~ /@.*@/ )  -> FALSE
(214)     if (&User-Name =~ /\\.\\./ ) 
(214)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(214)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(214)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(214)     if (&User-Name =~ /\\.$/)  
(214)     if (&User-Name =~ /\\.$/)   -> FALSE
(214)     if (&User-Name =~ /@\\./)  
(214)     if (&User-Name =~ /@\\./)   -> FALSE
(214)   } # filter_username filter_username = notfound
(214)   [preprocess] = ok
(214)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(214)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(214)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(214)  auth_log : EXPAND %t
(214)  auth_log :    --> Wed Feb 14 20:05:42 2018
(214)   [auth_log] = ok
(214)   [chap] = noop
(214)   [mschap] = noop
(214)   [digest] = noop
(214)   [wimax] = noop
(214)  suffix : Checking for suffix after "@"
(214)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(214)  suffix : No such realm "siemens.com"
(214)   [suffix] = noop
(214)  eap : Peer sent code Response (2) ID 151 length 21
(214)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(214)   [eap] = ok
(214)  } #  authorize = ok
(214) Found Auth-Type = EAP
(214) # Executing group from file /etc/raddb/sites-enabled/default
(214)   authenticate {
(214)  eap : Peer sent method Identity (1)
(214)  eap : Calling eap_ttls to process EAP data
(214)  eap_ttls : Initiate
(214)  eap_ttls : Start returned 1
(214)  eap : New EAP session, adding 'State' attribute to reply 0xf6adef5cf635faa0
(214)   [eap] = handled
(214)  } #  authenticate = handled
(214) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=168, length=0
(214) 	EAP-Message = 0x019800061520
(214) 	Message-Authenticator = 0x00000000000000000000000000000000
(214) 	State = 0xf6adef5cf635faa0be27d1a911a7f3f7
Sending Access-Challenge Id 168 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019800061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xf6adef5cf635faa0be27d1a911a7f3f7
(214) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 169 from 192.168.99.123:49286 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x548f743798f94a70e54584ed54ce55e0
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x0298006a158000000060160301005b01000057030154a651005bc8f78cef2be4f47001c1cc9123dae3fa020f2b9878a6f70aa1fab200003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0xf6adef5cf635faa0be27d1a911a7f3f7
(215) Received Access-Request packet from host 192.168.99.123 port 49286, id=169, length=186
(215) 	Message-Authenticator = 0x548f743798f94a70e54584ed54ce55e0
(215) 	NAS-Identifier = 'BS'
(215) 	User-Name = 'CPE8@siemens.com'
(215) 	EAP-Message = 0x0298006a158000000060160301005b01000057030154a651005bc8f78cef2be4f47001c1cc9123dae3fa020f2b9878a6f70aa1fab200003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(215) 	State = 0xf6adef5cf635faa0be27d1a911a7f3f7
(215) # Executing section authorize from file /etc/raddb/sites-enabled/default
(215)   authorize {
(215)   filter_username filter_username {
(215)     if (!&User-Name) 
(215)     if (!&User-Name)  -> FALSE
(215)     if (&User-Name =~ / /) 
(215)     if (&User-Name =~ / /)  -> FALSE
(215)     if (&User-Name =~ /@.*@/ ) 
(215)     if (&User-Name =~ /@.*@/ )  -> FALSE
(215)     if (&User-Name =~ /\\.\\./ ) 
(215)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(215)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(215)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(215)     if (&User-Name =~ /\\.$/)  
(215)     if (&User-Name =~ /\\.$/)   -> FALSE
(215)     if (&User-Name =~ /@\\./)  
(215)     if (&User-Name =~ /@\\./)   -> FALSE
(215)   } # filter_username filter_username = notfound
(215)   [preprocess] = ok
(215)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(215)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(215)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(215)  auth_log : EXPAND %t
(215)  auth_log :    --> Wed Feb 14 20:05:42 2018
(215)   [auth_log] = ok
(215)   [chap] = noop
(215)   [mschap] = noop
(215)   [digest] = noop
(215)   [wimax] = noop
(215)  suffix : Checking for suffix after "@"
(215)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(215)  suffix : No such realm "siemens.com"
(215)   [suffix] = noop
(215)  eap : Peer sent code Response (2) ID 152 length 106
(215)  eap : Continuing tunnel setup
(215)   [eap] = ok
(215)  } #  authorize = ok
(215) Found Auth-Type = EAP
(215) # Executing group from file /etc/raddb/sites-enabled/default
(215)   authenticate {
(215)  eap : Expiring EAP session with state 0x34b58d2c37779811
(215)  eap : Finished EAP session with state 0xf6adef5cf635faa0
(215)  eap : Previous EAP request found for state 0xf6adef5cf635faa0, released from the list
(215)  eap : Peer sent method TTLS (21)
(215)  eap : EAP TTLS (21)
(215)  eap : Calling eap_ttls to process EAP data
(215)  eap_ttls : Authenticate
(215)  eap_ttls : processing EAP-TLS
  TLS Length 96
(215)  eap_ttls : Length Included
(215)  eap_ttls : eaptls_verify returned 11 
(215)  eap_ttls : (other): before/accept initialization
(215)  eap_ttls : TLS_accept: before/accept initialization
(215)  eap_ttls : <<< Unknown TLS version [length 0005] 
(215)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(215)  eap_ttls : TLS_accept: SSLv3 read client hello A
(215)  eap_ttls : >>> Unknown TLS version [length 0005] 
(215)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(215)  eap_ttls : TLS_accept: SSLv3 write server hello A
(215)  eap_ttls : >>> Unknown TLS version [length 0005] 
(215)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(215)  eap_ttls : TLS_accept: SSLv3 write certificate A
(215)  eap_ttls : >>> Unknown TLS version [length 0005] 
(215)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(215)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(215)  eap_ttls : >>> Unknown TLS version [length 0005] 
(215)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(215)  eap_ttls : TLS_accept: SSLv3 write server done A
(215)  eap_ttls : TLS_accept: SSLv3 flush data
(215)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(215)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(215)  eap_ttls : eaptls_process returned 13 
(215)  eap : New EAP session, adding 'State' attribute to reply 0xf6adef5cf734faa0
(215)   [eap] = handled
(215)  } #  authenticate = handled
(215) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=169, length=0
(215) 	EAP-Message = 0x019903ec15c000000702160301004a020000460301684523c06a1252fdd654ed89f77a8f4868f0cc6866985663dc6ab92d220e08ac20854d1b5dac64ec90314f17cce94f1bf5ec0e080e8efcd6017c52a44f79dc8bb400390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(215) 	Message-Authenticator = 0x00000000000000000000000000000000
(215) 	State = 0xf6adef5cf734faa0be27d1a911a7f3f7
Sending Access-Challenge Id 169 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019903ec15c000000702160301004a020000460301684523c06a1252fdd654ed89f77a8f4868f0cc6866985663dc6ab92d220e08ac20854d1b5dac64ec90314f17cce94f1bf5ec0e080e8efcd6017c52a44f79dc8bb400390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xf6adef5cf734faa0be27d1a911a7f3f7
(215) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 170 from 192.168.99.123:49286 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0x47b5b0c7983a946a68991f57dd70df88
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x029900061500
	State = 0xf6adef5cf734faa0be27d1a911a7f3f7
(216) Received Access-Request packet from host 192.168.99.123 port 49286, id=170, length=86
(216) 	Message-Authenticator = 0x47b5b0c7983a946a68991f57dd70df88
(216) 	NAS-Identifier = 'BS'
(216) 	User-Name = 'CPE8@siemens.com'
(216) 	EAP-Message = 0x029900061500
(216) 	State = 0xf6adef5cf734faa0be27d1a911a7f3f7
(216) # Executing section authorize from file /etc/raddb/sites-enabled/default
(216)   authorize {
(216)   filter_username filter_username {
(216)     if (!&User-Name) 
(216)     if (!&User-Name)  -> FALSE
(216)     if (&User-Name =~ / /) 
(216)     if (&User-Name =~ / /)  -> FALSE
(216)     if (&User-Name =~ /@.*@/ ) 
(216)     if (&User-Name =~ /@.*@/ )  -> FALSE
(216)     if (&User-Name =~ /\\.\\./ ) 
(216)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(216)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(216)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(216)     if (&User-Name =~ /\\.$/)  
(216)     if (&User-Name =~ /\\.$/)   -> FALSE
(216)     if (&User-Name =~ /@\\./)  
(216)     if (&User-Name =~ /@\\./)   -> FALSE
(216)   } # filter_username filter_username = notfound
(216)   [preprocess] = ok
(216)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(216)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(216)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(216)  auth_log : EXPAND %t
(216)  auth_log :    --> Wed Feb 14 20:05:42 2018
(216)   [auth_log] = ok
(216)   [chap] = noop
(216)   [mschap] = noop
(216)   [digest] = noop
(216)   [wimax] = noop
(216)  suffix : Checking for suffix after "@"
(216)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(216)  suffix : No such realm "siemens.com"
(216)   [suffix] = noop
(216)  eap : Peer sent code Response (2) ID 153 length 6
(216)  eap : Continuing tunnel setup
(216)   [eap] = ok
(216)  } #  authorize = ok
(216) Found Auth-Type = EAP
(216) # Executing group from file /etc/raddb/sites-enabled/default
(216)   authenticate {
(216)  eap : Expiring EAP session with state 0x34b58d2c37779811
(216)  eap : Finished EAP session with state 0xf6adef5cf734faa0
(216)  eap : Previous EAP request found for state 0xf6adef5cf734faa0, released from the list
(216)  eap : Peer sent method TTLS (21)
(216)  eap : EAP TTLS (21)
(216)  eap : Calling eap_ttls to process EAP data
(216)  eap_ttls : Authenticate
(216)  eap_ttls : processing EAP-TLS
(216)  eap_ttls : Received TLS ACK
(216)  eap_ttls : Received TLS ACK
(216)  eap_ttls : ACK handshake fragment handler
(216)  eap_ttls : eaptls_verify returned 1 
(216)  eap_ttls : eaptls_process returned 13 
(216)  eap : New EAP session, adding 'State' attribute to reply 0xf6adef5cf437faa0
(216)   [eap] = handled
(216)  } #  authenticate = handled
(216) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=170, length=0
(216) 	EAP-Message = 0x019a032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(216) 	Message-Authenticator = 0x00000000000000000000000000000000
(216) 	State = 0xf6adef5cf437faa0be27d1a911a7f3f7
Sending Access-Challenge Id 170 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019a032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xf6adef5cf437faa0be27d1a911a7f3f7
(216) Finished request
Waking up in 0.1 seconds.
Waking up in 0.1 seconds.
(206) Cleaning up request packet ID 144 with timestamp +142
Waking up in 0.4 seconds.
(207) Cleaning up request packet ID 166 with timestamp +142
(208) Cleaning up request packet ID 167 with timestamp +142
Waking up in 1.2 seconds.
Received Access-Request Id 1 from 192.168.99.123:49286 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(217) Received Access-Request packet from host 192.168.99.123 port 49286, id=1, length=49
(217) 	NAS-Identifier = 'BS'
(217) 	User-Name = 'dummy'
(217) 	User-Password = '*PASSWORD*'
(217) # Executing section authorize from file /etc/raddb/sites-enabled/default
(217)   authorize {
(217)   filter_username filter_username {
(217)     if (!&User-Name) 
(217)     if (!&User-Name)  -> FALSE
(217)     if (&User-Name =~ / /) 
(217)     if (&User-Name =~ / /)  -> FALSE
(217)     if (&User-Name =~ /@.*@/ ) 
(217)     if (&User-Name =~ /@.*@/ )  -> FALSE
(217)     if (&User-Name =~ /\\.\\./ ) 
(217)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(217)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(217)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(217)     if (&User-Name =~ /\\.$/)  
(217)     if (&User-Name =~ /\\.$/)   -> FALSE
(217)     if (&User-Name =~ /@\\./)  
(217)     if (&User-Name =~ /@\\./)   -> FALSE
(217)   } # filter_username filter_username = notfound
(217)   [preprocess] = ok
(217)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(217)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(217)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(217)  auth_log : EXPAND %t
(217)  auth_log :    --> Wed Feb 14 20:05:44 2018
(217)   [auth_log] = ok
(217)   [chap] = noop
(217)   [mschap] = noop
(217)   [digest] = noop
(217)   [wimax] = noop
(217)  suffix : Checking for suffix after "@"
(217)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(217)  suffix : No such realm "NULL"
(217)   [suffix] = noop
(217)  eap : No EAP-Message, not doing EAP
(217)   [eap] = noop
(217)  files : users: Matched entry dummy at line 159
(217)   [files] = ok
(217)   [expiration] = noop
(217)   [logintime] = noop
(217)   [pap] = updated
(217)  } #  authorize = updated
(217) Found Auth-Type = PAP
(217) # Executing group from file /etc/raddb/sites-enabled/default
(217)  Auth-Type PAP {
(217)  pap : Login attempt with password
(217)  pap : User authenticated successfully
(217)   [pap] = ok
(217)  } # Auth-Type PAP = ok
(217) Login OK: [dummy] (from client BS3 port 0)
(217) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(217)   post-auth {
(217)   [exec] = noop
(217)   update reply {
(217) 	Session-Timeout := 1800
(217)   } # update reply = noop
(217)   remove_reply_message_if_eap remove_reply_message_if_eap {
(217)     if (&reply:EAP-Message && &reply:Reply-Message) 
(217)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(217)    else else {
(217)     [noop] = noop
(217)    } # else else = noop
(217)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(217)  } #  post-auth = noop
(217) Sending Access-Accept packet to host 192.168.99.123 port 49286, id=1, length=0
(217) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.123:49286
	Session-Timeout := 1800
(217) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 170 from 192.168.99.121:49210 to 192.168.99.101:1812 length 85
	Message-Authenticator = 0xfb4951d84b263d8930e8471bdb5162dc
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c60016014350453131407369656d656e732e636f6d
(218) Received Access-Request packet from host 192.168.99.121 port 49210, id=170, length=85
(218) 	Message-Authenticator = 0xfb4951d84b263d8930e8471bdb5162dc
(218) 	NAS-Identifier = 'BS'
(218) 	User-Name = 'CPE11@siemens.com'
(218) 	EAP-Message = 0x02c60016014350453131407369656d656e732e636f6d
(218) # Executing section authorize from file /etc/raddb/sites-enabled/default
(218)   authorize {
(218)   filter_username filter_username {
(218)     if (!&User-Name) 
(218)     if (!&User-Name)  -> FALSE
(218)     if (&User-Name =~ / /) 
(218)     if (&User-Name =~ / /)  -> FALSE
(218)     if (&User-Name =~ /@.*@/ ) 
(218)     if (&User-Name =~ /@.*@/ )  -> FALSE
(218)     if (&User-Name =~ /\\.\\./ ) 
(218)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(218)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(218)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(218)     if (&User-Name =~ /\\.$/)  
(218)     if (&User-Name =~ /\\.$/)   -> FALSE
(218)     if (&User-Name =~ /@\\./)  
(218)     if (&User-Name =~ /@\\./)   -> FALSE
(218)   } # filter_username filter_username = notfound
(218)   [preprocess] = ok
(218)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(218)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(218)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(218)  auth_log : EXPAND %t
(218)  auth_log :    --> Wed Feb 14 20:05:44 2018
(218)   [auth_log] = ok
(218)   [chap] = noop
(218)   [mschap] = noop
(218)   [digest] = noop
(218)   [wimax] = noop
(218)  suffix : Checking for suffix after "@"
(218)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(218)  suffix : No such realm "siemens.com"
(218)   [suffix] = noop
(218)  eap : Peer sent code Response (2) ID 198 length 22
(218)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(218)   [eap] = ok
(218)  } #  authorize = ok
(218) Found Auth-Type = EAP
(218) # Executing group from file /etc/raddb/sites-enabled/default
(218)   authenticate {
(218)  eap : Peer sent method Identity (1)
(218)  eap : Calling eap_ttls to process EAP data
(218)  eap_ttls : Initiate
(218)  eap_ttls : Start returned 1
(218)  eap : New EAP session, adding 'State' attribute to reply 0x6cffa8826c38bd4a
(218)   [eap] = handled
(218)  } #  authenticate = handled
(218) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=170, length=0
(218) 	EAP-Message = 0x01c700061520
(218) 	Message-Authenticator = 0x00000000000000000000000000000000
(218) 	State = 0x6cffa8826c38bd4adb1c35c2dcab28a8
Sending Access-Challenge Id 170 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c700061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x6cffa8826c38bd4adb1c35c2dcab28a8
(218) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 1 from 192.168.99.124:49285 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(219) Received Access-Request packet from host 192.168.99.124 port 49285, id=1, length=49
(219) 	NAS-Identifier = 'BS'
(219) 	User-Name = 'dummy'
(219) 	User-Password = '*PASSWORD*'
(219) # Executing section authorize from file /etc/raddb/sites-enabled/default
(219)   authorize {
(219)   filter_username filter_username {
(219)     if (!&User-Name) 
(219)     if (!&User-Name)  -> FALSE
(219)     if (&User-Name =~ / /) 
(219)     if (&User-Name =~ / /)  -> FALSE
(219)     if (&User-Name =~ /@.*@/ ) 
(219)     if (&User-Name =~ /@.*@/ )  -> FALSE
(219)     if (&User-Name =~ /\\.\\./ ) 
(219)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(219)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(219)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(219)     if (&User-Name =~ /\\.$/)  
(219)     if (&User-Name =~ /\\.$/)   -> FALSE
(219)     if (&User-Name =~ /@\\./)  
(219)     if (&User-Name =~ /@\\./)   -> FALSE
(219)   } # filter_username filter_username = notfound
(219)   [preprocess] = ok
(219)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(219)  auth_log :    --> /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(219)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(219)  auth_log : EXPAND %t
(219)  auth_log :    --> Wed Feb 14 20:05:44 2018
(219)   [auth_log] = ok
(219)   [chap] = noop
(219)   [mschap] = noop
(219)   [digest] = noop
(219)   [wimax] = noop
(219)  suffix : Checking for suffix after "@"
(219)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(219)  suffix : No such realm "NULL"
(219)   [suffix] = noop
(219)  eap : No EAP-Message, not doing EAP
(219)   [eap] = noop
(219)  files : users: Matched entry dummy at line 159
(219)   [files] = ok
(219)   [expiration] = noop
(219)   [logintime] = noop
(219)   [pap] = updated
(219)  } #  authorize = updated
(219) Found Auth-Type = PAP
(219) # Executing group from file /etc/raddb/sites-enabled/default
(219)  Auth-Type PAP {
(219)  pap : Login attempt with password
(219)  pap : User authenticated successfully
(219)   [pap] = ok
(219)  } # Auth-Type PAP = ok
(219) Login OK: [dummy] (from client BS4 port 0)
(219) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(219)   post-auth {
(219)   [exec] = noop
(219)   update reply {
(219) 	Session-Timeout := 1800
(219)   } # update reply = noop
(219)   remove_reply_message_if_eap remove_reply_message_if_eap {
(219)     if (&reply:EAP-Message && &reply:Reply-Message) 
(219)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(219)    else else {
(219)     [noop] = noop
(219)    } # else else = noop
(219)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(219)  } #  post-auth = noop
(219) Sending Access-Accept packet to host 192.168.99.124 port 49285, id=1, length=0
(219) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.124:49285
	Session-Timeout := 1800
(219) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 171 from 192.168.99.121:49210 to 192.168.99.101:1812 length 187
	Message-Authenticator = 0x2fe3f0d6ab07cee62f8b25a239921dfa
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c7006a158000000060160301005b01000057030154a4b4c769f082a8746e92fb332019eb218d002aac9481c0c2e3b232a42ab13800003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x6cffa8826c38bd4adb1c35c2dcab28a8
(220) Received Access-Request packet from host 192.168.99.121 port 49210, id=171, length=187
(220) 	Message-Authenticator = 0x2fe3f0d6ab07cee62f8b25a239921dfa
(220) 	NAS-Identifier = 'BS'
(220) 	User-Name = 'CPE11@siemens.com'
(220) 	EAP-Message = 0x02c7006a158000000060160301005b01000057030154a4b4c769f082a8746e92fb332019eb218d002aac9481c0c2e3b232a42ab13800003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(220) 	State = 0x6cffa8826c38bd4adb1c35c2dcab28a8
(220) # Executing section authorize from file /etc/raddb/sites-enabled/default
(220)   authorize {
(220)   filter_username filter_username {
(220)     if (!&User-Name) 
(220)     if (!&User-Name)  -> FALSE
(220)     if (&User-Name =~ / /) 
(220)     if (&User-Name =~ / /)  -> FALSE
(220)     if (&User-Name =~ /@.*@/ ) 
(220)     if (&User-Name =~ /@.*@/ )  -> FALSE
(220)     if (&User-Name =~ /\\.\\./ ) 
(220)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(220)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(220)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(220)     if (&User-Name =~ /\\.$/)  
(220)     if (&User-Name =~ /\\.$/)   -> FALSE
