(12) Received Access-Request Id 56 from 192.168.255.112:51351 to 192.168.255.5:1812 length 195 (12) User-Name = "debio@ndtel.com" (12) NAS-IP-Address = 192.168.255.112 (12) NAS-Identifier = "0418d620086c" (12) NAS-Port = 0 (12) Called-Station-Id = "0E-18-D6-22-08-6C:NDTC Corporate 11x" (12) Calling-Station-Id = "C4-85-08-F5-2C-10" (12) Framed-MTU = 1400 (12) NAS-Port-Type = Wireless-802.11 (12) Connect-Info = "CONNECT 0Mbps 802.11b" (12) EAP-Message = 0x0218001401646562696f406e6474656c2e636f6d (12) Message-Authenticator = 0xf095375e1cafefea7e5235c249c50e8b (12) # Executing section authorize from file /etc/raddb/sites-enabled/default (12) authorize { (12) policy filter_username { (12) if (!&User-Name) { (12) if (!&User-Name) -> FALSE (12) if (&User-Name =~ / /) { (12) if (&User-Name =~ / /) -> FALSE (12) if (&User-Name =~ /@.*@/ ) { (12) if (&User-Name =~ /@.*@/ ) -> FALSE (12) if (&User-Name =~ /\.\./ ) { (12) if (&User-Name =~ /\.\./ ) -> FALSE (12) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (12) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (12) if (&User-Name =~ /\.$/) { (12) if (&User-Name =~ /\.$/) -> FALSE (12) if (&User-Name =~ /@\./) { (12) if (&User-Name =~ /@\./) -> FALSE (12) } # policy filter_username = notfound (12) [preprocess] = ok (12) [digest] = noop (12) suffix: Checking for suffix after "@" (12) suffix: Looking up realm "ndtel.com" for User-Name = "debio@ndtel.com" (12) suffix: Found realm "ndtel.com" (12) suffix: Adding Stripped-User-Name = "debio" (12) suffix: Adding Realm = "ndtel.com" (12) suffix: Authentication realm is LOCAL (12) [suffix] = ok (12) eap: Peer sent EAP Response (code 2) ID 24 length 20 (12) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (12) [eap] = ok (12) } # authorize = ok (12) Found Auth-Type = EAP (12) # Executing group from file /etc/raddb/sites-enabled/default (12) authenticate { (12) eap: Peer sent packet with method EAP Identity (1) (12) eap: Calling submodule eap_peap to process data (12) eap_peap: Initiating new EAP-TLS session (12) eap_peap: [eaptls start] = request (12) eap: Sending EAP Request (code 1) ID 25 length 6 (12) eap: EAP session adding &reply:State = 0xf7e39e6bf7fa872e (12) [eap] = handled (12) } # authenticate = handled (12) Using Post-Auth-Type Challenge (12) Post-Auth-Type sub-section not found. Ignoring. (12) # Executing group from file /etc/raddb/sites-enabled/default (12) Sent Access-Challenge Id 56 from 192.168.255.5:1812 to 192.168.255.112:51351 length 0 (12) EAP-Message = 0x011900061920 (12) Message-Authenticator = 0x00000000000000000000000000000000 (12) State = 0xf7e39e6bf7fa872ec52992fbbfa43f16 (12) Finished request Waking up in 4.9 seconds. (13) Received Access-Request Id 57 from 192.168.255.112:51351 to 192.168.255.5:1812 length 300 (13) User-Name = "debio@ndtel.com" (13) NAS-IP-Address = 192.168.255.112 (13) NAS-Identifier = "0418d620086c" (13) NAS-Port = 0 (13) Called-Station-Id = "0E-18-D6-22-08-6C:NDTC Corporate 11x" (13) Calling-Station-Id = "C4-85-08-F5-2C-10" (13) Framed-MTU = 1400 (13) NAS-Port-Type = Wireless-802.11 (13) Connect-Info = "CONNECT 0Mbps 802.11b" (13) EAP-Message = 0x0219006b198000000061160301005c0100005803015600313efce0ac71eff0676e3fe3e0edd301f290b31ec2546412a772dee66392000018c014c013c00ac0090035002f00380032000a00130005000401000017000a00080006001900170018000b00020100ff01000100 (13) State = 0xf7e39e6bf7fa872ec52992fbbfa43f16 (13) Message-Authenticator = 0x7e4d4cc6e7a82c011a831da0e73059c5 (13) session-state: No cached attributes (13) # Executing section authorize from file /etc/raddb/sites-enabled/default (13) authorize { (13) policy filter_username { (13) if (!&User-Name) { (13) if (!&User-Name) -> FALSE (13) if (&User-Name =~ / /) { (13) if (&User-Name =~ / /) -> FALSE (13) if (&User-Name =~ /@.*@/ ) { (13) if (&User-Name =~ /@.*@/ ) -> FALSE (13) if (&User-Name =~ /\.\./ ) { (13) if (&User-Name =~ /\.\./ ) -> FALSE (13) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (13) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (13) if (&User-Name =~ /\.$/) { (13) if (&User-Name =~ /\.