Ready to process requests.
rad_recv: Access-Request packet from host 10.1.0.53 port 7596, id=206, length=158
	User-Name = "lpaulin"
	NAS-IP-Address = 10.1.0.81
	NAS-Port = 0
	Called-Station-Id = "08-5B-0E-60-26-D1:stingrayQA"
	Calling-Station-Id = "18-65-90-CB-4C-69"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = 0x0200000c016c7061756c696e
	Message-Authenticator = 0xe22ba736abbc32fa23690ef9042564b7
# Executing section authorize from file /etc/raddb//sites-enabled/default
+group authorize {
[ldap] performing user authorization for lpaulin
[ldap] 	expand: %{mschap:User-Name} -> lpaulin
[ldap] 	expand: (&(objectCategory=person)(objectClass=user)(sAMAccountName=%{%{mschap:User-Name}:-%{User-Name}})) -> (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
[ldap] 	expand: DC=corp,DC=stingraydigital,DC=com -> DC=corp,DC=stingraydigital,DC=com
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] attempting LDAP reconnection
  [ldap] (re)connect to mtldc01.corp.stingraydigital.com:389, authentication 0
  [ldap] bind as CN=radius,OU=BackEnd,OU=DEV,DC=corp,DC=stingraydigital,DC=com/MYBINLDAPPWD to mtldc01.corp.stingraydigital.com:389
  [ldap] waiting for bind result ...
  [ldap] Bind was successful
  [ldap] performing search in DC=corp,DC=stingraydigital,DC=com, with filter (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] = ok
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 10.1.0.53
[auth_log] 	expand: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.1.0.53/auth-detail-20170214
[auth_log] /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.1.0.53/auth-detail-20170214
[auth_log] 	expand: %t -> Tue Feb 14 16:40:38 2017
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[eap] EAP packet type response id 0 length 12
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
  [ldap] Entering ldap_groupcmp()
[files] 	expand: DC=corp,DC=stingraydigital,DC=com -> DC=corp,DC=stingraydigital,DC=com
[files] 	expand: (&(objectClass=Group)(objectCategory=Group)(member=%{control:Ldap-UserDn})) -> (&(objectClass=Group)(objectCategory=Group)(member=CN\3dLuc Paulin\2cOU\3dInfrastructure\2cOU\3dIT\2cDC\3dcorp\2cDC\3dstingraydigital\2cDC\3dcom))
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in DC=corp,DC=stingraydigital,DC=com, with filter (&(cn=admin-galaxie)(&(objectClass=Group)(objectCategory=Group)(member=CN\3dLuc Paulin\2cOU\3dInfrastructure\2cOU\3dIT\2cDC\3dcorp\2cDC\3dstingraydigital\2cDC\3dcom)))
  [ldap] object not found
  [ldap] ldap_release_conn: Release Id: 0
rlm_ldap::ldap_groupcmp: Group admin-galaxie not found or user is not a member.
++[files] = noop
++[expiration] = noop
++[logintime] = noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/raddb//sites-enabled/default
+group authenticate {
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 206 to 10.1.0.53 port 7596
	EAP-Message = 0x010100061920
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xee60355eee612cc0c69d80fefc2a3042
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.0.53 port 7596, id=207, length=291
	User-Name = "lpaulin"
	NAS-IP-Address = 10.1.0.81
	NAS-Port = 0
	Called-Station-Id = "08-5B-0E-60-26-D1:stingrayQA"
	Calling-Station-Id = "18-65-90-CB-4C-69"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = 0x0201007f19800000007516030100700100006c030158a3330688aa691928b8a167f7246d2210227e1403f59b9bc4f135694c75a8d400002000ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000a01000023000a00080006001700180019000b000201000005000501000000000012000000170000
	State = 0xee60355eee612cc0c69d80fefc2a3042
	Message-Authenticator = 0xc7eedf409bb5094dc50f3fee708d07ca
# Executing section authorize from file /etc/raddb//sites-enabled/default
+group authorize {
[ldap] performing user authorization for lpaulin
[ldap] 	expand: %{mschap:User-Name} -> lpaulin
[ldap] 	expand: (&(objectCategory=person)(objectClass=user)(sAMAccountName=%{%{mschap:User-Name}:-%{User-Name}})) -> (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
[ldap] 	expand: DC=corp,DC=stingraydigital,DC=com -> DC=corp,DC=stingraydigital,DC=com
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in DC=corp,DC=stingraydigital,DC=com, with filter (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] = ok
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 10.1.0.53
[auth_log] 	expand: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.1.0.53/auth-detail-20170214
[auth_log] /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.1.0.53/auth-detail-20170214
[auth_log] 	expand: %t -> Tue Feb 14 16:40:38 2017
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[eap] EAP packet type response id 1 length 127
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb//sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 117
[peap] Length Included
[peap] eaptls_verify returned 11
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0070], ClientHello
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0039], ServerHello
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 08d0], Certificate
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
