Ready to process requests.
rad_recv: Access-Request packet from host 194.82.174.185 port 20464, id=1, length=283
	User-Name = "aabbccdd@test.ucl.ac.uk"
	Chargeable-User-Identity = ""
	Location-Capable = Civix-Location
	Calling-Station-Id = "bc-85-56-aa-3e-3b"
	Called-Station-Id = "64-d8-14-86-76-90:eduroam"
	NAS-Port = 13
	Cisco-AVPair = "audit-session-id=0a650a03000a56ff54059636"
	NAS-IP-Address = 10.101.10.3
	NAS-Identifier = "wlc-tp-b"
	Airespace-Wlan-Id = 2
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "\000751"
	EAP-Message = 0x0201001b016363656165636140746573742e75636c2e61632e756b
	Message-Authenticator = 0xe6173321a45f1292933023ff3959ee68
	Proxy-State = 0x4f53432d457874656e6465642d49643d31
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++policy filter_username {
+++? if (User-Name =~ / /)
? Evaluating (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i )
? Evaluating (User-Name =~ /@(.+)?@/i) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i ) -> FALSE
+++? if (User-Name =~ /\\.\\./ )
? Evaluating (User-Name =~ /\\.\\./) -> FALSE
+++? if (User-Name =~ /\\.\\./ ) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/)
? Evaluating (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name =~ /\\.$/)
? Evaluating (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /@\\./)
? Evaluating (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/)
? Evaluating (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/)
? Evaluating (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/)
? Evaluating (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/)
? Evaluating (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/)
? Evaluating (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /\\.local$/)
? Evaluating (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/)
? Evaluating (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/)
? Evaluating (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/)
? Evaluating (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/)
? Evaluating (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/)
? Evaluating (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/)
? Evaluating (User-Name =~ /unimail\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/) -> FALSE
++} # policy filter_username = notfound
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
[eap] EAP packet type response id 1 length 27
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
[files] users: Matched entry DEFAULT at line 27
++[files] = ok
++[expiration] = noop
++[logintime] = noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group authenticate {
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 1 to 194.82.174.185 port 20464
	Tunnel-Private-Group-Id:0 := "eduroam-int"
	EAP-Message = 0x010200061920
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x096d457c096f5c5ad141002733166aeb
	Proxy-State = 0x4f53432d457874656e6465642d49643d31
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 1 with timestamp +17
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x096d457c096f5c5a did not finish!
WARNING: !! Please read http://wiki.freeradius.org/guide/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ready to process requests.
rad_recv: Access-Request packet from host 194.82.174.185 port 18681, id=1, length=283
	User-Name = "aabbccdd@test.ucl.ac.uk"
	Chargeable-User-Identity = ""
	Location-Capable = Civix-Location
	Calling-Station-Id = "bc-85-56-aa-3e-3b"
	Called-Station-Id = "64-d8-14-86-76-90:eduroam"
	NAS-Port = 13
	Cisco-AVPair = "audit-session-id=0a650a03000a56ff54059636"
	NAS-IP-Address = 10.101.10.3
	NAS-Identifier = "wlc-tp-b"
	Airespace-Wlan-Id = 2
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "\000751"
	EAP-Message = 0x0201001b016363656165636140746573742e75636c2e61632e756b
	Message-Authenticator = 0xe6173321a45f1292933023ff3959ee68
	Proxy-State = 0x4f53432d457874656e6465642d49643d31
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++policy filter_username {
+++? if (User-Name =~ / /)
? Evaluating (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i )
? Evaluating (User-Name =~ /@(.+)?@/i) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i ) -> FALSE
+++? if (User-Name =~ /\\.\\./ )
? Evaluating (User-Name =~ /\\.\\./) -> FALSE
+++? if (User-Name =~ /\\.\\./ ) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/)
? Evaluating (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name =~ /\\.$/)
? Evaluating (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /@\\./)
? Evaluating (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/)
? Evaluating (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/)
? Evaluating (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/)
? Evaluating (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/)
? Evaluating (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/)
? Evaluating (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /\\.local$/)
? Evaluating (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/)
? Evaluating (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/)
? Evaluating (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/)
? Evaluating (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/)
? Evaluating (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/)
? Evaluating (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/)
? Evaluating (User-Name =~ /unimail\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/) -> FALSE
++} # policy filter_username = notfound
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
[eap] EAP packet type response id 1 length 27
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
[files] users: Matched entry DEFAULT at line 27
++[files] = ok
++[expiration] = noop
++[logintime] = noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group authenticate {
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 1 to 194.82.174.185 port 18681
	Tunnel-Private-Group-Id:0 := "eduroam-int"
	EAP-Message = 0x010200061920
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xc6c60255c6c41bffa6b766f10df92d56
	Proxy-State = 0x4f53432d457874656e6465642d49643d31
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 194.82.174.185 port 46920, id=1, length=505
	User-Name = "aabbccdd@test.ucl.ac.uk"
	Chargeable-User-Identity = ""
	Location-Capable = Civix-Location
	Calling-Station-Id = "bc-85-56-aa-3e-3b"
	Called-Station-Id = "64-d8-14-86-76-90:eduroam"
	NAS-Port = 13
	Cisco-AVPair = "audit-session-id=0a650a03000a56ff54059636"
	NAS-IP-Address = 10.101.10.3
	NAS-Identifier = "wlc-tp-b"
	Airespace-Wlan-Id = 2
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "\000751"
	EAP-Message = 0x020200e71980000000dd16030100d8010000d403015405963f1ecf15a11e090db1c111a143cf0db3d292f40823dc69beee7ea1a5ff000066c014c00ac022c0210039003800880087c00fc00500350084c012c008c01cc01b00160013c00dc003000ac013c009c01fc01e00330032009a009900450044c00ec004002f00960041c011c007c00cc002000500040015001200090014001100080006000300ff01000045000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011000f000101
	State = 0x096d457c096f5c5ad141002733166aeb
	Message-Authenticator = 0xb61ec7f741e5a251fa92fc2d67394788
	Proxy-State = 0x4f53432d457874656e6465642d49643d31
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++policy filter_username {
+++? if (User-Name =~ / /)
? Evaluating (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i )
? Evaluating (User-Name =~ /@(.+)?@/i) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i ) -> FALSE
+++? if (User-Name =~ /\\.\\./ )
? Evaluating (User-Name =~ /\\.\\./) -> FALSE
+++? if (User-Name =~ /\\.\\./ ) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/)
? Evaluating (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name =~ /\\.$/)
? Evaluating (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /@\\./)
? Evaluating (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/)
? Evaluating (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/)
? Evaluating (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/)
? Evaluating (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/)
? Evaluating (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/)
? Evaluating (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /\\.local$/)
? Evaluating (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/)
? Evaluating (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/)
? Evaluating (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/)
? Evaluating (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/)
? Evaluating (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/)
? Evaluating (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/)
? Evaluating (User-Name =~ /unimail\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/) -> FALSE
++} # policy filter_username = notfound
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
[eap] EAP packet type response id 2 length 231
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 221
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 00d8], ClientHello  
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 003e], ServerHello  
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 119e], Certificate  
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange  
[peap]     TLS_accept: SSLv3 write key exchange A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase 
In SSL Accept mode  
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 1 to 194.82.174.185 port 46920
	EAP-Message = 0x0103040019c00000133f160301003e0200003a03015405964a2c065af2b2644142ff7b5bf8d21340c3289b4abcf32c2cd2e0fa9beb00c014000012ff01000100000b000403000102000f000101160301119e0b00119a0011970004753082047130820359a00302010202106324cd6c31921528ba3158f5822f36c1300d06092a864886f70d01010505003036310b3009060355040613024e4c310f300d060355040a1306544552454e41311630140603550403130d544552454e412053534c204341301e170d3134303631383030303030305a170d3137303631373233353935395a30403121301f060355040b1318446f6d61696e20436f6e74726f6c
	EAP-Message = 0x2056616c696461746564311b3019060355040313126f7270732e6a72732e75636c2e61632e756b30820122300d06092a864886f70d01010105000382010f003082010a0282010100c13ab072c3c88a07fa4aab889384c09547bb76800985f48dfcbddd6b1188d4cfd72c04e6e155e28542c402ac0a4256fe34cde327f3e0e74aced2697ec57954134a43815e7ee0171551dec12d429091e635e72c7bdfa0733857847c6632e65f9bdd25c562a7409a208642fd30100ef10d3424ee7ded663be8e1c7dc57672fce7588c9d651ba3c9f8a1ce236b1c7154d63fe00b736622c60d6fda0466832691d16120677793314e51229d9754b1c0091539ff6f96a36
	EAP-Message = 0x0bce3f46eb3d23dd030dce210a9595fd6f06bbe69a6d59f7328b117e8b9bae4bc34eba7d869735a35e4d701343580a9bf1b29d0b9cb28b6c34e9923af6483f6cf99c0c4233ce7e0b2559730203010001a382016f3082016b301f0603551d230418301680140cbd93680cf3deaba3496b2b375747ea90e3b9ed301d0603551d0e041604142e81c0e4be7bde7a18c8f62cff1e9d003abdfc9f300e0603551d0f0101ff0404030205a0300c0603551d130101ff04023000301d0603551d250416301406082b0601050507030106082b0601050507030230220603551d20041b3019300d060b2b06010401b2310102021d3008060667810c010201303a0603
	EAP-Message = 0x551d1f04333031302fa02da02b8629687474703a2f2f63726c2e7463732e746572656e612e6f72672f544552454e4153534c43412e63726c306d06082b060105050701010461305f303506082b060105050730028629687474703a2f2f6372742e7463732e746572656e612e6f72672f544552454e4153534c43412e637274302606082b06010505073001861a687474703a2f2f6f6373702e7463732e746572656e612e6f7267301d0603551d110416301482126f7270732e6a72732e75636c2e61632e756b300d06092a864886f70d0101050500038201010085fe8879d2f2e5e3625cc345254c48dcd01d2686a96a6322f26c9b591d1be5579754f7
	EAP-Message = 0xe871f1df239fb2f1d595aa58
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x096d457c086e5c5ad141002733166aeb
	Proxy-State = 0x4f53432d457874656e6465642d49643d31
Finished request 2.
