[root@ndtc-fs raddb]# (21) Received Access-Request Id 65 from 192.168.255.112:51351 to 192.168.255.5:1812 length 195 (21) User-Name = "alexm@ndtel.com" (21) NAS-IP-Address = 192.168.255.112 (21) NAS-Identifier = "0418d620086c" (21) NAS-Port = 0 (21) Called-Station-Id = "0E-18-D6-22-08-6C:NDTC Corporate 11x" (21) Calling-Station-Id = "C4-85-08-F5-2C-10" (21) Framed-MTU = 1400 (21) NAS-Port-Type = Wireless-802.11 (21) Connect-Info = "CONNECT 0Mbps 802.11b" (21) EAP-Message = 0x024c001401616c65786d406e6474656c2e636f6d (21) Message-Authenticator = 0x8a89b9abc0ad91064379ed9c58562316 (21) # Executing section authorize from file /etc/raddb/sites-enabled/default (21) authorize { (21) policy filter_username { (21) if (!&User-Name) { (21) if (!&User-Name) -> FALSE (21) if (&User-Name =~ / /) { (21) if (&User-Name =~ / /) -> FALSE (21) if (&User-Name =~ /@.*@/ ) { (21) if (&User-Name =~ /@.*@/ ) -> FALSE (21) if (&User-Name =~ /\.\./ ) { (21) if (&User-Name =~ /\.\./ ) -> FALSE (21) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (21) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (21) if (&User-Name =~ /\.$/) { (21) if (&User-Name =~ /\.$/) -> FALSE (21) if (&User-Name =~ /@\./) { (21) if (&User-Name =~ /@\./) -> FALSE (21) } # policy filter_username = notfound (21) [preprocess] = ok (21) [digest] = noop (21) suffix: Checking for suffix after "@" (21) suffix: Looking up realm "ndtel.com" for User-Name = "alexm@ndtel.com" (21) suffix: Found realm "ndtel.com" (21) suffix: Adding Stripped-User-Name = "alexm" (21) suffix: Adding Realm = "ndtel.com" (21) suffix: Authentication realm is LOCAL (21) [suffix] = ok (21) eap: Peer sent EAP Response (code 2) ID 76 length 20 (21) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (21) [eap] = ok (21) } # authorize = ok (21) Found Auth-Type = EAP (21) # Executing group from file /etc/raddb/sites-enabled/default (21) authenticate { (21) eap: Peer sent packet with method EAP Identity (1) (21) eap: Calling submodule eap_peap to process data (21) eap_peap: Initiating new EAP-TLS session (21) eap_peap: [eaptls start] = request (21) eap: Sending EAP Request (code 1) ID 77 length 6 (21) eap: EAP session adding &reply:State = 0x39036bb7394e72a2 (21) [eap] = handled (21) } # authenticate = handled (21) Using Post-Auth-Type Challenge (21) Post-Auth-Type sub-section not found. Ignoring. (21) # Executing group from file /etc/raddb/sites-enabled/default (21) Sent Access-Challenge Id 65 from 192.168.255.5:1812 to 192.168.255.112:51351 length 0 (21) EAP-Message = 0x014d00061920 (21) Message-Authenticator = 0x00000000000000000000000000000000 (21) State = 0x39036bb7394e72a2f4cfd4fec187241f (21) Finished request Waking up in 4.9 seconds. (22) Received Access-Request Id 66 from 192.168.255.112:51351 to 192.168.255.5:1812 length 300 (22) User-Name = "alexm@ndtel.com" (22) NAS-IP-Address = 192.168.255.112 (22) NAS-Identifier = "0418d620086c" (22) NAS-Port = 0 (22) Called-Station-Id = "0E-18-D6-22-08-6C:NDTC Corporate 11x" (22) Calling-Station-Id = "C4-85-08-F5-2C-10" (22) Framed-MTU = 1400 (22) NAS-Port-Type = Wireless-802.11 (22) Connect-Info = "CONNECT 0Mbps 802.11b" (22) EAP-Message = 0x024d006b198000000061160301005c010000580301560059a91b3bfcb065d4bb8dd742f6d614ba212b00361edcef24d1aef9ae5bfa000018c014c013c00ac0090035002f00380032000a00130005000401000017000a00080006001900170018000b00020100ff01000100 (22) State = 0x39036bb7394e72a2f4cfd4fec187241f (22) Message-Authenticator = 0xb702121907ebc7a389a8fd8755907d35 (22) session-state: No cached attributes (22) # Executing section authorize from file /etc/raddb/sites-enabled/default (22) authorize { (22) policy filter_username { (22) if (!&User-Name) { (22) if (!&User-Name) -> FALSE (22) if (&User-Name =~ / /) { (22) if (&User-Name =~ / /) -> FALSE (22) if (&User-Name =~ /@.*@/ ) { (22) if (&User-Name =~ /@.*@/ ) -> FALSE (22) if (&User-Name =~ /\.\./ ) { (22) if (&User-Name =~ /\.\./ ) -> FALSE (22) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (22) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (22) if (&User-Name =~ /\.$/) { (22) if (&User-Name =~ /\.$/) -> FALSE (22) if (&User-Name =~ /@\./) { (22) if (&User-Name =~ /@\./) -> FALSE (22) } # policy filter_username = notfound (22) [preprocess] = ok (22) [digest] = noop (22) suffix: Checking for suffix after "@" (22) suffix: Looking up realm "ndtel.com" for User-Name = "alexm@ndtel.com" (22) suffix: Found realm "ndtel.com" (22) suffix: Adding Stripped-User-Name = "alexm" (22) suffix: Adding Realm = "ndtel.com" (22) suffix: Authentication realm is LOCAL (22) [suffix] = ok (22) eap: Peer sent EAP Response (code 2) ID 77 length 107 (22) eap: Continuing tunnel setup (22) [eap] = ok (22) } # authorize = ok (22) Found Auth-Type = EAP (22) # Executing group from file /etc/raddb/sites-enabled/default (22) authenticate { (22) eap: Expiring EAP session with state 0x7754d57b7575cf56 (22) eap: Expiring EAP session with state 0xf7e39e6bffc2872e !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !! EAP session with state 0xf7e39e6bffc2872e did not finish! !! !! Please read http://wiki.freeradius.org/guide/Certificate_Compatibility !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! (22) eap: Expiring EAP session with state 0x39036bb7394e72a2 (22) eap: Finished EAP session with state 0x39036bb7394e72a2 (22) eap: Previous EAP request found for state 0x39036bb7394e72a2, released from the list (22) eap: Peer sent packet with method EAP PEAP (25) (22) eap: Calling submodule eap_peap to process data (22) eap_peap: Continuing EAP-TLS (22) eap_peap: Peer indicated complete TLS record size will be 97 bytes (22) eap_peap: Got complete TLS record (97 bytes) (22) eap_peap: [eaptls verify] = length included (22) eap_peap: (other): before/accept initialization (22) eap_peap: TLS_accept: before/accept initialization (22) eap_peap: <<< TLS 1.0 Handshake [length 005c], ClientHello (22) eap_peap: TLS_accept: SSLv3 read client hello A (22) eap_peap: >>> TLS 1.0 Handshake [length 0059], ServerHello (22) eap_peap: TLS_accept: SSLv3 write server hello A (22) eap_peap: >>> TLS 1.0 Handshake [length 08b0], Certificate (22) eap_peap: TLS_accept: SSLv3 write certificate A (22) eap_peap: >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange (22) eap_peap: TLS_accept: SSLv3 write key exchange A (22) eap_peap: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone (22) eap_peap: TLS_accept: SSLv3 write server done A (22) eap_peap: TLS_accept: SSLv3 flush data (22) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A (22) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A (22) eap_peap: In SSL Handshake Phase (22) eap_peap: In SSL Accept mode (22) eap_peap: [eaptls process] = handled (22) eap: Sending EAP Request (code 1) ID 78 length 1004 (22) eap: EAP session adding &reply:State = 0x39036bb7384d72a2 (22) [eap] = handled (22) } # authenticate = handled (22) Using Post-Auth-Type Challenge (22) Post-Auth-Type sub-section not found. Ignoring. (22) # Executing group from file /etc/raddb/sites-enabled/default (22) Sent Access-Challenge Id 66 from 192.168.255.5:1812 to 192.168.255.112:51351 length 0 (22) EAP-Message = 0x014e03ec19c000000a6c1603010059020000550301560059a7ed7e2b1a40ba3594f8d0d8132ddf697ad9c410f4cb47e069acd76a8e20c7979f8d03913bfaadf5f8b9f9d798c4cd259a9d9cdd3424e94843ddbc5c4898c01400000dff01000100000b00040300010216030108b00b0008ac0008a90003d0 (22) Message-Authenticator = 0x00000000000000000000000000000000 (22) State = 0x39036bb7384d72a2f4cfd4fec187241f (22) Finished request Waking up in 4.9 seconds. (23) Received Access-Request Id 67 from 192.168.255.112:51351 to 192.168.255.5:1812 length 199 (23) User-Name = "alexm@ndtel.com" (23) NAS-IP-Address = 192.168.255.112 (23) NAS-Identifier = "0418d620086c" (23) NAS-Port = 0 (23) Called-Station-Id = "0E-18-D6-22-08-6C:NDTC Corporate 11x" (23) Calling-Station-Id = "C4-85-08-F5-2C-10" (23) Framed-MTU = 1400 (23) NAS-Port-Type = Wireless-802.11 (23) Connect-Info = "CONNECT 0Mbps 802.11b" (23) EAP-Message = 0x024e00061900 (23) State = 0x39036bb7384d72a2f4cfd4fec187241f (23) Message-Authenticator = 0xccb8217447e747bafbd64c6e01a84bf9 (23) session-state: No cached attributes (23) # Executing section authorize from file /etc/raddb/sites-enabled/default (23) authorize { (23) policy filter_username { (23) if (!&User-Name) { (23) if (!&User-Name) -> FALSE (23) if (&User-Name =~ / /) { (23) if (&User-Name =~ / /) -> FALSE (23) if (&User-Name =~ /@.*@/ ) { (23) if (&User-Name =~ /@.*@/ ) -> FALSE (23) if (&User-Name =~ /\.\./ ) { (23) if (&User-Name =~ /\.\./ ) -> FALSE (23) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (23) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (23) if (&User-Name =~ /\.$/) { (23) if (&User-Name =~ /\.$/) -> FALSE (23) if (&User-Name =~ /@\./) { (23) if (&User-Name =~ /@\./) -> FALSE (23) } # policy filter_username = notfound (23) [preprocess] = ok (23) [digest] = noop (23) suffix: Checking for suffix after "@" (23) suffix: Looking up realm "ndtel.com" for User-Name = "alexm@ndtel.com" (23) suffix: Found realm "ndtel.com" (23) suffix: Adding Stripped-User-Name = "alexm" (23) suffix: Adding Realm = "ndtel.com" (23) suffix: Authentication realm is LOCAL (23) [suffix] = ok (23) eap: Peer sent EAP Response (code 2) ID 78 length 6 (23) eap: Continuing tunnel setup (23) [eap] = ok (23) } # authorize = ok (23) Found Auth-Type = EAP (23) # Executing group from file /etc/raddb/sites-enabled/default (23) authenticate { (23) eap: Expiring EAP session with state 0x39036bb7384d72a2 (23) eap: Finished EAP session with state 0x39036bb7384d72a2 (23) eap: Previous EAP request found for state 0x39036bb7384d72a2, released from the list (23) eap: Peer sent packet with method EAP PEAP (25) (23) eap: Calling submodule eap_peap to process data (23) eap_peap: Continuing EAP-TLS (23) eap_peap: Peer ACKed our handshake fragment (23) eap_peap: [eaptls verify] = request (23) eap_peap: [eaptls process] = handled (23) eap: Sending EAP Request (code 1) ID 79 length 1000 (23) eap: EAP session adding &reply:State = 0x39036bb73b4c72a2 (23) [eap] = handled (23) } # authenticate = handled (23) Using Post-Auth-Type Challenge (23) Post-Auth-Type sub-section not found. Ignoring. (23) # Executing group from file /etc/raddb/sites-enabled/default (23) Sent Access-Challenge Id 67 from 192.168.255.5:1812 to 192.168.255.112:51351 length 0 (23) EAP-Message = 0x014f03e81940cb266556c619c5b2efa5b201a6104aeffbbebb8cfd465f6a691bd7b1d49fb2d61b1273cc603b2a22bbabcde5c31eabc6bbff16f1a1e487f5daded9fe6ffc9dfacbdac64c43825dee4e2a378bcc2859de84c80339fd6dedd41a13450004d3308204cf308203b7a0030201020209008be4d1 (23) Message-Authenticator = 0x00000000000000000000000000000000 (23) State = 0x39036bb73b4c72a2f4cfd4fec187241f (23) Finished request Waking up in 4.9 seconds. (24) Received Access-Request Id 68 from 192.168.255.112:51351 to 192.168.255.5:1812 length 199 (24) User-Name = "alexm@ndtel.com" (24) NAS-IP-Address = 192.168.255.112 (24) NAS-Identifier = "0418d620086c" (24) NAS-Port = 0 (24) Called-Station-Id = "0E-18-D6-22-08-6C:NDTC Corporate 11x" (24) Calling-Station-Id = "C4-85-08-F5-2C-10" (24) Framed-MTU = 1400 (24) NAS-Port-Type = Wireless-802.11 (24) Connect-Info = "CONNECT 0Mbps 802.11b" (24) EAP-Message = 0x024f00061900 (24) State = 0x39036bb73b4c72a2f4cfd4fec187241f (24) Message-Authenticator = 0xa77fefe4cb4e4ac8437ad0f748c06063 (24) session-state: No cached attributes (24) # Executing section authorize from file /etc/raddb/sites-enabled/default (24) authorize { (24) policy filter_username { (24) if (!&User-Name) { (24) if (!&User-Name) -> FALSE (24) if (&User-Name =~ / /) { (24) if (&User-Name =~ / /) -> FALSE (24) if (&User-Name =~ /@.*@/ ) { (24) if (&User-Name =~ /@.*@/ ) -> FALSE (24) if (&User-Name =~ /\.\./ ) { (24) if (&User-Name =~ /\.\./ ) -> FALSE (24) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (24) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (24) if (&User-Name =~ /\.$/) { (24) if (&User-Name =~ /\.