Hello This is my first time posting here, so sorry if something is wrong, sorry for my English too. I have configured freeradius V3.0.4 on Centos 7 for authenticating with Mac-address and a LDAP Server, using EAP-TTLS with PAP. One week ago all the clients (Windows 7, Windows 8, Ubuntu, Android) were able to authenticate without any issues; but in last day Windows 8 clients can not authenticate. In the debug (freeradius -X) i can see the server sending an Access-Challenge but the client never respond with the an Access-request. This is the Output of the freeradius -X when the Windows 8 client try to connect: Received Access-Request Id 84 from 10.66.146.10:62781 to 10.66.150.52:1812 length 184 User-Name = 'juliop' NAS-IP-Address = 10.66.146.10 NAS-Port = 0 NAS-Identifier = '10.66.146.10' NAS-Port-Type = Wireless-802.11 Calling-Station-Id = 'e0ca94e63751' Called-Station-Id = 'aca31ec60340' Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x0201000b016a756c696f70 Aruba-Essid-Name = 'riguprov' Aruba-Location-Id = 'apcdoggerC60340' Aruba-AP-Group = 'WLCZOO' Message-Authenticator = 0x2ae08657e469e194ccbd4e778e519044 (230) Received Access-Request packet from host 10.66.146.10 port 62781, id=84, length=184 (230) User-Name = 'juliop' (230) NAS-IP-Address = 10.66.146.10 (230) NAS-Port = 0 (230) NAS-Identifier = '10.66.146.10' (230) NAS-Port-Type = Wireless-802.11 (230) Calling-Station-Id = 'e0ca94e63751' (230) Called-Station-Id = 'aca31ec60340' (230) Service-Type = Login-User (230) Framed-MTU = 1100 (230) EAP-Message = 0x0201000b016a756c696f70 (230) Aruba-Essid-Name = 'riguprov' (230) Aruba-Location-Id = 'apcdoggerC60340' (230) Aruba-AP-Group = 'WLCZOO' (230) Message-Authenticator = 0x2ae08657e469e194ccbd4e778e519044 (230) # Executing section authorize from file /etc/raddb/sites-enabled/default (230) authorize { (230) filter_username filter_username { (230) if (!&User-Name) (230) if (!&User-Name) -> FALSE (230) if (&User-Name =~ / /) (230) if (&User-Name =~ / /) -> FALSE (230) if (&User-Name =~ /@.*@/ ) (230) if (&User-Name =~ /@.*@/ ) -> FALSE (230) if (&User-Name =~ /\\.\\./ ) (230) if (&User-Name =~ /\\.\\./ ) -> FALSE (230) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\ \.(.+)$/)) (230) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\ \.(.+)$/)) -> FALSE (230) if (&User-Name =~ /\\.$/) (230) if (&User-Name =~ /\\.$/) -> FALSE (230) if (&User-Name =~ /@\\./) (230) if (&User-Name =~ /@\\./) -> FALSE (230) } # filter_username filter_username = notfound (230) [preprocess] = ok (230) [chap] = noop (230) [mschap] = noop (230) rewrite_calling_station_id rewrite_calling_station_id { (230) if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a- f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f] {2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) (230) if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a- f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f] {2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) -> TRUE (230) if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a- f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f] {2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) { (230) update request { (230) EXPAND %{tolower:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}} (230) --> e0-ca-94-e6-37-51 (230) Calling-Station-Id := "e0-ca-94-e6-37-51" (230) } # update request = noop (230) [updated] = updated (230) } # if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0- 9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a- f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) = updated (230) ... skipping else for request 230: Preceding "if" was taken (230) } # rewrite_calling_station_id rewrite_calling_station_id = updated (230) authorized_macs_rigu : EXPAND %{Calling-Station-ID} (230) authorized_macs_rigu : --> e0-ca-94-e6-37-51 (230) authorized_macs_rigu : users: Matched entry e0-ca-94- e6-37-51 at line 3 (230) [authorized_macs_rigu] = ok (230) if (!ok) (230) if (!ok) -> FALSE (230) else else { (230) eap : Peer sent code Response (2) ID 1 length 11 (230) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (230) [eap] = ok (230) } # else else = ok (230) [unix] = notfound (230) [expiration] = noop (230) [logintime] = noop (230) WARNING: pap : No "known good" password found for the user. Not setting Auth-Type (230) WARNING: pap : Authentication will fail unless a "known good" password is available (230) [pap] = noop (230) if (User-Password) (230) if (User-Password) -> FALSE (230) } # authorize = updated (230) Found Auth-Type = EAP (230) # Executing group from file /etc/raddb/sites- enabled/default (230) authenticate { (230) eap : Peer sent method Identity (1) (230) eap : Calling eap_gtc to process EAP data (230) eap_gtc : EXPAND Password: (230) eap_gtc : --> Password: (230) eap : New EAP session, adding 'State' attribute to reply 0x045d7f1e045f7973 (230) [eap] = handled (230) } # authenticate = handled (230) Sending Access-Challenge packet to host 10.66.146.10 port 62781, id=84, length=0 (230) EAP-Message = 0x0102000f0650617373776f72643a20 (230) Message-Authenticator = 0x00000000000000000000000000000000 (230) State = 0x045d7f1e045f79735c746ec40219cffa Sending Access-Challenge Id 84 from 10.66.150.52:1812 to 10.66.146.10:62781 EAP-Message = 0x0102000f0650617373776f72643a20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x045d7f1e045f79735c746ec40219cffa (230) Finished request Waking up in 0.3 seconds. Received Access-Request Id 85 from 10.66.146.10:62781 to 10.66.150.52:1812 length 197 User-Name = 'juliop' NAS-IP-Address = 10.66.146.10 NAS-Port = 0 NAS-Identifier = '10.66.146.10' NAS-Port-Type = Wireless-802.11 Calling-Station-Id = 'e0ca94e63751' Called-Station-Id = 'aca31ec60340' Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x020200060315 State = 0x045d7f1e045f79735c746ec40219cffa Aruba-Essid-Name = 'riguprov' Aruba-Location-Id = 'apcdoggerC60340' Aruba-AP-Group = 'WLCZOO' Message-Authenticator = 0xd50b45437d77af44008db8418d48efe9 (231) Received Access-Request packet from host 10.66.146.10 port 62781, id=85, length=197 (231) User-Name = 'juliop' (231) NAS-IP-Address = 10.66.146.10 (231) NAS-Port = 0 (231) NAS-Identifier = '10.66.146.10' (231) NAS-Port-Type = Wireless-802.11 (231) Calling-Station-Id = 'e0ca94e63751' (231) Called-Station-Id = 'aca31ec60340' (231) Service-Type = Login-User (231) Framed-MTU = 1100 (231) EAP-Message = 0x020200060315 (231) State = 0x045d7f1e045f79735c746ec40219cffa (231) Aruba-Essid-Name = 'riguprov' (231) Aruba-Location-Id = 'apcdoggerC60340' (231) Aruba-AP-Group = 'WLCZOO' (231) Message-Authenticator = 0xd50b45437d77af44008db8418d48efe9 (231) # Executing section authorize from file /etc/raddb/sites-enabled/default (231) authorize { (231) filter_username filter_username { (231) if (!&User-Name) (231) if (!&User-Name) -> FALSE (231) if (&User-Name =~ / /) (231) if (&User-Name =~ / /) -> FALSE (231) if (&User-Name =~ /@.*@/ ) (231) if (&User-Name =~ /@.*@/ ) -> FALSE (231) if (&User-Name =~ /\\.\\./ ) (231) if (&User-Name =~ /\\.\\./ ) -> FALSE (231) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\ \.(.+)$/)) (231) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\ \.(.+)$/)) -> FALSE (231) if (&User-Name =~ /\\.$/) (231) if (&User-Name =~ /\\.$/) -> FALSE (231) if (&User-Name =~ /@\\./) (231) if (&User-Name =~ /@\\./) -> FALSE (231) } # filter_username filter_username = notfound (231) [preprocess] = ok (231) [chap] = noop (231) [mschap] = noop (231) rewrite_calling_station_id rewrite_calling_station_id { (231) if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a- f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f] {2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) (231) if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a- f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f] {2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) -> TRUE (231) if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a- f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f] {2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) { (231) update request { (231) EXPAND %{tolower:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}} (231) --> e0-ca-94-e6-37-51 (231) Calling-Station-Id := "e0-ca-94-e6-37-51" (231) } # update request = noop (231) [updated] = updated (231) } # if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0- 9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a- f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) = updated (231) ... skipping else for request 231: Preceding "if" was taken (231) } # rewrite_calling_station_id rewrite_calling_station_id = updated (231) authorized_macs_rigu : EXPAND %{Calling-Station-ID} (231) authorized_macs_rigu : --> e0-ca-94-e6-37-51 (231) authorized_macs_rigu : users: Matched entry e0-ca-94- e6-37-51 at line 3 (231) [authorized_macs_rigu] = ok (231) if (!ok) (231) if (!ok) -> FALSE (231) else else { (231) eap : Peer sent code Response (2) ID 2 length 6 (231) eap : No EAP Start, assuming it's an on-going EAP conversation (231) [eap] = updated (231) } # else else = updated (231) [unix] = notfound (231) [expiration] = noop (231) [logintime] = noop (231) WARNING: pap : No "known good" password found for the user. Not setting Auth-Type (231) WARNING: pap : Authentication will fail unless a "known good" password is available (231) [pap] = noop (231) if (User-Password) (231) if (User-Password) -> FALSE (231) } # authorize = updated (231) Found Auth-Type = EAP (231) # Executing group from file /etc/raddb/sites- enabled/default (231) authenticate { (231) eap : Expiring EAP session with state 0xa5b12d7ba0b63875 (231) eap : Expiring EAP session with state 0x045d7f1e045f7973 (231) eap : Finished EAP session with state 0x045d7f1e045f7973 (231) eap : Previous EAP request found for state 0x045d7f1e045f7973, released from the list (231) eap : Peer sent method NAK (3) (231) eap : Found mutually acceptable type TTLS (21) (231) eap : Calling eap_ttls to process EAP data (231) eap_ttls : Initiate (231) eap_ttls : Start returned 1 (231) eap : New EAP session, adding 'State' attribute to reply 0x045d7f1e055e6a73 (231) [eap] = handled (231) } # authenticate = handled (231) Sending Access-Challenge packet to host 10.66.146.10 port 62781, id=85, length=0 (231) EAP-Message = 0x010300061520 (231) Message-Authenticator = 0x00000000000000000000000000000000 (231) State = 0x045d7f1e055e6a735c746ec40219cffa Sending Access-Challenge Id 85 from 10.66.150.52:1812 to 10.66.146.10:62781 EAP-Message = 0x010300061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x045d7f1e055e6a735c746ec40219cffa (231) Finished request Waking up in 0.3 seconds. Received Access-Request Id 86 from 10.66.146.10:62781 to 10.66.150.52:1812 length 300 User-Name = 'juliop' NAS-IP-Address = 10.66.146.10 NAS-Port = 0 NAS-Identifier = '10.66.146.10' NAS-Port-Type = Wireless-802.11 Calling-Station-Id = 'e0ca94e63751' Called-Station-Id = 'aca31ec60340' Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x0203006d158000000063160301005e0100005a030155ca1e1527cd64549 1215c4d26942596749837856c75f293e184b19096f7d8e1000018002f0035 0005000ac013c014c009c00a003200380013000401000019ff01000100000 a0006000400170018000b0002010000230000 State = 0x045d7f1e055e6a735c746ec40219cffa Aruba-Essid-Name = 'riguprov' Aruba-Location-Id = 'apcdoggerC60340' Aruba-AP-Group = 'WLCZOO' Message-Authenticator = 0xe1de6209c504840cb7a94ab08a4646f2 (232) Received Access-Request packet from host 10.66.146.10 port 62781, id=86, length=300 (232) User-Name = 'juliop' (232) NAS-IP-Address = 10.66.146.10 (232) NAS-Port = 0 (232) NAS-Identifier = '10.66.146.10' (232) NAS-Port-Type = Wireless-802.11 (232) Calling-Station-Id = 'e0ca94e63751' (232) Called-Station-Id = 'aca31ec60340' (232) Service-Type = Login-User (232) Framed-MTU = 1100 (232) EAP-Message = 0x0203006d158000000063160301005e0100005a030155ca1e1527cd64549 1215c4d26942596749837856c75f293e184b19096f7d8e1000018002f0035 0005000ac013c014c009c00a003200380013000401000019ff01000100000 a0006000400170018000b0002010000230000 (232) State = 0x045d7f1e055e6a735c746ec40219cffa (232) Aruba-Essid-Name = 'riguprov' (232) Aruba-Location-Id = 'apcdoggerC60340' (232) Aruba-AP-Group = 'WLCZOO' (232) Message-Authenticator = 0xe1de6209c504840cb7a94ab08a4646f2 (232) # Executing section authorize from file /etc/raddb/sites-enabled/default (232) authorize { (232) filter_username filter_username { (232) if (!&User-Name) (232) if (!&User-Name) -> FALSE (232) if (&User-Name =~ / /) (232) if (&User-Name =~ / /) -> FALSE (232) if (&User-Name =~ /@.*@/ ) (232) if (&User-Name =~ /@.*@/ ) -> FALSE (232) if (&User-Name =~ /\\.\\./ ) (232) if (&User-Name =~ /\\.\\./ ) -> FALSE (232) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\ \.(.+)$/)) (232) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\ \.(.+)$/)) -> FALSE (232) if (&User-Name =~ /\\.$/) (232) if (&User-Name =~ /\\.$/) -> FALSE (232) if (&User-Name =~ /@\\./) (232) if (&User-Name =~ /@\\./) -> FALSE (232) } # filter_username filter_username = notfound (232) [preprocess] = ok (232) [chap] = noop (232) [mschap] = noop (232) rewrite_calling_station_id rewrite_calling_station_id { (232) if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a- f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f] {2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) (232) if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a- f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f] {2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) -> TRUE (232) if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a- f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f] {2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) { (232) update request { (232) EXPAND %{tolower:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}} (232) --> e0-ca-94-e6-37-51 (232) Calling-Station-Id := "e0-ca-94-e6-37-51" (232) } # update request = noop (232) [updated] = updated (232) } # if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0- 9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a- f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) = updated (232) ... skipping else for request 232: Preceding "if" was taken (232) } # rewrite_calling_station_id rewrite_calling_station_id = updated (232) authorized_macs_rigu : EXPAND %{Calling-Station-ID} (232) authorized_macs_rigu : --> e0-ca-94-e6-37-51 (232) authorized_macs_rigu : users: Matched entry e0-ca-94- e6-37-51 at line 3 (232) [authorized_macs_rigu] = ok (232) if (!ok) (232) if (!ok) -> FALSE (232) else else { (232) eap : Peer sent code Response (2) ID 3 length 109 (232) eap : Continuing tunnel setup (232) [eap] = ok (232) } # else else = ok (232) [unix] = notfound (232) [expiration] = noop (232) [logintime] = noop (232) [pap] = noop (232) if (User-Password) (232) if (User-Password) -> FALSE (232) } # authorize = updated (232) Found Auth-Type = EAP (232) # Executing group from file /etc/raddb/sites- enabled/default (232) authenticate { (232) eap : Expiring EAP session with state 0x045d7f1e055e6a73 (232) eap : Finished EAP session with state 0x045d7f1e055e6a73 (232) eap : Previous EAP request found for state 0x045d7f1e055e6a73, released from the list (232) eap : Peer sent method TTLS (21) (232) eap : EAP TTLS (21) (232) eap : Calling eap_ttls to process EAP data (232) eap_ttls : Authenticate (232) eap_ttls : processing EAP-TLS TLS Length 99 (232) eap_ttls : Length Included (232) eap_ttls : eaptls_verify returned 11 (232) eap_ttls : (other): before/accept initialization (232) eap_ttls : TLS_accept: before/accept initialization (232) eap_ttls : <<< TLS 1.0 Handshake [length 005e], ClientHello (232) eap_ttls : TLS_accept: SSLv3 read client hello A (232) eap_ttls : >>> TLS 1.0 Handshake [length 0051], ServerHello (232) eap_ttls : TLS_accept: SSLv3 write server hello A (232) eap_ttls : >>> TLS 1.0 Handshake [length 08d0], Certificate (232) eap_ttls : TLS_accept: SSLv3 write certificate A (232) eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone (232) eap_ttls : TLS_accept: SSLv3 write server done A (232) eap_ttls : TLS_accept: SSLv3 flush data (232) eap_ttls : TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode (232) eap_ttls : eaptls_process returned 13 (232) eap : New EAP session, adding 'State' attribute to reply 0x045d7f1e06596a73 (232) [eap] = handled (232) } # authenticate = handled (232) Sending Access-Challenge packet to host 10.66.146.10 port 62781, id=86, length=0 (232) EAP-Message = 0x010403ec15c00000093416030100510200004d030155ca2598dd8c3b53d f8b24bf7fdcef8d8deaea8c43cce6b8ce3d002e31400bce204c2e39d34510 36f48b4baafb453941ca4904c6858af2168a40acf8a26672e307002f00000 5ff0100010016030108d00b0008cc0008c90003de308203da308202c2a003 020102020101300d06092a864886f70d01010b0500308193310b300906035 5040613024652310f300d0603550408130652616469757331123010060355 04071309536f6d65776865726531153013060355040a130c4578616d706c6 520496e632e3120301e06092a864886f70d010901161161646d696e406578 616d706c652e636f6d312630240603550403131d4578616d706c652043657 2746966696361746520417574686f72697479301e170d3135303630333135 323831355a170d3135303830323135323831355a307c310b3009060355040 613024652310f300d0603550408130652616469757331153013060355040a 130c4578616d706c6520496e632e312330210603550403131a4578616d706 c65205365727665722043657274696669636174653120301e06092a864886 f70d010901161161646d696e406578616d706c652e636f6d30820122300d0 6092a864886f70d01010105000382010f003082010a0282010100d25092ad a62933bf922ec8bdd20f51d230edb578 (232) Message-Authenticator = 0x00000000000000000000000000000000 (232) State = 0x045d7f1e06596a735c746ec40219cffa Sending Access-Challenge Id 86 from 10.66.150.52:1812 to 10.66.146.10:62781 EAP-Message = 0x010403ec15c00000093416030100510200004d030155ca2598dd8c3b53d f8b24bf7fdcef8d8deaea8c43cce6b8ce3d002e31400bce204c2e39d34510 36f48b4baafb453941ca4904c6858af2168a40acf8a26672e307002f00000 5ff0100010016030108d00b0008cc0008c90003de308203da308202c2a003 020102020101300d06092a864886f70d01010b0500308193310b300906035 5040613024652310f300d0603550408130652616469757331123010060355 04071309536f6d65776865726531153013060355040a130c4578616d706c6 520496e632e3120301e06092a864886f70d010901161161646d696e406578 616d706c652e636f6d312630240603550403131d4578616d706c652043657 2746966696361746520417574686f72697479301e170d3135303630333135 323831355a170d3135303830323135323831355a307c310b3009060355040 613024652310f300d0603550408130652616469757331153013060355040a 130c4578616d706c6520496e632e312330210603550403131a4578616d706 c65205365727665722043657274696669636174653120301e06092a864886 f70d010901161161646d696e406578616d706c652e636f6d30820122300d0 6092a864886f70d01010105000382010f003082010a0282010100d25092ad a62933bf922ec8bdd20f51d230edb57 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x045d7f1e06596a735c746ec40219cffa (232) Finished request Waking up in 0.2 seconds. Received Access-Request Id 87 from 10.66.146.10:62781 to 10.66.150.52:1812 length 197 User-Name = 'juliop' NAS-IP-Address = 10.66.146.10 NAS-Port = 0 NAS-Identifier = '10.66.146.10' NAS-Port-Type = Wireless-802.11 Calling-Station-Id = 'e0ca94e63751' Called-Station-Id = 'aca31ec60340' Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x020400061500 State = 0x045d7f1e06596a735c746ec40219cffa Aruba-Essid-Name = 'riguprov' Aruba-Location-Id = 'apcdoggerC60340' Aruba-AP-Group = 'WLCZOO' Message-Authenticator = 0xbb89e26656fbb3e2d883d37f1f809264 (233) Received Access-Request packet from host 10.66.146.10 port 62781, id=87, length=197 (233) User-Name = 'juliop' (233) NAS-IP-Address = 10.66.146.10 (233) NAS-Port = 0 (233) NAS-Identifier = '10.66.146.10' (233) NAS-Port-Type = Wireless-802.11 (233) Calling-Station-Id = 'e0ca94e63751' (233) Called-Station-Id = 'aca31ec60340' (233) Service-Type = Login-User (233) Framed-MTU = 1100 (233) EAP-Message = 0x020400061500 (233) State = 0x045d7f1e06596a735c746ec40219cffa (233) Aruba-Essid-Name = 'riguprov' (233) Aruba-Location-Id = 'apcdoggerC60340' (233) Aruba-AP-Group = 'WLCZOO' (233) Message-Authenticator = 0xbb89e26656fbb3e2d883d37f1f809264 (233) # Executing section authorize from file /etc/raddb/sites-enabled/default (233) authorize { (233) filter_username filter_username { (233) if (!&User-Name) (233) if (!&User-Name) -> FALSE (233) if (&User-Name =~ / /) (233) if (&User-Name =~ / /) -> FALSE (233) if (&User-Name =~ /@.