Going to the next request
rad_recv: Access-Request packet from host 194.82.174.185 port 46920, id=2, length=505
	User-Name = "aabbccdd@test.ucl.ac.uk"
	Chargeable-User-Identity = ""
	Location-Capable = Civix-Location
	Calling-Station-Id = "bc-85-56-aa-3e-3b"
	Called-Station-Id = "64-d8-14-86-76-90:eduroam"
	NAS-Port = 13
	Cisco-AVPair = "audit-session-id=0a650a03000a56ff54059636"
	NAS-IP-Address = 10.101.10.3
	NAS-Identifier = "wlc-tp-b"
	Airespace-Wlan-Id = 2
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "\000751"
	EAP-Message = 0x020200e71980000000dd16030100d8010000d403015405963f1ecf15a11e090db1c111a143cf0db3d292f40823dc69beee7ea1a5ff000066c014c00ac022c0210039003800880087c00fc00500350084c012c008c01cc01b00160013c00dc003000ac013c009c01fc01e00330032009a009900450044c00ec004002f00960041c011c007c00cc002000500040015001200090014001100080006000300ff01000045000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011000f000101
	State = 0x096d457c096f5c5ad141002733166aeb
	Message-Authenticator = 0x8af5d4ec24fef818be3325f7304ea518
	Proxy-State = 0x4f53432d457874656e6465642d49643d32
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++policy filter_username {
+++? if (User-Name =~ / /)
? Evaluating (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i )
? Evaluating (User-Name =~ /@(.+)?@/i) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i ) -> FALSE
+++? if (User-Name =~ /\\.\\./ )
? Evaluating (User-Name =~ /\\.\\./) -> FALSE
+++? if (User-Name =~ /\\.\\./ ) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/)
? Evaluating (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name =~ /\\.$/)
? Evaluating (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /@\\./)
? Evaluating (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/)
? Evaluating (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/)
? Evaluating (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/)
? Evaluating (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/)
? Evaluating (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/)
? Evaluating (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /\\.local$/)
? Evaluating (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/)
? Evaluating (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/)
? Evaluating (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/)
? Evaluating (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/)
? Evaluating (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/)
? Evaluating (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/)
? Evaluating (User-Name =~ /unimail\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/) -> FALSE
++} # policy filter_username = notfound
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
[eap] EAP packet type response id 2 length 231
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group authenticate {
rlm_eap: No EAP session matching the State variable.
[eap] Either EAP-request timed out OR EAP-response to an unknown EAP-request
[eap] Failed in handler
++[eap] = invalid
+} # group authenticate = invalid
Failed to authenticate the user.
Login incorrect: [aabbccdd@test.ucl.ac.uk] (from client roaming0.ja.net port 13 cli bc-85-56-aa-3e-3b)
Using Post-Auth-Type REJECT
# Executing group from file /etc/raddb/sites-enabled/default
+group REJECT {
[attr_filter.access_reject] 	expand: %{User-Name} -> aabbccdd@test.ucl.ac.uk
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] = updated
+} # group REJECT = updated
Delaying reject of request 3 for 1 seconds
Going to the next request
Cleaning up request 1 ID 1 with timestamp +22
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0xc6c60255c6c41bff did not finish!
WARNING: !! Please read http://wiki.freeradius.org/guide/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Waking up in 0.9 seconds.
Sending delayed reject for request 3
Sending Access-Reject of id 2 to 194.82.174.185 port 46920
	Proxy-State = 0x4f53432d457874656e6465642d49643d32
Waking up in 3.9 seconds.
rad_recv: Access-Request packet from host 194.82.174.185 port 24311, id=1, length=505
	User-Name = "aabbccdd@test.ucl.ac.uk"
	Chargeable-User-Identity = ""
	Location-Capable = Civix-Location
	Calling-Station-Id = "bc-85-56-aa-3e-3b"
	Called-Station-Id = "64-d8-14-86-76-90:eduroam"
	NAS-Port = 13
	Cisco-AVPair = "audit-session-id=0a650a03000a56ff54059636"
	NAS-IP-Address = 10.101.10.3
	NAS-Identifier = "wlc-tp-b"
	Airespace-Wlan-Id = 2
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "\000751"
	EAP-Message = 0x020200e71980000000dd16030100d8010000d403015405963f1ecf15a11e090db1c111a143cf0db3d292f40823dc69beee7ea1a5ff000066c014c00ac022c0210039003800880087c00fc00500350084c012c008c01cc01b00160013c00dc003000ac013c009c01fc01e00330032009a009900450044c00ec004002f00960041c011c007c00cc002000500040015001200090014001100080006000300ff01000045000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011000f000101
	State = 0x096d457c096f5c5ad141002733166aeb
	Message-Authenticator = 0xb61ec7f741e5a251fa92fc2d67394788
	Proxy-State = 0x4f53432d457874656e6465642d49643d31
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++policy filter_username {
+++? if (User-Name =~ / /)
? Evaluating (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i )
? Evaluating (User-Name =~ /@(.+)?@/i) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i ) -> FALSE
+++? if (User-Name =~ /\\.\\./ )
? Evaluating (User-Name =~ /\\.\\./) -> FALSE
+++? if (User-Name =~ /\\.\\./ ) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/)
? Evaluating (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name =~ /\\.$/)
? Evaluating (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /@\\./)
? Evaluating (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/)
? Evaluating (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/)
? Evaluating (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/)
? Evaluating (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/)
? Evaluating (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/)
? Evaluating (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /\\.local$/)
? Evaluating (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/)
? Evaluating (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/)
? Evaluating (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/)
? Evaluating (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/)
? Evaluating (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/)
? Evaluating (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/)
? Evaluating (User-Name =~ /unimail\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/) -> FALSE
++} # policy filter_username = notfound
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
[eap] EAP packet type response id 2 length 231
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group authenticate {
rlm_eap: No EAP session matching the State variable.
[eap] Either EAP-request timed out OR EAP-response to an unknown EAP-request
[eap] Failed in handler
++[eap] = invalid
+} # group authenticate = invalid
Failed to authenticate the user.
Login incorrect: [aabbccdd@test.ucl.ac.uk] (from client roaming0.ja.net port 13 cli bc-85-56-aa-3e-3b)
Using Post-Auth-Type REJECT
# Executing group from file /etc/raddb/sites-enabled/default
+group REJECT {
[attr_filter.access_reject] 	expand: %{User-Name} -> aabbccdd@test.ucl.ac.uk
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] = updated
+} # group REJECT = updated
Delaying reject of request 4 for 1 seconds
Going to the next request
Cleaning up request 2 ID 1 with timestamp +27
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x096d457c086e5c5a did not finish!
WARNING: !! Please read http://wiki.freeradius.org/guide/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Waking up in 0.9 seconds.
Sending delayed reject for request 4
Sending Access-Reject of id 1 to 194.82.174.185 port 24311
	Proxy-State = 0x4f53432d457874656e6465642d49643d31
Cleaning up request 3 ID 2 with timestamp +27
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 194.82.174.185 port 39257, id=1, length=280
	User-Name = "aabbccdd@test.ucl.ac.uk"
	Chargeable-User-Identity = ""
	Location-Capable = Civix-Location
	Calling-Station-Id = "bc-85-56-aa-3e-3b"
	Called-Station-Id = "64-d8-14-86-76-90:eduroam"
	NAS-Port = 13
	Cisco-AVPair = "audit-session-id=0a650a03000a56ff54059636"
	NAS-IP-Address = 10.101.10.3
	NAS-Identifier = "wlc-tp-b"
	Airespace-Wlan-Id = 2
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "\000751"
	EAP-Message = 0x020300061900
	State = 0x096d457c086e5c5ad141002733166aeb
	Message-Authenticator = 0xe83eb536fb86cd822cf72b122f0f0f77
	Proxy-State = 0x4f53432d457874656e6465642d49643d31
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++policy filter_username {
+++? if (User-Name =~ / /)
? Evaluating (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i )
? Evaluating (User-Name =~ /@(.+)?@/i) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i ) -> FALSE
+++? if (User-Name =~ /\\.\\./ )
? Evaluating (User-Name =~ /\\.\\./) -> FALSE
+++? if (User-Name =~ /\\.\\./ ) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/)
? Evaluating (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name =~ /\\.$/)
? Evaluating (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /@\\./)
? Evaluating (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/)
? Evaluating (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/)
? Evaluating (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/)
? Evaluating (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/)
? Evaluating (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/)
? Evaluating (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /\\.local$/)
? Evaluating (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/)
? Evaluating (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/)
? Evaluating (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/)
? Evaluating (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/)
? Evaluating (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/)
? Evaluating (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/)
? Evaluating (User-Name =~ /unimail\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/) -> FALSE
++} # policy filter_username = notfound
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 1 to 194.82.174.185 port 39257
	EAP-Message = 0x010403fc1940983d0ebe4eb1727dc655f282e8a39f7e3488ef35748f6d96c038074d27db7c91c0a12fdf22a0febcc9d6dad7e9f782f416a091285a6a4b9257b3cec60c38e611523f6b6dfb6d7f53ff58f917aa8611fcb48072e951557326444670a545b4aa00d701fad88ae72313f6651e09857c7029dc2b31c07b346cfeab8365aa1c8cb2d22189b0c947d6494df883feb1d0e12cb3bce29f40f429c7a1e9fafb7370de6bb25c180a7876f054d021f4891d9b3f260457815e9e216d010b7b2c1734afe367fc5868175a9cf56bdc0850b3cd0a90235b2100049c3082049830820380a00302010202104bc814032f07fa6aa4f0da29df6179ba300d0609
	EAP-Message = 0x2a864886f70d0101050500308197310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311f301d0603550403131655544e2d5553455246697273742d4861726477617265301e170d3039303531383030303030305a170d3230303533303130343833385a3036310b3009060355040613024e4c310f300d060355040a1306544552454e41311630140603550403130d544552454e412053534c204341
	EAP-Message = 0x30820122300d06092a864886f70d01010105000382010f003082010a0282010100c3e348c42f5cc1cba999fd1ba2835d8a3dad3ad0e2a4431f4d0efe352530a5691bc4e8e5c18f547ee16aa29a5c5cde3dfc02ce96b85f8f835bcc604090f8e4b63a259c5f1451ecb1e7af9e50a13155c702bdac528a7f358e82fa84ad15fea27f83103a5553942c01167494546328a3f25b293d94888020e214592119b4a498e160e6f2eba2808343e0ad68f379198b6843513f8a9b41850c358c5db5f1b6e5a7c383b56b236fd4a5eb50e594f14a5fee274b141215244c0dcf628db70021ad3a320f580b5f1e9bd1df9d8ea91935502f41a9ad3bc6e045b253397f21
	EAP-Message = 0xbf221a875c34ae526f077da20b4e9f2b79a67d13ddf57f837c2f5a5d77787891a014bf7d0203010001a382013e3082013a301f0603551d23041830168014a1725f261b289843955d0737d585969d4bd2c345301d0603551d0e041604140cbd93680cf3deaba3496b2b375747ea90e3b9ed300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff02010030180603551d200411300f300d060b2b06010401b2310102021d30440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d48617264776172652e63726c307406082b060105
	EAP-Message = 0x0507010104683066
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x096d457c0b695c5ad141002733166aeb
	Proxy-State = 0x4f53432d457874656e6465642d49643d31
Finished request 5.