(220)     if (&User-Name =~ /@\\./)  
(220)     if (&User-Name =~ /@\\./)   -> FALSE
(220)   } # filter_username filter_username = notfound
(220)   [preprocess] = ok
(220)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(220)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(220)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(220)  auth_log : EXPAND %t
(220)  auth_log :    --> Wed Feb 14 20:05:44 2018
(220)   [auth_log] = ok
(220)   [chap] = noop
(220)   [mschap] = noop
(220)   [digest] = noop
(220)   [wimax] = noop
(220)  suffix : Checking for suffix after "@"
(220)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(220)  suffix : No such realm "siemens.com"
(220)   [suffix] = noop
(220)  eap : Peer sent code Response (2) ID 199 length 106
(220)  eap : Continuing tunnel setup
(220)   [eap] = ok
(220)  } #  authorize = ok
(220) Found Auth-Type = EAP
(220) # Executing group from file /etc/raddb/sites-enabled/default
(220)   authenticate {
(220)  eap : Expiring EAP session with state 0x34b58d2c37779811
(220)  eap : Finished EAP session with state 0x6cffa8826c38bd4a
(220)  eap : Previous EAP request found for state 0x6cffa8826c38bd4a, released from the list
(220)  eap : Peer sent method TTLS (21)
(220)  eap : EAP TTLS (21)
(220)  eap : Calling eap_ttls to process EAP data
(220)  eap_ttls : Authenticate
(220)  eap_ttls : processing EAP-TLS
  TLS Length 96
(220)  eap_ttls : Length Included
(220)  eap_ttls : eaptls_verify returned 11 
(220)  eap_ttls : (other): before/accept initialization
(220)  eap_ttls : TLS_accept: before/accept initialization
(220)  eap_ttls : <<< Unknown TLS version [length 0005] 
(220)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(220)  eap_ttls : TLS_accept: SSLv3 read client hello A
(220)  eap_ttls : >>> Unknown TLS version [length 0005] 
(220)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(220)  eap_ttls : TLS_accept: SSLv3 write server hello A
(220)  eap_ttls : >>> Unknown TLS version [length 0005] 
(220)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(220)  eap_ttls : TLS_accept: SSLv3 write certificate A
(220)  eap_ttls : >>> Unknown TLS version [length 0005] 
(220)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(220)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(220)  eap_ttls : >>> Unknown TLS version [length 0005] 
(220)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(220)  eap_ttls : TLS_accept: SSLv3 write server done A
(220)  eap_ttls : TLS_accept: SSLv3 flush data
(220)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(220)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(220)  eap_ttls : eaptls_process returned 13 
(220)  eap : New EAP session, adding 'State' attribute to reply 0x6cffa8826d37bd4a
(220)   [eap] = handled
(220)  } #  authenticate = handled
(220) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=171, length=0
(220) 	EAP-Message = 0x01c803ec15c000000702160301004a020000460301f14fda7ef4dc391456221a4869fa79a0a2937e0359ab0302af27debf808f58852051ba65fb2a481b0ee9d939f6ffe3cb13accb820ae7e2d5d0baa0c1255907832900390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(220) 	Message-Authenticator = 0x00000000000000000000000000000000
(220) 	State = 0x6cffa8826d37bd4adb1c35c2dcab28a8
Sending Access-Challenge Id 171 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c803ec15c000000702160301004a020000460301f14fda7ef4dc391456221a4869fa79a0a2937e0359ab0302af27debf808f58852051ba65fb2a481b0ee9d939f6ffe3cb13accb820ae7e2d5d0baa0c1255907832900390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x6cffa8826d37bd4adb1c35c2dcab28a8
(220) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 172 from 192.168.99.121:49210 to 192.168.99.101:1812 length 87
	Message-Authenticator = 0xf4171b6a4e822d9dab2fad068836d136
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c800061500
	State = 0x6cffa8826d37bd4adb1c35c2dcab28a8
(221) Received Access-Request packet from host 192.168.99.121 port 49210, id=172, length=87
(221) 	Message-Authenticator = 0xf4171b6a4e822d9dab2fad068836d136
(221) 	NAS-Identifier = 'BS'
(221) 	User-Name = 'CPE11@siemens.com'
(221) 	EAP-Message = 0x02c800061500
(221) 	State = 0x6cffa8826d37bd4adb1c35c2dcab28a8
(221) # Executing section authorize from file /etc/raddb/sites-enabled/default
(221)   authorize {
(221)   filter_username filter_username {
(221)     if (!&User-Name) 
(221)     if (!&User-Name)  -> FALSE
(221)     if (&User-Name =~ / /) 
(221)     if (&User-Name =~ / /)  -> FALSE
(221)     if (&User-Name =~ /@.*@/ ) 
(221)     if (&User-Name =~ /@.*@/ )  -> FALSE
(221)     if (&User-Name =~ /\\.\\./ ) 
(221)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(221)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(221)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(221)     if (&User-Name =~ /\\.$/)  
(221)     if (&User-Name =~ /\\.$/)   -> FALSE
(221)     if (&User-Name =~ /@\\./)  
(221)     if (&User-Name =~ /@\\./)   -> FALSE
(221)   } # filter_username filter_username = notfound
(221)   [preprocess] = ok
(221)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(221)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(221)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(221)  auth_log : EXPAND %t
(221)  auth_log :    --> Wed Feb 14 20:05:44 2018
(221)   [auth_log] = ok
(221)   [chap] = noop
(221)   [mschap] = noop
(221)   [digest] = noop
(221)   [wimax] = noop
(221)  suffix : Checking for suffix after "@"
(221)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(221)  suffix : No such realm "siemens.com"
(221)   [suffix] = noop
(221)  eap : Peer sent code Response (2) ID 200 length 6
(221)  eap : Continuing tunnel setup
(221)   [eap] = ok
(221)  } #  authorize = ok
(221) Found Auth-Type = EAP
(221) # Executing group from file /etc/raddb/sites-enabled/default
(221)   authenticate {
(221)  eap : Expiring EAP session with state 0x34b58d2c37779811
(221)  eap : Finished EAP session with state 0x6cffa8826d37bd4a
(221)  eap : Previous EAP request found for state 0x6cffa8826d37bd4a, released from the list
(221)  eap : Peer sent method TTLS (21)
(221)  eap : EAP TTLS (21)
(221)  eap : Calling eap_ttls to process EAP data
(221)  eap_ttls : Authenticate
(221)  eap_ttls : processing EAP-TLS
(221)  eap_ttls : Received TLS ACK
(221)  eap_ttls : Received TLS ACK
(221)  eap_ttls : ACK handshake fragment handler
(221)  eap_ttls : eaptls_verify returned 1 
(221)  eap_ttls : eaptls_process returned 13 
(221)  eap : New EAP session, adding 'State' attribute to reply 0x6cffa8826e36bd4a
(221)   [eap] = handled
(221)  } #  authenticate = handled
(221) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=172, length=0
(221) 	EAP-Message = 0x01c9032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(221) 	Message-Authenticator = 0x00000000000000000000000000000000
(221) 	State = 0x6cffa8826e36bd4adb1c35c2dcab28a8
Sending Access-Challenge Id 172 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c9032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x6cffa8826e36bd4adb1c35c2dcab28a8
(221) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 1 from 192.168.99.122:49321 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(222) Received Access-Request packet from host 192.168.99.122 port 49321, id=1, length=49
(222) 	NAS-Identifier = 'BS'
(222) 	User-Name = 'dummy'
(222) 	User-Password = '*PASSWORD*'
(222) # Executing section authorize from file /etc/raddb/sites-enabled/default
(222)   authorize {
(222)   filter_username filter_username {
(222)     if (!&User-Name) 
(222)     if (!&User-Name)  -> FALSE
(222)     if (&User-Name =~ / /) 
(222)     if (&User-Name =~ / /)  -> FALSE
(222)     if (&User-Name =~ /@.*@/ ) 
(222)     if (&User-Name =~ /@.*@/ )  -> FALSE
(222)     if (&User-Name =~ /\\.\\./ ) 
(222)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(222)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(222)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(222)     if (&User-Name =~ /\\.$/)  
(222)     if (&User-Name =~ /\\.$/)   -> FALSE
(222)     if (&User-Name =~ /@\\./)  
(222)     if (&User-Name =~ /@\\./)   -> FALSE
(222)   } # filter_username filter_username = notfound
(222)   [preprocess] = ok
(222)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(222)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(222)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(222)  auth_log : EXPAND %t
(222)  auth_log :    --> Wed Feb 14 20:05:44 2018
(222)   [auth_log] = ok
(222)   [chap] = noop
(222)   [mschap] = noop
(222)   [digest] = noop
(222)   [wimax] = noop
(222)  suffix : Checking for suffix after "@"
(222)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(222)  suffix : No such realm "NULL"
(222)   [suffix] = noop
(222)  eap : No EAP-Message, not doing EAP
(222)   [eap] = noop
(222)  files : users: Matched entry dummy at line 159
(222)   [files] = ok
(222)   [expiration] = noop
(222)   [logintime] = noop
(222)   [pap] = updated
(222)  } #  authorize = updated
(222) Found Auth-Type = PAP
(222) # Executing group from file /etc/raddb/sites-enabled/default
(222)  Auth-Type PAP {
(222)  pap : Login attempt with password
(222)  pap : User authenticated successfully
(222)   [pap] = ok
(222)  } # Auth-Type PAP = ok
(222) Login OK: [dummy] (from client BS2 port 0)
(222) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(222)   post-auth {
(222)   [exec] = noop
(222)   update reply {
(222) 	Session-Timeout := 1800
(222)   } # update reply = noop
(222)   remove_reply_message_if_eap remove_reply_message_if_eap {
(222)     if (&reply:EAP-Message && &reply:Reply-Message) 
(222)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(222)    else else {
(222)     [noop] = noop
(222)    } # else else = noop
(222)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(222)  } #  post-auth = noop
(222) Sending Access-Accept packet to host 192.168.99.122 port 49321, id=1, length=0
(222) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.122:49321
	Session-Timeout := 1800
(222) Finished request
Waking up in 0.1 seconds.
(209) Cleaning up request packet ID 145 with timestamp +143
(210) Cleaning up request packet ID 146 with timestamp +143
(211) Cleaning up request packet ID 147 with timestamp +143
Waking up in 0.3 seconds.
Received Access-Request Id 171 from 192.168.99.123:49286 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0x665a88fd7bc5149aa6f688fab777b4e2
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x029a00d01580000000c616030100861000008200808c74b23c2eaf081538a6620e14d232286b13fe177639d4a8e188022994e9e8a5d8c7b9056541e50b750872ddb5bf3236a99cde0987e7d63b58382edbdcee834e14888f5567fd84acd57465a5a8e2a12178f9280a3159d9170cb8b462dd33f8d38cd099d0f4fff4e30fed7d9ab7943c7cd82d78d24ffa77f0a9ccf5123c711cc614030100010116030100308fe56f52d3556137033698f56e7e203b12dda644340135388aca5391d3163cceda5fdcfc008a3159f5ba0a46eea265cd
	State = 0xf6adef5cf437faa0be27d1a911a7f3f7
(223) Received Access-Request packet from host 192.168.99.123 port 49286, id=171, length=288
(223) 	Message-Authenticator = 0x665a88fd7bc5149aa6f688fab777b4e2
(223) 	NAS-Identifier = 'BS'
(223) 	User-Name = 'CPE8@siemens.com'
(223) 	EAP-Message = 0x029a00d01580000000c616030100861000008200808c74b23c2eaf081538a6620e14d232286b13fe177639d4a8e188022994e9e8a5d8c7b9056541e50b750872ddb5bf3236a99cde0987e7d63b58382edbdcee834e14888f5567fd84acd57465a5a8e2a12178f9280a3159d9170cb8b462dd33f8d38cd099d0f4fff4e30fed7d9ab7943c7cd82d78d24ffa77f0a9ccf5123c711cc614030100010116030100308fe56f52d3556137033698f56e7e203b12dda644340135388aca5391d3163cceda5fdcfc008a3159f5ba0a46eea265cd
(223) 	State = 0xf6adef5cf437faa0be27d1a911a7f3f7
(223) # Executing section authorize from file /etc/raddb/sites-enabled/default
(223)   authorize {
(223)   filter_username filter_username {
(223)     if (!&User-Name) 
(223)     if (!&User-Name)  -> FALSE
(223)     if (&User-Name =~ / /) 
(223)     if (&User-Name =~ / /)  -> FALSE
(223)     if (&User-Name =~ /@.*@/ ) 
(223)     if (&User-Name =~ /@.*@/ )  -> FALSE
(223)     if (&User-Name =~ /\\.\\./ ) 
(223)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(223)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(223)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(223)     if (&User-Name =~ /\\.$/)  
(223)     if (&User-Name =~ /\\.$/)   -> FALSE
(223)     if (&User-Name =~ /@\\./)  
(223)     if (&User-Name =~ /@\\./)   -> FALSE
(223)   } # filter_username filter_username = notfound
(223)   [preprocess] = ok
(223)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(223)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(223)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(223)  auth_log : EXPAND %t
(223)  auth_log :    --> Wed Feb 14 20:05:45 2018
(223)   [auth_log] = ok
(223)   [chap] = noop
(223)   [mschap] = noop
(223)   [digest] = noop
(223)   [wimax] = noop
(223)  suffix : Checking for suffix after "@"
(223)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(223)  suffix : No such realm "siemens.com"
(223)   [suffix] = noop
(223)  eap : Peer sent code Response (2) ID 154 length 208
(223)  eap : Continuing tunnel setup
(223)   [eap] = ok
(223)  } #  authorize = ok
(223) Found Auth-Type = EAP
(223) # Executing group from file /etc/raddb/sites-enabled/default
(223)   authenticate {
(223)  eap : Expiring EAP session with state 0x34b58d2c37779811
(223)  eap : Finished EAP session with state 0xf6adef5cf437faa0
(223)  eap : Previous EAP request found for state 0xf6adef5cf437faa0, released from the list
(223)  eap : Peer sent method TTLS (21)
(223)  eap : EAP TTLS (21)
(223)  eap : Calling eap_ttls to process EAP data
(223)  eap_ttls : Authenticate
(223)  eap_ttls : processing EAP-TLS
  TLS Length 198
(223)  eap_ttls : Length Included
(223)  eap_ttls : eaptls_verify returned 11 
(223)  eap_ttls : <<< Unknown TLS version [length 0005] 
(223)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(223)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(223)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(223)  eap_ttls : <<< Unknown TLS version [length 0005] 
(223)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(223)  eap_ttls : <<< Unknown TLS version [length 0005] 
(223)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(223)  eap_ttls : TLS_accept: SSLv3 read finished A
(223)  eap_ttls : >>> Unknown TLS version [length 0005] 
(223)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(223)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(223)  eap_ttls : >>> Unknown TLS version [length 0005] 
(223)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(223)  eap_ttls : TLS_accept: SSLv3 write finished A
(223)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 854d1b5dac64ec90314f17cce94f1bf5ec0e080e8efcd6017c52a44f79dc8bb4 to cache
(223)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(223)  eap_ttls : eaptls_process returned 13 
(223)  eap : New EAP session, adding 'State' attribute to reply 0xf6adef5cf536faa0
(223)   [eap] = handled
(223)  } #  authenticate = handled
(223) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=171, length=0
(223) 	EAP-Message = 0x019b004515800000003b140301000101160301003010ab5948ad74848a3b617d008a30875915fb76c267d06ede2d42c9ddde491dae29e8ab4037331e119ec68e813bb90b7f
(223) 	Message-Authenticator = 0x00000000000000000000000000000000
(223) 	State = 0xf6adef5cf536faa0be27d1a911a7f3f7
Sending Access-Challenge Id 171 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019b004515800000003b140301000101160301003010ab5948ad74848a3b617d008a30875915fb76c267d06ede2d42c9ddde491dae29e8ab4037331e119ec68e813bb90b7f
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xf6adef5cf536faa0be27d1a911a7f3f7
(223) Finished request
Waking up in 0.2 seconds.
(212) Cleaning up request packet ID 1 with timestamp +144
Waking up in 0.1 seconds.
Waking up in 2.0 seconds.
Received Access-Request Id 173 from 192.168.99.121:49210 to 192.168.99.101:1812 length 289
	Message-Authenticator = 0x0fa57b4fd22f89a3ebb38b6e448cfd22
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c900d01580000000c6160301008610000082008047dfac0ad9b194a5c5371867f45af7911f924941521e2ccee6be186d463ba873f299c3187661137984aa8a8f56a29c85eeda0afc288437931ab83d925d342bd7502c4a0751f9e56df671968f6434726e7b8bd5b1711ee1a0fb68e24e61ac7feb5ab6e1d719e1ea90d9dde2c0854095e3a0b898c8c26c89c129b713fbb1b114d21403010001011603010030004a7e24f4a77f566cbf4dae3ad41da8f1c279c993e1413b1d767af3014f207b911c048ea92be428714389b481e41a39
	State = 0x6cffa8826e36bd4adb1c35c2dcab28a8
(224) Received Access-Request packet from host 192.168.99.121 port 49210, id=173, length=289
(224) 	Message-Authenticator = 0x0fa57b4fd22f89a3ebb38b6e448cfd22
(224) 	NAS-Identifier = 'BS'
(224) 	User-Name = 'CPE11@siemens.com'
(224) 	EAP-Message = 0x02c900d01580000000c6160301008610000082008047dfac0ad9b194a5c5371867f45af7911f924941521e2ccee6be186d463ba873f299c3187661137984aa8a8f56a29c85eeda0afc288437931ab83d925d342bd7502c4a0751f9e56df671968f6434726e7b8bd5b1711ee1a0fb68e24e61ac7feb5ab6e1d719e1ea90d9dde2c0854095e3a0b898c8c26c89c129b713fbb1b114d21403010001011603010030004a7e24f4a77f566cbf4dae3ad41da8f1c279c993e1413b1d767af3014f207b911c048ea92be428714389b481e41a39
(224) 	State = 0x6cffa8826e36bd4adb1c35c2dcab28a8
(224) # Executing section authorize from file /etc/raddb/sites-enabled/default
(224)   authorize {
(224)   filter_username filter_username {
(224)     if (!&User-Name) 
(224)     if (!&User-Name)  -> FALSE
(224)     if (&User-Name =~ / /) 
(224)     if (&User-Name =~ / /)  -> FALSE
(224)     if (&User-Name =~ /@.*@/ ) 
(224)     if (&User-Name =~ /@.*@/ )  -> FALSE
(224)     if (&User-Name =~ /\\.\\./ ) 
(224)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(224)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(224)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(224)     if (&User-Name =~ /\\.$/)  
(224)     if (&User-Name =~ /\\.$/)   -> FALSE
(224)     if (&User-Name =~ /@\\./)  
(224)     if (&User-Name =~ /@\\./)   -> FALSE
(224)   } # filter_username filter_username = notfound
(224)   [preprocess] = ok
(224)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(224)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(224)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(224)  auth_log : EXPAND %t
(224)  auth_log :    --> Wed Feb 14 20:05:46 2018
(224)   [auth_log] = ok
(224)   [chap] = noop
(224)   [mschap] = noop
(224)   [digest] = noop
(224)   [wimax] = noop
(224)  suffix : Checking for suffix after "@"
(224)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(224)  suffix : No such realm "siemens.com"
(224)   [suffix] = noop
(224)  eap : Peer sent code Response (2) ID 201 length 208
(224)  eap : Continuing tunnel setup
(224)   [eap] = ok
(224)  } #  authorize = ok
(224) Found Auth-Type = EAP
(224) # Executing group from file /etc/raddb/sites-enabled/default
(224)   authenticate {
(224)  eap : Expiring EAP session with state 0x34b58d2c37779811
(224)  eap : Finished EAP session with state 0x6cffa8826e36bd4a
(224)  eap : Previous EAP request found for state 0x6cffa8826e36bd4a, released from the list
(224)  eap : Peer sent method TTLS (21)
(224)  eap : EAP TTLS (21)
(224)  eap : Calling eap_ttls to process EAP data
(224)  eap_ttls : Authenticate
(224)  eap_ttls : processing EAP-TLS
  TLS Length 198
(224)  eap_ttls : Length Included
(224)  eap_ttls : eaptls_verify returned 11 
(224)  eap_ttls : <<< Unknown TLS version [length 0005] 
(224)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(224)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(224)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(224)  eap_ttls : <<< Unknown TLS version [length 0005] 
(224)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(224)  eap_ttls : <<< Unknown TLS version [length 0005] 
(224)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(224)  eap_ttls : TLS_accept: SSLv3 read finished A
(224)  eap_ttls : >>> Unknown TLS version [length 0005] 
(224)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(224)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(224)  eap_ttls : >>> Unknown TLS version [length 0005] 
(224)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(224)  eap_ttls : TLS_accept: SSLv3 write finished A
(224)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 51ba65fb2a481b0ee9d939f6ffe3cb13accb820ae7e2d5d0baa0c12559078329 to cache
(224)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(224)  eap_ttls : eaptls_process returned 13 
(224)  eap : New EAP session, adding 'State' attribute to reply 0x6cffa8826f35bd4a
(224)   [eap] = handled
(224)  } #  authenticate = handled
(224) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=173, length=0
(224) 	EAP-Message = 0x01ca004515800000003b1403010001011603010030581a95b691c121f8ac7b1d15769aebd7001d80bdc4c9b140645e87d2f5a1eba3e269ac423ddf64ccbe094d2e6508a4a5
(224) 	Message-Authenticator = 0x00000000000000000000000000000000
(224) 	State = 0x6cffa8826f35bd4adb1c35c2dcab28a8
Sending Access-Challenge Id 173 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01ca004515800000003b1403010001011603010030581a95b691c121f8ac7b1d15769aebd7001d80bdc4c9b140645e87d2f5a1eba3e269ac423ddf64ccbe094d2e6508a4a5
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x6cffa8826f35bd4adb1c35c2dcab28a8
(224) Finished request
Waking up in 0.3 seconds.
