Hello list, First of all: freeradius-2.1.8, Mysql 5.1.41 on Ubuntu 10.04 / Airport Extreme v7.5 I'm having trouble authenticating users with EAP/mschapv2 against a mysql database. Users authenticate fine if they are in the users file. Here's the main problem it seems from the debug output: Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for oogabooga with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject Now I've read a million posts on the web, including this list where people have reported the same problem. In most cases the problem was that the inner-tunnel server wasn't configured for sql. I definitely have sql on in the inner-tunnel file (which I will post in a sec). The mysql server IS being queried on the initial request, but not in inner-tunnel. Can someone please shed some light on this for me please. Here is my inner-tunnel file and debug output (long). Thanks, Matt /etc/freeradius/sites-enabled/inner-tunnel : ------------------------------------------------------------------------------------------------------------------------ server inner-tunnel { authorize { chap mschap unix suffix update control { Proxy-To-Realm := LOCAL } eap { ok = return } files sql expiration logintime pap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } unix eap } session { radutmp } post-auth { Post-Auth-Type REJECT { attr_filter.access_reject } } pre-proxy { } post-proxy { eap } } # inner-tunnel server block ------------------------------------------------------------------------------------------------------------------------ debug output: ------------------------------------------------------------------------------------------------------------------------ rad_recv: Access-Request packet from host 10.20.20.254 port 65023, id=181, length=153 User-Name = "oogabooga" NAS-IP-Address = 10.20.20.254 NAS-Port = 0 Called-Station-Id = "F8-1E-DF-FC-8C-82:xyz" Calling-Station-Id = "00-17-F2-45-F7-CF" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x028d000e016f6f6761626f6f6761 Message-Authenticator = 0x9388a95b4d72cd941931671109245b66 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "oogabooga", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 141 length 14 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop [sql] expand: %{Stripped-User-Name} -> [sql] ... expanding second conditional [sql] expand: %{User-Name} -> oogabooga [sql] expand: %{%{User-Name}:-DEFAULT} -> oogabooga [sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> oogabooga [sql] sql_set_user escaped user --> 'oogabooga' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'oogabooga' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'oogabooga' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'oogabooga' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'oogabooga' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'oogabooga' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'oogabooga' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 181 to 10.20.20.254 port 65023 EAP-Message = 0x018e00061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x38d5cb6a385bd2236abc452f8306cad0 Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.20.20.254 port 65023, id=182, length=321 User-Name = "oogabooga" NAS-IP-Address = 10.20.20.254 NAS-Port = 0 Called-Station-Id = "F8-1E-DF-FC-8C-82:xyz" Calling-Station-Id = "00-17-F2-45-F7-CF" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x028e00a419800000009a16030100950100009103014c003b641f6f7f2118662c35e08463255495bbfed1d9fe136d852ec7dbdb4082000056c00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a000900030008000600320033003800390016001500140013001200110034003a0018001b001a00170019000101000012000a00080006001700180019000b00020100 State = 0x38d5cb6a385bd2236abc452f8306cad0 Message-Authenticator = 0x968e8650d27c8223dbd04cf324fc8257 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "oogabooga", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 142 length 164 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 154 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0095], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 02f5], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 182 to 10.20.20.254 port 65023 EAP-Message = 0x018f03381900160301002a0200002603014c003b6472ff82bbee3871d32531c8f2c3a3b44e52f700638686f9ea11d4b83400002f0016030102f50b0002f10002ee0002eb308202e730820250a003020102020900b56636c836797a81300d06092a864886f70d01010505003077310b3009060355040613025553311330110603550408130a43616c69666f726e6961310b3009060355040a13025244310b3009060355040b13024d46310d300b060355040313046d617474312a302806092a864886f70d010901161b6d6174744072657075746174696f6e646566656e6465722e636f6d301e170d3130303532383036313931375a170d313130353238 