Going to the next request
Waking up in 0.9 seconds.
Cleaning up request 4 ID 1 with timestamp +32
Waking up in 4.0 seconds.
rad_recv: Access-Request packet from host 194.82.174.185 port 39257, id=2, length=283
	User-Name = "aabbccdd@test.ucl.ac.uk"
	Chargeable-User-Identity = ""
	Location-Capable = Civix-Location
	Calling-Station-Id = "bc-85-56-aa-3e-3b"
	Called-Station-Id = "5c-50-15-90-9f-00:eduroam"
	NAS-Port = 13
	Cisco-AVPair = "audit-session-id=0a650a03000a56ff54059636"
	NAS-IP-Address = 10.101.10.3
	NAS-Identifier = "wlc-tp-b"
	Airespace-Wlan-Id = 2
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "\000751"
	EAP-Message = 0x0201001b016363656165636140746573742e75636c2e61632e756b
	Message-Authenticator = 0x01e1da7b5e1f25cc8684b2e1e225b088
	Proxy-State = 0x4f53432d457874656e6465642d49643d32
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++policy filter_username {
+++? if (User-Name =~ / /)
? Evaluating (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i )
? Evaluating (User-Name =~ /@(.+)?@/i) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i ) -> FALSE
+++? if (User-Name =~ /\\.\\./ )
? Evaluating (User-Name =~ /\\.\\./) -> FALSE
+++? if (User-Name =~ /\\.\\./ ) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/)
? Evaluating (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name =~ /\\.$/)
? Evaluating (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /@\\./)
? Evaluating (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/)
? Evaluating (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/)
? Evaluating (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/)
? Evaluating (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/)
? Evaluating (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/)
? Evaluating (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /\\.local$/)
? Evaluating (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/)
? Evaluating (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/)
? Evaluating (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/)
? Evaluating (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/)
? Evaluating (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/)
? Evaluating (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/)
? Evaluating (User-Name =~ /unimail\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/) -> FALSE
++} # policy filter_username = notfound
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
[eap] EAP packet type response id 1 length 27
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
[files] users: Matched entry DEFAULT at line 27
++[files] = ok
++[expiration] = noop
++[logintime] = noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group authenticate {
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 2 to 194.82.174.185 port 39257
	Tunnel-Private-Group-Id:0 := "eduroam-int"
	EAP-Message = 0x010200061920
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xddf22285ddf03bb40b1e0aeb668bbe5f
	Proxy-State = 0x4f53432d457874656e6465642d49643d32
Finished request 6.
Going to the next request
Waking up in 3.6 seconds.
rad_recv: Access-Request packet from host 194.82.174.185 port 18681, id=2, length=505
	User-Name = "aabbccdd@test.ucl.ac.uk"
	Chargeable-User-Identity = ""
	Location-Capable = Civix-Location
	Calling-Station-Id = "bc-85-56-aa-3e-3b"
	Called-Station-Id = "5c-50-15-90-9f-00:eduroam"
	NAS-Port = 13
	Cisco-AVPair = "audit-session-id=0a650a03000a56ff54059636"
	NAS-IP-Address = 10.101.10.3
	NAS-Identifier = "wlc-tp-b"
	Airespace-Wlan-Id = 2
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "\000751"
	EAP-Message = 0x020200e71980000000dd16030100d8010000d403015405965507ab6e7058d37921b17d9f9556642b82ac926d60b10db26d1d395daf000066c014c00ac022c0210039003800880087c00fc00500350084c012c008c01cc01b00160013c00dc003000ac013c009c01fc01e00330032009a009900450044c00ec004002f00960041c011c007c00cc002000500040015001200090014001100080006000300ff01000045000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011000f000101
	State = 0xddf22285ddf03bb40b1e0aeb668bbe5f
	Message-Authenticator = 0x426c1c6dc7a1e2bfd165cd4b7aa456f4
	Proxy-State = 0x4f53432d457874656e6465642d49643d32
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++policy filter_username {
+++? if (User-Name =~ / /)
? Evaluating (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i )
? Evaluating (User-Name =~ /@(.+)?@/i) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i ) -> FALSE
+++? if (User-Name =~ /\\.\\./ )
? Evaluating (User-Name =~ /\\.\\./) -> FALSE
+++? if (User-Name =~ /\\.\\./ ) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/)
? Evaluating (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name =~ /\\.$/)
? Evaluating (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /@\\./)
? Evaluating (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/)
? Evaluating (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/)
? Evaluating (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/)
? Evaluating (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/)
? Evaluating (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/)
? Evaluating (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /\\.local$/)
? Evaluating (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/)
? Evaluating (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/)
? Evaluating (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/)
? Evaluating (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/)
? Evaluating (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/)
? Evaluating (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/)
? Evaluating (User-Name =~ /unimail\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/) -> FALSE
++} # policy filter_username = notfound
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
[eap] EAP packet type response id 2 length 231
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 221
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 00d8], ClientHello  
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 003e], ServerHello  
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 119e], Certificate  
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange  
[peap]     TLS_accept: SSLv3 write key exchange A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase 
In SSL Accept mode  
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 2 to 194.82.174.185 port 18681
	EAP-Message = 0x0103040019c00000133f160301003e0200003a03015405965561066245e912fd820cc0f540fa32a594861673768891c77d41e892dd00c014000012ff01000100000b000403000102000f000101160301119e0b00119a0011970004753082047130820359a00302010202106324cd6c31921528ba3158f5822f36c1300d06092a864886f70d01010505003036310b3009060355040613024e4c310f300d060355040a1306544552454e41311630140603550403130d544552454e412053534c204341301e170d3134303631383030303030305a170d3137303631373233353935395a30403121301f060355040b1318446f6d61696e20436f6e74726f6c
	EAP-Message = 0x2056616c696461746564311b3019060355040313126f7270732e6a72732e75636c2e61632e756b30820122300d06092a864886f70d01010105000382010f003082010a0282010100c13ab072c3c88a07fa4aab889384c09547bb76800985f48dfcbddd6b1188d4cfd72c04e6e155e28542c402ac0a4256fe34cde327f3e0e74aced2697ec57954134a43815e7ee0171551dec12d429091e635e72c7bdfa0733857847c6632e65f9bdd25c562a7409a208642fd30100ef10d3424ee7ded663be8e1c7dc57672fce7588c9d651ba3c9f8a1ce236b1c7154d63fe00b736622c60d6fda0466832691d16120677793314e51229d9754b1c0091539ff6f96a36
	EAP-Message = 0x0bce3f46eb3d23dd030dce210a9595fd6f06bbe69a6d59f7328b117e8b9bae4bc34eba7d869735a35e4d701343580a9bf1b29d0b9cb28b6c34e9923af6483f6cf99c0c4233ce7e0b2559730203010001a382016f3082016b301f0603551d230418301680140cbd93680cf3deaba3496b2b375747ea90e3b9ed301d0603551d0e041604142e81c0e4be7bde7a18c8f62cff1e9d003abdfc9f300e0603551d0f0101ff0404030205a0300c0603551d130101ff04023000301d0603551d250416301406082b0601050507030106082b0601050507030230220603551d20041b3019300d060b2b06010401b2310102021d3008060667810c010201303a0603
	EAP-Message = 0x551d1f04333031302fa02da02b8629687474703a2f2f63726c2e7463732e746572656e612e6f72672f544552454e4153534c43412e63726c306d06082b060105050701010461305f303506082b060105050730028629687474703a2f2f6372742e7463732e746572656e612e6f72672f544552454e4153534c43412e637274302606082b06010505073001861a687474703a2f2f6f6373702e7463732e746572656e612e6f7267301d0603551d110416301482126f7270732e6a72732e75636c2e61632e756b300d06092a864886f70d0101050500038201010085fe8879d2f2e5e3625cc345254c48dcd01d2686a96a6322f26c9b591d1be5579754f7
	EAP-Message = 0xe871f1df239fb2f1d595aa58
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xddf22285dcf13bb40b1e0aeb668bbe5f
	Proxy-State = 0x4f53432d457874656e6465642d49643d32
Finished request 7.