$/) -> FALSE (24) if (&User-Name =~ /@\./) { (24) if (&User-Name =~ /@\./) -> FALSE (24) } # policy filter_username = notfound (24) [preprocess] = ok (24) [digest] = noop (24) suffix: Checking for suffix after "@" (24) suffix: Looking up realm "ndtel.com" for User-Name = "alexm@ndtel.com" (24) suffix: Found realm "ndtel.com" (24) suffix: Adding Stripped-User-Name = "alexm" (24) suffix: Adding Realm = "ndtel.com" (24) suffix: Authentication realm is LOCAL (24) [suffix] = ok (24) eap: Peer sent EAP Response (code 2) ID 79 length 6 (24) eap: Continuing tunnel setup (24) [eap] = ok (24) } # authorize = ok (24) Found Auth-Type = EAP (24) # Executing group from file /etc/raddb/sites-enabled/default (24) authenticate { (24) eap: Expiring EAP session with state 0x39036bb73b4c72a2 (24) eap: Finished EAP session with state 0x39036bb73b4c72a2 (24) eap: Previous EAP request found for state 0x39036bb73b4c72a2, released from the list (24) eap: Peer sent packet with method EAP PEAP (25) (24) eap: Calling submodule eap_peap to process data (24) eap_peap: Continuing EAP-TLS (24) eap_peap: Peer ACKed our handshake fragment (24) eap_peap: [eaptls verify] = request (24) eap_peap: [eaptls process] = handled (24) eap: Sending EAP Request (code 1) ID 80 length 686 (24) eap: EAP session adding &reply:State = 0x39036bb73a5372a2 (24) [eap] = handled (24) } # authenticate = handled (24) Using Post-Auth-Type Challenge (24) Post-Auth-Type sub-section not found. Ignoring. (24) # Executing group from file /etc/raddb/sites-enabled/default (24) Sent Access-Challenge Id 68 from 192.168.255.5:1812 to 192.168.255.112:51351 length 0 (24) EAP-Message = 0x015002ae19000101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010505000382010100b707329146869fa84ff08f2d837b56ab01c7cf46e55fb12e73f7b6ca691d156b9074 (24) Message-Authenticator = 0x00000000000000000000000000000000 (24) State = 0x39036bb73a5372a2f4cfd4fec187241f (24) Finished request Waking up in 4.9 seconds. (25) Received Access-Request Id 69 from 192.168.255.112:51351 to 192.168.255.5:1812 length 337 (25) User-Name = "alexm@ndtel.com" (25) NAS-IP-Address = 192.168.255.112 (25) NAS-Identifier = "0418d620086c" (25) NAS-Port = 0 (25) Called-Station-Id = "0E-18-D6-22-08-6C:NDTC Corporate 11x" (25) Calling-Station-Id = "C4-85-08-F5-2C-10" (25) Framed-MTU = 1400 (25) NAS-Port-Type = Wireless-802.11 (25) Connect-Info = "CONNECT 0Mbps 802.11b" (25) EAP-Message = 0x025000901980000000861603010046100000424104ae5aeb743d4eb7c9dffb53424f60ea7113a62902682d0b87c3957ce05c7e1c9a0b12f23a22f300c570cef47aaaaf2b5b1f7b1f21e025300f96bfbba2793218cb1403010001011603010030d089b7acb8cb7d3e5f256be3899bc16e0491dccf76e788 (25) State = 0x39036bb73a5372a2f4cfd4fec187241f (25) Message-Authenticator = 0x7f12732d64cab4b66c0e585d738cf470 (25) session-state: No cached attributes (25) # Executing section authorize from file /etc/raddb/sites-enabled/default (25) authorize { (25) policy filter_username { (25) if (!&User-Name) { (25) if (!&User-Name) -> FALSE (25) if (&User-Name =~ / /) { (25) if (&User-Name =~ / /) -> FALSE (25) if (&User-Name =~ /@.*@/ ) { (25) if (&User-Name =~ /@.*@/ ) -> FALSE (25) if (&User-Name =~ /\.\./ ) { (25) if (&User-Name =~ /\.\./ ) -> FALSE (25) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (25) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (25) if (&User-Name =~ /\.$/) { (25) if (&User-Name =~ /\.$/) -> FALSE (25) if (&User-Name =~ /@\./) { (25) if (&User-Name =~ /@\./) -> FALSE (25) } # policy filter_username = notfound (25) [preprocess] = ok (25) [digest] = noop (25) suffix: Checking for suffix after "@" (25) suffix: Looking up realm "ndtel.com" for User-Name = "alexm@ndtel.com" (25) suffix: Found realm "ndtel.com" (25) suffix: Adding Stripped-User-Name = "alexm" (25) suffix: Adding Realm = "ndtel.com" (25) suffix: Authentication realm is LOCAL (25) [suffix] = ok (25) eap: Peer sent EAP Response (code 2) ID 80 length 144 (25) eap: Continuing tunnel setup (25) [eap] = ok (25) } # authorize = ok (25) Found Auth-Type = EAP (25) # Executing group from file /etc/raddb/sites-enabled/default (25) authenticate { (25) eap: Expiring EAP session with state 0x39036bb73a5372a2 (25) eap: Finished EAP session with state 0x39036bb73a5372a2 (25) eap: Previous EAP request found for state 0x39036bb73a5372a2, released from the list (25) eap: Peer sent packet with method EAP PEAP (25) (25) eap: Calling submodule eap_peap to process data (25) eap_peap: Continuing EAP-TLS (25) eap_peap: Peer indicated complete TLS record size will be 134 bytes (25) eap_peap: Got complete TLS record (134 bytes) (25) eap_peap: [eaptls verify] = length included (25) eap_peap: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange (25) eap_peap: TLS_accept: SSLv3 read client key exchange A (25) eap_peap: <<< TLS 1.0 ChangeCipherSpec [length 0001] (25) eap_peap: <<< TLS 1.0 Handshake [length 0010], Finished (25) eap_peap: TLS_accept: SSLv3 read finished A (25) eap_peap: >>> TLS 1.0 ChangeCipherSpec [length 0001] (25) eap_peap: TLS_accept: SSLv3 write change cipher spec A (25) eap_peap: >>> TLS 1.0 Handshake [length 0010], Finished (25) eap_peap: TLS_accept: SSLv3 write finished A (25) eap_peap: TLS_accept: SSLv3 flush data (25) eap_peap: (other): SSL negotiation finished successfully (25) eap_peap: SSL Connection Established (25) eap_peap: [eaptls process] = handled (25) eap: Sending EAP Request (code 1) ID 81 length 65 (25) eap: EAP session adding &reply:State = 0x39036bb73d5272a2 (25) [eap] = handled (25) } # authenticate = handled (25) Using Post-Auth-Type Challenge (25) Post-Auth-Type sub-section not found. Ignoring. (25) # Executing group from file /etc/raddb/sites-enabled/default (25) Sent Access-Challenge Id 69 from 192.168.255.5:1812 to 192.168.255.112:51351 length 0 (25) EAP-Message = 0x01510041190014030100010116030100308c1d2dcf911b887554f5d6c6c81037295ceb3315b99255c042b9bf07e9583585f039a8173f02f94856d4f4f73a726425 (25) Message-Authenticator = 0x00000000000000000000000000000000 (25) State = 0x39036bb73d5272a2f4cfd4fec187241f (25) Finished request Waking up in 4.9 seconds. (26) Received Access-Request Id 70 from 192.168.255.112:51351 to 192.168.255.5:1812 length 199 (26) User-Name = "alexm@ndtel.com" (26) NAS-IP-Address = 192.168.255.112 (26) NAS-Identifier = "0418d620086c" (26) NAS-Port = 0 (26) Called-Station-Id = "0E-18-D6-22-08-6C:NDTC Corporate 11x" (26) Calling-Station-Id = "C4-85-08-F5-2C-10" (26) Framed-MTU = 1400 (26) NAS-Port-Type = Wireless-802.11 (26) Connect-Info = "CONNECT 0Mbps 802.11b" (26) EAP-Message = 0x025100061900 (26) State = 0x39036bb73d5272a2f4cfd4fec187241f (26) Message-Authenticator = 0xdcd7bcda8db8112b7080cf4066c2d7c2 (26) session-state: No cached attributes (26) # Executing section authorize from file /etc/raddb/sites-enabled/default (26) authorize { (26) policy filter_username { (26) if (!&User-Name) { (26) if (!&User-Name) -> FALSE (26) if (&User-Name =~ / /) { (26) if (&User-Name =~ / /) -> FALSE (26) if (&User-Name =~ /@.*@/ ) { (26) if (&User-Name =~ /@.*@/ ) -> FALSE (26) if (&User-Name =~ /\.