Greetings, Short version: Could someone look through the debug logs below and verify that freeradius (2.1.8 lenny backport) is NOT authenticating the user? We believe the issues we are facing (random successful authentication with invalid passwords) are with our Cisco devices, but I want to gather as much info as possible so that we don't get caught in a finger-pointing battle with support. Long version: We are trying to setup freeradius to authenticate our users to our CISCO 4404 Wireless LAN controllers using PEAP/MSCHAPv2+LDAP. When we configured it a few weeks ago everything was working fine. We could authenticate successfully and invalid passwords were rejected. After trying to get a custom perl module to work for Authorization I noticed that occasionally the Controller would grant access with a bad password. Sometimes it would take 6-7 attempts with the same bad password before we gained access, other times it was on the first attempt. I have since taken out all of my custom code (rlm_perl) and reverted back to the original working configuration for freeradius and I still have random successful authentication with a bad password. Below is a -X log of freeradius while doing the following. On my Mac OS X 10.5.8 client I turned on the Wireless adapter, and selected the SSID that uses freeradius to authenticate, which prompted me for a password. I entered a bad password which gave me another password prompt. Before I could try the second time, the wireless adapter acquired an IP address and was allowed to pass traffic on the network. I gained full network connectivity while the Authentication dialog was still on screen. Thanks in advance. Damion FreeRadius: 2.1.8 (debian lenny backport) FreeRADIUS Version 2.1.8, for host i486-pc-linux-gnu, built on Jan 3 2010 at 15:51:52 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/perlmod.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/inner-tunnel main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 256000 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = yes auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 require_message_authenticator = no zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 irt = 2 mrt = 16 mrc = 5 mrd = 30 } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } client 172.29.96.12 { require_message_authenticator = no secret = "testing123" shortname = "vassarwireless" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating exec exec { wait = yes input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating expr Module: Linked to module rlm_expiration Module: Instantiating expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server inner-tunnel { modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_mschap Module: Instantiating mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no } Module: Linked to module rlm_eap Module: Instantiating eap eap { default_eap_type = "peap" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = "/etc/freeradius/certs/server.key" certificate_file = "/etc/freeradius/certs/server.crt" CA_file = "/etc/freeradius/certs/ca.pem" dh_file = "/etc/freeradius/certs/dh" random_file = "/etc/freeradius/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" cache { enable = no lifetime = 24 max_entries = 255 } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_realm Module: Instantiating suffix realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_ldap Module: Instantiating ldap ldap { server = "localhost" port = 389 password = "xxxxx" identity = "cn=xxxxx,ou=adminaccounts,dc=vassar,dc=edu" net_timeout = 1 timeout = 4 timelimit = 3 tls_mode = no start_tls = no tls_require_cert = "allow" tls { start_tls = no require_cert = "allow" } basedn = "dc=vassar,dc=edu" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" base_filter = "(objectclass=eduPerson)" auto_header = no access_attr_used_for_allow = yes groupname_attribute = "cn" groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" dictionary_mapping = "/etc/freeradius/ldap.attrmap" ldap_debug = 0 ldap_connections_number = 5 compare_check_items = no do_xlat = yes edir_account_policy_check = no set_auth_type = no } rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id conns: 0x8174740 Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_attr_filter Module: Instantiating attr_filter.access_reject attr_filter attr_filter.access_reject { attrsfile = "/etc/freeradius/attrs.access_reject" key = "%{User-Name}" } } # modules } # server server { modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating preprocess preprocess { huntgroups = "/etc/freeradius/huntgroups" hints = "/etc/freeradius/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module: Linked to module rlm_files Module: Instantiating files files { usersfile = "/etc/freeradius/users" acctusersfile = "/etc/freeradius/acct_users" preproxy_usersfile = "/etc/freeradius/preproxy_users" compat = "no" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating detail detail { detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_unix Module: Instantiating unix unix { radwtmp = "/var/log/freeradius/radwtmp" } Module: Instantiating attr_filter.accounting_response attr_filter attr_filter.accounting_response { attrsfile = "/etc/freeradius/attrs.accounting_response" key = "%{User-Name}" } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 172.29.96.12 port 32770, id=136, length=181 User-Name = "daalexander" Calling-Station-Id = "00-1B-63-01-05-EC" Called-Station-Id = "00-26-99-99-04-00:SecTest" NAS-Port = 29 NAS-IP-Address = 172.29.96.12 NAS-Identifier = "WLC07" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "168" EAP-Message = 0x02010010016461616c6578616e646572 Message-Authenticator = 0xbc6625a1d7d500b2a82ce9486e99f087 +- entering group authorize {...} ++[preprocess] returns ok [suffix] No '@' in User-Name = "daalexander", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 16 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[expiration] returns noop ++[logintime] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 136 to 172.29.96.12 port 32770 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd49e36c9d49c2f73274aff712b2f00b6 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.29.96.12 port 32770, id=137, length=295 User-Name = "daalexander" Calling-Station-Id = "00-1B-63-01-05-EC" Called-Station-Id = "00-26-99-99-04-00:SecTest" NAS-Port = 29 NAS-IP-Address = 172.29.96.12 NAS-Identifier = "WLC07" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "168" EAP-Message = 0x0202007019800000006616030100610100005d03014bf57712787683ab2b67376b6083dd886b0bf1b78cc850d1974c94383f58dd0c000036002f000500040035000a000900030008000600320033003800390016001500140013001200110034003a0018001b001a0017001900010100 State = 0xd49e36c9d49c2f73274aff712b2f00b6 Message-Authenticator = 0xa14a9ef2b10acfc536833092e6f99122 +- entering group authorize {...} ++[preprocess] returns ok [suffix] No '@' in User-Name = "daalexander", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 112 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 102 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0061], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 1238], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 137 to 172.29.96.12 port 32770 EAP-Message = 0x0103040019c000001275160301002a0200002603014bf57712881bb049892cdf36fb951cc3e3e588570bae1be6d19ff04f62cdc78d00002f0016030112380b001234001231000559308205553082043da0030201020207041647b4b67f0f300d06092a864886f70d01010505003081ca310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c65311a3018060355040a1311476f44616464792e636f6d2c20496e632e31333031060355040b132a687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f72793130302e06035504 EAP-Message = 