[peap]     TLS_accept: SSLv3 write key exchange A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate A
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 207 to 10.1.0.53 port 7596
	EAP-Message = 0x0102040019c000000a6c160301003902000035030158a3330699d3dbd5bfb32c2b88788233c1e873b738256e935eb007fdc70ee07500c01400000dff01000100000b00040300010216030108d00b0008cc0008c90003de308203da308202c2a003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966
	EAP-Message = 0x696361746520417574686f72697479301e170d3137303230393135323030355a170d3137303431303135323030355a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b32da5bf3d3d5f2754439de71705ee210b24502f0d437338fba26408c80a487a98dfe5869a0385721d901d611ce07b
	EAP-Message = 0x42ed083f9dae76b474d17744b6e321736e4fe3eae7e506da45a418431c6dd0145bc1c8dfb3c9c30dc6549bfb204a488edfa2d250a144878f8d30822cef260f6a57ba06435c41d1486ba0f397dc238ed9809da40c1188d5ac285d66fa231c5c5634e0596ad243603c74f067d93faa1907e077107410a0f9eb46383ee3596f758a33619f79df1f74e36d2d0f4ff44f7d71487d4a0703b1c350a0d92c912d08b944ade25ce5f800de765bf8f9ee1dd00ffc06741d400bf5e2666e055a44c41ff761f3b5d6f58f9b3d102968e68f1e933722ed0203010001a34f304d30130603551d25040c300a06082b0601050507030130360603551d1f042f302d302ba0
	EAP-Message = 0x29a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d01010b0500038201010095a37bfa96e742cf7a55e9ae91d0dafaf8adab85ac90f0d765f70d0011bc9131693c2f150b7bc05a9416e628cd61a7953a3cb1e2a0a99579331f6ef0c7da3d44ab63a1f63261214819823192918ca0a40c24a6d88a0e25062b73bcde91db27886f5bf40ffb7d3cae570c637d23c05ec4d7d11d06e82cef0bdf9f5af9da3e1fc1b80ba038e195685bfa5a4aa287390594d2ca0557d122ed2f17f19b8d7b97089f1e78cdbc10df3a5216d65c7eb20622fd1b7df45b11fbbcbf03e986a4e8d5a6
	EAP-Message = 0xc57cbe27ec5a8c0ab5ee4e37
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xee60355eef622cc0c69d80fefc2a3042
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.0.53 port 7596, id=208, length=170
	User-Name = "lpaulin"
	NAS-IP-Address = 10.1.0.81
	NAS-Port = 0
	Called-Station-Id = "08-5B-0E-60-26-D1:stingrayQA"
	Calling-Station-Id = "18-65-90-CB-4C-69"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = 0x020200061900
	State = 0xee60355eef622cc0c69d80fefc2a3042
	Message-Authenticator = 0x989e3b27aed53c097fcf58aa42a14d15
# Executing section authorize from file /etc/raddb//sites-enabled/default
+group authorize {
[ldap] performing user authorization for lpaulin
[ldap] 	expand: %{mschap:User-Name} -> lpaulin
[ldap] 	expand: (&(objectCategory=person)(objectClass=user)(sAMAccountName=%{%{mschap:User-Name}:-%{User-Name}})) -> (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
[ldap] 	expand: DC=corp,DC=stingraydigital,DC=com -> DC=corp,DC=stingraydigital,DC=com
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in DC=corp,DC=stingraydigital,DC=com, with filter (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] = ok
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 10.1.0.53
[auth_log] 	expand: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.1.0.53/auth-detail-20170214
[auth_log] /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.1.0.53/auth-detail-20170214
[auth_log] 	expand: %t -> Tue Feb 14 16:40:38 2017
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[eap] EAP packet type response id 2 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb//sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 208 to 10.1.0.53 port 7596
	EAP-Message = 0x010303fc1940269d384d72d5779d80e123e0a21792b6a84dba7088ab3966b122820d0b7675ebab2fe68d4ce57780250c59d2c54c9ebf38e36d41410004e5308204e1308203c9a003020102020900cb75546a4c1c790e300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e
	EAP-Message = 0x170d3137303230393135323030355a170d3137303431303135323030355a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad90a6dfca2d73000f2ae9cedea5773ad62b063ade84781ebb42aee195ce16c60548a4535b5a442f
	EAP-Message = 0x179510e0b479f05a81cfb917c30f0d35be84ec516071b6640b0979525981230e10dafbd999185af25c9b6796ce01574b86aa038a95be9b4522702b9e491f993b3b46f0567144e1b09b9733c6b3b56729cc6b3caf855a65c195b23e6d9964184331813d64a2efd44b25ebe396e3a2434dc72b6cf20084e54193735f05d097b9e4dda97c23deadda57edfb942a571e4a18ffc0ee1739a8cb7b7c1f819934be48f6c5612272d3375772d219e9c9def6a903ffee8ea7c789ed0101d17626ef9440cdf9e2d5eaa03929ec548f73ff49c622f74f9554a05d250ee90203010001a382013430820130301d0603551d0e04160414f564f3291235f4c3768ce5de0b
	EAP-Message = 0x480d9fbd34b53c3081c80603551d230481c03081bd8014f564f3291235f4c3768ce5de0b480d9fbd34b53ca18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900cb75546a4c1c790e300c0603551d13040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f777777
	EAP-Message = 0x2e6578616d706c65
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xee60355eec632cc0c69d80fefc2a3042
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.0.53 port 7596, id=209, length=170
	User-Name = "lpaulin"
	NAS-IP-Address = 10.1.0.81
	NAS-Port = 0
	Called-Station-Id = "08-5B-0E-60-26-D1:stingrayQA"
	Calling-Station-Id = "18-65-90-CB-4C-69"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = 0x020300061900