\./ ) { (26) if (&User-Name =~ /\.\./ ) -> FALSE (26) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (26) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (26) if (&User-Name =~ /\.$/) { (26) if (&User-Name =~ /\.$/) -> FALSE (26) if (&User-Name =~ /@\./) { (26) if (&User-Name =~ /@\./) -> FALSE (26) } # policy filter_username = notfound (26) [preprocess] = ok (26) [digest] = noop (26) suffix: Checking for suffix after "@" (26) suffix: Looking up realm "ndtel.com" for User-Name = "alexm@ndtel.com" (26) suffix: Found realm "ndtel.com" (26) suffix: Adding Stripped-User-Name = "alexm" (26) suffix: Adding Realm = "ndtel.com" (26) suffix: Authentication realm is LOCAL (26) [suffix] = ok (26) eap: Peer sent EAP Response (code 2) ID 81 length 6 (26) eap: Continuing tunnel setup (26) [eap] = ok (26) } # authorize = ok (26) Found Auth-Type = EAP (26) # Executing group from file /etc/raddb/sites-enabled/default (26) authenticate { (26) eap: Expiring EAP session with state 0x39036bb73d5272a2 (26) eap: Finished EAP session with state 0x39036bb73d5272a2 (26) eap: Previous EAP request found for state 0x39036bb73d5272a2, released from the list (26) eap: Peer sent packet with method EAP PEAP (25) (26) eap: Calling submodule eap_peap to process data (26) eap_peap: Continuing EAP-TLS (26) eap_peap: Peer ACKed our handshake fragment. handshake is finished (26) eap_peap: [eaptls verify] = success (26) eap_peap: [eaptls process] = success (26) eap_peap: Session established. Decoding tunneled attributes (26) eap_peap: PEAP state TUNNEL ESTABLISHED (26) eap: Sending EAP Request (code 1) ID 82 length 43 (26) eap: EAP session adding &reply:State = 0x39036bb73c5172a2 (26) [eap] = handled (26) } # authenticate = handled (26) Using Post-Auth-Type Challenge (26) Post-Auth-Type sub-section not found. Ignoring. (26) # Executing group from file /etc/raddb/sites-enabled/default (26) Sent Access-Challenge Id 70 from 192.168.255.5:1812 to 192.168.255.112:51351 length 0 (26) EAP-Message = 0x0152002b190017030100200123c883d800f5396d50abe395e4a49aecdc42189748f1c668ab5bfd73b89fc9 (26) Message-Authenticator = 0x00000000000000000000000000000000 (26) State = 0x39036bb73c5172a2f4cfd4fec187241f (26) Finished request Waking up in 4.9 seconds. (27) Received Access-Request Id 71 from 192.168.255.112:51351 to 192.168.255.5:1812 length 252 (27) User-Name = "alexm@ndtel.com" (27) NAS-IP-Address = 192.168.255.112 (27) NAS-Identifier = "0418d620086c" (27) NAS-Port = 0 (27) Called-Station-Id = "0E-18-D6-22-08-6C:NDTC Corporate 11x" (27) Calling-Station-Id = "C4-85-08-F5-2C-10" (27) Framed-MTU = 1400 (27) NAS-Port-Type = Wireless-802.11 (27) Connect-Info = "CONNECT 0Mbps 802.11b" (27) EAP-Message = 0x0252003b19001703010030068e21a6db7c94633c94625141c26942550669bb77fd3ddb20187b3569f665d5143a9c5b9d84f79f6d4225040f2ac41b (27) State = 0x39036bb73c5172a2f4cfd4fec187241f (27) Message-Authenticator = 0xc48db601cc4d55d39fc0bf50be05d284 (27) session-state: No cached attributes (27) # Executing section authorize from file /etc/raddb/sites-enabled/default (27) authorize { (27) policy filter_username { (27) if (!&User-Name) { (27) if (!&User-Name) -> FALSE (27) if (&User-Name =~ / /) { (27) if (&User-Name =~ / /) -> FALSE (27) if (&User-Name =~ /@.*@/ ) { (27) if (&User-Name =~ /@.*@/ ) -> FALSE (27) if (&User-Name =~ /\.\./ ) { (27) if (&User-Name =~ /\.\./ ) -> FALSE (27) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (27) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (27) if (&User-Name =~ /\.$/) { (27) if (&User-Name =~ /\.$/) -> FALSE (27) if (&User-Name =~ /@\./) { (27) if (&User-Name =~ /@\./) -> FALSE (27) } # policy filter_username = notfound (27) [preprocess] = ok (27) [digest] = noop (27) suffix: Checking for suffix after "@" (27) suffix: Looking up realm "ndtel.com" for User-Name = "alexm@ndtel.com" (27) suffix: Found realm "ndtel.com" (27) suffix: Adding Stripped-User-Name = "alexm" (27) suffix: Adding Realm = "ndtel.com" (27) suffix: Authentication realm is LOCAL (27) [suffix] = ok (27) eap: Peer sent EAP Response (code 2) ID 82 length 59 (27) eap: Continuing tunnel setup (27) [eap] = ok (27) } # authorize = ok (27) Found Auth-Type = EAP (27) # Executing group from file /etc/raddb/sites-enabled/default (27) authenticate { (27) eap: Expiring EAP session with state 0x39036bb73c5172a2 (27) eap: Finished EAP session with state 0x39036bb73c5172a2 (27) eap: Previous EAP request found for state 0x39036bb73c5172a2, released from the list (27) eap: Peer sent packet with method EAP PEAP (25) (27) eap: Calling submodule eap_peap to process data (27) eap_peap: Continuing EAP-TLS (27) eap_peap: [eaptls verify] = ok (27) eap_peap: Done initial handshake (27) eap_peap: [eaptls process] = ok (27) eap_peap: Session established. Decoding tunneled attributes (27) eap_peap: PEAP state WAITING FOR INNER IDENTITY (27) eap_peap: Identity - alexm@ndtel.com (27) eap_peap: Got inner identity 'alexm@ndtel.com' (27) eap_peap: Setting default EAP type for tunneled EAP session (27) eap_peap: Got tunneled request (27) eap_peap: EAP-Message = 0x0252001401616c65786d406e6474656c2e636f6d (27) eap_peap: Setting User-Name to alexm@ndtel.com (27) eap_peap: Sending tunneled request to inner-tunnel (27) eap_peap: EAP-Message = 0x0252001401616c65786d406e6474656c2e636f6d (27) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (27) eap_peap: User-Name = "alexm@ndtel.com" (27) Virtual server inner-tunnel received request (27) EAP-Message = 0x0252001401616c65786d406e6474656c2e636f6d (27) FreeRADIUS-Proxied-To = 127.0.0.1 (27) User-Name = "alexm@ndtel.com" (27) server inner-tunnel { (27) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (27) authorize { (27) [mschap] = noop (27) suffix: Checking for suffix after "@" (27) suffix: Looking up realm "ndtel.com" for User-Name = "alexm@ndtel.com" (27) suffix: Found realm "ndtel.com" (27) suffix: Adding Stripped-User-Name = "alexm" (27) suffix: Adding Realm = "ndtel.com" (27) suffix: Authentication realm is LOCAL (27) [suffix] = ok (27) update control { (27) &Proxy-To-Realm := LOCAL (27) } # update control = noop (27) eap: Peer sent EAP Response (code 2) ID 82 length 20 (27) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (27) [eap] = ok (27) } # authorize = ok (27) Found Auth-Type = EAP (27) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (27) authenticate { (27) eap: Peer sent packet with method EAP Identity (1) (27) eap: Calling submodule eap_mschapv2 to process data (27) eap_mschapv2: Issuing Challenge (27) eap: Sending EAP Request (code 1) ID 83 length 42 (27) eap: EAP session adding &reply:State = 0xd77fe400d72cfece (27) [eap] = handled (27) } # authenticate = handled (27) } # server inner-tunnel (27) Virtual server sending reply (27) EAP-Message = 0x0153002a1a0153002510fa2b24f2dfef1285f1fdcc5515f36515667265657261646975732d332e302e39 (27) Message-Authenticator = 0x00000000000000000000000000000000 (27) State = 0xd77fe400d72cfece2851929aa3b5a756 (27) eap_peap: Got tunneled reply code 11 (27) eap_peap: EAP-Message = 0x0153002a1a0153002510fa2b24f2dfef1285f1fdcc5515f36515667265657261646975732d332e302e39 (27) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (27) eap_peap: State = 0xd77fe400d72cfece2851929aa3b5a756 (27) eap_peap: Got tunneled reply RADIUS code 11 (27) eap_peap: EAP-Message = 0x0153002a1a0153002510fa2b24f2dfef1285f1fdcc5515f36515667265657261646975732d332e302e39 (27) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (27) eap_peap: State = 0xd77fe400d72cfece2851929aa3b5a756 (27) eap_peap: Got tunneled Access-Challenge (27) eap: Sending EAP Request (code 1) ID 83 length 75 (27) eap: EAP session adding &reply:State = 0x39036bb73f5072a2 (27) [eap] = handled (27) } # authenticate = handled (27) Using Post-Auth-Type Challenge (27) Post-Auth-Type sub-section not found. Ignoring. (27) # Executing group from file /etc/raddb/sites-enabled/default (27) Sent Access-Challenge Id 71 from 192.168.255.5:1812 to 192.168.255.112:51351 length 0 (27) EAP-Message = 0x0153004b19001703010040edea0d11ce59143e174960cbb16736c0ceb8211dcd856784f9b503b879a0420ec44f3bf3c064c1d44bf357d72bc8bf9ed579b98948a3c1874ef34fc146cb8378 (27) Message-Authenticator = 0x00000000000000000000000000000000 (27) State = 0x39036bb73f5072a2f4cfd4fec187241f (27) Finished request Waking up in 4.9 seconds. (28) Received Access-Request Id 72 from 192.168.255.112:51351 to 192.168.255.5:1812 length 300 (28) User-Name = "alexm@ndtel.com" (28) NAS-IP-Address = 192.168.255.112 (28) NAS-Identifier = "0418d620086c" (28) NAS-Port = 0 (28) Called-Station-Id = "0E-18-D6-22-08-6C:NDTC Corporate 11x" (28) Calling-Station-Id = "C4-85-08-F5-2C-10" (28) Framed-MTU = 1400 (28) NAS-Port-Type = Wireless-802.11 (28) Connect-Info = "CONNECT 0Mbps 802.11b" (28) EAP-Message = 0x0253006b190017030100609355a46f5b87e9306fa1e0133cf12e13fe0a1710c937ce816f1541a241cfdb2960f568bae3c8c461437339f0619f3663370ec411a4ada0584abd86de76abb92263f1062c4fd0f5f94aec038be789e25eaae0f6dc1cf5597012164337555edb1c (28) State = 0x39036bb73f5072a2f4cfd4fec187241f (28) Message-Authenticator = 0x7fc1a0b92fb0b8eb7d515dafb0acb408 (28) session-state: No cached attributes (28) # Executing section authorize from file /etc/raddb/sites-enabled/default (28) authorize { (28) policy filter_username { (28) if (!&User-Name) { (28) if (!&User-Name) -> FALSE (28) if (&User-Name =~ / /) { (28) if (&User-Name =~ / /) -> FALSE (28) if (&User-Name =~ /@.*@/ ) { (28) if (&User-Name =~ /@.*@/ ) -> FALSE (28) if (&User-Name =~ /\.\./ ) { (28) if (&User-Name =~ /\.\./ ) -> FALSE (28) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (28) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (28) if (&User-Name =~ /\.$/) { (28) if (&User-Name =~ /\.$/) -> FALSE (28) if (&User-Name =~ /@\./) { (28) if (&User-Name =~ /@\./) -> FALSE (28) } # policy filter_username = notfound (28) [preprocess] = ok (28) [digest] = noop (28) suffix: Checking for suffix after "@" (28) suffix: Looking up realm "ndtel.com" for User-Name = "alexm@ndtel.com" (28) suffix: Found realm "ndtel.com" (28) suffix: Adding Stripped-User-Name = "alexm" (28) suffix: Adding Realm = "ndtel.com" (28) suffix: Authentication realm is LOCAL (28) [suffix] = ok (28) eap: Peer sent EAP Response (code 2) ID 83 length 107 (28) eap: Continuing tunnel setup (28) [eap] = ok (28) } # authorize = ok (28) Found Auth-Type = EAP (28) # Executing group from file /etc/raddb/sites-enabled/default (28) authenticate { (28) eap: Expiring EAP session with state 0xd77fe400d72cfece (28) eap: Finished EAP session with state 0x39036bb73f5072a2 (28) eap: Previous EAP request found for state 0x39036bb73f5072a2, released from the list (28) eap: Peer sent packet with method EAP PEAP (25) (28) eap: Calling submodule eap_peap to process data (28) eap_peap: Continuing EAP-TLS (28) eap_peap: [eaptls verify] = ok (28) eap_peap: Done initial handshake (28) eap_peap: [eaptls process] = ok (28) eap_peap: Session established. Decoding tunneled attributes (28) eap_peap: PEAP state phase2 (28) eap_peap: EAP method MSCHAPv2 (26) (28) eap_peap: Got tunneled request (28) eap_peap: EAP-Message = 0x0253004a1a0253004531031738731326f90958e5b0ee88a6534a0000000000000000dce650bfef629365ffbfe5290cd3f2dfeb8261567f27b92900616c65786d406e6474656c2e636f6d (28) eap_peap: Setting User-Name to alexm@ndtel.com (28) eap_peap: Sending tunneled request to inner-tunnel (28) eap_peap: EAP-Message = 0x0253004a1a0253004531031738731326f90958e5b0ee88a6534a0000000000000000dce650bfef629365ffbfe5290cd3f2dfeb8261567f27b92900616c65786d406e6474656c2e636f6d (28) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (28) eap_peap: User-Name = "alexm@ndtel.com" (28) eap_peap: State = 0xd77fe400d72cfece2851929aa3b5a756 (28) Virtual server inner-tunnel received request (28) EAP-Message = 0x0253004a1a0253004531031738731326f90958e5b0ee88a6534a0000000000000000dce650bfef629365ffbfe5290cd3f2dfeb8261567f27b92900616c65786d406e6474656c2e636f6d (28) FreeRADIUS-Proxied-To = 127.0.0.1 (28) User-Name = "alexm@ndtel.com" (28) State = 0xd77fe400d72cfece2851929aa3b5a756 (28) server inner-tunnel { (28) session-state: No cached attributes (28) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (28) authorize { (28) [mschap] = noop (28) suffix: Checking for suffix after "@" (28) suffix: Looking up realm "ndtel.com" for User-Name = "alexm@ndtel.com" (28) suffix: Found realm "ndtel.com" (28) suffix: Adding Stripped-User-Name = "alexm" (28) suffix: Adding Realm = "ndtel.com" (28) suffix: Authentication realm is LOCAL (28) [suffix] = ok (28) update control { (28) &Proxy-To-Realm := LOCAL (28) } # update control = noop (28) eap: Peer sent EAP Response (code 2) ID 83 length 74 (28) eap: No EAP Start, assuming