Going to the next request
Waking up in 3.6 seconds.
rad_recv: Access-Request packet from host 194.82.174.185 port 39257, id=3, length=280
	User-Name = "aabbccdd@test.ucl.ac.uk"
	Chargeable-User-Identity = ""
	Location-Capable = Civix-Location
	Calling-Station-Id = "bc-85-56-aa-3e-3b"
	Called-Station-Id = "5c-50-15-90-9f-00:eduroam"
	NAS-Port = 13
	Cisco-AVPair = "audit-session-id=0a650a03000a56ff54059636"
	NAS-IP-Address = 10.101.10.3
	NAS-Identifier = "wlc-tp-b"
	Airespace-Wlan-Id = 2
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "\000751"
	EAP-Message = 0x020300061900
	State = 0xddf22285dcf13bb40b1e0aeb668bbe5f
	Message-Authenticator = 0xb50a2b5970e44dc1cc50b99d609c69e4
	Proxy-State = 0x4f53432d457874656e6465642d49643d33
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++policy filter_username {
+++? if (User-Name =~ / /)
? Evaluating (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i )
? Evaluating (User-Name =~ /@(.+)?@/i) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i ) -> FALSE
+++? if (User-Name =~ /\\.\\./ )
? Evaluating (User-Name =~ /\\.\\./) -> FALSE
+++? if (User-Name =~ /\\.\\./ ) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/)
? Evaluating (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name =~ /\\.$/)
? Evaluating (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /@\\./)
? Evaluating (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/)
? Evaluating (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/)
? Evaluating (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/)
? Evaluating (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/)
? Evaluating (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/)
? Evaluating (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /\\.local$/)
? Evaluating (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/)
? Evaluating (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/)
? Evaluating (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/)
? Evaluating (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/)
? Evaluating (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/)
? Evaluating (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/)
? Evaluating (User-Name =~ /unimail\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/) -> FALSE
++} # policy filter_username = notfound
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 3 to 194.82.174.185 port 39257
	EAP-Message = 0x010403fc1940983d0ebe4eb1727dc655f282e8a39f7e3488ef35748f6d96c038074d27db7c91c0a12fdf22a0febcc9d6dad7e9f782f416a091285a6a4b9257b3cec60c38e611523f6b6dfb6d7f53ff58f917aa8611fcb48072e951557326444670a545b4aa00d701fad88ae72313f6651e09857c7029dc2b31c07b346cfeab8365aa1c8cb2d22189b0c947d6494df883feb1d0e12cb3bce29f40f429c7a1e9fafb7370de6bb25c180a7876f054d021f4891d9b3f260457815e9e216d010b7b2c1734afe367fc5868175a9cf56bdc0850b3cd0a90235b2100049c3082049830820380a00302010202104bc814032f07fa6aa4f0da29df6179ba300d0609
	EAP-Message = 0x2a864886f70d0101050500308197310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311f301d0603550403131655544e2d5553455246697273742d4861726477617265301e170d3039303531383030303030305a170d3230303533303130343833385a3036310b3009060355040613024e4c310f300d060355040a1306544552454e41311630140603550403130d544552454e412053534c204341
	EAP-Message = 0x30820122300d06092a864886f70d01010105000382010f003082010a0282010100c3e348c42f5cc1cba999fd1ba2835d8a3dad3ad0e2a4431f4d0efe352530a5691bc4e8e5c18f547ee16aa29a5c5cde3dfc02ce96b85f8f835bcc604090f8e4b63a259c5f1451ecb1e7af9e50a13155c702bdac528a7f358e82fa84ad15fea27f83103a5553942c01167494546328a3f25b293d94888020e214592119b4a498e160e6f2eba2808343e0ad68f379198b6843513f8a9b41850c358c5db5f1b6e5a7c383b56b236fd4a5eb50e594f14a5fee274b141215244c0dcf628db70021ad3a320f580b5f1e9bd1df9d8ea91935502f41a9ad3bc6e045b253397f21
	EAP-Message = 0xbf221a875c34ae526f077da20b4e9f2b79a67d13ddf57f837c2f5a5d77787891a014bf7d0203010001a382013e3082013a301f0603551d23041830168014a1725f261b289843955d0737d585969d4bd2c345301d0603551d0e041604140cbd93680cf3deaba3496b2b375747ea90e3b9ed300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff02010030180603551d200411300f300d060b2b06010401b2310102021d30440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d48617264776172652e63726c307406082b060105
	EAP-Message = 0x0507010104683066
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xddf22285dff63bb40b1e0aeb668bbe5f
	Proxy-State = 0x4f53432d457874656e6465642d49643d33
Finished request 8.
Going to the next request
Waking up in 3.5 seconds.
rad_recv: Access-Request packet from host 194.82.174.185 port 18681, id=3, length=280
	User-Name = "aabbccdd@test.ucl.ac.uk"
	Chargeable-User-Identity = ""
	Location-Capable = Civix-Location
	Calling-Station-Id = "bc-85-56-aa-3e-3b"
	Called-Station-Id = "5c-50-15-90-9f-00:eduroam"
	NAS-Port = 13
	Cisco-AVPair = "audit-session-id=0a650a03000a56ff54059636"
	NAS-IP-Address = 10.101.10.3
	NAS-Identifier = "wlc-tp-b"
	Airespace-Wlan-Id = 2
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "\000751"
	EAP-Message = 0x020400061900
	State = 0xddf22285dff63bb40b1e0aeb668bbe5f
	Message-Authenticator = 0x5dccf14a83cc136529a76631a719280d
	Proxy-State = 0x4f53432d457874656e6465642d49643d33
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++policy filter_username {
+++? if (User-Name =~ / /)
? Evaluating (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i )
? Evaluating (User-Name =~ /@(.+)?@/i) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i ) -> FALSE
+++? if (User-Name =~ /\\.\\./ )
? Evaluating (User-Name =~ /\\.\\./) -> FALSE
+++? if (User-Name =~ /\\.\\./ ) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/)
? Evaluating (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name =~ /\\.$/)
? Evaluating (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /@\\./)
? Evaluating (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/)
? Evaluating (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/)
? Evaluating (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/)
? Evaluating (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/)
? Evaluating (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/)
? Evaluating (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /\\.local$/)
? Evaluating (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/)
? Evaluating (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/)
? Evaluating (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/)
? Evaluating (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/)
? Evaluating (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/)
? Evaluating (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/)
? Evaluating (User-Name =~ /unimail\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/) -> FALSE
++} # policy filter_username = notfound
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 3 to 194.82.174.185 port 18681
	EAP-Message = 0x010503fc1940303d06082b060105050730028631687474703a2f2f6372742e7573657274727573742e636f6d2f55544e41646454727573745365727665725f43412e637274302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d300d06092a864886f70d010105050003820101004e23ee489cf6858b71c40a6e739372c03a8e808ad9b3cab2d4019c28cff25c0e2144930bb61a21e39801940e6749811ebe3d0d4e60daefa0314e95eff3dd7a5a822043b6a16343b3506943624b5662b0348ab913435993ec147988f34893e89dc9fa87720c6b56a0c3158d68a5871f712de65a6d3c6971400455dca043
	EAP-Message = 0x9420453878d7bd8ad839c6df09b75a9aa903b8281078cdbf011b5a113e38f4d81b3479cf33d201fdac98cd6d4711904cbbb95bd870e7d5afb6ccc486e675c09e29b62b0f2aa569020de3e9a2b45dc0f3ce2c6a85387661c64982ab51b382a6b941982898fb6bfe8a16ff317e5447a83cdc4326a99b05b79ec034439130d432c3115ae10004403082043c30820324a0030201020210484bacf1aac7d71343d1a27435499725300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574
	EAP-Message = 0x776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3035303630373038303931305a170d3230303533303130343833385a308197310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311f301d0603550403131655544e2d5553455246697273742d486172647761726530820122300d06092a864886f70d01010105000382010f00308201
	EAP-Message = 0x0a0282010100b1f7c3383fb4a87fcf39825167d06d9fd2ff58f3e79f2bec0d895499b9389916f7e0217948c2bb617412961d3c6a72d53c10673a39ed2b13cd66eb950933a46c97b1e8c6ecc175799c465e8dabd06afdb92a55171054b319f09af6f1b15db6a76dfbe071176ba288fb00dffe1a31770c9a017ab132e32b0107386ec3a55e23bc459b7b50c1c9308fdbe52b7ad35bfb33401ea0d59817bc8b87c389d35da08eb2aaaaf68e698806c5fa8921f3089d692e09339b290d460f8ccc4934b06951bdf906cd68ad664cbc3eac61bd0a880ec8df3dee7c044c9d0a5e6b91d6eec7ed288dab4d878973d06ea4d01e168b14e17644037f63ace4cd49
	EAP-Message = 0x9cc592f4ab32a148
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xddf22285def73bb40b1e0aeb668bbe5f
	Proxy-State = 0x4f53432d457874656e6465642d49643d33
Finished request 9.
Going to the next request
Waking up in 3.5 seconds.
Cleaning up request 5 ID 1 with timestamp +37
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x096d457c0b695c5a did not finish!
WARNING: !! Please read http://wiki.freeradius.org/guide/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
rad_recv: Access-Request packet from host 194.82.174.185 port 50087, id=1, length=280
	User-Name = "aabbccdd@test.ucl.ac.uk"
	Chargeable-User-Identity = ""
	Location-Capable = Civix-Location
	Calling-Station-Id = "bc-85-56-aa-3e-3b"
	Called-Station-Id = "64-d8-14-86-76-90:eduroam"
	NAS-Port = 13
	Cisco-AVPair = "audit-session-id=0a650a03000a56ff54059636"
	NAS-IP-Address = 10.101.10.3
	NAS-Identifier = "wlc-tp-b"
	Airespace-Wlan-Id = 2
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "\000751"
	EAP-Message = 0x020300061900
	State = 0x096d457c086e5c5ad141002733166aeb
	Message-Authenticator = 0xe83eb536fb86cd822cf72b122f0f0f77
	Proxy-State = 0x4f53432d457874656e6465642d49643d31
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++policy filter_username {
+++? if (User-Name =~ / /)
? Evaluating (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i )
? Evaluating (User-Name =~ /@(.+)?@/i) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i ) -> FALSE
+++? if (User-Name =~ /\\.\\./ )
? Evaluating (User-Name =~ /\\.\\./) -> FALSE
+++? if (User-Name =~ /\\.\\./ ) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/)
? Evaluating (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name =~ /\\.$/)
? Evaluating (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /@\\./)
? Evaluating (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/)
? Evaluating (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/)
? Evaluating (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/)
? Evaluating (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/)
? Evaluating (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/)
? Evaluating (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /\\.local$/)
? Evaluating (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/)
? Evaluating (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/)
? Evaluating (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/)
? Evaluating (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/)
? Evaluating (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/)
? Evaluating (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/)
? Evaluating (User-Name =~ /unimail\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/) -> FALSE
++} # policy filter_username = notfound
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group authenticate {
rlm_eap: No EAP session matching the State variable.
[eap] Either EAP-request timed out OR EAP-response to an unknown EAP-request
[eap] Failed in handler
++[eap] = invalid
+} # group authenticate = invalid
Failed to authenticate the user.
