If I send a (non-EAP) request directly to the inner tunnel, it does get proxied ok. -----Original Message----- From: Smith,AP,Adrian,TNK6 R Sent: 13 June 2017 10:43 To: 'FreeRadius users mailing list' Subject: RE: Terminate EAP-TTLS then proxy Here is the full debug output which hopefully shows all the proxy configuration: FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on Oct 2 2012 at 18:42:42 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including files in directory /etc/raddb/proxies/ including configuration file /etc/raddb/proxies/mis.conf including configuration file /etc/raddb/proxies/vodafone.lab.conf including configuration file /etc/raddb/proxies/sps_fr.lab.conf including configuration file /etc/raddb/proxies/bt_mobile_consumer.lab.conf including configuration file /etc/raddb/proxies/mna.lab.conf including configuration file /etc/raddb/proxies/tbb_802_1x.lab.conf including configuration file /etc/raddb/proxies/ip_tracker.lab.conf including configuration file /etc/raddb/proxies/proxy.conf including configuration file /etc/raddb/proxies/wifi_roam_realms.conf including configuration file /etc/raddb/proxies/consulate.lab.conf including configuration file /etc/raddb/proxies/paulw_test_lab.conf including configuration file /etc/raddb/proxies/wifi_roam.lab.conf including configuration file /etc/raddb/proxies/nonso_test_lab.conf including configuration file /etc/raddb/proxies/mis.lab.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/ntlm_auth including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/detail-store.btngh.openzone.com including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/sql_log_store including configuration file /etc/raddb/modules/detail.iptracker including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/opendirectory including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/soh including configuration file /etc/raddb/modules/rediswho including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/replicate including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/detail.btngh.openzone.com including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/redis including configuration file /etc/raddb/modules/detail.vodafone including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/detail.wifi-roam including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/detail.consulate including configuration file /etc/raddb/modules/dynamic_clients including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/detail.relay-wlc-mis including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/acct_wifi-roam including configuration file /etc/raddb/sites-enabled/consulate-server including configuration file /etc/raddb/sites-enabled/wifi_roam-server including configuration file /etc/raddb/sites-enabled/nonso_wifi_roam-server including configuration file /etc/raddb/sites-enabled/acct_iptracker including configuration file /etc/raddb/sites-enabled/bt-mobile-consumer-server including configuration file /etc/raddb/sites-enabled/acct_consulate including configuration file /etc/raddb/sites-enabled/default including configuration file /etc/raddb/sites-enabled/acct_aggregator_wlc including configuration file /etc/raddb/sites-enabled/vodafone including configuration file /etc/raddb/sites-enabled/inner-tunnel including configuration file /etc/raddb/sites-enabled/control-socket including configuration file /etc/raddb/sites-enabled/testing_802.1x including configuration file /etc/raddb/sites-enabled/acct_aggregator including configuration file /etc/raddb/sites-enabled/802.1x-server main { user = "radiusd" group = "radiusd" allow_core_dumps = no } including dictionary file /etc/raddb/dictionary main { name = "radiusd" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/radius" run_dir = "/var/run/radiusd" libdir = "/usr/lib64/freeradius" radacctdir = "/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server mis-acct-relay-server-1 { ipaddr = 192.168.160.16 port = 1813 type = "acct" secret = "testing123" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server mis-acct-relay-server-2 { ipaddr = 192.168.160.17 port = 1813 type = "acct" secret = "testing123" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server par { ipaddr = 192.168.24.22 port = 1645 type = "auth+acct" secret = "BTpwlan-rds" response_window = 20 max_outstanding = 65536 require_message_authenticator = no zombie_period = 40 status_check = "request" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 username = "test_user_please_reject_me" password = "this is meaningless" } home_server SPS_FR { ipaddr = 192.168.19.20 port = 1812 type = "auth" secret = "RVfbRy4T" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server bt-mobile-consumer-acct-spool-server { virtual_server = "bt-mobile-consumer-server-acct" port = 0 type = "acct" response_window = 30 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server mna-auth-server-harmondsworth-a { ipaddr = 193.113.44.19 port = 1645 type = "auth" secret = "nean1ngTwoLiph3" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "request" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 username = "server@test.alive.com" password = "this is meaningless" } home_server mna-auth-server-harmondsworth-b { ipaddr = 193.113.44.20 port = 1645 type = "auth" secret = "nean1ngTwoLiph3" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "request" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 username = "server@test.alive.com" password = "this is meaningless" } home_server mna-auth-server-reigate-a { ipaddr = 193.113.44.21 port = 1645 type = "auth" secret = "nean1ngTwoLiph3" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "request" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 username = "server@test.alive.com" password = "this is meaningless" } home_server mna-auth-server-reigate-b { ipaddr = 193.113.44.22 port = 1645 type = "auth" secret = "nean1ngTwoLiph3" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "request" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 username = "server@test.alive.com" password = "this is meaningless" } home_server tbb_802.1x-acct-spool-server { virtual_server = "tbb_802.1x-server-acct" port = 0 type = "acct" response_window = 30 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server IPTracker { ipaddr = 193.113.44.16 port = 1813 type = "acct" secret = "mysecret" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server consulate-server-1 { ipaddr = 193.113.24.74 port = 1645 type = "auth+acct" secret = "BCt0ONn53uPLh40tn332013" response_window = 30 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server consulate-acct { virtual_server = "consulate-server-acct" port = 0 response_window = 30 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server testing-802.1x-auth-server { ipaddr = 192.168.49.99 port = 1812 type = "auth+acct" secret = "testing123" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server wifi-roam-server-1 { ipaddr = 147.152.56.119 port = 1812 type = "auth+acct" secret = "radius123" response_window = 30 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server wifi-roam-acct { virtual_server = "wifi-roam-server-acct" port = 0 response_window = 30 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server_pool mis-acct-relay-pool { type = fail-over home_server = mis-acct-relay-server-1 home_server = mis-acct-relay-server-2 } realm acct_mis_aggregator { acct_pool = mis-acct-relay-pool } home_server_pool vf_auth_failover { type = fail-over virtual_server = vf-server-auth home_server = par } realm wlan.mnc015.mcc234.3gppnetwork.org { auth_pool = vf_auth_failover nostrip } home_server_pool SPS_FR_pool { home_server = SPS_FR } realm passpoint { auth_pool = SPS_FR_pool nostrip } home_server_pool bt-mobile-consumer-auth-pool { type = fail-over virtual_server = bt-mobile-consumer-server-auth home_server = mna-auth-server-harmondsworth-a home_server = mna-auth-server-harmondsworth-b home_server = mna-auth-server-reigate-a home_server = mna-auth-server-reigate-b } home_server_pool bt-mobile-consumer-acct-pool { home_server = bt-mobile-consumer-acct-spool-server } realm wlan.mnc030.mcc234.3gppnetwork.org { auth_pool = bt-mobile-consumer-auth-pool acct_pool = bt-mobile-consumer-acct-pool nostrip } home_server_pool tbb_802.1x-auth-pool { type = fail-over virtual_server = tbb_802.1x-server-auth home_server = mna-auth-server-harmondsworth-a home_server = mna-auth-server-harmondsworth-b home_server = mna-auth-server-reigate-a home_server = mna-auth-server-reigate-b } home_server_pool tbb_802.1x-acct-pool { home_server = tbb_802.1x-acct-spool-server } realm 8021x:BTRCon { auth_pool = tbb_802.1x-auth-pool acct_pool = tbb_802.1x-acct-pool nostrip } home_server_pool IPTracker_pool { home_server = IPTracker } realm iptracker { acct_pool = IPTracker_pool } realm LOCAL { } home_server_pool wifi-roam-auth-pool { type = fail-over virtual_server = wifi-roam-server-auth home_server = wifi-roam-server-1 } home_server_pool wifi-roam-acct-pool { home_server = wifi-roam-acct } realm adastral.bt.com { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } home_server_pool wifi-roam-mobile-data-offload-auth-pool { type = fail-over virtual_server = wifi-roam-server-mobile-data-offload-auth home_server = wifi-roam-server-1 } realm adastral-offload.bt.com { auth_pool = wifi-roam-mobile-data-offload-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc008.mcc450.