	State = 0xee60355eec632cc0c69d80fefc2a3042
	Message-Authenticator = 0x5d7a5dbc825a969a6fcdae3198e521d2
# Executing section authorize from file /etc/raddb//sites-enabled/default
+group authorize {
[ldap] performing user authorization for lpaulin
[ldap] 	expand: %{mschap:User-Name} -> lpaulin
[ldap] 	expand: (&(objectCategory=person)(objectClass=user)(sAMAccountName=%{%{mschap:User-Name}:-%{User-Name}})) -> (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
[ldap] 	expand: DC=corp,DC=stingraydigital,DC=com -> DC=corp,DC=stingraydigital,DC=com
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in DC=corp,DC=stingraydigital,DC=com, with filter (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] = ok
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 10.1.0.53
[auth_log] 	expand: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.1.0.53/auth-detail-20170214
[auth_log] /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.1.0.53/auth-detail-20170214
[auth_log] 	expand: %t -> Tue Feb 14 16:40:38 2017
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb//sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 209 to 10.1.0.53 port 7596
	EAP-Message = 0x0104028619002e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d010105050003820101000bb6a826f278bb4d972bc2a663c7d48abcb95683e7d10c753dee395eae5b26f61d913f97d74baf48514aaaec89ab87c3071d1f1a6c22a82224832c097b6e91baabdc9643f7c822f9d913152066c71a45e197e0e82301681ef9023958c94cb8cd9dd541a19b3dea36fd058a40e10e6fc40afb523042185b628ea75516ee2b6b9a05ff2e6b040fccf8a92fa7931b14c461c78c96751531c4bd2b3b01eb8f97c19d30350464a34c254a447b340bb4091d1e3162ceeab6ea69c4d60693275ad0aed6e99b283c3824bccd39a25cfd49391e96
	EAP-Message = 0xe0ebbfdf38b6cde275f46132b771d0c97971b436a6ce9c10d50006fdcfe3c76ff2df5f59ca06c3fc1955d88615140af3160301014b0c000147030017410471c952c8784196cc8426dc5ee07b874cc3c9e5192d8d1d21fc84d02693af6c5f2daeadf0cf1fc87afe4c4438cc79585e5755c47c99ebedc834c6af77bfccec8501004e1c1fec14121668306c5939cf11bed7ae0f68a32666753f2d2f1836b6c2b509f0d9de93758ce8bb4b9a65567f5a3da56af43d4d585b159e3a98cd84c22360da2f885acc40c83715e57f098e728b242eee756e085f2e9e6dcfb5fe4a776f6e9bc28f869bdc8d2eafbf2da39dceedd2e5bfb306f9b67dad4af45591cf41
	EAP-Message = 0xa9ef35f29c13f9b7d6c5c206c2474f4076c05b9953a1cc33813af8ca2bd6a42668242609f07bb819598ea6faa84fec5ec75e1137078108378adc12fceef387c631257fcc50e0a35c04846f131a604852f7131ab4485b3d059ed591b026e6d4316ebadb265225b84cc90b4db56718449f621dfaef6381a886cb3c47fa275191dae336fb16030100040e000000
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xee60355eed642cc0c69d80fefc2a3042
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.0.53 port 7596, id=210, length=308
	User-Name = "lpaulin"
	NAS-IP-Address = 10.1.0.81
	NAS-Port = 0
	Called-Station-Id = "08-5B-0E-60-26-D1:stingrayQA"
	Calling-Station-Id = "18-65-90-CB-4C-69"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = 0x02040090198000000086160301004610000042410415ddcc20782e77e17fe6dee5f05efba932fabdf68f99f7cb1f70ad5e54329744776c4c5276a4c50fe2ba5f5b36c83661347add37705da2294a7d313ae49ea7021403010001011603010030872261836a19b17e689d95d9921420a8b07479547683a783d639dec49886d1292727ba5d629f3084d27c69a3055c7358
	State = 0xee60355eed642cc0c69d80fefc2a3042
	Message-Authenticator = 0x9da0af356d0616cab3a210452557d797
# Executing section authorize from file /etc/raddb//sites-enabled/default
+group authorize {
[ldap] performing user authorization for lpaulin
[ldap] 	expand: %{mschap:User-Name} -> lpaulin
[ldap] 	expand: (&(objectCategory=person)(objectClass=user)(sAMAccountName=%{%{mschap:User-Name}:-%{User-Name}})) -> (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
[ldap] 	expand: DC=corp,DC=stingraydigital,DC=com -> DC=corp,DC=stingraydigital,DC=com
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in DC=corp,DC=stingraydigital,DC=com, with filter (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] = ok
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 10.1.0.53
[auth_log] 	expand: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.1.0.53/auth-detail-20170214
[auth_log] /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.1.0.53/auth-detail-20170214
[auth_log] 	expand: %t -> Tue Feb 14 16:40:42 2017
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[eap] EAP packet type response id 4 length 144
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb//sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 134
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
[peap]     TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap]     TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 write finished A
[peap]     TLS_accept: SSLv3 flush data
[peap]     (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 210 to 10.1.0.53 port 7596
	EAP-Message = 0x01050041190014030100010116030100308a87a5f0bc5d142ca84532c38083665c97e43aa5e893446cc4551dffcce819e848a938201123f52c2f34479463a767b8
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xee60355eea652cc0c69d80fefc2a3042
Finished request 4.
