I'm attempting to proxy based on Calling-Station-Id using the pre-proxy config in sites-available/default and proxy.conf. I think I have it all configured correctly, but the proxy server always forwards to the first server in the home_server_pool regardless. Will the proxy server do the server calculation (server = (hash % num_servers_in_pool)) for every request, or only if a threshold of requests per second are coming in or something like that? Here is my relevant config: sites-available/default : <snip> pre-proxy { update control { Load-Balance-Key := "%{Calling-Station-Id}" } updated } </snip> proxy.conf : <snip> home_server_pool redrads { type = keyed-balance #type = client-port-balance home_server = redrad01 home_server = redrad02 home_server = redrad03 } </snip> How can I tell that the Load-Balance-Key is being set? I see the following in the debug, but it still just punts to the first server no matter what. (131) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default (131) pre-proxy { (131) update control { (131) EXPAND %{Calling-Station-Id} (131) --> 6c:8d:c1:d1:65:65 (131) Load-Balance-Key := "6c:8d:c1:d1:65:65" (131) } # update control = noop (131) [updated] = updated (131) } # pre-proxy = updated (131) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000 10.7.0.29 is redrad01 Here's the full debug output of one connection attempt: radiusd: FreeRADIUS Version 3.0.4, for host x86_64-redhat-linux-gnu, built on Dec 28 2014 at 07:00:16 Copyright (C) 1999-2014 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/share/freeradius/dictionary including dictionary file /usr/share/freeradius/dictionary.dhcp including dictionary file /usr/share/freeradius/dictionary.vqp including dictionary file /etc/raddb/dictionary including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/mods-enabled/ including configuration file /etc/raddb/mods-enabled/always including configuration file /etc/raddb/mods-enabled/attr_filter including configuration file /etc/raddb/mods-enabled/cache_eap including configuration file /etc/raddb/mods-enabled/chap including configuration file /etc/raddb/mods-enabled/detail including configuration file /etc/raddb/mods-enabled/detail.log including configuration file /etc/raddb/mods-enabled/dhcp including configuration file /etc/raddb/mods-enabled/digest including configuration file /etc/raddb/mods-enabled/dynamic_clients including configuration file /etc/raddb/mods-enabled/eap including configuration file /etc/raddb/mods-enabled/echo including configuration file /etc/raddb/mods-enabled/exec including configuration file /etc/raddb/mods-enabled/expiration including configuration file /etc/raddb/mods-enabled/expr including configuration file /etc/raddb/mods-enabled/files including configuration file /etc/raddb/mods-enabled/linelog including configuration file /etc/raddb/mods-enabled/logintime including configuration file /etc/raddb/mods-enabled/mschap including configuration file /etc/raddb/mods-enabled/ntlm_auth including configuration file /etc/raddb/mods-enabled/pap including configuration file /etc/raddb/mods-enabled/passwd including configuration file /etc/raddb/mods-enabled/preprocess including configuration file /etc/raddb/mods-enabled/radutmp including configuration file /etc/raddb/mods-enabled/realm including configuration file /etc/raddb/mods-enabled/replicate including configuration file /etc/raddb/mods-enabled/soh including configuration file /etc/raddb/mods-enabled/sradutmp including configuration file /etc/raddb/mods-enabled/unix including configuration file /etc/raddb/mods-enabled/unpack including configuration file /etc/raddb/mods-enabled/utf8 including files in directory /etc/raddb/policy.d/ including configuration file /etc/raddb/policy.d/accounting including configuration file /etc/raddb/policy.d/canonicalization including configuration file /etc/raddb/policy.d/control including configuration file /etc/raddb/policy.d/cui including configuration file /etc/raddb/policy.d/debug including configuration file /etc/raddb/policy.d/dhcp including configuration file /etc/raddb/policy.d/eap including configuration file /etc/raddb/policy.d/filter including configuration file /etc/raddb/policy.d/operator-name including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/default including configuration file /etc/raddb/sites-enabled/inner-tunnel main { security { user = "radiusd" group = "radiusd" allow_core_dumps = no } } main { name = "radiusd" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/radius" run_dir = "/var/run/radiusd" libdir = "/usr/lib64/freeradius" radacctdir = "/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no colourise = yes msg_denied = "You are already logged in - access denied" } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server redrad01 { ipaddr = 10.7.0.29 port = 1812 type = "auth" secret = <<< secret >>> response_window = 20.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 120 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } } home_server redrad02 { ipaddr = 10.7.0.30 port = 1812 type = "auth" secret = <<< secret >>> response_window = 20.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 120 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } } home_server redrad03 { ipaddr = 10.7.0.31 port = 1812 type = "auth" secret = <<< secret >>> response_window = 20.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 120 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } } home_server_pool redrads { type = keyed-balance home_server = redrad01 home_server = redrad02 home_server = redrad03 } realm DEFAULT { auth_pool = redrads } radiusd: #### Loading Clients #### client blue8510.myOrg.org { ipaddr = 10.250.0.18 require_message_authenticator = no secret = <<< secret >>> nas_type = "cisco" limit { max_connections = 16 lifetime = 0 idle_timeout = 0 } } client red8510.myOrg.org { ipaddr = 10.250.0.19 require_message_authenticator = no secret = <<< secret >>> nas_type = "cisco" limit { max_connections = 16 lifetime = 0 idle_timeout = 0 } } client localhost_ipv6 { ipv6addr = ::1 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } radiusd: #### Instantiating modules #### instantiate { } modules { # Loaded module rlm_always # Instantiating module "reject" from file /etc/raddb/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Instantiating module "fail" from file /etc/raddb/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Instantiating module "ok" from file /etc/raddb/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Instantiating module "handled" from file /etc/raddb/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Instantiating module "invalid" from file /etc/raddb/mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Instantiating module "userlock" from file /etc/raddb/mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Instantiating module "notfound" from file /etc/raddb/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Instantiating module "noop" from file /etc/raddb/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Instantiating module "updated" from file /etc/raddb/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Loaded module rlm_attr_filter # Instantiating module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/etc/raddb/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /etc/raddb/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/etc/raddb/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /etc/raddb/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/etc/raddb/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/raddb/mods-config/attr_filter/access_reject # Instantiating module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/etc/raddb/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/raddb/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/etc/raddb/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/raddb/mods-config/attr_filter/accounting_response # Loaded module rlm_cache # Instantiating module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap cache cache_eap { key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 16384 epoch = 0 add_stats = no } # Loaded module rlm_chap # Instantiating module "chap" from file /etc/raddb/mods-enabled/chap # Loaded module rlm_detail # Instantiating module "detail" from file /etc/raddb/mods-enabled/detail detail { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } # Instantiating module "auth_log" from file /etc/raddb/mods-enabled/detail.log detail auth_log { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /etc/raddb/mods-enabled/detail.log detail reply_log { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } # Instantiating module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log detail pre_proxy_log { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } # Instantiating module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log detail post_proxy_log { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } # Loaded module rlm_dhcp # Instantiating module "dhcp" from file /etc/raddb/mods-enabled/dhcp # Loaded module rlm_digest # Instantiating module "digest" from file /etc/raddb/mods-enabled/digest # Loaded module rlm_dynamic_clients # Instantiating module "dynamic_clients" from file /etc/raddb/mods-enabled/dynamic_clients # Loaded module rlm_eap # Instantiating module "eap" from file /etc/raddb/mods-enabled/eap eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no mod_accounting_username_bug = no max_sessions = 1024 } # Linked to sub-module rlm_eap_md5 # Linked to sub-module rlm_eap_leap # Linked to sub-module rlm_eap_gtc gtc { challenge = "Password: " auth_type = "PAP" } # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 ca_path = "/etc/raddb/certs" pem_file_type = yes private_key_file = "/etc/raddb/certs/server.pem" certificate_file = "/etc/raddb/certs/server.pem" ca_file = "/etc/raddb/certs/ca.pem" private_key_password = <<< secret >>> dh_file = "/etc/raddb/certs/dh" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = yes lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = yes } } # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_method = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Loaded module rlm_exec # Instantiating module "echo" from file /etc/raddb/mods-enabled/echo exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } # Instantiating module "exec" from file /etc/raddb/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loaded module rlm_expiration # Instantiating module "expiration" from file /etc/raddb/mods-enabled/expiration # Loaded module rlm_expr # Instantiating module "expr" from file /etc/raddb/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } # Loaded module rlm_files # Instantiating module "files" from file /etc/raddb/mods-enabled/files files { filename = "/etc/raddb/mods-config/files/authorize" usersfile = "/etc/raddb/mods-config/files/authorize" acctusersfile = "/etc/raddb/mods-config/files/accounting" preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy" compat = "cistron" } reading pairlist file /etc/raddb/mods-config/files/authorize [/etc/raddb/mods-config/files/authorize]:2 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/mods-config/files/authorize]:183 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/mods-config/files/authorize]:190 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/mods-config/files/authorize]:197 Cistron compatibility checks for entry DEFAULT ... reading pairlist file /etc/raddb/mods-config/files/authorize [/etc/raddb/mods-config/files/authorize]:2 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/mods-config/files/authorize]:183 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/mods-config/files/authorize]:190 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/mods-config/files/authorize]:197 Cistron compatibility checks for entry DEFAULT ... reading pairlist file /etc/raddb/mods-config/files/accounting reading pairlist file /etc/raddb/mods-config/files/pre-proxy # Loaded module rlm_linelog # Instantiating module "linelog" from file /etc/raddb/mods-enabled/linelog linelog { filename = "/var/log/radius/linelog" permissions = 384 format = "This is a log message for %{User-Name}" reference = "messages.%{%{Packet-Type}:-default}" } # Instantiating module "log_accounting" from file /etc/raddb/mods-enabled/linelog linelog log_accounting { filename = "/var/log/radius/linelog-accounting" permissions = 384 format = "" reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" } # Loaded module rlm_logintime # Instantiating module "logintime" from file /etc/raddb/mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_mschap # Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes ntlm_auth = "/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}" passchange { } allow_retry = yes } # Instantiating module "ntlm_auth" from file /etc/raddb/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_pap # Instantiating module "pap" from file /etc/raddb/mods-enabled/pap pap { normalise = yes } # Loaded module rlm_passwd # Instantiating module "etc_passwd" from file /etc/raddb/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Loaded module rlm_preprocess # Instantiating module "preprocess" from file /etc/raddb/mods-enabled/preprocess preprocess { huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups" hints = "/etc/raddb/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups reading pairlist file /etc/raddb/mods-config/preprocess/hints # Loaded module rlm_radutmp # Instantiating module "radutmp" from file /etc/raddb/mods-enabled/radutmp radutmp { filename = "/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Loaded module rlm_realm # Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Instantiating module "realmpercent" from file /etc/raddb/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Instantiating module "ntdomain" from file /etc/raddb/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\" ignore_default = no ignore_null = no } # Loaded module rlm_replicate # Instantiating module "replicate" from file /etc/raddb/mods-enabled/replicate # Loaded module rlm_soh # Instantiating module "soh" from file /etc/raddb/mods-enabled/soh soh { dhcp = yes } # Instantiating module "sradutmp" from file /etc/raddb/mods-enabled/sradutmp radutmp sradutmp { filename = "/var/log/radius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Loaded module rlm_unix # Instantiating module "unix" from file /etc/raddb/mods-enabled/unix unix { radwtmp = "/var/log/radius/radwtmp" } # Loaded module rlm_unpack # Instantiating module "unpack" from file /etc/raddb/mods-enabled/unpack # Loaded module rlm_utf8 # Instantiating module "utf8" from file /etc/raddb/mods-enabled/utf8 } # modules radiusd: #### Loading Virtual Servers #### server { # from file /etc/raddb/radiusd.conf } # server server default { # from file /etc/raddb/sites-enabled/default # Creating Auth-Type = digest # Loading authenticate {...