$/) -> FALSE (13) if (&User-Name =~ /@\./) { (13) if (&User-Name =~ /@\./) -> FALSE (13) } # policy filter_username = notfound (13) [preprocess] = ok (13) [digest] = noop (13) suffix: Checking for suffix after "@" (13) suffix: Looking up realm "ndtel.com" for User-Name = "debio@ndtel.com" (13) suffix: Found realm "ndtel.com" (13) suffix: Adding Stripped-User-Name = "debio" (13) suffix: Adding Realm = "ndtel.com" (13) suffix: Authentication realm is LOCAL (13) [suffix] = ok (13) eap: Peer sent EAP Response (code 2) ID 25 length 107 (13) eap: Continuing tunnel setup (13) [eap] = ok (13) } # authorize = ok (13) Found Auth-Type = EAP (13) # Executing group from file /etc/raddb/sites-enabled/default (13) authenticate { (13) eap: Expiring EAP session with state 0xf7e39e6bf7fa872e (13) eap: Finished EAP session with state 0xf7e39e6bf7fa872e (13) eap: Previous EAP request found for state 0xf7e39e6bf7fa872e, released from the list (13) eap: Peer sent packet with method EAP PEAP (25) (13) eap: Calling submodule eap_peap to process data (13) eap_peap: Continuing EAP-TLS (13) eap_peap: Peer indicated complete TLS record size will be 97 bytes (13) eap_peap: Got complete TLS record (97 bytes) (13) eap_peap: [eaptls verify] = length included (13) eap_peap: (other): before/accept initialization (13) eap_peap: TLS_accept: before/accept initialization (13) eap_peap: <<< TLS 1.0 Handshake [length 005c], ClientHello (13) eap_peap: TLS_accept: SSLv3 read client hello A (13) eap_peap: >>> TLS 1.0 Handshake [length 0059], ServerHello (13) eap_peap: TLS_accept: SSLv3 write server hello A (13) eap_peap: >>> TLS 1.0 Handshake [length 08b0], Certificate (13) eap_peap: TLS_accept: SSLv3 write certificate A (13) eap_peap: >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange (13) eap_peap: TLS_accept: SSLv3 write key exchange A (13) eap_peap: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone (13) eap_peap: TLS_accept: SSLv3 write server done A (13) eap_peap: TLS_accept: SSLv3 flush data (13) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A (13) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A (13) eap_peap: In SSL Handshake Phase (13) eap_peap: In SSL Accept mode (13) eap_peap: [eaptls process] = handled (13) eap: Sending EAP Request (code 1) ID 26 length 1004 (13) eap: EAP session adding &reply:State = 0xf7e39e6bf6f9872e (13) [eap] = handled (13) } # authenticate = handled (13) Using Post-Auth-Type Challenge (13) Post-Auth-Type sub-section not found. Ignoring. (13) # Executing group from file /etc/raddb/sites-enabled/default (13) Sent Access-Challenge Id 57 from 192.168.255.5:1812 to 192.168.255.112:51351 length 0 (13) EAP-Message = 0x011a03ec19c000000a6c16030100590200005503015600313cc168e781977d554266bae9007d61dcc9b0cda093c4d321375802979720a860fc35e416d563f0afd67f69e48cacafc9c1a1cfced303a30428c3d7e5cd60c01400000dff01000100000b00040300010216030108b00b0008ac0008a90003d0 (13) Message-Authenticator = 0x00000000000000000000000000000000 (13) State = 0xf7e39e6bf6f9872ec52992fbbfa43f16 (13) Finished request Waking up in 4.9 seconds. (14) Received Access-Request Id 58 from 192.168.255.112:51351 to 192.168.255.5:1812 length 199 (14) User-Name = "debio@ndtel.com" (14) NAS-IP-Address = 192.168.255.112 (14) NAS-Identifier = "0418d620086c" (14) NAS-Port = 0 (14) Called-Station-Id = "0E-18-D6-22-08-6C:NDTC Corporate 11x" (14) Calling-Station-Id = "C4-85-08-F5-2C-10" (14) Framed-MTU = 1400 (14) NAS-Port-Type = Wireless-802.11 (14) Connect-Info = "CONNECT 0Mbps 802.11b" (14) EAP-Message = 0x021a00061900 (14) State = 0xf7e39e6bf6f9872ec52992fbbfa43f16 (14) Message-Authenticator = 0x386ff16c812e42bb55c10eda7b7c53ef (14) session-state: No cached attributes (14) # Executing section authorize from file /etc/raddb/sites-enabled/default (14) authorize { (14) policy filter_username { (14) if (!&User-Name) { (14) if (!&User-Name) -> FALSE (14) if (&User-Name =~ / /) { (14) if (&User-Name =~ / /) -> FALSE (14) if (&User-Name =~ /@.*@/ ) { (14) if (&User-Name =~ /@.*@/ ) -> FALSE (14) if (&User-Name =~ /\.\./ ) { (14) if (&User-Name =~ /\.\./ ) -> FALSE (14) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (14) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (14) if (&User-Name =~ /\.$/) { (14) if (&User-Name =~ /\.