Going to the next request
Waking up in 0.8 seconds.
rad_recv: Access-Request packet from host 10.1.0.53 port 7596, id=211, length=170
	User-Name = "lpaulin"
	NAS-IP-Address = 10.1.0.81
	NAS-Port = 0
	Called-Station-Id = "08-5B-0E-60-26-D1:stingrayQA"
	Calling-Station-Id = "18-65-90-CB-4C-69"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = 0x020500061900
	State = 0xee60355eea652cc0c69d80fefc2a3042
	Message-Authenticator = 0x17c71347ba9b4dcd5f734a833a0bde72
# Executing section authorize from file /etc/raddb//sites-enabled/default
+group authorize {
[ldap] performing user authorization for lpaulin
[ldap] 	expand: %{mschap:User-Name} -> lpaulin
[ldap] 	expand: (&(objectCategory=person)(objectClass=user)(sAMAccountName=%{%{mschap:User-Name}:-%{User-Name}})) -> (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
[ldap] 	expand: DC=corp,DC=stingraydigital,DC=com -> DC=corp,DC=stingraydigital,DC=com
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in DC=corp,DC=stingraydigital,DC=com, with filter (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] = ok
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 10.1.0.53
[auth_log] 	expand: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.1.0.53/auth-detail-20170214
[auth_log] /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.1.0.53/auth-detail-20170214
[auth_log] 	expand: %t -> Tue Feb 14 16:40:42 2017
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb//sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 211 to 10.1.0.53 port 7596
	EAP-Message = 0x0106002b1900170301002027e654d65972f87d3d2261fe35c97a72e426e641e1b168b01da20fa4de3dee1c
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xee60355eeb662cc0c69d80fefc2a3042
Finished request 5.
Going to the next request
Waking up in 0.8 seconds.
rad_recv: Access-Request packet from host 10.1.0.53 port 7596, id=212, length=207
	User-Name = "lpaulin"
	NAS-IP-Address = 10.1.0.81
	NAS-Port = 0
	Called-Station-Id = "08-5B-0E-60-26-D1:stingrayQA"
	Calling-Station-Id = "18-65-90-CB-4C-69"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = 0x0206002b190017030100203a0bf25970e8159975bc245bc48f85cfcacea7cb905b7586d4fa4ea70d031e2f
	State = 0xee60355eeb662cc0c69d80fefc2a3042
	Message-Authenticator = 0x626f604d31eed746376c7af60202041d
# Executing section authorize from file /etc/raddb//sites-enabled/default
+group authorize {
[ldap] performing user authorization for lpaulin
[ldap] 	expand: %{mschap:User-Name} -> lpaulin
[ldap] 	expand: (&(objectCategory=person)(objectClass=user)(sAMAccountName=%{%{mschap:User-Name}:-%{User-Name}})) -> (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
[ldap] 	expand: DC=corp,DC=stingraydigital,DC=com -> DC=corp,DC=stingraydigital,DC=com
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in DC=corp,DC=stingraydigital,DC=com, with filter (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] = ok
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 10.1.0.53
[auth_log] 	expand: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.1.0.53/auth-detail-20170214
[auth_log] /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.1.0.53/auth-detail-20170214
[auth_log] 	expand: %t -> Tue Feb 14 16:40:42 2017
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[eap] EAP packet type response id 6 length 43
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb//sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - lpaulin
[peap] Got inner identity 'lpaulin'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
	EAP-Message = 0x0206000c016c7061756c696e
server  {
[peap] Setting User-Name to lpaulin
Sending tunneled request
	EAP-Message = 0x0206000c016c7061756c696e
	FreeRADIUS-Proxied-To = 127.0.0.1
	User-Name = "lpaulin"
server inner-tunnel {
# Executing section authorize from file /etc/raddb//sites-enabled/inner-tunnel
+group authorize {
++[chap] = noop
++[mschap] = noop
[suffix] No '@' in User-Name = "lpaulin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
++update control {
++} # update control = noop
[eap] EAP packet type response id 6 length 12
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
  [ldap] Entering ldap_groupcmp()
[files] 	expand: DC=corp,DC=stingraydigital,DC=com -> DC=corp,DC=stingraydigital,DC=com
[files] 	expand: %{mschap:User-Name} -> lpaulin
[files] 	expand: (&(objectCategory=person)(objectClass=user)(sAMAccountName=%{%{mschap:User-Name}:-%{User-Name}})) -> (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in DC=corp,DC=stingraydigital,DC=com, with filter (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
  [ldap] ldap_release_conn: Release Id: 0
[files] 	expand: (&(objectClass=Group)(objectCategory=Group)(member=%{control:Ldap-UserDn})) -> (&(objectClass=Group)(objectCategory=Group)(member=CN\3dLuc Paulin\2cOU\3dInfrastructure\2cOU\3dIT\2cDC\3dcorp\2cDC\3dstingraydigital\2cDC\3dcom))
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in DC=corp,DC=stingraydigital,DC=com, with filter (&(cn=admin-galaxie)(&(objectClass=Group)(objectCategory=Group)(member=CN\3dLuc Paulin\2cOU\3dInfrastructure\2cOU\3dIT\2cDC\3dcorp\2cDC\3dstingraydigital\2cDC\3dcom)))
  [ldap] object not found
  [ldap] ldap_release_conn: Release Id: 0
rlm_ldap::ldap_groupcmp: Group admin-galaxie not found or user is not a member.
