rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=163, length=216 User-Name = "test1" Calling-Station-Id = "00-0e-35-0b-fa-86" Called-Station-Id = "00-23-eb-38-c0-b0:iLAN" NAS-Port = 1 Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953" NAS-IP-Address = 192.168.225.110 NAS-Identifier = "WLC2106" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "40" EAP-Message = 0x0201000a017465737431 Message-Authenticator = 0xb90195029b921958a00cc07597321b1a +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry test1 at line 173 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Requiring client certificate [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 163 to 192.168.225.110 port 32770 EAP-Message = 0x010200060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2e5dcfd42e5fc2fc68d9b1c1b731a3ad Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=164, length=230 User-Name = "test1" Calling-Station-Id = "00-0e-35-0b-fa-86" Called-Station-Id = "00-23-eb-38-c0-b0:iLAN" NAS-Port = 1 Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953" NAS-IP-Address = 192.168.225.110 NAS-Identifier = "WLC2106" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "40" EAP-Message = 0x020200060319 State = 0x2e5dcfd42e5fc2fc68d9b1c1b731a3ad Message-Authenticator = 0xb26636237cfc81fff3a1b9e71d44cbb0 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry test1 at line 173 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 164 to 192.168.225.110 port 32770 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2e5dcfd42f5ed6fc68d9b1c1b731a3ad Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=165, length=329 User-Name = "test1" Calling-Station-Id = "00-0e-35-0b-fa-86" Called-Station-Id = "00-23-eb-38-c0-b0:iLAN" NAS-Port = 1 Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953" NAS-IP-Address = 192.168.225.110 NAS-Identifier = "WLC2106" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "40" EAP-Message = 0x0203006919800000005f160301005a01000056030153093eca13210ef22f6f9667549eb4483091ae60ca4a4a4e5e7d8997e173949800002800390038003500160013000a00330032002f000500040015001200090014001100080006000300ff020100000400230000 State = 0x2e5dcfd42f5ed6fc68d9b1c1b731a3ad Message-Authenticator = 0x85563f2a3b7f6e328311ff6c8e7c9acb +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 105 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 95 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 005a], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0035], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 07e5], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 165 to 192.168.225.110 port 32770 EAP-Message = 0x0104040019c0000009bf160301003502000031030153093eb3b98f5f583d94927a6ce0da3de3047c9890766b06d94feb8ef90c4020000039000009ff010001000023000016030107e50b0007e10007de0003df308203db308202c3a003020102020102300d06092a864886f70d0101050500308183310b3009060355040613024445310c300a060355040813034e52573111300f06035504071308446f72746d756e6431133011060355040a130a62656c6c75742e6e6574310b3009060355040b13024341311330110603550403130a62656c6c75742e6e6574311c301a06092a864886f70d010901160d43414062656c6c75742e6e6574301e170d31 EAP-Message = 0x33313232353132353235305a170d3134313232353132353235305a308193310b3009060355040613024445310c300a060355040813034e52573111300f06035504071308446f72746d756e6431133011060355040a130a62656c6c75742e6e65743110300e060355040b130753657276657273311a3018060355040313117261646975732e62656c6c75742e6e65743120301e06092a864886f70d01090116117365727665724062656c6c75742e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100cb4786994b449b8a9c5bcf4798b27e4ad8604540a13fc83f8eae0ffdd85db353ce4e8472c92c4d4e01d3f2 