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm ktwifi.com { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc410.mcc310.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm bandwidthx { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm bwxeap { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc023.mcc724.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc010.mcc724.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc011.mcc724.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc006.mcc724.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc004.mcc410.3gppnetwork.org { auth_pool = wifi-roam-mobile-data-offload-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc050.mcc621.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc010.mcc440.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wifiroam.bt.com { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } home_server_pool consulate-auth-pool { virtual_server = consulate-server-auth home_server = consulate-server-1 } home_server_pool consulate-acct-pool { home_server = consulate-acct } realm wlan.mnc008.mcc234.3gppnetwork.org { auth_pool = consulate-auth-pool acct_pool = consulate-acct-pool nostrip } home_server_pool consulate-acct-relay-pool { home_server = consulate-server-1 } realm acct_consulate { acct_pool = consulate-acct-relay-pool nostrip } home_server_pool testing-802.1x-auth-pool { virtual_server = testing_802.1x-server home_server = testing-802.1x-auth-server } realm 1xTesting { auth_pool = testing-802.1x-auth-pool acct_pool = tbb_802.1x-acct-pool nostrip } home_server_pool wifi-roam-acct-relay-pool { type = fail-over home_server = wifi-roam-server-1 } realm acct_wifi-roam { acct_pool = wifi-roam-acct-relay-pool nostrip } realm wifi-roam { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } home_server_pool nonso-wifi-roam-auth-pool { type = fail-over virtual_server = nonso-wifi-roam-server-auth home_server = mna-auth-server-harmondsworth-a } realm nonso { auth_pool = nonso-wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } home_server_pool testing-802.1x-acct-pool { home_server = testing-802.1x-auth-server } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" shortname = "localhost" nastype = "other" } client 192.168.70.0/24 { require_message_authenticator = no secret = "cisco" shortname = "isg-ssg-net-1" nastype = "cisco" } client 192.168.170.0/24 { require_message_authenticator = no secret = "cisco" shortname = "isg-ssg-net-2" nastype = "cisco" } client 192.168.14.0/24 { require_message_authenticator = no secret = "cisco" shortname = "isg-ssg-net-3" nastype = "cisco" } client 192.168.100.31 { require_message_authenticator = no secret = "m0n1t0r" shortname = "monitor-1" } client 192.168.160.31 { require_message_authenticator = no secret = "m0n1t0r" shortname = "monitor-2" } client 192.168.79.2 { require_message_authenticator = no secret = "Vop&in2SwAsf" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.79.3 { require_message_authenticator = no secret = "Vop&in2SwAsf" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.179.2 { require_message_authenticator = no secret = "Vop&in2SwAsf" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.179.3 { require_message_authenticator = no secret = "Vop&in2SwAsf" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.18.2 { require_message_authenticator = no secret = "Vop&in2SwAsf" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.18.3 { require_message_authenticator = no secret = "Vop&in2SwAsf" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.49.96 { require_message_authenticator = no secret = "8021x" } client 10.0.0.0/8 { require_message_authenticator = no secret = "1t5b1gg3rthan1tl00k5" nastype = "cisco" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /etc/raddb/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/raddb/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/raddb/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /etc/raddb/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file /etc/raddb/radiusd.conf modules { Module: Creating Post-Auth-Type = REJECT Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/raddb/eap.conf eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/etc/raddb/certs" pem_file_type = yes private_key_file = "/etc/raddb/certs/server.pem" certificate_file = "/etc/raddb/certs/server.pem" CA_file = "/etc/raddb/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/raddb/certs/dh" random_file = "/etc/raddb/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" cache { enable = no lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/raddb/modules/preprocess preprocess { huntgroups = "/etc/raddb/huntgroups" hints = "/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/raddb/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes } Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /etc/raddb/modules/digest Module: Linked to module rlm_realm Module: Instantiating module "IPASS" from file /etc/raddb/modules/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } Module: Instantiating module "suffix" from file /etc/raddb/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/raddb/modules/files files { usersfile = "/etc/raddb/users" acctusersfile = "/etc/raddb/acct_users" preproxy_usersfile = "/etc/raddb/preproxy_users" compat = "no" } Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/raddb/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Loading virtual module update_proxy_realm_for_wifi_roam_ee_traffic Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/raddb/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Framed-IP-Address, NAS-Port-Id" } Module: Checking accounting {...} for more modules to load Module: Loading virtual module update_proxy_realm_for_wifi_roam_ee_traffic Module: Linked to module rlm_detail Module: Instantiating module "detail.relay-wlc-mis" from file /etc/raddb/modules/detail.relay-wlc-mis detail detail.relay-wlc-mis { detailfile = "/var/log/radius/radacct/relay-wlc-mis-acct/detail-%Y%m%d:%H" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_always Module: Instantiating module "ok" from file /etc/raddb/modules/always always ok { rcode = "ok" simulcount = 0 mpp = no } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/raddb/attrs.accounting_response" key = "%{User-Name}" relaxed = no } Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp radutmp { filename = "/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_sql_log Module: Instantiating module "sql_log" from file /etc/raddb/modules/sql_log sql_log { path = "/var/log/radius/radacct/relay-acct/reject-%Y%m%d:%H" Post-Auth = "%t Acct-Status-Type = Interim-Update User-Name = "%{User-Name}" Acct-Session-Id = "REJECT" BTOpenzone-Reject-Message = "8021xReject:%{reply:Reply-Message}" NAS-IP-Address = %{NAS-IP-Address} Framed-IP-Address = %{Framed-IP-Address} Called-Station-Id = %{Called-Station-Id} Calling-Station-Id = %{Calling-Station-Id} Acct-Delay-Time = 0 Timestamp = %l " sql_user_name = "%{%{User-Name}:-DEFAULT}" utf8 = yes safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } Module: Instantiating module "sql_log_store" from file /etc/raddb/modules/sql_log_store sql_log sql_log_store { path = "/var/log/radius/radacct/store-acct/reject-%Y%m%d:%H" Post-Auth = "%t Acct-Status-Type = Interim-Update User-Name = "%{User-Name}" Acct-Session-Id = "REJECT" BTOpenzone-Reject-Message = "8021xReject:%{reply:Reply-Message}" NAS-IP-Address = %{NAS-IP-Address} Framed-IP-Address = %{Framed-IP-Address} Called-Station-Id = %{Called-Station-Id} Calling-Station-Id = %{Calling-Station-Id} Acct-Delay-Time = 0 Timestamp = %l " sql_user_name = "%{%{User-Name}:-DEFAULT}" utf8 = yes safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } Module: Instantiating module "attr_filter.access_reject" from file /etc/raddb/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/raddb/attrs.access_reject" key = "%{User-Name}" relaxed = no } } # modules } # server server acct_wifi-roam { # from file /etc/raddb/sites-enabled/acct_wifi-roam modules { Module: Checking accounting {...} for more modules to load } # modules } # server server consulate-server-auth { # from file /etc/raddb/sites-enabled/consulate-server modules { Module: Checking post-proxy {...} for more modules to load } # modules } # server server consulate-server-acct { # from file /etc/raddb/sites-enabled/consulate-server modules { Module: Checking accounting {...} for more modules to load Module: Loading virtual module set_customer_info_vsa Module: Loading virtual module log_packet Module: Instantiating module "detail-store.btngh.openzone.com" from file /etc/raddb/modules/detail-store.btngh.openzone.com detail detail-store.btngh.openzone.com { detailfile = "/var/log/radius/radacct/store-acct/detail-%Y%m%d:%H" header = "%t" detailperm = 416 dirperm = 493 locking = no log_packet_header = no } Module: Loading virtual module proxy_to_mis Module: Instantiating module "detail.btngh.openzone.com" from file /etc/raddb/modules/detail.btngh.openzone.com detail detail.btngh.openzone.com { detailfile = "/var/log/radius/radacct/relay-acct/detail-%Y%m%d:%H" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Loading virtual module remove_btopenzone_vsas Module: Instantiating module "detail.consulate" from file /etc/raddb/modules/detail.consulate detail detail.consulate { detailfile = "/var/log/radius/radacct/consulate/detail-%Y%m%d:%H" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } } # modules } # server server wifi-roam-server-auth { # from file /etc/raddb/sites-enabled/wifi_roam-server modules { Module: Checking pre-proxy {...