} # Loading authorize {...} Ignoring "sql" (see raddb/mods-available/README.rst) Ignoring "ldap" (see raddb/mods-available/README.rst) # Loading preacct {...} # Loading accounting {...} # Loading pre-proxy {...} # Loading post-proxy {...} # Loading post-auth {...} } # server default server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel # Loading authenticate {...} # Loading authorize {...} # Loading session {...} # Loading post-proxy {...} # Loading post-auth {...} } # server inner-tunnel radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipv6addr = :: port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipv6addr = :: port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on auth address * port 1812 as server default Listening on acct address * port 1813 as server default Listening on auth address :: port 1812 as server default Listening on acct address :: port 1813 as server default Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel Opening new proxy socket 'proxy address * port 0' Listening on proxy address * port 58962 Ready to process requests Received Access-Request Id 133 from 10.250.0.19:32777 to 10.7.0.28:1812 length 290 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x0201000c0173676172646e65 Message-Authenticator = 0x0c7aa5f145c2a3a21a3d3599ebd65013 (0) Received Access-Request packet from host 10.250.0.19 port 32777, id=133, length=290 (0) User-Name = 'myUsername' (0) Chargeable-User-Identity = 0x00 (0) Location-Capable = Civix-Location (0) Calling-Station-Id = '88:63:df:a5:2a:c7' (0) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (0) NAS-Port = 4 (0) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (0) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (0) Cisco-AVPair = 'mDNS=true' (0) NAS-IP-Address = 10.250.0.19 (0) NAS-Identifier = 'Red 8510' (0) Airespace-Wlan-Id = 8 (0) Service-Type = Framed-User (0) Framed-MTU = 1300 (0) NAS-Port-Type = Wireless-802.11 (0) Tunnel-Type:0 = VLAN (0) Tunnel-Medium-Type:0 = IEEE-802 (0) Tunnel-Private-Group-Id:0 = '477' (0) EAP-Message = 0x0201000c0173676172646e65 (0) Message-Authenticator = 0x0c7aa5f145c2a3a21a3d3599ebd65013 (0) # Executing section authorize from file /etc/raddb/sites-enabled/default (0) authorize { (0) filter_username filter_username { (0) if (!&User-Name) (0) if (!&User-Name) -> FALSE (0) if (&User-Name =~ / /) (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@.*@/ ) (0) if (&User-Name =~ /@.*@/ ) -> FALSE (0) if (&User-Name =~ /\\.\\./ ) (0) if (&User-Name =~ /\\.\\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\\.$/) (0) if (&User-Name =~ /\\.$/) -> FALSE (0) if (&User-Name =~ /@\\./) (0) if (&User-Name =~ /@\\./) -> FALSE (0) } # filter_username filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix : Checking for suffix after "@" (0) suffix : No '@' in User-Name = "myUsername", looking up realm NULL (0) suffix : Found realm "DEFAULT" (0) suffix : Adding Stripped-User-Name = "myUsername" (0) suffix : Adding Realm = "DEFAULT" (0) suffix : Proxying request from user myUsername to realm DEFAULT (0) suffix : Preparing to proxy authentication request to realm "DEFAULT" (0) [suffix] = updated (0) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP. (0) [eap] = noop (0) files : users: Matched entry DEFAULT at line 2 (0) [files] = ok (0) [expiration] = noop (0) [logintime] = noop (0) [pap] = noop (0) } # authorize = updated (0) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default (0) pre-proxy { (0) update control { (0) EXPAND %{Calling-Station-Id} (0) --> 88:63:df:a5:2a:c7 (0) Load-Balance-Key := "88:63:df:a5:2a:c7" (0) } # update control = noop (0) [updated] = updated (0) } # pre-proxy = updated Opening new proxy socket 'proxy address * port 0' Listening on proxy address * port 32820 (0) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000 (0) Sending Access-Request packet to host 10.7.0.29 port 1812, id=81, length=0 (0) User-Name = 'myUsername' (0) Chargeable-User-Identity = 0x00 (0) Location-Capable = Civix-Location (0) Calling-Station-Id = '88:63:df:a5:2a:c7' (0) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (0) NAS-Port = 4 (0) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (0) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (0) Cisco-AVPair = 'mDNS=true' (0) NAS-IP-Address = 10.250.0.19 (0) NAS-Identifier = 'Red 8510' (0) Airespace-Wlan-Id = 8 (0) Service-Type = Framed-User (0) Framed-MTU = 1300 (0) NAS-Port-Type = Wireless-802.11 (0) Tunnel-Type:0 = VLAN (0) Tunnel-Medium-Type:0 = IEEE-802 (0) Tunnel-Private-Group-Id:0 = '477' (0) EAP-Message = 0x0201000c0173676172646e65 (0) Message-Authenticator = 0x0c7aa5f145c2a3a21a3d3599ebd65013 (0) Event-Timestamp = 'Sep 7 2016 10:45:30 CDT' (0) Stripped-User-Name = 'myUsername' (0) Realm = 'DEFAULT' (0) EAP-Type = Identity (0) Proxy-State = 0x313333 Sending Access-Request Id 81 from 0.0.0.0:32820 to 10.7.0.29:1812 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x0201000c0173676172646e65 Message-Authenticator = 0x0c7aa5f145c2a3a21a3d3599ebd65013 Event-Timestamp = 'Sep 7 2016 10:45:30 CDT' Proxy-State = 0x313333 Waking up in 0.3 seconds. Received Access-Challenge Id 81 from 10.7.0.29:1812 to 10.7.0.28:32820 length 69 EAP-Message = 0x010200061920 Message-Authenticator = 0xe3e99e6b01a32aae781244fb9e9e1c79 State = 0x7f32d9747f30c071723770ef4b853a0b Proxy-State = 0x313333 (0) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=81, length=69 (0) EAP-Message = 0x010200061920 (0) Message-Authenticator = 0xe3e99e6b01a32aae781244fb9e9e1c79 (0) State = 0x7f32d9747f30c071723770ef4b853a0b (0) Proxy-State = 0x313333 (0) # Executing section post-proxy from file /etc/raddb/sites-enabled/default (0) post-proxy { (0) eap : No pre-existing handler found (0) [eap] = noop (0) } # post-proxy = noop (0) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=133, length=0 (0) EAP-Message = 0x010200061920 (0) Message-Authenticator = 0xe3e99e6b01a32aae781244fb9e9e1c79 (0) State = 0x7f32d9747f30c071723770ef4b853a0b Sending Access-Challenge Id 133 from 10.7.0.28:1812 to 10.250.0.19:32777 EAP-Message = 0x010200061920 Message-Authenticator = 0xe3e99e6b01a32aae781244fb9e9e1c79 State = 0x7f32d9747f30c071723770ef4b853a0b (0) Finished request Waking up in 0.3 seconds. Waking up in 4.6 seconds. Received Access-Request Id 134 from 10.250.0.19:32777 to 10.7.0.28:1812 length 427 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x02020083198000000079160301007401000070030157d0361b7e203d57e5bcc6c45d4ef147e49fdfb1edc8cc23db3bfd77d3524dc600002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000ac007c011000500040100001f000a00080006001700180019000b0002010000050005010000000000120000 State = 0x7f32d9747f30c071723770ef4b853a0b Message-Authenticator = 0x0801e4ea24b0e67675287c8b67291e91 (1) Received Access-Request packet from host 10.250.0.19 port 32777, id=134, length=427 (1) User-Name = 'myUsername' (1) Chargeable-User-Identity = 0x00 (1) Location-Capable = Civix-Location (1) Calling-Station-Id = '88:63:df:a5:2a:c7' (1) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (1) NAS-Port = 4 (1) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (1) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (1) Cisco-AVPair = 'mDNS=true' (1) NAS-IP-Address = 10.250.0.19 (1) NAS-Identifier = 'Red 8510' (1) Airespace-Wlan-Id = 8 (1) Service-Type = Framed-User (1) Framed-MTU = 1300 (1) NAS-Port-Type = Wireless-802.11 (1) Tunnel-Type:0 = VLAN (1) Tunnel-Medium-Type:0 = IEEE-802 (1) Tunnel-Private-Group-Id:0 = '477' (1) EAP-Message = 0x02020083198000000079160301007401000070030157d0361b7e203d57e5bcc6c45d4ef147e49fdfb1edc8cc23db3bfd77d3524dc600002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000ac007c011000500040100001f000a00080006001700180019000b0002010000050005010000000000120000 (1) State = 0x7f32d9747f30c071723770ef4b853a0b (1) Message-Authenticator = 0x0801e4ea24b0e67675287c8b67291e91 (1) # Executing section authorize from file /etc/raddb/sites-enabled/default (1) authorize { (1) filter_username filter_username { (1) if (!&User-Name) (1) if (!&User-Name) -> FALSE (1) if (&User-Name =~ / /) (1) if (&User-Name =~ / /) -> FALSE (1) if (&User-Name =~ /@.*@/ ) (1) if (&User-Name =~ /@.*@/ ) -> FALSE (1) if (&User-Name =~ /\\.\\./ ) (1) if (&User-Name =~ /\\.\\./ ) -> FALSE (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (1) if (&User-Name =~ /\\.$/) (1) if (&User-Name =~ /\\.$/) -> FALSE (1) if (&User-Name =~ /@\\./) (1) if (&User-Name =~ /@\\./) -> FALSE (1) } # filter_username filter_username = notfound (1) [preprocess] = ok (1) [chap] = noop (1) [mschap] = noop (1) [digest] = noop (1) suffix : Checking for suffix after "@" (1) suffix : No '@' in User-Name = "myUsername", looking up realm NULL (1) suffix : Found realm "DEFAULT" (1) suffix : Adding Stripped-User-Name = "myUsername" (1) suffix : Adding Realm = "DEFAULT" (1) suffix : Proxying request from user myUsername to realm DEFAULT (1) suffix : Preparing to proxy authentication request to realm "DEFAULT" (1) [suffix] = updated (1) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP. (1) [eap] = noop (1) files : users: Matched entry DEFAULT at line 2 (1) [files] = ok (1) [expiration] = noop (1) [logintime] = noop (1) [pap] = noop (1) } # authorize = updated (1) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default (1) pre-proxy { (1) update control { (1) EXPAND %{Calling-Station-Id} (1) --> 88:63:df:a5:2a:c7 (1) Load-Balance-Key := "88:63:df:a5:2a:c7" (1) } # update control = noop (1) [updated] = updated (1) } # pre-proxy = updated (1) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000 (1) Sending Access-Request packet to host 10.7.0.29 port 1812, id=20, length=0 (1) User-Name = 'myUsername' (1) Chargeable-User-Identity = 0x00 (1) Location-Capable = Civix-Location (1) Calling-Station-Id = '88:63:df:a5:2a:c7' (1) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (1) NAS-Port = 4 (1) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (1) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (1) Cisco-AVPair = 'mDNS=true' (1) NAS-IP-Address = 10.250.0.19 (1) NAS-Identifier = 'Red 8510' (1) Airespace-Wlan-Id = 8 (1) Service-Type = Framed-User (1) Framed-MTU = 1300 (1) NAS-Port-Type = Wireless-802.11 (1) Tunnel-Type:0 = VLAN (1) Tunnel-Medium-Type:0 = IEEE-802 (1) Tunnel-Private-Group-Id:0 = '477' (1) EAP-Message = 0x02020083198000000079160301007401000070030157d0361b7e203d57e5bcc6c45d4ef147e49fdfb1edc8cc23db3bfd77d3524dc600002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000ac007c011000500040100001f000a00080006001700180019000b0002010000050005010000000000120000 (1) State = 0x7f32d9747f30c071723770ef4b853a0b (1) Message-Authenticator = 0x0801e4ea24b0e67675287c8b67291e91 (1) Event-Timestamp = 'Sep 7 2016 10:45:31 CDT' (1) Stripped-User-Name = 'myUsername' (1) Realm = 'DEFAULT' (1) EAP-Type = PEAP (1) Proxy-State = 0x313334 Sending Access-Request Id 20 from 0.0.0.0:32820 to 10.7.0.29:1812 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x02020083198000000079160301007401000070030157d0361b7e203d57e5bcc6c45d4ef147e49fdfb1edc8cc23db3bfd77d3524dc600002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000ac007c011000500040100001f000a00080006001700180019000b0002010000050005010000000000120000 State = 0x7f32d9747f30c071723770ef4b853a0b Message-Authenticator = 0x0801e4ea24b0e67675287c8b67291e91 Event-Timestamp = 'Sep 7 2016 10:45:31 CDT' Proxy-State = 0x313334 Waking up in 0.3 seconds. Received Access-Challenge Id 20 from 10.7.0.29:1812 to 10.7.0.28:32820 length 1073 EAP-Message = 0x010303ec19c000001709160301005902000055030157d0361aca92a67745d40e35156c7ad740c541016d178f5273f5af1f59a50b60204821ad3949787ca622cad771b3b67c02410b620893a6387c2c7b9571def4bfa3c01400000dff01000100000b000403000102160301154d0b001549001546000588308205843082046ca0030201020210202d6f1b7599d63a02581661d5a66855300d06092a864886f70d01010b05003076310b3009060355040613025553310b3009060355040813024d493112301006035504071309416e6e204172626f7231123010060355040a1309496e7465726e6574323111300f060355040b1308496e436f6d6d6f6e311f301d06035504031316496e436f6d6d6f6e2052534120536572766572204341301e170d3136303831383030303030305a170d3138303831383233353935395a3081bc310b3009060355040613025553310e300c060355041113053732373031310b3009060355040813024152311530130603550407130c4661796574746576696c6c65311f301d06035504091316556e6976657273697479206f662041726b616e736173311f301d060355040a1316556e6976657273697479206f662041726b616e736173311b3019060355040b131255495453202d204954205365727669636573311a30180603550403131172656472616430312e75617 Message-Authenticator = 0x5c78ba0db4500c1c263a70fd546949ec State = 0x7f32d9747e31c071723770ef4b853a0b Proxy-State = 0x313334 (1) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=20, length=1073 (1) EAP-Message = 