Waking up in 0.4 seconds.
(213) Cleaning up request packet ID 148 with timestamp +146
(214) Cleaning up request packet ID 168 with timestamp +146
Received Access-Request Id 149 from 192.168.99.122:49321 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x268a13ca75fe12b83100b56a07551f91
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02bb00150143504537407369656d656e732e636f6d
(225) Received Access-Request packet from host 192.168.99.122 port 49321, id=149, length=83
(225) 	Message-Authenticator = 0x268a13ca75fe12b83100b56a07551f91
(225) 	NAS-Identifier = 'BS'
(225) 	User-Name = 'CPE7@siemens.com'
(225) 	EAP-Message = 0x02bb00150143504537407369656d656e732e636f6d
(225) # Executing section authorize from file /etc/raddb/sites-enabled/default
(225)   authorize {
(225)   filter_username filter_username {
(225)     if (!&User-Name) 
(225)     if (!&User-Name)  -> FALSE
(225)     if (&User-Name =~ / /) 
(225)     if (&User-Name =~ / /)  -> FALSE
(225)     if (&User-Name =~ /@.*@/ ) 
(225)     if (&User-Name =~ /@.*@/ )  -> FALSE
(225)     if (&User-Name =~ /\\.\\./ ) 
(225)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(225)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(225)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(225)     if (&User-Name =~ /\\.$/)  
(225)     if (&User-Name =~ /\\.$/)   -> FALSE
(225)     if (&User-Name =~ /@\\./)  
(225)     if (&User-Name =~ /@\\./)   -> FALSE
(225)   } # filter_username filter_username = notfound
(225)   [preprocess] = ok
(225)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(225)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(225)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(225)  auth_log : EXPAND %t
(225)  auth_log :    --> Wed Feb 14 20:05:47 2018
(225)   [auth_log] = ok
(225)   [chap] = noop
(225)   [mschap] = noop
(225)   [digest] = noop
(225)   [wimax] = noop
(225)  suffix : Checking for suffix after "@"
(225)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(225)  suffix : No such realm "siemens.com"
(225)   [suffix] = noop
(225)  eap : Peer sent code Response (2) ID 187 length 21
(225)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(225)   [eap] = ok
(225)  } #  authorize = ok
(225) Found Auth-Type = EAP
(225) # Executing group from file /etc/raddb/sites-enabled/default
(225)   authenticate {
(225)  eap : Peer sent method Identity (1)
(225)  eap : Calling eap_ttls to process EAP data
(225)  eap_ttls : Initiate
(225)  eap_ttls : Start returned 1
(225)  eap : New EAP session, adding 'State' attribute to reply 0x045509cc04e91c9a
(225)   [eap] = handled
(225)  } #  authenticate = handled
(225) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=149, length=0
(225) 	EAP-Message = 0x01bc00061520
(225) 	Message-Authenticator = 0x00000000000000000000000000000000
(225) 	State = 0x045509cc04e91c9a7713deba90846c86
Sending Access-Challenge Id 149 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01bc00061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x045509cc04e91c9a7713deba90846c86
(225) Finished request
(215) Cleaning up request packet ID 169 with timestamp +146
(216) Cleaning up request packet ID 170 with timestamp +146
Waking up in 0.2 seconds.
Received Access-Request Id 150 from 192.168.99.122:49321 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0xd2cb86e1d2cdf4aab24d8f319b4b4804
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02bc006a158000000060160301005b01000057030154ac6fee41370740782a4161875fd98cd56d5a6fdde2ab073f0df36dea47ef2b00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x045509cc04e91c9a7713deba90846c86
(226) Received Access-Request packet from host 192.168.99.122 port 49321, id=150, length=186
(226) 	Message-Authenticator = 0xd2cb86e1d2cdf4aab24d8f319b4b4804
(226) 	NAS-Identifier = 'BS'
(226) 	User-Name = 'CPE7@siemens.com'
(226) 	EAP-Message = 0x02bc006a158000000060160301005b01000057030154ac6fee41370740782a4161875fd98cd56d5a6fdde2ab073f0df36dea47ef2b00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(226) 	State = 0x045509cc04e91c9a7713deba90846c86
(226) # Executing section authorize from file /etc/raddb/sites-enabled/default
(226)   authorize {
(226)   filter_username filter_username {
(226)     if (!&User-Name) 
(226)     if (!&User-Name)  -> FALSE
(226)     if (&User-Name =~ / /) 
(226)     if (&User-Name =~ / /)  -> FALSE
(226)     if (&User-Name =~ /@.*@/ ) 
(226)     if (&User-Name =~ /@.*@/ )  -> FALSE
(226)     if (&User-Name =~ /\\.\\./ ) 
(226)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(226)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(226)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(226)     if (&User-Name =~ /\\.$/)  
(226)     if (&User-Name =~ /\\.$/)   -> FALSE
(226)     if (&User-Name =~ /@\\./)  
(226)     if (&User-Name =~ /@\\./)   -> FALSE
(226)   } # filter_username filter_username = notfound
(226)   [preprocess] = ok
(226)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(226)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(226)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(226)  auth_log : EXPAND %t
(226)  auth_log :    --> Wed Feb 14 20:05:47 2018
(226)   [auth_log] = ok
(226)   [chap] = noop
(226)   [mschap] = noop
(226)   [digest] = noop
(226)   [wimax] = noop
(226)  suffix : Checking for suffix after "@"
(226)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(226)  suffix : No such realm "siemens.com"
(226)   [suffix] = noop
(226)  eap : Peer sent code Response (2) ID 188 length 106
(226)  eap : Continuing tunnel setup
(226)   [eap] = ok
(226)  } #  authorize = ok
(226) Found Auth-Type = EAP
(226) # Executing group from file /etc/raddb/sites-enabled/default
(226)   authenticate {
(226)  eap : Expiring EAP session with state 0x34b58d2c37779811
(226)  eap : Finished EAP session with state 0x045509cc04e91c9a
(226)  eap : Previous EAP request found for state 0x045509cc04e91c9a, released from the list
(226)  eap : Peer sent method TTLS (21)
(226)  eap : EAP TTLS (21)
(226)  eap : Calling eap_ttls to process EAP data
(226)  eap_ttls : Authenticate
(226)  eap_ttls : processing EAP-TLS
  TLS Length 96
(226)  eap_ttls : Length Included
(226)  eap_ttls : eaptls_verify returned 11 
(226)  eap_ttls : (other): before/accept initialization
(226)  eap_ttls : TLS_accept: before/accept initialization
(226)  eap_ttls : <<< Unknown TLS version [length 0005] 
(226)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(226)  eap_ttls : TLS_accept: SSLv3 read client hello A
(226)  eap_ttls : >>> Unknown TLS version [length 0005] 
(226)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(226)  eap_ttls : TLS_accept: SSLv3 write server hello A
(226)  eap_ttls : >>> Unknown TLS version [length 0005] 
(226)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(226)  eap_ttls : TLS_accept: SSLv3 write certificate A
(226)  eap_ttls : >>> Unknown TLS version [length 0005] 
(226)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(226)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(226)  eap_ttls : >>> Unknown TLS version [length 0005] 
(226)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(226)  eap_ttls : TLS_accept: SSLv3 write server done A
(226)  eap_ttls : TLS_accept: SSLv3 flush data
(226)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(226)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(226)  eap_ttls : eaptls_process returned 13 
(226)  eap : New EAP session, adding 'State' attribute to reply 0x045509cc05e81c9a
(226)   [eap] = handled
(226)  } #  authenticate = handled
(226) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=150, length=0
(226) 	EAP-Message = 0x01bd03ec15c000000702160301004a02000046030188e780e6e298d8653acea63bf4187daaa411138caa98358136381a2c24388add206667a91a2d3fff6f5992710d7e704706b679ee7ed20d41b6000b620b44124bef00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(226) 	Message-Authenticator = 0x00000000000000000000000000000000
(226) 	State = 0x045509cc05e81c9a7713deba90846c86
Sending Access-Challenge Id 150 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01bd03ec15c000000702160301004a02000046030188e780e6e298d8653acea63bf4187daaa411138caa98358136381a2c24388add206667a91a2d3fff6f5992710d7e704706b679ee7ed20d41b6000b620b44124bef00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x045509cc05e81c9a7713deba90846c86
(226) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 151 from 192.168.99.122:49321 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0x9b9c08ab9edfd7b63da94cdf178e7264
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02bd00061500
	State = 0x045509cc05e81c9a7713deba90846c86
(227) Received Access-Request packet from host 192.168.99.122 port 49321, id=151, length=86
(227) 	Message-Authenticator = 0x9b9c08ab9edfd7b63da94cdf178e7264
(227) 	NAS-Identifier = 'BS'
(227) 	User-Name = 'CPE7@siemens.com'
(227) 	EAP-Message = 0x02bd00061500
(227) 	State = 0x045509cc05e81c9a7713deba90846c86
(227) # Executing section authorize from file /etc/raddb/sites-enabled/default
(227)   authorize {
(227)   filter_username filter_username {
(227)     if (!&User-Name) 
(227)     if (!&User-Name)  -> FALSE
(227)     if (&User-Name =~ / /) 
(227)     if (&User-Name =~ / /)  -> FALSE
(227)     if (&User-Name =~ /@.*@/ ) 
(227)     if (&User-Name =~ /@.*@/ )  -> FALSE
(227)     if (&User-Name =~ /\\.\\./ ) 
(227)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(227)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(227)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(227)     if (&User-Name =~ /\\.$/)  
(227)     if (&User-Name =~ /\\.$/)   -> FALSE
(227)     if (&User-Name =~ /@\\./)  
(227)     if (&User-Name =~ /@\\./)   -> FALSE
(227)   } # filter_username filter_username = notfound
(227)   [preprocess] = ok
(227)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(227)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(227)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(227)  auth_log : EXPAND %t
(227)  auth_log :    --> Wed Feb 14 20:05:47 2018
(227)   [auth_log] = ok
(227)   [chap] = noop
(227)   [mschap] = noop
(227)   [digest] = noop
(227)   [wimax] = noop
(227)  suffix : Checking for suffix after "@"
(227)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(227)  suffix : No such realm "siemens.com"
(227)   [suffix] = noop
(227)  eap : Peer sent code Response (2) ID 189 length 6
(227)  eap : Continuing tunnel setup
(227)   [eap] = ok
(227)  } #  authorize = ok
(227) Found Auth-Type = EAP
(227) # Executing group from file /etc/raddb/sites-enabled/default
(227)   authenticate {
(227)  eap : Expiring EAP session with state 0x34b58d2c37779811
(227)  eap : Finished EAP session with state 0x045509cc05e81c9a
(227)  eap : Previous EAP request found for state 0x045509cc05e81c9a, released from the list
(227)  eap : Peer sent method TTLS (21)
(227)  eap : EAP TTLS (21)
(227)  eap : Calling eap_ttls to process EAP data
(227)  eap_ttls : Authenticate
(227)  eap_ttls : processing EAP-TLS
(227)  eap_ttls : Received TLS ACK
(227)  eap_ttls : Received TLS ACK
(227)  eap_ttls : ACK handshake fragment handler
(227)  eap_ttls : eaptls_verify returned 1 
(227)  eap_ttls : eaptls_process returned 13 
(227)  eap : New EAP session, adding 'State' attribute to reply 0x045509cc06eb1c9a
(227)   [eap] = handled
(227)  } #  authenticate = handled
(227) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=151, length=0
(227) 	EAP-Message = 0x01be032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(227) 	Message-Authenticator = 0x00000000000000000000000000000000
(227) 	State = 0x045509cc06eb1c9a7713deba90846c86
Sending Access-Challenge Id 151 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01be032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x045509cc06eb1c9a7713deba90846c86
(227) Finished request
Waking up in 0.2 seconds.
Waking up in 1.1 seconds.
(217) Cleaning up request packet ID 1 with timestamp +148
(218) Cleaning up request packet ID 170 with timestamp +148
(219) Cleaning up request packet ID 1 with timestamp +148
(220) Cleaning up request packet ID 171 with timestamp +148
(221) Cleaning up request packet ID 172 with timestamp +148
Waking up in 0.1 seconds.
(222) Cleaning up request packet ID 1 with timestamp +148
Waking up in 0.6 seconds.
Received Access-Request Id 152 from 192.168.99.122:49321 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x72bf700bc5e604058c5ca82441a2b032
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02bc00150143504536407369656d656e732e636f6d
(228) Received Access-Request packet from host 192.168.99.122 port 49321, id=152, length=83
(228) 	Message-Authenticator = 0x72bf700bc5e604058c5ca82441a2b032
(228) 	NAS-Identifier = 'BS'
(228) 	User-Name = 'CPE6@siemens.com'
(228) 	EAP-Message = 0x02bc00150143504536407369656d656e732e636f6d
(228) # Executing section authorize from file /etc/raddb/sites-enabled/default
(228)   authorize {
(228)   filter_username filter_username {
(228)     if (!&User-Name) 
(228)     if (!&User-Name)  -> FALSE
(228)     if (&User-Name =~ / /) 
(228)     if (&User-Name =~ / /)  -> FALSE
(228)     if (&User-Name =~ /@.*@/ ) 
(228)     if (&User-Name =~ /@.*@/ )  -> FALSE
(228)     if (&User-Name =~ /\\.\\./ ) 
(228)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(228)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(228)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(228)     if (&User-Name =~ /\\.$/)  
(228)     if (&User-Name =~ /\\.$/)   -> FALSE
(228)     if (&User-Name =~ /@\\./)  
(228)     if (&User-Name =~ /@\\./)   -> FALSE
(228)   } # filter_username filter_username = notfound
(228)   [preprocess] = ok
(228)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(228)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(228)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(228)  auth_log : EXPAND %t
(228)  auth_log :    --> Wed Feb 14 20:05:49 2018
(228)   [auth_log] = ok
(228)   [chap] = noop
(228)   [mschap] = noop
(228)   [digest] = noop
(228)   [wimax] = noop
(228)  suffix : Checking for suffix after "@"
(228)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(228)  suffix : No such realm "siemens.com"
(228)   [suffix] = noop
(228)  eap : Peer sent code Response (2) ID 188 length 21
(228)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(228)   [eap] = ok
(228)  } #  authorize = ok
(228) Found Auth-Type = EAP
(228) # Executing group from file /etc/raddb/sites-enabled/default
(228)   authenticate {
(228)  eap : Peer sent method Identity (1)
(228)  eap : Calling eap_ttls to process EAP data
(228)  eap_ttls : Initiate
(228)  eap_ttls : Start returned 1
(228)  eap : New EAP session, adding 'State' attribute to reply 0xae896b5dae347eb0
(228)   [eap] = handled
(228)  } #  authenticate = handled
(228) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=152, length=0
(228) 	EAP-Message = 0x01bd00061520
(228) 	Message-Authenticator = 0x00000000000000000000000000000000
(228) 	State = 0xae896b5dae347eb01585d14cf083f206
Sending Access-Challenge Id 152 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01bd00061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xae896b5dae347eb01585d14cf083f206
(228) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 153 from 192.168.99.122:49321 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x76bafdca911d78f3b60c0c6e0cb7c2cd
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02bd006a158000000060160301005b01000057030154acd573ddbc2807794e16a260bbf6fa77f2f6d1f8f353d01a6dd6263df198d000003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0xae896b5dae347eb01585d14cf083f206
(229) Received Access-Request packet from host 192.168.99.122 port 49321, id=153, length=186
(229) 	Message-Authenticator = 0x76bafdca911d78f3b60c0c6e0cb7c2cd
(229) 	NAS-Identifier = 'BS'
(229) 	User-Name = 'CPE6@siemens.com'
(229) 	EAP-Message = 0x02bd006a158000000060160301005b01000057030154acd573ddbc2807794e16a260bbf6fa77f2f6d1f8f353d01a6dd6263df198d000003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(229) 	State = 0xae896b5dae347eb01585d14cf083f206
(229) # Executing section authorize from file /etc/raddb/sites-enabled/default
(229)   authorize {
(229)   filter_username filter_username {
(229)     if (!&User-Name) 
(229)     if (!&User-Name)  -> FALSE
(229)     if (&User-Name =~ / /) 
(229)     if (&User-Name =~ / /)  -> FALSE
(229)     if (&User-Name =~ /@.*@/ ) 
(229)     if (&User-Name =~ /@.*@/ )  -> FALSE
(229)     if (&User-Name =~ /\\.\\./ ) 
(229)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(229)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(229)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(229)     if (&User-Name =~ /\\.$/)  
(229)     if (&User-Name =~ /\\.$/)   -> FALSE
(229)     if (&User-Name =~ /@\\./)  
(229)     if (&User-Name =~ /@\\./)   -> FALSE
(229)   } # filter_username filter_username = notfound
(229)   [preprocess] = ok
(229)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(229)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(229)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(229)  auth_log : EXPAND %t
(229)  auth_log :    --> Wed Feb 14 20:05:49 2018
(229)   [auth_log] = ok
(229)   [chap] = noop
(229)   [mschap] = noop
(229)   [digest] = noop
(229)   [wimax] = noop
(229)  suffix : Checking for suffix after "@"
(229)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(229)  suffix : No such realm "siemens.com"
(229)   [suffix] = noop
(229)  eap : Peer sent code Response (2) ID 189 length 106
(229)  eap : Continuing tunnel setup
(229)   [eap] = ok
(229)  } #  authorize = ok
(229) Found Auth-Type = EAP
(229) # Executing group from file /etc/raddb/sites-enabled/default
(229)   authenticate {
(229)  eap : Expiring EAP session with state 0x34b58d2c37779811
(229)  eap : Finished EAP session with state 0xae896b5dae347eb0
(229)  eap : Previous EAP request found for state 0xae896b5dae347eb0, released from the list
(229)  eap : Peer sent method TTLS (21)
(229)  eap : EAP TTLS (21)
(229)  eap : Calling eap_ttls to process EAP data
(229)  eap_ttls : Authenticate
(229)  eap_ttls : processing EAP-TLS
  TLS Length 96
(229)  eap_ttls : Length Included
(229)  eap_ttls : eaptls_verify returned 11 
(229)  eap_ttls : (other): before/accept initialization
(229)  eap_ttls : TLS_accept: before/accept initialization
(229)  eap_ttls : <<< Unknown TLS version [length 0005] 
(229)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(229)  eap_ttls : TLS_accept: SSLv3 read client hello A
(229)  eap_ttls : >>> Unknown TLS version [length 0005] 
(229)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(229)  eap_ttls : TLS_accept: SSLv3 write server hello A
(229)  eap_ttls : >>> Unknown TLS version [length 0005] 
(229)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(229)  eap_ttls : TLS_accept: SSLv3 write certificate A
(229)  eap_ttls : >>> Unknown TLS version [length 0005] 
(229)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(229)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(229)  eap_ttls : >>> Unknown TLS version [length 0005] 
(229)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(229)  eap_ttls : TLS_accept: SSLv3 write server done A
(229)  eap_ttls : TLS_accept: SSLv3 flush data
(229)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(229)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(229)  eap_ttls : eaptls_process returned 13 
(229)  eap : New EAP session, adding 'State' attribute to reply 0xae896b5daf377eb0
(229)   [eap] = handled
(229)  } #  authenticate = handled
(229) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=153, length=0
(229) 	EAP-Message = 0x01be03ec15c000000702160301004a020000460301d7dbb6f9439152325fabbf1de040ea15a3528bd9fa95075f55abc6c59ea26313208029ae0192cd1eed410f8fe97b224bdcf43855303c52ae61304547336a3cec0000390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(229) 	Message-Authenticator = 0x00000000000000000000000000000000
(229) 	State = 0xae896b5daf377eb01585d14cf083f206
Sending Access-Challenge Id 153 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01be03ec15c000000702160301004a020000460301d7dbb6f9439152325fabbf1de040ea15a3528bd9fa95075f55abc6c59ea26313208029ae0192cd1eed410f8fe97b224bdcf43855303c52ae61304547336a3cec0000390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xae896b5daf377eb01585d14cf083f206
(229) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 154 from 192.168.99.122:49321 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0x29aeb00bfaa9004555ae6355f172f8dd
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02be00061500
	State = 0xae896b5daf377eb01585d14cf083f206
(230) Received Access-Request packet from host 192.168.99.122 port 49321, id=154, length=86
(230) 	Message-Authenticator = 0x29aeb00bfaa9004555ae6355f172f8dd
(230) 	NAS-Identifier = 'BS'
(230) 	User-Name = 'CPE6@siemens.com'
(230) 	EAP-Message = 0x02be00061500
(230) 	State = 0xae896b5daf377eb01585d14cf083f206
(230) # Executing section authorize from file /etc/raddb/sites-enabled/default
(230)   authorize {
(230)   filter_username filter_username {
(230)     if (!&User-Name) 
(230)     if (!&User-Name)  -> FALSE
(230)     if (&User-Name =~ / /) 
(230)     if (&User-Name =~ / /)  -> FALSE
(230)     if (&User-Name =~ /@.*@/ ) 
(230)     if (&User-Name =~ /@.*@/ )  -> FALSE
(230)     if (&User-Name =~ /\\.\\./ ) 
(230)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(230)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(230)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(230)     if (&User-Name =~ /\\.$/)  
(230)     if (&User-Name =~ /\\.$/)   -> FALSE
(230)     if (&User-Name =~ /@\\./)  
(230)     if (&User-Name =~ /@\\./)   -> FALSE
(230)   } # filter_username filter_username = notfound
(230)   [preprocess] = ok
(230)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(230)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(230)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(230)  auth_log : EXPAND %t
(230)  auth_log :    --> Wed Feb 14 20:05:49 2018
(230)   [auth_log] = ok
(230)   [chap] = noop
(230)   [mschap] = noop
(230)   [digest] = noop
(230)   [wimax] = noop
(230)  suffix : Checking for suffix after "@"
(230)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(230)  suffix : No such realm "siemens.com"
(230)   [suffix] = noop
(230)  eap : Peer sent code Response (2) ID 190 length 6
(230)  eap : Continuing tunnel setup
(230)   [eap] = ok
(230)  } #  authorize = ok
(230) Found Auth-Type = EAP
(230) # Executing group from file /etc/raddb/sites-enabled/default
(230)   authenticate {
(230)  eap : Expiring EAP session with state 0x34b58d2c37779811
(230)  eap : Finished EAP session with state 0xae896b5daf377eb0
(230)  eap : Previous EAP request found for state 0xae896b5daf377eb0, released from the list
(230)  eap : Peer sent method TTLS (21)
(230)  eap : EAP TTLS (21)
(230)  eap : Calling eap_ttls to process EAP data
(230)  eap_ttls : Authenticate
(230)  eap_ttls : processing EAP-TLS
(230)  eap_ttls : Received TLS ACK
(230)  eap_ttls : Received TLS ACK
(230)  eap_ttls : ACK handshake fragment handler
(230)  eap_ttls : eaptls_verify returned 1 
(230)  eap_ttls : eaptls_process returned 13 
(230)  eap : New EAP session, adding 'State' attribute to reply 0xae896b5dac367eb0
(230)   [eap] = handled
(230)  } #  authenticate = handled
(230) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=154, length=0
(230) 	EAP-Message = 0x01bf032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(230) 	Message-Authenticator = 0x00000000000000000000000000000000
(230) 	State = 0xae896b5dac367eb01585d14cf083f206
Sending Access-Challenge Id 154 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01bf032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xae896b5dac367eb01585d14cf083f206
(230) Finished request
Waking up in 0.1 seconds.