*@/ ) (233) if (&User-Name =~ /@.*@/ ) -> FALSE (233) if (&User-Name =~ /\\.\\./ ) (233) if (&User-Name =~ /\\.\\./ ) -> FALSE (233) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\ \.(.+)$/)) (233) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\ \.(.+)$/)) -> FALSE (233) if (&User-Name =~ /\\.$/) (233) if (&User-Name =~ /\\.$/) -> FALSE (233) if (&User-Name =~ /@\\./) (233) if (&User-Name =~ /@\\./) -> FALSE (233) } # filter_username filter_username = notfound (233) [preprocess] = ok (233) [chap] = noop (233) [mschap] = noop (233) rewrite_calling_station_id rewrite_calling_station_id { (233) if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a- f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f] {2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) (233) if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a- f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f] {2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) -> TRUE (233) if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a- f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f] {2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) { (233) update request { (233) EXPAND %{tolower:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}} (233) --> e0-ca-94-e6-37-51 (233) Calling-Station-Id := "e0-ca-94-e6-37-51" (233) } # update request = noop (233) [updated] = updated (233) } # if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0- 9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a- f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) = updated (233) ... skipping else for request 233: Preceding "if" was taken (233) } # rewrite_calling_station_id rewrite_calling_station_id = updated (233) authorized_macs_rigu : EXPAND %{Calling-Station-ID} (233) authorized_macs_rigu : --> e0-ca-94-e6-37-51 (233) authorized_macs_rigu : users: Matched entry e0-ca-94- e6-37-51 at line 3 (233) [authorized_macs_rigu] = ok (233) if (!ok) (233) if (!ok) -> FALSE (233) else else { (233) eap : Peer sent code Response (2) ID 4 length 6 (233) eap : Continuing tunnel setup (233) [eap] = ok (233) } # else else = ok (233) [unix] = notfound (233) [expiration] = noop (233) [logintime] = noop (233) [pap] = noop (233) if (User-Password) (233) if (User-Password) -> FALSE (233) } # authorize = updated (233) Found Auth-Type = EAP (233) # Executing group from file /etc/raddb/sites- enabled/default (233) authenticate { (233) eap : Expiring EAP session with state 0x045d7f1e06596a73 (233) eap : Finished EAP session with state 0x045d7f1e06596a73 (233) eap : Previous EAP request found for state 0x045d7f1e06596a73, released from the list (233) eap : Peer sent method TTLS (21) (233) eap : EAP TTLS (21) (233) eap : Calling eap_ttls to process EAP data (233) eap_ttls : Authenticate (233) eap_ttls : processing EAP-TLS (233) eap_ttls : Received TLS ACK (233) eap_ttls : Received TLS ACK (233) eap_ttls : ACK handshake fragment handler (233) eap_ttls : eaptls_verify returned 1 (233) eap_ttls : eaptls_process returned 13 (233) eap : New EAP session, adding 'State' attribute to reply 0x045d7f1e07586a73 (233) [eap] = handled (233) } # authenticate = handled (233) Sending Access-Challenge packet to host 10.66.146.10 port 62781, id=87, length=0 (233) EAP-Message = 0x010503ec15c0000009344cbf2bce7c2d153e57a0ae308d0085a8c641d1b d8a274505d2dff596d77bab57bb54c46518f80b78d2f3705a8a11706a2781 a6dcd17a902e2b4eaa13cd5fa68fe7a8c94257d645fc967bbde06b931ebed 475aa096ef3342df2b5ede54f115db3df0004e5308204e1308203c9a00302 01020209009552ff70bc0159d9300d06092a864886f70d010105050030819 3310b3009060355040613024652310f300d06035504081306526164697573 3112301006035504071309536f6d65776865726531153013060355040a130 c4578616d706c6520496e632e3120301e06092a864886f70d010901161161 646d696e406578616d706c652e636f6d312630240603550403131d4578616 d706c6520436572746966696361746520417574686f72697479301e170d31 35303630333135323831355a170d3135303830323135323831355a3081933 10b3009060355040613024652310f300d0603550408130652616469757331 12301006035504071309536f6d65776865726531153013060355040a130c4 578616d706c6520496e632e3120301e06092a864886f70d01090116116164 6d696e406578616d706c652e636f6d312630240603550403131d4578616d7 06c6520436572746966696361746520417574686f7269747930820122300d 06092a864886f70d0101010500038201 (233) Message-Authenticator = 0x00000000000000000000000000000000 (233) State = 0x045d7f1e07586a735c746ec40219cffa Sending Access-Challenge Id 87 from 10.66.150.52:1812 to 10.66.146.10:62781 EAP-Message = 0x010503ec15c0000009344cbf2bce7c2d153e57a0ae308d0085a8c641d1b d8a274505d2dff596d77bab57bb54c46518f80b78d2f3705a8a11706a2781 a6dcd17a902e2b4eaa13cd5fa68fe7a8c94257d645fc967bbde06b931ebed 475aa096ef3342df2b5ede54f115db3df0004e5308204e1308203c9a00302 01020209009552ff70bc0159d9300d06092a864886f70d010105050030819 3310b3009060355040613024652310f300d06035504081306526164697573 3112301006035504071309536f6d65776865726531153013060355040a130 c4578616d706c6520496e632e3120301e06092a864886f70d010901161161 