0x010303ec19c000001709160301005902000055030157d0361aca92a67745d40e35156c7ad740c541016d178f5273f5af1f59a50b60204821ad3949787ca622cad771b3b67c02410b620893a6387c2c7b9571def4bfa3c01400000dff01000100000b000403000102160301154d0b001549001546000588308205843082046ca0030201020210202d6f1b7599d63a02581661d5a66855300d06092a864886f70d01010b05003076310b3009060355040613025553310b3009060355040813024d493112301006035504071309416e6e204172626f7231123010060355040a1309496e7465726e6574323111300f060355040b1308496e436f6d6d6f6e311f301d06035504031316496e436f6d6d6f6e2052534120536572766572204341301e170d3136303831383030303030305a170d3138303831383233353935395a3081bc310b3009060355040613025553310e300c060355041113053732373031310b3009060355040813024152311530130603550407130c4661796574746576696c6c65311f301d06035504091316556e6976657273697479206f662041726b616e736173311f301d060355040a1316556e6976657273697479206f662041726b616e736173311b3019060355040b131255495453202d204954205365727669636573311a30180603550403131172656472616430312e756172 (1) Message-Authenticator = 0x5c78ba0db4500c1c263a70fd546949ec (1) State = 0x7f32d9747e31c071723770ef4b853a0b (1) Proxy-State = 0x313334 (1) # Executing section post-proxy from file /etc/raddb/sites-enabled/default (1) post-proxy { (1) eap : No pre-existing handler found (1) [eap] = noop (1) } # post-proxy = noop (1) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=134, length=0 (1) EAP-Message = 0x010303ec19c000001709160301005902000055030157d0361aca92a67745d40e35156c7ad740c541016d178f5273f5af1f59a50b60204821ad3949787ca622cad771b3b67c02410b620893a6387c2c7b9571def4bfa3c01400000dff01000100000b000403000102160301154d0b001549001546000588308205843082046ca0030201020210202d6f1b7599d63a02581661d5a66855300d06092a864886f70d01010b05003076310b3009060355040613025553310b3009060355040813024d493112301006035504071309416e6e204172626f7231123010060355040a1309496e7465726e6574323111300f060355040b1308496e436f6d6d6f6e311f301d06035504031316496e436f6d6d6f6e2052534120536572766572204341301e170d3136303831383030303030305a170d3138303831383233353935395a3081bc310b3009060355040613025553310e300c060355041113053732373031310b3009060355040813024152311530130603550407130c4661796574746576696c6c65311f301d06035504091316556e6976657273697479206f662041726b616e736173311f301d060355040a1316556e6976657273697479206f662041726b616e736173311b3019060355040b131255495453202d204954205365727669636573311a30180603550403131172656472616430312e756172 (1) Message-Authenticator = 0x5c78ba0db4500c1c263a70fd546949ec (1) State = 0x7f32d9747e31c071723770ef4b853a0b Sending Access-Challenge Id 134 from 10.7.0.28:1812 to 10.250.0.19:32777 EAP-Message = 0x010303ec19c000001709160301005902000055030157d0361aca92a67745d40e35156c7ad740c541016d178f5273f5af1f59a50b60204821ad3949787ca622cad771b3b67c02410b620893a6387c2c7b9571def4bfa3c01400000dff01000100000b000403000102160301154d0b001549001546000588308205843082046ca0030201020210202d6f1b7599d63a02581661d5a66855300d06092a864886f70d01010b05003076310b3009060355040613025553310b3009060355040813024d493112301006035504071309416e6e204172626f7231123010060355040a1309496e7465726e6574323111300f060355040b1308496e436f6d6d6f6e311f301d06035504031316496e436f6d6d6f6e2052534120536572766572204341301e170d3136303831383030303030305a170d3138303831383233353935395a3081bc310b3009060355040613025553310e300c060355041113053732373031310b3009060355040813024152311530130603550407130c4661796574746576696c6c65311f301d06035504091316556e6976657273697479206f662041726b616e736173311f301d060355040a1316556e6976657273697479206f662041726b616e736173311b3019060355040b131255495453202d204954205365727669636573311a30180603550403131172656472616430312e75617 Message-Authenticator = 0x5c78ba0db4500c1c263a70fd546949ec State = 0x7f32d9747e31c071723770ef4b853a0b (1) Finished request Waking up in 0.3 seconds. Waking up in 4.1 seconds. Received Access-Request Id 135 from 10.250.0.19:32777 to 10.7.0.28:1812 length 302 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x020300061900 State = 0x7f32d9747e31c071723770ef4b853a0b Message-Authenticator = 0x55ffccc26bf1aa1a7b9317356e84ad62 (2) Received Access-Request packet from host 10.250.0.19 port 32777, id=135, length=302 (2) User-Name = 'myUsername' (2) Chargeable-User-Identity = 0x00 (2) Location-Capable = Civix-Location (2) Calling-Station-Id = '88:63:df:a5:2a:c7' (2) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (2) NAS-Port = 4 (2) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (2) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (2) Cisco-AVPair = 'mDNS=true' (2) NAS-IP-Address = 10.250.0.19 (2) NAS-Identifier = 'Red 8510' (2) Airespace-Wlan-Id = 8 (2) Service-Type = Framed-User (2) Framed-MTU = 1300 (2) NAS-Port-Type = Wireless-802.11 (2) Tunnel-Type:0 = VLAN (2) Tunnel-Medium-Type:0 = IEEE-802 (2) Tunnel-Private-Group-Id:0 = '477' (2) EAP-Message = 0x020300061900 (2) State = 0x7f32d9747e31c071723770ef4b853a0b (2) Message-Authenticator = 0x55ffccc26bf1aa1a7b9317356e84ad62 (2) # Executing section authorize from file /etc/raddb/sites-enabled/default (2) authorize { (2) filter_username filter_username { (2) if (!&User-Name) (2) if (!&User-Name) -> FALSE (2) if (&User-Name =~ / /) (2) if (&User-Name =~ / /) -> FALSE (2) if (&User-Name =~ /@.*@/ ) (2) if (&User-Name =~ /@.*@/ ) -> FALSE (2) if (&User-Name =~ /\\.\\./ ) (2) if (&User-Name =~ /\\.\\./ ) -> FALSE (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (2) if (&User-Name =~ /\\.$/) (2) if (&User-Name =~ /\\.$/) -> FALSE (2) if (&User-Name =~ /@\\./) (2) if (&User-Name =~ /@\\./) -> FALSE (2) } # filter_username filter_username = notfound (2) [preprocess] = ok (2) [chap] = noop (2) [mschap] = noop (2) [digest] = noop (2) suffix : Checking for suffix after "@" (2) suffix : No '@' in User-Name = "myUsername", looking up realm NULL (2) suffix : Found realm "DEFAULT" (2) suffix : Adding Stripped-User-Name = "myUsername" (2) suffix : Adding Realm = "DEFAULT" (2) suffix : Proxying request from user myUsername to realm DEFAULT (2) suffix : Preparing to proxy authentication request to realm "DEFAULT" (2) [suffix] = updated (2) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP. (2) [eap] = noop (2) files : users: Matched entry DEFAULT at line 2 (2) [files] = ok (2) [expiration] = noop (2) [logintime] = noop (2) [pap] = noop (2) } # authorize = updated (2) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default (2) pre-proxy { (2) update control { (2) EXPAND %{Calling-Station-Id} (2) --> 88:63:df:a5:2a:c7 (2) Load-Balance-Key := "88:63:df:a5:2a:c7" (2) } # update control = noop (2) [updated] = updated (2) } # pre-proxy = updated (2) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000 (2) Sending Access-Request packet to host 10.7.0.29 port 1812, id=113, length=0 (2) User-Name = 'myUsername' (2) Chargeable-User-Identity = 0x00 (2) Location-Capable = Civix-Location (2) Calling-Station-Id = '88:63:df:a5:2a:c7' (2) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (2) NAS-Port = 4 (2) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (2) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (2) Cisco-AVPair = 'mDNS=true' (2) NAS-IP-Address = 10.250.0.19 (2) NAS-Identifier = 'Red 8510' (2) Airespace-Wlan-Id = 8 (2) Service-Type = Framed-User (2) Framed-MTU = 1300 (2) NAS-Port-Type = Wireless-802.11 (2) Tunnel-Type:0 = VLAN (2) Tunnel-Medium-Type:0 = IEEE-802 (2) Tunnel-Private-Group-Id:0 = '477' (2) EAP-Message = 0x020300061900 (2) State = 0x7f32d9747e31c071723770ef4b853a0b (2) Message-Authenticator = 0x55ffccc26bf1aa1a7b9317356e84ad62 (2) Event-Timestamp = 'Sep 7 2016 10:45:31 CDT' (2) Stripped-User-Name = 'myUsername' (2) Realm = 'DEFAULT' (2) EAP-Type = PEAP (2) Proxy-State = 0x313335 Sending Access-Request Id 113 from 0.0.0.0:32820 to 10.7.0.29:1812 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x020300061900 State = 0x7f32d9747e31c071723770ef4b853a0b Message-Authenticator = 0x55ffccc26bf1aa1a7b9317356e84ad62 Event-Timestamp = 'Sep 7 2016 10:45:31 CDT' Proxy-State = 0x313335 Waking up in 0.3 seconds. Received Access-Challenge Id 113 from 10.7.0.29:1812 to 10.7.0.28:32820 length 1069 EAP-Message = 0x010403e819406572742f7265706f7369746f72792f6370735f73736c2e7064663008060667810c01020230440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e696e636f6d6d6f6e2d7273612e6f72672f496e436f6d6d6f6e52534153657276657243412e63726c307506082b0601050507010104693067303e06082b060105050730028632687474703a2f2f6372742e7573657274727573742e636f6d2f496e436f6d6d6f6e52534153657276657243415f322e637274302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d301c0603551d1104153013821172656472616430312e7561726b2e656475300d06092a864886f70d01010b050003820101002e8720c2323cd071993255679ffc7e2c1d795c9dcf3ab9f04f3f54d5696a23efd344d5e630ce4e74f3b85b2a9681309d7547ae1c6a06b59c371d06d7bb17d88261b8098420c51b59b4c7d6b95eb783a4cfd0db440f103a7ef4e99f3315063d3b448768ab63ff38b6492c61eef570ca451d69c6daffce6707d142e9565914a663aa1d52589f7c757e8f62d5f38bc54f746d8ed54b5aed57651863b7e054025d386814aef2d3a94b862b439aa68a4fa58c7b59bc1fdac5ede0d305cc349db069580eda39f1f117d8ba15d5f8665e935928af424ffa8c8789bfc2af9357bde Message-Authenticator = 0x31ce7af26188fa294fecde6ad695cc4a State = 0x7f32d9747d36c071723770ef4b853a0b Proxy-State = 0x313335 (2) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=113, length=1069 (2) EAP-Message = 0x010403e819406572742f7265706f7369746f72792f6370735f73736c2e7064663008060667810c01020230440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e696e636f6d6d6f6e2d7273612e6f72672f496e436f6d6d6f6e52534153657276657243412e63726c307506082b0601050507010104693067303e06082b060105050730028632687474703a2f2f6372742e7573657274727573742e636f6d2f496e436f6d6d6f6e52534153657276657243415f322e637274302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d301c0603551d1104153013821172656472616430312e7561726b2e656475300d06092a864886f70d01010b050003820101002e8720c2323cd071993255679ffc7e2c1d795c9dcf3ab9f04f3f54d5696a23efd344d5e630ce4e74f3b85b2a9681309d7547ae1c6a06b59c371d06d7bb17d88261b8098420c51b59b4c7d6b95eb783a4cfd0db440f103a7ef4e99f3315063d3b448768ab63ff38b6492c61eef570ca451d69c6daffce6707d142e9565914a663aa1d52589f7c757e8f62d5f38bc54f746d8ed54b5aed57651863b7e054025d386814aef2d3a94b862b439aa68a4fa58c7b59bc1fdac5ede0d305cc349db069580eda39f1f117d8ba15d5f8665e935928af424ffa8c8789bfc2af9357bde1 (2) Message-Authenticator = 0x31ce7af26188fa294fecde6ad695cc4a (2) State = 0x7f32d9747d36c071723770ef4b853a0b (2) Proxy-State = 0x313335 (2) # Executing section post-proxy from file /etc/raddb/sites-enabled/default (2) post-proxy { (2) eap : No pre-existing handler found (2) [eap] = noop (2) } # post-proxy = noop (2) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=135, length=0 (2) EAP-Message = 0x010403e819406572742f7265706f7369746f72792f6370735f73736c2e7064663008060667810c01020230440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e696e636f6d6d6f6e2d7273612e6f72672f496e436f6d6d6f6e52534153657276657243412e63726c307506082b0601050507010104693067303e06082b060105050730028632687474703a2f2f6372742e7573657274727573742e636f6d2f496e436f6d6d6f6e52534153657276657243415f322e637274302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d301c0603551d1104153013821172656472616430312e7561726b2e656475300d06092a864886f70d01010b050003820101002e8720c2323cd071993255679ffc7e2c1d795c9dcf3ab9f04f3f54d5696a23efd344d5e630ce4e74f3b85b2a9681309d7547ae1c6a06b59c371d06d7bb17d88261b8098420c51b59b4c7d6b95eb783a4cfd0db440f103a7ef4e99f3315063d3b448768ab63ff38b6492c61eef570ca451d69c6daffce6707d142e9565914a663aa1d52589f7c757e8f62d5f38bc54f746d8ed54b5aed57651863b7e054025d386814aef2d3a94b862b439aa68a4fa58c7b59bc1fdac5ede0d305cc349db069580eda39f1f117d8ba15d5f8665e935928af424ffa8c8789bfc2af9357bde1 (2) Message-Authenticator = 0x31ce7af26188fa294fecde6ad695cc4a (2) State = 0x7f32d9747d36c071723770ef4b853a0b Sending Access-Challenge Id 135 from 10.7.0.28:1812 to 10.250.0.19:32777 EAP-Message = 0x010403e819406572742f7265706f7369746f72792f6370735f73736c2e7064663008060667810c01020230440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e696e636f6d6d6f6e2d7273612e6f72672f496e436f6d6d6f6e52534153657276657243412e63726c307506082b0601050507010104693067303e06082b060105050730028632687474703a2f2f6372742e7573657274727573742e636f6d2f496e436f6d6d6f6e52534153657276657243415f322e637274302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d301c0603551d1104153013821172656472616430312e7561726b2e656475300d06092a864886f70d01010b050003820101002e8720c2323cd071993255679ffc7e2c1d795c9dcf3ab9f04f3f54d5696a23efd344d5e630ce4e74f3b85b2a9681309d7547ae1c6a06b59c371d06d7bb17d88261b8098420c51b59b4c7d6b95eb783a4cfd0db440f103a7ef4e99f3315063d3b448768ab63ff38b6492c61eef570ca451d69c6daffce6707d142e9565914a663aa1d52589f7c757e8f62d5f38bc54f746d8ed54b5aed57651863b7e054025d386814aef2d3a94b862b439aa68a4fa58c7b59bc1fdac5ede0d305cc349db069580eda39f1f117d8ba15d5f8665e935928af424ffa8c8789bfc2af9357bde Message-Authenticator = 0x31ce7af26188fa294fecde6ad695cc4a State = 0x7f32d9747d36c071723770ef4b853a0b (2) Finished request Waking up in 0.3 seconds. Waking up in 3.5 seconds. Received Access-Request Id 136 from 10.250.0.19:32777 to 10.7.0.28:1812 length 302 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x020400061900 State = 0x7f32d9747d36c071723770ef4b853a0b Message-Authenticator = 0x0f2f551fdac847a020dfb7ba2f6b4a8d (3) Received Access-Request packet from host 10.250.0.19 port 32777, id=136, length=302 (3) User-Name = 'myUsername' (3) Chargeable-User-Identity = 0x00 (3) Location-Capable = Civix-Location (3) Calling-Station-Id = '88:63:df:a5:2a:c7' (3) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (3) NAS-Port = 4 (3) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (3) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (3) Cisco-AVPair = 'mDNS=true' (3) NAS-IP-Address = 10.250.0.19 (3) NAS-Identifier = 'Red 8510' (3) Airespace-Wlan-Id = 8 (3) Service-Type = Framed-User (3) Framed-MTU = 1300 (3) NAS-Port-Type = Wireless-802.11 (3) Tunnel-Type:0 = VLAN (3) Tunnel-Medium-Type:0 = IEEE-802 (3) Tunnel-Private-Group-Id:0 = '477' (3) EAP-Message = 0x020400061900 (3) State = 0x7f32d9747d36c071723770ef4b853a0b (3) Message-Authenticator = 0x0f2f551fdac847a020dfb7ba2f6b4a8d (3) # Executing section authorize from file /etc/raddb/sites-enabled/default (3) authorize { (3) filter_username filter_username { (3) if (!