(223) Cleaning up request packet ID 171 with timestamp +149
Received Access-Request Id 155 from 192.168.99.122:49321 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0xbb498a372926bee4a0c11e3a439b18d2
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02be00d01580000000c616030100861000008200803d0c40b383a9f1036e303c44308b1783af290925de0c4f5c86eba4af9def48a6bbb9379f846f53732cac2ca92cc69d5c9a185f5d076987aa658eb90eaebc36033e1bf0971a5c0e800732e6a31ea8a85aefaba407fbdde4ec6fa2df05c40c341e2f495258a8cf723fb7d97f102890ba0770d949e9348926f4dfe0dfcb6b174bff1403010001011603010030c85825a8ee1bd5b1e0b39432b76df918581d78b364393f80e486c64215305737e0766a12127a94e81f9573b97c3f107c
	State = 0x045509cc06eb1c9a7713deba90846c86
(231) Received Access-Request packet from host 192.168.99.122 port 49321, id=155, length=288
(231) 	Message-Authenticator = 0xbb498a372926bee4a0c11e3a439b18d2
(231) 	NAS-Identifier = 'BS'
(231) 	User-Name = 'CPE7@siemens.com'
(231) 	EAP-Message = 0x02be00d01580000000c616030100861000008200803d0c40b383a9f1036e303c44308b1783af290925de0c4f5c86eba4af9def48a6bbb9379f846f53732cac2ca92cc69d5c9a185f5d076987aa658eb90eaebc36033e1bf0971a5c0e800732e6a31ea8a85aefaba407fbdde4ec6fa2df05c40c341e2f495258a8cf723fb7d97f102890ba0770d949e9348926f4dfe0dfcb6b174bff1403010001011603010030c85825a8ee1bd5b1e0b39432b76df918581d78b364393f80e486c64215305737e0766a12127a94e81f9573b97c3f107c
(231) 	State = 0x045509cc06eb1c9a7713deba90846c86
(231) # Executing section authorize from file /etc/raddb/sites-enabled/default
(231)   authorize {
(231)   filter_username filter_username {
(231)     if (!&User-Name) 
(231)     if (!&User-Name)  -> FALSE
(231)     if (&User-Name =~ / /) 
(231)     if (&User-Name =~ / /)  -> FALSE
(231)     if (&User-Name =~ /@.*@/ ) 
(231)     if (&User-Name =~ /@.*@/ )  -> FALSE
(231)     if (&User-Name =~ /\\.\\./ ) 
(231)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(231)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(231)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(231)     if (&User-Name =~ /\\.$/)  
(231)     if (&User-Name =~ /\\.$/)   -> FALSE
(231)     if (&User-Name =~ /@\\./)  
(231)     if (&User-Name =~ /@\\./)   -> FALSE
(231)   } # filter_username filter_username = notfound
(231)   [preprocess] = ok
(231)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(231)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(231)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(231)  auth_log : EXPAND %t
(231)  auth_log :    --> Wed Feb 14 20:05:50 2018
(231)   [auth_log] = ok
(231)   [chap] = noop
(231)   [mschap] = noop
(231)   [digest] = noop
(231)   [wimax] = noop
(231)  suffix : Checking for suffix after "@"
(231)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(231)  suffix : No such realm "siemens.com"
(231)   [suffix] = noop
(231)  eap : Peer sent code Response (2) ID 190 length 208
(231)  eap : Continuing tunnel setup
(231)   [eap] = ok
(231)  } #  authorize = ok
(231) Found Auth-Type = EAP
(231) # Executing group from file /etc/raddb/sites-enabled/default
(231)   authenticate {
(231)  eap : Expiring EAP session with state 0x34b58d2c37779811
(231)  eap : Finished EAP session with state 0x045509cc06eb1c9a
(231)  eap : Previous EAP request found for state 0x045509cc06eb1c9a, released from the list
(231)  eap : Peer sent method TTLS (21)
(231)  eap : EAP TTLS (21)
(231)  eap : Calling eap_ttls to process EAP data
(231)  eap_ttls : Authenticate
(231)  eap_ttls : processing EAP-TLS
  TLS Length 198
(231)  eap_ttls : Length Included
(231)  eap_ttls : eaptls_verify returned 11 
(231)  eap_ttls : <<< Unknown TLS version [length 0005] 
(231)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(231)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(231)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(231)  eap_ttls : <<< Unknown TLS version [length 0005] 
(231)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(231)  eap_ttls : <<< Unknown TLS version [length 0005] 
(231)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(231)  eap_ttls : TLS_accept: SSLv3 read finished A
(231)  eap_ttls : >>> Unknown TLS version [length 0005] 
(231)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(231)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(231)  eap_ttls : >>> Unknown TLS version [length 0005] 
(231)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(231)  eap_ttls : TLS_accept: SSLv3 write finished A
(231)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 6667a91a2d3fff6f5992710d7e704706b679ee7ed20d41b6000b620b44124bef to cache
(231)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(231)  eap_ttls : eaptls_process returned 13 
(231)  eap : New EAP session, adding 'State' attribute to reply 0x045509cc07ea1c9a
(231)   [eap] = handled
(231)  } #  authenticate = handled
(231) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=155, length=0
(231) 	EAP-Message = 0x01bf004515800000003b1403010001011603010030d2668483036e88accd571be5d02f07b56c660d023b2269b0bd21c06f47798daeff7933f78db72b2a11f70fd6f2c6bdc7
(231) 	Message-Authenticator = 0x00000000000000000000000000000000
(231) 	State = 0x045509cc07ea1c9a7713deba90846c86
Sending Access-Challenge Id 155 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01bf004515800000003b1403010001011603010030d2668483036e88accd571be5d02f07b56c660d023b2269b0bd21c06f47798daeff7933f78db72b2a11f70fd6f2c6bdc7
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x045509cc07ea1c9a7713deba90846c86
(231) Finished request
Received Access-Request Id 1 from 192.168.99.121:49210 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(232) Received Access-Request packet from host 192.168.99.121 port 49210, id=1, length=49
(232) 	NAS-Identifier = 'BS'
(232) 	User-Name = 'dummy'
(232) 	User-Password = '*PASSWORD*'
(232) # Executing section authorize from file /etc/raddb/sites-enabled/default
(232)   authorize {
(232)   filter_username filter_username {
(232)     if (!&User-Name) 
(232)     if (!&User-Name)  -> FALSE
(232)     if (&User-Name =~ / /) 
(232)     if (&User-Name =~ / /)  -> FALSE
(232)     if (&User-Name =~ /@.*@/ ) 
(232)     if (&User-Name =~ /@.*@/ )  -> FALSE
(232)     if (&User-Name =~ /\\.\\./ ) 
(232)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(232)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(232)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(232)     if (&User-Name =~ /\\.$/)  
(232)     if (&User-Name =~ /\\.$/)   -> FALSE
(232)     if (&User-Name =~ /@\\./)  
(232)     if (&User-Name =~ /@\\./)   -> FALSE
(232)   } # filter_username filter_username = notfound
(232)   [preprocess] = ok
(232)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(232)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(232)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(232)  auth_log : EXPAND %t
(232)  auth_log :    --> Wed Feb 14 20:05:50 2018
(232)   [auth_log] = ok
(232)   [chap] = noop
(232)   [mschap] = noop
(232)   [digest] = noop
(232)   [wimax] = noop
(232)  suffix : Checking for suffix after "@"
(232)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(232)  suffix : No such realm "NULL"
(232)   [suffix] = noop
(232)  eap : No EAP-Message, not doing EAP
(232)   [eap] = noop
(232)  files : users: Matched entry dummy at line 159
(232)   [files] = ok
(232)   [expiration] = noop
(232)   [logintime] = noop
(232)   [pap] = updated
(232)  } #  authorize = updated
(232) Found Auth-Type = PAP
(232) # Executing group from file /etc/raddb/sites-enabled/default
(232)  Auth-Type PAP {
(232)  pap : Login attempt with password
(232)  pap : User authenticated successfully
(232)   [pap] = ok
(232)  } # Auth-Type PAP = ok
(232) Login OK: [dummy] (from client BS1 port 0)
(232) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(232)   post-auth {
(232)   [exec] = noop
(232)   update reply {
(232) 	Session-Timeout := 1800
(232)   } # update reply = noop
(232)   remove_reply_message_if_eap remove_reply_message_if_eap {
(232)     if (&reply:EAP-Message && &reply:Reply-Message) 
(232)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(232)    else else {
(232)     [noop] = noop
(232)    } # else else = noop
(232)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(232)  } #  post-auth = noop
(232) Sending Access-Accept packet to host 192.168.99.121 port 49210, id=1, length=0
(232) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.121:49210
	Session-Timeout := 1800
(232) Finished request
Waking up in 0.1 seconds.
Waking up in 0.1 seconds.
Waking up in 1.0 seconds.
(224) Cleaning up request packet ID 173 with timestamp +150
Waking up in 0.8 seconds.