EAP-Message = 0x3036313931375a3077310b3009060355040613025553311330110603550408130a43616c69666f726e6961310b3009060355040a13025244310b3009060355040b13024d46310d300b060355040313046d617474312a302806092a864886f70d010901161b6d6174744072657075746174696f6e646566656e6465722e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ab763a40e980384ddbb4260532c78892ab952341d55a426a570b53ae9fe65ba451290621509f02d10d8d6eae83288501845f58060021dcc5a9a706f08a68f2e9c2f93e9cdb37ca03c7946393a001e0d93bb17566ad50cc973c484a3592ce7625 EAP-Message = 0x72010d2da6edb23548162efc4ed24f9d46cdcf0e6bcf51fc628bd6337260c54f0203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604148b65f5271d9f8c34ecae0e645f6e08fc8734daf6301f0603551d230418301680142c94ae4302408ac4fef21fbb54805d7e1284debc300d06092a864886f70d0101050500038181009d0d147da8613b618dd31d47b906be2c3630fc880285388aff423c78a2e65858588bbd66207187bb311e983bb42155fc0e76a0145567ff423ba865384498dd89b2d036218bfd96ab EAP-Message = 0x954333569960576d12ab362bac80123e5a5acfad12b608a04971fdd28153ed5bb1aca14636e75d75f27233fc16b05196c075763bfc2156b116030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x38d5cb6a395ad2236abc452f8306cad0 Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.20.20.254 port 65023, id=183, length=365 User-Name = "oogabooga" NAS-IP-Address = 10.20.20.254 NAS-Port = 0 Called-Station-Id = "F8-1E-DF-FC-8C-82:xyz" Calling-Station-Id = "00-17-F2-45-F7-CF" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x028f00d01980000000c6160301008610000082008004bdd3b7b0a852356a1ac6e3b689f0052c720bfd0b953cc999a0864190470e58611196f4fb24605d35f758a8503ed50bf3e17a6156d0b2a7fe39bac81b8899cf6d0098413e8224d3d65ec4933169f090d5472f5ebb73627562a91c7c42f4df18de851c8ec8e72f32555ac19efd6cc20993dfb1c011e5e8cb4199b784fd0394a314030100010116030100300bb9f30d41b604fc645341a03d7cada5cc0bfbfd6e801632d95038ce42d4cc59c63245182f4a727eae303a4b90efbfce State = 0x38d5cb6a395ad2236abc452f8306cad0 Message-Authenticator = 0x830e541d08e25241fb1dfc4a51315de3 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "oogabooga", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 143 length 208 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 198 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 183 to 10.20.20.254 port 65023 EAP-Message = 0x01900041190014030100010116030100302d5b73a41a5fbd772604817295b40babc67ae810bf9cbcee437e7132285ab51930479abb317f2d94e42d5ea6b0cc5dc4 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x38d5cb6a3a45d2236abc452f8306cad0 Finished request 7. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.20.20.254 port 65023, id=184, length=163 User-Name = "oogabooga" NAS-IP-Address = 10.20.20.254 NAS-Port = 0 Called-Station-Id = "F8-1E-DF-FC-8C-82:xyz" Calling-Station-Id = "00-17-F2-45-F7-CF" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x029000061900 State = 0x38d5cb6a3a45d2236abc452f8306cad0 Message-Authenticator = 0xce08080eb592323fb851c85a19f465c5 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "oogabooga", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 144 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 184 to 10.20.20.254 port 65023 EAP-Message = 0x0191002b19001703010020460a34a8baf463cc09a1320e3652ff078e4690eb993b711727b2f74b0a7a1775 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x38d5cb6a3b44d2236abc452f8306cad0 Finished request 8. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.20.20.254 port 65023, id=185, length=200 User-Name = "oogabooga" NAS-IP-Address = 10.20.20.254 NAS-Port = 0 Called-Station-Id = "F8-1E-DF-FC-8C-82:xyz" Calling-Station-Id = "00-17-F2-45-F7-CF" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0291002b19001703010020acd51704f89f5cc2f583d85fb67d12c86680b9db361dec43517e988ca4d637ec State = 0x38d5cb6a3b44d2236abc452f8306cad0 Message-Authenticator = 0xaf1b3159314beff66b426a1a00402670 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "oogabooga", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 145 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - oogabooga [peap] Got tunneled request EAP-Message = 0x0291000e016f6f6761626f6f6761 server { PEAP: Got tunneled identity of oogabooga PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to oogabooga Sending tunneled request EAP-Message = 0x0291000e016f6f6761626f6f6761 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "oogabooga" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "oogabooga", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 