0x031327476f204461646479205365637572652043657274696669636174696f6e20417574686f726974793111300f060355040513083037393639323837301e170d3130303331323135333131375a170d3135303331323135333131375a305131153013060355040a130c2a2e7661737361722e6564753121301f060355040b1318446f6d61696e20436f6e74726f6c2056616c696461746564311530130603550403130c2a2e7661737361722e65647530820122300d06092a864886f70d01010105000382010f003082010a0282010100d6f2eab4b574c7dacdbb0462a5d399d14320f54c908a66c22b243d658d02e011f006637c6ffb1ddbd4176d57 EAP-Message = 0xc1ac0668bed1ea372e4d1a767a81c06de4020a69d52aa43fbe12c001c2b4fed6b0b8109cd44e410b8b6a715a089be612a10c2b5baf9f20b1287d0aef96254f377bdb6857a5a409fd038657098f6f089c7542c83500c4999b4538dfd6901878412879b547818508e2c12a45459541fd8fdf35dc15c20d716ed7e005333b9d0b3504efa7a155decadffee26c59f1d9dc6896865c1fe094fae39296912a97f9dceb2beaf916040175aec52c3e8882f5ec42c8385bc7ea616daa8a180c9d5d1bf555815cc67d23a03a52d5720635fb12a4fb5a32d28b0203010001a38201b6308201b2300f0603551d130101ff04053003010100301d0603551d2504163014 EAP-Message = 0x06082b0601050507030106082b06010505070302300e0603551d0f0101ff0404030205a030330603551d1f042c302a3028a026a0248622687474703a2f2f63726c2e676f64616464792e636f6d2f676473312d31352e63726c30530603551d20044c304a3048060b6086480186fd6d010717013039303706082b06010505070201162b687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f72792f30818006082b0601050507010104743072302406082b060105050730018618687474703a2f2f6f6373702e676f64616464792e636f6d2f304a06082b06010505073002863e687474703a2f2f636572 EAP-Message = 0x7469666963617465732e676f Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd49e36c9d59d2f73274aff712b2f00b6 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.29.96.12 port 32770, id=138, length=189 User-Name = "daalexander" Calling-Station-Id = "00-1B-63-01-05-EC" Called-Station-Id = "00-26-99-99-04-00:SecTest" NAS-Port = 29 NAS-IP-Address = 172.29.96.12 NAS-Identifier = "WLC07" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "168" EAP-Message = 0x020300061900 State = 0xd49e36c9d59d2f73274aff712b2f00b6 Message-Authenticator = 0xe9edda90b91a31d610d8d5a70bc3586e +- entering group authorize {...} ++[preprocess] returns ok [suffix] No '@' in User-Name = "daalexander", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 138 to 172.29.96.12 port 32770 EAP-Message = 0x010403fc194064616464792e636f6d2f7265706f7369746f72792f67645f696e7465726d6564696174652e637274301f0603551d23041830168014fdac6132936c45d6e2ee855f9abae7769968cce730230603551d11041c301a820c2a2e7661737361722e656475820a7661737361722e656475301d0603551d0e041604144916999ed6dfd19b01694665898db770b4d52493300d06092a864886f70d01010505000382010100984403ed745598507ca638ca728506b839605eb411e0aedc68b4c0a2c2cb2c2d4d4a65d0adbb6d662d4fce0078bccfff65f85f4836a9c076c9fa2a648786d625953253c9029f901b2f4ccbadb688b85a10cf5aedc30e EAP-Message = 0x7f1a41bbda8e0051ef9c84abe2410f20a16716e5c59b1ebf8bad2a544a2a96e3424ffb57596ad2724413b65f403e47c3ee75838d13d356ca811fb3a04016f9ac6d7c76e9aff562b95fb8f9d177c0fa390590ab7f277dc7d7fbbe8970b6a3ab0056f61501ee0e1e6a3b7d34192ef15044001d59177a74fe452a7413fb6458c6eca32a3ad2d899b49a7f2e342d283a81cb5e79fc594374ae5e5b60ef87ab95efdf12e013d471c15f51bb8f0004e2308204de308203c6a00302010202020301300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e EAP-Message = 0x632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3036313131363031353433375a170d3236313131363031353433375a3081ca310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c65311a3018060355040a1311476f44616464792e636f6d2c20496e632e31333031060355040b132a687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f72793130302e06035504031327476f20446164647920536563757265204365727469 EAP-Message = 0x6669636174696f6e20417574686f726974793111300f06035504051308303739363932383730820122300d06092a864886f70d01010105000382010f003082010a0282010100c42dd5158c9c264cec3235eb5fb859015aa66181593b7063abe3dc3dc72ab8c933d379e43aed3c3023848eb33014b6b287c33d9554049edf99dd0b251e21de65297e35a8a954ebf6f73239d4265595adeffbfe5886d79ef4008d8c2a0cbd4204cea73f04f6ee80f2aaef52a16966dabe1aad5dda2c66ea1a6bbbe51a514a002f48c79875d8b929c8eef8666d0a9cb3f3fc787ca2f8a3f2b5c3f3b97a91c1a7e6252e9ca8ed12656e6af6124453703095c39c2b582b3d08 