} for more modules to load Module: Checking post-proxy {...} for more modules to load } # modules } # server server wifi-roam-server-mobile-data-offload-auth { # from file /etc/raddb/sites-enabled/wifi_roam-server modules { Module: Checking pre-proxy {...} for more modules to load Module: Checking post-proxy {...} for more modules to load } # modules } # server server wifi-roam-server-acct { # from file /etc/raddb/sites-enabled/wifi_roam-server modules { Module: Checking accounting {...} for more modules to load Module: Loading virtual module set_customer_info_vsa Module: Loading virtual module log_packet Module: Loading virtual module proxy_to_mis Module: Loading virtual module remove_btopenzone_vsas Module: Instantiating module "detail.wifi-roam" from file /etc/raddb/modules/detail.wifi-roam detail detail.wifi-roam { detailfile = "/var/log/radius/radacct/wifi-roam/detail-%Y%m%d:%H" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } } # modules } # server server nonso-wifi-roam-server-auth { # from file /etc/raddb/sites-enabled/nonso_wifi_roam-server modules { Module: Checking pre-proxy {...} for more modules to load Module: Checking post-proxy {...} for more modules to load } # modules } # server server acct_iptracker { # from file /etc/raddb/sites-enabled/acct_iptracker modules { Module: Checking accounting {...} for more modules to load } # modules } # server server bt-mobile-consumer-server-auth { # from file /etc/raddb/sites-enabled/bt-mobile-consumer-server modules { Module: Checking pre-proxy {...} for more modules to load Module: Instantiating module "reject" from file /etc/raddb/modules/always always reject { rcode = "reject" simulcount = 0 mpp = no } Module: Checking post-proxy {...} for more modules to load } # modules } # server server bt-mobile-consumer-server-acct { # from file /etc/raddb/sites-enabled/bt-mobile-consumer-server modules { Module: Checking accounting {...} for more modules to load Module: Loading virtual module set_customer_info_vsa Module: Loading virtual module log_packet Module: Loading virtual module proxy_to_mis Module: Loading virtual module set_class_with_parental_control_csfid Module: Loading virtual module proxy_to_iptracker Module: Instantiating module "detail.iptracker" from file /etc/raddb/modules/detail.iptracker detail detail.iptracker { detailfile = "/var/log/radius/radacct/iptracker/detail-%Y%m%d:%H" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } } # modules } # server server acct_consulate { # from file /etc/raddb/sites-enabled/acct_consulate modules { Module: Checking accounting {...} for more modules to load } # modules } # server server acct_aggregator_wlc { # from file /etc/raddb/sites-enabled/acct_aggregator_wlc modules { Module: Checking accounting {...} for more modules to load } # modules } # server server vf-server-auth { # from file /etc/raddb/sites-enabled/vodafone modules { Module: Checking pre-proxy {...} for more modules to load } # modules } # server server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /etc/raddb/modules/unix unix { radwtmp = "/var/log/radius/radwtmp" } Module: Checking authorize {...} for more modules to load Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server server testing_802.1x-server { # from file /etc/raddb/sites-enabled/testing_802.1x modules { Module: Checking post-proxy {...} for more modules to load } # modules } # server server acct_aggregator { # from file /etc/raddb/sites-enabled/acct_aggregator modules { Module: Checking accounting {...} for more modules to load } # modules } # server server tbb_802.1x-server-auth { # from file /etc/raddb/sites-enabled/802.1x-server modules { Module: Checking post-proxy {...} for more modules to load } # modules } # server server tbb_802.1x-server-acct { # from file /etc/raddb/sites-enabled/802.1x-server modules { Module: Checking accounting {...} for more modules to load Module: Loading virtual module set_customer_info_vsa Module: Loading virtual module proxy_to_mis Module: Loading virtual module log_packet Module: Loading virtual module set_class_with_parental_control_csfid Module: Loading virtual module proxy_to_iptracker Module: Loading virtual module set_customer_info_vsa Module: Loading virtual module proxy_to_mis Module: Loading virtual module log_packet Module: Loading virtual module set_class_with_parental_control_csfid Module: Loading virtual module proxy_to_iptracker } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "control" listen { socket = "/var/run/radiusd/radiusd.sock" mode = "rw" } } listen { type = "detail" listen { filename = "/var/log/radius/radacct/wifi-roam/*" load_factor = 10 poll_interval = 1 retry_interval = 30 } } listen { type = "detail" listen { filename = "/var/log/radius/radacct/iptracker/*" load_factor = 10 poll_interval = 1 retry_interval = 30 } } listen { type = "detail" listen { filename = "/var/log/radius/radacct/consulate/*" load_factor = 10 poll_interval = 1 retry_interval = 30 } } listen { type = "detail" listen { filename = "/var/log/radius/radacct/relay-wlc-mis-acct/*" load_factor = 10 poll_interval = 1 retry_interval = 30 } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } listen { type = "detail" listen { filename = "/var/log/radius/radacct/relay-acct/*" load_factor = 10 poll_interval = 1 retry_interval = 30 } } ... adding new socket proxy address * port 51816 ... adding new socket proxy address * port 35812 ... adding new socket proxy address * port 49773 ... adding new socket proxy address * port 35902 ... adding new socket proxy address * port 53673 ... adding new socket proxy address * port 56106 ... adding new socket proxy address * port 44312 ... adding new socket proxy address * port 36881 ... adding new socket proxy address * port 57465 ... adding new socket proxy address * port 57482 ... adding new socket proxy address * port 52562 ... adding new socket proxy address * port 54724 ... adding new socket proxy address * port 52919 ... adding new socket proxy address * port 33010 ... adding new socket proxy address * port 36902 ... adding new socket proxy address * port 34021 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radiusd.sock Listening on detail file /var/log/radius/radacct/wifi-roam/* as server acct_wifi-roam Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.000000 sec Listening on detail file /var/log/radius/radacct/iptracker/* as server acct_iptracker Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.000000 sec Listening on detail file /var/log/radius/radacct/consulate/* as server acct_consulate Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.000000 sec Listening on detail file /var/log/radius/radacct/relay-wlc-mis-acct/* as server acct_aggregator_wlc Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.000000 sec Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on detail file /var/log/radius/radacct/relay-acct/* as server acct_aggregator Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.000000 sec Listening on proxy address * port 1814 Waking up in 0.9 seconds. Ignoring request to accounting address * port 1813 from unknown client 192.168.210.119 port 15584 Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.762087 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.184472 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.968853 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.196113 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.159930 sec Waking up in 0.7 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.910616 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.090084 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.047471 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.791355 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.934825 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.133416 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.880455 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.024520 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.998717 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.876140 sec Waking up in 0.5 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.095130 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.761203 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.897342 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.203089 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.987794 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.171263 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.859814 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.103368 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.165571 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.959404 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.179172 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.169633 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.055037 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.804247 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.884002 sec Waking