++[files] = noop
++[expiration] = noop
++[logintime] = noop
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/raddb//sites-enabled/inner-tunnel
+group authenticate {
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] = handled
+} # group authenticate = handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
	EAP-Message = 0x010700211a0107001c10e439ba6bea235fc2251dd0acb1831acd6c7061756c696e
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x6a36f5d76a31ef5235d2432a5ee6403b
[peap] Got tunneled reply RADIUS code Access-Challenge
	EAP-Message = 0x010700211a0107001c10e439ba6bea235fc2251dd0acb1831acd6c7061756c696e
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x6a36f5d76a31ef5235d2432a5ee6403b
[peap] Got tunneled Access-Challenge
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 212 to 10.1.0.53 port 7596
	EAP-Message = 0x0107004b190017030100407152bfc6aa82ec75adeef8d736fc3651eef54671ab5e560e792d4a09241cdaeb2d239c91b12ae72ca6f4e38cf38ef1eb1e2376be4fa0c6a584322ab004fe5044
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xee60355ee8672cc0c69d80fefc2a3042
Finished request 6.
Going to the next request
Waking up in 0.8 seconds.
rad_recv: Access-Request packet from host 10.1.0.53 port 7596, id=213, length=271
	User-Name = "lpaulin"
	NAS-IP-Address = 10.1.0.81
	NAS-Port = 0
	Called-Station-Id = "08-5B-0E-60-26-D1:stingrayQA"
	Calling-Station-Id = "18-65-90-CB-4C-69"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = 0x0207006b1900170301006095d9f2e5b388d7da4519505a3e0c11c662a0ec996b12e59b14b221ea9bb03967f4111e11faec9de962f6b3606f701553903486e98a57ea34b215041fec578c462123fde474799596f58340f7666cc12e0590c7ee99dafe010e158d746a7bde52
	State = 0xee60355ee8672cc0c69d80fefc2a3042
	Message-Authenticator = 0x43c64c528e8f29946bca23ea4eb1d02e
# Executing section authorize from file /etc/raddb//sites-enabled/default
+group authorize {
[ldap] performing user authorization for lpaulin
[ldap] 	expand: %{mschap:User-Name} -> lpaulin
[ldap] 	expand: (&(objectCategory=person)(objectClass=user)(sAMAccountName=%{%{mschap:User-Name}:-%{User-Name}})) -> (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
[ldap] 	expand: DC=corp,DC=stingraydigital,DC=com -> DC=corp,DC=stingraydigital,DC=com
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in DC=corp,DC=stingraydigital,DC=com, with filter (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] = ok
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 10.1.0.53
[auth_log] 	expand: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.1.0.53/auth-detail-20170214
[auth_log] /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.1.0.53/auth-detail-20170214
[auth_log] 	expand: %t -> Tue Feb 14 16:40:42 2017
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[eap] EAP packet type response id 7 length 107
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb//sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
	EAP-Message = 0x020700421a0207003d318114c0cc902cbfae933f815ee20ada2e0000000000000000ba41dc8545246f02782403b10f139712ef966aa7ef7e8409006c7061756c696e
server  {
[peap] Setting User-Name to lpaulin
Sending tunneled request
	EAP-Message = 0x020700421a0207003d318114c0cc902cbfae933f815ee20ada2e0000000000000000ba41dc8545246f02782403b10f139712ef966aa7ef7e8409006c7061756c696e
	FreeRADIUS-Proxied-To = 127.0.0.1
	User-Name = "lpaulin"
	State = 0x6a36f5d76a31ef5235d2432a5ee6403b
server inner-tunnel {
# Executing section authorize from file /etc/raddb//sites-enabled/inner-tunnel
+group authorize {
++[chap] = noop
++[mschap] = noop
[suffix] No '@' in User-Name = "lpaulin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
++update control {
++} # update control = noop
[eap] EAP packet type response id 7 length 66
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
  [ldap] Entering ldap_groupcmp()
[files] 	expand: DC=corp,DC=stingraydigital,DC=com -> DC=corp,DC=stingraydigital,DC=com
[files] 	expand: %{mschap:User-Name} -> lpaulin
[files] 	expand: (&(objectCategory=person)(objectClass=user)(sAMAccountName=%{%{mschap:User-Name}:-%{User-Name}})) -> (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in DC=corp,DC=stingraydigital,DC=com, with filter (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
  [ldap] ldap_release_conn: Release Id: 0
[files] 	expand: (&(objectClass=Group)(objectCategory=Group)(member=%{control:Ldap-UserDn})) -> (&(objectClass=Group)(objectCategory=Group)(member=CN\3dLuc Paulin\2cOU\3dInfrastructure\2cOU\3dIT\2cDC\3dcorp\2cDC\3dstingraydigital\2cDC\3dcom))
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in DC=corp,DC=stingraydigital,DC=com, with filter (&(cn=admin-galaxie)(&(objectClass=Group)(objectCategory=Group)(member=CN\3dLuc Paulin\2cOU\3dInfrastructure\2cOU\3dIT\2cDC\3dcorp\2cDC\3dstingraydigital\2cDC\3dcom)))
  [ldap] object not found
  [ldap] ldap_release_conn: Release Id: 0
rlm_ldap::ldap_groupcmp: Group admin-galaxie not found or user is not a member.