&User-Name) (3) if (!&User-Name) -> FALSE (3) if (&User-Name =~ / /) (3) if (&User-Name =~ / /) -> FALSE (3) if (&User-Name =~ /@.*@/ ) (3) if (&User-Name =~ /@.*@/ ) -> FALSE (3) if (&User-Name =~ /\\.\\./ ) (3) if (&User-Name =~ /\\.\\./ ) -> FALSE (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (3) if (&User-Name =~ /\\.$/) (3) if (&User-Name =~ /\\.$/) -> FALSE (3) if (&User-Name =~ /@\\./) (3) if (&User-Name =~ /@\\./) -> FALSE (3) } # filter_username filter_username = notfound (3) [preprocess] = ok (3) [chap] = noop (3) [mschap] = noop (3) [digest] = noop (3) suffix : Checking for suffix after "@" (3) suffix : No '@' in User-Name = "myUsername", looking up realm NULL (3) suffix : Found realm "DEFAULT" (3) suffix : Adding Stripped-User-Name = "myUsername" (3) suffix : Adding Realm = "DEFAULT" (3) suffix : Proxying request from user myUsername to realm DEFAULT (3) suffix : Preparing to proxy authentication request to realm "DEFAULT" (3) [suffix] = updated (3) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP. (3) [eap] = noop (3) files : users: Matched entry DEFAULT at line 2 (3) [files] = ok (3) [expiration] = noop (3) [logintime] = noop (3) [pap] = noop (3) } # authorize = updated (3) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default (3) pre-proxy { (3) update control { (3) EXPAND %{Calling-Station-Id} (3) --> 88:63:df:a5:2a:c7 (3) Load-Balance-Key := "88:63:df:a5:2a:c7" (3) } # update control = noop (3) [updated] = updated (3) } # pre-proxy = updated (3) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000 (3) Sending Access-Request packet to host 10.7.0.29 port 1812, id=152, length=0 (3) User-Name = 'myUsername' (3) Chargeable-User-Identity = 0x00 (3) Location-Capable = Civix-Location (3) Calling-Station-Id = '88:63:df:a5:2a:c7' (3) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (3) NAS-Port = 4 (3) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (3) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (3) Cisco-AVPair = 'mDNS=true' (3) NAS-IP-Address = 10.250.0.19 (3) NAS-Identifier = 'Red 8510' (3) Airespace-Wlan-Id = 8 (3) Service-Type = Framed-User (3) Framed-MTU = 1300 (3) NAS-Port-Type = Wireless-802.11 (3) Tunnel-Type:0 = VLAN (3) Tunnel-Medium-Type:0 = IEEE-802 (3) Tunnel-Private-Group-Id:0 = '477' (3) EAP-Message = 0x020400061900 (3) State = 0x7f32d9747d36c071723770ef4b853a0b (3) Message-Authenticator = 0x0f2f551fdac847a020dfb7ba2f6b4a8d (3) Event-Timestamp = 'Sep 7 2016 10:45:32 CDT' (3) Stripped-User-Name = 'myUsername' (3) Realm = 'DEFAULT' (3) EAP-Type = PEAP (3) Proxy-State = 0x313336 Sending Access-Request Id 152 from 0.0.0.0:32820 to 10.7.0.29:1812 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x020400061900 State = 0x7f32d9747d36c071723770ef4b853a0b Message-Authenticator = 0x0f2f551fdac847a020dfb7ba2f6b4a8d Event-Timestamp = 'Sep 7 2016 10:45:32 CDT' Proxy-State = 0x313336 Waking up in 0.3 seconds. Received Access-Challenge Id 152 from 10.7.0.29:1812 to 10.7.0.28:32820 length 1069 EAP-Message = 0x010503e81940f4a834dbe242c8a5db37d5b5e7e442723fb413cf8b0724451e8c918346b909a6fc18a30602ec348d32669527eae197e8db35a32b56eb57e8f01059df6d700c666ad064e5a8a39831ad1d62d5fa92e39a43cd2d35fbd99e335b457dc486282c6612c8db0f19300d3fe9f0ea4a5e4007c7f6207a537881647a7e456a166ff49358c962fb29277da17f21cee74f47d68a56e0e366f8ecdd89dc268c19683b8d8be2fb47230b7f370203010001a382016e3082016a301f0603551d230418301680145379bf5aaa2b4acf5480e1d89bc09df2b20366cb301d0603551d0e041604141e05a3778f6c96e25b874ba6b486ac71000ce738300e0603551d0f0101ff04040302018630120603551d130101ff040830060101ff020100301d0603551d250416301406082b0601050507030106082b06010505070302301b0603551d200414301230060604551d20003008060667810c01020230500603551d1f044930473045a043a041863f687474703a2f2f63726c2e7573657274727573742e636f6d2f55534552547275737452534143657274696669636174696f6e417574686f726974792e63726c307606082b06010505070101046a3068303f06082b060105050730028633687474703a2f2f6372742e7573657274727573742e636f6d2f55534552547275737452534141646454727573744 Message-Authenticator = 0xffe356a1b5de045026b21b97d6531288 State = 0x7f32d9747c37c071723770ef4b853a0b Proxy-State = 0x313336 (3) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=152, length=1069 (3) EAP-Message = 0x010503e81940f4a834dbe242c8a5db37d5b5e7e442723fb413cf8b0724451e8c918346b909a6fc18a30602ec348d32669527eae197e8db35a32b56eb57e8f01059df6d700c666ad064e5a8a39831ad1d62d5fa92e39a43cd2d35fbd99e335b457dc486282c6612c8db0f19300d3fe9f0ea4a5e4007c7f6207a537881647a7e456a166ff49358c962fb29277da17f21cee74f47d68a56e0e366f8ecdd89dc268c19683b8d8be2fb47230b7f370203010001a382016e3082016a301f0603551d230418301680145379bf5aaa2b4acf5480e1d89bc09df2b20366cb301d0603551d0e041604141e05a3778f6c96e25b874ba6b486ac71000ce738300e0603551d0f0101ff04040302018630120603551d130101ff040830060101ff020100301d0603551d250416301406082b0601050507030106082b06010505070302301b0603551d200414301230060604551d20003008060667810c01020230500603551d1f044930473045a043a041863f687474703a2f2f63726c2e7573657274727573742e636f6d2f55534552547275737452534143657274696669636174696f6e417574686f726974792e63726c307606082b06010505070101046a3068303f06082b060105050730028633687474703a2f2f6372742e7573657274727573742e636f6d2f555345525472757374525341416464547275737443 (3) Message-Authenticator = 0xffe356a1b5de045026b21b97d6531288 (3) State = 0x7f32d9747c37c071723770ef4b853a0b (3) Proxy-State = 0x313336 (3) # Executing section post-proxy from file /etc/raddb/sites-enabled/default (3) post-proxy { (3) eap : No pre-existing handler found (3) [eap] = noop (3) } # post-proxy = noop (3) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=136, length=0 (3) EAP-Message = 0x010503e81940f4a834dbe242c8a5db37d5b5e7e442723fb413cf8b0724451e8c918346b909a6fc18a30602ec348d32669527eae197e8db35a32b56eb57e8f01059df6d700c666ad064e5a8a39831ad1d62d5fa92e39a43cd2d35fbd99e335b457dc486282c6612c8db0f19300d3fe9f0ea4a5e4007c7f6207a537881647a7e456a166ff49358c962fb29277da17f21cee74f47d68a56e0e366f8ecdd89dc268c19683b8d8be2fb47230b7f370203010001a382016e3082016a301f0603551d230418301680145379bf5aaa2b4acf5480e1d89bc09df2b20366cb301d0603551d0e041604141e05a3778f6c96e25b874ba6b486ac71000ce738300e0603551d0f0101ff04040302018630120603551d130101ff040830060101ff020100301d0603551d250416301406082b0601050507030106082b06010505070302301b0603551d200414301230060604551d20003008060667810c01020230500603551d1f044930473045a043a041863f687474703a2f2f63726c2e7573657274727573742e636f6d2f55534552547275737452534143657274696669636174696f6e417574686f726974792e63726c307606082b06010505070101046a3068303f06082b060105050730028633687474703a2f2f6372742e7573657274727573742e636f6d2f555345525472757374525341416464547275737443 (3) Message-Authenticator = 0xffe356a1b5de045026b21b97d6531288 (3) State = 0x7f32d9747c37c071723770ef4b853a0b Sending Access-Challenge Id 136 from 10.7.0.28:1812 to 10.250.0.19:32777 EAP-Message = 0x010503e81940f4a834dbe242c8a5db37d5b5e7e442723fb413cf8b0724451e8c918346b909a6fc18a30602ec348d32669527eae197e8db35a32b56eb57e8f01059df6d700c666ad064e5a8a39831ad1d62d5fa92e39a43cd2d35fbd99e335b457dc486282c6612c8db0f19300d3fe9f0ea4a5e4007c7f6207a537881647a7e456a166ff49358c962fb29277da17f21cee74f47d68a56e0e366f8ecdd89dc268c19683b8d8be2fb47230b7f370203010001a382016e3082016a301f0603551d230418301680145379bf5aaa2b4acf5480e1d89bc09df2b20366cb301d0603551d0e041604141e05a3778f6c96e25b874ba6b486ac71000ce738300e0603551d0f0101ff04040302018630120603551d130101ff040830060101ff020100301d0603551d250416301406082b0601050507030106082b06010505070302301b0603551d200414301230060604551d20003008060667810c01020230500603551d1f044930473045a043a041863f687474703a2f2f63726c2e7573657274727573742e636f6d2f55534552547275737452534143657274696669636174696f6e417574686f726974792e63726c307606082b06010505070101046a3068303f06082b060105050730028633687474703a2f2f6372742e7573657274727573742e636f6d2f55534552547275737452534141646454727573744 Message-Authenticator = 0xffe356a1b5de045026b21b97d6531288 State = 0x7f32d9747c37c071723770ef4b853a0b (3) Finished request Waking up in 0.3 seconds. Waking up in 2.9 seconds. Received Access-Request Id 137 from 10.250.0.19:32777 to 10.7.0.28:1812 length 302 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x020500061900 State = 0x7f32d9747c37c071723770ef4b853a0b Message-Authenticator = 0x179c27dcfcb213745451499ae90edcce (4) Received Access-Request packet from host 10.250.0.19 port 32777, id=137, length=302 (4) User-Name = 'myUsername' (4) Chargeable-User-Identity = 0x00 (4) Location-Capable = Civix-Location (4) Calling-Station-Id = '88:63:df:a5:2a:c7' (4) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (4) NAS-Port = 4 (4) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (4) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (4) Cisco-AVPair = 'mDNS=true' (4) NAS-IP-Address = 10.250.0.19 (4) NAS-Identifier = 'Red 8510' (4) Airespace-Wlan-Id = 8 (4) Service-Type = Framed-User (4) Framed-MTU = 1300 (4) NAS-Port-Type = Wireless-802.11 (4) Tunnel-Type:0 = VLAN (4) Tunnel-Medium-Type:0 = IEEE-802 (4) Tunnel-Private-Group-Id:0 = '477' (4) EAP-Message = 0x020500061900 (4) State = 0x7f32d9747c37c071723770ef4b853a0b (4) Message-Authenticator = 0x179c27dcfcb213745451499ae90edcce (4) # Executing section authorize from file /etc/raddb/sites-enabled/default (4) authorize { (4) filter_username filter_username { (4) if (!&User-Name) (4) if (!&User-Name) -> FALSE (4) if (&User-Name =~ / /) (4) if (&User-Name =~ / /) -> FALSE (4) if (&User-Name =~ /@.*@/ ) (4) if (&User-Name =~ /@.*@/ ) -> FALSE (4) if (&User-Name =~ /\\.\\./ ) (4) if (&User-Name =~ /\\.\\./ ) -> FALSE (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (4) if (&User-Name =~ /\\.$/) (4) if (&User-Name =~ /\\.$/) -> FALSE (4) if (&User-Name =~ /@\\./) (4) if (&User-Name =~ /@\\./) -> FALSE (4) } # filter_username filter_username = notfound (4) [preprocess] = ok (4) [chap] = noop (4) [mschap] = noop (4) [digest] = noop (4) suffix : Checking for suffix after "@" (4) suffix : No '@' in User-Name = "myUsername", looking up realm NULL (4) suffix : Found realm "DEFAULT" (4) suffix : Adding Stripped-User-Name = "myUsername" (4) suffix : Adding Realm = "DEFAULT" (4) suffix : Proxying request from user myUsername to realm DEFAULT (4) suffix : Preparing to proxy authentication request to realm "DEFAULT" (4) [suffix] = updated (4) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP. (4) [eap] = noop (4) files : users: Matched entry DEFAULT at line 2 (4) [files] = ok (4) [expiration] = noop (4) [logintime] = noop (4) [pap] = noop (4) } # authorize = updated (4) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default (4) pre-proxy { (4) update control { (4) EXPAND %{Calling-Station-Id} (4) --> 88:63:df:a5:2a:c7 (4) Load-Balance-Key := "88:63:df:a5:2a:c7" (4) } # update control = noop (4) [updated] = updated (4) } # pre-proxy = updated (4) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000 (4) Sending Access-Request packet to host 10.7.0.29 port 1812, id=121, length=0 (4) User-Name = 'myUsername' (4) Chargeable-User-Identity = 0x00 (4) Location-Capable = Civix-Location (4) Calling-Station-Id = '88:63:df:a5:2a:c7' (4) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (4) NAS-Port = 4 (4) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (4) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (4) Cisco-AVPair = 'mDNS=true' (4) NAS-IP-Address = 10.250.0.19 (4) NAS-Identifier = 'Red 8510' (4) Airespace-Wlan-Id = 8 (4) Service-Type = Framed-User (4) Framed-MTU = 1300 (4) NAS-Port-Type = Wireless-802.11 (4) Tunnel-Type:0 = VLAN (4) Tunnel-Medium-Type:0 = IEEE-802 (4) Tunnel-Private-Group-Id:0 = '477' (4) EAP-Message = 0x020500061900 (4) State = 0x7f32d9747c37c071723770ef4b853a0b (4) Message-Authenticator = 0x179c27dcfcb213745451499ae90edcce (4) Event-Timestamp = 'Sep 7 2016 10:45:32 CDT' (4) Stripped-User-Name = 'myUsername' (4) Realm = 'DEFAULT' (4) EAP-Type = PEAP (4) Proxy-State = 0x313337 Sending Access-Request Id 121 from 0.0.0.0:32820 to 10.7.0.29:1812 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x020500061900 State = 0x7f32d9747c37c071723770ef4b853a0b Message-Authenticator = 0x179c27dcfcb213745451499ae90edcce Event-Timestamp = 'Sep 7 2016 10:45:32 CDT' Proxy-State = 0x313337 Waking up in 0.3 seconds. Received Access-Challenge Id 121 from 10.7.0.29:1812 to 10.7.0.28:32820 length 1069 EAP-Message = 0x010603e819402a87b95ccaf2834c4003b2521a79210837184ed98d5f99c6055ff16aaeba755a78473a3a655ee5c4d0e3dad2eb5a282db9029960a26f3c2f667c98459cc9fa01ef328e7c3ef9f4037b24a656098c2400057b308205773082045fa003020102021013ea28705bf4eced0c36630980614336300d06092a864886f70d01010c0500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b37281 Message-Authenticator = 0x21ea0b5359ce13b7be9dec242663548a State = 0x7f32d9747b34c071723770ef4b853a0b Proxy-State = 0x313337 (4) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=121, length=1069 (4) EAP-Message = 0x010603e819402a87b95ccaf2834c4003b2521a79210837184ed98d5f99c6055ff16aaeba755a78473a3a655ee5c4d0e3dad2eb5a282db9029960a26f3c2f667c98459cc9fa01ef328e7c3ef9f4037b24a656098c2400057b308205773082045fa003020102021013ea28705bf4eced0c36630980614336300d06092a864886f70d01010c0500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b372811 (4) Message-Authenticator = 0x21ea0b5359ce13b7be9dec242663548a (4) State = 0x7f32d9747b34c071723770ef4b853a0b (4) Proxy-State = 0x313337 (4) # Executing section post-proxy from file /etc/raddb/sites-enabled/default (4) post-proxy { (4) eap : No pre-existing handler found (4) [eap] = noop (4) } # post-proxy = noop (4) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=137, length=0 (4) EAP-Message = 0x010603e819402a87b95ccaf2834c4003b2521a79210837184ed98d5f99c6055ff16aaeba755a78473a3a655ee5c4d0e3dad2eb5a282db9029960a26f3c2f667c98459cc9fa01ef328e7c3ef9f4037b24a656098c2400057b308205773082045fa003020102021013ea28705bf4eced0c36630980614336300d06092a864886f70d01010c0500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b372811 (4) Message-Authenticator = 0x21ea0b5359ce13b7be9dec242663548a (4) State = 0x7f32d9747b34c071723770ef4b853a0b Sending Access-Challenge Id 137 from 10.7.0.28:1812 to 10.250.0.19:32777 EAP-Message = 0x010603e819402a87b95ccaf2834c4003b2521a79210837184ed98d5f99c6055ff16aaeba755a78473a3a655ee5c4d0e3dad2eb5a282db9029960a26f3c2f667c98459cc9fa01ef328e7c3ef9f4037b24a656098c2400057b308205773082045fa003020102021013ea28705bf4eced0c36630980614336300d06092a864886f70d01010c0500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b37281 Message-Authenticator = 0x21ea0b5359ce13b7be9dec242663548a State = 0x7f32d9747b34c071723770ef4b853a0b (4) Finished request Waking up in 0.3 seconds. Waking up in 2.3 seconds. Received Access-Request Id 138 from 10.250.0.19:32777 to 10.7.0.28:1812 length 302 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x020600061900 State = 0x7f32d9747b34c071723770ef4b853a0b Message-Authenticator = 0x793941bee6d2a20c5e40eab7187ed082 (5) Received Access-Request packet from host 10.250.0.19 port 32777, id=138, length=302 (5) User-Name = 'myUsername' (5) Chargeable-User-Identity = 0x00 (5) Location-Capable = Civix-Location (5) Calling-Station-Id = '88:63:df:a5:2a:c7' (5) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (5) NAS-Port = 4 (5) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (5) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (5) Cisco-AVPair = 'mDNS=true' (5) NAS-IP-Address = 10.250.0.19 (5) NAS-Identifier = 'Red 8510' (5) Airespace-Wlan-Id = 8 (5) Service-Type = Framed-User (5) Framed-MTU = 1300 (5) NAS-Port-Type = Wireless-802.11 (5) Tunnel-Type:0 = VLAN (5) Tunnel-Medium-Type:0 = IEEE-802 (5) Tunnel-Private-Group-Id:0 = '477' (5) EAP-Message = 0x020600061900 (5) State = 0x7f32d9747b34c071723770ef4b853a0b (5) Message-Authenticator = 0x793941bee6d2a20c5e40eab7187ed082 (5) # Executing section authorize from file /etc/raddb/sites-enabled/default (5) authorize { (5) filter_username filter_username { (5) if (!&User-Name) (5) if (!&User-Name) -> FALSE (5) if (&User-Name =~ / /) (5) if (&User-Name =~ / /) -> FALSE (5) if (&User-Name =~ /@.*@/ ) (5) if (&User-Name =~ /@.*@/ ) -> FALSE (5) if (&User-Name =~ /\\.\\./ ) (5) if (&User-Name =~ /\\.\\./ ) -> FALSE (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (5) if (&User-Name =~ /\\.$/) (5) if (&User-Name =~ /\\.$/) -> FALSE (5) if (&User-Name =~ /@\\./) (5) if (&User-Name =~ /@\\./) -> FALSE (5) } # filter_username filter_username = notfound (5) [preprocess] = ok (5) [chap] = noop (5) [mschap] = noop (5) [digest] = noop (5) suffix : Checking for suffix after "@" (5) suffix : No '@' in User-Name = "myUsername", looking up realm NULL (5) suffix : Found realm "DEFAULT" (5) suffix : Adding Stripped-User-Name = "myUsername" (5) suffix : Adding Realm = "DEFAULT" (5) suffix : Proxying request from user myUsername to realm DEFAULT (5) suffix : Preparing to proxy authentication request to realm "DEFAULT" (5) [suffix] = updated (5) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP. (5) [eap] = noop (5) files : users: Matched entry DEFAULT at line 2 (5) [files] = ok (5) [expiration] = noop (5) [logintime] = noop (5) [pap] = noop (5) } # authorize = updated (5) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default (5) pre-proxy { (5) update control { (5) EXPAND %{Calling-Station-Id} (5) --> 88:63:df:a5:2a:c7 (5) Load-Balance-Key := "88:63:df:a5:2a:c7" (5) } # update control = noop (5) [updated] = updated (5) } # pre-proxy = updated (5) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000 (5) Sending Access-Request packet to host 10.7.0.29 port 1812, id=212, length=0 (5) User-Name = 'myUsername' (5) Chargeable-User-Identity = 0x00 (5) Location-Capable = Civix-Location (5) Calling-Station-Id = '88:63:df:a5:2a:c7' (5) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (5) NAS-Port = 4 (5) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (5) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (5) Cisco-AVPair = 'mDNS=true' (5) NAS-IP-Address = 10.250.0.19 (5) NAS-Identifier = 'Red 8510' (5) Airespace-Wlan-Id = 8 (5) Service-Type = Framed-User (5) Framed-MTU = 1300 (5) NAS-Port-Type = Wireless-802.11 (5) Tunnel-Type:0 = VLAN (5) Tunnel-Medium-Type:0 = IEEE-802 (5) Tunnel-Private-Group-Id:0 = '477' (5) EAP-Message = 0x020600061900 (5) State = 0x7f32d9747b34c071723770ef4b853a0b (5) Message-Authenticator = 0x793941bee6d2a20c5e40eab7187ed082 (5) Event-Timestamp = 'Sep 7 2016 10:45:33 CDT' (5) Stripped-User-Name = 'myUsername' (5) Realm = 'DEFAULT' (5) EAP-Type = PEAP (5) Proxy-State = 0x313338 Sending Access-Request Id 212 from 0.0.0.0:32820 to 10.7.0.29:1812 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x020600061900 State = 0x7f32d9747b34c071723770ef4b853a0b Message-Authenticator = 0x793941bee6d2a20c5e40eab7187ed082 Event-Timestamp = 'Sep 7 2016 10:45:33 CDT' Proxy-State = 0x313338 Waking up in 0.3 seconds. Received Access-Challenge Id 212 from 10.7.0.29:1812 to 10.7.0.28:32820 length 1069 EAP-Message = 0x010703e8194003bde024cb541a301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e7573657274727573742e636f6d2f416464547275737445787465726e616c4341526f6f742e63726c303506082b0601050507010104293027302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d300d06092a864886f70d01010c050003820101009365f63783950f5ec3821c1fd677e73c8ac0aa09f0e90b26f1e0c26a75a1c779c9b95260c829120ef0ad03d609c476dfe5a68195a746da8257a99592c5b68f03226c3377c17b32176e07ce5a14413a05241bf614063ba825240ebbcc2a75ddb970413f7cd0633621071f46ff60a491e167bcde1f7e1914c9636791ea67076bb48f8bc06e437dc3a1806cb21ebc53857ddc90a1a4bc2def4672573505bfbb46bb6e6d3799b6ff239291c66e40f88f2956ea5fd55f1453acf04f61eaf722cca7560be2b8341f26d97b1905683fba3cd43806a2d3e68f0ee3b4716d4042c584b440952bf465a04879f61d8163969d4f75e0f87ce48ea9d1f2ad8ab38cc721cdc2ef00043a30820 Message-Authenticator = 0x7cbe966dd0238f8b291b7a1c48ddeb42 State = 0x7f32d9747a35c071723770ef4b853a0b Proxy-State = 0x313338 (5) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=212, length=1069 (5) EAP-Message = 0x010703e8194003bde024cb541a301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e7573657274727573742e636f6d2f416464547275737445787465726e616c4341526f6f742e63726c303506082b0601050507010104293027302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d300d06092a864886f70d01010c050003820101009365f63783950f5ec3821c1fd677e73c8ac0aa09f0e90b26f1e0c26a75a1c779c9b95260c829120ef0ad03d609c476dfe5a68195a746da8257a99592c5b68f03226c3377c17b32176e07ce5a14413a05241bf614063ba825240ebbcc2a75ddb970413f7cd0633621071f46ff60a491e167bcde1f7e1914c9636791ea67076bb48f8bc06e437dc3a1806cb21ebc53857ddc90a1a4bc2def4672573505bfbb46bb6e6d3799b6ff239291c66e40f88f2956ea5fd55f1453acf04f61eaf722cca7560be2b8341f26d97b1905683fba3cd43806a2d3e68f0ee3b4716d4042c584b440952bf465a04879f61d8163969d4f75e0f87ce48ea9d1f2ad8ab38cc721cdc2ef00043a308204 (5) Message-Authenticator = 0x7cbe966dd0238f8b291b7a1c48ddeb42 (5) State = 0x7f32d9747a35c071723770ef4b853a0b (5) Proxy-State = 0x313338 (5) # Executing section post-proxy from file /etc/raddb/sites-enabled/default (5) post-proxy { (5) eap : No pre-existing handler found (5) [eap] = noop (5) } # post-proxy = noop (5) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=138, length=0 (5) EAP-Message = 0x010703e8194003bde024cb541a301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e7573657274727573742e636f6d2f416464547275737445787465726e616c4341526f6f742e63726c303506082b0601050507010104293027302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d300d06092a864886f70d01010c050003820101009365f63783950f5ec3821c1fd677e73c8ac0aa09f0e90b26f1e0c26a75a1c779c9b95260c829120ef0ad03d609c476dfe5a68195a746da8257a99592c5b68f03226c3377c17b32176e07ce5a14413a05241bf614063ba825240ebbcc2a75ddb970413f7cd0633621071f46ff60a491e167bcde1f7e1914c9636791ea67076bb48f8bc06e437dc3a1806cb21ebc53857ddc90a1a4bc2def4672573505bfbb46bb6e6d3799b6ff239291c66e40f88f2956ea5fd55f1453acf04f61eaf722cca7560be2b8341f26d97b1905683fba3cd43806a2d3e68f0ee3b4716d4042c584b440952bf465a04879f61d8163969d4f75e0f87ce48ea9d1f2ad8ab38cc721cdc2ef00043a308204 (5) Message-Authenticator = 0x7cbe966dd0238f8b291b7a1c48ddeb42 (5) State = 0x7f32d9747a35c071723770ef4b853a0b Sending Access-Challenge Id 138 from 10.7.0.28:1812 to 10.250.0.19:32777 EAP-Message = 0x010703e8194003bde024cb541a301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e7573657274727573742e636f6d2f416464547275737445787465726e616c4341526f6f742e63726c303506082b0601050507010104293027302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d300d06092a864886f70d01010c050003820101009365f63783950f5ec3821c1fd677e73c8ac0aa09f0e90b26f1e0c26a75a1c779c9b95260c829120ef0ad03d609c476dfe5a68195a746da8257a99592c5b68f03226c3377c17b32176e07ce5a14413a05241bf614063ba825240ebbcc2a75ddb970413f7cd0633621071f46ff60a491e167bcde1f7e1914c9636791ea67076bb48f8bc06e437dc3a1806cb21ebc53857ddc90a1a4bc2def4672573505bfbb46bb6e6d3799b6ff239291c66e40f88f2956ea5fd55f1453acf04f61eaf722cca7560be2b8341f26d97b1905683fba3cd43806a2d3e68f0ee3b4716d4042c584b440952bf465a04879f61d8163969d4f75e0f87ce48ea9d1f2ad8ab38cc721cdc2ef00043a30820 Message-Authenticator = 0x7cbe966dd0238f8b291b7a1c48ddeb42 State = 0x7f32d9747a35c071723770ef4b853a0b (5) Finished request Waking up in 0.3 seconds. Waking up in 1.8 seconds. Received Access-Request Id 139 from 10.250.0.19:32777 to 10.7.0.28:1812 length 302 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x020700061900 State = 0x7f32d9747a35c071723770ef4b853a0b Message-Authenticator = 0x1d34b533c22550014d8a2b2c2368443f (6) Received Access-Request packet from host 10.250.0.19 port 32777, id=139, length=302 (6) User-Name = 'myUsername' (6) Chargeable-User-Identity = 0x00 (6) Location-Capable = Civix-Location (6) Calling-Station-Id = '88:63:df:a5:2a:c7' (6) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (6) NAS-Port = 4 (6) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (6) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (6) Cisco-AVPair = 'mDNS=true' (6) NAS-IP-Address = 10.250.0.19 (6) NAS-Identifier = 'Red 8510' (6) Airespace-Wlan-Id = 8 (6) Service-Type = Framed-User (6) Framed-MTU = 1300 (6) NAS-Port-Type = Wireless-802.11 (6) Tunnel-Type:0 = VLAN (6) Tunnel-Medium-Type:0 = IEEE-802 (6) Tunnel-Private-Group-Id:0 = '477' (6) EAP-Message = 0x020700061900 (6) State = 0x7f32d9747a35c071723770ef4b853a0b (6) Message-Authenticator = 0x1d34b533c22550014d8a2b2c2368443f (6) # Executing section authorize from file /etc/raddb/sites-enabled/default (6) authorize { (6) filter_username filter_username { (6) if (!&User-Name) (6) if (!&User-Name) -> FALSE (6) if (&User-Name =~ / /) (6) if (&User-Name =~ / /) -> FALSE (6) if (&User-Name =~ /@.*@/ ) (6) if (&User-Name =~ /@.*@/ ) -> FALSE (6) if (&User-Name =~ /\\.\\./ ) (6) if (&User-Name =~ /\\.\\./ ) -> FALSE (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (6) if (&User-Name =~ /\\.$/) (6) if (&User-Name =~ /\\.$/) -> FALSE (6) if (&User-Name =~ /@\\./) (6) if (&User-Name =~ /@\\./) -> FALSE (6) } # filter_username filter_username = notfound (6) [preprocess] = ok (6) [chap] = noop (6) [mschap] = noop (6) [digest] = noop (6) suffix : Checking for suffix after "@" (6) suffix : No '@' in User-Name = "myUsername", looking up realm NULL (6) suffix : Found realm "DEFAULT" (6) suffix : Adding Stripped-User-Name = "myUsername" (6) suffix : Adding Realm = "DEFAULT" (6) suffix : Proxying request from user myUsername to realm DEFAULT (6) suffix : Preparing to proxy authentication request to realm "DEFAULT" (6) [suffix] = updated (6) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP. (6) [eap] = noop (6) files : users: Matched entry DEFAULT at line 2 (6) [files] = ok (6) [expiration] = noop (6) [logintime] = noop (6) [pap] = noop (6) } # authorize = updated (6) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default (6) pre-proxy { (6) update control { (6) EXPAND %{Calling-Station-Id} (6) --> 88:63:df:a5:2a:c7 (6) Load-Balance-Key := "88:63:df:a5:2a:c7" (6) } # update control = noop (6) [updated] = updated (6) } # pre-proxy = updated (6) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000 (6) Sending Access-Request packet to host 10.7.0.29 port 1812, id=103, length=0 (6) User-Name = 'myUsername' (6) Chargeable-User-Identity = 0x00 (6) Location-Capable = Civix-Location (6) Calling-Station-Id = '88:63:df:a5:2a:c7' (6) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (6) NAS-Port = 4 (6) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (6) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (6) Cisco-AVPair = 'mDNS=true' (6) NAS-IP-Address = 10.250.0.19 (6) NAS-Identifier = 'Red 8510' (6) Airespace-Wlan-Id = 8 (6) Service-Type = Framed-User (6) Framed-MTU = 1300 (6) NAS-Port-Type = Wireless-802.11 (6) Tunnel-Type:0 = VLAN (6) Tunnel-Medium-Type:0 = IEEE-802 (6) Tunnel-Private-Group-Id:0 = '477' (6) EAP-Message = 0x020700061900 (6) State = 0x7f32d9747a35c071723770ef4b853a0b (6) Message-Authenticator = 0x1d34b533c22550014d8a2b2c2368443f (6) Event-Timestamp = 'Sep 7 2016 10:45:34 CDT' (6) Stripped-User-Name = 'myUsername' (6) Realm = 'DEFAULT' (6) EAP-Type = PEAP (6) Proxy-State = 0x313339 Sending Access-Request Id 103 from 0.0.0.0:32820 to 10.7.0.29:1812 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x020700061900 State = 0x7f32d9747a35c071723770ef4b853a0b Message-Authenticator = 0x1d34b533c22550014d8a2b2c2368443f Event-Timestamp = 'Sep 7 2016 10:45:34 CDT' Proxy-State = 0x313339 Waking up in 0.3 seconds. Received Access-Challenge Id 103 from 10.7.0.29:1812 to 10.7.0.28:32820 length 1002 EAP-Message = 0x010803a519009437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa7622168152 Message-Authenticator = 0x9f268fb0f8593cd72abd7cfbad1d29ac State = 0x7f32d974793ac071723770ef4b853a0b Proxy-State = 0x313339 (6) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=103, length=1002 (6) EAP-Message = 0x010803a519009437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520 (6) Message-Authenticator = 0x9f268fb0f8593cd72abd7cfbad1d29ac (6) State = 0x7f32d974793ac071723770ef4b853a0b (6) Proxy-State = 0x313339 (6) # Executing section post-proxy from file /etc/raddb/sites-enabled/default (6) post-proxy { (6) eap : No pre-existing handler found (6) [eap] = noop (6) } # post-proxy = noop (6) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=139, length=0 (6) EAP-Message = 0x010803a519009437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520 (6) Message-Authenticator = 0x9f268fb0f8593cd72abd7cfbad1d29ac (6) State = 0x7f32d974793ac071723770ef4b853a0b Sending Access-Challenge Id 139 from 10.7.0.28:1812 to 10.250.0.19:32777 EAP-Message = 0x010803a519009437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa7622168152 Message-Authenticator = 0x9f268fb0f8593cd72abd7cfbad1d29ac State = 0x7f32d974793ac071723770ef4b853a0b (6) Finished request Waking up in 0.3 seconds. Waking up in 1.2 seconds. Received Access-Request Id 140 from 10.250.0.19:32777 to 10.7.0.28:1812 length 440 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x02080090198000000086160301004610000042410429e8c93c050497d3c969d24265991784e53f8e974d047c0afe53fe094be8aebf1cdb5c532b66bca8e62c0a4de444911ee842ef54549de8d6f1bab50ab3c027e214030100010116030100304ceb36a7e8d6f0939c12ecc9d58fcb1cd48e6ff0c0554cdd9b69c189dd0fc9dcfe74da9b32db30a4ad253d91db07be92 State = 0x7f32d974793ac071723770ef4b853a0b Message-Authenticator = 0xa163342ab96eda59991b0b6c9b4d1ac8 (7) Received Access-Request packet from host 10.250.0.19 port 32777, id=140, length=440 (7) User-Name = 'myUsername' (7) Chargeable-User-Identity = 0x00 (7) Location-Capable = Civix-Location (7) Calling-Station-Id = '88:63:df:a5:2a:c7' (7) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (7) NAS-Port = 4 (7) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (7) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (7) Cisco-AVPair = 'mDNS=true' (7) NAS-IP-Address = 10.250.0.19 (7) NAS-Identifier = 'Red 8510' (7) Airespace-Wlan-Id = 8 (7) Service-Type = Framed-User (7) Framed-MTU = 1300 (7) NAS-Port-Type = Wireless-802.11 (7) Tunnel-Type:0 = VLAN (7) Tunnel-Medium-Type:0 = IEEE-802 (7) Tunnel-Private-Group-Id:0 = '477' (7) EAP-Message = 0x02080090198000000086160301004610000042410429e8c93c050497d3c969d24265991784e53f8e974d047c0afe53fe094be8aebf1cdb5c532b66bca8e62c0a4de444911ee842ef54549de8d6f1bab50ab3c027e214030100010116030100304ceb36a7e8d6f0939c12ecc9d58fcb1cd48e6ff0c0554cdd9b69c189dd0fc9dcfe74da9b32db30a4ad253d91db07be92 (7) State = 0x7f32d974793ac071723770ef4b853a0b (7) Message-Authenticator = 0xa163342ab96eda59991b0b6c9b4d1ac8 (7) # Executing section authorize from file /etc/raddb/sites-enabled/default (7) authorize { (7) filter_username filter_username { (7) if (!&User-Name) (7) if (!&User-Name) -> FALSE (7) if (&User-Name =~ / /) (7) if (&User-Name =~ / /) -> FALSE (7) if (&User-Name =~ /@.*@/ ) (7) if (&User-Name =~ /@.*@/ ) -> FALSE (7) if (&User-Name =~ /\\.\\./ ) (7) if (&User-Name =~ /\\.\\./ ) -> FALSE (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (7) if (&User-Name =~ /\\.$/) (7) if (&User-Name =~ /\\.$/) -> FALSE (7) if (&User-Name =~ /@\\./) (7) if (&User-Name =~ /@\\./) -> FALSE (7) } # filter_username filter_username = notfound (7) [preprocess] = ok (7) [chap] = noop (7) [mschap] = noop (7) [digest] = noop (7) suffix : Checking for suffix after "@" (7) suffix : No '@' in User-Name = "myUsername", looking up realm NULL (7) suffix : Found realm "DEFAULT" (7) suffix : Adding Stripped-User-Name = "myUsername" (7) suffix : Adding Realm = "DEFAULT" (7) suffix : Proxying request from user myUsername to realm DEFAULT (7) suffix : Preparing to proxy authentication request to realm "DEFAULT" (7) [suffix] = updated (7) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP. (7) [eap] = noop (7) files : users: Matched entry DEFAULT at line 2 (7) [files] = ok (7) [expiration] = noop (7) [logintime] = noop (7) [pap] = noop (7) } # authorize = updated (7) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default (7) pre-proxy { (7) update control { (7) EXPAND %{Calling-Station-Id} (7) --> 88:63:df:a5:2a:c7 (7) Load-Balance-Key := "88:63:df:a5:2a:c7" (7) } # update control = noop (7) [updated] = updated (7) } # pre-proxy = updated (7) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000 (7) Sending Access-Request packet to host 10.7.0.29 port 1812, id=156, length=0 (7) User-Name = 'myUsername' (7) Chargeable-User-Identity = 0x00 (7) Location-Capable = Civix-Location (7) Calling-Station-Id = '88:63:df:a5:2a:c7' (7) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (7) NAS-Port = 4 (7) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (7) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (7) Cisco-AVPair = 'mDNS=true' (7) NAS-IP-Address = 10.250.0.19 (7) NAS-Identifier = 'Red 8510' (7) Airespace-Wlan-Id = 8 (7) Service-Type = Framed-User (7) Framed-MTU = 1300 (7) NAS-Port-Type = Wireless-802.11 (7) Tunnel-Type:0 = VLAN (7) Tunnel-Medium-Type:0 = IEEE-802 (7) Tunnel-Private-Group-Id:0 = '477' (7) EAP-Message = 0x02080090198000000086160301004610000042410429e8c93c050497d3c969d24265991784e53f8e974d047c0afe53fe094be8aebf1cdb5c532b66bca8e62c0a4de444911ee842ef54549de8d6f1bab50ab3c027e214030100010116030100304ceb36a7e8d6f0939c12ecc9d58fcb1cd48e6ff0c0554cdd9b69c189dd0fc9dcfe74da9b32db30a4ad253d91db07be92 (7) State = 0x7f32d974793ac071723770ef4b853a0b (7) Message-Authenticator = 0xa163342ab96eda59991b0b6c9b4d1ac8 (7) Event-Timestamp = 'Sep 7 2016 10:45:34 CDT' (7) Stripped-User-Name = 'myUsername' (7) Realm = 'DEFAULT' (7) EAP-Type = PEAP (7) Proxy-State = 0x313430 Sending Access-Request Id 156 from 0.0.0.0:32820 to 10.7.0.29:1812 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x02080090198000000086160301004610000042410429e8c93c050497d3c969d24265991784e53f8e974d047c0afe53fe094be8aebf1cdb5c532b66bca8e62c0a4de444911ee842ef54549de8d6f1bab50ab3c027e214030100010116030100304ceb36a7e8d6f0939c12ecc9d58fcb1cd48e6ff0c0554cdd9b69c189dd0fc9dcfe74da9b32db30a4ad253d91db07be92 State = 0x7f32d974793ac071723770ef4b853a0b Message-Authenticator = 0xa163342ab96eda59991b0b6c9b4d1ac8 Event-Timestamp = 'Sep 7 2016 10:45:34 CDT' Proxy-State = 0x313430 Waking up in 0.3 seconds. Received Access-Challenge Id 156 from 10.7.0.29:1812 to 10.7.0.28:32820 length 128 EAP-Message = 0x0109004119001403010001011603010030319532f72d4702e3e7168c18318061baa1178d4104ec7b8ff01fd4de7837730400f8c867195e19123d7820fbe26de308 Message-Authenticator = 0xaa8fb77da2b03ee73c0cfacb26d9543a State = 0x7f32d974783bc071723770ef4b853a0b Proxy-State = 0x313430 (7) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=156, length=128 (7) EAP-Message = 0x0109004119001403010001011603010030319532f72d4702e3e7168c18318061baa1178d4104ec7b8ff01fd4de7837730400f8c867195e19123d7820fbe26de308 (7) Message-Authenticator = 0xaa8fb77da2b03ee73c0cfacb26d9543a (7) State = 0x7f32d974783bc071723770ef4b853a0b (7) Proxy-State = 0x313430 (7) # Executing section post-proxy from file /etc/raddb/sites-enabled/default (7) post-proxy { (7) eap : No pre-existing handler found (7) [eap] = noop (7) } # post-proxy = noop (7) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=140, length=0 (7) EAP-Message = 0x0109004119001403010001011603010030319532f72d4702e3e7168c18318061baa1178d4104ec7b8ff01fd4de7837730400f8c867195e19123d7820fbe26de308 (7) Message-Authenticator = 0xaa8fb77da2b03ee73c0cfacb26d9543a (7) State = 0x7f32d974783bc071723770ef4b853a0b Sending Access-Challenge Id 140 from 10.7.0.28:1812 to 10.250.0.19:32777 EAP-Message = 0x0109004119001403010001011603010030319532f72d4702e3e7168c18318061baa1178d4104ec7b8ff01fd4de7837730400f8c867195e19123d7820fbe26de308 Message-Authenticator = 0xaa8fb77da2b03ee73c0cfacb26d9543a State = 0x7f32d974783bc071723770ef4b853a0b (7) Finished request Waking up in 0.3 seconds. Waking up in 0.6 seconds. Received Access-Request Id 141 from 10.250.0.19:32777 to 10.7.0.28:1812 length 302 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x020900061900 State = 0x7f32d974783bc071723770ef4b853a0b Message-Authenticator = 0x5a346273cf37875c673969c7831b84ec (8) Received Access-Request packet from host 10.250.0.19 port 32777, id=141, length=302 (8) User-Name = 'myUsername' (8) Chargeable-User-Identity = 0x00 (8) Location-Capable = Civix-Location (8) Calling-Station-Id = '88:63:df:a5:2a:c7' (8) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (8) NAS-Port = 4 (8) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (8) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (8) Cisco-AVPair = 'mDNS=true' (8) NAS-IP-Address = 10.250.0.19 (8) NAS-Identifier = 'Red 8510' (8) Airespace-Wlan-Id = 8 (8) Service-Type = Framed-User (8) Framed-MTU = 1300 (8) NAS-Port-Type = Wireless-802.11 (8) Tunnel-Type:0 = VLAN (8) Tunnel-Medium-Type:0 = IEEE-802 (8) Tunnel-Private-Group-Id:0 = '477' (8) EAP-Message = 0x020900061900 (8) State = 0x7f32d974783bc071723770ef4b853a0b (8) Message-Authenticator = 0x5a346273cf37875c673969c7831b84ec (8) # Executing section authorize from file /etc/raddb/sites-enabled/default (8) authorize { (8) filter_username filter_username { (8) if (!&User-Name) (8) if (!&User-Name) -> FALSE (8) if (&User-Name =~ / /) (8) if (&User-Name =~ / /) -> FALSE (8) if (&User-Name =~ /@.*@/ ) (8) if (&User-Name =~ /@.*@/ ) -> FALSE (8) if (&User-Name =~ /\\.\\./ ) (8) if (&User-Name =~ /\\.\\./ ) -> FALSE (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (8) if (&User-Name =~ /\\.$/) (8) if (&User-Name =~ /\\.$/) -> FALSE (8) if (&User-Name =~ /@\\./) (8) if (&User-Name =~ /@\\./) -> FALSE (8) } # filter_username filter_username = notfound (8) [preprocess] = ok (8) [chap] = noop (8) [mschap] = noop (8) [digest] = noop (8) suffix : Checking for suffix after "@" (8) suffix : No '@' in User-Name = "myUsername", looking up realm NULL (8) suffix : Found realm "DEFAULT" (8) suffix : Adding Stripped-User-Name = "myUsername" (8) suffix : Adding Realm = "DEFAULT" (8) suffix : Proxying request from user myUsername to realm DEFAULT (8) suffix : Preparing to proxy authentication request to realm "DEFAULT" (8) [suffix] = updated (8) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP. (8) [eap] = noop (8) files : users: Matched entry DEFAULT at line 2 (8) [files] = ok (8) [expiration] = noop (8) [logintime] = noop (8) [pap] = noop (8) } # authorize = updated (8) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default (8) pre-proxy { (8) update control { (8) EXPAND %{Calling-Station-Id} (8) --> 88:63:df:a5:2a:c7 (8) Load-Balance-Key := "88:63:df:a5:2a:c7" (8) } # update control = noop (8) [updated] = updated (8) } # pre-proxy = updated (8) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000 (8) Sending Access-Request packet to host 10.7.0.29 port 1812, id=156, length=0 (8) User-Name = 'myUsername' (8) Chargeable-User-Identity = 0x00 (8) Location-Capable = Civix-Location (8) Calling-Station-Id = '88:63:df:a5:2a:c7' (8) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (8) NAS-Port = 4 (8) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (8) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (8) Cisco-AVPair = 'mDNS=true' (8) NAS-IP-Address = 10.250.0.19 (8) NAS-Identifier = 'Red 8510' (8) Airespace-Wlan-Id = 8 (8) Service-Type = Framed-User (8) Framed-MTU = 1300 (8) NAS-Port-Type = Wireless-802.11 (8) Tunnel-Type:0 = VLAN (8) Tunnel-Medium-Type:0 = IEEE-802 (8) Tunnel-Private-Group-Id:0 = '477' (8) EAP-Message = 0x020900061900 (8) State = 0x7f32d974783bc071723770ef4b853a0b (8) Message-Authenticator = 0x5a346273cf37875c673969c7831b84ec (8) Event-Timestamp = 'Sep 7 2016 10:45:35 CDT' (8) Stripped-User-Name = 'myUsername' (8) Realm = 'DEFAULT' (8) EAP-Type = PEAP (8) Proxy-State = 0x313431 Sending Access-Request Id 156 from 0.0.0.0:32820 to 10.7.0.29:1812 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x020900061900 State = 0x7f32d974783bc071723770ef4b853a0b Message-Authenticator = 0x5a346273cf37875c673969c7831b84ec Event-Timestamp = 'Sep 7 2016 10:45:35 CDT' Proxy-State = 0x313431 Waking up in 0.3 seconds. Received Access-Challenge Id 156 from 10.7.0.29:1812 to 10.7.0.28:32820 length 106 EAP-Message = 0x010a002b19001703010020b994d439e402f8844ffc35d40e1619b45ea52ecc4503846b6479e88004f5b2f6 Message-Authenticator = 0xb559b631e9a05ff09a132b9b18d5f41d State = 0x7f32d9747738c071723770ef4b853a0b Proxy-State = 0x313431 (8) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=156, length=106 (8) EAP-Message = 0x010a002b19001703010020b994d439e402f8844ffc35d40e1619b45ea52ecc4503846b6479e88004f5b2f6 (8) Message-Authenticator = 0xb559b631e9a05ff09a132b9b18d5f41d (8) State = 0x7f32d9747738c071723770ef4b853a0b (8) Proxy-State = 0x313431 (8) # Executing section post-proxy from file /etc/raddb/sites-enabled/default (8) post-proxy { (8) eap : No pre-existing handler found (8) [eap] = noop (8) } # post-proxy = noop (8) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=141, length=0 (8) EAP-Message = 0x010a002b19001703010020b994d439e402f8844ffc35d40e1619b45ea52ecc4503846b6479e88004f5b2f6 (8) Message-Authenticator = 0xb559b631e9a05ff09a132b9b18d5f41d (8) State = 0x7f32d9747738c071723770ef4b853a0b Sending Access-Challenge Id 141 from 10.7.0.28:1812 to 10.250.0.19:32777 EAP-Message = 0x010a002b19001703010020b994d439e402f8844ffc35d40e1619b45ea52ecc4503846b6479e88004f5b2f6 Message-Authenticator = 0xb559b631e9a05ff09a132b9b18d5f41d State = 0x7f32d9747738c071723770ef4b853a0b (8) Finished request Waking up in 0.3 seconds. Waking up in 0.1 seconds. (0) Cleaning up request packet ID 133 with timestamp +8 Waking up in 0.5 seconds. Received Access-Request Id 142 from 10.250.0.19:32777 to 10.7.0.28:1812 length 339 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x020a002b19001703010020e9cb715bd5ec105e20f76cac2c01c5f99230edaa4d52b0e9d1c853dba7ab4aa1 State = 0x7f32d9747738c071723770ef4b853a0b Message-Authenticator = 0xfc94b778553fb1128fab89148506888f (9) Received Access-Request packet from host 10.250.0.19 port 32777, id=142, length=339 (9) User-Name = 'myUsername' (9) Chargeable-User-Identity = 0x00 (9) Location-Capable = Civix-Location (9) Calling-Station-Id = '88:63:df:a5:2a:c7' (9) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (9) NAS-Port = 4 (9) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (9) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (9) Cisco-AVPair = 'mDNS=true' (9) NAS-IP-Address = 10.250.0.19 (9) NAS-Identifier = 'Red 8510' (9) Airespace-Wlan-Id = 8 (9) Service-Type = Framed-User (9) Framed-MTU = 1300 (9) NAS-Port-Type = Wireless-802.11 (9) Tunnel-Type:0 = VLAN (9) Tunnel-Medium-Type:0 = IEEE-802 (9) Tunnel-Private-Group-Id:0 = '477' (9) EAP-Message = 0x020a002b19001703010020e9cb715bd5ec105e20f76cac2c01c5f99230edaa4d52b0e9d1c853dba7ab4aa1 (9) State = 0x7f32d9747738c071723770ef4b853a0b (9) Message-Authenticator = 0xfc94b778553fb1128fab89148506888f (9) # Executing section authorize from file /etc/raddb/sites-enabled/default (9) authorize { (9) filter_username filter_username { (9) if (!