EAP-Message = 0xbf0b9b29d8fbc0373ed56483bed82efcea87f6086d448778cc9e1073fcc86fc1fa7809b1a9580a48fb9e580aa9d6f7ef1010566bcfa964997a00f54dae27e42efa13a965e4d0a84fd7a9509b00d39c0e1b811a69dda3630a512b28854a4243c1704e18e9702c50fcc81172160c4a6c27c69fa5b68842df779bf33a002fc0bc4d3284f109ddd447620f6685d0e0d6edcaf58a3fe4690996d26f11cdebefdd52ca4173db81458796fcdc0a781e483abe534e618410b35be42622cbc424cccd4445467b158da33aa2acb9cbd14318f2d791a3192463390203010001a3483046300f0603551d11040830068704c0a8e10730130603551d25040c300a06082b EAP-Message = 0x06010505070301301e06096086480186f842010d0411160f786361206365727469666963617465300d06092a864886f70d0101050500038201010018341317f2fb362959dfd6de7f954c4851ca93f3e956c9b7a0caed3b9d68237938b2186dc4c15e5df5bc8e22ab3a3ab7605397436bfac31c78ccace423d8cbffcb1929d1d7e86455b28303c01bd12d017d10a4d38b7de95284a92cca07a91ce482d4e3d639bf36a246c2738ae77b37d3d04bcd9ea38053b7c4b44475f069a842fa5540083adb97c92a0636af5431170e528798c21c893afa0ca7fd6f171db091ceda1c1dde6c3c53cf3ffa74e5452373f2a4420a86ec51835f1e90f0ea942f6aa113 EAP-Message = 0x8a8816c7284801c65782ec34 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2e5dcfd42c59d6fc68d9b1c1b731a3ad Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=166, length=230 User-Name = "test1" Calling-Station-Id = "00-0e-35-0b-fa-86" Called-Station-Id = "00-23-eb-38-c0-b0:iLAN" NAS-Port = 1 Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953" NAS-IP-Address = 192.168.225.110 NAS-Identifier = "WLC2106" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "40" EAP-Message = 0x020400061900 State = 0x2e5dcfd42c59d6fc68d9b1c1b731a3ad Message-Authenticator = 0x42fa0b83378f3ec7b70c0e9b899ec15f +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 166 to 192.168.225.110 port 32770 EAP-Message = 0x010503fc1940813bd4a0af69f6c42454671ef43d861815c7161169b4a5134dc29b7c3a94dd00fd374389bea7bc26fe9c92ae0cd5010c1ea50003f9308203f5308202dda003020102020101300d06092a864886f70d0101050500308183310b3009060355040613024445310c300a060355040813034e52573111300f06035504071308446f72746d756e6431133011060355040a130a62656c6c75742e6e6574310b3009060355040b13024341311330110603550403130a62656c6c75742e6e6574311c301a06092a864886f70d010901160d43414062656c6c75742e6e6574301e170d3133313232353132343531335a170d32333132323331323435 EAP-Message = 0x31335a308183310b3009060355040613024445310c300a060355040813034e52573111300f06035504071308446f72746d756e6431133011060355040a130a62656c6c75742e6e6574310b3009060355040b13024341311330110603550403130a62656c6c75742e6e6574311c301a06092a864886f70d010901160d43414062656c6c75742e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100b5f6d60368abaf2d893b6e578414b7b12b4e3a9c02ef11684aca9c09fb6741c4e37bbea9fa05ec634687190cfcc155c78e0ce51d8dd42ccf895277ea844792af5f1f36e9ddca12a0c4c29467075f5441d26b30 EAP-Message = 0x31fd6b25bb7b27ca59ffeeb8656b4d4ae16027a3788cf65d6e602b148de9c52e72534acbc0e5d290f50981e3243ff5df6a6518bee07ec4174b669e3691ac28e456aac6a6fd92023a96642f579d176b2f7288f30fdad59077c876ca656d569b6f322f3644e031af8a4327ebe17c00bc9231be001bce462e00620cbb5f0b0966870cd900644ea82cd85f6a780cb22c887fb9bd1c91a9920c1fb5708326817e43a49473df27d1d2f111693e70b4610203010001a3723070300f0603551d130101ff040530030101ff301d0603551d0e04160414ca807faad8496bfc2e9e6dae67d105c2ee04c8d4300b0603551d0f040403020106301106096086480186f8 EAP-Message = 0x420101040403020007301e06096086480186f842010d0411160f786361206365727469666963617465300d06092a864886f70d010105050003820101002e6a0e584cce19ea36b2293a4ed18adc6bf8fd8d2bd273e419fdb13eeb1cd1c7b41de06ae30c1d2ce065e9ad2378a31e61902f58eed22a1b94802412b4767d13487853ad39c273323078dc8cdc07b99b3b4f7e28d3b47737295b98f91c3056e0bf4612be71c3337a0413bf12c2630de3099e4ebafc00db4925c6a887ed1d263d262ad717937870858f541f47b40d4e9d523cc25cac618235bc9d1719cf887edc3573df9e582762aac4a55fbfbb78379adea421b06693723ab6fb784bd348059e