EAP-Message = 0x744af2be51b0bf87 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd49e36c9d69a2f73274aff712b2f00b6 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.29.96.12 port 32770, id=139, length=189 User-Name = "daalexander" Calling-Station-Id = "00-1B-63-01-05-EC" Called-Station-Id = "00-26-99-99-04-00:SecTest" NAS-Port = 29 NAS-IP-Address = 172.29.96.12 NAS-Identifier = "WLC07" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "168" EAP-Message = 0x020400061900 State = 0xd49e36c9d69a2f73274aff712b2f00b6 Message-Authenticator = 0xfd28dc6aeb79092b2ccd16cd80b13184 +- entering group authorize {...} ++[preprocess] returns ok [suffix] No '@' in User-Name = "daalexander", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 139 to 172.29.96.12 port 32770 EAP-Message = 0x010503fc1940d04c27586bb535c59daf1731f80b8feead813605890898cf3aaf2587c049eaa7fd67f7458e97cc1439e23685b57e1a37fd16f671119a743016fe1394a33f840d4f0203010001a38201323082012e301d0603551d0e04160414fdac6132936c45d6e2ee855f9abae7769968cce7301f0603551d23041830168014d2c4b0d291d44c1171b361cb3da1fedda86ad4e330120603551d130101ff040830060101ff020100303306082b0601050507010104273025302306082b060105050730018617687474703a2f2f6f6373702e676f64616464792e636f6d30460603551d1f043f303d303ba039a0378635687474703a2f2f636572746966 EAP-Message = 0x6963617465732e676f64616464792e636f6d2f7265706f7369746f72792f6764726f6f742e63726c304b0603551d200444304230400604551d20003038303606082b06010505070201162a687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f7279300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100d286c0ecbdf9a1b667ee660ba2063a04508e1572ac4a749553cb37cb4449ef07906b33d996f09456a51330053c8532217bc9c70aa824a490de46d32523140367c210d66f0f5d7b7acc9fc5582ac1c49e21a85af3aca446f39ee463cb2f90a4292901d972 EAP-Message = 0x2c29df370127bc4fee68d3218fc0b3e4f509edd210aa53b4bef0cc590bd63b961c952449dfceecfda7489114450e3a366fda45b345a241c9d4d7444e3eb97476d5a213552cc687a3b599ac0684877f7506fcbf144c0ecc6ec4df3db71271f4e8f15140222849e01d4b87a834cc06a2dd125ad186366403356f6f776eebf28550985eab0353ad9123631f169ccdb9b205633ae1f4681b1705359553ee0004ff308204fb30820464a0030201020202010d300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20 EAP-Message = 0x496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3034303632393137303632305a170d3234303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e2041 EAP-Message = 0x7574686f72697479 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd49e36c9d79b2f73274aff712b2f00b6 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.29.96.12 port 32770, id=140, length=189 User-Name = "daalexander" Calling-Station-Id = "00-1B-63-01-05-EC" Called-Station-Id = "00-26-99-99-04-00:SecTest" NAS-Port = 29 NAS-IP-Address = 172.29.96.12 NAS-Identifier = "WLC07" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "168" EAP-Message = 0x020500061900 State = 0xd49e36c9d79b2f73274aff712b2f00b6 Message-Authenticator = 0x9ec74e0c00607db2edacb61d1b700cc1 +- entering group authorize {...} ++[preprocess] returns ok [suffix] No '@' in User-Name = "daalexander", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 140 to 172.29.96.12 port 32770 EAP-Message = 0x010603fc194030820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af679 EAP-Message = 0x98bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a38201e1308201dd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e33081d20603551d230481ca3081c7a181c1a481be3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c696365 EAP-Message = 