&User-Name) (9) if (!&User-Name) -> FALSE (9) if (&User-Name =~ / /) (9) if (&User-Name =~ / /) -> FALSE (9) if (&User-Name =~ /@.*@/ ) (9) if (&User-Name =~ /@.*@/ ) -> FALSE (9) if (&User-Name =~ /\\.\\./ ) (9) if (&User-Name =~ /\\.\\./ ) -> FALSE (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (9) if (&User-Name =~ /\\.$/) (9) if (&User-Name =~ /\\.$/) -> FALSE (9) if (&User-Name =~ /@\\./) (9) if (&User-Name =~ /@\\./) -> FALSE (9) } # filter_username filter_username = notfound (9) [preprocess] = ok (9) [chap] = noop (9) [mschap] = noop (9) [digest] = noop (9) suffix : Checking for suffix after "@" (9) suffix : No '@' in User-Name = "myUsername", looking up realm NULL (9) suffix : Found realm "DEFAULT" (9) suffix : Adding Stripped-User-Name = "myUsername" (9) suffix : Adding Realm = "DEFAULT" (9) suffix : Proxying request from user myUsername to realm DEFAULT (9) suffix : Preparing to proxy authentication request to realm "DEFAULT" (9) [suffix] = updated (9) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP. (9) [eap] = noop (9) files : users: Matched entry DEFAULT at line 2 (9) [files] = ok (9) [expiration] = noop (9) [logintime] = noop (9) [pap] = noop (9) } # authorize = updated (9) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default (9) pre-proxy { (9) update control { (9) EXPAND %{Calling-Station-Id} (9) --> 88:63:df:a5:2a:c7 (9) Load-Balance-Key := "88:63:df:a5:2a:c7" (9) } # update control = noop (9) [updated] = updated (9) } # pre-proxy = updated (9) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000 (9) Sending Access-Request packet to host 10.7.0.29 port 1812, id=14, length=0 (9) User-Name = 'myUsername' (9) Chargeable-User-Identity = 0x00 (9) Location-Capable = Civix-Location (9) Calling-Station-Id = '88:63:df:a5:2a:c7' (9) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (9) NAS-Port = 4 (9) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (9) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (9) Cisco-AVPair = 'mDNS=true' (9) NAS-IP-Address = 10.250.0.19 (9) NAS-Identifier = 'Red 8510' (9) Airespace-Wlan-Id = 8 (9) Service-Type = Framed-User (9) Framed-MTU = 1300 (9) NAS-Port-Type = Wireless-802.11 (9) Tunnel-Type:0 = VLAN (9) Tunnel-Medium-Type:0 = IEEE-802 (9) Tunnel-Private-Group-Id:0 = '477' (9) EAP-Message = 0x020a002b19001703010020e9cb715bd5ec105e20f76cac2c01c5f99230edaa4d52b0e9d1c853dba7ab4aa1 (9) State = 0x7f32d9747738c071723770ef4b853a0b (9) Message-Authenticator = 0xfc94b778553fb1128fab89148506888f (9) Event-Timestamp = 'Sep 7 2016 10:45:35 CDT' (9) Stripped-User-Name = 'myUsername' (9) Realm = 'DEFAULT' (9) EAP-Type = PEAP (9) Proxy-State = 0x313432 Sending Access-Request Id 14 from 0.0.0.0:32820 to 10.7.0.29:1812 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x020a002b19001703010020e9cb715bd5ec105e20f76cac2c01c5f99230edaa4d52b0e9d1c853dba7ab4aa1 State = 0x7f32d9747738c071723770ef4b853a0b Message-Authenticator = 0xfc94b778553fb1128fab89148506888f Event-Timestamp = 'Sep 7 2016 10:45:35 CDT' Proxy-State = 0x313432 Waking up in 0.3 seconds. Received Access-Challenge Id 14 from 10.7.0.29:1812 to 10.7.0.28:32820 length 138 EAP-Message = 0x010b004b190017030100402a952dce06857b01c71e6b3c96bac014777efadb450b19ba9a517729c72562591ede479beb1284a533b040ffb50df9de4b05dbf09b2842cafe56771e0ffb557f Message-Authenticator = 0xa42225b2698c5d719e9068b81cd29a54 State = 0x7f32d9747639c071723770ef4b853a0b Proxy-State = 0x313432 (9) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=14, length=138 (9) EAP-Message = 0x010b004b190017030100402a952dce06857b01c71e6b3c96bac014777efadb450b19ba9a517729c72562591ede479beb1284a533b040ffb50df9de4b05dbf09b2842cafe56771e0ffb557f (9) Message-Authenticator = 0xa42225b2698c5d719e9068b81cd29a54 (9) State = 0x7f32d9747639c071723770ef4b853a0b (9) Proxy-State = 0x313432 (9) # Executing section post-proxy from file /etc/raddb/sites-enabled/default (9) post-proxy { (9) eap : No pre-existing handler found (9) [eap] = noop (9) } # post-proxy = noop (9) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=142, length=0 (9) EAP-Message = 0x010b004b190017030100402a952dce06857b01c71e6b3c96bac014777efadb450b19ba9a517729c72562591ede479beb1284a533b040ffb50df9de4b05dbf09b2842cafe56771e0ffb557f (9) Message-Authenticator = 0xa42225b2698c5d719e9068b81cd29a54 (9) State = 0x7f32d9747639c071723770ef4b853a0b Sending Access-Challenge Id 142 from 10.7.0.28:1812 to 10.250.0.19:32777 EAP-Message = 0x010b004b190017030100402a952dce06857b01c71e6b3c96bac014777efadb450b19ba9a517729c72562591ede479beb1284a533b040ffb50df9de4b05dbf09b2842cafe56771e0ffb557f Message-Authenticator = 0xa42225b2698c5d719e9068b81cd29a54 State = 0x7f32d9747639c071723770ef4b853a0b (9) Finished request Waking up in 0.3 seconds. Waking up in 0.1 seconds. (1) Cleaning up request packet ID 134 with timestamp +9 Waking up in 0.5 seconds. Received Access-Request Id 143 from 10.250.0.19:32777 to 10.7.0.28:1812 length 403 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x020b006b190017030100602da275e2c0a123497d8f596416abddf9cc8541b7f81ea401e9f1cd2ca4a58622009c16cdb4fecaab55fcbd546ea4a4ab945805dd9bdf5806893b788e67e76f3dddcdaf38e70b1e1742270592e954b3fca8c138c6d7e5f257868cc3722d3c2895 State = 0x7f32d9747639c071723770ef4b853a0b Message-Authenticator = 0xc242bff0076b825acf333cbe51605d0d (10) Received Access-Request packet from host 10.250.0.19 port 32777, id=143, length=403 (10) User-Name = 'myUsername' (10) Chargeable-User-Identity = 0x00 (10) Location-Capable = Civix-Location (10) Calling-Station-Id = '88:63:df:a5:2a:c7' (10) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (10) NAS-Port = 4 (10) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (10) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (10) Cisco-AVPair = 'mDNS=true' (10) NAS-IP-Address = 10.250.0.19 (10) NAS-Identifier = 'Red 8510' (10) Airespace-Wlan-Id = 8 (10) Service-Type = Framed-User (10) Framed-MTU = 1300 (10) NAS-Port-Type = Wireless-802.11 (10) Tunnel-Type:0 = VLAN (10) Tunnel-Medium-Type:0 = IEEE-802 (10) Tunnel-Private-Group-Id:0 = '477' (10) EAP-Message = 0x020b006b190017030100602da275e2c0a123497d8f596416abddf9cc8541b7f81ea401e9f1cd2ca4a58622009c16cdb4fecaab55fcbd546ea4a4ab945805dd9bdf5806893b788e67e76f3dddcdaf38e70b1e1742270592e954b3fca8c138c6d7e5f257868cc3722d3c2895 (10) State = 0x7f32d9747639c071723770ef4b853a0b (10) Message-Authenticator = 0xc242bff0076b825acf333cbe51605d0d (10) # Executing section authorize from file /etc/raddb/sites-enabled/default (10) authorize { (10) filter_username filter_username { (10) if (!&User-Name) (10) if (!&User-Name) -> FALSE (10) if (&User-Name =~ / /) (10) if (&User-Name =~ / /) -> FALSE (10) if (&User-Name =~ /@.*@/ ) (10) if (&User-Name =~ /@.*@/ ) -> FALSE (10) if (&User-Name =~ /\\.\\./ ) (10) if (&User-Name =~ /\\.\\./ ) -> FALSE (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (10) if (&User-Name =~ /\\.$/) (10) if (&User-Name =~ /\\.$/) -> FALSE (10) if (&User-Name =~ /@\\./) (10) if (&User-Name =~ /@\\./) -> FALSE (10) } # filter_username filter_username = notfound (10) [preprocess] = ok (10) [chap] = noop (10) [mschap] = noop (10) [digest] = noop (10) suffix : Checking for suffix after "@" (10) suffix : No '@' in User-Name = "myUsername", looking up realm NULL (10) suffix : Found realm "DEFAULT" (10) suffix : Adding Stripped-User-Name = "myUsername" (10) suffix : Adding Realm = "DEFAULT" (10) suffix : Proxying request from user myUsername to realm DEFAULT (10) suffix : Preparing to proxy authentication request to realm "DEFAULT" (10) [suffix] = updated (10) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP. (10) [eap] = noop (10) files : users: Matched entry DEFAULT at line 2 (10) [files] = ok (10) [expiration] = noop (10) [logintime] = noop (10) [pap] = noop (10) } # authorize = updated (10) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default (10) pre-proxy { (10) update control { (10) EXPAND %{Calling-Station-Id} (10) --> 88:63:df:a5:2a:c7 (10) Load-Balance-Key := "88:63:df:a5:2a:c7" (10) } # update control = noop (10) [updated] = updated (10) } # pre-proxy = updated (10) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000 (10) Sending Access-Request packet to host 10.7.0.29 port 1812, id=183, length=0 (10) User-Name = 'myUsername' (10) Chargeable-User-Identity = 0x00 (10) Location-Capable = Civix-Location (10) Calling-Station-Id = '88:63:df:a5:2a:c7' (10) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (10) NAS-Port = 4 (10) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (10) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (10) Cisco-AVPair = 'mDNS=true' (10) NAS-IP-Address = 10.250.0.19 (10) NAS-Identifier = 'Red 8510' (10) Airespace-Wlan-Id = 8 (10) Service-Type = Framed-User (10) Framed-MTU = 1300 (10) NAS-Port-Type = Wireless-802.11 (10) Tunnel-Type:0 = VLAN (10) Tunnel-Medium-Type:0 = IEEE-802 (10) Tunnel-Private-Group-Id:0 = '477' (10) EAP-Message = 0x020b006b190017030100602da275e2c0a123497d8f596416abddf9cc8541b7f81ea401e9f1cd2ca4a58622009c16cdb4fecaab55fcbd546ea4a4ab945805dd9bdf5806893b788e67e76f3dddcdaf38e70b1e1742270592e954b3fca8c138c6d7e5f257868cc3722d3c2895 (10) State = 0x7f32d9747639c071723770ef4b853a0b (10) Message-Authenticator = 0xc242bff0076b825acf333cbe51605d0d (10) Event-Timestamp = 'Sep 7 2016 10:45:36 CDT' (10) Stripped-User-Name = 'myUsername' (10) Realm = 'DEFAULT' (10) EAP-Type = PEAP (10) Proxy-State = 0x313433 Sending Access-Request Id 183 from 0.0.0.0:32820 to 10.7.0.29:1812 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x020b006b190017030100602da275e2c0a123497d8f596416abddf9cc8541b7f81ea401e9f1cd2ca4a58622009c16cdb4fecaab55fcbd546ea4a4ab945805dd9bdf5806893b788e67e76f3dddcdaf38e70b1e1742270592e954b3fca8c138c6d7e5f257868cc3722d3c2895 State = 0x7f32d9747639c071723770ef4b853a0b Message-Authenticator = 0xc242bff0076b825acf333cbe51605d0d Event-Timestamp = 'Sep 7 2016 10:45:36 CDT' Proxy-State = 0x313433 Waking up in 0.3 seconds. Waking up in 0.1 seconds. (10) Expecting proxy response no later than 19.499791 seconds from now (2) Cleaning up request packet ID 135 with timestamp +9 Waking up in 0.5 seconds. Received Access-Challenge Id 183 from 10.7.0.29:1812 to 10.7.0.28:32820 length 154 EAP-Message = 0x010c005b19001703010050e28c28af0b5f0499c200f091c5e6c4b4c6692a23e0a5b08c3a79b24afbf72c73c0d044c22dbeca8c2b8f6d6299df9c0ace358170c817f2e82ead03f44fa56c38bfc8bb4677604d57caf831c27c7ea841 Message-Authenticator = 0x60dce85f1339f1fa27a3d9b3015d5395 State = 0x7f32d974753ec071723770ef4b853a0b Proxy-State = 0x313433 (10) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=183, length=154 (10) EAP-Message = 0x010c005b19001703010050e28c28af0b5f0499c200f091c5e6c4b4c6692a23e0a5b08c3a79b24afbf72c73c0d044c22dbeca8c2b8f6d6299df9c0ace358170c817f2e82ead03f44fa56c38bfc8bb4677604d57caf831c27c7ea841 (10) Message-Authenticator = 0x60dce85f1339f1fa27a3d9b3015d5395 (10) State = 0x7f32d974753ec071723770ef4b853a0b (10) Proxy-State = 0x313433 (10) # Executing section post-proxy from file /etc/raddb/sites-enabled/default (10) post-proxy { (10) eap : No pre-existing handler found (10) [eap] = noop (10) } # post-proxy = noop (10) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=143, length=0 (10) EAP-Message = 0x010c005b19001703010050e28c28af0b5f0499c200f091c5e6c4b4c6692a23e0a5b08c3a79b24afbf72c73c0d044c22dbeca8c2b8f6d6299df9c0ace358170c817f2e82ead03f44fa56c38bfc8bb4677604d57caf831c27c7ea841 (10) Message-Authenticator = 0x60dce85f1339f1fa27a3d9b3015d5395 (10) State = 0x7f32d974753ec071723770ef4b853a0b Sending Access-Challenge Id 143 from 10.7.0.28:1812 to 10.250.0.19:32777 EAP-Message = 0x010c005b19001703010050e28c28af0b5f0499c200f091c5e6c4b4c6692a23e0a5b08c3a79b24afbf72c73c0d044c22dbeca8c2b8f6d6299df9c0ace358170c817f2e82ead03f44fa56c38bfc8bb4677604d57caf831c27c7ea841 Message-Authenticator = 0x60dce85f1339f1fa27a3d9b3015d5395 State = 0x7f32d974753ec071723770ef4b853a0b (10) Finished request (3) Cleaning up request packet ID 136 with timestamp +10 Waking up in 0.3 seconds. Waking up in 0.2 seconds. Received Access-Request Id 144 from 10.250.0.19:32777 to 10.7.0.28:1812 length 339 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x020c002b19001703010020911ecd2d497a5e7dae6ad8d5c34f8a92e478d38e2983c8df3ada40d274fc1590 State = 0x7f32d974753ec071723770ef4b853a0b Message-Authenticator = 0x578cbfc6ebd90cea760bf130e5c2b704 (11) Received Access-Request packet from host 10.250.0.19 port 32777, id=144, length=339 (11) User-Name = 'myUsername' (11) Chargeable-User-Identity = 0x00 (11) Location-Capable = Civix-Location (11) Calling-Station-Id = '88:63:df:a5:2a:c7' (11) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (11) NAS-Port = 4 (11) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (11) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (11) Cisco-AVPair = 'mDNS=true' (11) NAS-IP-Address = 10.250.0.19 (11) NAS-Identifier = 'Red 8510' (11) Airespace-Wlan-Id = 8 (11) Service-Type = Framed-User (11) Framed-MTU = 1300 (11) NAS-Port-Type = Wireless-802.11 (11) Tunnel-Type:0 = VLAN (11) Tunnel-Medium-Type:0 = IEEE-802 (11) Tunnel-Private-Group-Id:0 = '477' (11) EAP-Message = 0x020c002b19001703010020911ecd2d497a5e7dae6ad8d5c34f8a92e478d38e2983c8df3ada40d274fc1590 (11) State = 0x7f32d974753ec071723770ef4b853a0b (11) Message-Authenticator = 0x578cbfc6ebd90cea760bf130e5c2b704 (11) # Executing section authorize from file /etc/raddb/sites-enabled/default (11) authorize { (11) filter_username filter_username { (11) if (!