We have recently upgraded FR to 3.0.18 and, after that, EAP-FAST stopped working. Any pointers will be appreciated. We are using exactly the same config files (or configuration) and username as for FR 3.0.16. This is the debug output: <snip> Ready to process requests (0) Received Access-Request Id 0 from 127.0.0.1:49204 to 0.0.0.0:1812 length 122 (0) User-Name = "1234" (0) NAS-IP-Address = 127.0.0.1 (0) Calling-Station-Id = "02-00-00-00-00-01" (0) Framed-MTU = 1400 (0) NAS-Port-Type = Wireless-802.11 (0) Service-Type = Framed-User (0) Connect-Info = "CONNECT 11Mbps 802.11b" (0) EAP-Message = 0x021c00090131323334 (0) Message-Authenticator = 0x9595390c5fd44a0ccce57a3fede5a6e1 (0) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "1234", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) eap: Peer sent EAP Response (code 2) ID 28 length 9 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = eap (0) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (0) authenticate { (0) eap: Peer sent packet with method EAP Identity (1) (0) eap: Calling submodule eap_md5 to process data (0) eap_md5: Issuing MD5 Challenge (0) eap: Sending EAP Request (code 1) ID 29 length 22 (0) eap: EAP session adding &reply:State = 0xf540c2dff55dc67c (0) [eap] = handled (0) } # authenticate = handled (0) Using Post-Auth-Type Challenge (0) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (0) Challenge { ... } # empty sub-section is ignored (0) Sent Access-Challenge Id 0 from 0.0.0.0:1812 to 127.0.0.1:49204 length 0 (0) EAP-Message = 0x011d00160410ac61f64094e18473ade4269472ec8adb (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0xf540c2dff55dc67c76779efebe71ec85 (0) Finished request Waking up in 5.0 seconds. (1) Received Access-Request Id 1 from 127.0.0.1:49204 to 0.0.0.0:1812 length 137 (1) User-Name = "1234" (1) NAS-IP-Address = 127.0.0.1 (1) Calling-Station-Id = "02-00-00-00-00-01" (1) Framed-MTU = 1400 (1) NAS-Port-Type = Wireless-802.11 (1) Service-Type = Framed-User (1) Connect-Info = "CONNECT 11Mbps 802.11b" (1) EAP-Message = 0x021d0006032b (1) State = 0xf540c2dff55dc67c76779efebe71ec85 (1) Message-Authenticator = 0x4846d98467d5a0127cf502d55e85f521 (1) session-state: No cached attributes (1) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (1) authorize { (1) policy filter_username { (1) if (&User-Name) { (1) if (&User-Name) -> TRUE (1) if (&User-Name) { (1) if (&User-Name =~ / /) { (1) if (&User-Name =~ / /) -> FALSE (1) if (&User-Name =~ /@[^@]*@/ ) { (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (1) if (&User-Name =~ /\.\./ ) { (1) if (&User-Name =~ /\.\./ ) -> FALSE (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (1) if (&User-Name =~ /\.$/) { (1) if (&User-Name =~ /\.$/) -> FALSE (1) if (&User-Name =~ /@\./) { (1) if (&User-Name =~ /@\./) -> FALSE (1) } # if (&User-Name) = notfound (1) } # policy filter_username = notfound (1) [preprocess] = ok (1) [chap] = noop (1) [mschap] = noop (1) [digest] = noop (1) suffix: Checking for suffix after "@" (1) suffix: No '@' in User-Name = "1234", looking up realm NULL (1) suffix: No such realm "NULL" (1) [suffix] = noop (1) eap: Peer sent EAP Response (code 2) ID 29 length 6 (1) eap: No EAP Start, assuming it's an on-going EAP conversation (1) [eap] = updated (1) [files] = noop (1) [expiration] = noop (1) [logintime] = noop Not doing PAP as Auth-Type is already set. (1) [pap] = noop (1) } # authorize = updated (1) Found Auth-Type = eap (1) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (1) authenticate { (1) eap: Expiring EAP session with state 0xf540c2dff55dc67c (1) eap: Finished EAP session with state 0xf540c2dff55dc67c (1) eap: Previous EAP request found for state 0xf540c2dff55dc67c, released from the list (1) eap: Peer sent packet with method EAP NAK (3) (1) eap: Found mutually acceptable type FAST (43) (1) eap: Calling submodule eap_fast to process data (1) eap_fast: Initiating new TLS session (1) eap_fast: Over-riding main cipher list with 'ALL:!EXPORT:!eNULL:!SSLv2:@SECLEVEL=0' (1) eap: Sending EAP Request (code 1) ID 30 length 26 (1) eap: EAP session adding &reply:State = 0xf540c2dff45ee97c (1) [eap] = handled (1) } # authenticate = handled (1) Using Post-Auth-Type Challenge (1) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (1) Challenge { ... } # empty sub-section is ignored (1) Sent Access-Challenge Id 1 from 0.0.0.0:1812 to 127.0.0.1:49204 length 0 (1) EAP-Message = 0x011e001a2b210004001081dc9bdb52d04dc20036dbd8313ed055 (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) State = 0xf540c2dff45ee97c76779efebe71ec85 (1) Finished request Waking up in 4.8 seconds. (2) Received Access-Request Id 2 from 127.0.0.1:49204 to 0.0.0.0:1812 length 