(0) Received Access-Request Id 187 from 172.16.2.24:43616 to 172.16.88.201:1812 length 216 (0) User-Name = "mathias.maes" (0) NAS-Identifier = "802aa8d21ff5" (0) Called-Station-Id = "80-2A-A8-D2-1F-F5:FreeRadius Test" (0) NAS-Port-Type = Wireless-802.11 (0) Service-Type = Framed-User (0) Calling-Station-Id = "E4-A7-A0-B0-AE-C8" (0) Connect-Info = "CONNECT 0Mbps 802.11b" (0) Acct-Session-Id = "91947FC2865BC082" (0) WLAN-Pairwise-Cipher = 1027076 (0) WLAN-Group-Cipher = 1027076 (0) WLAN-AKM-Suite = 1027073 (0) Framed-MTU = 1400 (0) EAP-Message = 0x02720011016d6174686961732e6d616573 (0) Message-Authenticator = 0x515f9696923540a58f3eeae482177330 (0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/de fault (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALS E (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "mathias.maes", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) eap: Peer sent EAP Response (code 2) ID 114 length 17 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = eap (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (0) authenticate { (0) eap: Peer sent packet with method EAP Identity (1) (0) eap: Calling submodule eap_md5 to process data (0) eap_md5: Issuing MD5 Challenge (0) eap: Sending EAP Request (code 1) ID 115 length 22 (0) eap: EAP session adding &reply:State = 0x8992220389e12690 (0) [eap] = handled (0) } # authenticate = handled (0) Using Post-Auth-Type Challenge (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (0) Challenge { ... } # empty sub-section is ignored (0) Sent Access-Challenge Id 187 from 172.16.88.201:1812 to 172.16.2.24:43616 le ngth 0 (0) EAP-Message = 0x017300160410b1fd2b55fe05c489f528ef67441d4e20 (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0x8992220389e12690bf08241ae32c8474 (0) Finished request Waking up in 4.9 seconds. (1) Received Access-Request Id 188 from 172.16.2.24:43616 to 172.16.88.201:1812 length 224 (1) User-Name = "mathias.maes" (1) NAS-Identifier = "802aa8d21ff5" (1) Called-Station-Id = "80-2A-A8-D2-1F-F5:FreeRadius Test" (1) NAS-Port-Type = Wireless-802.11 (1) Service-Type = Framed-User (1) Calling-Station-Id = "E4-A7-A0-B0-AE-C8" (1) Connect-Info = "CONNECT 0Mbps 802.11b" (1) Acct-Session-Id = "91947FC2865BC082" (1) WLAN-Pairwise-Cipher = 1027076 (1) WLAN-Group-Cipher = 1027076 (1) WLAN-AKM-Suite = 1027073 (1) Framed-MTU = 1400 (1) EAP-Message = 0x02730007031915 (1) State = 0x8992220389e12690bf08241ae32c8474 (1) Message-Authenticator = 0x6a137ff79215091f27021135b407b85c (1) session-state: No cached attributes (1) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/de fault (1) authorize { (1) policy filter_username { (1) if (&User-Name) { (1) if (&User-Name) -> TRUE (1) if (&User-Name) { (1) if (&User-Name =~ / /) { (1) if (&User-Name =~ / /) -> FALSE (1) if (&User-Name =~ /@[^@]*@/ ) { (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (1) if (&User-Name =~ /\.\./ ) { (1) if (&User-Name =~ /\.\./ ) -> FALSE (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALS E (1) if (&User-Name =~ /\.$/) { (1) if (&User-Name =~ /\.$/) -> FALSE (1) if (&User-Name =~ /@\./) { (1) if (&User-Name =~ /@\./) -> FALSE (1) } # if (&User-Name) = notfound (1) } # policy filter_username = notfound (1) [preprocess] = ok (1) [chap] = noop (1) [mschap] = noop (1) [digest] = noop (1) suffix: Checking for suffix after "@" (1) suffix: No '@' in User-Name = "mathias.maes", looking up realm NULL (1) suffix: No such realm "NULL" (1) [suffix] = noop (1) eap: Peer sent EAP Response (code 2) ID 115 length 7 (1) eap: No EAP Start, assuming it's an on-going EAP conversation (1) [eap] = updated (1) [files] = noop rlm_ldap (ldap): Reserved connection (0) (1) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (1) ldap: --> (uid=mathias.maes) (1) ldap: Performing search in "dc=maerlantatheneum,dc=be" with filter "(uid=mat hias.maes)", scope "sub" (1) ldap: Waiting for search