&User-Name) (11) if (!&User-Name) -> FALSE (11) if (&User-Name =~ / /) (11) if (&User-Name =~ / /) -> FALSE (11) if (&User-Name =~ /@.*@/ ) (11) if (&User-Name =~ /@.*@/ ) -> FALSE (11) if (&User-Name =~ /\\.\\./ ) (11) if (&User-Name =~ /\\.\\./ ) -> FALSE (11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (11) if (&User-Name =~ /\\.$/) (11) if (&User-Name =~ /\\.$/) -> FALSE (11) if (&User-Name =~ /@\\./) (11) if (&User-Name =~ /@\\./) -> FALSE (11) } # filter_username filter_username = notfound (11) [preprocess] = ok (11) [chap] = noop (11) [mschap] = noop (11) [digest] = noop (11) suffix : Checking for suffix after "@" (11) suffix : No '@' in User-Name = "myUsername", looking up realm NULL (11) suffix : Found realm "DEFAULT" (11) suffix : Adding Stripped-User-Name = "myUsername" (11) suffix : Adding Realm = "DEFAULT" (11) suffix : Proxying request from user myUsername to realm DEFAULT (11) suffix : Preparing to proxy authentication request to realm "DEFAULT" (11) [suffix] = updated (11) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP. (11) [eap] = noop (11) files : users: Matched entry DEFAULT at line 2 (11) [files] = ok (11) [expiration] = noop (11) [logintime] = noop (11) [pap] = noop (11) } # authorize = updated (11) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default (11) pre-proxy { (11) update control { (11) EXPAND %{Calling-Station-Id} (11) --> 88:63:df:a5:2a:c7 (11) Load-Balance-Key := "88:63:df:a5:2a:c7" (11) } # update control = noop (11) [updated] = updated (11) } # pre-proxy = updated (11) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000 (11) Sending Access-Request packet to host 10.7.0.29 port 1812, id=253, length=0 (11) User-Name = 'myUsername' (11) Chargeable-User-Identity = 0x00 (11) Location-Capable = Civix-Location (11) Calling-Station-Id = '88:63:df:a5:2a:c7' (11) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (11) NAS-Port = 4 (11) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (11) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (11) Cisco-AVPair = 'mDNS=true' (11) NAS-IP-Address = 10.250.0.19 (11) NAS-Identifier = 'Red 8510' (11) Airespace-Wlan-Id = 8 (11) Service-Type = Framed-User (11) Framed-MTU = 1300 (11) NAS-Port-Type = Wireless-802.11 (11) Tunnel-Type:0 = VLAN (11) Tunnel-Medium-Type:0 = IEEE-802 (11) Tunnel-Private-Group-Id:0 = '477' (11) EAP-Message = 0x020c002b19001703010020911ecd2d497a5e7dae6ad8d5c34f8a92e478d38e2983c8df3ada40d274fc1590 (11) State = 0x7f32d974753ec071723770ef4b853a0b (11) Message-Authenticator = 0x578cbfc6ebd90cea760bf130e5c2b704 (11) Event-Timestamp = 'Sep 7 2016 10:45:37 CDT' (11) Stripped-User-Name = 'myUsername' (11) Realm = 'DEFAULT' (11) EAP-Type = PEAP (11) Proxy-State = 0x313434 Sending Access-Request Id 253 from 0.0.0.0:32820 to 10.7.0.29:1812 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x020c002b19001703010020911ecd2d497a5e7dae6ad8d5c34f8a92e478d38e2983c8df3ada40d274fc1590 State = 0x7f32d974753ec071723770ef4b853a0b Message-Authenticator = 0x578cbfc6ebd90cea760bf130e5c2b704 Event-Timestamp = 'Sep 7 2016 10:45:37 CDT' Proxy-State = 0x313434 (4) Cleaning up request packet ID 137 with timestamp +10 Waking up in 0.2 seconds. Waking up in 0.1 seconds. (11) Expecting proxy response no later than 19.499789 seconds from now Waking up in 0.1 seconds. (5) Cleaning up request packet ID 138 with timestamp +11 Waking up in 0.5 seconds. Received Access-Challenge Id 253 from 10.7.0.29:1812 to 10.7.0.28:32820 length 106 EAP-Message = 0x010d002b190017030100200403349d9bc7d3fcb0026f77dec021dab2ea898176664dd8b72b2a4f5a3a05c2 Message-Authenticator = 0x300f82004967dab208d08d9bc44e0faa State = 0x7f32d974743fc071723770ef4b853a0b Proxy-State = 0x313434 (11) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=253, length=106 (11) EAP-Message = 0x010d002b190017030100200403349d9bc7d3fcb0026f77dec021dab2ea898176664dd8b72b2a4f5a3a05c2 (11) Message-Authenticator = 0x300f82004967dab208d08d9bc44e0faa (11) State = 0x7f32d974743fc071723770ef4b853a0b (11) Proxy-State = 0x313434 (11) # Executing section post-proxy from file /etc/raddb/sites-enabled/default (11) post-proxy { (11) eap : No pre-existing handler found (11) [eap] = noop (11) } # post-proxy = noop (11) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=144, length=0 (11) EAP-Message = 0x010d002b190017030100200403349d9bc7d3fcb0026f77dec021dab2ea898176664dd8b72b2a4f5a3a05c2 (11) Message-Authenticator = 0x300f82004967dab208d08d9bc44e0faa (11) State = 0x7f32d974743fc071723770ef4b853a0b Sending Access-Challenge Id 144 from 10.7.0.28:1812 to 10.250.0.19:32777 EAP-Message = 0x010d002b190017030100200403349d9bc7d3fcb0026f77dec021dab2ea898176664dd8b72b2a4f5a3a05c2 Message-Authenticator = 0x300f82004967dab208d08d9bc44e0faa State = 0x7f32d974743fc071723770ef4b853a0b (11) Finished request (6) Cleaning up request packet ID 139 with timestamp +12 Waking up in 0.2 seconds. Waking up in 0.3 seconds. Received Access-Request Id 145 from 10.250.0.19:32777 to 10.7.0.28:1812 length 339 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x020d002b19001703010020f5be6094de8c99ffc9a8273924c8a31d6ff7972691b7ada6632f5872eedfbb55 State = 0x7f32d974743fc071723770ef4b853a0b Message-Authenticator = 0xfcfa5d93078a1affcb6cb3e7b745229e (12) Received Access-Request packet from host 10.250.0.19 port 32777, id=145, length=339 (12) User-Name = 'myUsername' (12) Chargeable-User-Identity = 0x00 (12) Location-Capable = Civix-Location (12) Calling-Station-Id = '88:63:df:a5:2a:c7' (12) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (12) NAS-Port = 4 (12) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (12) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (12) Cisco-AVPair = 'mDNS=true' (12) NAS-IP-Address = 10.250.0.19 (12) NAS-Identifier = 'Red 8510' (12) Airespace-Wlan-Id = 8 (12) Service-Type = Framed-User (12) Framed-MTU = 1300 (12) NAS-Port-Type = Wireless-802.11 (12) Tunnel-Type:0 = VLAN (12) Tunnel-Medium-Type:0 = IEEE-802 (12) Tunnel-Private-Group-Id:0 = '477' (12) EAP-Message = 0x020d002b19001703010020f5be6094de8c99ffc9a8273924c8a31d6ff7972691b7ada6632f5872eedfbb55 (12) State = 0x7f32d974743fc071723770ef4b853a0b (12) Message-Authenticator = 0xfcfa5d93078a1affcb6cb3e7b745229e (12) # Executing section authorize from file /etc/raddb/sites-enabled/default (12) authorize { (12) filter_username filter_username { (12) if (!&User-Name) (12) if (!&User-Name) -> FALSE (12) if (&User-Name =~ / /) (12) if (&User-Name =~ / /) -> FALSE (12) if (&User-Name =~ /@.*@/ ) (12) if (&User-Name =~ /@.*@/ ) -> FALSE (12) if (&User-Name =~ /\\.\\./ ) (12) if (&User-Name =~ /\\.\\./ ) -> FALSE (12) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (12) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (12) if (&User-Name =~ /\\.$/) (12) if (&User-Name =~ /\\.$/) -> FALSE (12) if (&User-Name =~ /@\\./) (12) if (&User-Name =~ /@\\./) -> FALSE (12) } # filter_username filter_username = notfound (12) [preprocess] = ok (12) [chap] = noop (12) [mschap] = noop (12) [digest] = noop (12) suffix : Checking for suffix after "@" (12) suffix : No '@' in User-Name = "myUsername", looking up realm NULL (12) suffix : Found realm "DEFAULT" (12) suffix : Adding Stripped-User-Name = "myUsername" (12) suffix : Adding Realm = "DEFAULT" (12) suffix : Proxying request from user myUsername to realm DEFAULT (12) suffix : Preparing to proxy authentication request to realm "DEFAULT" (12) [suffix] = updated (12) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP. (12) [eap] = noop (12) files : users: Matched entry DEFAULT at line 2 (12) [files] = ok (12) [expiration] = noop (12) [logintime] = noop (12) [pap] = noop (12) } # authorize = updated (12) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default (12) pre-proxy { (12) update control { (12) EXPAND %{Calling-Station-Id} (12) --> 88:63:df:a5:2a:c7 (12) Load-Balance-Key := "88:63:df:a5:2a:c7" (12) } # update control = noop (12) [updated] = updated (12) } # pre-proxy = updated (12) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000 (12) Sending Access-Request packet to host 10.7.0.29 port 1812, id=118, length=0 (12) User-Name = 'myUsername' (12) Chargeable-User-Identity = 0x00 (12) Location-Capable = Civix-Location (12) Calling-Station-Id = '88:63:df:a5:2a:c7' (12) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' (12) NAS-Port = 4 (12) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' (12) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' (12) Cisco-AVPair = 'mDNS=true' (12) NAS-IP-Address = 10.250.0.19 (12) NAS-Identifier = 'Red 8510' (12) Airespace-Wlan-Id = 8 (12) Service-Type = Framed-User (12) Framed-MTU = 1300 (12) NAS-Port-Type = Wireless-802.11 (12) Tunnel-Type:0 = VLAN (12) Tunnel-Medium-Type:0 = IEEE-802 (12) Tunnel-Private-Group-Id:0 = '477' (12) EAP-Message = 0x020d002b19001703010020f5be6094de8c99ffc9a8273924c8a31d6ff7972691b7ada6632f5872eedfbb55 (12) State = 0x7f32d974743fc071723770ef4b853a0b (12) Message-Authenticator = 0xfcfa5d93078a1affcb6cb3e7b745229e (12) Event-Timestamp = 'Sep 7 2016 10:45:39 CDT' (12) Stripped-User-Name = 'myUsername' (12) Realm = 'DEFAULT' (12) EAP-Type = PEAP (12) Proxy-State = 0x313435 Sending Access-Request Id 118 from 0.0.0.0:32820 to 10.7.0.29:1812 User-Name = 'myUsername' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = '88:63:df:a5:2a:c7' Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test' NAS-Port = 4 Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057' Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 10.250.0.19 NAS-Identifier = 'Red 8510' Airespace-Wlan-Id = 8 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '477' EAP-Message = 0x020d002b19001703010020f5be6094de8c99ffc9a8273924c8a31d6ff7972691b7ada6632f5872eedfbb55 State = 0x7f32d974743fc071723770ef4b853a0b Message-Authenticator = 0xfcfa5d93078a1affcb6cb3e7b745229e Event-Timestamp = 'Sep 7 2016 10:45:39 CDT' Proxy-State = 0x313435 Received Access-Accept Id 118 from 10.7.0.29:1812 to 10.7.0.28:32820 length 174 MS-MPPE-Recv-Key = 0x87d6d56616f17435791ec25e960ef9fcbb21bd47bdb2eb1c15159c36c9bb784f MS-MPPE-Send-Key = 0x307ca9d1487812fefdd04427922b02676fde3978a1525dd9fdfc1580209c606f EAP-Message = 0x030d0004 Message-Authenticator = 0x724b9960b386632612c62d9408baf6f5 User-Name = 'myUsername' Proxy-State = 0x313435 (12) Received Access-Accept packet from host 10.7.0.29 port 1812, id=118, length=174 (12) MS-MPPE-Recv-Key = 0x87d6d56616f17435791ec25e960ef9fcbb21bd47bdb2eb1c15159c36c9bb784f (12) MS-MPPE-Send-Key = 0x307ca9d1487812fefdd04427922b02676fde3978a1525dd9fdfc1580209c606f (12) EAP-Message = 0x030d0004 (12) Message-Authenticator = 0x724b9960b386632612c62d9408baf6f5 (12) User-Name = 'myUsername' (12) Proxy-State = 0x313435 (12) # Executing section post-proxy from file /etc/raddb/sites-enabled/default (12) post-proxy { (12) eap : No pre-existing handler found (12) [eap] = noop (12) } # post-proxy = noop (12) Found Auth-Type = Accept (12) Auth-Type = Accept, accepting the user (12) # Executing section post-auth from file /etc/raddb/sites-enabled/default (12) post-auth { (12) [exec] = noop (12) remove_reply_message_if_eap remove_reply_message_if_eap { (12) if (&reply:EAP-Message && &reply:Reply-Message) (12) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (12) else else { (12) [noop] = noop (12) } # else else = noop (12) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop (12) } # post-auth = noop (12) Sending Access-Accept packet to host 10.250.0.19 port 32777, id=145, length=0 (12) MS-MPPE-Recv-Key = 0x87d6d56616f17435791ec25e960ef9fcbb21bd47bdb2eb1c15159c36c9bb784f (12) MS-MPPE-Send-Key = 0x307ca9d1487812fefdd04427922b02676fde3978a1525dd9fdfc1580209c606f (12) EAP-Message = 0x030d0004 (12) Message-Authenticator = 0x724b9960b386632612c62d9408baf6f5 (12) User-Name = 'myUsername' Sending Access-Accept Id 145 from 10.7.0.28:1812 to 10.250.0.19:32777 MS-MPPE-Recv-Key = 0x87d6d56616f17435791ec25e960ef9fcbb21bd47bdb2eb1c15159c36c9bb784f MS-MPPE-Send-Key = 0x307ca9d1487812fefdd04427922b02676fde3978a1525dd9fdfc1580209c606f EAP-Message = 0x030d0004 Message-Authenticator = 0x724b9960b386632612c62d9408baf6f5 User-Name = 'myUsername' (12) Finished request (7) Cleaning up request packet ID 140 with timestamp +12 Waking up in 0.2 seconds. Waking up in 0.3 seconds. (8) Cleaning up request packet ID 141 with timestamp +13 Waking up in 0.5 seconds. (9) Cleaning up request packet ID 142 with timestamp +13 Waking up in 1.6 seconds. (10) Cleaning up request packet ID 143 with timestamp +14 Waking up in 1.6 seconds. https://directory.uark.edu/people/sgardne Senior Network Engineer University of Arkansas, ITS-NET