it's an on-going EAP conversation (28) [eap] = updated rlm_ldap (ldap): Closing connection (8): Hit idle_timeout, was idle for 10347 seconds rlm_ldap (ldap): You probably need to lower "min" rlm_ldap (ldap): Closing connection (7): Hit idle_timeout, was idle for 10298 seconds rlm_ldap (ldap): You probably need to lower "min" rlm_ldap (ldap): Closing connection (9): Hit idle_timeout, was idle for 10298 seconds rlm_ldap (ldap): You probably need to lower "min" rlm_ldap (ldap): 0 of 0 connections in use. You may need to increase "spare" rlm_ldap (ldap): Opening additional connection (10), 1 of 32 pending slots used rlm_ldap (ldap): Connecting to ldap://66.163.129.140:389 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful rlm_ldap (ldap): Reserved connection (10) (28) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (28) ldap: --> (uid=alexm) (28) ldap: Performing search in "o=ndtc" with filter "(uid=alexm)", scope "sub" (28) ldap: Waiting for search result... (28) ldap: User object found at DN "uid=alexm,ou=ndtcadministration,o=ndtc" (28) ldap: Processing user attributes (28) ldap: control:Password-With-Header += 'ose55m1' rlm_ldap (ldap): Released connection (10) rlm_ldap (ldap): 0 of 1 connections in use. Need more spares rlm_ldap (ldap): Opening additional connection (11), 1 of 31 pending slots used rlm_ldap (ldap): Connecting to ldap://66.163.129.140:389 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful (28) [ldap] = updated (28) [expiration] = noop (28) [logintime] = noop (28) pap: No {...} in Password-With-Header, re-writing to Cleartext-Password (28) pap: Removing &control:Password-With-Header (28) pap: WARNING: Auth-Type already set. Not setting to PAP (28) [pap] = noop (28) } # authorize = updated (28) Found Auth-Type = EAP (28) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (28) authenticate { (28) eap: Expiring EAP session with state 0xd77fe400d72cfece (28) eap: Finished EAP session with state 0xd77fe400d72cfece (28) eap: Previous EAP request found for state 0xd77fe400d72cfece, released from the list (28) eap: Peer sent packet with method EAP MSCHAPv2 (26) (28) eap: Calling submodule eap_mschapv2 to process data (28) eap_mschapv2: # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (28) eap_mschapv2: Auth-Type MS-CHAP { (28) mschap: Found Cleartext-Password, hashing to create NT-Password (28) mschap: Found Cleartext-Password, hashing to create LM-Password (28) mschap: Creating challenge hash with username: alexm@ndtel.com (28) mschap: Client is using MS-CHAPv2 (28) mschap: Adding MS-CHAPv2 MPPE keys (28) [mschap] = ok (28) } # Auth-Type MS-CHAP = ok (28) MSCHAP Success (28) eap: Sending EAP Request (code 1) ID 84 length 51 (28) eap: EAP session adding &reply:State = 0xd77fe400d62bfece (28) [eap] = handled (28) } # authenticate = handled (28) } # server inner-tunnel (28) Virtual server sending reply (28) EAP-Message = 0x015400331a0353002e533d32373131423833323846424231334141343735304442464436414535413739363539343735413036 (28) Message-Authenticator = 0x00000000000000000000000000000000 (28) State = 0xd77fe400d62bfece2851929aa3b5a756 (28) eap_peap: Got tunneled reply code 11 (28) eap_peap: EAP-Message = 0x015400331a0353002e533d32373131423833323846424231334141343735304442464436414535413739363539343735413036 (28) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (28) eap_peap: State = 0xd77fe400d62bfece2851929aa3b5a756 (28) eap_peap: Got tunneled reply RADIUS code 11 (28) eap_peap: EAP-Message = 0x015400331a0353002e533d32373131423833323846424231334141343735304442464436414535413739363539343735413036 (28) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (28) eap_peap: State = 0xd77fe400d62bfece2851929aa3b5a756 (28) eap_peap: Got tunneled Access-Challenge (28) eap: Sending EAP Request (code 1) ID 84 length 91 (28) eap: EAP session adding &reply:State = 0x39036bb73e5772a2 (28) [eap] = handled (28) } # authenticate = handled (28) Using Post-Auth-Type Challenge (28) Post-Auth-Type sub-section not found. Ignoring. (28) # Executing group from file /etc/raddb/sites-enabled/default (28) Sent Access-Challenge Id 72 from 192.168.255.5:1812 to 192.168.255.112:51351 length 0 (28) EAP-Message = 0x0154005b190017030100507b1e6c10e23828a18a3225e68907891e7826c050a3395b416c2a9a4b1c137c1bc6540db43c945007042d806d9d0d4f2c35706aa03cb13dd56f0f1c479302ac46b5bcca3dc9b19a037ef9d37497b4f1f8 (28) Message-Authenticator = 0x00000000000000000000000000000000 (28) State = 0x39036bb73e5772a2f4cfd4fec187241f (28) Finished request Waking up in 4.7 seconds. (29) Received Access-Request Id 73 from 192.168.255.112:51351 to 192.168.255.5:1812 length 236 (29) User-Name = "alexm@ndtel.com" (29) NAS-IP-Address = 192.168.255.112 (29) NAS-Identifier = "0418d620086c" (29) NAS-Port = 0 (29) Called-Station-Id = "0E-18-D6-22-08-6C:NDTC Corporate 11x" (29) Calling-Station-Id = "C4-85-08-F5-2C-10" (29) Framed-MTU = 1400 (29) NAS-Port-Type = Wireless-802.11 (29) Connect-Info = "CONNECT 0Mbps 802.11b" (29) EAP-Message = 0x0254002b19001703010020bd8ab85adeeed8fdca57041c4f37d0a701a8c916843a0b65c891fcdbaf23cecd (29) State = 0x39036bb73e5772a2f4cfd4fec187241f (29) Message-Authenticator = 0x0f4e64e083a8b3ad7eded0652d86713b (29) session-state: No cached attributes (29) # Executing section authorize from file /etc/raddb/sites-enabled/default (29) authorize { (29) policy filter_username { (29) if (!&User-Name) { (29) if (!&User-Name) -> FALSE (29) if (&User-Name =~ / /) { (29) if (&User-Name =~ / /) -> FALSE (29) if (&User-Name =~ /@.*@/ ) { (29) if (&User-Name =~ /@.*@/ ) -> FALSE (29) if (&User-Name =~ /\.\./ ) { (29) if (&User-Name =~ /\.\./ ) -> FALSE (29) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (29) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (29) if (&User-Name =~ /\.$/) { (29) if (&User-Name =~ /\.