EAP-Message = 0x29d4893d8c42aaf9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2e5dcfd42d58d6fc68d9b1c1b731a3ad Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=167, length=230 User-Name = "test1" Calling-Station-Id = "00-0e-35-0b-fa-86" Called-Station-Id = "00-23-eb-38-c0-b0:iLAN" NAS-Port = 1 Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953" NAS-IP-Address = 192.168.225.110 NAS-Identifier = "WLC2106" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "40" EAP-Message = 0x020500061900 State = 0x2e5dcfd42d58d6fc68d9b1c1b731a3ad Message-Authenticator = 0xf5dfc8fbe204f58f325e4c78b83fb67b +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 167 to 192.168.225.110 port 32770 EAP-Message = 0x010601d91900f5c2e96a0e9664f74a459562fff56b31552daba5b018fec2d3ab1501bd59526690f0cdf38dfb482c3c97b864151bd5db3d126dddb3d63fc6160301018d0c0001890040e2fddb80f2668b34eb9f1f6651f13e17d9ec405e7497c6f572b16233384711d07b758ba1282ef87b3550e73fe299b0c2794757ba89ba148c626bac5ab5df02e7000105004067bee532813bfe701590cf8aee486c1ae3e2054062cdea4961555c006ad6e430d233828bc8f8e57d102a8ce1a38a3129b9750df44d6065ee5de2047eefc310de010084fcbf36cdb9f14f11800d450b0a1645df329088c5aa2839853447f00f531f16c659bf1de3cbad37254783b374 EAP-Message = 0x55796dd44c5bf06024b01ed42f4d343a44be52851d57c1a6e5bff1c8e8dcd3d68bfe92f4fbbab92bdb183a807584d51426ed3f36eb59e86ebd65294c19e0c9e8ebbef43fe84010c0b7e6338c1065c838f3ac672b6a442974dbf1597536f1d439428af79e8c2c0540242b7cd2cb132ddec274ecb6e4a69fac008a4abef193c242c658fd97a7bf618d4eba62dbff9a7f3ccdf0f6552678c24bc507d84d19554dc4a86c0ef0fb99532a8823f2bc45c207cf09c29cdb21e1b6dad2804a33df7d91ba4e7fd8b67de2ab5ff5420169f8e56caf5292a816030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2e5dcfd42a5bd6fc68d9b1c1b731a3ad Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=168, length=368 User-Name = "test1" Calling-Station-Id = "00-0e-35-0b-fa-86" Called-Station-Id = "00-23-eb-38-c0-b0:iLAN" NAS-Port = 1 Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953" NAS-IP-Address = 192.168.225.110 NAS-Identifier = "WLC2106" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "40" EAP-Message = 0x02060090198000000086160301004610000042004044417554633bc710ba9e6c07d88fc0d44b3c44ad50e8cd488f1384bb94081a1c355cbb08cd830fa68a05eb6fb4cecab1c48fd6096e2fc7b3f93f115aee70eed814030100010116030100306095afce87927614e2827144c9af26f4b5e811836c36da814f35b2ee002767f9b76d8b749377ffe56d14a6dc0db71832 State = 0x2e5dcfd42a5bd6fc68d9b1c1b731a3ad Message-Authenticator = 0x6ddfbdbe9118c17f0a61f7433e6304d1 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 144 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 134 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 Handshake [length 00aa]??? [peap] TLS_accept: SSLv3 write session ticket A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 168 to 192.168.225.110 port 32770 EAP-Message = 0x010700f0190016030100aa040000a60000000000a0e9d0f40f470d6269ccc0015c292dac935370afcbba5bcc50c5fd5e767ce89a7a1cdc8a963d8403c29ea3b4271a7945414556f0102e50055830c630878e3d7685dadc9fe592f0259e698973a79f3a4203e82a0ef0dcc18210868caf579831b6d020d3d4104da31d9187d8cea689ee7a4afd420a7b844f33024bae52ce143444ce38e6850c177e5967629f96bc40f239b15c6bac5d463b66c5277b64912f50a16c1403010001011603010030180f735edfc69c90d060a34891f69d0fcb216c3cc2d2ba8b729abf517087dd2dca14fada729e3ae95ae990990c62cff6 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2e5dcfd42b5ad6fc68d9b1c1b731a3ad Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=169, length=230 