up in 0.6 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.101099 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.827031 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.049407 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.844278 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.936085 sec Waking up in 0.6 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.962783 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.763935 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.849558 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.816061 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.158354 sec Waking up in 0.6 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.795744 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.016506 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.026287 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.866814 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.841071 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.119251 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.887604 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.814666 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.924802 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.178640 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.806821 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.213465 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.169523 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.870682 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.864038 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.781469 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.765307 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.938362 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.203898 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.778849 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.939067 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.095710 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.837704 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.888245 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.050866 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.247675 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.968173 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.930630 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.120660 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.870914 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.163044 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.803467 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.007536 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.762546 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.183909 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.118080 sec Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=92, length=298 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020100150170617373706f696e742f61647269616e Message-Authenticator = 0xdce173614585eee51e3f391f5272dbca # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 0: Preceding "if" was taken [eap] EAP packet type response id 1 length 21 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop ++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...} +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) ? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE ??? Skipping (User-Name >= '0234081219003212' ) ??? Skipping (User-Name < '0234081219003215') ??? Skipping (User-Name >= '1234081219003212' ) ??? Skipping (User-Name < '1234081219003215') +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE ++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 92 to 192.168.70.22 port 21652 EAP-Message = 0x01020016041084b12e630735452cd5eb22349496369d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x69a2611669a065fbab376a297e7dc1fa Finished request 0. Going to the next request Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=93, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020200060315 State = 0x69a2611669a065fbab376a297e7dc1fa Message-Authenticator = 0x74934585fb3c792bcfa76eb4d1fa8fac # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 1: Preceding "if" was taken [eap] EAP packet type response id 2 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop ++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...} +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) ? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE ??? Skipping (User-Name >= '0234081219003212' ) ??? Skipping (User-Name < '0234081219003215') ??? Skipping (User-Name >= '1234081219003212' ) ??? Skipping (User-Name < '1234081219003215') +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE ++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/ttls [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 93 to 192.168.70.22 port 21652 EAP-Message = 0x010300061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x69a2611668a174fbab376a297e7dc1fa Finished request 1. Going to the next request rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=94, length=422 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x0203007f15800000007516030100700100006c0301593fb27d0543bff4106d055f6c72e468ba33ead96239fee54ab3c41fcc41727500002000ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000a01000023000a00080006001700180019000b000201000005000501000000000012000000170000 State = 0x69a2611668a174fbab376a297e7dc1fa Message-Authenticator = 0xfd37c07fad4424f3cb1f6600d6d971fd # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 2: Preceding "if" was taken [eap] EAP packet type response id 3 length 127 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 117 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< TLS 1.0 Handshake [length 0070], ClientHello [ttls] TLS_accept: SSLv3 read client hello A [ttls] >>> TLS 1.0 Handshake [length 0031], ServerHello [ttls] TLS_accept: SSLv3 write server hello A [ttls] >>> TLS 1.0 Handshake [length 085e], Certificate [ttls] TLS_accept: SSLv3 write certificate A [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [ttls] TLS_accept: SSLv3 write server done A [ttls] TLS_accept: SSLv3 flush data [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 94 to 192.168.70.22 port 21652 EAP-Message = 0x0104040015c0000008a216030100310200002d0301593fb253915b26746a88ec852836e50cbb23e4eace6110dd23f3f36e2185c9a3000035000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175 EAP-Message = 0x74686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b371e076b9340e282c6e1cf5c7f590455edd0fd3a687ce88156a2b9a50c6bbb66b6faffddc57708681a1674f3ab015da579681f9d90bf7 EAP-Message = 0xd1330c7ac1c7b7874052c6c2bcca7ecbc91594cc9a604d2f2b797305601b8eeff38552d3f16ae0b91d1b2b030da5502a542a9048540d7b33010fbe20d41944be461f594c2cce0e3fb50317af8e5aae7a3a6736b563578ef69a53c2d76a1ba30e05ed164b8a6ad8176027bf441a896408f36e03c63e882efa495adcd55f4a5718afc237414efe3b25782b535c64ed95b829e372f142df1a6a36d50701d259362fedbbeabbd224332c69121a08406a746330fb2c1d142c154e70396141b72730e4a75f9e991407257f030203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003820101006dfa EAP-Message = 0x5e04b81b2ffdeffb1f3f69247b47e419fe62e7ac89540cd2085ce6788ad8bd21b5bd1e522cbe0600ebce7160f0ac20d8ce5a2260332dd3771926f66fb5ce67da8f234cf3d134077337bd0c702c6c30348515804c21b78698585c565d27d083558d117883502e091eaf14192e8b8968ba76a058da7e7216ea651fa7bfdfcef58f529f322e4ac8470d2b39d6ff44ff5c6537cd395ab2db31274806b6d3cae72cf6402b688ba0b1a88177ed1437f85f29272468cfea3d9cd8bad0987409665081059d869bea56f6f5532603a5e5bfd9a60d9c86a0fc509c5aa88bba6aca64d6c4c613ceca414c8cb1b8c90c93f2a808f2010ad6ff18001b103ebff52b3cfe EAP-Message = 0x360004ab308204a73082038f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x69a261166ba674fbab376a297e7dc1fa Finished request 2. Going to the next request Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.838692 sec rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=95, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020400061500 State = 0x69a261166ba674fbab376a297e7dc1fa Message-Authenticator = 0x7aa62ceaa5cd777c0d17ca355e54fef6 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 3: Preceding "if" was taken [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 95 to 192.168.70.22 port 21652 EAP-Message = 0x0105040015c0000008a2a003020102020900fd65661b682c5e78300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a308193310b3009060355040613024652310f300d06035504081306526164 EAP-Message = 0x6975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100ee3c2ba8f85aeccc234f9f45096a92322fa364d02f7f15a9592ab47d52ad5986a9fbf9180db38c1af8eb224cd6fe6679e0d7e0648a55a300a47230a0484060db26f903ea9051bb7d3cc7f76a8724cf06872cc63f936368643acdf0a4d4a05c8ac709d55b EAP-Message = 0x3b05244b648c04e99a459b9d8acc97bdbfe10e012fd54d4a4ffe6e23eb8a91d2863405e2f6dfb6d105d1277ebe4b834fefec0fcb5c84de23f41da805493e3ac6b29ade601a3891f995b741df4319feba99c44ef6f1c15d58bcb14be3af7cc25e60e4580b835a9d35699294e1ef7326f8eae174cb5576ec182ad7ff75441e92bfc695366edb74035d315a0c0d4de88aaeae5a7b96a43449db6ecc28a50203010001a381fb3081f8301d0603551d0e04160414148539189e922627c55b7d1c5c83d4e2143cd8453081c80603551d230481c03081bd8014148539189e922627c55b7d1c5c83d4e2143cd845a18199a48196308193310b3009060355040613 EAP-Message = 