result... (1) ldap: User object found at DN "uid=mathias.maes,ou=Secretariaat,ou=Atheneum, ou=Users,dc=maerlantatheneum,dc=be" (1) ldap: Processing user attributes (1) ldap: WARNING: No "known good" password added. Ensure the admin user has per mission to read the password attribute (1) ldap: WARNING: PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure) rlm_ldap (ldap): Released connection (0) Need 5 more connections to reach 10 spares rlm_ldap (ldap): Opening additional connection (5), 1 of 27 pending slots used rlm_ldap (ldap): Connecting to ldaps://ldap.google.com:636 rlm_ldap (ldap): Waiting for bind result... ber_get_next failed. rlm_ldap (ldap): Bind successful (1) [ldap] = ok (1) [expiration] = noop (1) [logintime] = noop Not doing PAP as Auth-Type is already set. (1) [pap] = noop (1) if (User-Password) { (1) if (User-Password) -> FALSE (1) } # authorize = updated (1) Found Auth-Type = eap (1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (1) authenticate { (1) eap: Expiring EAP session with state 0x8992220389e12690 (1) eap: Finished EAP session with state 0x8992220389e12690 (1) eap: Previous EAP request found for state 0x8992220389e12690, released from the list (1) eap: Peer sent packet with method EAP NAK (3) (1) eap: Found mutually acceptable type PEAP (25) (1) eap: Calling submodule eap_peap to process data (1) eap_peap: Initiating new TLS session (1) eap_peap: [eaptls start] = request (1) eap: Sending EAP Request (code 1) ID 116 length 6 (1) eap: EAP session adding &reply:State = 0x8992220388e63b90 (1) [eap] = handled (1) } # authenticate = handled (1) Using Post-Auth-Type Challenge (1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (1) Challenge { ... } # empty sub-section is ignored (1) Sent Access-Challenge Id 188 from 172.16.88.201:1812 to 172.16.2.24:43616 le ngth 0 (1) EAP-Message = 0x017400061920 (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) State = 0x8992220388e63b90bf08241ae32c8474 (1) Finished request Waking up in 3.7 seconds. (2) Received Access-Request Id 189 from 172.16.2.24:43616 to 172.16.88.201:1812 length 415 (2) User-Name = "mathias.maes" (2) NAS-Identifier = "802aa8d21ff5" (2) Called-Station-Id = "80-2A-A8-D2-1F-F5:FreeRadius Test" (2) NAS-Port-Type = Wireless-802.11 (2) Service-Type = Framed-User (2) Calling-Station-Id = "E4-A7-A0-B0-AE-C8" (2) Connect-Info = "CONNECT 0Mbps 802.11b" (2) Acct-Session-Id = "91947FC2865BC082" (2) WLAN-Pairwise-Cipher = 1027076 (2) WLAN-Group-Cipher = 1027076 (2) WLAN-AKM-Suite = 1027073 (2) Framed-MTU = 1400 (2) EAP-Message = 0x027400c61980000000bc16030300b7010000b303035ef1b84950ab98e3 5a88c093aa155fa457545259e9793f91f43d3d9e260d05f620a3350000e8831c94e64a00758ed88b 0f89d893ab528df0a8942760fdf3b604c1002ac02cc02bc030c02f009f009ec024c023c028c027c0 0ac009c014c013009d009c003d003c0035002f000a01000040000500050100000000000a00080006 001d00170018000b00020100000d0014001204010501020104030503020302020601060300230000 00170000ff01000100 (2) State = 0x8992220388e63b90bf08241ae32c8474 (2) Message-Authenticator = 0xbfe3022bd53b0a25be827b4eaa3e058b (2) session-state: No cached attributes (2) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/de fault (2) authorize { (2) policy filter_username { (2) if (&User-Name) { (2) if (&User-Name) -> TRUE (2) if (&User-Name) { (2) if (&User-Name =~ / /) { (2) if (&User-Name =~ / /) -> FALSE (2) if (&User-Name =~ /@[^@]*@/ ) { (2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (2) if (&User-Name =~ /\.\./ ) { (2) if (&User-Name =~ /\.\./ ) -> FALSE (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALS E (2) if (&User-Name =~ /\.$/) { (2) if (&User-Name =~ /\.