$/) -> FALSE (29) if (&User-Name =~ /@\./) { (29) if (&User-Name =~ /@\./) -> FALSE (29) } # policy filter_username = notfound (29) [preprocess] = ok (29) [digest] = noop (29) suffix: Checking for suffix after "@" (29) suffix: Looking up realm "ndtel.com" for User-Name = "alexm@ndtel.com" (29) suffix: Found realm "ndtel.com" (29) suffix: Adding Stripped-User-Name = "alexm" (29) suffix: Adding Realm = "ndtel.com" (29) suffix: Authentication realm is LOCAL (29) [suffix] = ok (29) eap: Peer sent EAP Response (code 2) ID 84 length 43 (29) eap: Continuing tunnel setup (29) [eap] = ok (29) } # authorize = ok (29) Found Auth-Type = EAP (29) # Executing group from file /etc/raddb/sites-enabled/default (29) authenticate { (29) eap: Expiring EAP session with state 0xd77fe400d62bfece (29) eap: Finished EAP session with state 0x39036bb73e5772a2 (29) eap: Previous EAP request found for state 0x39036bb73e5772a2, released from the list (29) eap: Peer sent packet with method EAP PEAP (25) (29) eap: Calling submodule eap_peap to process data (29) eap_peap: Continuing EAP-TLS (29) eap_peap: [eaptls verify] = ok (29) eap_peap: Done initial handshake (29) eap_peap: [eaptls process] = ok (29) eap_peap: Session established. Decoding tunneled attributes (29) eap_peap: PEAP state phase2 (29) eap_peap: EAP method MSCHAPv2 (26) (29) eap_peap: Got tunneled request (29) eap_peap: EAP-Message = 0x025400061a03 (29) eap_peap: Setting User-Name to alexm@ndtel.com (29) eap_peap: Sending tunneled request to inner-tunnel (29) eap_peap: EAP-Message = 0x025400061a03 (29) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (29) eap_peap: User-Name = "alexm@ndtel.com" (29) eap_peap: State = 0xd77fe400d62bfece2851929aa3b5a756 (29) Virtual server inner-tunnel received request (29) EAP-Message = 0x025400061a03 (29) FreeRADIUS-Proxied-To = 127.0.0.1 (29) User-Name = "alexm@ndtel.com" (29) State = 0xd77fe400d62bfece2851929aa3b5a756 (29) server inner-tunnel { (29) session-state: No cached attributes (29) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (29) authorize { (29) [mschap] = noop (29) suffix: Checking for suffix after "@" (29) suffix: Looking up realm "ndtel.com" for User-Name = "alexm@ndtel.com" (29) suffix: Found realm "ndtel.com" (29) suffix: Adding Stripped-User-Name = "alexm" (29) suffix: Adding Realm = "ndtel.com" (29) suffix: Authentication realm is LOCAL (29) [suffix] = ok (29) update control { (29) &Proxy-To-Realm := LOCAL (29) } # update control = noop (29) eap: Peer sent EAP Response (code 2) ID 84 length 6 (29) eap: No EAP Start, assuming it's an on-going EAP conversation (29) [eap] = updated rlm_ldap (ldap): Reserved connection (10) (29) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (29) ldap: --> (uid=alexm) (29) ldap: Performing search in "o=ndtc" with filter "(uid=alexm)", scope "sub" (29) ldap: Waiting for search result... (29) ldap: User object found at DN "uid=alexm,ou=ndtcadministration,o=ndtc" (29) ldap: Processing user attributes (29) ldap: control:Password-With-Header += 'ose55m1' rlm_ldap (ldap): Released connection (10) rlm_ldap (ldap): 0 of 2 connections in use. Need more spares rlm_ldap (ldap): Opening additional connection (12), 1 of 30 pending slots used rlm_ldap (ldap): Connecting to ldap://66.163.129.140:389 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful (29) [ldap] = updated (29) [expiration] = noop (29) [logintime] = noop (29) pap: No {...} in Password-With-Header, re-writing to Cleartext-Password (29) pap: Removing &control:Password-With-Header (29) pap: WARNING: Auth-Type already set. Not setting to PAP (29) [pap] = noop (29) } # authorize = updated (29) Found Auth-Type = EAP (29) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (29) authenticate { (29) eap: Expiring EAP session with state 0xd77fe400d62bfece (29) eap: Finished EAP session with state 0xd77fe400d62bfece (29) eap: Previous EAP request found for state 0xd77fe400d62bfece, released from the list (29) eap: Peer sent packet with method EAP MSCHAPv2 (26) (29) eap: Calling submodule eap_mschapv2 to process data (29) eap: Sending EAP Success (code 3) ID 84 length 4 (29) eap: Freeing handler (29) [eap] = ok (29) } # authenticate = ok (29) # Executing section post-auth from file /etc/raddb/sites-enabled/inner-tunnel (29) } # server inner-tunnel (29) Virtual server sending reply (29) MS-MPPE-Encryption-Policy = Encryption-Allowed (29) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (29) MS-MPPE-Send-Key = 0x6a5f664a8802325bf79a3ed8072a84a3 (29) MS-MPPE-Recv-Key = 0x95751d8c7a1a00efe44210ca630ae182 (29) EAP-Message = 0x03540004 (29) Message-Authenticator = 0x00000000000000000000000000000000 (29) Stripped-User-Name = "alexm" (29) eap_peap: Got tunneled reply code 2 (29) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed (29) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (29) eap_peap: MS-MPPE-Send-Key = 0x6a5f664a8802325bf79a3ed8072a84a3 (29) eap_peap: MS-MPPE-Recv-Key = 0x95751d8c7a1a00efe44210ca630ae182 (29) eap_peap: EAP-Message = 0x03540004 (29) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (29) eap_peap: Stripped-User-Name = "alexm" (29) eap_peap: Got tunneled reply RADIUS code 2 (29) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed (29) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (29) eap_peap: MS-MPPE-Send-Key = 0x6a5f664a8802325bf79a3ed8072a84a3 (29) eap_peap: MS-MPPE-Recv-Key = 0x95751d8c7a1a00efe44210ca630ae182 (29) eap_peap: EAP-Message = 0x03540004 (29) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (29) eap_peap: Stripped-User-Name = "alexm" (29) eap_peap: Tunneled authentication was successful (29) eap_peap: SUCCESS (29) eap: Sending EAP Request (code 1) ID 85 length 43 (29) eap: EAP session adding &reply:State = 0x39036bb7315672a2 (29) [eap] = handled (29) } # authenticate = handled (29) Using Post-Auth-Type Challenge (29) Post-Auth-Type sub-section not found. Ignoring. (29) # Executing group from file /etc/raddb/sites-enabled/default (29) Sent Access-Challenge Id 73 from 192.168.255.5:1812 to 192.168.255.112:51351 length 0 (29) EAP-Message = 0x0155002b190017030100205fabc34bbdfeda0f060f62f95449696d5cef7fe7e2d6f677729eb4da6add0d84 (29) Message-Authenticator = 0x00000000000000000000000000000000 (29) State = 0x39036bb7315672a2f4cfd4fec187241f (29) Finished request Waking up in 4.5 seconds. (30) Received Access-Request Id 74 from 192.168.255.112:51351 to 192.168.255.5:1812 length 236 (30) User-Name = "alexm@ndtel.com" (30) NAS-IP-Address = 192.168.255.112 (30) NAS-Identifier = "0418d620086c" (30) NAS-Port = 0 (30) Called-Station-Id = "0E-18-D6-22-08-6C:NDTC Corporate 11x" (30) Calling-Station-Id = "C4-85-08-F5-2C-10" (30) Framed-MTU = 1400 (30) NAS-Port-Type = Wireless-802.11 (30) Connect-Info = "CONNECT 0Mbps 802.11b" (30) EAP-Message = 0x0255002b19001703010020ee6fe875602061e37ee92242d9e441b96225ad634b2be8a9ba7e57c815d2ba88 (30) State = 0x39036bb7315672a2f4cfd4fec187241f (30) Message-Authenticator = 0xfcbe13c3efe1d8006158f72082e9b190 (30) session-state: No cached attributes (30) # Executing section authorize from file /etc/raddb/sites-enabled/default (30) authorize { (30) policy filter_username { (30) if (!