0x024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900fd65661b682c5e78300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100dc740339a8b23806ed73149bc8dea84d031846f478fddb33fd69758358091fc3589fb6315d325b24eaf3bc83525c81c3043e0ef2f64be3e68df936d299c8e36e1eb0aa529d7252 EAP-Message = 0xadc89de309a2b64b03db41c5 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x69a261166aa774fbab376a297e7dc1fa Finished request 3. Going to the next request Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.917240 sec Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=96, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020500061500 State = 0x69a261166aa774fbab376a297e7dc1fa Message-Authenticator = 0x72271a5a20f083cb1ac844a149d3e1bd # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 4: Preceding "if" was taken [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 96 to 192.168.70.22 port 21652 EAP-Message = 0x010600c01580000008a2b5f52cd563f8b30d8cf1a81f9b88a0635659f6da57ffac9851e7a2d5541878f14ffd640011ed52fe5884fa34d2a8f793bbcabc9d415b656a54bf93317216dfb5df372942a7ec23d4adf37114088858a21b35886a08df05448cce7bdfecf2201788c350466387cc8391cb547efa8feacfd34e3da7ffbfee827d66c5476756bd1540dd6af11cdf8a8d96384e7a4bb6aa9f8ea07cf211bfa7e45bc81529eaaf76108bad0a14bef793a29f4b15a64716030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x69a261166da474fbab376a297e7dc1fa Finished request 4. Going to the next request Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=97, length=633 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020601501580000001461603010106100001020100a3a6fc81ed5db338b094fc36d60260c21f7d25f0b3ca016ec64cae258aff16375caa4e600c3ca12d3a955c992d447a3aeda5e61a2c96c809084d2f98ea094fb4367594ecdc54659ec61117e10d86ec36121332876b932d4845d14763dd8efafdcb60bf570db90f509bf4b22dcbad841af192945427c39e085b70738438f3942aa25fdd524189bdd40c1b241f1b9bb8073cbfacef6c241e7e3b1979604c0d97957c92d44e41ee9af64fbff6269bae9bcde3bb8c0f8c82bd110ed29e6798a39678b5c36d7c583b219f92d30e4db7cb407f6520642768cf56198a5f729798a7a2cc0a48e61a3af826c3 EAP-Message = 0x36639897c11875370386fab261580f84474d26e7b5092ddd1403010001011603010030eaaac2eb818252a3144bdac118efede1100277e235494f8179796375b3c2c7f532eb1aebe8285f30910986b8a397e150 State = 0x69a261166da474fbab376a297e7dc1fa Message-Authenticator = 0x91105ccbf2c6132fefea1c979f1cd27d # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 5: Preceding "if" was taken [eap] EAP packet type response id 6 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 326 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [ttls] TLS_accept: SSLv3 read client key exchange A [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] [ttls] <<< TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 read finished A [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] [ttls] TLS_accept: SSLv3 write change cipher spec A [ttls] >>> TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 write finished A [ttls] TLS_accept: SSLv3 flush data [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 97 to 192.168.70.22 port 21652 EAP-Message = 0x0107004515800000003b1403010001011603010030c3583d7653c71743721a01e1ce855489d7307206046d7da4c754168362027679b16fd21c3a5e3012289826cb3ec5b27e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x69a261166ca574fbab376a297e7dc1fa Finished request 5. Going to the next request rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=98, length=454 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x0207009f15800000009517030100901b0641cc4dd8cf820d4d8f862f22643fd2a7a1073e85497d35540626380ca09415650a2780711204909f665b28cca0a19354416693547b047cade705c6d83cf4e50e3441b6abb284a09b405f31db48c3f6ee43fed65e65e2e865079da3aec3a74a37d1fc02943c80663b11124fb0895e05c07b75b2d04ac70a28fe0863ebd4efd1898d813a8f0cdee906488235a0ccc3 State = 0x69a261166ca574fbab376a297e7dc1fa Message-Authenticator = 0xf33714776f1fd97f16730136f7ac668f # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 6: Preceding "if" was taken [eap] EAP packet type response id 7 length 159 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 149 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Got tunneled request User-Name = "passpoint/adrian" MS-CHAP-Challenge = 0xba956d6414cbada455e28df890856b4c MS-CHAP2-Response = 0xc0000a3cf94104027b86e5abeefb6cf2bd9d000000000000000032c8458f9484d3fab8b6160a01d0aedfafe6364504932a2a FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = "passpoint/adrian" MS-CHAP-Challenge = 0xba956d6414cbada455e28df890856b4c MS-CHAP2-Response = 0xc0000a3cf94104027b86e5abeefb6cf2bd9d000000000000000032c8458f9484d3fab8b6160a01d0aedfafe6364504932a2a FreeRADIUS-Proxied-To = 127.0.0.1 server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated [suffix] Request already proxied. Ignoring. ++[suffix] returns ok [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel [ttls] Got tunneled reply code 0 [ttls] Tunneled authentication will be proxied to passpoint [eap] Tunneled session will be proxied. Not doing EAP. ++[eap] returns handled WARNING: Cancelling proxy to Realm LOCAL, as the realm is local. There was no response configured: rejecting request 6 Using Post-Auth-Type Reject # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} ++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) ? Evaluating (Realm == "8021x:BTRCon" ) -> FALSE ? Evaluating (Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE ++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE [attr_filter.access_reject] expand: %{User-Name} -> passpoint/adrian attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 6 for 1 seconds Going to the next request Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.957823 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.871929 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.134881 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.069443 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.244343 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.764676 sec Sending delayed reject for request 6 Sending Access-Reject of id 98 to 192.168.70.22 port 21652 Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.794117 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.103433 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.098922 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.156253 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.965056 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.042876 sec Waking up in 0.6 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.955702 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.020365 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.007534 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.828720 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.750868 sec Waking up in 0.5 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.149131 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.191976 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.964907 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.901226 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.247231 sec Waking up in 0.6 seconds. Cleaning up request 0 ID 92 with timestamp +15 Cleaning up request 1 ID 93 with timestamp +15 Cleaning up request 2 ID 94 with timestamp +15 Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.750784 sec Cleaning up request 3 ID 95 with timestamp +16 Cleaning up request 4 ID 96 with timestamp +16 Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.052604 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.149995 sec Cleaning up request 5 ID 97 with timestamp +16 Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.804373 sec Waking up in 0.2 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=99, length=298 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020100150170617373706f696e742f61647269616e Message-Authenticator = 0x206af0d737136bdb9c5aa6656b1d11e4 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 7: Preceding "if" was taken [eap] EAP packet type response id 1 length 21 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop ++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...} +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) ? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE ??? Skipping (User-Name >= '0234081219003212' ) ??? Skipping (User-Name < '0234081219003215') ??? Skipping (User-Name >= '1234081219003212' ) ??? Skipping (User-Name < '1234081219003215') +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE ++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 99 to 192.168.70.22 port 21652 EAP-Message = 0x0102001604105c300e63c8ec3c399d7c7a04e7aa3ed8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8acd71128acf75d0313964ead8c014bc Finished request 7. Going to the next request rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=100, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020200060315 State = 0x8acd71128acf75d0313964ead8c014bc Message-Authenticator = 0xf6b8bdd0867e9ce4a330f36ed2e6966c # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 8: Preceding "if" was taken [eap] EAP packet type response id 2 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop ++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...} +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) ? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE ??? Skipping (User-Name >= '0234081219003212' ) ??? Skipping (User-Name < '0234081219003215') ??? Skipping (User-Name >= '1234081219003212' ) ??? Skipping (User-Name < '1234081219003215') +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE ++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/ttls [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 100 to 192.168.70.22 port 21652 EAP-Message = 0x010300061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8acd71128bce64d0313964ead8c014bc Finished request 8. Going to the next request Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.973939 sec Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=101, length=422 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x0203007f15800000007516030100700100006c0301593fb282bd583ebe6c01b0889edda2ca0fd75b0abf504762bff57eae4b55981800002000ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000a01000023000a00080006001700180019000b000201000005000501000000000012000000170000 State = 0x8acd71128bce64d0313964ead8c014bc Message-Authenticator = 0xea79054cf335166262e4264c39b055b0 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 9: Preceding "if" was taken [eap] EAP packet type response id 3 length 127 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 117 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< TLS 1.0 Handshake [length 0070], ClientHello [ttls] TLS_accept: SSLv3 read client hello A [ttls] >>> TLS 1.0 Handshake [length 0031], ServerHello [ttls] TLS_accept: SSLv3 write server hello A [ttls] >>> TLS 1.0 Handshake [length 085e], Certificate [ttls] TLS_accept: SSLv3 write certificate A [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [ttls] TLS_accept: SSLv3 write server done A [ttls] TLS_accept: SSLv3 flush data [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 101 to 192.168.70.22 port 21652 EAP-Message = 0x0104040015c0000008a216030100310200002d0301593fb2593c06266c34a51b62b1d48acae97bf00962e144b89cefc30255cc73fe000035000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175 EAP-Message = 0x74686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b371e076b9340e282c6e1cf5c7f590455edd0fd3a687ce88156a2b9a50c6bbb66b6faffddc57708681a1674f3ab015da579681f9d90bf7 EAP-Message = 0xd1330c7ac1c7b7874052c6c2bcca7ecbc91594cc9a604d2f2b797305601b8eeff38552d3f16ae0b91d1b2b030da5502a542a9048540d7b33010fbe20d41944be461f594c2cce0e3fb50317af8e5aae7a3a6736b563578ef69a53c2d76a1ba30e05ed164b8a6ad8176027bf441a896408f36e03c63e882efa495adcd55f4a5718afc237414efe3b25782b535c64ed95b829e372f142df1a6a36d50701d259362fedbbeabbd224332c69121a08406a746330fb2c1d142c154e70396141b72730e4a75f9e991407257f030203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003820101006dfa EAP-Message = 0x5e04b81b2ffdeffb1f3f69247b47e419fe62e7ac89540cd2085ce6788ad8bd21b5bd1e522cbe0600ebce7160f0ac20d8ce5a2260332dd3771926f66fb5ce67da8f234cf3d134077337bd0c702c6c30348515804c21b78698585c565d27d083558d117883502e091eaf14192e8b8968ba76a058da7e7216ea651fa7bfdfcef58f529f322e4ac8470d2b39d6ff44ff5c6537cd395ab2db31274806b6d3cae72cf6402b688ba0b1a88177ed1437f85f29272468cfea3d9cd8bad0987409665081059d869bea56f6f5532603a5e5bfd9a60d9c86a0fc509c5aa88bba6aca64d6c4c613ceca414c8cb1b8c90c93f2a808f2010ad6ff18001b103ebff52b3cfe EAP-Message = 0x360004ab308204a73082038f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8acd711288c964d0313964ead8c014bc Finished request 9. Going to the next request Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=102, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020400061500 State = 0x8acd711288c964d0313964ead8c014bc Message-Authenticator = 0x893622df889ca2eb0c194e208e7a14ad # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 10: Preceding "if" was taken [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 102 to 192.168.70.22 port 21652 EAP-Message = 0x0105040015c0000008a2a003020102020900fd65661b682c5e78300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a308193310b3009060355040613024652310f300d06035504081306526164 EAP-Message = 0x6975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100ee3c2ba8f85aeccc234f9f45096a92322fa364d02f7f15a9592ab47d52ad5986a9fbf9180db38c1af8eb224cd6fe6679e0d7e0648a55a300a47230a0484060db26f903ea9051bb7d3cc7f76a8724cf06872cc63f936368643acdf0a4d4a05c8ac709d55b EAP-Message = 0x3b05244b648c04e99a459b9d8acc97bdbfe10e012fd54d4a4ffe6e23eb8a91d2863405e2f6dfb6d105d1277ebe4b834fefec0fcb5c84de23f41da805493e3ac6b29ade601a3891f995b741df4319feba99c44ef6f1c15d58bcb14be3af7cc25e60e4580b835a9d35699294e1ef7326f8eae174cb5576ec182ad7ff75441e92bfc695366edb74035d315a0c0d4de88aaeae5a7b96a43449db6ecc28a50203010001a381fb3081f8301d0603551d0e04160414148539189e922627c55b7d1c5c83d4e2143cd8453081c80603551d230481c03081bd8014148539189e922627c55b7d1c5c83d4e2143cd845a18199a48196308193310b3009060355040613 EAP-Message = 0x024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900fd65661b682c5e78300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100dc740339a8b23806ed73149bc8dea84d031846f478fddb33fd69758358091fc3589fb6315d325b24eaf3bc83525c81c3043e0ef2f64be3e68df936d299c8e36e1eb0aa529d7252 EAP-Message = 0xadc89de309a2b64b03db41c5 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8acd711289c864d0313964ead8c014bc Finished request 10. Going to the next request Waking up in 0.2 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=103, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020500061500 State = 0x8acd711289c864d0313964ead8c014bc Message-Authenticator = 0x6846920d72f185205389d9cc018324d4 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 11: Preceding "if" was taken [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 103 to 192.168.70.22 port 21652 EAP-Message = 0x010600c01580000008a2b5f52cd563f8b30d8cf1a81f9b88a0635659f6da57ffac9851e7a2d5541878f14ffd640011ed52fe5884fa34d2a8f793bbcabc9d415b656a54bf93317216dfb5df372942a7ec23d4adf37114088858a21b35886a08df05448cce7bdfecf2201788c350466387cc8391cb547efa8feacfd34e3da7ffbfee827d66c5476756bd1540dd6af11cdf8a8d96384e7a4bb6aa9f8ea07cf211bfa7e45bc81529eaaf76108bad0a14bef793a29f4b15a64716030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8acd71128ecb64d0313964ead8c014bc Finished request 11. Going to the next request Waking up in 0.2 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=104, length=633 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x0206015015800000014616030101061000010201008e4dfe01161ae76fb73ca9884839b33e61a1f6d59c3881c01fa95d4c0f97b9fdca0c798d5421003fdc1e4bf27c8a4403d411a3ab5ef86dcc85cc0da58755b87ad6004b14e3abe1e51c60ed309b85ae5364df097153cc1898b63114ffb7033d70a1183a6c5e71202513b192761ab124217061659d08977dc216c81577264fe80b0d4998b8975bc84098dd0eedbb200d311c438beb405cf9a0742843de0009348fc9b43b5e28ad9aafa3ddee5a54da6d5acf3bc300c77d0555b0423dbf3dae52b018f7a10edd4bbbdfc798de68f72f65b8567005fd712e65e21940fa02b644d5c1c9309e2408008058 EAP-Message = 0x016b3d01fe35da4088bb101c1cb9180d513d497a9ce967611403010001011603010030a9e4f3711a6d319dcaed146aa81f6be008b906da6f3b09a4ab8c8999fd1c475b96e5d4fab2b1b1ac6f6ec93488076ce7 State = 0x8acd71128ecb64d0313964ead8c014bc Message-Authenticator = 0x5090eaa217243f73702f3f0d9b1ceb6a # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 12: Preceding "if" was taken [eap] EAP packet type response id 6 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 326 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [ttls] TLS_accept: SSLv3 read client key exchange A [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] [ttls] <<< TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 read finished A [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] [ttls] TLS_accept: SSLv3 write change cipher spec A [ttls] >>> TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 write finished A [ttls] TLS_accept: SSLv3 flush data [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 104 to 192.168.70.22 port 21652 EAP-Message = 0x0107004515800000003b14030100010116030100305ce3efeda48c2870b6488e33cb240e83af43d61daa7853b1cfadc94d068f16aefe45637723e6d1a057057e871abf3911 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8acd71128fca64d0313964ead8c014bc Finished request 12. Going to the next request Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=105, length=454 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x0207009f15800000009517030100903c067027f79e1d7700547201d5b1d9df8e011ff874f5475cc1cd6d861ef8719ff3556e9192baf4e5978592e39a8fae52b8b80b98a318fa9dc90a8b6963973d12bcf376602cc949f7f9e414b5889c85b82c8c91b4aab71d89b740c14a01859f3759b4d71434c3f1810e14db56fd71f19a564f4950c7e550635b9e86c858d405a52dfc1f8b3a90808d51b1f6689d4e565f State = 0x8acd71128fca64d0313964ead8c014bc Message-Authenticator = 0x132c2a4018ee0c4625b62371e33eb00e # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 13: Preceding "if" was taken [eap] EAP packet type response id 7 length 159 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 149 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Got tunneled request User-Name = "passpoint/adrian" MS-CHAP-Challenge = 0xe37bb3a315466bfb6af06a0999eb9fa1 MS-CHAP2-Response = 0xf5004a5b3e7fd8d8cc045ffc5ef564af4f07000000000000000094112ef25226f191fca68d32c48212eb88e757d99272ca9c FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = "passpoint/adrian" MS-CHAP-Challenge = 0xe37bb3a315466bfb6af06a0999eb9fa1 MS-CHAP2-Response = 