Received Access-Request Id 156 from 192.168.99.122:49321 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0x418110e94aa4384a4a0112b975ab3634
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02bf00d01580000000c61603010086100000820080542862962bb59d9a402a88a50afad239887e7aff8a6ffb3d3e6addd998bf826089101837b9c2bbfffc2f9c8ca627f51f4dba80532579f4f5c3cfee9ee89822dfc479a3944db3e4260081b69562766ac936796ee3081041fc7f7052884b9707f90900762f2d607cc56a67e94ce4a11543e81fa89817c9c00457e1e7ca4dd3defd1403010001011603010030c184a2c31a5f267cdfb4ef1ac1a022d7bcb91bb178e8fe12595bb2187114fc8b3f8f687896888faa3c951f3fe593ce94
	State = 0xae896b5dac367eb01585d14cf083f206
(233) Received Access-Request packet from host 192.168.99.122 port 49321, id=156, length=288
(233) 	Message-Authenticator = 0x418110e94aa4384a4a0112b975ab3634
(233) 	NAS-Identifier = 'BS'
(233) 	User-Name = 'CPE6@siemens.com'
(233) 	EAP-Message = 0x02bf00d01580000000c61603010086100000820080542862962bb59d9a402a88a50afad239887e7aff8a6ffb3d3e6addd998bf826089101837b9c2bbfffc2f9c8ca627f51f4dba80532579f4f5c3cfee9ee89822dfc479a3944db3e4260081b69562766ac936796ee3081041fc7f7052884b9707f90900762f2d607cc56a67e94ce4a11543e81fa89817c9c00457e1e7ca4dd3defd1403010001011603010030c184a2c31a5f267cdfb4ef1ac1a022d7bcb91bb178e8fe12595bb2187114fc8b3f8f687896888faa3c951f3fe593ce94
(233) 	State = 0xae896b5dac367eb01585d14cf083f206
(233) # Executing section authorize from file /etc/raddb/sites-enabled/default
(233)   authorize {
(233)   filter_username filter_username {
(233)     if (!&User-Name) 
(233)     if (!&User-Name)  -> FALSE
(233)     if (&User-Name =~ / /) 
(233)     if (&User-Name =~ / /)  -> FALSE
(233)     if (&User-Name =~ /@.*@/ ) 
(233)     if (&User-Name =~ /@.*@/ )  -> FALSE
(233)     if (&User-Name =~ /\\.\\./ ) 
(233)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(233)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(233)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(233)     if (&User-Name =~ /\\.$/)  
(233)     if (&User-Name =~ /\\.$/)   -> FALSE
(233)     if (&User-Name =~ /@\\./)  
(233)     if (&User-Name =~ /@\\./)   -> FALSE
(233)   } # filter_username filter_username = notfound
(233)   [preprocess] = ok
(233)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(233)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(233)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(233)  auth_log : EXPAND %t
(233)  auth_log :    --> Wed Feb 14 20:05:52 2018
(233)   [auth_log] = ok
(233)   [chap] = noop
(233)   [mschap] = noop
(233)   [digest] = noop
(233)   [wimax] = noop
(233)  suffix : Checking for suffix after "@"
(233)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(233)  suffix : No such realm "siemens.com"
(233)   [suffix] = noop
(233)  eap : Peer sent code Response (2) ID 191 length 208
(233)  eap : Continuing tunnel setup
(233)   [eap] = ok
(233)  } #  authorize = ok
(233) Found Auth-Type = EAP
(233) # Executing group from file /etc/raddb/sites-enabled/default
(233)   authenticate {
(233)  eap : Expiring EAP session with state 0x34b58d2c37779811
(233)  eap : Finished EAP session with state 0xae896b5dac367eb0
(233)  eap : Previous EAP request found for state 0xae896b5dac367eb0, released from the list
(233)  eap : Peer sent method TTLS (21)
(233)  eap : EAP TTLS (21)
(233)  eap : Calling eap_ttls to process EAP data
(233)  eap_ttls : Authenticate
(233)  eap_ttls : processing EAP-TLS
  TLS Length 198
(233)  eap_ttls : Length Included
(233)  eap_ttls : eaptls_verify returned 11 
(233)  eap_ttls : <<< Unknown TLS version [length 0005] 
(233)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(233)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(233)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(233)  eap_ttls : <<< Unknown TLS version [length 0005] 
(233)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(233)  eap_ttls : <<< Unknown TLS version [length 0005] 
(233)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(233)  eap_ttls : TLS_accept: SSLv3 read finished A
(233)  eap_ttls : >>> Unknown TLS version [length 0005] 
(233)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(233)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(233)  eap_ttls : >>> Unknown TLS version [length 0005] 
(233)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(233)  eap_ttls : TLS_accept: SSLv3 write finished A
(233)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 8029ae0192cd1eed410f8fe97b224bdcf43855303c52ae61304547336a3cec00 to cache
(233)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(233)  eap_ttls : eaptls_process returned 13 
(233)  eap : New EAP session, adding 'State' attribute to reply 0xae896b5dad497eb0
(233)   [eap] = handled
(233)  } #  authenticate = handled
(233) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=156, length=0
(233) 	EAP-Message = 0x01c0004515800000003b140301000101160301003028b69b8f09cceb41584e2971a17182906cbe31fcd3f3f3356b0eadb9e390b43252584da695258340c6ff70afd896f430
(233) 	Message-Authenticator = 0x00000000000000000000000000000000
(233) 	State = 0xae896b5dad497eb01585d14cf083f206
Sending Access-Challenge Id 156 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01c0004515800000003b140301000101160301003028b69b8f09cceb41584e2971a17182906cbe31fcd3f3f3356b0eadb9e390b43252584da695258340c6ff70afd896f430
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xae896b5dad497eb01585d14cf083f206
(233) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 172 from 192.168.99.123:49286 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0xd7265e3f246ddbadb70439dce3b44664
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x029800150143504538407369656d656e732e636f6d
(234) Received Access-Request packet from host 192.168.99.123 port 49286, id=172, length=83
(234) 	Message-Authenticator = 0xd7265e3f246ddbadb70439dce3b44664
(234) 	NAS-Identifier = 'BS'
(234) 	User-Name = 'CPE8@siemens.com'
(234) 	EAP-Message = 0x029800150143504538407369656d656e732e636f6d
(234) # Executing section authorize from file /etc/raddb/sites-enabled/default
(234)   authorize {
(234)   filter_username filter_username {
(234)     if (!&User-Name) 
(234)     if (!&User-Name)  -> FALSE
(234)     if (&User-Name =~ / /) 
(234)     if (&User-Name =~ / /)  -> FALSE
(234)     if (&User-Name =~ /@.*@/ ) 
(234)     if (&User-Name =~ /@.*@/ )  -> FALSE
(234)     if (&User-Name =~ /\\.\\./ ) 
(234)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(234)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(234)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(234)     if (&User-Name =~ /\\.$/)  
(234)     if (&User-Name =~ /\\.$/)   -> FALSE
(234)     if (&User-Name =~ /@\\./)  
(234)     if (&User-Name =~ /@\\./)   -> FALSE
(234)   } # filter_username filter_username = notfound
(234)   [preprocess] = ok
(234)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(234)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(234)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(234)  auth_log : EXPAND %t
(234)  auth_log :    --> Wed Feb 14 20:05:52 2018
(234)   [auth_log] = ok
(234)   [chap] = noop
(234)   [mschap] = noop
(234)   [digest] = noop
(234)   [wimax] = noop
(234)  suffix : Checking for suffix after "@"
(234)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(234)  suffix : No such realm "siemens.com"
(234)   [suffix] = noop
(234)  eap : Peer sent code Response (2) ID 152 length 21
(234)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(234)   [eap] = ok
(234)  } #  authorize = ok
(234) Found Auth-Type = EAP
(234) # Executing group from file /etc/raddb/sites-enabled/default
(234)   authenticate {
(234)  eap : Peer sent method Identity (1)
(234)  eap : Calling eap_ttls to process EAP data
(234)  eap_ttls : Initiate
(234)  eap_ttls : Start returned 1
(234)  eap : New EAP session, adding 'State' attribute to reply 0x3972d78439ebc23f
(234)   [eap] = handled
(234)  } #  authenticate = handled
(234) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=172, length=0
(234) 	EAP-Message = 0x019900061520
(234) 	Message-Authenticator = 0x00000000000000000000000000000000
(234) 	State = 0x3972d78439ebc23f69e473ebda97f113
Sending Access-Challenge Id 172 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019900061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x3972d78439ebc23f69e473ebda97f113
(234) Finished request
(225) Cleaning up request packet ID 149 with timestamp +151
Received Access-Request Id 173 from 192.168.99.123:49286 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0xd7e03dd7027ac2f280a2338a84fa6420
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x0299006a158000000060160301005b01000057030154a6510a3ad21818b394427d23af7557929b696a00a768796a2a08bfc914cc6700003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x3972d78439ebc23f69e473ebda97f113
(235) Received Access-Request packet from host 192.168.99.123 port 49286, id=173, length=186
(235) 	Message-Authenticator = 0xd7e03dd7027ac2f280a2338a84fa6420
(235) 	NAS-Identifier = 'BS'
(235) 	User-Name = 'CPE8@siemens.com'
(235) 	EAP-Message = 0x0299006a158000000060160301005b01000057030154a6510a3ad21818b394427d23af7557929b696a00a768796a2a08bfc914cc6700003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(235) 	State = 0x3972d78439ebc23f69e473ebda97f113
(235) # Executing section authorize from file /etc/raddb/sites-enabled/default
(235)   authorize {
(235)   filter_username filter_username {
(235)     if (!&User-Name) 
(235)     if (!&User-Name)  -> FALSE
(235)     if (&User-Name =~ / /) 
(235)     if (&User-Name =~ / /)  -> FALSE
(235)     if (&User-Name =~ /@.*@/ ) 
(235)     if (&User-Name =~ /@.*@/ )  -> FALSE
(235)     if (&User-Name =~ /\\.\\./ ) 
(235)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(235)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(235)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(235)     if (&User-Name =~ /\\.$/)  
(235)     if (&User-Name =~ /\\.$/)   -> FALSE
(235)     if (&User-Name =~ /@\\./)  
(235)     if (&User-Name =~ /@\\./)   -> FALSE
(235)   } # filter_username filter_username = notfound
(235)   [preprocess] = ok
(235)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(235)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(235)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(235)  auth_log : EXPAND %t
(235)  auth_log :    --> Wed Feb 14 20:05:52 2018
(235)   [auth_log] = ok
(235)   [chap] = noop
(235)   [mschap] = noop
(235)   [digest] = noop
(235)   [wimax] = noop
(235)  suffix : Checking for suffix after "@"
(235)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(235)  suffix : No such realm "siemens.com"
(235)   [suffix] = noop
(235)  eap : Peer sent code Response (2) ID 153 length 106
(235)  eap : Continuing tunnel setup
(235)   [eap] = ok
(235)  } #  authorize = ok
(235) Found Auth-Type = EAP
(235) # Executing group from file /etc/raddb/sites-enabled/default
(235)   authenticate {
(235)  eap : Expiring EAP session with state 0x34b58d2c37779811
(235)  eap : Finished EAP session with state 0x3972d78439ebc23f
(235)  eap : Previous EAP request found for state 0x3972d78439ebc23f, released from the list
(235)  eap : Peer sent method TTLS (21)
(235)  eap : EAP TTLS (21)
(235)  eap : Calling eap_ttls to process EAP data
(235)  eap_ttls : Authenticate
(235)  eap_ttls : processing EAP-TLS
  TLS Length 96
(235)  eap_ttls : Length Included
(235)  eap_ttls : eaptls_verify returned 11 
(235)  eap_ttls : (other): before/accept initialization
(235)  eap_ttls : TLS_accept: before/accept initialization
(235)  eap_ttls : <<< Unknown TLS version [length 0005] 
(235)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(235)  eap_ttls : TLS_accept: SSLv3 read client hello A
(235)  eap_ttls : >>> Unknown TLS version [length 0005] 
(235)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(235)  eap_ttls : TLS_accept: SSLv3 write server hello A
(235)  eap_ttls : >>> Unknown TLS version [length 0005] 
(235)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(235)  eap_ttls : TLS_accept: SSLv3 write certificate A
(235)  eap_ttls : >>> Unknown TLS version [length 0005] 
(235)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(235)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(235)  eap_ttls : >>> Unknown TLS version [length 0005] 
(235)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(235)  eap_ttls : TLS_accept: SSLv3 write server done A
(235)  eap_ttls : TLS_accept: SSLv3 flush data
(235)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(235)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(235)  eap_ttls : eaptls_process returned 13 
(235)  eap : New EAP session, adding 'State' attribute to reply 0x3972d78438e8c23f
(235)   [eap] = handled
(235)  } #  authenticate = handled
(235) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=173, length=0
(235) 	EAP-Message = 0x019a03ec15c000000702160301004a0200004603015f604271770e74acf646dd908ebae68fde4fe49bf4c7b23f0059dd8b3dbb405420c205de9b414048f3e6be2f678c209f81e9eb0292a76e0c4c52576808ccebeaf800390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(235) 	Message-Authenticator = 0x00000000000000000000000000000000
(235) 	State = 0x3972d78438e8c23f69e473ebda97f113
Sending Access-Challenge Id 173 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019a03ec15c000000702160301004a0200004603015f604271770e74acf646dd908ebae68fde4fe49bf4c7b23f0059dd8b3dbb405420c205de9b414048f3e6be2f678c209f81e9eb0292a76e0c4c52576808ccebeaf800390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x3972d78438e8c23f69e473ebda97f113
(235) Finished request
Received Access-Request Id 174 from 192.168.99.123:49286 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0x74b39954c8a53e0ca2e96e5b50277b9d
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x029a00061500
	State = 0x3972d78438e8c23f69e473ebda97f113
(236) Received Access-Request packet from host 192.168.99.123 port 49286, id=174, length=86
(236) 	Message-Authenticator = 0x74b39954c8a53e0ca2e96e5b50277b9d
(236) 	NAS-Identifier = 'BS'
(236) 	User-Name = 'CPE8@siemens.com'
(236) 	EAP-Message = 0x029a00061500
(236) 	State = 0x3972d78438e8c23f69e473ebda97f113
(236) # Executing section authorize from file /etc/raddb/sites-enabled/default
(236)   authorize {
(236)   filter_username filter_username {
(236)     if (!&User-Name) 
(236)     if (!&User-Name)  -> FALSE
(236)     if (&User-Name =~ / /) 
(236)     if (&User-Name =~ / /)  -> FALSE
(236)     if (&User-Name =~ /@.*@/ ) 
(236)     if (&User-Name =~ /@.*@/ )  -> FALSE
(236)     if (&User-Name =~ /\\.\\./ ) 
(236)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(236)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(236)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(236)     if (&User-Name =~ /\\.$/)  
(236)     if (&User-Name =~ /\\.$/)   -> FALSE
(236)     if (&User-Name =~ /@\\./)  
(236)     if (&User-Name =~ /@\\./)   -> FALSE
(236)   } # filter_username filter_username = notfound
(236)   [preprocess] = ok
(236)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(236)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(236)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(236)  auth_log : EXPAND %t
(236)  auth_log :    --> Wed Feb 14 20:05:52 2018
(236)   [auth_log] = ok
(236)   [chap] = noop
(236)   [mschap] = noop
(236)   [digest] = noop
(236)   [wimax] = noop
(236)  suffix : Checking for suffix after "@"
(236)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(236)  suffix : No such realm "siemens.com"
(236)   [suffix] = noop
(236)  eap : Peer sent code Response (2) ID 154 length 6
(236)  eap : Continuing tunnel setup
(236)   [eap] = ok
(236)  } #  authorize = ok
(236) Found Auth-Type = EAP
(236) # Executing group from file /etc/raddb/sites-enabled/default
(236)   authenticate {
(236)  eap : Expiring EAP session with state 0x34b58d2c37779811
(236)  eap : Finished EAP session with state 0x3972d78438e8c23f
(236)  eap : Previous EAP request found for state 0x3972d78438e8c23f, released from the list
(236)  eap : Peer sent method TTLS (21)
(236)  eap : EAP TTLS (21)
(236)  eap : Calling eap_ttls to process EAP data
(236)  eap_ttls : Authenticate
(236)  eap_ttls : processing EAP-TLS
(236)  eap_ttls : Received TLS ACK
(236)  eap_ttls : Received TLS ACK
(236)  eap_ttls : ACK handshake fragment handler
(236)  eap_ttls : eaptls_verify returned 1 
(236)  eap_ttls : eaptls_process returned 13 
(236)  eap : New EAP session, adding 'State' attribute to reply 0x3972d7843be9c23f
(236)   [eap] = handled
(236)  } #  authenticate = handled
(236) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=174, length=0
(236) 	EAP-Message = 0x019b032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(236) 	Message-Authenticator = 0x00000000000000000000000000000000
(236) 	State = 0x3972d7843be9c23f69e473ebda97f113
Sending Access-Challenge Id 174 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019b032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x3972d7843be9c23f69e473ebda97f113
(236) Finished request
(226) Cleaning up request packet ID 150 with timestamp +151
(227) Cleaning up request packet ID 151 with timestamp +151
Waking up in 1.8 seconds.
Received Access-Request Id 1 from 192.168.99.123:49286 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(237) Received Access-Request packet from host 192.168.99.123 port 49286, id=1, length=49
(237) 	NAS-Identifier = 'BS'
(237) 	User-Name = 'dummy'
(237) 	User-Password = '*PASSWORD*'
(237) # Executing section authorize from file /etc/raddb/sites-enabled/default
(237)   authorize {
(237)   filter_username filter_username {
(237)     if (!&User-Name) 
(237)     if (!&User-Name)  -> FALSE
(237)     if (&User-Name =~ / /) 
(237)     if (&User-Name =~ / /)  -> FALSE
(237)     if (&User-Name =~ /@.*@/ ) 
(237)     if (&User-Name =~ /@.*@/ )  -> FALSE
(237)     if (&User-Name =~ /\\.\\./ ) 
(237)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(237)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(237)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(237)     if (&User-Name =~ /\\.$/)  
(237)     if (&User-Name =~ /\\.$/)   -> FALSE
(237)     if (&User-Name =~ /@\\./)  
(237)     if (&User-Name =~ /@\\./)   -> FALSE
(237)   } # filter_username filter_username = notfound
(237)   [preprocess] = ok
(237)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(237)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(237)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(237)  auth_log : EXPAND %t
(237)  auth_log :    --> Wed Feb 14 20:05:54 2018
(237)   [auth_log] = ok
(237)   [chap] = noop
(237)   [mschap] = noop
(237)   [digest] = noop
(237)   [wimax] = noop
(237)  suffix : Checking for suffix after "@"
(237)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(237)  suffix : No such realm "NULL"
(237)   [suffix] = noop
(237)  eap : No EAP-Message, not doing EAP
(237)   [eap] = noop
(237)  files : users: Matched entry dummy at line 159
(237)   [files] = ok
(237)   [expiration] = noop
(237)   [logintime] = noop
(237)   [pap] = updated
(237)  } #  authorize = updated
(237) Found Auth-Type = PAP
(237) # Executing group from file /etc/raddb/sites-enabled/default
(237)  Auth-Type PAP {
(237)  pap : Login attempt with password
(237)  pap : User authenticated successfully
(237)   [pap] = ok
(237)  } # Auth-Type PAP = ok
(237) Login OK: [dummy] (from client BS3 port 0)
(237) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(237)   post-auth {
(237)   [exec] = noop
(237)   update reply {
(237) 	Session-Timeout := 1800
(237)   } # update reply = noop
(237)   remove_reply_message_if_eap remove_reply_message_if_eap {
(237)     if (&reply:EAP-Message && &reply:Reply-Message) 
(237)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(237)    else else {
(237)     [noop] = noop
(237)    } # else else = noop
(237)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(237)  } #  post-auth = noop
(237) Sending Access-Accept packet to host 192.168.99.123 port 49286, id=1, length=0
(237) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.123:49286
	Session-Timeout := 1800
(237) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 174 from 192.168.99.121:49210 to 192.168.99.101:1812 length 85
	Message-Authenticator = 0xf39e3303bb7897019007832697c748a5
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c70016014350453131407369656d656e732e636f6d
(238) Received Access-Request packet from host 192.168.99.121 port 49210, id=174, length=85
(238) 	Message-Authenticator = 0xf39e3303bb7897019007832697c748a5
(238) 	NAS-Identifier = 'BS'
(238) 	User-Name = 'CPE11@siemens.com'
(238) 	EAP-Message = 0x02c70016014350453131407369656d656e732e636f6d
(238) # Executing section authorize from file /etc/raddb/sites-enabled/default
(238)   authorize {
(238)   filter_username filter_username {
(238)     if (!&User-Name) 
(238)     if (!&User-Name)  -> FALSE
(238)     if (&User-Name =~ / /) 
(238)     if (&User-Name =~ / /)  -> FALSE
(238)     if (&User-Name =~ /@.*@/ ) 
(238)     if (&User-Name =~ /@.*@/ )  -> FALSE
(238)     if (&User-Name =~ /\\.\\./ ) 
(238)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(238)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(238)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(238)     if (&User-Name =~ /\\.$/)  
(238)     if (&User-Name =~ /\\.$/)   -> FALSE
(238)     if (&User-Name =~ /@\\./)  
(238)     if (&User-Name =~ /@\\./)   -> FALSE
(238)   } # filter_username filter_username = notfound
(238)   [preprocess] = ok
(238)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(238)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(238)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(238)  auth_log : EXPAND %t
(238)  auth_log :    --> Wed Feb 14 20:05:54 2018
(238)   [auth_log] = ok
(238)   [chap] = noop