&User-Name) { (30) if (!&User-Name) -> FALSE (30) if (&User-Name =~ / /) { (30) if (&User-Name =~ / /) -> FALSE (30) if (&User-Name =~ /@.*@/ ) { (30) if (&User-Name =~ /@.*@/ ) -> FALSE (30) if (&User-Name =~ /\.\./ ) { (30) if (&User-Name =~ /\.\./ ) -> FALSE (30) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (30) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (30) if (&User-Name =~ /\.$/) { (30) if (&User-Name =~ /\.$/) -> FALSE (30) if (&User-Name =~ /@\./) { (30) if (&User-Name =~ /@\./) -> FALSE (30) } # policy filter_username = notfound (30) [preprocess] = ok (30) [digest] = noop (30) suffix: Checking for suffix after "@" (30) suffix: Looking up realm "ndtel.com" for User-Name = "alexm@ndtel.com" (30) suffix: Found realm "ndtel.com" (30) suffix: Adding Stripped-User-Name = "alexm" (30) suffix: Adding Realm = "ndtel.com" (30) suffix: Authentication realm is LOCAL (30) [suffix] = ok (30) eap: Peer sent EAP Response (code 2) ID 85 length 43 (30) eap: Continuing tunnel setup (30) [eap] = ok (30) } # authorize = ok (30) Found Auth-Type = EAP (30) # Executing group from file /etc/raddb/sites-enabled/default (30) authenticate { (30) eap: Expiring EAP session with state 0x39036bb7315672a2 (30) eap: Finished EAP session with state 0x39036bb7315672a2 (30) eap: Previous EAP request found for state 0x39036bb7315672a2, released from the list (30) eap: Peer sent packet with method EAP PEAP (25) (30) eap: Calling submodule eap_peap to process data (30) eap_peap: Continuing EAP-TLS (30) eap_peap: [eaptls verify] = ok (30) eap_peap: Done initial handshake (30) eap_peap: [eaptls process] = ok (30) eap_peap: Session established. Decoding tunneled attributes (30) eap_peap: PEAP state send tlv success (30) eap_peap: Received EAP-TLV response (30) eap_peap: Success (30) eap_peap: caching Stripped-User-Name = "alexm" (30) eap_peap: Failed to find 'persist_dir' in TLS configuration. Session will not be cached on disk. (30) eap: Sending EAP Success (code 3) ID 85 length 4 (30) eap: Freeing handler (30) [eap] = ok (30) } # authenticate = ok (30) # Executing section post-auth from file /etc/raddb/sites-enabled/default (30) post-auth { (30) update { (30) No attributes updated (30) } # update = noop (30) [exec] = noop (30) policy remove_reply_message_if_eap { (30) if (&reply:EAP-Message && &reply:Reply-Message) { (30) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (30) else { (30) [noop] = noop (30) } # else = noop (30) } # policy remove_reply_message_if_eap = noop (30) } # post-auth = noop (30) Sent Access-Accept Id 74 from 192.168.255.5:1812 to 192.168.255.112:51351 length 0 (30) MS-MPPE-Recv-Key = 0x9a7301955a47749a1a32efb21810504168ed739ad4f135621a034e4aa3a36bd5 (30) MS-MPPE-Send-Key = 0xf3e51d880cfb4b049f20d9183c3192cdd8d59e949838f8ae7d4689a6c6351a4e (30) EAP-Message = 0x03550004 (30) Message-Authenticator = 0x00000000000000000000000000000000 (30) Finished request Waking up in 4.5 seconds. (31) Received Accounting-Request Id 75 from 192.168.255.112:45499 to 192.168.255.5:1813 length 180 (31) Acct-Session-Id = "00000014-00000094" (31) Acct-Status-Type = Start (31) Acct-Authentic = RADIUS (31) User-Name = "alexm@ndtel.com" (31) NAS-IP-Address = 192.168.255.112 (31) NAS-Identifier = "0418d620086c" (31) NAS-Port = 0 (31) Called-Station-Id = "0E-18-D6-22-08-6C:NDTC Corporate 11x" (31) Calling-Station-Id = "C4-85-08-F5-2C-10" (31) NAS-Port-Type = Wireless-802.11 (31) Connect-Info = "CONNECT 0Mbps 802.11b" (31) # Executing section preacct from file /etc/raddb/sites-enabled/default (31) preacct { (31) [preprocess] = ok (31) policy acct_unique { (31) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) { (31) EXPAND %{string:Class} (31) --> (31) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) -> FALSE (31) else { (31) update request { (31) EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} (31) --> 797383573585f14f6518fcaec4588107 (31) &Acct-Unique-Session-Id := 797383573585f14f6518fcaec4588107 (31) } # update request = noop (31) } # else = noop (31) } # policy acct_unique = noop (31) suffix: Checking for suffix after "@" (31) suffix: Looking up realm "ndtel.com" for User-Name = "alexm@ndtel.com" (31) suffix: Found realm "ndtel.com" (31) suffix: Adding Stripped-User-Name = "alexm" (31) suffix: Adding Realm = "ndtel.com" (31) suffix: Accounting realm is LOCAL (31) [suffix] = ok (31) [files] = noop (31) } # preacct = ok (31) # Executing section accounting from file /etc/raddb/sites-enabled/default (31) accounting { (31) detail: EXPAND /usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d (31) detail: --> /usr/local/var/log/radius/radacct/192.168.255.112/detail-20150921 (31) detail: /usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/192.168.255.112/detail-20150921 (31) detail: EXPAND %t (31) detail: --> Mon Sep 21 14:25:28 2015 (31) [detail] = ok (31) [unix] = ok (31) [exec] = noop (31) attr_filter.accounting_response: EXPAND %{User-Name} (31) attr_filter.accounting_response: --> alexm@ndtel.com (31) attr_filter.accounting_response: Matched entry DEFAULT at line 15 (31) [attr_filter.accounting_response] = updated (31) } # accounting = updated (31) Sent Accounting-Response Id 75 from 192.168.255.5:1813 to 192.168.255.112:45499 length 0 (31) Finished request (31) : Cleaning up request packet ID 75 with timestamp +10633 Waking up in 4.5 seconds. (21) : Cleaning up request packet ID 65 with timestamp +10632 (22) : Cleaning up request packet ID 66 with timestamp +10632 (23) : Cleaning up request packet ID 67 with timestamp +10632 (24) : Cleaning up request packet ID 68 with timestamp +10632 (25) : Cleaning up request packet ID 69 with timestamp +10632 (26) : Cleaning up request packet ID 70 with timestamp +10632 (27) : Cleaning up request packet ID 71 with timestamp +10632 Waking up in 0.1 seconds. (28) : Cleaning up request packet ID 72 with timestamp +10632 Waking up in 0.1 seconds. (29) : Cleaning up request packet ID 73 with timestamp +10632 (30) : Cleaning up request packet ID 74 with timestamp +10633 Ready to process requests