0xf5004a5b3e7fd8d8cc045ffc5ef564af4f07000000000000000094112ef25226f191fca68d32c48212eb88e757d99272ca9c FreeRADIUS-Proxied-To = 127.0.0.1 server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated [suffix] Request already proxied. Ignoring. ++[suffix] returns ok [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel [ttls] Got tunneled reply code 0 [ttls] Tunneled authentication will be proxied to passpoint [eap] Tunneled session will be proxied. Not doing EAP. ++[eap] returns handled WARNING: Cancelling proxy to Realm LOCAL, as the realm is local. There was no response configured: rejecting request 13 Using Post-Auth-Type Reject # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} ++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) ? Evaluating (Realm == "8021x:BTRCon" ) -> FALSE ? Evaluating (Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE ++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE [attr_filter.access_reject] expand: %{User-Name} -> passpoint/adrian attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 13 for 1 seconds Going to the next request Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.813461 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.829886 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.033527 sec Cleaning up request 6 ID 98 with timestamp +16 Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.777113 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.940748 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.817344 sec Sending delayed reject for request 13 Sending Access-Reject of id 105 to 192.168.70.22 port 21652 Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.027554 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.793098 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.858643 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.974457 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.152280 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.105497 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.794828 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.810880 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.007277 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.095163 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.132496 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.028052 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.823217 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.880446 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.799977 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.069586 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.786498 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.957779 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.033822 sec Waking up in 0.1 seconds. Cleaning up request 7 ID 99 with timestamp +21 Cleaning up request 8 ID 100 with timestamp +21 Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.173967 sec Cleaning up request 9 ID 101 with timestamp +21 Cleaning up request 10 ID 102 with timestamp +21 Cleaning up request 11 ID 103 with timestamp +21 Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.971243 sec Cleaning up request 12 ID 104 with timestamp +21 Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.185601 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.797453 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.876348 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.230513 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.767555 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.096276 sec Cleaning up request 13 ID 105 with timestamp +21 Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.031048 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.863706 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.985683 sec Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=106, length=298 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020100150170617373706f696e742f61647269616e Message-Authenticator = 0x94789caf32bd0646c47dad46ac458da0 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 14: Preceding "if" was taken [eap] EAP packet type response id 1 length 21 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop ++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...} +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) ? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE ??? Skipping (User-Name >= '0234081219003212' ) ??? Skipping (User-Name < '0234081219003215') ??? Skipping (User-Name >= '1234081219003212' ) ??? Skipping (User-Name < '1234081219003215') +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE ++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 106 to 192.168.70.22 port 21652 EAP-Message = 0x0102001604102a24918f38f84fc915d96251dad983cd Message-Authenticator = 0x00000000000000000000000000000000 State = 0x55de78a955dc7ca410ead8eb71766904 Finished request 14. Going to the next request Waking up in 0.2 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=107, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020200060315 State = 0x55de78a955dc7ca410ead8eb71766904 Message-Authenticator = 0x1740934a4dc11a2b4bc38f4b251ac980 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 15: Preceding "if" was taken [eap] EAP packet type response id 2 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop ++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...} +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) ? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE ??? Skipping (User-Name >= '0234081219003212' ) ??? Skipping (User-Name < '0234081219003215') ??? Skipping (User-Name >= '1234081219003212' ) ??? Skipping (User-Name < '1234081219003215') +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE ++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/ttls [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 107 to 192.168.70.22 port 21652 EAP-Message = 0x010300061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x55de78a954dd6da410ead8eb71766904 Finished request 15. Going to the next request Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=108, length=422 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x0203007f15800000007516030100700100006c0301593fb289e7e9e013f7728e134357e7453c6f8f914faee52a8e970257d3f0f27f00002000ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000a01000023000a00080006001700180019000b000201000005000501000000000012000000170000 State = 0x55de78a954dd6da410ead8eb71766904 Message-Authenticator = 0x61679bd7c65dca909186eef34fbfee15 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 16: Preceding "if" was taken [eap] EAP packet type response id 3 length 127 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 117 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< TLS 1.0 Handshake [length 0070], ClientHello [ttls] TLS_accept: SSLv3 read client hello A [ttls] >>> TLS 1.0 Handshake [length 0031], ServerHello [ttls] TLS_accept: SSLv3 write server hello A [ttls] >>> TLS 1.0 Handshake [length 085e], Certificate [ttls] TLS_accept: SSLv3 write certificate A [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [ttls] TLS_accept: SSLv3 write server done A [ttls] TLS_accept: SSLv3 flush data [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 108 to 192.168.70.22 port 21652 EAP-Message = 0x0104040015c0000008a216030100310200002d0301593fb26026d0dc41fdc3b0a887c6e0253595a794d810f424f680900ae9e2d4ed000035000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175 EAP-Message = 0x74686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b371e076b9340e282c6e1cf5c7f590455edd0fd3a687ce88156a2b9a50c6bbb66b6faffddc57708681a1674f3ab015da579681f9d90bf7 EAP-Message = 0xd1330c7ac1c7b7874052c6c2bcca7ecbc91594cc9a604d2f2b797305601b8eeff38552d3f16ae0b91d1b2b030da5502a542a9048540d7b33010fbe20d41944be461f594c2cce0e3fb50317af8e5aae7a3a6736b563578ef69a53c2d76a1ba30e05ed164b8a6ad8176027bf441a896408f36e03c63e882efa495adcd55f4a5718afc237414efe3b25782b535c64ed95b829e372f142df1a6a36d50701d259362fedbbeabbd224332c69121a08406a746330fb2c1d142c154e70396141b72730e4a75f9e991407257f030203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003820101006dfa EAP-Message = 0x5e04b81b2ffdeffb1f3f69247b47e419fe62e7ac89540cd2085ce6788ad8bd21b5bd1e522cbe0600ebce7160f0ac20d8ce5a2260332dd3771926f66fb5ce67da8f234cf3d134077337bd0c702c6c30348515804c21b78698585c565d27d083558d117883502e091eaf14192e8b8968ba76a058da7e7216ea651fa7bfdfcef58f529f322e4ac8470d2b39d6ff44ff5c6537cd395ab2db31274806b6d3cae72cf6402b688ba0b1a88177ed1437f85f29272468cfea3d9cd8bad0987409665081059d869bea56f6f5532603a5e5bfd9a60d9c86a0fc509c5aa88bba6aca64d6c4c613ceca414c8cb1b8c90c93f2a808f2010ad6ff18001b103ebff52b3cfe EAP-Message = 0x360004ab308204a73082038f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x55de78a957da6da410ead8eb71766904 Finished request 16. Going to the next request Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=109, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020400061500 State = 0x55de78a957da6da410ead8eb71766904 Message-Authenticator = 0xce53084dd64cf4cf21a03e145405f088 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 17: Preceding "if" was taken [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 109 to 192.168.70.22 port 21652 EAP-Message = 0x0105040015c0000008a2a003020102020900fd65661b682c5e78300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a308193310b3009060355040613024652310f300d06035504081306526164 