0x72742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d820101300f0603551d130101ff040530030101ff303306082b0601050507010104273025302306082b060105050730018617687474703a2f2f6f6373702e676f64616464792e636f6d30440603551d1f043d303b3039a037a0358633687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f72792f726f6f742e63726c304b0603551d200444304230400604551d20003038303606082b06010505070201162a687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265 EAP-Message = 0x706f7369746f7279300e0603551d0f0101ff040403020106300d06092a864886f70d010105050003818100b540f9a71df6eafea41a425a44f715d4854689c0be9ee3e3ebc5e358898f929f57a8712c48d181b2791fac063519b04e0e581b14b39881d1041ec807c9839f78440a180b98dc767a650d0d6d80c40b011ccbad473e71be774bcc0677d0f4566b1f4b139a148a8823a851f0834cab35bf467e39dc75a4aee829fbef398f4f55670002eb308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56 EAP-Message = 0x616c69436572742c Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd49e36c9d0982f73274aff712b2f00b6 Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.29.96.12 port 32770, id=141, length=189 User-Name = "daalexander" Calling-Station-Id = "00-1B-63-01-05-EC" Called-Station-Id = "00-26-99-99-04-00:SecTest" NAS-Port = 29 NAS-IP-Address = 172.29.96.12 NAS-Identifier = "WLC07" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "168" EAP-Message = 0x020600061900 State = 0xd49e36c9d0982f73274aff712b2f00b6 Message-Authenticator = 0xe05eeee2303af026be7fad920f5ffef9 +- entering group authorize {...} ++[preprocess] returns ok [suffix] No '@' in User-Name = "daalexander", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 141 to 172.29.96.12 port 32770 EAP-Message = 0x010702a3190020496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420 EAP-Message = 0x436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b3 EAP-Message = 0x43bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd49e36c9d1992f73274aff712b2f00b6 Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.29.96.12 port 32770, id=142, length=521 User-Name = "daalexander" Calling-Station-Id = "00-1B-63-01-05-EC" Called-Station-Id = "00-26-99-99-04-00:SecTest" NAS-Port = 29 NAS-IP-Address = 172.29.96.12 NAS-Identifier = "WLC07" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "168" EAP-Message = 0x0207015019800000014616030101061000010201005b432b8755a040a3d850bd1cf64d409dfa9f571f25d0a8b2736a87497a4b889864e58d9acbe0ae60725f93a894d3f3a16df24499c6b4371579968bc4e1ca9230ff642952a6f9800595e5a0b4433b9bbf7df66a72abcc514e54da2a439f92125ee4bf92c98f708db14829169662802fc169edb214edb084da107b5fd7efafe30106f4557f4124517512e98b69e16141a79ce1b1cd7affc6c8399e1696e1a0b25f8a8cdaf88b5bd8c82ad7f8bb31e7d1797c5e9fa6a6941c5b0fc21ad31fb2b5621044a251f204b9cb4eb1f6447ebf892619dff3306471b68201519262aa201e23f34be88dfe98b588 EAP-Message = 0xa57caf30ff614ada53d2237231b118b6bbe688b8c8ed8a7c14030100010116030100308e9037e7306cfa08b8caedf6b6429bd09816f1ad9a2441c4e818125328f11f6a57fdadbccb441db5d7a2bb81e420d813 State = 0xd49e36c9d1992f73274aff712b2f00b6 Message-Authenticator = 0xcb68aa406d823249421f53ff9e0390f4 +- entering group authorize {...} ++[preprocess] returns ok [suffix] No '@' in User-Name = "daalexander", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 326 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 142 to 172.29.96.12 port 32770 EAP-Message = 0x0108004119001403010001011603010030473d636167fd83d5dc5a3a2e40dcb302e40fa367f1797b2594927ac721534ceb7e508047a879058822fe071a5e22338e Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd49e36c9d2962f73274aff712b2f00b6 Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.29.96.12 port 32770, id=143, length=189 User-Name = "daalexander" Calling-Station-Id = "00-1B-63-01-05-EC" Called-Station-Id = "00-26-99-99-04-00:SecTest" NAS-Port = 29 NAS-IP-Address = 172.29.96.12 NAS-Identifier = "WLC07" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "168" EAP-Message = 0x020800061900 State = 0xd49e36c9d2962f73274aff712b2f00b6 Message-Authenticator = 0xa50dd8c7b7903bb92adae1d69f79050c +- entering group authorize {...