++[files] = noop
++[expiration] = noop
++[logintime] = noop
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/raddb//sites-enabled/inner-tunnel
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/raddb//sites-enabled/inner-tunnel
[mschapv2] +group MS-CHAP {
[mschap] Creating challenge hash with username: lpaulin
[mschap] Client is using MS-CHAPv2 for lpaulin, we need NT-Password
[mschap] 	expand: %{mschap:User-Name} -> lpaulin
[mschap] 	expand: --username=%{%{mschap:User-Name}:-%{%{User-Name}:-None}} -> --username=lpaulin
[mschap] Creating challenge hash with username: lpaulin
[mschap] 	expand: %{mschap:Challenge} -> 8304ef5d7e31db03
[mschap] 	expand: --challenge=%{%{mschap:Challenge}:-00} -> --challenge=8304ef5d7e31db03
[mschap] 	expand: %{mschap:NT-Response} -> ba41dc8545246f02782403b10f139712ef966aa7ef7e8409
[mschap] 	expand: --nt-response=%{%{mschap:NT-Response}:-00} -> --nt-response=ba41dc8545246f02782403b10f139712ef966aa7ef7e8409
[mschap] No NT-Domain was found in the User-Name.
[mschap] 	expand: %{mschap:NT-Domain} ->
[mschap] 	... expanding second conditional
[mschap] 	expand: --domain=%{%{mschap:NT-Domain}:-CORP} -> --domain=CORP
Exec output: NT_KEY: E6B293DCD077A57A5A361BABDAFCA0A3
Exec plaintext: NT_KEY: E6B293DCD077A57A5A361BABDAFCA0A3
[mschap] Exec: program returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] = ok
+} # group MS-CHAP = ok
MSCHAP Success
++[eap] = handled
+} # group authenticate = handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
	EAP-Message = 0x010800331a0307002e533d42333046454443413745373233453842384635313235354537334536323639434545344131323439
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x6a36f5d76b3eef5235d2432a5ee6403b
[peap] Got tunneled reply RADIUS code Access-Challenge
	EAP-Message = 0x010800331a0307002e533d42333046454443413745373233453842384635313235354537334536323639434545344131323439
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x6a36f5d76b3eef5235d2432a5ee6403b
[peap] Got tunneled Access-Challenge
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 213 to 10.1.0.53 port 7596
	EAP-Message = 0x0108005b19001703010050ae1820bb9172bd0d69551b46fd88b1d4bc2006858fcbc32b5bb9c01d89bf372be177c2e7fbba57d03a3b906d401908dc6bbbc78d94421bda2b83bc655bdf9fac981802d1779c67d4c7284356da43ac6f
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xee60355ee9682cc0c69d80fefc2a3042
Finished request 7.
Going to the next request
Waking up in 0.8 seconds.