251 (2) User-Name = "1234" (2) NAS-IP-Address = 127.0.0.1 (2) Calling-Station-Id = "02-00-00-00-00-01" (2) Framed-MTU = 1400 (2) NAS-Port-Type = Wireless-802.11 (2) Service-Type = Framed-User (2) Connect-Info = "CONNECT 11Mbps 802.11b" (2) EAP-Message = 0x021e00782b01160301006d0100006903038acbcbfc969276fb0e0518c403095b1be72236a7ef8f58e712ba57da668c1135000004003400ff0100003c0016000000170000000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602 (2) State = 0xf540c2dff45ee97c76779efebe71ec85 (2) Message-Authenticator = 0x6859a98df1727d3af2c5ef58574ca780 (2) session-state: No cached attributes (2) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (2) authorize { (2) policy filter_username { (2) if (&User-Name) { (2) if (&User-Name) -> TRUE (2) if (&User-Name) { (2) if (&User-Name =~ / /) { (2) if (&User-Name =~ / /) -> FALSE (2) if (&User-Name =~ /@[^@]*@/ ) { (2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (2) if (&User-Name =~ /\.\./ ) { (2) if (&User-Name =~ /\.\./ ) -> FALSE (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (2) if (&User-Name =~ /\.$/) { (2) if (&User-Name =~ /\.$/) -> FALSE (2) if (&User-Name =~ /@\./) { (2) if (&User-Name =~ /@\./) -> FALSE (2) } # if (&User-Name) = notfound (2) } # policy filter_username = notfound (2) [preprocess] = ok (2) [chap] = noop (2) [mschap] = noop (2) [digest] = noop (2) suffix: Checking for suffix after "@" (2) suffix: No '@' in User-Name = "1234", looking up realm NULL (2) suffix: No such realm "NULL" (2) [suffix] = noop (2) eap: Peer sent EAP Response (code 2) ID 30 length 120 (2) eap: No EAP Start, assuming it's an on-going EAP conversation (2) [eap] = updated (2) [files] = noop (2) [expiration] = noop (2) [logintime] = noop Not doing PAP as Auth-Type is already set. (2) [pap] = noop (2) } # authorize = updated (2) Found Auth-Type = eap (2) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (2) authenticate { (2) eap: Expiring EAP session with state 0xf540c2dff45ee97c (2) eap: Finished EAP session with state 0xf540c2dff45ee97c (2) eap: Previous EAP request found for state 0xf540c2dff45ee97c, released from the list (2) eap: Peer sent packet with method EAP FAST (43) (2) eap: Calling submodule eap_fast to process data (2) eap_fast: Authenticate (2) eap_fast: Continuing EAP-TLS (2) eap_fast: [eaptls verify] = ok (2) eap_fast: Done initial handshake (2) eap_fast: (other): before SSL initialization (2) eap_fast: TLS_accept: before SSL initialization (2) eap_fast: TLS_accept: before SSL initialization (2) eap_fast: <<< recv TLS 1.3 [length 006d] (2) eap_fast: TLS_accept: SSLv3/TLS read client hello (2) eap_fast: >>> send TLS 1.1 [length 0039] (2) eap_fast: TLS_accept: SSLv3/TLS write server hello (2) eap_fast: >>> send TLS 1.1 [length 010b] (2) eap_fast: TLS_accept: SSLv3/TLS write key exchange (2) eap_fast: >>> send TLS 1.1 [length 0004] (2) eap_fast: TLS_accept: SSLv3/TLS write server done (2) eap_fast: TLS_accept: Need to read more data: SSLv3/TLS write server done (2) eap_fast: TLS - In Handshake Phase (2) eap_fast: TLS - got 343 bytes of data (2) eap_fast: [eaptls process] = handled (2) eap: Sending EAP Request (code 1) ID 31 length 349 (2) eap: EAP session adding &reply:State = 0xf540c2dff75fe97c (2) [eap] = handled (2) } # authenticate = handled (2) Using Post-Auth-Type Challenge (2) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (2) Challenge { ... } # empty sub-section is ignored (2) Sent Access-Challenge Id 2 from 0.0.0.0:1812 to 127.0.0.1:49204 length 0 (2) EAP-Message = 0x011f015d2b011603020039020000350302cc8669f3184b48d3359ecb19037cd7a9e200e7e379a2850c22188448c3b64fe900003400000dff010001000016000000170000160302010b0c0001070080c8ddbb8a072e74a5ca13d31d8db294878ca03afa611f23c7e8be9b6a1619282a498d7a01c0e5756ffff663dbde2046394f48f1affa990ccd08a181e013f81968e4bfc93019d0228dff8cdea67cb8dbaae69885ed3dd29914cb1fe36797fca043f27da21cc9a7b08a7dee3abeacae9d280a6ff78d26de8a3fb9e1a4bef720e1fb000102008035af77841ab14f4fc4fc02d2c47fae7ea00ec9684e2bdf117c0c767e5ceb382a2bfdda9376cc70a19df58549a03aa128d546ebeae2d59f00c9ee0f6a9909706dc1f02ead0089f02afb66fba38d0ab519dadadabfdd6b0ad34e95560e94078f5d1501276f6173f6f8317ca4ec521fdb3f5f66671d2c010f5d97b6426eb84195ba16030200040e000000 (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0xf540c2dff75fe97c76779efebe71ec85 (2) Finished request Waking up in 4.7 seconds. (3) Received Access-Request Id 3 from 127.0.0.1:49204 to 0.0.0.0:1812 length 355 (3) User-Name = "1234" (3) NAS-IP-Address = 127.0.0.1 (3) Calling-Station-Id = "02-00-00-00-00-01" (3) Framed-MTU = 1400 (3) NAS-Port-Type = Wireless-802.11 (3) Service-Type = Framed-User (3) Connect-Info = "CONNECT 11Mbps 802.11b" (3) EAP-Message = 