Login incorrect: [aabbccdd@test.ucl.ac.uk] (from client roaming0.ja.net port 13 cli bc-85-56-aa-3e-3b)
Using Post-Auth-Type REJECT
# Executing group from file /etc/raddb/sites-enabled/default
+group REJECT {
[attr_filter.access_reject] 	expand: %{User-Name} -> aabbccdd@test.ucl.ac.uk
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] = updated
+} # group REJECT = updated
Delaying reject of request 10 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 10
Sending Access-Reject of id 1 to 194.82.174.185 port 50087
	Proxy-State = 0x4f53432d457874656e6465642d49643d31
Waking up in 0.3 seconds.
rad_recv: Access-Request packet from host 194.82.174.185 port 50087, id=2, length=283
	User-Name = "aabbccdd@test.ucl.ac.uk"
	Chargeable-User-Identity = ""
	Location-Capable = Civix-Location
	Calling-Station-Id = "bc-85-56-aa-3e-3b"
	Called-Station-Id = "5c-50-15-90-9f-00:eduroam"
	NAS-Port = 13
	Cisco-AVPair = "audit-session-id=0a650a03000a56ff54059636"
	NAS-IP-Address = 10.101.10.3
	NAS-Identifier = "wlc-tp-b"
	Airespace-Wlan-Id = 2
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "\000751"
	EAP-Message = 0x0201001b016363656165636140746573742e75636c2e61632e756b
	Message-Authenticator = 0x7f956156e0d2b4b87d925559af8ae263
	Proxy-State = 0x4f53432d457874656e6465642d49643d32
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++policy filter_username {
+++? if (User-Name =~ / /)
? Evaluating (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i )
? Evaluating (User-Name =~ /@(.+)?@/i) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i ) -> FALSE
+++? if (User-Name =~ /\\.\\./ )
? Evaluating (User-Name =~ /\\.\\./) -> FALSE
+++? if (User-Name =~ /\\.\\./ ) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/)
? Evaluating (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name =~ /\\.$/)
? Evaluating (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /@\\./)
? Evaluating (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/)
? Evaluating (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/)
? Evaluating (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/)
? Evaluating (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/)
? Evaluating (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/)
? Evaluating (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /\\.local$/)
? Evaluating (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/)
? Evaluating (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/)
? Evaluating (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/)
? Evaluating (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/)
? Evaluating (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/)
? Evaluating (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/)
? Evaluating (User-Name =~ /unimail\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/) -> FALSE
++} # policy filter_username = notfound
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
[eap] EAP packet type response id 1 length 27
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
[files] users: Matched entry DEFAULT at line 27
++[files] = ok
++[expiration] = noop
++[logintime] = noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group authenticate {
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 2 to 194.82.174.185 port 50087
	Tunnel-Private-Group-Id:0 := "eduroam-int"
	EAP-Message = 0x010200061920
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x09355104093748a5c513554090fa0545
	Proxy-State = 0x4f53432d457874656e6465642d49643d32
Finished request 11.
Going to the next request
Waking up in 0.3 seconds.
Cleaning up request 6 ID 2 with timestamp +38
Cleaning up request 7 ID 2 with timestamp +38
Cleaning up request 8 ID 3 with timestamp +38
Cleaning up request 9 ID 3 with timestamp +38
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0xddf22285def73bb4 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/guide/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 194.82.174.185 port 62338, id=1, length=280
	User-Name = "aabbccdd@test.ucl.ac.uk"
	Chargeable-User-Identity = ""
	Location-Capable = Civix-Location
	Calling-Station-Id = "bc-85-56-aa-3e-3b"
	Called-Station-Id = "5c-50-15-90-9f-00:eduroam"
	NAS-Port = 13
	Cisco-AVPair = "audit-session-id=0a650a03000a56ff54059636"
	NAS-IP-Address = 10.101.10.3
	NAS-Identifier = "wlc-tp-b"
	Airespace-Wlan-Id = 2
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "\000751"
	EAP-Message = 0x020500061900
	State = 0xddf22285def73bb40b1e0aeb668bbe5f
	Message-Authenticator = 0x7f9aeb54a17b6927dfe011c8c08c6415
	Proxy-State = 0x4f53432d457874656e6465642d49643d31
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++policy filter_username {
+++? if (User-Name =~ / /)
? Evaluating (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i )
? Evaluating (User-Name =~ /@(.+)?@/i) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i ) -> FALSE
+++? if (User-Name =~ /\\.\\./ )
? Evaluating (User-Name =~ /\\.\\./) -> FALSE
+++? if (User-Name =~ /\\.\\./ ) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/)
? Evaluating (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name =~ /\\.$/)
? Evaluating (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /@\\./)
? Evaluating (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/)
? Evaluating (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/)
? Evaluating (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/)
? Evaluating (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/)
? Evaluating (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/)
? Evaluating (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /\\.local$/)
? Evaluating (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/)
? Evaluating (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/)
? Evaluating (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/)
? Evaluating (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/)
? Evaluating (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/)
? Evaluating (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/)
? Evaluating (User-Name =~ /unimail\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/) -> FALSE
++} # policy filter_username = notfound
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 1 to 194.82.174.185 port 62338
	EAP-Message = 0x010603fc19405b0203010001a381aa3081a7301f0603551d23041830168014adbd987a34b426f7fac42654ef03bde024cb541a301d0603551d0e04160414a1725f261b289843955d0737d585969d4bd2c345300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff30440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e7573657274727573742e636f6d2f416464547275737445787465726e616c4341526f6f742e63726c300d06092a864886f70d010105050003820101003cec7be0aea30e966d30d785c6d2685b455a82a6340fb0c992235e116d0811b27409233a352573585ecab97c28fa47ec
	EAP-Message = 0xf9a0035850b653ef8cdb39e467e9d8ca2846d4a7e0f53875f8e7cb5cbf1d113c6a409b2d4456d3f7ff0528320c15c8644593e821248f2dda7a847b4fcfcdb2257c7710d394d10491a8251c09220f7d44351114efaf00fe5eea5f8eb0d99259bafc1396a0180156cedaf6280bb1afdd5c4f5cb2f38f5a71cfed18ad63881d8e95f7ea95e71fad90b8840847857f222f1a1d4830d64c08d8371967322beb5cd0b2fc6e579f04355e90007e11c7de132acda46d4526c78856a0f06af7d8e7fc277e6708d0bdfab6c361020165b9b82fcf5a00043a308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b30090603550406
	EAP-Message = 0x1302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d
	EAP-Message = 0x06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a733
	EAP-Message = 0x8f567559f5cd29d7
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xddf22285d9f43bb40b1e0aeb668bbe5f
	Proxy-State = 0x4f53432d457874656e6465642d49643d31
Finished request 12.
Going to the next request
Cleaning up request 10 ID 1 with timestamp +42
rad_recv: Access-Request packet from host 194.82.174.185 port 62338, id=2, length=280
	User-Name = "aabbccdd@test.ucl.ac.uk"
	Chargeable-User-Identity = ""
	Location-Capable = Civix-Location
	Calling-Station-Id = "bc-85-56-aa-3e-3b"
	Called-Station-Id = "5c-50-15-90-9f-00:eduroam"
	NAS-Port = 13
	Cisco-AVPair = "audit-session-id=0a650a03000a56ff54059636"
	NAS-IP-Address = 10.101.10.3
	NAS-Identifier = "wlc-tp-b"
	Airespace-Wlan-Id = 2
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "\000751"
	EAP-Message = 0x020600061900
	State = 0xddf22285d9f43bb40b1e0aeb668bbe5f
	Message-Authenticator = 0xb6b765f023db797b992b3747310b3181
	Proxy-State = 0x4f53432d457874656e6465642d49643d32
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++policy filter_username {
+++? if (User-Name =~ / /)
? Evaluating (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i )
? Evaluating (User-Name =~ /@(.+)?@/i) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i ) -> FALSE
+++? if (User-Name =~ /\\.\\./ )
? Evaluating (User-Name =~ /\\.\\./) -> FALSE
+++? if (User-Name =~ /\\.\\./ ) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/)
? Evaluating (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name =~ /\\.$/)
? Evaluating (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /@\\./)
? Evaluating (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/)
? Evaluating (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/)
? Evaluating (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/)
? Evaluating (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/)
? Evaluating (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/)
? Evaluating (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /\\.local$/)
? Evaluating (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/)
? Evaluating (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/)
? Evaluating (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/)
? Evaluating (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/)
? Evaluating (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/)
? Evaluating (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/)
? Evaluating (User-Name =~ /unimail\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/) -> FALSE
++} # policy filter_username = notfound
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 2 to 194.82.174.185 port 62338
	EAP-Message = 0x0107036d190046b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74
	EAP-Message = 0x820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a
	EAP-Message = 0x9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604160301014b0c00014703001741047dbb9747d8a10e7a488939d036ad960f789a4511755f118c4b617775d2a64150b3442c3ef91887e87f2f6aa0702b8f4e1f2ccf28c353b2a262bc5b94636974f4010078e23afe8ff84ad2a08f4065c6c1ad446ed808ff27fca1c9a884eb8ea8268f9362e272050a315ae8e28b286f07de5c39a7cf71a02fa6ea942a62dfc479dfc6f947d41a0791ce6de565db2ce5e9c4caf4a876c45b9ff5623732ab00fe50a0eb7087de7b55b72acaf530d6addfc30d458a6f0653927ca51180eadc551bd946aeef5c33b866a17a5b20a3b87af22e65532a355e4b
	EAP-Message = 0x750512833ef35b5a94810dca41fd819144e4a740fe9da32dd6417adb34096fb57c4eeb1ec4dd370e4afd5eb930d1f234301cec42a4802634f28bb52e1f03d4362036fa6435bec81b09bbd04affd9a97d19db07e8cf3b5b1b35dcaadd20111cbdc519cc5134ef70de5d7e8e1a3a16030100040e000000
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xddf22285d8f53bb40b1e0aeb668bbe5f
	Proxy-State = 0x4f53432d457874656e6465642d49643d32
Finished request 13.