rad_recv: Access-Request packet from host 10.1.0.53 port 7596, id=214, length=207
	User-Name = "lpaulin"
	NAS-IP-Address = 10.1.0.81
	NAS-Port = 0
	Called-Station-Id = "08-5B-0E-60-26-D1:stingrayQA"
	Calling-Station-Id = "18-65-90-CB-4C-69"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = 0x0208002b190017030100200073245360f5de7ccede7b748b67d3a4bbcfa618e0ae66a0c8e3307b89865b3f
	State = 0xee60355ee9682cc0c69d80fefc2a3042
	Message-Authenticator = 0x6d956c4000c387464eb65d715fd4c556
# Executing section authorize from file /etc/raddb//sites-enabled/default
+group authorize {
[ldap] performing user authorization for lpaulin
[ldap] 	expand: %{mschap:User-Name} -> lpaulin
[ldap] 	expand: (&(objectCategory=person)(objectClass=user)(sAMAccountName=%{%{mschap:User-Name}:-%{User-Name}})) -> (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
[ldap] 	expand: DC=corp,DC=stingraydigital,DC=com -> DC=corp,DC=stingraydigital,DC=com
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in DC=corp,DC=stingraydigital,DC=com, with filter (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] = ok
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 10.1.0.53
[auth_log] 	expand: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.1.0.53/auth-detail-20170214
[auth_log] /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.1.0.53/auth-detail-20170214
[auth_log] 	expand: %t -> Tue Feb 14 16:40:42 2017
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[eap] EAP packet type response id 8 length 43
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb//sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
	EAP-Message = 0x020800061a03
server  {
[peap] Setting User-Name to lpaulin
Sending tunneled request
	EAP-Message = 0x020800061a03
	FreeRADIUS-Proxied-To = 127.0.0.1
	User-Name = "lpaulin"
	State = 0x6a36f5d76b3eef5235d2432a5ee6403b
server inner-tunnel {
# Executing section authorize from file /etc/raddb//sites-enabled/inner-tunnel
+group authorize {
++[chap] = noop
++[mschap] = noop
[suffix] No '@' in User-Name = "lpaulin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
++update control {
++} # update control = noop
[eap] EAP packet type response id 8 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
  [ldap] Entering ldap_groupcmp()
[files] 	expand: DC=corp,DC=stingraydigital,DC=com -> DC=corp,DC=stingraydigital,DC=com
[files] 	expand: %{mschap:User-Name} -> lpaulin
[files] 	expand: (&(objectCategory=person)(objectClass=user)(sAMAccountName=%{%{mschap:User-Name}:-%{User-Name}})) -> (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in DC=corp,DC=stingraydigital,DC=com, with filter (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
  [ldap] ldap_release_conn: Release Id: 0
[files] 	expand: (&(objectClass=Group)(objectCategory=Group)(member=%{control:Ldap-UserDn})) -> (&(objectClass=Group)(objectCategory=Group)(member=CN\3dLuc Paulin\2cOU\3dInfrastructure\2cOU\3dIT\2cDC\3dcorp\2cDC\3dstingraydigital\2cDC\3dcom))
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in DC=corp,DC=stingraydigital,DC=com, with filter (&(cn=admin-galaxie)(&(objectClass=Group)(objectCategory=Group)(member=CN\3dLuc Paulin\2cOU\3dInfrastructure\2cOU\3dIT\2cDC\3dcorp\2cDC\3dstingraydigital\2cDC\3dcom)))
  [ldap] object not found
  [ldap] ldap_release_conn: Release Id: 0
rlm_ldap::ldap_groupcmp: Group admin-galaxie not found or user is not a member.
++[files] = noop
++[expiration] = noop
++[logintime] = noop
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/raddb//sites-enabled/inner-tunnel
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] = ok
+} # group authenticate = ok
Login OK: [lpaulin] (from client localhost port 0 via TLS tunnel)
  WARNING: Empty post-auth section.  Using default return values.
# Executing section post-auth from file /etc/raddb//sites-enabled/inner-tunnel
} # server inner-tunnel
[peap] Got tunneled reply code 2
	MS-MPPE-Encryption-Policy = 0x00000001
	MS-MPPE-Encryption-Types = 0x00000006
	MS-MPPE-Send-Key = 0xc3b2aea6743dee9ba3b586a838eac032
	MS-MPPE-Recv-Key = 0x8b31cb40b7e01112f521344df40d996a
	EAP-Message = 0x03080004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "lpaulin"
[peap] Got tunneled reply RADIUS code Access-Accept
	MS-MPPE-Encryption-Policy = 0x00000001
	MS-MPPE-Encryption-Types = 0x00000006
	MS-MPPE-Send-Key = 0xc3b2aea6743dee9ba3b586a838eac032
	MS-MPPE-Recv-Key = 0x8b31cb40b7e01112f521344df40d996a
	EAP-Message = 0x03080004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "lpaulin"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 214 to 10.1.0.53 port 7596
	EAP-Message = 0x0109002b19001703010020eddf93908b206ae7322e73bf22a67a19d331a6347db604baefd1f92ebce990ad
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xee60355ee6692cc0c69d80fefc2a3042
Finished request 8.
Going to the next request
Waking up in 0.8 seconds.