0x021f00e02b01160302008610000082008091b1bc9afe7f5e45ca9ab808449356e28927ad7abc9f7d564819aa3ef72df210f2832bcb4633ed299e2107e7a6dc83580269ec749f0be3053bf5dea1bcbb2f29ee3ce23ae1ab45535238ca7af7b4157768ca9abec4470c42aa0c3d5bc74d2da819a905675ca4a0eda4f722b30d3529335531d21a0d3ec7fbfbcf6d1a82c4a3c51403020001011603020044043eb85621fe819171d4c29f9a166af39d50a603c363f204df4a2005587f397671e5cba5df33955be39c1d819de9931e6486e85328887ba91e7b5217e7ce00183cee0151 (3) State = 0xf540c2dff75fe97c76779efebe71ec85 (3) Message-Authenticator = 0x516e989840b0744b250186295665cef0 (3) session-state: No cached attributes (3) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (3) authorize { (3) policy filter_username { (3) if (&User-Name) { (3) if (&User-Name) -> TRUE (3) if (&User-Name) { (3) if (&User-Name =~ / /) { (3) if (&User-Name =~ / /) -> FALSE (3) if (&User-Name =~ /@[^@]*@/ ) { (3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (3) if (&User-Name =~ /\.\./ ) { (3) if (&User-Name =~ /\.\./ ) -> FALSE (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (3) if (&User-Name =~ /\.$/) { (3) if (&User-Name =~ /\.$/) -> FALSE (3) if (&User-Name =~ /@\./) { (3) if (&User-Name =~ /@\./) -> FALSE (3) } # if (&User-Name) = notfound (3) } # policy filter_username = notfound (3) [preprocess] = ok (3) [chap] = noop (3) [mschap] = noop (3) [digest] = noop (3) suffix: Checking for suffix after "@" (3) suffix: No '@' in User-Name = "1234", looking up realm NULL (3) suffix: No such realm "NULL" (3) [suffix] = noop (3) eap: Peer sent EAP Response (code 2) ID 31 length 224 (3) eap: No EAP Start, assuming it's an on-going EAP conversation (3) [eap] = updated (3) [files] = noop (3) [expiration] = noop (3) [logintime] = noop Not doing PAP as Auth-Type is already set. (3) [pap] = noop (3) } # authorize = updated (3) Found Auth-Type = eap (3) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (3) authenticate { (3) eap: Expiring EAP session with state 0xf540c2dff75fe97c (3) eap: Finished EAP session with state 0xf540c2dff75fe97c (3) eap: Previous EAP request found for state 0xf540c2dff75fe97c, released from the list (3) eap: Peer sent packet with method EAP FAST (43) (3) eap: Calling submodule eap_fast to process data (3) eap_fast: Authenticate (3) eap_fast: Continuing EAP-TLS (3) eap_fast: [eaptls verify] = ok (3) eap_fast: Done initial handshake (3) eap_fast: TLS_accept: SSLv3/TLS write server done (3) eap_fast: <<< recv TLS 1.1 [length 0086] (3) eap_fast: TLS_accept: SSLv3/TLS read client key exchange (3) eap_fast: TLS_accept: SSLv3/TLS read change cipher spec (3) eap_fast: <<< recv TLS 1.1 [length 0010] (3) eap_fast: TLS_accept: SSLv3/TLS read finished (3) eap_fast: >>> send TLS 1.1 [length 0001] (3) eap_fast: TLS_accept: SSLv3/TLS write change cipher spec (3) eap_fast: >>> send TLS 1.1 [length 0010] (3) eap_fast: TLS_accept: SSLv3/TLS write finished (3) eap_fast: (other): SSL negotiation finished successfully (3) eap_fast: TLS - Connection Established (3) eap_fast: TLS-Session-Cipher-Suite = "ADH-AES128-SHA" (3) eap_fast: TLS-Session-Version = "TLS 1.1" (3) eap_fast: TLS - got 79 bytes of data (3) eap_fast: [eaptls process] = handled (3) eap: Sending EAP Request (code 1) ID 32 length 85 (3) eap: EAP session adding &reply:State = 0xf540c2dff660e97c (3) [eap] = handled (3) } # authenticate = handled (3) Using Post-Auth-Type Challenge (3) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (3) Challenge { ... } # empty sub-section is ignored (3) session-state: Saving cached attributes (3) TLS-Session-Cipher-Suite = "ADH-AES128-SHA" (3) TLS-Session-Version = "TLS 1.1" (3) Sent Access-Challenge Id 3 from 0.0.0.0:1812 to 127.0.0.1:49204 length 0 (3) EAP-Message = 0x012000552b01140302000101160302004494f4be804a16f041b8a6f6f4830f84159464d08067d76207e52cf37eeae1b419fc7f0551d2d1f1ec263c6143c3c1052dd3444fe39f6de6e27a57f98b9ea02db1ba223dc7 (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) State = 0xf540c2dff660e97c76779efebe71ec85 (3) Finished request Waking up in 4.4 seconds. (4) Received Access-Request Id 4 from 127.0.0.1:49204 to 0.0.0.0:1812 length 137 (4) User-Name = "1234" (4) NAS-IP-Address = 127.0.0.1 (4) Calling-Station-Id = "02-00-00-00-00-01" (4) Framed-MTU = 1400 (4) NAS-Port-Type = Wireless-802.11 (4) Service-Type = Framed-User (4) Connect-Info = "CONNECT 11Mbps 802.11b" (4) EAP-Message = 0x022000062b01 (4) State = 0xf540c2dff660e97c76779efebe71ec85 (4) Message-Authenticator = 0xda6392c49454b58b4a593412381f07dc (4) Restoring &session-state (4) &session-state:TLS-Session-Cipher-Suite = "ADH-AES128-SHA" (4) &session-state:TLS-Session-Version = "TLS 1.1" (4) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (4) authorize { (4) policy filter_username { (4) if (&User-Name) { (4) if (&User-Name) -> TRUE (4) if (&User-Name) { (4) if (&User-Name =~ / /) { (4) if (&User-Name =~ / /) -> FALSE (4) if (&User-Name =~ /@[^@]*@/ ) { (4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (4) if (&User-Name =~ /\.