(238)   [mschap] = noop
(238)   [digest] = noop
(238)   [wimax] = noop
(238)  suffix : Checking for suffix after "@"
(238)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(238)  suffix : No such realm "siemens.com"
(238)   [suffix] = noop
(238)  eap : Peer sent code Response (2) ID 199 length 22
(238)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(238)   [eap] = ok
(238)  } #  authorize = ok
(238) Found Auth-Type = EAP
(238) # Executing group from file /etc/raddb/sites-enabled/default
(238)   authenticate {
(238)  eap : Peer sent method Identity (1)
(238)  eap : Calling eap_ttls to process EAP data
(238)  eap_ttls : Initiate
(238)  eap_ttls : Start returned 1
(238)  eap : New EAP session, adding 'State' attribute to reply 0x3cea63b93c227627
(238)   [eap] = handled
(238)  } #  authenticate = handled
(238) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=174, length=0
(238) 	EAP-Message = 0x01c800061520
(238) 	Message-Authenticator = 0x00000000000000000000000000000000
(238) 	State = 0x3cea63b93c22762741eb275e50d2c369
Sending Access-Challenge Id 174 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c800061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x3cea63b93c22762741eb275e50d2c369
(238) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 1 from 192.168.99.124:49285 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(239) Received Access-Request packet from host 192.168.99.124 port 49285, id=1, length=49
(239) 	NAS-Identifier = 'BS'
(239) 	User-Name = 'dummy'
(239) 	User-Password = '*PASSWORD*'
(239) # Executing section authorize from file /etc/raddb/sites-enabled/default
(239)   authorize {
(239)   filter_username filter_username {
(239)     if (!&User-Name) 
(239)     if (!&User-Name)  -> FALSE
(239)     if (&User-Name =~ / /) 
(239)     if (&User-Name =~ / /)  -> FALSE
(239)     if (&User-Name =~ /@.*@/ ) 
(239)     if (&User-Name =~ /@.*@/ )  -> FALSE
(239)     if (&User-Name =~ /\\.\\./ ) 
(239)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(239)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(239)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(239)     if (&User-Name =~ /\\.$/)  
(239)     if (&User-Name =~ /\\.$/)   -> FALSE
(239)     if (&User-Name =~ /@\\./)  
(239)     if (&User-Name =~ /@\\./)   -> FALSE
(239)   } # filter_username filter_username = notfound
(239)   [preprocess] = ok
(239)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(239)  auth_log :    --> /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(239)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.124/auth-detail-20180214
(239)  auth_log : EXPAND %t
(239)  auth_log :    --> Wed Feb 14 20:05:54 2018
(239)   [auth_log] = ok
(239)   [chap] = noop
(239)   [mschap] = noop
(239)   [digest] = noop
(239)   [wimax] = noop
(239)  suffix : Checking for suffix after "@"
(239)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(239)  suffix : No such realm "NULL"
(239)   [suffix] = noop
(239)  eap : No EAP-Message, not doing EAP
(239)   [eap] = noop
(239)  files : users: Matched entry dummy at line 159
(239)   [files] = ok
(239)   [expiration] = noop
(239)   [logintime] = noop
(239)   [pap] = updated
(239)  } #  authorize = updated
(239) Found Auth-Type = PAP
(239) # Executing group from file /etc/raddb/sites-enabled/default
(239)  Auth-Type PAP {
(239)  pap : Login attempt with password
(239)  pap : User authenticated successfully
(239)   [pap] = ok
(239)  } # Auth-Type PAP = ok
(239) Login OK: [dummy] (from client BS4 port 0)
(239) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(239)   post-auth {
(239)   [exec] = noop
(239)   update reply {
(239) 	Session-Timeout := 1800
(239)   } # update reply = noop
(239)   remove_reply_message_if_eap remove_reply_message_if_eap {
(239)     if (&reply:EAP-Message && &reply:Reply-Message) 
(239)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(239)    else else {
(239)     [noop] = noop
(239)    } # else else = noop
(239)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(239)  } #  post-auth = noop
(239) Sending Access-Accept packet to host 192.168.99.124 port 49285, id=1, length=0
(239) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.124:49285
	Session-Timeout := 1800
(239) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 175 from 192.168.99.121:49210 to 192.168.99.101:1812 length 187
	Message-Authenticator = 0x3c11ef008519818da3e7070fd111610b
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c8006a158000000060160301005b01000057030154a4b4d193cf4dc520c063666d4a55d3ddade3db0c9580f34deb07bcda1f253800003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x3cea63b93c22762741eb275e50d2c369
(240) Received Access-Request packet from host 192.168.99.121 port 49210, id=175, length=187
(240) 	Message-Authenticator = 0x3c11ef008519818da3e7070fd111610b
(240) 	NAS-Identifier = 'BS'
(240) 	User-Name = 'CPE11@siemens.com'
(240) 	EAP-Message = 0x02c8006a158000000060160301005b01000057030154a4b4d193cf4dc520c063666d4a55d3ddade3db0c9580f34deb07bcda1f253800003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(240) 	State = 0x3cea63b93c22762741eb275e50d2c369
(240) # Executing section authorize from file /etc/raddb/sites-enabled/default
(240)   authorize {
(240)   filter_username filter_username {
(240)     if (!&User-Name) 
(240)     if (!&User-Name)  -> FALSE
(240)     if (&User-Name =~ / /) 
(240)     if (&User-Name =~ / /)  -> FALSE
(240)     if (&User-Name =~ /@.*@/ ) 
(240)     if (&User-Name =~ /@.*@/ )  -> FALSE
(240)     if (&User-Name =~ /\\.\\./ ) 
(240)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(240)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(240)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(240)     if (&User-Name =~ /\\.$/)  
(240)     if (&User-Name =~ /\\.$/)   -> FALSE
(240)     if (&User-Name =~ /@\\./)  
(240)     if (&User-Name =~ /@\\./)   -> FALSE
(240)   } # filter_username filter_username = notfound
(240)   [preprocess] = ok
(240)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(240)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(240)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(240)  auth_log : EXPAND %t
(240)  auth_log :    --> Wed Feb 14 20:05:54 2018
(240)   [auth_log] = ok
(240)   [chap] = noop
(240)   [mschap] = noop
(240)   [digest] = noop
(240)   [wimax] = noop
(240)  suffix : Checking for suffix after "@"
(240)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(240)  suffix : No such realm "siemens.com"
(240)   [suffix] = noop
(240)  eap : Peer sent code Response (2) ID 200 length 106
(240)  eap : Continuing tunnel setup
(240)   [eap] = ok
(240)  } #  authorize = ok
(240) Found Auth-Type = EAP
(240) # Executing group from file /etc/raddb/sites-enabled/default
(240)   authenticate {
(240)  eap : Expiring EAP session with state 0x34b58d2c37779811
(240)  eap : Finished EAP session with state 0x3cea63b93c227627
(240)  eap : Previous EAP request found for state 0x3cea63b93c227627, released from the list
(240)  eap : Peer sent method TTLS (21)
(240)  eap : EAP TTLS (21)
(240)  eap : Calling eap_ttls to process EAP data
(240)  eap_ttls : Authenticate
(240)  eap_ttls : processing EAP-TLS
  TLS Length 96
(240)  eap_ttls : Length Included
(240)  eap_ttls : eaptls_verify returned 11 
(240)  eap_ttls : (other): before/accept initialization
(240)  eap_ttls : TLS_accept: before/accept initialization
(240)  eap_ttls : <<< Unknown TLS version [length 0005] 
(240)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(240)  eap_ttls : TLS_accept: SSLv3 read client hello A
(240)  eap_ttls : >>> Unknown TLS version [length 0005] 
(240)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(240)  eap_ttls : TLS_accept: SSLv3 write server hello A
(240)  eap_ttls : >>> Unknown TLS version [length 0005] 
(240)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(240)  eap_ttls : TLS_accept: SSLv3 write certificate A
(240)  eap_ttls : >>> Unknown TLS version [length 0005] 
(240)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(240)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(240)  eap_ttls : >>> Unknown TLS version [length 0005] 
(240)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(240)  eap_ttls : TLS_accept: SSLv3 write server done A
(240)  eap_ttls : TLS_accept: SSLv3 flush data
(240)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(240)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(240)  eap_ttls : eaptls_process returned 13 
(240)  eap : New EAP session, adding 'State' attribute to reply 0x3cea63b93d237627
(240)   [eap] = handled
(240)  } #  authenticate = handled
(240) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=175, length=0
(240) 	EAP-Message = 0x01c903ec15c000000702160301004a0200004603014c080f5e823ec31b5322194965e07349c17c82f10184d8c508f6f38b2331a7fb206930a7ce7bc11cda93dbb1fa6190d68d0e3c0b7f57a300b1a9547943d4f9805c00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(240) 	Message-Authenticator = 0x00000000000000000000000000000000
(240) 	State = 0x3cea63b93d23762741eb275e50d2c369
Sending Access-Challenge Id 175 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01c903ec15c000000702160301004a0200004603014c080f5e823ec31b5322194965e07349c17c82f10184d8c508f6f38b2331a7fb206930a7ce7bc11cda93dbb1fa6190d68d0e3c0b7f57a300b1a9547943d4f9805c00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x3cea63b93d23762741eb275e50d2c369
(240) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 176 from 192.168.99.121:49210 to 192.168.99.101:1812 length 87
	Message-Authenticator = 0x3bcf6a38266d3225d5574644c33f82cf
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02c900061500
	State = 0x3cea63b93d23762741eb275e50d2c369
(241) Received Access-Request packet from host 192.168.99.121 port 49210, id=176, length=87
(241) 	Message-Authenticator = 0x3bcf6a38266d3225d5574644c33f82cf
(241) 	NAS-Identifier = 'BS'
(241) 	User-Name = 'CPE11@siemens.com'
(241) 	EAP-Message = 0x02c900061500
(241) 	State = 0x3cea63b93d23762741eb275e50d2c369
(241) # Executing section authorize from file /etc/raddb/sites-enabled/default
(241)   authorize {
(241)   filter_username filter_username {
(241)     if (!&User-Name) 
(241)     if (!&User-Name)  -> FALSE
(241)     if (&User-Name =~ / /) 
(241)     if (&User-Name =~ / /)  -> FALSE
(241)     if (&User-Name =~ /@.*@/ ) 
(241)     if (&User-Name =~ /@.*@/ )  -> FALSE
(241)     if (&User-Name =~ /\\.\\./ ) 
(241)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(241)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(241)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(241)     if (&User-Name =~ /\\.$/)  
(241)     if (&User-Name =~ /\\.$/)   -> FALSE
(241)     if (&User-Name =~ /@\\./)  
(241)     if (&User-Name =~ /@\\./)   -> FALSE
(241)   } # filter_username filter_username = notfound
(241)   [preprocess] = ok
(241)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(241)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(241)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(241)  auth_log : EXPAND %t
(241)  auth_log :    --> Wed Feb 14 20:05:54 2018
(241)   [auth_log] = ok
(241)   [chap] = noop
(241)   [mschap] = noop
(241)   [digest] = noop
(241)   [wimax] = noop
(241)  suffix : Checking for suffix after "@"
(241)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(241)  suffix : No such realm "siemens.com"
(241)   [suffix] = noop
(241)  eap : Peer sent code Response (2) ID 201 length 6
(241)  eap : Continuing tunnel setup
(241)   [eap] = ok
(241)  } #  authorize = ok
(241) Found Auth-Type = EAP
(241) # Executing group from file /etc/raddb/sites-enabled/default
(241)   authenticate {
(241)  eap : Expiring EAP session with state 0x34b58d2c37779811
(241)  eap : Finished EAP session with state 0x3cea63b93d237627
(241)  eap : Previous EAP request found for state 0x3cea63b93d237627, released from the list
(241)  eap : Peer sent method TTLS (21)
(241)  eap : EAP TTLS (21)
(241)  eap : Calling eap_ttls to process EAP data
(241)  eap_ttls : Authenticate
(241)  eap_ttls : processing EAP-TLS
(241)  eap_ttls : Received TLS ACK
(241)  eap_ttls : Received TLS ACK
(241)  eap_ttls : ACK handshake fragment handler
(241)  eap_ttls : eaptls_verify returned 1 
(241)  eap_ttls : eaptls_process returned 13 
(241)  eap : New EAP session, adding 'State' attribute to reply 0x3cea63b93e207627
(241)   [eap] = handled
(241)  } #  authenticate = handled
(241) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=176, length=0
(241) 	EAP-Message = 0x01ca032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(241) 	Message-Authenticator = 0x00000000000000000000000000000000
(241) 	State = 0x3cea63b93e20762741eb275e50d2c369
Sending Access-Challenge Id 176 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01ca032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x3cea63b93e20762741eb275e50d2c369
(241) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 1 from 192.168.99.122:49321 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(242) Received Access-Request packet from host 192.168.99.122 port 49321, id=1, length=49
(242) 	NAS-Identifier = 'BS'
(242) 	User-Name = 'dummy'
(242) 	User-Password = '*PASSWORD*'
(242) # Executing section authorize from file /etc/raddb/sites-enabled/default
(242)   authorize {
(242)   filter_username filter_username {
(242)     if (!&User-Name) 
(242)     if (!&User-Name)  -> FALSE
(242)     if (&User-Name =~ / /) 
(242)     if (&User-Name =~ / /)  -> FALSE
(242)     if (&User-Name =~ /@.*@/ ) 
(242)     if (&User-Name =~ /@.*@/ )  -> FALSE
(242)     if (&User-Name =~ /\\.\\./ ) 
(242)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(242)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(242)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(242)     if (&User-Name =~ /\\.$/)  
(242)     if (&User-Name =~ /\\.$/)   -> FALSE
(242)     if (&User-Name =~ /@\\./)  
(242)     if (&User-Name =~ /@\\./)   -> FALSE
(242)   } # filter_username filter_username = notfound
(242)   [preprocess] = ok
(242)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(242)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(242)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(242)  auth_log : EXPAND %t
(242)  auth_log :    --> Wed Feb 14 20:05:54 2018
(242)   [auth_log] = ok
(242)   [chap] = noop
(242)   [mschap] = noop
(242)   [digest] = noop
(242)   [wimax] = noop
(242)  suffix : Checking for suffix after "@"
(242)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(242)  suffix : No such realm "NULL"
(242)   [suffix] = noop
(242)  eap : No EAP-Message, not doing EAP
(242)   [eap] = noop
(242)  files : users: Matched entry dummy at line 159
(242)   [files] = ok
(242)   [expiration] = noop
(242)   [logintime] = noop
(242)   [pap] = updated
(242)  } #  authorize = updated
(242) Found Auth-Type = PAP
(242) # Executing group from file /etc/raddb/sites-enabled/default
(242)  Auth-Type PAP {
(242)  pap : Login attempt with password
(242)  pap : User authenticated successfully
(242)   [pap] = ok
(242)  } # Auth-Type PAP = ok
(242) Login OK: [dummy] (from client BS2 port 0)
(242) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(242)   post-auth {
(242)   [exec] = noop
(242)   update reply {
(242) 	Session-Timeout := 1800
(242)   } # update reply = noop
(242)   remove_reply_message_if_eap remove_reply_message_if_eap {
(242)     if (&reply:EAP-Message && &reply:Reply-Message) 
(242)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(242)    else else {
(242)     [noop] = noop
(242)    } # else else = noop
(242)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(242)  } #  post-auth = noop
(242) Sending Access-Accept packet to host 192.168.99.122 port 49321, id=1, length=0
(242) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.122:49321
	Session-Timeout := 1800
(242) Finished request
Waking up in 0.1 seconds.
(228) Cleaning up request packet ID 152 with timestamp +153
(229) Cleaning up request packet ID 153 with timestamp +153
(230) Cleaning up request packet ID 154 with timestamp +153
Waking up in 0.1 seconds.
Received Access-Request Id 175 from 192.168.99.123:49286 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0x26d61233d2bd8b602413f12d4382fef3
	NAS-Identifier = 'BS'
	User-Name = 'CPE8@siemens.com'
	EAP-Message = 0x029b00d01580000000c6160301008610000082008045e3167b91851b6496b938c951f08871bde18cc2ac3301293274c212e680cd366432348234fe5b6ff7d50cc919716746d3b0530adea6a8cdbba5a38f6916a6c53ca765aa73b71e46e00b4285e00a7a9333d39f17b983c558e288eef6ba23a68242f90f37b5e898704c9edd364ee34673fec930fb045182878780a00637a012591403010001011603010030af8eea70b1dceb2b473efe323c5912fca5e5aae4c4d92e4b9d7371f092fa03667b36171c0df24b018d7ba400be8baf58
	State = 0x3972d7843be9c23f69e473ebda97f113
(243) Received Access-Request packet from host 192.168.99.123 port 49286, id=175, length=288
(243) 	Message-Authenticator = 0x26d61233d2bd8b602413f12d4382fef3
(243) 	NAS-Identifier = 'BS'
(243) 	User-Name = 'CPE8@siemens.com'
(243) 	EAP-Message = 0x029b00d01580000000c6160301008610000082008045e3167b91851b6496b938c951f08871bde18cc2ac3301293274c212e680cd366432348234fe5b6ff7d50cc919716746d3b0530adea6a8cdbba5a38f6916a6c53ca765aa73b71e46e00b4285e00a7a9333d39f17b983c558e288eef6ba23a68242f90f37b5e898704c9edd364ee34673fec930fb045182878780a00637a012591403010001011603010030af8eea70b1dceb2b473efe323c5912fca5e5aae4c4d92e4b9d7371f092fa03667b36171c0df24b018d7ba400be8baf58
(243) 	State = 0x3972d7843be9c23f69e473ebda97f113
(243) # Executing section authorize from file /etc/raddb/sites-enabled/default
(243)   authorize {
(243)   filter_username filter_username {
(243)     if (!&User-Name) 
(243)     if (!&User-Name)  -> FALSE
(243)     if (&User-Name =~ / /) 
(243)     if (&User-Name =~ / /)  -> FALSE
(243)     if (&User-Name =~ /@.*@/ ) 
(243)     if (&User-Name =~ /@.*@/ )  -> FALSE
(243)     if (&User-Name =~ /\\.\\./ ) 
(243)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(243)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(243)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(243)     if (&User-Name =~ /\\.$/)  
(243)     if (&User-Name =~ /\\.$/)   -> FALSE
(243)     if (&User-Name =~ /@\\./)  
(243)     if (&User-Name =~ /@\\./)   -> FALSE
(243)   } # filter_username filter_username = notfound
(243)   [preprocess] = ok
(243)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(243)  auth_log :    --> /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(243)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.123/auth-detail-20180214
(243)  auth_log : EXPAND %t
(243)  auth_log :    --> Wed Feb 14 20:05:55 2018
(243)   [auth_log] = ok
(243)   [chap] = noop
(243)   [mschap] = noop
(243)   [digest] = noop
(243)   [wimax] = noop
(243)  suffix : Checking for suffix after "@"
(243)  suffix : Looking up realm "siemens.com" for User-Name = "CPE8@siemens.com"
(243)  suffix : No such realm "siemens.com"
(243)   [suffix] = noop
(243)  eap : Peer sent code Response (2) ID 155 length 208
(243)  eap : Continuing tunnel setup
(243)   [eap] = ok
(243)  } #  authorize = ok
(243) Found Auth-Type = EAP
(243) # Executing group from file /etc/raddb/sites-enabled/default
(243)   authenticate {
(243)  eap : Expiring EAP session with state 0x34b58d2c37779811
(243)  eap : Finished EAP session with state 0x3972d7843be9c23f
(243)  eap : Previous EAP request found for state 0x3972d7843be9c23f, released from the list
(243)  eap : Peer sent method TTLS (21)
(243)  eap : EAP TTLS (21)
(243)  eap : Calling eap_ttls to process EAP data
(243)  eap_ttls : Authenticate
(243)  eap_ttls : processing EAP-TLS
  TLS Length 198
(243)  eap_ttls : Length Included
(243)  eap_ttls : eaptls_verify returned 11 
(243)  eap_ttls : <<< Unknown TLS version [length 0005] 
(243)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(243)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(243)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(243)  eap_ttls : <<< Unknown TLS version [length 0005] 
(243)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(243)  eap_ttls : <<< Unknown TLS version [length 0005] 
(243)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(243)  eap_ttls : TLS_accept: SSLv3 read finished A
(243)  eap_ttls : >>> Unknown TLS version [length 0005] 
(243)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(243)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(243)  eap_ttls : >>> Unknown TLS version [length 0005] 
(243)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(243)  eap_ttls : TLS_accept: SSLv3 write finished A
(243)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session c205de9b414048f3e6be2f678c209f81e9eb0292a76e0c4c52576808ccebeaf8 to cache
(243)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(243)  eap_ttls : eaptls_process returned 13 
(243)  eap : New EAP session, adding 'State' attribute to reply 0x3972d7843aeec23f
(243)   [eap] = handled
(243)  } #  authenticate = handled
(243) Sending Access-Challenge packet to host 192.168.99.123 port 49286, id=175, length=0
(243) 	EAP-Message = 0x019c004515800000003b1403010001011603010030c0bef5e6753bba0f3b3bdd897371a46b20fe00785a22564d7178af01bfd5bdb08b4ded2909b3cb60912814a2592b4079
(243) 	Message-Authenticator = 0x00000000000000000000000000000000
(243) 	State = 0x3972d7843aeec23f69e473ebda97f113
Sending Access-Challenge Id 175 from 192.168.99.101:1812 to 192.168.99.123:49286
	EAP-Message = 0x019c004515800000003b1403010001011603010030c0bef5e6753bba0f3b3bdd897371a46b20fe00785a22564d7178af01bfd5bdb08b4ded2909b3cb60912814a2592b4079
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x3972d7843aeec23f69e473ebda97f113
(243) Finished request
(231) Cleaning up request packet ID 155 with timestamp +154
Waking up in 0.1 seconds.
(232) Cleaning up request packet ID 1 with timestamp +154
Waking up in 0.1 seconds.
Waking up in 2.0 seconds.