rad_recv: Access-Request packet from host 10.1.0.53 port 7596, id=215, length=207
	User-Name = "lpaulin"
	NAS-IP-Address = 10.1.0.81
	NAS-Port = 0
	Called-Station-Id = "08-5B-0E-60-26-D1:stingrayQA"
	Calling-Station-Id = "18-65-90-CB-4C-69"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = 0x0209002b19001703010020c1fd3c3a9e7056cae15240ded5d0bed076aefef52157463f5981553662cfdfd8
	State = 0xee60355ee6692cc0c69d80fefc2a3042
	Message-Authenticator = 0x5d6901f21e7a16b406a5b9608f4a1dd9
# Executing section authorize from file /etc/raddb//sites-enabled/default
+group authorize {
[ldap] performing user authorization for lpaulin
[ldap] 	expand: %{mschap:User-Name} -> lpaulin
[ldap] 	expand: (&(objectCategory=person)(objectClass=user)(sAMAccountName=%{%{mschap:User-Name}:-%{User-Name}})) -> (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
[ldap] 	expand: DC=corp,DC=stingraydigital,DC=com -> DC=corp,DC=stingraydigital,DC=com
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in DC=corp,DC=stingraydigital,DC=com, with filter (&(objectCategory=person)(objectClass=user)(sAMAccountName=lpaulin))
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] = ok
++[preprocess] = ok
[auth_log] 	expand: %{Packet-Src-IP-Address} -> 10.1.0.53
[auth_log] 	expand: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.1.0.53/auth-detail-20170214
[auth_log] /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.1.0.53/auth-detail-20170214
[auth_log] 	expand: %t -> Tue Feb 14 16:40:42 2017
++[auth_log] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[eap] EAP packet type response id 9 length 43
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb//sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] = ok
+} # group authenticate = ok
Login OK: [lpaulin] (from client localhost port 0 cli 18-65-90-CB-4C-69)
# Executing section post-auth from file /etc/raddb//sites-enabled/default
+group post-auth {
++update reply {
++} # update reply = noop
++? if (control:Ldap-UserDn =~ /OU=Administration/i)
? Evaluating (control:Ldap-UserDn =~ /OU=Administration/i) -> FALSE
++? if (control:Ldap-UserDn =~ /OU=Administration/i) -> FALSE
++? if (control:Ldap-UserDn =~ /OU=Content/i)
? Evaluating (control:Ldap-UserDn =~ /OU=Content/i) -> FALSE
++? if (control:Ldap-UserDn =~ /OU=Content/i) -> FALSE
++? if (control:Ldap-UserDn =~ /OU=Finance 360/i)
? Evaluating (control:Ldap-UserDn =~ /OU=Finance 360/i) -> FALSE
++? if (control:Ldap-UserDn =~ /OU=Finance 360/i) -> FALSE
++? if (control:Ldap-UserDn =~ /OU=TempUser/i)
? Evaluating (control:Ldap-UserDn =~ /OU=TempUser/i) -> FALSE
++? if (control:Ldap-UserDn =~ /OU=TempUser/i) -> FALSE
++? if (control:Ldap-UserDn =~ /OU=legal/i)
? Evaluating (control:Ldap-UserDn =~ /OU=legal/i) -> FALSE
++? if (control:Ldap-UserDn =~ /OU=legal/i) -> FALSE
++? if (control:Ldap-UserDn =~ /OU=Marketing/i)
? Evaluating (control:Ldap-UserDn =~ /OU=Marketing/i) -> FALSE
++? if (control:Ldap-UserDn =~ /OU=Marketing/i) -> FALSE
++? if (control:Ldap-UserDn =~ /OU=Support 360/i)
? Evaluating (control:Ldap-UserDn =~ /OU=Support 360/i) -> FALSE
++? if (control:Ldap-UserDn =~ /OU=Support 360/i) -> FALSE
++? if (control:Ldap-UserDn =~ /OU=Vente 360/i)
? Evaluating (control:Ldap-UserDn =~ /OU=Vente 360/i) -> FALSE
++? if (control:Ldap-UserDn =~ /OU=Vente 360/i) -> FALSE
++? if (control:Ldap-UserDn =~ /OU=Vente Stingray/i)
? Evaluating (control:Ldap-UserDn =~ /OU=Vente Stingray/i) -> FALSE
++? if (control:Ldap-UserDn =~ /OU=Vente Stingray/i) -> FALSE
++? if (control:Ldap-UserDn =~ /OU=Dev/i)
? Evaluating (control:Ldap-UserDn =~ /OU=Dev/i) -> FALSE
++? if (control:Ldap-UserDn =~ /OU=Dev/i) -> FALSE
++? if (control:Ldap-UserDn =~ /OU=it/i)
? Evaluating (control:Ldap-UserDn =~ /OU=it/i) -> TRUE
++? if (control:Ldap-UserDn =~ /OU=it/i) -> TRUE
++if (control:Ldap-UserDn =~ /OU=it/i) {
+++update reply {
+++} # update reply = noop
++} # if (control:Ldap-UserDn =~ /OU=it/i) = noop
++[exec] = noop
+} # group post-auth = noop
Sending Access-Accept of id 215 to 10.1.0.53 port 7596
	MS-MPPE-Recv-Key = 0xe6ea06d3d6026d864e09d1643ad2d78a69a7b7414acf686192297fcfce310a36
	MS-MPPE-Send-Key = 0xfb468c134719837d92fa018ece3276f92d130f8baaa67af1d62729315399fa60
	EAP-Message = 0x03090004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "lpaulin"
	Tunnel-Type:0 = VLAN
	Tunnel-Private-Group-Id:0 = "150"
	Tunnel-Medium-Type:0 = IEEE-802
	Idle-Timeout = 60
	Session-Timeout = 60
	Termination-Action = RADIUS-Request
Finished request 9.
Going to the next request
Waking up in 0.8 seconds.
Cleaning up request 0 ID 206 with timestamp +10
Cleaning up request 1 ID 207 with timestamp +10
Cleaning up request 2 ID 208 with timestamp +10
Cleaning up request 3 ID 209 with timestamp +10
Waking up in 4.0 seconds.
Cleaning up request 4 ID 210 with timestamp +14
Cleaning up request 5 ID 211 with timestamp +14
Cleaning up request 6 ID 212 with timestamp +14
Cleaning up request 7 ID 213 with timestamp +14
Cleaning up request 8 ID 214 with timestamp +14
Cleaning up request 9 ID 215 with timestamp +14
Ready to process requests.