\./ ) { (4) if (&User-Name =~ /\.\./ ) -> FALSE (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (4) if (&User-Name =~ /\.$/) { (4) if (&User-Name =~ /\.$/) -> FALSE (4) if (&User-Name =~ /@\./) { (4) if (&User-Name =~ /@\./) -> FALSE (4) } # if (&User-Name) = notfound (4) } # policy filter_username = notfound (4) [preprocess] = ok (4) [chap] = noop (4) [mschap] = noop (4) [digest] = noop (4) suffix: Checking for suffix after "@" (4) suffix: No '@' in User-Name = "1234", looking up realm NULL (4) suffix: No such realm "NULL" (4) [suffix] = noop (4) eap: Peer sent EAP Response (code 2) ID 32 length 6 (4) eap: No EAP Start, assuming it's an on-going EAP conversation (4) [eap] = updated (4) [files] = noop (4) [expiration] = noop (4) [logintime] = noop Not doing PAP as Auth-Type is already set. (4) [pap] = noop (4) } # authorize = updated (4) Found Auth-Type = eap (4) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (4) authenticate { (4) eap: Expiring EAP session with state 0xf540c2dff660e97c (4) eap: Finished EAP session with state 0xf540c2dff660e97c (4) eap: Previous EAP request found for state 0xf540c2dff660e97c, released from the list (4) eap: Peer sent packet with method EAP FAST (43) (4) eap: Calling submodule eap_fast to process data (4) eap_fast: Authenticate (4) eap_fast: Continuing EAP-TLS (4) eap_fast: Peer ACKed our handshake fragment. handshake is finished (4) eap_fast: [eaptls verify] = success (4) eap_fast: [eaptls process] = success (4) eap_fast: Session established. Proceeding to decode tunneled attributes (4) eap_fast: Using anonymous provisioning (4) eap_fast: Deriving EAP-FAST keys (4) eap_fast: OpenSSL: cipher nid 419 digest nid 64 (4) eap_fast: OpenSSL: keyblock size: key_len=16 MD_size=20 IV_len=16 (4) eap_fast: Sending EAP-Identity (4) eap_fast: Challenge (4) eap: Sending EAP Request (code 1) ID 33 length 63 (4) eap: EAP session adding &reply:State = 0xf540c2dff161e97c (4) [eap] = handled (4) } # authenticate = handled (4) Using Post-Auth-Type Challenge (4) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (4) Challenge { ... } # empty sub-section is ignored (4) session-state: Saving cached attributes (4) TLS-Session-Cipher-Suite = "ADH-AES128-SHA" (4) TLS-Session-Version = "TLS 1.1" (4) Sent Access-Challenge Id 4 from 0.0.0.0:1812 to 127.0.0.1:49204 length 0 (4) EAP-Message = 0x0121003f2b011703020034d629443eefc4591552544c471ba204bad095da78bd2efdc76ff173e118037b617b0d71500de53c9d4826fda67b7c182f37f1e98d (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0xf540c2dff161e97c76779efebe71ec85 (4) Finished request Waking up in 4.3 seconds. (5) Received Access-Request Id 5 from 127.0.0.1:49204 to 0.0.0.0:1812 length 194 (5) User-Name = "1234" (5) NAS-IP-Address = 127.0.0.1 (5) Calling-Station-Id = "02-00-00-00-00-01" (5) Framed-MTU = 1400 (5) NAS-Port-Type = Wireless-802.11 (5) Service-Type = Framed-User (5) Connect-Info = "CONNECT 11Mbps 802.11b" (5) EAP-Message = 0x0221003f2b011703020034c86484807adb72db9f79883ad2451d0a2c4ac2c8040d70371fd228857acae9e45320b7cb2bb35eaa1e8b42d114788db234561606 (5) State = 0xf540c2dff161e97c76779efebe71ec85 (5) Message-Authenticator = 0x83af6cbabd67c8118afc616ff6d80030 (5) Restoring &session-state (5) &session-state:TLS-Session-Cipher-Suite = "ADH-AES128-SHA" (5) &session-state:TLS-Session-Version = "TLS 1.1" (5) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (5) authorize { (5) policy filter_username { (5) if (&User-Name) { (5) if (&User-Name) -> TRUE (5) if (&User-Name) { (5) if (&User-Name =~ / /) { (5) if (&User-Name =~ / /) -> FALSE (5) if (&User-Name =~ /@[^@]*@/ ) { (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (5) if (&User-Name =~ /\.\./ ) { (5) if (&User-Name =~ /\.\./ ) -> FALSE (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (5) if (&User-Name =~ /\.$/) { (5) if (&User-Name =~ /\.