$/) -> FALSE (14) if (&User-Name =~ /@\./) { (14) if (&User-Name =~ /@\./) -> FALSE (14) } # policy filter_username = notfound (14) [preprocess] = ok (14) [digest] = noop (14) suffix: Checking for suffix after "@" (14) suffix: Looking up realm "ndtel.com" for User-Name = "debio@ndtel.com" (14) suffix: Found realm "ndtel.com" (14) suffix: Adding Stripped-User-Name = "debio" (14) suffix: Adding Realm = "ndtel.com" (14) suffix: Authentication realm is LOCAL (14) [suffix] = ok (14) eap: Peer sent EAP Response (code 2) ID 26 length 6 (14) eap: Continuing tunnel setup (14) [eap] = ok (14) } # authorize = ok (14) Found Auth-Type = EAP (14) # Executing group from file /etc/raddb/sites-enabled/default (14) authenticate { (14) eap: Expiring EAP session with state 0xf7e39e6bf6f9872e (14) eap: Finished EAP session with state 0xf7e39e6bf6f9872e (14) eap: Previous EAP request found for state 0xf7e39e6bf6f9872e, released from the list (14) eap: Peer sent packet with method EAP PEAP (25) (14) eap: Calling submodule eap_peap to process data (14) eap_peap: Continuing EAP-TLS (14) eap_peap: Peer ACKed our handshake fragment (14) eap_peap: [eaptls verify] = request (14) eap_peap: [eaptls process] = handled (14) eap: Sending EAP Request (code 1) ID 27 length 1000 (14) eap: EAP session adding &reply:State = 0xf7e39e6bf5f8872e (14) [eap] = handled (14) } # authenticate = handled (14) Using Post-Auth-Type Challenge (14) Post-Auth-Type sub-section not found. Ignoring. (14) # Executing group from file /etc/raddb/sites-enabled/default (14) Sent Access-Challenge Id 58 from 192.168.255.5:1812 to 192.168.255.112:51351 length 0 (14) EAP-Message = 0x011b03e81940cb266556c619c5b2efa5b201a6104aeffbbebb8cfd465f6a691bd7b1d49fb2d61b1273cc603b2a22bbabcde5c31eabc6bbff16f1a1e487f5daded9fe6ffc9dfacbdac64c43825dee4e2a378bcc2859de84c80339fd6dedd41a13450004d3308204cf308203b7a0030201020209008be4d1 (14) Message-Authenticator = 0x00000000000000000000000000000000 (14) State = 0xf7e39e6bf5f8872ec52992fbbfa43f16 (14) Finished request Waking up in 4.9 seconds. (15) Received Access-Request Id 59 from 192.168.255.112:51351 to 192.168.255.5:1812 length 199 (15) User-Name = "debio@ndtel.com" (15) NAS-IP-Address = 192.168.255.112 (15) NAS-Identifier = "0418d620086c" (15) NAS-Port = 0 (15) Called-Station-Id = "0E-18-D6-22-08-6C:NDTC Corporate 11x" (15) Calling-Station-Id = "C4-85-08-F5-2C-10" (15) Framed-MTU = 1400 (15) NAS-Port-Type = Wireless-802.11 (15) Connect-Info = "CONNECT 0Mbps 802.11b" (15) EAP-Message = 0x021b00061900 (15) State = 0xf7e39e6bf5f8872ec52992fbbfa43f16 (15) Message-Authenticator = 0xf66a218ad0103da738e0d17ee3dc607b (15) session-state: No cached attributes (15) # Executing section authorize from file /etc/raddb/sites-enabled/default (15) authorize { (15) policy filter_username { (15) if (!&User-Name) { (15) if (!&User-Name) -> FALSE (15) if (&User-Name =~ / /) { (15) if (&User-Name =~ / /) -> FALSE (15) if (&User-Name =~ /@.*@/ ) { (15) if (&User-Name =~ /@.*@/ ) -> FALSE (15) if (&User-Name =~ /\.\./ ) { (15) if (&User-Name =~ /\.\./ ) -> FALSE (15) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (15) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (15) if (&User-Name =~ /\.$/) { (15) if (&User-Name =~ /\.$/) -> FALSE (15) if (&User-Name =~ /@\./) { (15) if (&User-Name =~ /@\./) -> FALSE (15) } # policy filter_username = notfound (15) [preprocess] = ok (15) [digest] = noop (15) suffix: Checking for suffix after "@" (15) suffix: Looking up realm "ndtel.com" for User-Name = "debio@ndtel.com" (15) suffix: Found realm "ndtel.com" (15) suffix: Adding Stripped-User-Name = "debio" (15) suffix: Adding Realm = "ndtel.com" (15) suffix: Authentication realm is LOCAL (15) [suffix] = ok (15) eap: Peer sent EAP Response (code 2) ID 27 length 6 (15) eap: Continuing tunnel setup (15) [eap] = ok (15) } # authorize = ok (15) Found Auth-Type = EAP (15) # Executing group from file /etc/raddb/sites-enabled/default (15) authenticate { (15) eap: Expiring EAP session with state 0xf7e39e6bf5f8872e (15) eap: Finished EAP session with state 0xf7e39e6bf5f8872e (15) eap: Previous EAP request found for state 0xf7e39e6bf5f8872e, released from the list (15) eap: Peer sent packet with method EAP PEAP (25) (15) eap: Calling submodule eap_peap to process data (15) eap_peap: Continuing EAP-TLS (15) eap_peap: Peer ACKed our handshake fragment (15) eap_peap: [eaptls verify] = request (15) eap_peap: [eaptls process] = handled (15) eap: Sending EAP Request (code 1) ID 28 length 686 (15) eap: EAP session adding &reply:State = 0xf7e39e6bf4ff872e (15) [eap] = handled (15) } # authenticate = handled (15) Using Post-Auth-Type Challenge (15) Post-Auth-Type sub-section not found. Ignoring. (15) # Executing group from file /etc/raddb/sites-enabled/default (15) Sent Access-Challenge Id 59 from 192.168.255.5:1812 to 192.168.255.112:51351 length 0 (15) EAP-Message = 0x011c02ae19000101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010505000382010100b707329146869fa84ff08f2d837b56ab01c7cf46e55fb12e73f7b6ca691d156b9074 (15) Message-Authenticator = 0x00000000000000000000000000000000 (15) State = 0xf7e39e6bf4ff872ec52992fbbfa43f16 (15) Finished request Waking up in 4.9 seconds. (16) Received Access-Request Id 60 from 192.168.255.112:51351 to 192.168.255.5:1812 length 337 (16) User-Name = "debio@ndtel.com" (16) NAS-IP-Address = 192.168.255.112 (16) NAS-Identifier = "0418d620086c" (16) NAS-Port = 0 (16) Called-Station-Id = "0E-18-D6-22-08-6C:NDTC Corporate 11x" (16) Calling-Station-Id = "C4-85-08-F5-2C-10" (16) Framed-MTU = 1400 (16) NAS-Port-Type = Wireless-802.11 (16) Connect-Info = "CONNECT 0Mbps 802.11b" (16) EAP-Message = 0x021c00901980000000861603010046100000424104ee480bfb45ff99e538896c6229fab4477530fdb3600adeecbdfe5a4c605f328b321de6dda7d9dc205bea98ce1ad1d2e822a5ebeedd700661044f5805d96758181403010001011603010030b8753d10337c8902aaeab13856f7ea1262415ee050661e (16) State = 0xf7e39e6bf4ff872ec52992fbbfa43f16 (16) Message-Authenticator = 0x465a05fa5494427b0cb04fa547073b14 (16) session-state: No cached attributes (16) # Executing section authorize from file /etc/raddb/sites-enabled/default (16) authorize { (16) policy filter_username { (16) if (!&User-Name) { (16) if (!&User-Name) -> FALSE (16) if (&User-Name =~ / /) { (16) if (&User-Name =~ / /) -> FALSE (16) if (&User-Name =~ /@.*@/ ) { (16) if (&User-Name =~ /@.*@/ ) -> FALSE (16) if (&User-Name =~ /\.\./ ) { (16) if (&User-Name =~ /\.\./ ) -> FALSE (16) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (16) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (16) if (&User-Name =~ /\.$/) { (16) if (&User-Name =~ /\.$/) -> FALSE (16) if (&User-Name =~ /@\./) { (16) if (&User-Name =~ /@\./) -> FALSE (16) } # policy filter_username = notfound (16) [preprocess] = ok (16) [digest] = noop (16) suffix: Checking for suffix after "@" (16) suffix: Looking up realm "ndtel.com" for User-Name = "debio@ndtel.com" (16) suffix: Found realm "ndtel.com" (16) suffix: Adding Stripped-User-Name = "debio" (16) suffix: Adding Realm = "ndtel.com" (16) suffix: Authentication realm is LOCAL (16) [suffix] = ok (16) eap: Peer sent EAP Response (code 2) ID 28 length 144 (16) eap: Continuing tunnel setup (16) [eap] = ok (16) } # authorize = ok (16) Found Auth-Type = EAP (16) # Executing group from file /etc/raddb/sites-enabled/default (16) authenticate { (16) eap: Expiring EAP session with state 0xf7e39e6bf4ff872e (16) eap: Finished EAP session with state 0xf7e39e6bf4ff872e (16) eap: Previous EAP request found for state 0xf7e39e6bf4ff872e, released from the list (16) eap: Peer sent packet with method EAP PEAP (25) (16) eap: Calling submodule eap_peap to process data (16) eap_peap: Continuing EAP-TLS (16) eap_peap: Peer indicated complete TLS record size will be 134 bytes (16) eap_peap: Got complete TLS record (134 bytes) (16) eap_peap: [eaptls verify] = length included (16) eap_peap: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange (16) eap_peap: TLS_accept: SSLv3 read client key exchange A (16) eap_peap: <<< TLS 1.0 ChangeCipherSpec [length 0001] (16) eap_peap: <<< TLS 1.0 Handshake [length 0010], Finished (16) eap_peap: TLS_accept: SSLv3 read finished A (16) eap_peap: >>> TLS 1.0 ChangeCipherSpec [length 0001] (16) eap_peap: TLS_accept: SSLv3 write change cipher spec A (16) eap_peap: >>> TLS 1.0 Handshake [length 0010], Finished (16) eap_peap: TLS_accept: SSLv3 write finished A (16) eap_peap: TLS_accept: SSLv3 flush data (16) eap_peap: (other): SSL negotiation finished successfully (16) eap_peap: SSL Connection Established (16) eap_peap: [eaptls process] = handled (16) eap: Sending EAP Request (code 1) ID 29 length 65 (16) eap: EAP session adding &reply:State = 0xf7e39e6bf3fe872e (16) [eap] = handled (16) } # authenticate = handled (16) Using Post-Auth-Type Challenge (16) Post-Auth-Type sub-section not found. Ignoring. (16) # Executing group from file /etc/raddb/sites-enabled/default (16) Sent Access-Challenge Id 60 from 192.168.255.5:1812 to 192.168.255.112:51351 length 0 (16) EAP-Message = 0x011d004119001403010001011603010030f751cd5ff31bf9ce1e9efa4f09554562a199e9d7f3196a0c5a9b52881f3846ea362b70b2113903e6ec38ab5c4b3c64fd (16) Message-Authenticator = 0x00000000000000000000000000000000 (16) State = 0xf7e39e6bf3fe872ec52992fbbfa43f16 (16) Finished request Waking up in 4.9 seconds. (17) Received Access-Request Id 61 from 192.168.255.112:51351 to 192.168.255.5:1812 length 199 (17) User-Name = "debio@ndtel.com" (17) NAS-IP-Address = 192.168.255.112 (17) NAS-Identifier = "0418d620086c" (17) NAS-Port = 0 (17) Called-Station-Id = "0E-18-D6-22-08-6C:NDTC Corporate 11x" (17) Calling-Station-Id = "C4-85-08-F5-2C-10" (17) Framed-MTU = 1400 (17) NAS-Port-Type = Wireless-802.11 (17) Connect-Info = "CONNECT 0Mbps 802.11b" (17) EAP-Message = 0x021d00061900 (17) State = 0xf7e39e6bf3fe872ec52992fbbfa43f16 (17) Message-Authenticator = 0x98c2321ed5d87ca48e43a397c5d02ec6 (17) session-state: No cached attributes (17) # Executing section authorize from file /etc/raddb/sites-enabled/default (17) authorize { (17) policy filter_username { (17) if (!