145 length 14 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x019200231a0192001e101b0835effa80083b985e84044997630e6f6f6761626f6f6761 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x126780d012f59a3245837272e42ef114 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x019200231a0192001e101b0835effa80083b985e84044997630e6f6f6761626f6f6761 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x126780d012f59a3245837272e42ef114 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 185 to 10.20.20.254 port 65023 EAP-Message = 0x0192004b19001703010040aaa6c0a208f282582fce08e5608816ae7754e20c97e6892b43c82945613a824c54d463b35633e720283256337388bea291f65677344493c4455fb9680af96f3f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x38d5cb6a3c47d2236abc452f8306cad0 Finished request 9. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.20.20.254 port 65023, id=186, length=264 User-Name = "oogabooga" NAS-IP-Address = 10.20.20.254 NAS-Port = 0 Called-Station-Id = "F8-1E-DF-FC-8C-82:xyz" Calling-Station-Id = "00-17-F2-45-F7-CF" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0292006b190017030100601935f319960578d36124d2b8fb1a7a0b7eb1d9c17f8f9690e3c43f242cac0e50c37fc6ac63c88626b045c4408000e0804dcdd57b9f3aafb03ab69ba6418b8992bd8ee41dc0fd40fc08c73e3898606c89b6fae6d27fe1ba685486b9db8f0e9608 State = 0x38d5cb6a3c47d2236abc452f8306cad0 Message-Authenticator = 0x378af067a4b9b94ce8fee36e2d97802a +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "oogabooga", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 146 length 107 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x029200441a0292003f3167b2b7ad4188023c4886e6989b9a4004000000000000000057a7eb9b0536b2a56075aa2351abbf780081fd44b66a16f1006f6f6761626f6f6761 server { PEAP: Setting User-Name to oogabooga Sending tunneled request EAP-Message = 0x029200441a0292003f3167b2b7ad4188023c4886e6989b9a4004000000000000000057a7eb9b0536b2a56075aa2351abbf780081fd44b66a16f1006f6f6761626f6f6761 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "oogabooga" State = 0x126780d012f59a3245837272e42ef114 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "oogabooga", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 146 length 68 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for oogabooga with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\222E=691 R=1" EAP-Message = 0x04920004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\222E=691 R=1" EAP-Message = 0x04920004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 186 to 10.20.20.254 port 65023 EAP-Message = 0x0193002b190017030100201afe77cd1d02697e61c2bbcd462649cb5245412353ad060d1c786f76308c8295 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x38d5cb6a3d46d2236abc452f8306cad0 Finished request 10. Going to the next request Waking up in 0.7 seconds. rad_recv: Access-Request packet from host 10.20.20.254 port 65023, id=187, length=200 User-Name = "oogabooga" NAS-IP-Address = 10.20.20.254 NAS-Port = 0 Called-Station-Id = "F8-1E-DF-FC-8C-82:xyz" Calling-Station-Id = "00-17-F2-45-F7-CF" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0293002b19001703010020fd0090fac6f01439ffc066319ab8e8f0d3e832307599fd747a3b8fe696104009 State = 0x38d5cb6a3d46d2236abc452f8306cad0 Message-Authenticator = 0xe4f5e5b68c5e815de63c20ed81863e09 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "oogabooga", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 147 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Had sent TLV failure. User was rejected earlier in this session. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> oogabooga attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 11 for 1 seconds Going to the next request Waking up in 0.6 seconds. Cleaning up request 5 ID 181 with timestamp +328 Cleaning up request 6 ID 182 with timestamp +328 Cleaning up request 7 ID 183 with timestamp +328 Waking up in 0.1 seconds. Cleaning up request 8 ID 184 with timestamp +328 Cleaning up request 9 ID 185 with timestamp +328 Waking up in 0.1 seconds. Sending delayed reject for request 11 Sending Access-Reject of id 187 to 10.20.20.254 port 65023 EAP-Message = 0x04930004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.9 seconds. Cleaning up request 10 ID 186 with timestamp +332 Waking up in 1.0 seconds. Cleaning up request 11 ID 187 with timestamp +332 Ready to process requests. ------------------------------------------------------------------------------------------------------------------------