646d696e406578616d706c652e636f6d312630240603550403131d4578616 d706c6520436572746966696361746520417574686f72697479301e170d31 35303630333135323831355a170d3135303830323135323831355a3081933 10b3009060355040613024652310f300d0603550408130652616469757331 12301006035504071309536f6d65776865726531153013060355040a130c4 578616d706c6520496e632e3120301e06092a864886f70d01090116116164 6d696e406578616d706c652e636f6d312630240603550403131d4578616d7 06c6520436572746966696361746520417574686f7269747930820122300d 06092a864886f70d010101050003820 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x045d7f1e07586a735c746ec40219cffa (233) Finished request Waking up in 0.1 seconds. Received Access-Request Id 88 from 10.66.146.10:62781 to 10.66.150.52:1812 length 197 User-Name = 'juliop' NAS-IP-Address = 10.66.146.10 NAS-Port = 0 NAS-Identifier = '10.66.146.10' NAS-Port-Type = Wireless-802.11 Calling-Station-Id = 'e0ca94e63751' Called-Station-Id = 'aca31ec60340' Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x020500061500 State = 0x045d7f1e07586a735c746ec40219cffa Aruba-Essid-Name = 'riguprov' Aruba-Location-Id = 'apcdoggerC60340' Aruba-AP-Group = 'WLCZOO' Message-Authenticator = 0x2167af66b4077bc2ada6d8cc82632788 (234) Received Access-Request packet from host 10.66.146.10 port 62781, id=88, length=197 (234) User-Name = 'juliop' (234) NAS-IP-Address = 10.66.146.10 (234) NAS-Port = 0 (234) NAS-Identifier = '10.66.146.10' (234) NAS-Port-Type = Wireless-802.11 (234) Calling-Station-Id = 'e0ca94e63751' (234) Called-Station-Id = 'aca31ec60340' (234) Service-Type = Login-User (234) Framed-MTU = 1100 (234) EAP-Message = 0x020500061500 (234) State = 0x045d7f1e07586a735c746ec40219cffa (234) Aruba-Essid-Name = 'riguprov' (234) Aruba-Location-Id = 'apcdoggerC60340' (234) Aruba-AP-Group = 'WLCZOO' (234) Message-Authenticator = 0x2167af66b4077bc2ada6d8cc82632788 (234) # Executing section authorize from file /etc/raddb/sites-enabled/default (234) authorize { (234) filter_username filter_username { (234) if (!&User-Name) (234) if (!&User-Name) -> FALSE (234) if (&User-Name =~ / /) (234) if (&User-Name =~ / /) -> FALSE (234) if (&User-Name =~ /@.*@/ ) (234) if (&User-Name =~ /@.*@/ ) -> FALSE (234) if (&User-Name =~ /\\.\\./ ) (234) if (&User-Name =~ /\\.\\./ ) -> FALSE (234) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\ \.(.+)$/)) (234) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\ \.(.+)$/)) -> FALSE (234) if (&User-Name =~ /\\.$/) (234) if (&User-Name =~ /\\.$/) -> FALSE (234) if (&User-Name =~ /@\\./) (234) if (&User-Name =~ /@\\./) -> FALSE (234) } # filter_username filter_username = notfound (234) [preprocess] = ok (234) [chap] = noop (234) [mschap] = noop (234) rewrite_calling_station_id rewrite_calling_station_id { (234) if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a- f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f] {2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) (234) if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a- f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f] {2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) -> TRUE (234) if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a- f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f] {2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) { (234) update request { (234) EXPAND %{tolower:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}} (234) --> e0-ca-94-e6-37-51 (234) Calling-Station-Id := "e0-ca-94-e6-37-51" (234) } # update request = noop (234) [updated] = updated (234) } # if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0- 9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a- f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) = updated (234) ... skipping else for request 234: Preceding "if" was taken (234) } # rewrite_calling_station_id rewrite_calling_station_id = updated (234) authorized_macs_rigu : EXPAND %{Calling-Station-ID} (234) authorized_macs_rigu : --> e0-ca-94-e6-37-51 (234) authorized_macs_rigu : users: Matched entry e0-ca-94- e6-37-51 at line 3 (234) [authorized_macs_rigu] = ok (234) if (!ok) (234) if (!ok) -> FALSE (234) else else { (234) eap : Peer sent code Response (2) ID 5 length 6 (234) eap : Continuing tunnel setup (234) [eap] = ok (234) } # else else = ok (234) [unix] = notfound (234) [expiration] = noop (234) [logintime] = noop (234) [pap] = noop (234) if (User-Password) (234) if (User-Password) -> FALSE (234) } # authorize = updated (234) Found Auth-Type = EAP (234) # Executing group from file /etc/raddb/sites- enabled/default (234) authenticate { (234) eap : Expiring EAP session with state 0x045d7f1e07586a73 (234) eap : Finished EAP session with state 0x045d7f1e07586a73 (234) eap : Previous EAP request found for state 0x045d7f1e07586a73, released from the list (234) eap : Peer sent method TTLS (21) (234) eap : EAP TTLS (21) (234) eap : Calling eap_ttls to process EAP data (234) eap_ttls : Authenticate (234) eap_ttls : processing EAP-TLS (234) eap_ttls : Received TLS ACK (234) eap_ttls : Received TLS ACK (234) eap_ttls : ACK handshake fragment handler (234) eap_ttls : eaptls_verify returned 1 (234) eap_ttls : eaptls_process returned 13 (234) eap : New EAP session, adding 'State' attribute to reply 0x045d7f1e005b6a73 (234) [eap] = handled (234) } # authenticate = handled (234) Sending Access-Challenge packet to host 10.66.146.10 port 62781, id=88, length=0 (234) EAP-Message = 0x0106017a15800000093474798209009552ff70bc0159d9300c0603551d1 3040530030101ff30360603551d1f042f302d302ba029a027862568747470 3a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e6 3726c300d06092a864886f70d0101050500038201010017b5b9c2cb8ddbd3 35e4580acb8d0d84c69239921370dc5da9ccd6a3876942c071f1f0e6ebda4 1cf972acc79fe6d2185259060ff1f3d4389df26179837357db62e8e69faf9 8aa9cf9504110d389aafc6d21c23cdc83e952b958b92eab43fc55e622f1c0 fd468e3ef2a9750e502d3148c44b7d3f4ae959592de1a2c96d9ae6a4fe68c de5a96ae933de7fcc77bcb3f591a2a74cb3331199334067d682cd4bf0190c 571c1d4e290aa945e3d69a58da89eaa7fd993981db116333ba66a1df2b9ca 30b8c6cca5c3ab9b2b9f756be3a2de9426450fdaa2363b16f32982e48d8f4 5009bbe7fb217585fc69a5b0540d0fd279a0737a4f87323e36213f5ffa8e3 3f1472ad16030100040e000000 (234) Message-Authenticator = 0x00000000000000000000000000000000 (234) State = 0x045d7f1e005b6a735c746ec40219cffa Sending Access-Challenge Id 88 from 10.66.150.52:1812 to 10.66.146.10:62781 EAP-Message = 0x0106017a15800000093474798209009552ff70bc0159d9300c0603551d1 3040530030101ff30360603551d1f042f302d302ba029a027862568747470 3a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e6 3726c300d06092a864886f70d0101050500038201010017b5b9c2cb8ddbd3 35e4580acb8d0d84c69239921370dc5da9ccd6a3876942c071f1f0e6ebda4 1cf972acc79fe6d2185259060ff1f3d4389df26179837357db62e8e69faf9 8aa9cf9504110d389aafc6d21c23cdc83e952b958b92eab43fc55e622f1c0 fd468e3ef2a9750e502d3148c44b7d3f4ae959592de1a2c96d9ae6a4fe68c de5a96ae933de7fcc77bcb3f591a2a74cb3331199334067d682cd4bf0190c 571c1d4e290aa945e3d69a58da89eaa7fd993981db116333ba66a1df2b9ca 30b8c6cca5c3ab9b2b9f756be3a2de9426450fdaa2363b16f32982e48d8f4 5009bbe7fb217585fc69a5b0540d0fd279a0737a4f87323e36213f5ffa8e3 3f1472ad16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x045d7f1e005b6a735c746ec40219cffa (234) Finished request Received Access-Request Id 89 from 10.66.146.10:62781 to 10.66.150.52:1812 length 529 User-Name = 'juliop' NAS-IP-Address = 10.66.146.10 NAS-Port = 0 NAS-Identifier = '10.66.146.10' NAS-Port-Type = Wireless-802.11 Calling-Station-Id = 'e0ca94e63751' Called-Station-Id = 'aca31ec60340' Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x0206015015800000014616030101061000010201006c9734bf98617e57a b336a9d59387e12409cdad2e5bfeaaaf0812f8a833959718d95e404b1c66b c1ac158cc842455fb0a9d372bfc66b9999fe43846d272fe2fc937eeb8fdb4 0f43401765ad3738e2b85b6d30046bfb9393df1bfdc28bca11813b7ec357e e12d13cbaa40e50cf3ba71b192f5388a302c1ec8d81e85818bcdaab72e635 ca1b3628976700cd08dd3260ca9a122222cef2a02e81c9a5c580d01904ba2 931a9612aace62f032c266a79dff97a32209d5d533d9df10791b577b1d6be 50ce7028424f4e798a3320bb4704bec54ecf9ad4b8f3bf2d8267f28da3e54 01c297c0f9e75851eaed8c1fbe6be017ae2ae1ab72a4be278a3a6976a0a22 a06eaa01403010001011603010030ff73e273aa3d537ab4e6a47049ac6761 52dfe2d2f524602e360b0eac392a1ec6faad956c0ed816a71e552178e740f 706 State = 0x045d7f1e005b6a735c746ec40219cffa Aruba-Essid-Name = 'riguprov' Aruba-Location-Id = 'apcdoggerC60340' Aruba-AP-Group = 'WLCZOO' Message-Authenticator = 0xb3ee38765ea4f5290b0ec7501bf5c911 (235) Received Access-Request packet from host 10.66.146.10 port 62781, id=89, length=529 (235) User-Name = 'juliop' (235) NAS-IP-Address = 10.66.146.10 (235) NAS-Port = 0 (235) NAS-Identifier = '10.66.146.10' (235) NAS-Port-Type = Wireless-802.11 (235) Calling-Station-Id = 'e0ca94e63751' (235) Called-Station-Id = 'aca31ec60340' (235) Service-Type = Login-User (235) Framed-MTU = 1100 (235) EAP-Message = 0x0206015015800000014616030101061000010201006c9734bf98617e57a b336a9d59387e12409cdad2e5bfeaaaf0812f8a833959718d95e404b1c66b c1ac158cc842455fb0a9d372bfc66b9999fe43846d272fe2fc937eeb8fdb4 0f43401765ad3738e2b85b6d30046bfb9393df1bfdc28bca11813b7ec357e e12d13cbaa40e50cf3ba71b192f5388a302c1ec8d81e85818bcdaab72e635 ca1b3628976700cd08dd3260ca9a122222cef2a02e81c9a5c580d01904ba2 931a9612aace62f032c266a79dff97a32209d5d533d9df10791b577b1d6be 50ce7028424f4e798a3320bb4704bec54ecf9ad4b8f3bf2d8267f28da3e54 01c297c0f9e75851eaed8c1fbe6be017ae2ae1ab72a4be278a3a6976a0a22 a06eaa01403010001011603010030ff73e273aa3d537ab4e6a47049ac6761 52dfe2d2f524602e360b0eac392a1ec6faad956c0ed816a71e552178e740f 706 (235) State = 0x045d7f1e005b6a735c746ec40219cffa (235) Aruba-Essid-Name = 'riguprov' (235) Aruba-Location-Id = 'apcdoggerC60340' (235) Aruba-AP-Group = 'WLCZOO' (235) Message-Authenticator = 0xb3ee38765ea4f5290b0ec7501bf5c911 (235) # Executing section authorize from file /etc/raddb/sites-enabled/default (235) authorize { (235) filter_username filter_username { (235) if (!&User-Name) (235) if (!&User-Name) -> FALSE (235) if (&User-Name =~ / /) (235) if (&User-Name =~ / /) -> FALSE (235) if (&User-Name =~ /@.*@/ ) (235) if (&User-Name =~ /@.*@/ ) -> FALSE (235) if (&User-Name =~ /\\.\\./ ) (235) if (&User-Name =~ /\\.