$/) -> FALSE (5) if (&User-Name =~ /@\./) { (5) if (&User-Name =~ /@\./) -> FALSE (5) } # if (&User-Name) = notfound (5) } # policy filter_username = notfound (5) [preprocess] = ok (5) [chap] = noop (5) [mschap] = noop (5) [digest] = noop (5) suffix: Checking for suffix after "@" (5) suffix: No '@' in User-Name = "1234", looking up realm NULL (5) suffix: No such realm "NULL" (5) [suffix] = noop (5) eap: Peer sent EAP Response (code 2) ID 33 length 63 (5) eap: No EAP Start, assuming it's an on-going EAP conversation (5) [eap] = updated (5) [files] = noop (5) [expiration] = noop (5) [logintime] = noop Not doing PAP as Auth-Type is already set. (5) [pap] = noop (5) } # authorize = updated (5) Found Auth-Type = eap (5) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (5) authenticate { (5) eap: Expiring EAP session with state 0xf540c2dff161e97c (5) eap: Finished EAP session with state 0xf540c2dff161e97c (5) eap: Previous EAP request found for state 0xf540c2dff161e97c, released from the list (5) eap: Peer sent packet with method EAP FAST (43) (5) eap: Calling submodule eap_fast to process data (5) eap_fast: Authenticate (5) eap_fast: Continuing EAP-TLS (5) eap_fast: [eaptls verify] = ok (5) eap_fast: Done initial handshake (5) eap_fast: [eaptls process] = ok (5) eap_fast: Session established. Proceeding to decode tunneled attributes (5) eap_fast: Got Tunneled FAST TLVs (5) eap_fast: FreeRADIUS-EAP-FAST-EAP-Payload = 0x02210008016d6777 (5) eap_fast: Processing received EAP Payload (5) eap_fast: Got tunneled request (5) eap_fast: EAP-Message = 0x02210008016d6777 (5) eap_fast: Got tunneled identity of mgw (5) eap_fast: AUTHENTICATION (5) Virtual server inner-tunnel received request (5) EAP-Message = 0x02210008016d6777 (5) FreeRADIUS-Proxied-To = 127.0.0.1 (5) User-Name = "mgw" (5) WARNING: Outer User-Name is not anonymized. User privacy is compromised. (5) server inner-tunnel { (5) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel (5) authorize { (5) policy filter_username { (5) if (&User-Name) { (5) if (&User-Name) -> TRUE (5) if (&User-Name) { (5) if (&User-Name =~ / /) { (5) if (&User-Name =~ / /) -> FALSE (5) if (&User-Name =~ /@[^@]*@/ ) { (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (5) if (&User-Name =~ /\.\./ ) { (5) if (&User-Name =~ /\.\./ ) -> FALSE (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (5) if (&User-Name =~ /\.$/) { (5) if (&User-Name =~ /\.$/) -> FALSE (5) if (&User-Name =~ /@\./) { (5) if (&User-Name =~ /@\./) -> FALSE (5) } # if (&User-Name) = notfound (5) } # policy filter_username = notfound (5) [chap] = noop (5) [mschap] = noop (5) suffix: Checking for suffix after "@" (5) suffix: No '@' in User-Name = "mgw", looking up realm NULL (5) suffix: No such realm "NULL" (5) [suffix] = noop (5) update control { (5) &Proxy-To-Realm := LOCAL (5) } # update control = noop (5) eap: Peer sent EAP Response (code 2) ID 33 length 8 (5) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (5) [eap] = ok (5) } # authorize = ok (5) Found Auth-Type = eap (5) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel (5) authenticate { (5) eap: Peer sent packet with method EAP Identity (1) (5) eap: Calling submodule eap_mschapv2 to process data (5) eap_mschapv2: Issuing Challenge (5) eap: Sending EAP Request (code 1) ID 34 length 43 (5) eap: EAP session adding &reply:State = 0x07f19ece07d38470 (5) [eap] = handled (5) } # authenticate = handled (5) } # server inner-tunnel (5) Virtual server sending reply (5) EAP-Message = 0x0122002b1a0122002610ddcd742c8b24135c123a2f200a7cad0e667265657261646975732d332e302e3138 (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) State = 0x07f19ece07d38470fa0d479343028091 (5) eap_fast: Got tunneled Access-Challenge (5) eap_fast: Challenge (5) eap: Sending EAP Request (code 1) ID 34 length 95 (5) eap: EAP session adding &reply:State = 0xf540c2dff062e97c (5) [eap] = handled (5) } # authenticate = handled (5) Using Post-Auth-Type Challenge (5) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (5) Challenge { ... } # empty sub-section is ignored (5) session-state: Saving cached attributes (5) TLS-Session-Cipher-Suite = "ADH-AES128-SHA" (5) TLS-Session-Version = "TLS 1.1" (5) Sent Access-Challenge Id 5 from 0.0.0.0:1812 to 127.0.0.1:49204 length 0 (5) EAP-Message = 0x0122005f2b011703020054478b902e23448fc14e95749d81654e35f87d372ca1b3fca3114f4842892b1a47dc54a8cf5d092e9c8bb622085cd1de16f35bbc338e5d6c7eed5ed56c77518075fccc66865917f5822ae28092fbdf65f5aa8c16ef (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) State = 0xf540c2dff062e97c76779efebe71ec85 (5) Finished request Waking up in 4.1 seconds. (6) Received Access-Request Id 6 from 127.0.0.1:49204 to 0.0.0.0:1812 length 258 (6) User-Name = "1234" (6) NAS-IP-Address = 127.0.0.1 (6) Calling-Station-Id = "02-00-00-00-00-01" (6) Framed-MTU = 1400 (6) NAS-Port-Type = Wireless-802.11 (6) Service-Type = Framed-User (6) Connect-Info = "CONNECT 11Mbps 802.11b" (6) EAP-Message = 0x0222007f2b011703020074bfd7109dd1f74f44a31b87c9e4e17d2e58350d73040b02920bcbcbcedbb66014a7dc0f15bd1ddad6867988ee068de96ffec417720e1f22d3379725dbd15640a96e5fba5664bc2ee459bff67223281f4b8a66d1473af065f6eea9f69a333ee2af98adf369846a052784d975f6c451bd4737c91c2a (6) State = 0xf540c2dff062e97c76779efebe71ec85 (6) Message-Authenticator = 0xfc6a058256cad438f3f03e0beae59b62 (6) Restoring &session-state (6) &session-state:TLS-Session-Cipher-Suite = "ADH-AES128-SHA" (6) &session-state:TLS-Session-Version = "TLS 1.1" (6) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (6) authorize { (6) policy filter_username { (6) if (&User-Name) { (6) if (&User-Name) -> TRUE (6) if (&User-Name) { (6) if (&User-Name =~ / /) { (6) if (&User-Name =~ / /) -> FALSE (6) if (&User-Name =~ /@[^@]*@/ ) { (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (6) if (&User-Name =~ /\.