} ++[preprocess] returns ok [suffix] No '@' in User-Name = "daalexander", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 143 to 172.29.96.12 port 32770 EAP-Message = 0x0109002b19001703010020cd1e78092927b4855607aacea86ad8367180057727f480740fe3ea16c6349367 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd49e36c9d3972f73274aff712b2f00b6 Finished request 7. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.29.96.12 port 32770, id=144, length=242 User-Name = "daalexander" Calling-Station-Id = "00-1B-63-01-05-EC" Called-Station-Id = "00-26-99-99-04-00:SecTest" NAS-Port = 29 NAS-IP-Address = 172.29.96.12 NAS-Identifier = "WLC07" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "168" EAP-Message = 0x0209003b190017030100303f944108b58e1687f549ee0a6634c971a60262d758410d0c32c2ef098c783d014dbef36e60e853494600e2dbec196690 State = 0xd49e36c9d3972f73274aff712b2f00b6 Message-Authenticator = 0x00f52d23893812a143d007ea7aa0f377 +- entering group authorize {...} ++[preprocess] returns ok [suffix] No '@' in User-Name = "daalexander", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 59 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - daalexander [peap] Got tunneled request EAP-Message = 0x02090010016461616c6578616e646572 server { PEAP: Got tunneled identity of daalexander PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to daalexander Sending tunneled request EAP-Message = 0x02090010016461616c6578616e646572 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "daalexander" server inner-tunnel { +- entering group authorize {...} ++[mschap] returns noop [suffix] No '@' in User-Name = "daalexander", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 9 length 16 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [ldap] performing user authorization for daalexander [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [ldap] ... expanding second conditional [ldap] expand: %{User-Name} -> daalexander [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=daalexander) [ldap] expand: dc=vassar,dc=edu -> dc=vassar,dc=edu [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] attempting LDAP reconnection [ldap] (re)connect to localhost:389, authentication 0 [ldap] bind as cn=xxxxxxx,ou=adminaccounts,dc=vassar,dc=edu/xxxxx to localhost:389 [ldap] waiting for bind result ... [ldap] Bind was successful [ldap] performing search in dc=vassar,dc=edu, with filter (uid=daalexander) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] ntPassword -> NT-Password == 0x3036364444464434454630453943443743323536464537373139314546343343 [ldap] lmPassword -> LM-Password == 0x4644413935464245434132383844343441414433423433354235313430344545 [ldap] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap] user daalexander authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010a00251a010a002010aab39a9fb2cb8ef3a895e8037f3052b86461616c6578616e646572 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x392811c839220b45ab2a5ab19406d4bd [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010a00251a010a002010aab39a9fb2cb8ef3a895e8037f3052b86461616c6578616e646572 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x392811c839220b45ab2a5ab19406d4bd [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 144 to 172.29.96.12 port 32770 EAP-Message = 0x010a004b190017030100407e9385d27c1208e7fdd8ce923709d05a312b7909503b539531836ff3efd5b21efc1af7cd1c82e6ea57c1b487c6d902fcf3a8d2d228cb7623fd005977b8aaef14 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd49e36c9dc942f73274aff712b2f00b6 Finished request 8. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 136 with timestamp +44 Cleaning up request 1 ID 137 with timestamp +44 Cleaning up request 2 ID 138 with timestamp +44 Cleaning up request 3 ID 139 with timestamp +44 Cleaning up request 4 ID 140 with timestamp +44 Cleaning up request 5 ID 141 with timestamp +44 Cleaning up request 6 ID 142 with timestamp +44 Cleaning up request 7 ID 143 with timestamp +44 Cleaning up request 8 ID 144 with timestamp +44 Ready to process requests.