\\./ ) -> FALSE (235) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\ \.(.+)$/)) (235) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\ \.(.+)$/)) -> FALSE (235) if (&User-Name =~ /\\.$/) (235) if (&User-Name =~ /\\.$/) -> FALSE (235) if (&User-Name =~ /@\\./) (235) if (&User-Name =~ /@\\./) -> FALSE (235) } # filter_username filter_username = notfound (235) [preprocess] = ok (235) [chap] = noop (235) [mschap] = noop (235) rewrite_calling_station_id rewrite_calling_station_id { (235) if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a- f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f] {2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) (235) if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a- f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f] {2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) -> TRUE (235) if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a- f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f] {2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) { (235) update request { (235) EXPAND %{tolower:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}} (235) --> e0-ca-94-e6-37-51 (235) Calling-Station-Id := "e0-ca-94-e6-37-51" (235) } # update request = noop (235) [updated] = updated (235) } # if (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0- 9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a- f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i) = updated (235) ... skipping else for request 235: Preceding "if" was taken (235) } # rewrite_calling_station_id rewrite_calling_station_id = updated (235) authorized_macs_rigu : EXPAND %{Calling-Station-ID} (235) authorized_macs_rigu : --> e0-ca-94-e6-37-51 (235) authorized_macs_rigu : users: Matched entry e0-ca-94- e6-37-51 at line 3 (235) [authorized_macs_rigu] = ok (235) if (!ok) (235) if (!ok) -> FALSE (235) else else { (235) eap : Peer sent code Response (2) ID 6 length 336 (235) eap : Continuing tunnel setup (235) [eap] = ok (235) } # else else = ok (235) [unix] = notfound (235) [expiration] = noop (235) [logintime] = noop (235) [pap] = noop (235) if (User-Password) (235) if (User-Password) -> FALSE (235) } # authorize = updated (235) Found Auth-Type = EAP (235) # Executing group from file /etc/raddb/sites- enabled/default (235) authenticate { (235) eap : Expiring EAP session with state 0x045d7f1e005b6a73 (235) eap : Finished EAP session with state 0x045d7f1e005b6a73 (235) eap : Previous EAP request found for state 0x045d7f1e005b6a73, released from the list (235) eap : Peer sent method TTLS (21) (235) eap : EAP TTLS (21) (235) eap : Calling eap_ttls to process EAP data (235) eap_ttls : Authenticate (235) eap_ttls : processing EAP-TLS TLS Length 326 (235) eap_ttls : Length Included (235) eap_ttls : eaptls_verify returned 11 (235) eap_ttls : <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange (235) eap_ttls : TLS_accept: SSLv3 read client key exchange A (235) eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] (235) eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished (235) eap_ttls : TLS_accept: SSLv3 read finished A (235) eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] (235) eap_ttls : TLS_accept: SSLv3 write change cipher spec A (235) eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished (235) eap_ttls : TLS_accept: SSLv3 write finished A (235) eap_ttls : TLS_accept: SSLv3 flush data SSL: adding session 4c2e39d3451036f48b4baafb453941ca4904c6858af2168a40acf8a26672e 307 to cache (235) eap_ttls : (other): SSL negotiation finished successfully SSL Connection Established (235) eap_ttls : eaptls_process returned 13 (235) eap : New EAP session, adding 'State' attribute to reply 0x045d7f1e015a6a73 (235) [eap] = handled (235) } # authenticate = handled (235) Sending Access-Challenge packet to host 10.66.146.10 port 62781, id=89, length=0 (235) EAP-Message = 0x0107004515800000003b14030100010116030100308e3794c96fb4750fe 302664ac575681fd3da4d4dc79e608e9b41c79bee203833cadba138fc0cec 70aed233037220d0a1 (235) Message-Authenticator = 0x00000000000000000000000000000000 (235) State = 0x045d7f1e015a6a735c746ec40219cffa Sending Access-Challenge Id 89 from 10.66.150.52:1812 to 10.66.146.10:62781 EAP-Message = 0x0107004515800000003b14030100010116030100308e3794c96fb4750fe 302664ac575681fd3da4d4dc79e608e9b41c79bee203833cadba138fc0cec 70aed233037220d0a1 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x045d7f1e015a6a735c746ec40219cffa (235) Finished request Waking up in 0.1 seconds. Waking up in 4.3 seconds. (230) Cleaning up request packet ID 84 with timestamp +8048 (231) Cleaning up request packet ID 85 with timestamp +8048 (232) Cleaning up request packet ID 86 with timestamp +8048 Waking up in 0.1 seconds. (233) Cleaning up request packet ID 87 with timestamp +8049 (234) Cleaning up request packet ID 88 with timestamp +8049 (235) Cleaning up request packet ID 89 with timestamp +8049 Waking up in 3994804.7 seconds. I'll be very grateful if anyone can help me. if a configuration file is required, just ask me Thanks Again. Cristian M.