User-Name = "test1" Calling-Station-Id = "00-0e-35-0b-fa-86" Called-Station-Id = "00-23-eb-38-c0-b0:iLAN" NAS-Port = 1 Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953" NAS-IP-Address = 192.168.225.110 NAS-Identifier = "WLC2106" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "40" EAP-Message = 0x020700061900 State = 0x2e5dcfd42b5ad6fc68d9b1c1b731a3ad Message-Authenticator = 0x01ec4a8c2ad1cc470cc4ca9c9b2790cf +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 169 to 192.168.225.110 port 32770 EAP-Message = 0x0108002b19001703010020d8504514cd05aeb420d62a5fd681a679f01d6c08f2d7afb9f4332f533d16590a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2e5dcfd42855d6fc68d9b1c1b731a3ad Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=170, length=304 User-Name = "test1" Calling-Station-Id = "00-0e-35-0b-fa-86" Called-Station-Id = "00-23-eb-38-c0-b0:iLAN" NAS-Port = 1 Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953" NAS-IP-Address = 192.168.225.110 NAS-Identifier = "WLC2106" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "40" EAP-Message = 0x02080050190017030100203ae584510e53976106bdc580ab91f7b616a008532d43709d49770c34ce1519de170301002027236edc274414d29d6c6988b45506f2665e8246c727ed4d503cfe869b8bbb10 State = 0x2e5dcfd42855d6fc68d9b1c1b731a3ad Message-Authenticator = 0x2a64b7dc7074453b5af267b06e8ad8fe +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - test1 [peap] Got tunneled request EAP-Message = 0x0208000a017465737431 server { PEAP: Got tunneled identity of test1 PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to test1 Sending tunneled request EAP-Message = 0x0208000a017465737431 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "test1" server { +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry test1 at line 173 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server [peap] Got tunneled reply code 11 EAP-Message = 0x0109001f1a0109001a10435650952ee6735a8bdf1c682be39d307465737431 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x60fe262660f73c48dbaf55f0181ae406 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x0109001f1a0109001a10435650952ee6735a8bdf1c682be39d307465737431 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x60fe262660f73c48dbaf55f0181ae406 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 170 to 192.168.225.110 port 32770 EAP-Message = 0x0109003b190017030100304aa0aca115850311739c846bb43cee09d53264ff6baad991d7b7a7f3b3d7368f2303d2bc2ae9c68cb5238fc06cc6bfdf Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2e5dcfd42954d6fc68d9b1c1b731a3ad Finished request 7. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=171, length=368 User-Name = "test1" Calling-Station-Id = "00-0e-35-0b-fa-86" Called-Station-Id = "00-23-eb-38-c0-b0:iLAN" NAS-Port = 1 Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953" NAS-IP-Address = 192.168.225.110 NAS-Identifier = "WLC2106" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "40" EAP-Message = 0x0209009019001703010020896f750599313cc61eb518dab7082ab9603d061eb66240b93224feccd4bb609e1703010060ae6bd2803530844ea9d786fea4b3d072a34abad8cbd6934806aa3447372a34326869641f8231d015bc9a7eb981fe8b72fd64e8804c7b7e612ad54d98fc02531c035a75238f3ed0331daa91b668b35ca9c93f49b53dc49d654e7c13c78c5c9f05 State = 0x2e5dcfd42954d6fc68d9b1c1b731a3ad Message-Authenticator = 0xfd20fd5ef14cf2363b321a831b48cece +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 144 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020900401a0209003b317ac55f3cb272ccac6cc0fb67845d93ff0000000000000000acfdc5606f25ef1e3d4621dbca6e5cef0132c13db055776c007465737431 