&User-Name) { (17) if (!&User-Name) -> FALSE (17) if (&User-Name =~ / /) { (17) if (&User-Name =~ / /) -> FALSE (17) if (&User-Name =~ /@.*@/ ) { (17) if (&User-Name =~ /@.*@/ ) -> FALSE (17) if (&User-Name =~ /\.\./ ) { (17) if (&User-Name =~ /\.\./ ) -> FALSE (17) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (17) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (17) if (&User-Name =~ /\.$/) { (17) if (&User-Name =~ /\.$/) -> FALSE (17) if (&User-Name =~ /@\./) { (17) if (&User-Name =~ /@\./) -> FALSE (17) } # policy filter_username = notfound (17) [preprocess] = ok (17) [digest] = noop (17) suffix: Checking for suffix after "@" (17) suffix: Looking up realm "ndtel.com" for User-Name = "debio@ndtel.com" (17) suffix: Found realm "ndtel.com" (17) suffix: Adding Stripped-User-Name = "debio" (17) suffix: Adding Realm = "ndtel.com" (17) suffix: Authentication realm is LOCAL (17) [suffix] = ok (17) eap: Peer sent EAP Response (code 2) ID 29 length 6 (17) eap: Continuing tunnel setup (17) [eap] = ok (17) } # authorize = ok (17) Found Auth-Type = EAP (17) # Executing group from file /etc/raddb/sites-enabled/default (17) authenticate { (17) eap: Expiring EAP session with state 0xf7e39e6bf3fe872e (17) eap: Finished EAP session with state 0xf7e39e6bf3fe872e (17) eap: Previous EAP request found for state 0xf7e39e6bf3fe872e, released from the list (17) eap: Peer sent packet with method EAP PEAP (25) (17) eap: Calling submodule eap_peap to process data (17) eap_peap: Continuing EAP-TLS (17) eap_peap: Peer ACKed our handshake fragment. handshake is finished (17) eap_peap: [eaptls verify] = success (17) eap_peap: [eaptls process] = success (17) eap_peap: Session established. Decoding tunneled attributes (17) eap_peap: PEAP state TUNNEL ESTABLISHED (17) eap: Sending EAP Request (code 1) ID 30 length 43 (17) eap: EAP session adding &reply:State = 0xf7e39e6bf2fd872e (17) [eap] = handled (17) } # authenticate = handled (17) Using Post-Auth-Type Challenge (17) Post-Auth-Type sub-section not found. Ignoring. (17) # Executing group from file /etc/raddb/sites-enabled/default (17) Sent Access-Challenge Id 61 from 192.168.255.5:1812 to 192.168.255.112:51351 length 0 (17) EAP-Message = 0x011e002b190017030100202f5eaf31eaba02beaee46eca5cc816eeb5033b908b3be222f98eb36c0c0f8d5b (17) Message-Authenticator = 0x00000000000000000000000000000000 (17) State = 0xf7e39e6bf2fd872ec52992fbbfa43f16 (17) Finished request Waking up in 4.9 seconds. (18) Received Access-Request Id 62 from 192.168.255.112:51351 to 192.168.255.5:1812 length 252 (18) User-Name = "debio@ndtel.com" (18) NAS-IP-Address = 192.168.255.112 (18) NAS-Identifier = "0418d620086c" (18) NAS-Port = 0 (18) Called-Station-Id = "0E-18-D6-22-08-6C:NDTC Corporate 11x" (18) Calling-Station-Id = "C4-85-08-F5-2C-10" (18) Framed-MTU = 1400 (18) NAS-Port-Type = Wireless-802.11 (18) Connect-Info = "CONNECT 0Mbps 802.11b" (18) EAP-Message = 0x021e003b1900170301003091dd2ee944d413dca54984c1ef542af5bad59ab556fc60d88c9f465389fe6100f0f6b250f17507672e78dd17e929bd69 (18) State = 0xf7e39e6bf2fd872ec52992fbbfa43f16 (18) Message-Authenticator = 0x9cff036f682de67d322217138a7a75ae (18) session-state: No cached attributes (18) # Executing section authorize from file /etc/raddb/sites-enabled/default (18) authorize { (18) policy filter_username { (18) if (!&User-Name) { (18) if (!&User-Name) -> FALSE (18) if (&User-Name =~ / /) { (18) if (&User-Name =~ / /) -> FALSE (18) if (&User-Name =~ /@.*@/ ) { (18) if (&User-Name =~ /@.*@/ ) -> FALSE (18) if (&User-Name =~ /\.\./ ) { (18) if (&User-Name =~ /\.\./ ) -> FALSE (18) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (18) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (18) if (&User-Name =~ /\.$/) { (18) if (&User-Name =~ /\.