EAP-Message = 0x6975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100ee3c2ba8f85aeccc234f9f45096a92322fa364d02f7f15a9592ab47d52ad5986a9fbf9180db38c1af8eb224cd6fe6679e0d7e0648a55a300a47230a0484060db26f903ea9051bb7d3cc7f76a8724cf06872cc63f936368643acdf0a4d4a05c8ac709d55b EAP-Message = 0x3b05244b648c04e99a459b9d8acc97bdbfe10e012fd54d4a4ffe6e23eb8a91d2863405e2f6dfb6d105d1277ebe4b834fefec0fcb5c84de23f41da805493e3ac6b29ade601a3891f995b741df4319feba99c44ef6f1c15d58bcb14be3af7cc25e60e4580b835a9d35699294e1ef7326f8eae174cb5576ec182ad7ff75441e92bfc695366edb74035d315a0c0d4de88aaeae5a7b96a43449db6ecc28a50203010001a381fb3081f8301d0603551d0e04160414148539189e922627c55b7d1c5c83d4e2143cd8453081c80603551d230481c03081bd8014148539189e922627c55b7d1c5c83d4e2143cd845a18199a48196308193310b3009060355040613 EAP-Message = 0x024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900fd65661b682c5e78300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100dc740339a8b23806ed73149bc8dea84d031846f478fddb33fd69758358091fc3589fb6315d325b24eaf3bc83525c81c3043e0ef2f64be3e68df936d299c8e36e1eb0aa529d7252 EAP-Message = 0xadc89de309a2b64b03db41c5 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x55de78a956db6da410ead8eb71766904 Finished request 17. Going to the next request rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=110, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020500061500 State = 0x55de78a956db6da410ead8eb71766904 Message-Authenticator = 0x38f164964fda41ea99ab94411a9b4bca # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 18: Preceding "if" was taken [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 110 to 192.168.70.22 port 21652 EAP-Message = 0x010600c01580000008a2b5f52cd563f8b30d8cf1a81f9b88a0635659f6da57ffac9851e7a2d5541878f14ffd640011ed52fe5884fa34d2a8f793bbcabc9d415b656a54bf93317216dfb5df372942a7ec23d4adf37114088858a21b35886a08df05448cce7bdfecf2201788c350466387cc8391cb547efa8feacfd34e3da7ffbfee827d66c5476756bd1540dd6af11cdf8a8d96384e7a4bb6aa9f8ea07cf211bfa7e45bc81529eaaf76108bad0a14bef793a29f4b15a64716030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x55de78a951d86da410ead8eb71766904 Finished request 18. Going to the next request Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.944075 sec rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=111, length=633 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020601501580000001461603010106100001020100151070a791def4c9ce6aa9a210936cbcb19c16c64c200cb65b77b3136edc93ed6947fa08a2614c50d82fb9a01bc1d052e9774a62df04d1e2026eb56a9697230406687c9d9501bb575c82efb13b81028bc8162393fd0f19c5a0a8c9bfb45cf24d7432a52131e2a3baa5be4b783970b14c172151f79688680362429dc358f6256412c81a5c0724719585ef225e1745f0a42c0c3b9d41f74762a1b90844a115f8fd4dc4e59ff2a22f79b3db63d781d08a0d7d2d1f9e91dfc4bbf6fecc3c80b6b5ac2afa5a9313a2b324ca97f5ee378ea606ef98806c76d616fcb4c919e3c5b61b80d3ab90d97dd08725 EAP-Message = 0x080804f3bb3f21200042c1641a82740587c2a9be41de2e111403010001011603010030e93d2b879d132fb31e807571b5cc758b972225ef97f0af291e24c3adb8f435201d65e18a461386a17ec47568ea05925c State = 0x55de78a951d86da410ead8eb71766904 Message-Authenticator = 0x13372cc3426516ef77c5bf272f5d1b42 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 19: Preceding "if" was taken [eap] EAP packet type response id 6 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 326 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [ttls] TLS_accept: SSLv3 read client key exchange A [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] [ttls] <<< TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 read finished A [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] [ttls] TLS_accept: SSLv3 write change cipher spec A [ttls] >>> TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 write finished A [ttls] TLS_accept: SSLv3 flush data [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 111 to 192.168.70.22 port 21652 EAP-Message = 0x0107004515800000003b14030100010116030100309c222ec982006809790a9c2919d10a2f1b2565b8bc96b5ff2e5553bdb41340a1e1682a5234747b218e42c4c4e579d35b Message-Authenticator = 0x00000000000000000000000000000000 State = 0x55de78a950d96da410ead8eb71766904 Finished request 19. Going to the next request Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.129376 sec Waking up in 0.2 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=112, length=454 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x0207009f1580000000951703010090bed3fef3622c94a55d4d20677b2056fe14578cb1ec6518795511c4f6092783cd3b97788fa8baf3fc68a8617d5c63e2ea04a7ad1eaf25e550c42a0d37fad6c07288aa8ebb8225b5a103d75729a0f8952087825d8497d6ddb40c435e225b5c2a960c50f281a0768a0c6baa9ec1e79281fe585ea06e3d0f3065ea499c3c33f60fac52636f9863e60fc3986e22545062c96c State = 0x55de78a950d96da410ead8eb71766904 Message-Authenticator = 0xe5645ddc511b3c835037bcc2a8adfed5 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 20: Preceding "if" was taken [eap] EAP packet type response id 7 length 159 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 149 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Got tunneled request User-Name = "passpoint/adrian" MS-CHAP-Challenge = 0xf1e8cc0e49325414b2f191350344d954 MS-CHAP2-Response = 0x0d00e349a94d15eb6b413a1795bd88effc1500000000000000000ba1f6b617ee509e5204bf9b3d832784867e0b1097474d2b FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = "passpoint/adrian" MS-CHAP-Challenge = 0xf1e8cc0e49325414b2f191350344d954 MS-CHAP2-Response = 0x0d00e349a94d15eb6b413a1795bd88effc1500000000000000000ba1f6b617ee509e5204bf9b3d832784867e0b1097474d2b FreeRADIUS-Proxied-To = 127.0.0.1 server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated [suffix] Request already proxied. Ignoring. ++[suffix] returns ok [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel [ttls] Got tunneled reply code 0 [ttls] Tunneled authentication will be proxied to passpoint [eap] Tunneled session will be proxied. Not doing EAP. ++[eap] returns handled WARNING: Cancelling proxy to Realm LOCAL, as the realm is local. There was no response configured: rejecting request 20 Using Post-Auth-Type Reject # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} ++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) ? Evaluating (Realm == "8021x:BTRCon" ) -> FALSE ? Evaluating (Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE ++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE [attr_filter.access_reject] expand: %{User-Name} -> passpoint/adrian attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 20 for 1 seconds Going to the next request Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.751837 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.243590 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.876885 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.762210 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.239831 sec Sending delayed reject for request 20 Sending Access-Reject of id 112 to 192.168.70.22 port 21652 Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.931724 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.821277 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.215098 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.798647 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.972355 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.819912 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.142257 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.882873 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.174178 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.923319 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.796417 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.101806 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.195755 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.836153 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.201596 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.172237 sec Waking up in 0.5 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.949951 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.780669 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.221639 sec Cleaning up request 14 ID 106 with timestamp +28 Cleaning up request 15 ID 107 with timestamp +28 Cleaning up request 16 ID 108 with timestamp +28 Cleaning up request 17 ID 109 with timestamp +28 Cleaning up request 18 ID 110 with timestamp +28 Cleaning up request 19 ID 111 with timestamp +28 Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.157646 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.933433 sec Waking up in 0.2 seconds. -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+adrian.p.smith=bt.com@lists.freeradius.org] On Behalf Of Matthew Newton Sent: 13 June 2017 10:24 To: FreeRadius users mailing list Subject: RE: Terminate EAP-TTLS then proxy On 13 June 2017 10:20:56 BST, adrian.p.smith@bt.com wrote:
Ah sorry, here's the rest of it:
[ttls] Got tunneled reply code 0 [ttls] Tunneled authentication will be proxied to passpoint [eap] Tunneled session will be proxied. Not doing EAP. ++[eap] returns handled WARNING: Cancelling proxy to Realm LOCAL, as the realm is local.
Look in proxy.conf. The 'passpoint' realm likely isn't configured correctly. -- Matthew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html