server { PEAP: Setting User-Name to test1 Sending tunneled request EAP-Message = 0x020900401a0209003b317ac55f3cb272ccac6cc0fb67845d93ff0000000000000000acfdc5606f25ef1e3d4621dbca6e5cef0132c13db055776c007465737431 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "test1" State = 0x60fe262660f73c48dbaf55f0181ae406 server { +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 64 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry test1 at line 173 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] Told to do MS-CHAPv2 for test1 with NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server [peap] Got tunneled reply code 11 EAP-Message = 0x010a00331a0309002e533d38443744344531434245434332414139463938384637353542354535313632363032374343443937 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x60fe262661f43c48dbaf55f0181ae406 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010a00331a0309002e533d38443744344531434245434332414139463938384637353542354535313632363032374343443937 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x60fe262661f43c48dbaf55f0181ae406 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 171 to 192.168.225.110 port 32770 EAP-Message = 0x010a005b1900170301005001d70e02c02e6b0f4499340635a290efa6dca4d05b4ea4fa0823d672d88aec3eb7ab8eba6438c38c8acb9f495336793d2078687911aaa45e493c78580c4c06c88adab726ed3962cb11ec219cc6428470 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2e5dcfd42657d6fc68d9b1c1b731a3ad Finished request 8. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=172, length=304 User-Name = "test1" Calling-Station-Id = "00-0e-35-0b-fa-86" Called-Station-Id = "00-23-eb-38-c0-b0:iLAN" NAS-Port = 1 Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953" NAS-IP-Address = 192.168.225.110 NAS-Identifier = "WLC2106" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "40" EAP-Message = 0x020a0050190017030100209dd4e54bff384af6d147856ca4b19ae6a6b32789996cf738c0fe67e68a8df41e1703010020178d328db598803735d34cf419973029bfb3630b2faf631e7488f7a746ad08c9 State = 0x2e5dcfd42657d6fc68d9b1c1b731a3ad Message-Authenticator = 0x591785e589a151ca34d2ae7e10ca170b +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 10 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020a00061a03 server { PEAP: Setting User-Name to test1 Sending tunneled request EAP-Message = 0x020a00061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "test1" State = 0x60fe262661f43c48dbaf55f0181ae406 server { +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 10 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry test1 at line 173 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Freeing handler ++[eap] returns ok expand: , NAS: %{Calling-Station-Id}, Station: %{Called-Station-Id}, Auth-Type: %{control:Auth-Type}, EAP-Type: %{EAP-Type} -> , NAS: , Station: , Auth-Type: EAP, EAP-Type: MS-CHAP-V2 Login OK: [test1/] (from client wlc port 0 via TLS tunnel) , NAS: , Station: , Auth-Type: EAP, EAP-Type: MS-CHAP-V2 +- entering group post-auth {...} ++[exec] returns noop } # server [peap] Got tunneled reply code 2 EAP-Message = 0x030a0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "test1" [peap] Got tunneled reply RADIUS code 2 EAP-Message = 0x030a0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "test1" [peap] Tunneled authentication was successful. [peap] SUCCESS ++[eap] returns handled Sending Access-Challenge of id 172 to 192.168.225.110 port 32770 EAP-Message = 0x010b002b1900170301002099548404f91fa0384655853733e559c25b58e9e20472e08d02232e57378effda Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2e5dcfd42756d6fc68d9b1c1b731a3ad Finished request 9. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=173, length=304 User-Name = "test1" Calling-Station-Id = "00-0e-35-0b-fa-86" Called-Station-Id = "00-23-eb-38-c0-b0:iLAN" NAS-Port = 1 Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953" NAS-IP-Address = 192.168.225.110 NAS-Identifier = "WLC2106" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "40" EAP-Message = 0x020b0050190017030100200385709c0d1c66eb4991e6f329642383cf0728089b57b217fa1f37f0dd30d8ea17030100208ff8ed27a0f5db0229b26481fde3f5cf1841c0ad5a10cf258310e90612a8087c State = 0x2e5dcfd42756d6fc68d9b1c1b731a3ad Message-Authenticator = 0xb7457628205a2d9a45dd1b2e48b11af9 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 11 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Success [eap] Freeing handler ++[eap] returns ok expand: , NAS: %{Calling-Station-Id}, Station: %{Called-Station-Id}, Auth-Type: %{control:Auth-Type}, EAP-Type: %{EAP-Type} -> , NAS: 00-0e-35-0b-fa-86, Station: 00-23-eb-38-c0-b0:iLAN, Auth-Type: EAP, EAP-Type: PEAP Login OK: [test1/] (from client wlc port 1 cli 00-0e-35-0b-fa-86) , NAS: 00-0e-35-0b-fa-86, Station: 00-23-eb-38-c0-b0:iLAN, Auth-Type: EAP, EAP-Type: PEAP +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 173 to 192.168.225.110 port 32770 MS-MPPE-Recv-Key = 0xa96224725a60efc789008773e86b8aef960b7f3973eab27a0f7c5f94bc00529a MS-MPPE-Send-Key = 0xa9fcd4a182e0ab629207546db781c2ae34d1b988569c22d536c677ad8ae22dd9 EAP-Message = 0x030b0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "test1" Finished request 10. Going to the next request Waking up in 4.8 seconds. rad_recv: Accounting-Request packet from host 192.168.225.110 port 32770, id=14, length=207 User-Name = "test1" NAS-Port = 1 NAS-IP-Address = 192.168.225.110 Framed-IP-Address = 192.168.224.201 NAS-Identifier = "WLC2106" Airespace-Wlan-Id = 2 Acct-Session-Id = "53093eb4/00:0e:35:0b:fa:86/4" Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953" Acct-Authentic = RADIUS Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "40" Acct-Status-Type = Start Calling-Station-Id = "192.168.224.201" Called-Station-Id = "192.168.225.110" +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 1,Client-IP-Address = 192.168.225.110,NAS-IP-Address = 192.168.225.110,Acct-Session-Id = "53093eb4/00:0e:35:0b:fa:86/4",User-Name = "test1"' [acct_unique] Acct-Unique-Session-ID = "8105cfaeddbaa30b". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop +- entering group accounting {...} [detail] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/192.168.225.110/detail-20140223 [detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.225.110/detail-20140223 [detail] expand: %t -> Sun Feb 23 01:20:04 2014 ++[detail] returns ok [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} -> test1 ++[radutmp] returns ok [attr_filter.accounting_response] expand: %{User-Name} -> test1 attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 14 to 192.168.225.110 port 32770 Finished request 11. Cleaning up request 11 ID 14 with timestamp +118 Going to the next request Waking up in 4.6 seconds. Cleaning up request 0 ID 163 with timestamp +117 Cleaning up request 1 ID 164 with timestamp +117 Cleaning up request 2 ID 165 with timestamp +117 Cleaning up request 3 ID 166 with timestamp +117 Cleaning up request 4 ID 167 with timestamp +117 Cleaning up request 5 ID 168 with timestamp +117 Cleaning up request 6 ID 169 with timestamp +117 Cleaning up request 7 ID 170 with timestamp +117 Cleaning up request 8 ID 171 with timestamp +117 Cleaning up request 9 ID 172 with timestamp +117 Cleaning up request 10 ID 173 with timestamp +117 Ready to process requests.