$/) -> FALSE (18) if (&User-Name =~ /@\./) { (18) if (&User-Name =~ /@\./) -> FALSE (18) } # policy filter_username = notfound (18) [preprocess] = ok (18) [digest] = noop (18) suffix: Checking for suffix after "@" (18) suffix: Looking up realm "ndtel.com" for User-Name = "debio@ndtel.com" (18) suffix: Found realm "ndtel.com" (18) suffix: Adding Stripped-User-Name = "debio" (18) suffix: Adding Realm = "ndtel.com" (18) suffix: Authentication realm is LOCAL (18) [suffix] = ok (18) eap: Peer sent EAP Response (code 2) ID 30 length 59 (18) eap: Continuing tunnel setup (18) [eap] = ok (18) } # authorize = ok (18) Found Auth-Type = EAP (18) # Executing group from file /etc/raddb/sites-enabled/default (18) authenticate { (18) eap: Expiring EAP session with state 0xf7e39e6bf2fd872e (18) eap: Finished EAP session with state 0xf7e39e6bf2fd872e (18) eap: Previous EAP request found for state 0xf7e39e6bf2fd872e, released from the list (18) eap: Peer sent packet with method EAP PEAP (25) (18) eap: Calling submodule eap_peap to process data (18) eap_peap: Continuing EAP-TLS (18) eap_peap: [eaptls verify] = ok (18) eap_peap: Done initial handshake (18) eap_peap: [eaptls process] = ok (18) eap_peap: Session established. Decoding tunneled attributes (18) eap_peap: PEAP state WAITING FOR INNER IDENTITY (18) eap_peap: Identity - debio@ndtel.com (18) eap_peap: Got inner identity 'debio@ndtel.com' (18) eap_peap: Setting default EAP type for tunneled EAP session (18) eap_peap: Got tunneled request (18) eap_peap: EAP-Message = 0x021e001401646562696f406e6474656c2e636f6d (18) eap_peap: Setting User-Name to debio@ndtel.com (18) eap_peap: Sending tunneled request to inner-tunnel (18) eap_peap: EAP-Message = 0x021e001401646562696f406e6474656c2e636f6d (18) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (18) eap_peap: User-Name = "debio@ndtel.com" (18) Virtual server inner-tunnel received request (18) EAP-Message = 0x021e001401646562696f406e6474656c2e636f6d (18) FreeRADIUS-Proxied-To = 127.0.0.1 (18) User-Name = "debio@ndtel.com" (18) server inner-tunnel { (18) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (18) authorize { (18) [mschap] = noop (18) suffix: Checking for suffix after "@" (18) suffix: Looking up realm "ndtel.com" for User-Name = "debio@ndtel.com" (18) suffix: Found realm "ndtel.com" (18) suffix: Adding Stripped-User-Name = "debio" (18) suffix: Adding Realm = "ndtel.com" (18) suffix: Authentication realm is LOCAL (18) [suffix] = ok (18) update control { (18) &Proxy-To-Realm := LOCAL (18) } # update control = noop (18) eap: Peer sent EAP Response (code 2) ID 30 length 20 (18) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (18) [eap] = ok (18) } # authorize = ok (18) Found Auth-Type = EAP (18) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (18) authenticate { (18) eap: Peer sent packet with method EAP Identity (1) (18) eap: Calling submodule eap_mschapv2 to process data (18) eap_mschapv2: Issuing Challenge (18) eap: Sending EAP Request (code 1) ID 31 length 42 (18) eap: EAP session adding &reply:State = 0x7754d57b774bcf56 (18) [eap] = handled (18) } # authenticate = handled (18) } # server inner-tunnel (18) Virtual server sending reply (18) EAP-Message = 0x011f002a1a011f00251076135fe21091cf110819cd50a2ee9d38667265657261646975732d332e302e39 (18) Message-Authenticator = 0x00000000000000000000000000000000 (18) State = 0x7754d57b774bcf56655288daaaba3b4b (18) eap_peap: Got tunneled reply code 11 (18) eap_peap: EAP-Message = 0x011f002a1a011f00251076135fe21091cf110819cd50a2ee9d38667265657261646975732d332e302e39 (18) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (18) eap_peap: State = 0x7754d57b774bcf56655288daaaba3b4b (18) eap_peap: Got tunneled reply RADIUS code 11 (18) eap_peap: EAP-Message = 0x011f002a1a011f00251076135fe21091cf110819cd50a2ee9d38667265657261646975732d332e302e39 (18) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (18) eap_peap: State = 0x7754d57b774bcf56655288daaaba3b4b (18) eap_peap: Got tunneled Access-Challenge (18) eap: Sending EAP Request (code 1) ID 31 length 75 (18) eap: EAP session adding &reply:State = 0xf7e39e6bf1fc872e (18) [eap] = handled (18) } # authenticate = handled (18) Using Post-Auth-Type Challenge (18) Post-Auth-Type sub-section not found. Ignoring. (18) # Executing group from file /etc/raddb/sites-enabled/default (18) Sent Access-Challenge Id 62 from 192.168.255.5:1812 to 192.168.255.112:51351 length 0 (18) EAP-Message = 0x011f004b19001703010040588bc6b7cb7f9b26799cebdd4aaf1ea95ed2e0732255f0d3dbad0e82297e1d9239a52496f930deaedbccc22e93d692e5f1b75df0391aa7a2942127609b11f077 (18) Message-Authenticator = 0x00000000000000000000000000000000 (18) State = 0xf7e39e6bf1fc872ec52992fbbfa43f16 (18) Finished request Waking up in 4.9 seconds. (19) Received Access-Request Id 63 from 192.168.255.112:51351 to 192.168.255.5:1812 length 300 (19) User-Name = "debio@ndtel.com" (19) NAS-IP-Address = 192.168.255.112 (19) NAS-Identifier = "0418d620086c" (19) NAS-Port = 0 (19) Called-Station-Id = "0E-18-D6-22-08-6C:NDTC Corporate 11x" (19) Calling-Station-Id = "C4-85-08-F5-2C-10" (19) Framed-MTU = 1400 (19) NAS-Port-Type = Wireless-802.11 (19) Connect-Info = "CONNECT 0Mbps 802.11b" (19) EAP-Message = 0x021f006b190017030100606aeb43d36debca55b0356524d649ed1c4869f7ceb203d90b1e82d8beb9273161a0d1a1788b8c60f6555df96607850ca5e8948cd506f710eaa8d0fd28164bf75f731679da639def09d798b49a569f1dff9bb213a694ebeecb5478d71d8f296c2a (19) State = 0xf7e39e6bf1fc872ec52992fbbfa43f16 (19) Message-Authenticator = 0xd8346598faaeb39fc73c3dbd3d119b69 (19) session-state: No cached attributes (19) # Executing section authorize from file /etc/raddb/sites-enabled/default (19) authorize { (19) policy filter_username { (19) if (!&User-Name) { (19) if (!&User-Name) -> FALSE (19) if (&User-Name =~ / /) { (19) if (&User-Name =~ / /) -> FALSE (19) if (&User-Name =~ /@.*@/ ) { (19) if (&User-Name =~ /@.*@/ ) -> FALSE (19) if (&User-Name =~ /\.\./ ) { (19) if (&User-Name =~ /\.\./ ) -> FALSE (19) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (19) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (19) if (&User-Name =~ /\.$/) { (19) if (&User-Name =~ /\.$/) -> FALSE (19) if (&User-Name =~ /@\./) { (19) if (&User-Name =~ /@\./) -> FALSE (19) } # policy filter_username = notfound (19) [preprocess] = ok (19) [digest] = noop (19) suffix: Checking for suffix after "@" (19) suffix: Looking up realm "ndtel.com" for User-Name = "debio@ndtel.com" (19) suffix: Found realm "ndtel.com" (19) suffix: Adding Stripped-User-Name = "debio" (19) suffix: Adding Realm = "ndtel.com" (19) suffix: Authentication realm is LOCAL (19) [suffix] = ok (19) eap: Peer sent EAP Response (code 2) ID 31 length 107 (19) eap: Continuing tunnel setup (19) [eap] = ok (19) } # authorize = ok (19) Found Auth-Type = EAP (19) # Executing group from file /etc/raddb/sites-enabled/default (19) authenticate { (19) eap: Expiring EAP session with state 0x7754d57b774bcf56 (19) eap: Finished EAP session with state 0xf7e39e6bf1fc872e (19) eap: Previous EAP request found for state 0xf7e39e6bf1fc872e, released from the list (19) eap: Peer sent packet with method EAP PEAP (25) (19) eap: Calling submodule eap_peap to process data (19) eap_peap: Continuing EAP-TLS (19) eap_peap: [eaptls verify] = ok (19) eap_peap: Done initial handshake (19) eap_peap: [eaptls process] = ok (19) eap_peap: Session established. Decoding tunneled attributes (19) eap_peap: PEAP state phase2 (19) eap_peap: EAP method MSCHAPv2 (26) (19) eap_peap: Got tunneled request (19) eap_peap: EAP-Message = 0x021f004a1a021f004531fec8a3f3e19e61986b123c7d727ae0580000000000000000ba7cf7daa2fb3d78850a99b4bcc07ef20ba45b3dc0830adc00646562696f406e6474656c2e636f6d (19) eap_peap: Setting User-Name to debio@ndtel.com (19) eap_peap: Sending tunneled request to inner-tunnel (19) eap_peap: EAP-Message = 0x021f004a1a021f004531fec8a3f3e19e61986b123c7d727ae0580000000000000000ba7cf7daa2fb3d78850a99b4bcc07ef20ba45b3dc0830adc00646562696f406e6474656c2e636f6d (19) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (19) eap_peap: User-Name = "debio@ndtel.com" (19) eap_peap: State = 0x7754d57b774bcf56655288daaaba3b4b (19) Virtual server inner-tunnel received request (19) EAP-Message = 0x021f004a1a021f004531fec8a3f3e19e61986b123c7d727ae0580000000000000000ba7cf7daa2fb3d78850a99b4bcc07ef20ba45b3dc0830adc00646562696f406e6474656c2e636f6d (19) FreeRADIUS-Proxied-To = 127.0.0.1 (19) User-Name = "debio@ndtel.com" (19) State = 0x7754d57b774bcf56655288daaaba3b4b (19) server inner-tunnel { (19) session-state: No cached attributes (19) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (19) authorize { (19) [mschap] = noop (19) suffix: Checking for suffix after "@" (19) suffix: Looking up realm "ndtel.com" for User-Name = "debio@ndtel.com" (19) suffix: Found realm "ndtel.com" (19) suffix: Adding Stripped-User-Name = "debio" (19) suffix: Adding Realm = "ndtel.com" (19) suffix: Authentication realm is LOCAL (19) [suffix] = ok (19) update control { (19) &Proxy-To-Realm := LOCAL (19) } # update control = noop (19) eap: Peer sent EAP Response (code 2) ID 31 length 74 (19) eap: No EAP Start, assuming it's an on-going EAP conversation (19) [eap] = updated rlm_ldap (ldap): Closing connection (6): Hit idle_timeout, was idle for 186 seconds rlm_ldap (ldap): You probably need to lower "min" rlm_ldap (ldap): Closing connection (5): Hit idle_timeout, was idle for 186 seconds rlm_ldap (ldap): You probably need to lower "min" rlm_ldap (ldap): 0 of 0 connections in use. You may need to increase "spare" rlm_ldap (ldap): Opening additional connection (7), 1 of 32 pending slots used rlm_ldap (ldap): Connecting to ldap://66.163.129.140:389 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful rlm_ldap (ldap): Reserved connection (7) (19) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (19) ldap: --> (uid=debio) (19) ldap: Performing search in "o=ndtc" with filter "(uid=debio)", scope "sub" (19) ldap: Waiting for search result... (19) ldap: Search returned no results rlm_ldap (ldap): Released connection (7) rlm_ldap (ldap): 0 of 1 connections in use. Need more spares rlm_ldap (ldap): Opening additional connection (8), 1 of 31 pending slots used rlm_ldap (ldap): Connecting to ldap://66.163.129.140:389 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful (19) [ldap] = notfound (19) [expiration] = noop (19) [logintime] = noop (19) [pap] = noop (19) } # authorize = updated (19) Found Auth-Type = EAP (19) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (19) authenticate { (19) eap: Expiring EAP session with state 0x7754d57b774bcf56 (19) eap: Finished EAP session with state 0x7754d57b774bcf56 (19) eap: Previous EAP request found for state 0x7754d57b774bcf56, released from the list (19) eap: Peer sent packet with method EAP MSCHAPv2 (26) (19) eap: Calling submodule eap_mschapv2 to process data (19) eap_mschapv2: # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (19) eap_mschapv2: Auth-Type MS-CHAP { (19) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password (19) mschap: WARNING: No Cleartext-Password configured. Cannot create LM-Password (19) mschap: Creating challenge hash with username: debio@ndtel.com (19) mschap: Client is using MS-CHAPv2 (19) mschap: ERROR: FAILED: No NT/LM-Password. Cannot perform authentication (19) mschap: ERROR: MS-CHAP2-Response is incorrect (19) [mschap] = reject (19) } # Auth-Type MS-CHAP = reject (19) MSCHAP-Error: ?E=691 R=1 (19) Could not parse new challenge from MS-CHAP-Error: 2 (19) ERROR: MSCHAP Failure (19) eap: Sending EAP Request (code 1) ID 32 length 18 (19) eap: EAP session adding &reply:State = 0x7754d57b7674cf56 (19) [eap] = handled (19) } # authenticate = handled (19) } # server inner-tunnel (19) Virtual server sending reply (19) EAP-Message = 0x012000121a041f000d453d36393120523d31 (19) Message-Authenticator = 0x00000000000000000000000000000000 (19) State = 0x7754d57b7674cf56655288daaaba3b4b (19) eap_peap: Got tunneled reply code 11 (19) eap_peap: EAP-Message = 0x012000121a041f000d453d36393120523d31 (19) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (19) eap_peap: State = 0x7754d57b7674cf56655288daaaba3b4b (19) eap_peap: Got tunneled reply RADIUS code 11 (19) eap_peap: EAP-Message = 0x012000121a041f000d453d36393120523d31 (19) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (19) eap_peap: State = 0x7754d57b7674cf56655288daaaba3b4b (19) eap_peap: Got tunneled Access-Challenge (19) eap: Sending EAP Request (code 1) ID 32 length 59 (19) eap: EAP session adding &reply:State = 0xf7e39e6bf0c3872e (19) [eap] = handled (19) } # authenticate = handled (19) Using Post-Auth-Type Challenge (19) Post-Auth-Type sub-section not found. Ignoring. (19) # Executing group from file /etc/raddb/sites-enabled/default (19) Sent Access-Challenge Id 63 from 192.168.255.5:1812 to 192.168.255.112:51351 length 0 (19) EAP-Message = 0x0120003b19001703010030bdecb3e326cafd70e31a3e7f70140eb79d39527746ec66d7ae534b462bae18d9beb5560abea1866cb890281f55d37e81 (19) Message-Authenticator = 0x00000000000000000000000000000000 (19) State = 0xf7e39e6bf0c3872ec52992fbbfa43f16 (19) Finished request Waking up in 4.7 seconds. (12) : Cleaning up request packet ID 56 with timestamp +285 (13) : Cleaning up request packet ID 57 with timestamp +285 (14) : Cleaning up request packet ID 58 with timestamp +285 (15) : Cleaning up request packet ID 59 with timestamp +285 (16) : Cleaning up request packet ID 60 with timestamp +285 (17) : Cleaning up request packet ID 61 with timestamp +285 (18) : Cleaning up request packet ID 62 with timestamp +285 Waking up in 0.1 seconds. (19) : Cleaning up request packet ID 63 with timestamp +285 Ready to process requests