Going to the next request
Cleaning up request 11 ID 2 with timestamp +43
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x09355104093748a5 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/guide/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 194.82.174.185 port 24311, id=2, length=418
	User-Name = "aabbccdd@test.ucl.ac.uk"
	Chargeable-User-Identity = ""
	Location-Capable = Civix-Location
	Calling-Station-Id = "bc-85-56-aa-3e-3b"
	Called-Station-Id = "5c-50-15-90-9f-00:eduroam"
	NAS-Port = 13
	Cisco-AVPair = "audit-session-id=0a650a03000a56ff54059636"
	NAS-IP-Address = 10.101.10.3
	NAS-Identifier = "wlc-tp-b"
	Airespace-Wlan-Id = 2
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "\000751"
	EAP-Message = 0x0207009019800000008616030100461000004241041e8357a215bd2f0f3ac1ea0bdf99252b7b66633f581eac6c56d0b95a46b7d9374b97c7316607d4bd29cfa3a1b3b13d7bed082845d5227cf8e815d958d8b096841403010001011603010030264395eb6fbb8334cd60a9c98af9855677dee1e736217413ec20052750acc6255cada6c128a6b72d309d6328b94f503e
	State = 0xddf22285d8f53bb40b1e0aeb668bbe5f
	Message-Authenticator = 0xf48e3cef279f9967cc8dc9f4cc50fceb
	Proxy-State = 0x4f53432d457874656e6465642d49643d32
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++policy filter_username {
+++? if (User-Name =~ / /)
? Evaluating (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i )
? Evaluating (User-Name =~ /@(.+)?@/i) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i ) -> FALSE
+++? if (User-Name =~ /\\.\\./ )
? Evaluating (User-Name =~ /\\.\\./) -> FALSE
+++? if (User-Name =~ /\\.\\./ ) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/)
? Evaluating (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name =~ /\\.$/)
? Evaluating (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /@\\./)
? Evaluating (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/)
? Evaluating (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/)
? Evaluating (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/)
? Evaluating (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/)
? Evaluating (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/)
? Evaluating (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /\\.local$/)
? Evaluating (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/)
? Evaluating (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/)
? Evaluating (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/)
? Evaluating (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/)
? Evaluating (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/)
? Evaluating (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/)
? Evaluating (User-Name =~ /unimail\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/) -> FALSE
++} # policy filter_username = notfound
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
[eap] EAP packet type response id 7 length 144
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 134
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange  
[peap]     TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]  
[peap] <<< TLS 1.0 Handshake [length 0010], Finished  
[peap]     TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]  
[peap]     TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished  
[peap]     TLS_accept: SSLv3 write finished A
[peap]     TLS_accept: SSLv3 flush data
[peap]     (other): SSL negotiation finished successfully
SSL Connection Established 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 2 to 194.82.174.185 port 24311
	EAP-Message = 0x010800411900140301000101160301003062f2657c84e6ed5ca2de2c0cc4464682c10c3563de56193fc4841690157d4ccc268b28d1158082fa375223043f873109
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xddf22285dbfa3bb40b1e0aeb668bbe5f
	Proxy-State = 0x4f53432d457874656e6465642d49643d32
Finished request 14.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 194.82.174.185 port 24311, id=3, length=280
	User-Name = "aabbccdd@test.ucl.ac.uk"
	Chargeable-User-Identity = ""
	Location-Capable = Civix-Location
	Calling-Station-Id = "bc-85-56-aa-3e-3b"
	Called-Station-Id = "5c-50-15-90-9f-00:eduroam"
	NAS-Port = 13
	Cisco-AVPair = "audit-session-id=0a650a03000a56ff54059636"
	NAS-IP-Address = 10.101.10.3
	NAS-Identifier = "wlc-tp-b"
	Airespace-Wlan-Id = 2
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "\000751"
	EAP-Message = 0x020800061900
	State = 0xddf22285dbfa3bb40b1e0aeb668bbe5f
	Message-Authenticator = 0xcfbb35043e087b960ab76a9b40820065
	Proxy-State = 0x4f53432d457874656e6465642d49643d33
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++policy filter_username {
+++? if (User-Name =~ / /)
? Evaluating (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i )
? Evaluating (User-Name =~ /@(.+)?@/i) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i ) -> FALSE
+++? if (User-Name =~ /\\.\\./ )
? Evaluating (User-Name =~ /\\.\\./) -> FALSE
+++? if (User-Name =~ /\\.\\./ ) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/)
? Evaluating (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name =~ /\\.$/)
? Evaluating (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /@\\./)
? Evaluating (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/)
? Evaluating (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/)
? Evaluating (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/)
? Evaluating (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/)
? Evaluating (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/)
? Evaluating (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /\\.local$/)
? Evaluating (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/)
? Evaluating (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/)
? Evaluating (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/)
? Evaluating (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/)
? Evaluating (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/)
? Evaluating (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/)
? Evaluating (User-Name =~ /unimail\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/) -> FALSE
++} # policy filter_username = notfound
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
[eap] EAP packet type response id 8 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3 
[peap] eaptls_process returned 3 
[peap] EAPTLS_SUCCESS
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 3 to 194.82.174.185 port 24311
	EAP-Message = 0x0109002b19001703010020f0ad0fa869aa6b9af01a1e8faed436df7b5bc3eb629a11db0faca28b46306bea
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xddf22285dafb3bb40b1e0aeb668bbe5f
	Proxy-State = 0x4f53432d457874656e6465642d49643d33
Finished request 15.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 194.82.174.185 port 46920, id=3, length=370
	User-Name = "aabbccdd@test.ucl.ac.uk"
	Chargeable-User-Identity = ""
	Location-Capable = Civix-Location
	Calling-Station-Id = "bc-85-56-aa-3e-3b"
	Called-Station-Id = "5c-50-15-90-9f-00:eduroam"
	NAS-Port = 13
	Cisco-AVPair = "audit-session-id=0a650a03000a56ff54059636"
	NAS-IP-Address = 10.101.10.3
	NAS-Identifier = "wlc-tp-b"
	Airespace-Wlan-Id = 2
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "\000751"
	EAP-Message = 0x02090060190017030100207919160405de15b2291771d94792286fa87d4a6776515d04071e642eb52bed2f1703010030ad49102117197114f9ca1246b9c7035ad68ef54be595e911db42eb008fb0f40bd07cf1474750a0102cbfef146d125b17
	State = 0xddf22285dafb3bb40b1e0aeb668bbe5f
	Message-Authenticator = 0x522331073cbadc29505656940e04b55d
	Proxy-State = 0x4f53432d457874656e6465642d49643d33
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++policy filter_username {
+++? if (User-Name =~ / /)
? Evaluating (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i )
? Evaluating (User-Name =~ /@(.+)?@/i) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i ) -> FALSE
+++? if (User-Name =~ /\\.\\./ )
? Evaluating (User-Name =~ /\\.\\./) -> FALSE
+++? if (User-Name =~ /\\.\\./ ) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/)
? Evaluating (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name =~ /\\.$/)
? Evaluating (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /@\\./)
? Evaluating (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/)
? Evaluating (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/)
? Evaluating (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/)
? Evaluating (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/)
? Evaluating (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/)
? Evaluating (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /\\.local$/)
? Evaluating (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/)
? Evaluating (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/)
? Evaluating (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/)
? Evaluating (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/)
? Evaluating (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/)
? Evaluating (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/)
? Evaluating (User-Name =~ /unimail\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/) -> FALSE
++} # policy filter_username = notfound
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
[eap] EAP packet type response id 9 length 96
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - aabbccdd@test.ucl.ac.uk
[peap] Got inner identity 'aabbccdd@test.ucl.ac.uk'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
	EAP-Message = 0x0209001b016363656165636140746573742e75636c2e61632e756b
server  {
[peap] Setting User-Name to aabbccdd@test.ucl.ac.uk
Sending tunneled request
	EAP-Message = 0x0209001b016363656165636140746573742e75636c2e61632e756b
	FreeRADIUS-Proxied-To = 127.0.0.1
	User-Name = "aabbccdd@test.ucl.ac.uk"
server inner-tunnel {
# Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
+group authorize {
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
++update control {
++} # update control = noop
[eap] EAP packet type response id 9 length 27
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
[files] users: Matched entry DEFAULT at line 27
++[files] = ok
[ldap] performing user authorization for aabbccdd@test.
[ldap] 	expand: %{Stripped-User-Name} -> aabbccdd
[ldap] 	expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (sAMAccountName=aabbccdd)
[ldap] 	expand: dc=ad,dc=ucl,dc=ac,dc=uk -> dc=ad,dc=ucl,dc=ac,dc=uk
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] attempting LDAP reconnection
  [ldap] (re)connect to ad.ucl.ac.uk:389, authentication 0
  [ldap] bind as cn=isdaabbccdd,ou=Administrators,ou=Administration,dc=ad,dc=ucl,dc=ac,dc=uk/BAS1ljag$ to ad.ucl.ac.uk:389
  [ldap] waiting for bind result ...