\./ ) { (6) if (&User-Name =~ /\.\./ ) -> FALSE (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (6) if (&User-Name =~ /\.$/) { (6) if (&User-Name =~ /\.$/) -> FALSE (6) if (&User-Name =~ /@\./) { (6) if (&User-Name =~ /@\./) -> FALSE (6) } # if (&User-Name) = notfound (6) } # policy filter_username = notfound (6) [preprocess] = ok (6) [chap] = noop (6) [mschap] = noop (6) [digest] = noop (6) suffix: Checking for suffix after "@" (6) suffix: No '@' in User-Name = "1234", looking up realm NULL (6) suffix: No such realm "NULL" (6) [suffix] = noop (6) eap: Peer sent EAP Response (code 2) ID 34 length 127 (6) eap: No EAP Start, assuming it's an on-going EAP conversation (6) [eap] = updated (6) [files] = noop (6) [expiration] = noop (6) [logintime] = noop Not doing PAP as Auth-Type is already set. (6) [pap] = noop (6) } # authorize = updated (6) Found Auth-Type = eap (6) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (6) authenticate { (6) eap: Expiring EAP session with state 0x07f19ece07d38470 (6) eap: Finished EAP session with state 0xf540c2dff062e97c (6) eap: Previous EAP request found for state 0xf540c2dff062e97c, released from the list (6) eap: Peer sent packet with method EAP FAST (43) (6) eap: Calling submodule eap_fast to process data (6) eap_fast: Authenticate (6) eap_fast: Continuing EAP-TLS (6) eap_fast: [eaptls verify] = ok (6) eap_fast: Done initial handshake (6) eap_fast: [eaptls process] = ok (6) eap_fast: Session established. Proceeding to decode tunneled attributes (6) eap_fast: Got Tunneled FAST TLVs (6) eap_fast: FreeRADIUS-EAP-FAST-EAP-Payload = 0x0222003e1a022200393100000000000000000000000000000000000000000000000055aa671c53b32f8297f5c46c8231a5e75b67987b94f1ad46006d6777 (6) eap_fast: Processing received EAP Payload (6) eap_fast: Got tunneled request (6) eap_fast: EAP-Message = 0x0222003e1a022200393100000000000000000000000000000000000000000000000055aa671c53b32f8297f5c46c8231a5e75b67987b94f1ad46006d6777 (6) eap_fast: AUTHENTICATION (6) Virtual server inner-tunnel received request (6) EAP-Message = 0x0222003e1a022200393100000000000000000000000000000000000000000000000055aa671c53b32f8297f5c46c8231a5e75b67987b94f1ad46006d6777 (6) FreeRADIUS-Proxied-To = 127.0.0.1 (6) User-Name = "mgw" (6) State = 0x07f19ece07d38470fa0d479343028091 (6) WARNING: Outer User-Name is not anonymized. User privacy is compromised. (6) server inner-tunnel { (6) session-state: No cached attributes (6) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel (6) authorize { (6) policy filter_username { (6) if (&User-Name) { (6) if (&User-Name) -> TRUE (6) if (&User-Name) { (6) if (&User-Name =~ / /) { (6) if (&User-Name =~ / /) -> FALSE (6) if (&User-Name =~ /@[^@]*@/ ) { (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (6) if (&User-Name =~ /\.\./ ) { (6) if (&User-Name =~ /\.\./ ) -> FALSE (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (6) if (&User-Name =~ /\.$/) { (6) if (&User-Name =~ /\.$/) -> FALSE (6) if (&User-Name =~ /@\./) { (6) if (&User-Name =~ /@\./) -> FALSE (6) } # if (&User-Name) = notfound (6) } # policy filter_username = notfound (6) [chap] = noop (6) [mschap] = noop (6) suffix: Checking for suffix after "@" (6) suffix: No '@' in User-Name = "mgw", looking up realm NULL (6) suffix: No such realm "NULL" (6) [suffix] = noop (6) update control { (6) &Proxy-To-Realm := LOCAL (6) } # update control = noop (6) eap: Peer sent EAP Response (code 2) ID 34 length 62 (6) eap: No EAP Start, assuming it's an on-going EAP conversation (6) [eap] = updated (6) files: users: Matched entry mgw at line 68 (6) [files] = ok (6) [expiration] = noop (6) [logintime] = noop (6) pap: WARNING: Auth-Type already set. Not setting to PAP (6) [pap] = noop (6) } # authorize = updated (6) Found Auth-Type = eap (6) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel (6) authenticate { (6) eap: Expiring EAP session with state 0x07f19ece07d38470 (6) eap: Finished EAP session with state 0x07f19ece07d38470 (6) eap: Previous EAP request found for state 0x07f19ece07d38470, released from the list (6) eap: Peer sent packet with method EAP MSCHAPv2 (26) (6) eap: Calling submodule eap_mschapv2 to process