Received Access-Request Id 157 from 192.168.99.122:49321 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x872f940326c47a861cf17cdc81eb162c
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02bd00150143504537407369656d656e732e636f6d
(244) Received Access-Request packet from host 192.168.99.122 port 49321, id=157, length=83
(244) 	Message-Authenticator = 0x872f940326c47a861cf17cdc81eb162c
(244) 	NAS-Identifier = 'BS'
(244) 	User-Name = 'CPE7@siemens.com'
(244) 	EAP-Message = 0x02bd00150143504537407369656d656e732e636f6d
(244) # Executing section authorize from file /etc/raddb/sites-enabled/default
(244)   authorize {
(244)   filter_username filter_username {
(244)     if (!&User-Name) 
(244)     if (!&User-Name)  -> FALSE
(244)     if (&User-Name =~ / /) 
(244)     if (&User-Name =~ / /)  -> FALSE
(244)     if (&User-Name =~ /@.*@/ ) 
(244)     if (&User-Name =~ /@.*@/ )  -> FALSE
(244)     if (&User-Name =~ /\\.\\./ ) 
(244)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(244)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(244)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(244)     if (&User-Name =~ /\\.$/)  
(244)     if (&User-Name =~ /\\.$/)   -> FALSE
(244)     if (&User-Name =~ /@\\./)  
(244)     if (&User-Name =~ /@\\./)   -> FALSE
(244)   } # filter_username filter_username = notfound
(244)   [preprocess] = ok
(244)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(244)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(244)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(244)  auth_log : EXPAND %t
(244)  auth_log :    --> Wed Feb 14 20:05:55 2018
(244)   [auth_log] = ok
(244)   [chap] = noop
(244)   [mschap] = noop
(244)   [digest] = noop
(244)   [wimax] = noop
(244)  suffix : Checking for suffix after "@"
(244)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(244)  suffix : No such realm "siemens.com"
(244)   [suffix] = noop
(244)  eap : Peer sent code Response (2) ID 189 length 21
(244)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(244)   [eap] = ok
(244)  } #  authorize = ok
(244) Found Auth-Type = EAP
(244) # Executing group from file /etc/raddb/sites-enabled/default
(244)   authenticate {
(244)  eap : Peer sent method Identity (1)
(244)  eap : Calling eap_ttls to process EAP data
(244)  eap_ttls : Initiate
(244)  eap_ttls : Start returned 1
(244)  eap : New EAP session, adding 'State' attribute to reply 0x2f8775572f3960d7
(244)   [eap] = handled
(244)  } #  authenticate = handled
(244) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=157, length=0
(244) 	EAP-Message = 0x01be00061520
(244) 	Message-Authenticator = 0x00000000000000000000000000000000
(244) 	State = 0x2f8775572f3960d7efa3015a4e3886d5
Sending Access-Challenge Id 157 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01be00061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x2f8775572f3960d7efa3015a4e3886d5
(244) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 158 from 192.168.99.122:49321 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x771845ea56f8c68250338c4e90ab8a4a
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02be006a158000000060160301005b01000057030154ac6ff61ca07dde710938ee5b98c9e73ea7c0b6b1265ab18423b04ec9a8c66300003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0x2f8775572f3960d7efa3015a4e3886d5
(245) Received Access-Request packet from host 192.168.99.122 port 49321, id=158, length=186
(245) 	Message-Authenticator = 0x771845ea56f8c68250338c4e90ab8a4a
(245) 	NAS-Identifier = 'BS'
(245) 	User-Name = 'CPE7@siemens.com'
(245) 	EAP-Message = 0x02be006a158000000060160301005b01000057030154ac6ff61ca07dde710938ee5b98c9e73ea7c0b6b1265ab18423b04ec9a8c66300003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(245) 	State = 0x2f8775572f3960d7efa3015a4e3886d5
(245) # Executing section authorize from file /etc/raddb/sites-enabled/default
(245)   authorize {
(245)   filter_username filter_username {
(245)     if (!&User-Name) 
(245)     if (!&User-Name)  -> FALSE
(245)     if (&User-Name =~ / /) 
(245)     if (&User-Name =~ / /)  -> FALSE
(245)     if (&User-Name =~ /@.*@/ ) 
(245)     if (&User-Name =~ /@.*@/ )  -> FALSE
(245)     if (&User-Name =~ /\\.\\./ ) 
(245)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(245)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(245)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(245)     if (&User-Name =~ /\\.$/)  
(245)     if (&User-Name =~ /\\.$/)   -> FALSE
(245)     if (&User-Name =~ /@\\./)  
(245)     if (&User-Name =~ /@\\./)   -> FALSE
(245)   } # filter_username filter_username = notfound
(245)   [preprocess] = ok
(245)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(245)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(245)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(245)  auth_log : EXPAND %t
(245)  auth_log :    --> Wed Feb 14 20:05:55 2018
(245)   [auth_log] = ok
(245)   [chap] = noop
(245)   [mschap] = noop
(245)   [digest] = noop
(245)   [wimax] = noop
(245)  suffix : Checking for suffix after "@"
(245)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(245)  suffix : No such realm "siemens.com"
(245)   [suffix] = noop
(245)  eap : Peer sent code Response (2) ID 190 length 106
(245)  eap : Continuing tunnel setup
(245)   [eap] = ok
(245)  } #  authorize = ok
(245) Found Auth-Type = EAP
(245) # Executing group from file /etc/raddb/sites-enabled/default
(245)   authenticate {
(245)  eap : Expiring EAP session with state 0x34b58d2c37779811
(245)  eap : Finished EAP session with state 0x2f8775572f3960d7
(245)  eap : Previous EAP request found for state 0x2f8775572f3960d7, released from the list
(245)  eap : Peer sent method TTLS (21)
(245)  eap : EAP TTLS (21)
(245)  eap : Calling eap_ttls to process EAP data
(245)  eap_ttls : Authenticate
(245)  eap_ttls : processing EAP-TLS
  TLS Length 96
(245)  eap_ttls : Length Included
(245)  eap_ttls : eaptls_verify returned 11 
(245)  eap_ttls : (other): before/accept initialization
(245)  eap_ttls : TLS_accept: before/accept initialization
(245)  eap_ttls : <<< Unknown TLS version [length 0005] 
(245)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(245)  eap_ttls : TLS_accept: SSLv3 read client hello A
(245)  eap_ttls : >>> Unknown TLS version [length 0005] 
(245)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(245)  eap_ttls : TLS_accept: SSLv3 write server hello A
(245)  eap_ttls : >>> Unknown TLS version [length 0005] 
(245)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(245)  eap_ttls : TLS_accept: SSLv3 write certificate A
(245)  eap_ttls : >>> Unknown TLS version [length 0005] 
(245)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(245)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(245)  eap_ttls : >>> Unknown TLS version [length 0005] 
(245)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(245)  eap_ttls : TLS_accept: SSLv3 write server done A
(245)  eap_ttls : TLS_accept: SSLv3 flush data
(245)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(245)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(245)  eap_ttls : eaptls_process returned 13 
(245)  eap : New EAP session, adding 'State' attribute to reply 0x2f8775572e3860d7
(245)   [eap] = handled
(245)  } #  authenticate = handled
(245) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=158, length=0
(245) 	EAP-Message = 0x01bf03ec15c000000702160301004a0200004603010b4e61b168186f927ff91705916ded45a26a5c299b871553a1687944a299c788202b254e190ca471b18a504e32c78044ef6380bb270684aa6e7171616c096ec17e00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(245) 	Message-Authenticator = 0x00000000000000000000000000000000
(245) 	State = 0x2f8775572e3860d7efa3015a4e3886d5
Sending Access-Challenge Id 158 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01bf03ec15c000000702160301004a0200004603010b4e61b168186f927ff91705916ded45a26a5c299b871553a1687944a299c788202b254e190ca471b18a504e32c78044ef6380bb270684aa6e7171616c096ec17e00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x2f8775572e3860d7efa3015a4e3886d5
(245) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 159 from 192.168.99.122:49321 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0xad651778788cdddd2d9a42a03cdd89c1
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02bf00061500
	State = 0x2f8775572e3860d7efa3015a4e3886d5
(246) Received Access-Request packet from host 192.168.99.122 port 49321, id=159, length=86
(246) 	Message-Authenticator = 0xad651778788cdddd2d9a42a03cdd89c1
(246) 	NAS-Identifier = 'BS'
(246) 	User-Name = 'CPE7@siemens.com'
(246) 	EAP-Message = 0x02bf00061500
(246) 	State = 0x2f8775572e3860d7efa3015a4e3886d5
(246) # Executing section authorize from file /etc/raddb/sites-enabled/default
(246)   authorize {
(246)   filter_username filter_username {
(246)     if (!&User-Name) 
(246)     if (!&User-Name)  -> FALSE
(246)     if (&User-Name =~ / /) 
(246)     if (&User-Name =~ / /)  -> FALSE
(246)     if (&User-Name =~ /@.*@/ ) 
(246)     if (&User-Name =~ /@.*@/ )  -> FALSE
(246)     if (&User-Name =~ /\\.\\./ ) 
(246)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(246)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(246)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(246)     if (&User-Name =~ /\\.$/)  
(246)     if (&User-Name =~ /\\.$/)   -> FALSE
(246)     if (&User-Name =~ /@\\./)  
(246)     if (&User-Name =~ /@\\./)   -> FALSE
(246)   } # filter_username filter_username = notfound
(246)   [preprocess] = ok
(246)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(246)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(246)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(246)  auth_log : EXPAND %t
(246)  auth_log :    --> Wed Feb 14 20:05:55 2018
(246)   [auth_log] = ok
(246)   [chap] = noop
(246)   [mschap] = noop
(246)   [digest] = noop
(246)   [wimax] = noop
(246)  suffix : Checking for suffix after "@"
(246)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(246)  suffix : No such realm "siemens.com"
(246)   [suffix] = noop
(246)  eap : Peer sent code Response (2) ID 191 length 6
(246)  eap : Continuing tunnel setup
(246)   [eap] = ok
(246)  } #  authorize = ok
(246) Found Auth-Type = EAP
(246) # Executing group from file /etc/raddb/sites-enabled/default
(246)   authenticate {
(246)  eap : Expiring EAP session with state 0x34b58d2c37779811
(246)  eap : Finished EAP session with state 0x2f8775572e3860d7
(246)  eap : Previous EAP request found for state 0x2f8775572e3860d7, released from the list
(246)  eap : Peer sent method TTLS (21)
(246)  eap : EAP TTLS (21)
(246)  eap : Calling eap_ttls to process EAP data
(246)  eap_ttls : Authenticate
(246)  eap_ttls : processing EAP-TLS
(246)  eap_ttls : Received TLS ACK
(246)  eap_ttls : Received TLS ACK
(246)  eap_ttls : ACK handshake fragment handler
(246)  eap_ttls : eaptls_verify returned 1 
(246)  eap_ttls : eaptls_process returned 13 
(246)  eap : New EAP session, adding 'State' attribute to reply 0x2f8775572d4760d7
(246)   [eap] = handled
(246)  } #  authenticate = handled
(246) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=159, length=0
(246) 	EAP-Message = 0x01c0032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(246) 	Message-Authenticator = 0x00000000000000000000000000000000
(246) 	State = 0x2f8775572d4760d7efa3015a4e3886d5
Sending Access-Challenge Id 159 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01c0032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x2f8775572d4760d7efa3015a4e3886d5
(246) Finished request
Waking up in 0.2 seconds.
Waking up in 1.4 seconds.
Received Access-Request Id 177 from 192.168.99.121:49210 to 192.168.99.101:1812 length 289
	Message-Authenticator = 0xa2b47a229a118dc2eb21988f71fe596f
	NAS-Identifier = 'BS'
	User-Name = 'CPE11@siemens.com'
	EAP-Message = 0x02ca00d01580000000c6160301008610000082008090f0c078d2b0bc764ac859694143a433ec516e7a10861f13efca8ea4a4ada589ffa4a11ad6f6f82c77cf2324f0925d5c0e9be944756176c8c26c89330e48b17edcf315839f558e3c537bbbea740c45a7ce4051fed75329ffebef19ef245e3a21795daec34a744e39bc536c7c00a4f3c2fe27dac9f10f73e28c1229020caed75c14030100010116030100305daa66174cdc33c1c23248fdc1b1fa9ae94167aca4a33d6f3151764f75575cd0b28fee6b9df533f386f192c86aceb3a4
	State = 0x3cea63b93e20762741eb275e50d2c369
(247) Received Access-Request packet from host 192.168.99.121 port 49210, id=177, length=289
(247) 	Message-Authenticator = 0xa2b47a229a118dc2eb21988f71fe596f
(247) 	NAS-Identifier = 'BS'
(247) 	User-Name = 'CPE11@siemens.com'
(247) 	EAP-Message = 0x02ca00d01580000000c6160301008610000082008090f0c078d2b0bc764ac859694143a433ec516e7a10861f13efca8ea4a4ada589ffa4a11ad6f6f82c77cf2324f0925d5c0e9be944756176c8c26c89330e48b17edcf315839f558e3c537bbbea740c45a7ce4051fed75329ffebef19ef245e3a21795daec34a744e39bc536c7c00a4f3c2fe27dac9f10f73e28c1229020caed75c14030100010116030100305daa66174cdc33c1c23248fdc1b1fa9ae94167aca4a33d6f3151764f75575cd0b28fee6b9df533f386f192c86aceb3a4
(247) 	State = 0x3cea63b93e20762741eb275e50d2c369
(247) # Executing section authorize from file /etc/raddb/sites-enabled/default
(247)   authorize {
(247)   filter_username filter_username {
(247)     if (!&User-Name) 
(247)     if (!&User-Name)  -> FALSE
(247)     if (&User-Name =~ / /) 
(247)     if (&User-Name =~ / /)  -> FALSE
(247)     if (&User-Name =~ /@.*@/ ) 
(247)     if (&User-Name =~ /@.*@/ )  -> FALSE
(247)     if (&User-Name =~ /\\.\\./ ) 
(247)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(247)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(247)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(247)     if (&User-Name =~ /\\.$/)  
(247)     if (&User-Name =~ /\\.$/)   -> FALSE
(247)     if (&User-Name =~ /@\\./)  
(247)     if (&User-Name =~ /@\\./)   -> FALSE
(247)   } # filter_username filter_username = notfound
(247)   [preprocess] = ok
(247)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(247)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(247)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(247)  auth_log : EXPAND %t
(247)  auth_log :    --> Wed Feb 14 20:05:56 2018
(247)   [auth_log] = ok
(247)   [chap] = noop
(247)   [mschap] = noop
(247)   [digest] = noop
(247)   [wimax] = noop
(247)  suffix : Checking for suffix after "@"
(247)  suffix : Looking up realm "siemens.com" for User-Name = "CPE11@siemens.com"
(247)  suffix : No such realm "siemens.com"
(247)   [suffix] = noop
(247)  eap : Peer sent code Response (2) ID 202 length 208
(247)  eap : Continuing tunnel setup
(247)   [eap] = ok
(247)  } #  authorize = ok
(247) Found Auth-Type = EAP
(247) # Executing group from file /etc/raddb/sites-enabled/default
(247)   authenticate {
(247)  eap : Expiring EAP session with state 0x34b58d2c37779811
(247)  eap : Finished EAP session with state 0x3cea63b93e207627
(247)  eap : Previous EAP request found for state 0x3cea63b93e207627, released from the list
(247)  eap : Peer sent method TTLS (21)
(247)  eap : EAP TTLS (21)
(247)  eap : Calling eap_ttls to process EAP data
(247)  eap_ttls : Authenticate
(247)  eap_ttls : processing EAP-TLS
  TLS Length 198
(247)  eap_ttls : Length Included
(247)  eap_ttls : eaptls_verify returned 11 
(247)  eap_ttls : <<< Unknown TLS version [length 0005] 
(247)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(247)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(247)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(247)  eap_ttls : <<< Unknown TLS version [length 0005] 
(247)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(247)  eap_ttls : <<< Unknown TLS version [length 0005] 
(247)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(247)  eap_ttls : TLS_accept: SSLv3 read finished A
(247)  eap_ttls : >>> Unknown TLS version [length 0005] 
(247)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(247)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(247)  eap_ttls : >>> Unknown TLS version [length 0005] 
(247)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(247)  eap_ttls : TLS_accept: SSLv3 write finished A
(247)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 6930a7ce7bc11cda93dbb1fa6190d68d0e3c0b7f57a300b1a9547943d4f9805c to cache
(247)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(247)  eap_ttls : eaptls_process returned 13 
(247)  eap : New EAP session, adding 'State' attribute to reply 0x3cea63b93f217627
(247)   [eap] = handled
(247)  } #  authenticate = handled
(247) Sending Access-Challenge packet to host 192.168.99.121 port 49210, id=177, length=0
(247) 	EAP-Message = 0x01cb004515800000003b14030100010116030100307dc4bd72f236fb4bd35b132da033f5c738e5a1e3780db3dc560ee9d16261f167d6ba9634b0a119283da38bd18ecef3c1
(247) 	Message-Authenticator = 0x00000000000000000000000000000000
(247) 	State = 0x3cea63b93f21762741eb275e50d2c369
Sending Access-Challenge Id 177 from 192.168.99.101:1812 to 192.168.99.121:49210
	EAP-Message = 0x01cb004515800000003b14030100010116030100307dc4bd72f236fb4bd35b132da033f5c738e5a1e3780db3dc560ee9d16261f167d6ba9634b0a119283da38bd18ecef3c1
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x3cea63b93f21762741eb275e50d2c369
(247) Finished request
Waking up in 0.3 seconds.
Waking up in 0.4 seconds.
(233) Cleaning up request packet ID 156 with timestamp +156
(234) Cleaning up request packet ID 172 with timestamp +156
(235) Cleaning up request packet ID 173 with timestamp +156
(236) Cleaning up request packet ID 174 with timestamp +156
Waking up in 1.5 seconds.
Received Access-Request Id 160 from 192.168.99.122:49321 to 192.168.99.101:1812 length 288
	Message-Authenticator = 0x40949307d1a7c5671be585cd3012470b
	NAS-Identifier = 'BS'
	User-Name = 'CPE7@siemens.com'
	EAP-Message = 0x02c000d01580000000c6160301008610000082008036fd3d7a9621826662f2156eca0bcbf0f879e166c2093cf4bfdfd00044f436d53d3d477cee81473fe0b860591afb6c354fc0eefebe84468c9a541eace49c1c93ca44ec3de6e51157b251b454db35299bef51b8bda2b203aaf66c00a4bb1f253cf1775f5ac7e654c2d3b19253605e9d14fd02ee4adcbbeddfe0fae3f8c757ea9e140301000101160301003013687eac912cab8d232e18b7e5bef7e4fa5737dfc82dc27c794dea18d2beba4bdb0b650744c938bd018e75ec8c4f6da9
	State = 0x2f8775572d4760d7efa3015a4e3886d5
(248) Received Access-Request packet from host 192.168.99.122 port 49321, id=160, length=288
(248) 	Message-Authenticator = 0x40949307d1a7c5671be585cd3012470b
(248) 	NAS-Identifier = 'BS'
(248) 	User-Name = 'CPE7@siemens.com'
(248) 	EAP-Message = 0x02c000d01580000000c6160301008610000082008036fd3d7a9621826662f2156eca0bcbf0f879e166c2093cf4bfdfd00044f436d53d3d477cee81473fe0b860591afb6c354fc0eefebe84468c9a541eace49c1c93ca44ec3de6e51157b251b454db35299bef51b8bda2b203aaf66c00a4bb1f253cf1775f5ac7e654c2d3b19253605e9d14fd02ee4adcbbeddfe0fae3f8c757ea9e140301000101160301003013687eac912cab8d232e18b7e5bef7e4fa5737dfc82dc27c794dea18d2beba4bdb0b650744c938bd018e75ec8c4f6da9
(248) 	State = 0x2f8775572d4760d7efa3015a4e3886d5
(248) # Executing section authorize from file /etc/raddb/sites-enabled/default
(248)   authorize {
(248)   filter_username filter_username {
(248)     if (!&User-Name) 
(248)     if (!&User-Name)  -> FALSE
(248)     if (&User-Name =~ / /) 
(248)     if (&User-Name =~ / /)  -> FALSE
(248)     if (&User-Name =~ /@.*@/ ) 
(248)     if (&User-Name =~ /@.*@/ )  -> FALSE
(248)     if (&User-Name =~ /\\.\\./ ) 
(248)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(248)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(248)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(248)     if (&User-Name =~ /\\.$/)  
(248)     if (&User-Name =~ /\\.$/)   -> FALSE
(248)     if (&User-Name =~ /@\\./)  
(248)     if (&User-Name =~ /@\\./)   -> FALSE
(248)   } # filter_username filter_username = notfound
(248)   [preprocess] = ok
(248)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(248)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(248)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(248)  auth_log : EXPAND %t
(248)  auth_log :    --> Wed Feb 14 20:05:58 2018
(248)   [auth_log] = ok
(248)   [chap] = noop
(248)   [mschap] = noop
(248)   [digest] = noop
(248)   [wimax] = noop
(248)  suffix : Checking for suffix after "@"
(248)  suffix : Looking up realm "siemens.com" for User-Name = "CPE7@siemens.com"
(248)  suffix : No such realm "siemens.com"
(248)   [suffix] = noop
(248)  eap : Peer sent code Response (2) ID 192 length 208
(248)  eap : Continuing tunnel setup
(248)   [eap] = ok
(248)  } #  authorize = ok
(248) Found Auth-Type = EAP
(248) # Executing group from file /etc/raddb/sites-enabled/default
(248)   authenticate {
(248)  eap : Expiring EAP session with state 0x34b58d2c37779811
(248)  eap : Finished EAP session with state 0x2f8775572d4760d7
(248)  eap : Previous EAP request found for state 0x2f8775572d4760d7, released from the list
(248)  eap : Peer sent method TTLS (21)
(248)  eap : EAP TTLS (21)
(248)  eap : Calling eap_ttls to process EAP data
(248)  eap_ttls : Authenticate
(248)  eap_ttls : processing EAP-TLS
  TLS Length 198
(248)  eap_ttls : Length Included
(248)  eap_ttls : eaptls_verify returned 11 
(248)  eap_ttls : <<< Unknown TLS version [length 0005] 
(248)  eap_ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
(248)  eap_ttls : TLS_accept: SSLv3 read client key exchange A
(248)  eap_ttls : TLS_accept: SSLv3 read certificate verify A
(248)  eap_ttls : <<< Unknown TLS version [length 0005] 
(248)  eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] 
(248)  eap_ttls : <<< Unknown TLS version [length 0005] 
(248)  eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished 
(248)  eap_ttls : TLS_accept: SSLv3 read finished A
(248)  eap_ttls : >>> Unknown TLS version [length 0005] 
(248)  eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] 
(248)  eap_ttls : TLS_accept: SSLv3 write change cipher spec A
(248)  eap_ttls : >>> Unknown TLS version [length 0005] 
(248)  eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished 
(248)  eap_ttls : TLS_accept: SSLv3 write finished A
(248)  eap_ttls : TLS_accept: SSLv3 flush data
  SSL: adding session 2b254e190ca471b18a504e32c78044ef6380bb270684aa6e7171616c096ec17e to cache
(248)  eap_ttls : (other): SSL negotiation finished successfully
SSL Connection Established 
(248)  eap_ttls : eaptls_process returned 13 
(248)  eap : New EAP session, adding 'State' attribute to reply 0x2f8775572c4660d7
(248)   [eap] = handled
(248)  } #  authenticate = handled
(248) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=160, length=0
(248) 	EAP-Message = 0x01c1004515800000003b1403010001011603010030c4f0dba9e3375542d1c6007a246e49a35a311a995f8c01e5b7c4b670892332ec91641222090cace2c8a340c0d614d174
(248) 	Message-Authenticator = 0x00000000000000000000000000000000
(248) 	State = 0x2f8775572c4660d7efa3015a4e3886d5
Sending Access-Challenge Id 160 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01c1004515800000003b1403010001011603010030c4f0dba9e3375542d1c6007a246e49a35a311a995f8c01e5b7c4b670892332ec91641222090cace2c8a340c0d614d174
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x2f8775572c4660d7efa3015a4e3886d5
(248) Finished request
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(237) Cleaning up request packet ID 1 with timestamp +158
(238) Cleaning up request packet ID 174 with timestamp +158
(239) Cleaning up request packet ID 1 with timestamp +158
(240) Cleaning up request packet ID 175 with timestamp +158
(241) Cleaning up request packet ID 176 with timestamp +158
Waking up in 0.1 seconds.