  [ldap] Bind was successful
  [ldap] performing search in dc=ad,dc=ucl,dc=ac,dc=uk, with filter (sAMAccountName=aabbccdd)
  [ldap] rebind to URL ldap://ForestDnsZones.ad.ucl.ac.uk/DC=ForestDnsZones,DC=ad,DC=ucl,DC=ac,DC=uk
  [ldap] rebind to URL ldap://DomainDnsZones.ad.ucl.ac.uk/DC=DomainDnsZones,DC=ad,DC=ucl,DC=ac,DC=uk
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] = ok
++[expiration] = noop
++[logintime] = noop
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/inner-tunnel
+group authenticate {
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] = handled
+} # group authenticate = handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
	Tunnel-Private-Group-Id:0 := "eduroam-int"
	EAP-Message = 0x010a00301a010a002b102777c97e0b228f97975f55b3068e74c86363656165636140746573742e75636c2e61632e756b
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x8946468c894c5c18e7bde098f7a1027c
[peap] Got tunneled reply RADIUS code 11
	Tunnel-Private-Group-Id:0 := "eduroam-int"
	EAP-Message = 0x010a00301a010a002b102777c97e0b228f97975f55b3068e74c86363656165636140746573742e75636c2e61632e756b
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x8946468c894c5c18e7bde098f7a1027c
[peap] Got tunneled Access-Challenge
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 3 to 194.82.174.185 port 46920
	EAP-Message = 0x010a005b190017030100500d116fe205e6eb79a72b268c24f8b1cc84d48d6f308bc0507ab007608b9e384947b2a6b45da1902d6fa450d4612fe5ac51ba659361d6f0fb7c936b8a7dc3da25356ee459ccffc2db2e86e6a5141d6d70
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xddf22285d5f83bb40b1e0aeb668bbe5f
	Proxy-State = 0x4f53432d457874656e6465642d49643d33
Finished request 16.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 194.82.174.185 port 20464, id=2, length=434
	User-Name = "aabbccdd@test.ucl.ac.uk"
	Chargeable-User-Identity = ""
	Location-Capable = Civix-Location
	Calling-Station-Id = "bc-85-56-aa-3e-3b"
	Called-Station-Id = "5c-50-15-90-9f-00:eduroam"
	NAS-Port = 13
	Cisco-AVPair = "audit-session-id=0a650a03000a56ff54059636"
	NAS-IP-Address = 10.101.10.3
	NAS-Identifier = "wlc-tp-b"
	Airespace-Wlan-Id = 2
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "\000751"
	EAP-Message = 0x020a00a0190017030100202e379a27459d547969abea3381234f7970e43b756686a9f1fdb90b95f22e26df170301007014615d8a7cb101c827ec17725cc43cd49c017dc697f4ff4bc345e9384b466c0f2fc396baf11cef31f7ee3022f09cce1f43e0f5b66e08cbd74e8d18b7b5f2ae2c42428ccb3dd069da0fdc03b46fbf1878b29b77c01141fe9686e7951632438bb35266d43b94d65210f723735e4df3afa7
	State = 0xddf22285d5f83bb40b1e0aeb668bbe5f
	Message-Authenticator = 0x1e20209dc21994e9e3a1b861bb89a981
	Proxy-State = 0x4f53432d457874656e6465642d49643d32
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++policy filter_username {
+++? if (User-Name =~ / /)
? Evaluating (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i )
? Evaluating (User-Name =~ /@(.+)?@/i) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i ) -> FALSE
+++? if (User-Name =~ /\\.\\./ )
? Evaluating (User-Name =~ /\\.\\./) -> FALSE
+++? if (User-Name =~ /\\.\\./ ) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/)
? Evaluating (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name =~ /\\.$/)
? Evaluating (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /@\\./)
? Evaluating (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/)
? Evaluating (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/)
? Evaluating (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/)
? Evaluating (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/)
? Evaluating (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/)
? Evaluating (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /\\.local$/)
? Evaluating (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/)
? Evaluating (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/)
? Evaluating (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/)
? Evaluating (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/)
? Evaluating (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/)
? Evaluating (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/)
? Evaluating (User-Name =~ /unimail\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/) -> FALSE
++} # policy filter_username = notfound
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
[eap] EAP packet type response id 10 length 160
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
	EAP-Message = 0x020a00511a020a004c319c59f3ab35f41bfedd4bfdaf10297af8000000000000000028cdea18d943dc5c7946626836632d28590426c1f63c19b5006363656165636140746573742e75636c2e61632e756b
server  {
[peap] Setting User-Name to aabbccdd@test.ucl.ac.uk
Sending tunneled request
	EAP-Message = 0x020a00511a020a004c319c59f3ab35f41bfedd4bfdaf10297af8000000000000000028cdea18d943dc5c7946626836632d28590426c1f63c19b5006363656165636140746573742e75636c2e61632e756b
	FreeRADIUS-Proxied-To = 127.0.0.1
	User-Name = "aabbccdd@test.ucl.ac.uk"
	State = 0x8946468c894c5c18e7bde098f7a1027c
server inner-tunnel {
# Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
+group authorize {
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
++update control {
++} # update control = noop
[eap] EAP packet type response id 10 length 81
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
[files] users: Matched entry DEFAULT at line 27
++[files] = ok
[ldap] performing user authorization for aabbccdd@test.
[ldap] 	expand: %{Stripped-User-Name} -> aabbccdd
[ldap] 	expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (sAMAccountName=aabbccdd)
[ldap] 	expand: dc=ad,dc=ucl,dc=ac,dc=uk -> dc=ad,dc=ucl,dc=ac,dc=uk
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in dc=ad,dc=ucl,dc=ac,dc=uk, with filter (sAMAccountName=aabbccdd)
  [ldap] rebind to URL ldap://ForestDnsZones.ad.ucl.ac.uk/DC=ForestDnsZones,DC=ad,DC=ucl,DC=ac,DC=uk
  [ldap] rebind to URL ldap://DomainDnsZones.ad.ucl.ac.uk/DC=DomainDnsZones,DC=ad,DC=ucl,DC=ac,DC=uk
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] = ok
++[expiration] = noop
++[logintime] = noop
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/inner-tunnel
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
[mschapv2] +group MS-CHAP {
[mschap] Creating challenge hash with username: aabbccdd@test.ucl.ac.uk
[mschap] Client is using MS-CHAPv2 for aabbccdd@test.ucl.ac.uk, we need NT-Password
[mschap] 	expand: %{Stripped-User-Name} -> aabbccdd
[mschap] 	expand: --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} -> --username=aabbccdd
[mschap] No NT-Domain was found in the User-Name.
[mschap] 	expand: %{mschap:NT-Domain} -> 
[mschap] 	... expanding second conditional
[mschap] 	expand: --domain=%{%{mschap:NT-Domain}:-AD} -> --domain=AD
[mschap] Creating challenge hash with username: aabbccdd@test.ucl.ac.uk
[mschap] 	expand: %{mschap:Challenge} -> ccb18b6b37fc452a
[mschap] 	expand: --challenge=%{%{mschap:Challenge}:-00} -> --challenge=ccb18b6b37fc452a
[mschap] 	expand: %{mschap:NT-Response} -> 28cdea18d943dc5c7946626836632d28590426c1f63c19b5
[mschap] 	expand: --nt-response=%{%{mschap:NT-Response}:-00} -> --nt-response=28cdea18d943dc5c7946626836632d28590426c1f63c19b5
Exec output: NT_KEY: 40CBEF040D8AFE9BC1FAB0AB4B059588 
Exec plaintext: NT_KEY: 40CBEF040D8AFE9BC1FAB0AB4B059588 
[mschap] Exec: program returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] = ok
+} # group MS-CHAP = ok
MSCHAP Success 
++[eap] = handled
+} # group authenticate = handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
	Tunnel-Private-Group-Id:0 := "eduroam-int"
	EAP-Message = 0x010b00331a030a002e533d43453438394245434431453842313641353838374438303831353131373934353235464245444233
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x8946468c884d5c18e7bde098f7a1027c
[peap] Got tunneled reply RADIUS code 11
	Tunnel-Private-Group-Id:0 := "eduroam-int"
	EAP-Message = 0x010b00331a030a002e533d43453438394245434431453842313641353838374438303831353131373934353235464245444233
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x8946468c884d5c18e7bde098f7a1027c
[peap] Got tunneled Access-Challenge
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 2 to 194.82.174.185 port 20464
	EAP-Message = 0x010b005b1900170301005071a52cbd55c57066a1c7cc80091b6b2b27030851e632a0ddcfefec6857bd5832c3b9ad5bd53f1151ea54c29be07001e25155f0a8d941e5ff99fb3ca155a17a64a9db3c74ef2840556a5d8df311a7585d
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xddf22285d4f93bb40b1e0aeb668bbe5f
	Proxy-State = 0x4f53432d457874656e6465642d49643d32
Finished request 17.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 194.82.174.185 port 62338, id=3, length=354
	User-Name = "aabbccdd@test.ucl.ac.uk"
	Chargeable-User-Identity = ""
	Location-Capable = Civix-Location
	Calling-Station-Id = "bc-85-56-aa-3e-3b"
	Called-Station-Id = "5c-50-15-90-9f-00:eduroam"
	NAS-Port = 13
	Cisco-AVPair = "audit-session-id=0a650a03000a56ff54059636"
	NAS-IP-Address = 10.101.10.3
	NAS-Identifier = "wlc-tp-b"
	Airespace-Wlan-Id = 2
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "\000751"
	EAP-Message = 0x020b00501900170301002060197d91200f60c67f3f74f6a3643960d8ffc81ffb42f852ed9d4f14bab28ce5170301002027b887495a29e446b41b11b5a908d9dceae49a246b165896e566dcf3d7fe34c0
	State = 0xddf22285d4f93bb40b1e0aeb668bbe5f
	Message-Authenticator = 0x00759258ab496480a5da70c70dd29ab1
	Proxy-State = 0x4f53432d457874656e6465642d49643d33
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++policy filter_username {
+++? if (User-Name =~ / /)
? Evaluating (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i )
? Evaluating (User-Name =~ /@(.+)?@/i) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i ) -> FALSE
+++? if (User-Name =~ /\\.\\./ )
? Evaluating (User-Name =~ /\\.\\./) -> FALSE
+++? if (User-Name =~ /\\.\\./ ) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/)
? Evaluating (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name =~ /\\.$/)
? Evaluating (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /@\\./)
? Evaluating (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/)
? Evaluating (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/)
? Evaluating (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/)
? Evaluating (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/)
? Evaluating (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/)
? Evaluating (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /\\.local$/)
? Evaluating (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/)
? Evaluating (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/)
? Evaluating (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/)
? Evaluating (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/)
? Evaluating (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/)
? Evaluating (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/)
? Evaluating (User-Name =~ /unimail\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/) -> FALSE
++} # policy filter_username = notfound
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
[eap] EAP packet type response id 11 length 80
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
	EAP-Message = 0x020b00061a03
server  {
[peap] Setting User-Name to aabbccdd@test.ucl.ac.uk
Sending tunneled request
	EAP-Message = 0x020b00061a03
	FreeRADIUS-Proxied-To = 127.0.0.1
	User-Name = "aabbccdd@test.ucl.ac.uk"
	State = 0x8946468c884d5c18e7bde098f7a1027c
server inner-tunnel {
# Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
+group authorize {
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
++update control {
++} # update control = noop
[eap] EAP packet type response id 11 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
[files] users: Matched entry DEFAULT at line 27
++[files] = ok
[ldap] performing user authorization for aabbccdd@test.