data (6) eap_mschapv2: # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel (6) eap_mschapv2: authenticate { (6) mschap: Found Cleartext-Password, hashing to create NT-Password (6) mschap: Found Cleartext-Password, hashing to create LM-Password (6) mschap: Overriding peer challenge (6) mschap: Creating challenge hash with username: mgw (6) mschap: Client is using MS-CHAPv2 (6) mschap: Adding MS-CHAPv2 MPPE keys (6) [mschap] = ok (6) } # authenticate = ok (6) MSCHAP Success (6) eap: Sending EAP Request (code 1) ID 35 length 51 (6) eap: EAP session adding &reply:State = 0x07f19ece06d28470 (6) [eap] = handled (6) } # authenticate = handled (6) } # server inner-tunnel (6) Virtual server sending reply (6) EAP-Message = 0x012300331a0322002e533d41383643464332354243453044384342463742423842413942453638463842353741434542394636 (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0x07f19ece06d28470fa0d479343028091 (6) eap_fast: Got tunneled Access-Challenge (6) eap_fast: Challenge (6) eap: Sending EAP Request (code 1) ID 35 length 111 (6) eap: EAP session adding &reply:State = 0xf540c2dff363e97c (6) [eap] = handled (6) } # authenticate = handled (6) Using Post-Auth-Type Challenge (6) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (6) Challenge { ... } # empty sub-section is ignored (6) session-state: Saving cached attributes (6) TLS-Session-Cipher-Suite = "ADH-AES128-SHA" (6) TLS-Session-Version = "TLS 1.1" (6) Sent Access-Challenge Id 6 from 0.0.0.0:1812 to 127.0.0.1:49204 length 0 (6) EAP-Message = 0x0123006f2b011703020064184b7e2dc0e6bc0b99e7a64ef85e0bede16cf06db067012bd9b02ca01abaafccc651dd505153b179bec63e89174ee79373221eb40818dd8b0a7fd8274e29900cb31e9315d95afcb4ccb3c041e1d44bbd0f9f856bd2a69888324911195a9c7e775ba503ef (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0xf540c2dff363e97c76779efebe71ec85 (6) Finished request Waking up in 3.8 seconds. (7) Received Access-Request Id 7 from 127.0.0.1:49204 to 0.0.0.0:1812 length 194 (7) User-Name = "1234" (7) NAS-IP-Address = 127.0.0.1 (7) Calling-Station-Id = "02-00-00-00-00-01" (7) Framed-MTU = 1400 (7) NAS-Port-Type = Wireless-802.11 (7) Service-Type = Framed-User (7) Connect-Info = "CONNECT 11Mbps 802.11b" (7) EAP-Message = 0x0223003f2b011703020034a6802a5acca406ebdca8770f57606d91dd04fee78c7992c6dc19c79213fb7347d0176cb26f76207c6c630dcd5acb52e2664f618c (7) State = 0xf540c2dff363e97c76779efebe71ec85 (7) Message-Authenticator = 0xa776d76668ce413ef33a80ada3722757 (7) Restoring &session-state (7) &session-state:TLS-Session-Cipher-Suite = "ADH-AES128-SHA" (7) &session-state:TLS-Session-Version = "TLS 1.1" (7) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (7) authorize { (7) policy filter_username { (7) if (&User-Name) { (7) if (&User-Name) -> TRUE (7) if (&User-Name) { (7) if (&User-Name =~ / /) { (7) if (&User-Name =~ / /) -> FALSE (7) if (&User-Name =~ /@[^@]*@/ ) { (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (7) if (&User-Name =~ /\.\./ ) { (7) if (&User-Name =~ /\.\./ ) -> FALSE (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (7) if (&User-Name =~ /\.$/) { (7) if (&User-Name =~ /\.$/) -> FALSE (7) if (&User-Name =~ /@\./) { (7) if (&User-Name =~ /@\./) -> FALSE (7) } # if (&User-Name) = notfound (7) } # policy filter_username = notfound (7) [preprocess] = ok (7) [chap] = noop (7) [mschap] = noop (7) [digest] = noop (7) suffix: Checking for suffix after "@" (7) suffix: No '@' in User-Name = "1234", looking up realm NULL (7) suffix: No such realm "NULL" (7) [suffix] = noop (7) eap: Peer sent EAP Response (code 2) ID 35 length 63 (7) eap: No EAP Start, assuming it's an on-going EAP conversation (7) [eap] = updated (7) [files] = noop (7) [expiration] = noop (7) [logintime] = noop Not doing PAP as Auth-Type is already set. (7) [pap] = noop (7) } # authorize = updated (7) Found Auth-Type = eap (7) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (7) authenticate { (7) eap: Expiring EAP session with state 0x07f19ece06d28470 (7) eap: Finished EAP session with state 0xf540c2dff363e97c (7) eap: Previous EAP request found for state 0xf540c2dff363e97c, released from the list (7) eap: Peer sent packet with method EAP FAST (43) (7) eap: Calling submodule eap_fast to process data (7) eap_fast: Authenticate (7) eap_fast: Continuing EAP-TLS (7) eap_fast: [eaptls verify] = ok (7) eap_fast: Done initial handshake (7) eap_fast: [eaptls process] = ok (7) eap_fast: Session established. Proceeding to decode tunneled attributes (7) eap_fast: Got Tunneled FAST TLVs (7) eap_fast: FreeRADIUS-EAP-FAST-EAP-Payload = 0x022300061a03 (7) eap_fast: Processing received EAP Payload (7) eap_fast: Got tunneled request (7) eap_fast: EAP-Message = 0x022300061a03 (7) eap_fast: AUTHENTICATION (7) Virtual server inner-tunnel received request (7) EAP-Message = 0x022300061a03 (7) FreeRADIUS-Proxied-To = 127.0.0.1 (7) User-Name = "mgw" (7) State = 0x07f19ece06d28470fa0d479343028091 (7) WARNING: Outer User-Name is not anonymized. User privacy is compromised. (7) server inner-tunnel { (7) session-state: No cached attributes (7) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel (7) authorize { (7) policy filter_username { (7) if (&User-Name) { (7) if (&User-Name) -> TRUE (7) if (&User-Name) { (7) if (&User-Name =~ / /) { (7) if (&User-Name =~ / /) -> FALSE (7) if (&User-Name =~ /@[^@]*@/ ) { (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (7) if (&User-Name =~ /\.\./ ) { (7) if (&User-Name =~ /\.\./ ) -> FALSE (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (7) if (&User-Name =~ /\.$/) { (7) if (&User-Name =~ /\.$/) -> FALSE (7) if (&User-Name =~ /@\./) { (7) if (&User-Name =~ /@\./) -> FALSE (7) } # if (&User-Name) = notfound (7) } # policy filter_username = notfound (7) [chap] = noop (7) [mschap] = noop (7) suffix: Checking for suffix after "@" (7) suffix: No '@' in User-Name = "mgw", looking up realm NULL (7) suffix: No such realm "NULL" (7) [suffix] = noop (7) update control { (7) &Proxy-To-Realm := LOCAL (7) } # update control = noop (7) eap: Peer sent EAP Response (code 2) ID 35 length 6 (7) eap: No EAP Start, assuming it's an on-going EAP conversation (7) [eap] = updated (7) files: users: Matched entry mgw at line 68 (7) [files] = ok (7) [expiration] = noop (7) [logintime] = noop (7) pap: WARNING: Auth-Type already set. Not setting to PAP (7) [pap] = noop (7) } # authorize = updated (7) Found Auth-Type = eap (7) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel (7) authenticate { (7) eap: Expiring EAP session with state 0x07f19ece06d28470 (7) eap: Finished EAP session with state 0x07f19ece06d28470 (7) eap: Previous EAP request found for state 0x07f19ece06d28470, released from the list (7) eap: Peer sent packet with method EAP MSCHAPv2 (26) (7) eap: Calling submodule eap_mschapv2 to process data (7) eap: Sending EAP Success (code 3) ID 35 length 4 (7) eap: Freeing handler (7) [eap] = ok (7) } # authenticate = ok (7) # Executing section post-auth from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel (7) post-auth { (7) if (0) { (7) if (0) -> FALSE (7) } # post-auth = noop (7) } # server inner-tunnel (7) Virtual server sending reply (7) MS-MPPE-Encryption-Policy = Encryption-Allowed (7) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (7) MS-MPPE-Send-Key = 0x22cc5b6ea129122966c0d5f8fde4321d (7) MS-MPPE-Recv-Key = 0xc732209c6264f5d1e4aef598f57c6ee3 (7) EAP-Message = 0x03230004 (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) User-Name = "mgw" (7) eap_fast: Got tunneled Access-Accept (7) eap_fast: ERROR: Found CHAP-Challenge with incorrect length. Expected 16, got 4 (7) eap_fast: Reject (7) eap: ERROR: Failed continuing EAP FAST (43) session. EAP sub-module failed (7) eap: Sending EAP Failure (code 4) ID 35 length 4 (7) eap: Failed in EAP select (7) [eap] = invalid (7) } # authenticate = invalid (7) Failed to authenticate the user (7) Using Post-Auth-Type Reject (7) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (7) Post-Auth-Type REJECT { (7) attr_filter.access_reject: EXPAND %{User-Name} (7) attr_filter.access_reject: --> 1234 (7) attr_filter.access_reject: Matched entry DEFAULT at line 11 (7) [attr_filter.access_reject] = updated (7) [eap] = noop (7) policy remove_reply_message_if_eap { (7) if (&reply:EAP-Message && &reply:Reply-Message) { (7) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (7) else { (7) [noop] = noop (7) } # else = noop (7) } # policy remove_reply_message_if_eap = noop (7) } # Post-Auth-Type REJECT = updated (7) Delaying response for 1.000000 seconds Waking up in 0.2 seconds. Waking up in 0.7 seconds. (7) Sending delayed response (7) Sent Access-Reject Id 7 from 0.0.0.0:1812 to 127.0.0.1:49204 length 44 (7) EAP-Message = 0x04230004 (7) Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 2.6 seconds. (0) Cleaning up request packet ID 0 with timestamp +10 (1) Cleaning up request packet ID 1 with timestamp +10 Waking up in 0.1 seconds. (2) Cleaning up request packet ID 2 with timestamp +10 Waking up in 0.2 seconds. (3) Cleaning up request packet ID 3 with timestamp +10 Waking up in 0.1 seconds. (4) Cleaning up request packet ID 4 with timestamp +11 Waking up in 0.1 seconds. (5) Cleaning up request packet ID 5 with timestamp +11 Waking up in 0.2 seconds. (6) Cleaning up request packet ID 6 with timestamp +11 Waking up in 0.2 seconds. (7) Cleaning up request packet ID 7 with timestamp +11 Ready to process requests