(242) Cleaning up request packet ID 1 with timestamp +158
Waking up in 0.6 seconds.
Received Access-Request Id 161 from 192.168.99.122:49321 to 192.168.99.101:1812 length 83
	Message-Authenticator = 0x0b16cfb3055d4fbdeb3590c6ce28f064
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02be00150143504536407369656d656e732e636f6d
(249) Received Access-Request packet from host 192.168.99.122 port 49321, id=161, length=83
(249) 	Message-Authenticator = 0x0b16cfb3055d4fbdeb3590c6ce28f064
(249) 	NAS-Identifier = 'BS'
(249) 	User-Name = 'CPE6@siemens.com'
(249) 	EAP-Message = 0x02be00150143504536407369656d656e732e636f6d
(249) # Executing section authorize from file /etc/raddb/sites-enabled/default
(249)   authorize {
(249)   filter_username filter_username {
(249)     if (!&User-Name) 
(249)     if (!&User-Name)  -> FALSE
(249)     if (&User-Name =~ / /) 
(249)     if (&User-Name =~ / /)  -> FALSE
(249)     if (&User-Name =~ /@.*@/ ) 
(249)     if (&User-Name =~ /@.*@/ )  -> FALSE
(249)     if (&User-Name =~ /\\.\\./ ) 
(249)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(249)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(249)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(249)     if (&User-Name =~ /\\.$/)  
(249)     if (&User-Name =~ /\\.$/)   -> FALSE
(249)     if (&User-Name =~ /@\\./)  
(249)     if (&User-Name =~ /@\\./)   -> FALSE
(249)   } # filter_username filter_username = notfound
(249)   [preprocess] = ok
(249)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(249)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(249)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(249)  auth_log : EXPAND %t
(249)  auth_log :    --> Wed Feb 14 20:05:59 2018
(249)   [auth_log] = ok
(249)   [chap] = noop
(249)   [mschap] = noop
(249)   [digest] = noop
(249)   [wimax] = noop
(249)  suffix : Checking for suffix after "@"
(249)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(249)  suffix : No such realm "siemens.com"
(249)   [suffix] = noop
(249)  eap : Peer sent code Response (2) ID 190 length 21
(249)  eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(249)   [eap] = ok
(249)  } #  authorize = ok
(249) Found Auth-Type = EAP
(249) # Executing group from file /etc/raddb/sites-enabled/default
(249)   authenticate {
(249)  eap : Peer sent method Identity (1)
(249)  eap : Calling eap_ttls to process EAP data
(249)  eap_ttls : Initiate
(249)  eap_ttls : Start returned 1
(249)  eap : New EAP session, adding 'State' attribute to reply 0xc25c6e81c2e37bfb
(249)   [eap] = handled
(249)  } #  authenticate = handled
(249) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=161, length=0
(249) 	EAP-Message = 0x01bf00061520
(249) 	Message-Authenticator = 0x00000000000000000000000000000000
(249) 	State = 0xc25c6e81c2e37bfb4fb11d5c02ec210c
Sending Access-Challenge Id 161 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01bf00061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xc25c6e81c2e37bfb4fb11d5c02ec210c
(249) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 162 from 192.168.99.122:49321 to 192.168.99.101:1812 length 186
	Message-Authenticator = 0x78a612c27150c2d6a528e9407b9f735d
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02bf006a158000000060160301005b01000057030154acd57d27392fa93593b8caf6260e26fb90df10258616c323538ae742926fff00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
	State = 0xc25c6e81c2e37bfb4fb11d5c02ec210c
(250) Received Access-Request packet from host 192.168.99.122 port 49321, id=162, length=186
(250) 	Message-Authenticator = 0x78a612c27150c2d6a528e9407b9f735d
(250) 	NAS-Identifier = 'BS'
(250) 	User-Name = 'CPE6@siemens.com'
(250) 	EAP-Message = 0x02bf006a158000000060160301005b01000057030154acd57d27392fa93593b8caf6260e26fb90df10258616c323538ae742926fff00003000390038003500160013000a00330032002f0066000500040063006200150012000900650064006000140011000800030100
(250) 	State = 0xc25c6e81c2e37bfb4fb11d5c02ec210c
(250) # Executing section authorize from file /etc/raddb/sites-enabled/default
(250)   authorize {
(250)   filter_username filter_username {
(250)     if (!&User-Name) 
(250)     if (!&User-Name)  -> FALSE
(250)     if (&User-Name =~ / /) 
(250)     if (&User-Name =~ / /)  -> FALSE
(250)     if (&User-Name =~ /@.*@/ ) 
(250)     if (&User-Name =~ /@.*@/ )  -> FALSE
(250)     if (&User-Name =~ /\\.\\./ ) 
(250)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(250)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(250)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(250)     if (&User-Name =~ /\\.$/)  
(250)     if (&User-Name =~ /\\.$/)   -> FALSE
(250)     if (&User-Name =~ /@\\./)  
(250)     if (&User-Name =~ /@\\./)   -> FALSE
(250)   } # filter_username filter_username = notfound
(250)   [preprocess] = ok
(250)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(250)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(250)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(250)  auth_log : EXPAND %t
(250)  auth_log :    --> Wed Feb 14 20:05:59 2018
(250)   [auth_log] = ok
(250)   [chap] = noop
(250)   [mschap] = noop
(250)   [digest] = noop
(250)   [wimax] = noop
(250)  suffix : Checking for suffix after "@"
(250)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(250)  suffix : No such realm "siemens.com"
(250)   [suffix] = noop
(250)  eap : Peer sent code Response (2) ID 191 length 106
(250)  eap : Continuing tunnel setup
(250)   [eap] = ok
(250)  } #  authorize = ok
(250) Found Auth-Type = EAP
(250) # Executing group from file /etc/raddb/sites-enabled/default
(250)   authenticate {
(250)  eap : Expiring EAP session with state 0x34b58d2c37779811
(250)  eap : Finished EAP session with state 0xc25c6e81c2e37bfb
(250)  eap : Previous EAP request found for state 0xc25c6e81c2e37bfb, released from the list
(250)  eap : Peer sent method TTLS (21)
(250)  eap : EAP TTLS (21)
(250)  eap : Calling eap_ttls to process EAP data
(250)  eap_ttls : Authenticate
(250)  eap_ttls : processing EAP-TLS
  TLS Length 96
(250)  eap_ttls : Length Included
(250)  eap_ttls : eaptls_verify returned 11 
(250)  eap_ttls : (other): before/accept initialization
(250)  eap_ttls : TLS_accept: before/accept initialization
(250)  eap_ttls : <<< Unknown TLS version [length 0005] 
(250)  eap_ttls : <<< TLS 1.0 Handshake [length 005b], ClientHello 
(250)  eap_ttls : TLS_accept: SSLv3 read client hello A
(250)  eap_ttls : >>> Unknown TLS version [length 0005] 
(250)  eap_ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello 
(250)  eap_ttls : TLS_accept: SSLv3 write server hello A
(250)  eap_ttls : >>> Unknown TLS version [length 0005] 
(250)  eap_ttls : >>> TLS 1.0 Handshake [length 0513], Certificate 
(250)  eap_ttls : TLS_accept: SSLv3 write certificate A
(250)  eap_ttls : >>> Unknown TLS version [length 0005] 
(250)  eap_ttls : >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange 
(250)  eap_ttls : TLS_accept: SSLv3 write key exchange A
(250)  eap_ttls : >>> Unknown TLS version [length 0005] 
(250)  eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
(250)  eap_ttls : TLS_accept: SSLv3 write server done A
(250)  eap_ttls : TLS_accept: SSLv3 flush data
(250)  eap_ttls : TLS_accept: SSLv3 read client certificate A
(250)  eap_ttls : TLS_accept: Need to read more data: SSLv3 read client key exchange A
In SSL Handshake Phase 
In SSL Accept mode  
(250)  eap_ttls : eaptls_process returned 13 
(250)  eap : New EAP session, adding 'State' attribute to reply 0xc25c6e81c39c7bfb
(250)   [eap] = handled
(250)  } #  authenticate = handled
(250) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=162, length=0
(250) 	EAP-Message = 0x01c003ec15c000000702160301004a020000460301dc78ab496991151ab1a395bf6689b812ea70cc0d9f9a9abf625d2cbd14a5adc9200b9aa6f95e3e6227b8d2f5f36d13136c2d873f10a49da77ca37eac22ba88bbca00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc753006
(250) 	Message-Authenticator = 0x00000000000000000000000000000000
(250) 	State = 0xc25c6e81c39c7bfb4fb11d5c02ec210c
Sending Access-Challenge Id 162 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01c003ec15c000000702160301004a020000460301dc78ab496991151ab1a395bf6689b812ea70cc0d9f9a9abf625d2cbd14a5adc9200b9aa6f95e3e6227b8d2f5f36d13136c2d873f10a49da77ca37eac22ba88bbca00390016030105130b00050f00050c0002833082027f308201e802010c300d06092a864886f70d01010405003081833110300e06035504031307546573742043413111300f0603550408130850726f76696e6365310b3009060355040613024341311c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c79301e170d3030303130313031303130315a170d3334313032303038333130375a30818b311c301a06035504031413757365724077696e6574776f726b732e636f6d310f300d0603550408130649737261656c310b300906035504061302494c3122302006092a864886f70d0109011613757365724077696e6574776f726b732e636f6d31133011060355040a130a57696e6574776f726b7331143012060355040b130b576972656c6573734d414e30819f300d06092a864886f70d010101050003818d0030818902818100a30b22f2f7d19a5afb35e3e2136364740f2276c084bca0f85bc37de5459e5cbcbc75300
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xc25c6e81c39c7bfb4fb11d5c02ec210c
(250) Finished request
Waking up in 0.1 seconds.
Received Access-Request Id 163 from 192.168.99.122:49321 to 192.168.99.101:1812 length 86
	Message-Authenticator = 0x2caca8ff4ff6ff6c4de44c5b5e036ea4
	NAS-Identifier = 'BS'
	User-Name = 'CPE6@siemens.com'
	EAP-Message = 0x02c000061500
	State = 0xc25c6e81c39c7bfb4fb11d5c02ec210c
(251) Received Access-Request packet from host 192.168.99.122 port 49321, id=163, length=86
(251) 	Message-Authenticator = 0x2caca8ff4ff6ff6c4de44c5b5e036ea4
(251) 	NAS-Identifier = 'BS'
(251) 	User-Name = 'CPE6@siemens.com'
(251) 	EAP-Message = 0x02c000061500
(251) 	State = 0xc25c6e81c39c7bfb4fb11d5c02ec210c
(251) # Executing section authorize from file /etc/raddb/sites-enabled/default
(251)   authorize {
(251)   filter_username filter_username {
(251)     if (!&User-Name) 
(251)     if (!&User-Name)  -> FALSE
(251)     if (&User-Name =~ / /) 
(251)     if (&User-Name =~ / /)  -> FALSE
(251)     if (&User-Name =~ /@.*@/ ) 
(251)     if (&User-Name =~ /@.*@/ )  -> FALSE
(251)     if (&User-Name =~ /\\.\\./ ) 
(251)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(251)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(251)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(251)     if (&User-Name =~ /\\.$/)  
(251)     if (&User-Name =~ /\\.$/)   -> FALSE
(251)     if (&User-Name =~ /@\\./)  
(251)     if (&User-Name =~ /@\\./)   -> FALSE
(251)   } # filter_username filter_username = notfound
(251)   [preprocess] = ok
(251)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(251)  auth_log :    --> /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(251)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.122/auth-detail-20180214
(251)  auth_log : EXPAND %t
(251)  auth_log :    --> Wed Feb 14 20:05:59 2018
(251)   [auth_log] = ok
(251)   [chap] = noop
(251)   [mschap] = noop
(251)   [digest] = noop
(251)   [wimax] = noop
(251)  suffix : Checking for suffix after "@"
(251)  suffix : Looking up realm "siemens.com" for User-Name = "CPE6@siemens.com"
(251)  suffix : No such realm "siemens.com"
(251)   [suffix] = noop
(251)  eap : Peer sent code Response (2) ID 192 length 6
(251)  eap : Continuing tunnel setup
(251)   [eap] = ok
(251)  } #  authorize = ok
(251) Found Auth-Type = EAP
(251) # Executing group from file /etc/raddb/sites-enabled/default
(251)   authenticate {
(251)  eap : Expiring EAP session with state 0x34b58d2c37779811
(251)  eap : Finished EAP session with state 0xc25c6e81c39c7bfb
(251)  eap : Previous EAP request found for state 0xc25c6e81c39c7bfb, released from the list
(251)  eap : Peer sent method TTLS (21)
(251)  eap : EAP TTLS (21)
(251)  eap : Calling eap_ttls to process EAP data
(251)  eap_ttls : Authenticate
(251)  eap_ttls : processing EAP-TLS
(251)  eap_ttls : Received TLS ACK
(251)  eap_ttls : Received TLS ACK
(251)  eap_ttls : ACK handshake fragment handler
(251)  eap_ttls : eaptls_verify returned 1 
(251)  eap_ttls : eaptls_process returned 13 
(251)  eap : New EAP session, adding 'State' attribute to reply 0xc25c6e81c09d7bfb
(251)   [eap] = handled
(251)  } #  authenticate = handled
(251) Sending Access-Challenge packet to host 192.168.99.122 port 49321, id=163, length=0
(251) 	EAP-Message = 0x01c1032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d6
(251) 	Message-Authenticator = 0x00000000000000000000000000000000
(251) 	State = 0xc25c6e81c09d7bfb4fb11d5c02ec210c
Sending Access-Challenge Id 163 from 192.168.99.101:1812 to 192.168.99.122:49321
	EAP-Message = 0x01c1032a1580000007021c301a06092a864886f70d010901160d666f6f4073706163652e626172311a3018060355040a131154657374204f7267616e697a6174696f6e31153013060355040b130c54657374696e67204f6e6c7930819f300d06092a864886f70d010101050003818d0030818902818100d58324bd3c91e6f37a5026542da408bc378483b12968181fc6c1f9243a6d1081e851b98ca9dd6b94ad53b3730eb67e693d58b8435e902d6aa4751c3cdabfdcb8b6eacc8f6834ad89b692a64d865c2bac05d37ca499d4f63fd90ceb0577ac0562fae8c7db20dc5047b90314e09a92f17d3d9e8492b5edcfb93c0ac7a4ad6583fb0203010001300d06092a864886f70d010104050003818100019cff2417694e2dfdf6ebf1eaf231ce18857ae3ed33895c1fd7ea1032c6d7441167d266fbd3eda368e361373e7ce7399c272b2a8d5ba845518e0fa2c7ab43d2d2ab39b38ed5c9c04ee1f821b3900d7d85c2865112eb37e1fc72437be819f054e9c27ae5443c38c5a57a59e5d695bad7a7b247e719a71db1635396607f04b972160301018d0c0001890080b6a3cb71c3787fe96433a12be1f6d9dcd97bf43449aa703576f94a69ce4e3ad46da2d4f2c29e9092c4ff5fac6de36d5d6f7e64739e30dad0d7a3c960cef4e64bc06ff69c6048cb83532e207c19c4aded58e6ee08caa23fa8d7a7b5a4d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xc25c6e81c09d7bfb4fb11d5c02ec210c
(251) Finished request
Waking up in 0.1 seconds.
(243) Cleaning up request packet ID 175 with timestamp +159
Received Access-Request Id 1 from 192.168.99.121:49210 to 192.168.99.101:1812 length 49
	NAS-Identifier = 'BS'
	User-Name = 'dummy'
	User-Password = '*PASSWORD*'
(252) Received Access-Request packet from host 192.168.99.121 port 49210, id=1, length=49
(252) 	NAS-Identifier = 'BS'
(252) 	User-Name = 'dummy'
(252) 	User-Password = '*PASSWORD*'
(252) # Executing section authorize from file /etc/raddb/sites-enabled/default
(252)   authorize {
(252)   filter_username filter_username {
(252)     if (!&User-Name) 
(252)     if (!&User-Name)  -> FALSE
(252)     if (&User-Name =~ / /) 
(252)     if (&User-Name =~ / /)  -> FALSE
(252)     if (&User-Name =~ /@.*@/ ) 
(252)     if (&User-Name =~ /@.*@/ )  -> FALSE
(252)     if (&User-Name =~ /\\.\\./ ) 
(252)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(252)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))  
(252)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(252)     if (&User-Name =~ /\\.$/)  
(252)     if (&User-Name =~ /\\.$/)   -> FALSE
(252)     if (&User-Name =~ /@\\./)  
(252)     if (&User-Name =~ /@\\./)   -> FALSE
(252)   } # filter_username filter_username = notfound
(252)   [preprocess] = ok
(252)  auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(252)  auth_log :    --> /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(252)  auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.99.121/auth-detail-20180214
(252)  auth_log : EXPAND %t
(252)  auth_log :    --> Wed Feb 14 20:06:00 2018
(252)   [auth_log] = ok
(252)   [chap] = noop
(252)   [mschap] = noop
(252)   [digest] = noop
(252)   [wimax] = noop
(252)  suffix : Checking for suffix after "@"
(252)  suffix : No '@' in User-Name = "dummy", looking up realm NULL
(252)  suffix : No such realm "NULL"
(252)   [suffix] = noop
(252)  eap : No EAP-Message, not doing EAP
(252)   [eap] = noop
(252)  files : users: Matched entry dummy at line 159
(252)   [files] = ok
(252)   [expiration] = noop
(252)   [logintime] = noop
(252)   [pap] = updated
(252)  } #  authorize = updated
(252) Found Auth-Type = PAP
(252) # Executing group from file /etc/raddb/sites-enabled/default
(252)  Auth-Type PAP {
(252)  pap : Login attempt with password
(252)  pap : User authenticated successfully
(252)   [pap] = ok
(252)  } # Auth-Type PAP = ok
(252) Login OK: [dummy] (from client BS1 port 0)
(252) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(252)   post-auth {
(252)   [exec] = noop
(252)   update reply {
(252) 	Session-Timeout := 1800
(252)   } # update reply = noop
(252)   remove_reply_message_if_eap remove_reply_message_if_eap {
(252)     if (&reply:EAP-Message && &reply:Reply-Message) 
(252)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(252)    else else {
(252)     [noop] = noop
(252)    } # else else = noop
(252)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(252)  } #  post-auth = noop
(252) Sending Access-Accept packet to host 192.168.99.121 port 49210, id=1, length=0
(252) 	Session-Timeout := 1800
Sending Access-Accept Id 1 from 192.168.99.101:1812 to 192.168.99.121:49210
	Session-Timeout := 1800
(252) Finished request
Waking up in 0.2 seconds.
(244) Cleaning up request packet ID 157 with timestamp +159
(245) Cleaning up request packet ID 158 with timestamp +159
(246) Cleaning up request packet ID 159 with timestamp +159
Waking up in 0.9 seconds.