[ldap] 	expand: %{Stripped-User-Name} -> aabbccdd
[ldap] 	expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (sAMAccountName=aabbccdd)
[ldap] 	expand: dc=ad,dc=ucl,dc=ac,dc=uk -> dc=ad,dc=ucl,dc=ac,dc=uk
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in dc=ad,dc=ucl,dc=ac,dc=uk, with filter (sAMAccountName=aabbccdd)
  [ldap] rebind to URL ldap://ForestDnsZones.ad.ucl.ac.uk/DC=ForestDnsZones,DC=ad,DC=ucl,DC=ac,DC=uk
  [ldap] rebind to URL ldap://DomainDnsZones.ad.ucl.ac.uk/DC=DomainDnsZones,DC=ad,DC=ucl,DC=ac,DC=uk
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] = ok
++[expiration] = noop
++[logintime] = noop
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/inner-tunnel
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] = ok
+} # group authenticate = ok
Login OK: [aabbccdd@test.ucl.ac.uk] (from client roaming0.ja.net port 0 via TLS tunnel)
  WARNING: Empty post-auth section.  Using default return values.
# Executing section post-auth from file /etc/raddb/sites-enabled/inner-tunnel
} # server inner-tunnel
[peap] Got tunneled reply code 2
	Tunnel-Private-Group-Id:0 := "eduroam-int"
	MS-MPPE-Encryption-Policy = 0x00000001
	MS-MPPE-Encryption-Types = 0x00000006
	MS-MPPE-Send-Key = 0x4b16e48a2646f7fb057951a0a2182f78
	MS-MPPE-Recv-Key = 0x28ca66ccbfa0028b33344b8e1f721292
	EAP-Message = 0x030b0004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "aabbccdd@test."
[peap] Got tunneled reply RADIUS code 2
	Tunnel-Private-Group-Id:0 := "eduroam-int"
	MS-MPPE-Encryption-Policy = 0x00000001
	MS-MPPE-Encryption-Types = 0x00000006
	MS-MPPE-Send-Key = 0x4b16e48a2646f7fb057951a0a2182f78
	MS-MPPE-Recv-Key = 0x28ca66ccbfa0028b33344b8e1f721292
	EAP-Message = 0x030b0004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "aabbccdd@test."
[peap] Tunneled authentication was successful.
[peap] SUCCESS
[peap] Saving tunneled attributes for later
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 3 to 194.82.174.185 port 62338
	EAP-Message = 0x010c002b190017030100207278cc7a17ce206651fb5e03a33a368d256acfa120c598fb21a6da3344bdab65
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xddf22285d7fe3bb40b1e0aeb668bbe5f
	Proxy-State = 0x4f53432d457874656e6465642d49643d33
Finished request 18.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 194.82.174.185 port 18681, id=4, length=354
	User-Name = "aabbccdd@test.ucl.ac.uk"
	Chargeable-User-Identity = ""
	Location-Capable = Civix-Location
	Calling-Station-Id = "bc-85-56-aa-3e-3b"
	Called-Station-Id = "5c-50-15-90-9f-00:eduroam"
	NAS-Port = 13
	Cisco-AVPair = "audit-session-id=0a650a03000a56ff54059636"
	NAS-IP-Address = 10.101.10.3
	NAS-Identifier = "wlc-tp-b"
	Airespace-Wlan-Id = 2
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "\000751"
	EAP-Message = 0x020c005019001703010020381163c2d2f6cb06c9b4ed41558ef0fb8329a3e2b545470c313b0cf82a6985791703010020a1aa9a7d363d98d17617aa273391c132d3b6eb7d75c8bfb2a7dbe46a6f90a7e3
	State = 0xddf22285d7fe3bb40b1e0aeb668bbe5f
	Message-Authenticator = 0x5c5f08410de82e69e60c49a7614088f6
	Proxy-State = 0x4f53432d457874656e6465642d49643d34
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++policy filter_username {
+++? if (User-Name =~ / /)
? Evaluating (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i )
? Evaluating (User-Name =~ /@(.+)?@/i) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i ) -> FALSE
+++? if (User-Name =~ /\\.\\./ )
? Evaluating (User-Name =~ /\\.\\./) -> FALSE
+++? if (User-Name =~ /\\.\\./ ) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/)
? Evaluating (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name =~ /\\.$/)
? Evaluating (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /@\\./)
? Evaluating (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/)
? Evaluating (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/)
? Evaluating (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/)
? Evaluating (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/)
? Evaluating (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/)
? Evaluating (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /\\.local$/)
? Evaluating (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/)
? Evaluating (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/)
? Evaluating (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/)
? Evaluating (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/)
? Evaluating (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/)
? Evaluating (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/)
? Evaluating (User-Name =~ /unimail\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/) -> FALSE
++} # policy filter_username = notfound
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
[eap] EAP packet type response id 12 length 80
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[peap] Using saved attributes from the original Access-Accept
	Tunnel-Private-Group-Id:0 := "eduroam-int"
	User-Name = "aabbccdd@test."
[eap] Freeing handler
++[eap] = ok
+} # group authenticate = ok
Login OK: [aabbccdd@test.ucl.ac.uk] (from client roaming0.ja.net port 13 cli bc-85-56-aa-3e-3b)
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+group post-auth {
++[exec] = noop
+} # group post-auth = noop
Sending Access-Accept of id 4 to 194.82.174.185 port 18681
	Tunnel-Private-Group-Id:0 := "eduroam-int"
	User-Name = "aabbccdd@test."
	MS-MPPE-Recv-Key = 0xaa969422465954eb2f1968ba6b92b014e35e9449bade6cb966e1f3113b0d329c
	MS-MPPE-Send-Key = 0x44ea72b8eecdfcc14238afed1453e7215f28f0b74f2a8135dc258542cb73cab1
	EAP-Message = 0x030c0004
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x4f53432d457874656e6465642d49643d34
Finished request 19.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 194.82.174.185 port 39547, id=1, length=280
	User-Name = "aabbccdd@test.ucl.ac.uk"
	Chargeable-User-Identity = ""
	Location-Capable = Civix-Location
	Calling-Station-Id = "bc-85-56-aa-3e-3b"
	Called-Station-Id = "5c-50-15-90-9f-00:eduroam"
	NAS-Port = 13
	Cisco-AVPair = "audit-session-id=0a650a03000a56ff54059636"
	NAS-IP-Address = 10.101.10.3
	NAS-Identifier = "wlc-tp-b"
	Airespace-Wlan-Id = 2
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "\000751"
	EAP-Message = 0x020500061900
	State = 0xddf22285def73bb40b1e0aeb668bbe5f
	Message-Authenticator = 0x7f9aeb54a17b6927dfe011c8c08c6415
	Proxy-State = 0x4f53432d457874656e6465642d49643d31
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++policy filter_username {
+++? if (User-Name =~ / /)
? Evaluating (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ / /) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i )
? Evaluating (User-Name =~ /@(.+)?@/i) -> FALSE
+++? if (User-Name =~ /@(.+)?@/i ) -> FALSE
+++? if (User-Name =~ /\\.\\./ )
? Evaluating (User-Name =~ /\\.\\./) -> FALSE
+++? if (User-Name =~ /\\.\\./ ) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/)
? Evaluating (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name !~ /@(.+)\\.(.+)$/) -> FALSE
+++? if (User-Name =~ /\\.$/)
? Evaluating (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /\\.$/) -> FALSE
+++? if (User-Name =~ /@\\./)
? Evaluating (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /@\\./) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/)
? Evaluating (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.uk$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/)
? Evaluating (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /ax\\.edu$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/)
? Evaluating (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /sc\\.uk$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/)
? Evaluating (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.edu$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/)
? Evaluating (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /ac\\.u$/) -> FALSE
+++? if (User-Name =~ /\\.local$/)
? Evaluating (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /\\.local$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/)
? Evaluating (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /@ac\\.uk$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/)
? Evaluating (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /\\.3gppnetwork\\.org$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@gmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@hotmail\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/)
? Evaluating (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /@yahoo\\.co(m|\\.[[:alnum:]][[:alnum:]])$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/)
? Evaluating (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /myabc\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/)
? Evaluating (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /live\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/)
? Evaluating (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /outlook\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/)
? Evaluating (User-Name =~ /unimail\\.com$/) -> FALSE
+++? if (User-Name =~ /unimail\\.com$/) -> FALSE
++} # policy filter_username = notfound
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
[suffix] Looking up realm "test.ucl.ac.uk" for User-Name = "aabbccdd@test.ucl.ac.uk"
[suffix] Found realm "test.ucl.ac.uk"
[suffix] Adding Stripped-User-Name = "aabbccdd"
[suffix] Adding Realm = "test.ucl.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group authenticate {
rlm_eap: No EAP session matching the State variable.
[eap] Either EAP-request timed out OR EAP-response to an unknown EAP-request
[eap] Failed in handler
++[eap] = invalid
+} # group authenticate = invalid
Failed to authenticate the user.
Login incorrect: [aabbccdd@test.ucl.ac.uk] (from client roaming0.ja.net port 13 cli bc-85-56-aa-3e-3b)
Using Post-Auth-Type REJECT
# Executing group from file /etc/raddb/sites-enabled/default
+group REJECT {
[attr_filter.access_reject] 	expand: %{User-Name} -> aabbccdd@test.ucl.ac.uk
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] = updated
+} # group REJECT = updated
Delaying reject of request 20 for 1 seconds
Going to the next request
Cleaning up request 12 ID 1 with timestamp +48
Cleaning up request 13 ID 2 with timestamp +48
Cleaning up request 14 ID 2 with timestamp +48
Cleaning up request 15 ID 3 with timestamp +48
Cleaning up request 16 ID 3 with timestamp +48
Cleaning up request 17 ID 2 with timestamp +48
Cleaning up request 18 ID 3 with timestamp +48
Cleaning up request 19 ID 4 with timestamp +48
Waking up in 0.7 seconds.
Sending delayed reject for request 20
Sending Access-Reject of id 1 to 194.82.174.185 port 39547
	Proxy-State = 0x4f53432d457874656e6465642d49643d31
Waking up in 4.9 seconds.