$/) -> FALSE (2) if (&User-Name =~ /@\./) { (2) if (&User-Name =~ /@\./) -> FALSE (2) } # if (&User-Name) = notfound (2) } # policy filter_username = notfound (2) [preprocess] = ok (2) [chap] = noop (2) [mschap] = noop (2) [digest] = noop (2) suffix: Checking for suffix after "@" (2) suffix: No '@' in User-Name = "mathias.maes", looking up realm NULL (2) suffix: No such realm "NULL" (2) [suffix] = noop (2) eap: Peer sent EAP Response (code 2) ID 116 length 198 (2) eap: Continuing tunnel setup (2) [eap] = ok (2) } # authorize = ok (2) Found Auth-Type = eap (2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (2) authenticate { (2) eap: Expiring EAP session with state 0x8992220388e63b90 (2) eap: Finished EAP session with state 0x8992220388e63b90 (2) eap: Previous EAP request found for state 0x8992220388e63b90, released from the list (2) eap: Peer sent packet with method EAP PEAP (25) (2) eap: Calling submodule eap_peap to process data (2) eap_peap: Continuing EAP-TLS (2) eap_peap: Peer indicated complete TLS record size will be 188 bytes (2) eap_peap: Got complete TLS record (188 bytes) (2) eap_peap: [eaptls verify] = length included (2) eap_peap: (other): before SSL initialization (2) eap_peap: TLS_accept: before SSL initialization (2) eap_peap: TLS_accept: before SSL initialization (2) eap_peap: <<< recv TLS 1.3 [length 00b7] (2) eap_peap: TLS_accept: SSLv3/TLS read client hello (2) eap_peap: >>> send TLS 1.2 [length 003d] (2) eap_peap: TLS_accept: SSLv3/TLS write server hello (2) eap_peap: >>> send TLS 1.2 [length 095f] (2) eap_peap: TLS_accept: SSLv3/TLS write certificate (2) eap_peap: >>> send TLS 1.2 [length 014d] (2) eap_peap: TLS_accept: SSLv3/TLS write key exchange (2) eap_peap: >>> send TLS 1.2 [length 0004] (2) eap_peap: TLS_accept: SSLv3/TLS write server done (2) eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server done (2) eap_peap: TLS - In Handshake Phase (2) eap_peap: TLS - got 2817 bytes of data (2) eap_peap: [eaptls process] = handled (2) eap: Sending EAP Request (code 1) ID 117 length 1004 (2) eap: EAP session adding &reply:State = 0x899222038be73b90 (2) [eap] = handled (2) } # authenticate = handled (2) Using Post-Auth-Type Challenge (2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (2) Challenge { ... } # empty sub-section is ignored (2) Sent Access-Challenge Id 189 from 172.16.88.201:1812 to 172.16.2.24:43616 le ngth 0 (2) EAP-Message = 0x017503ec19c000000b01160303003d020000390303ea8e43a59953f574 9627d6aaa5ec610f90e902b987e64922c6d93f7c7699c11000c030000011ff01000100000b000403 00010200170000160303095f0b00095b00095800040c30820408308202f0a003020102020103300d 06092a864886f70d01010b05003081ab310b30090603550406130242453118301606035504080c0f 576573742d566c61616e646572656e3115301306035504070c0c426c616e6b656e6265726765311a 3018060355040a0c114d6165726c616e7420417468656e65756d3126302406092a864886f70d0109 011617696374406d6165726c616e74617468656e65756d2e62653127302506035504030c1e4d6165 726c616e7420436572746966696361746520417574686f72697479301e170d323030363232313230 3731395a170d3238303930383132303731395a308191310b30090603550406130242453118301606 035504080c0f576573742d566c61616e646572656e311a301806 (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0x899222038be73b90bf08241ae32c8474 (2) Finished request Waking up in 3.7 seconds. (3) Received Access-Request Id 190 from 172.16.2.24:43616 to 172.16.88.201:1812 length 223 (3) User-Name = "mathias.maes" (3) NAS-Identifier = "802aa8d21ff5" (3) Called-Station-Id = "80-2A-A8-D2-1F-F5:FreeRadius Test" (3) NAS-Port-Type = Wireless-802.11 (3) Service-Type = Framed-User (3) Calling-Station-Id = "E4-A7-A0-B0-AE-C8" (3) Connect-Info = "CONNECT 0Mbps 802.11b" (3) Acct-Session-Id = "91947FC2865BC082" (3) WLAN-Pairwise-Cipher = 1027076 (3) WLAN-Group-Cipher = 1027076 (3) WLAN-AKM-Suite = 1027073 (3) Framed-MTU = 1400 (3) EAP-Message = 0x027500061900 (3) State = 0x899222038be73b90bf08241ae32c8474 (3) Message-Authenticator = 0xeda3f1678d96ef5860af25db6c4580ae (3) session-state: No cached attributes (3) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/de fault (3) authorize { (3) policy filter_username { (3) if (&User-Name) { (3) if (&User-Name) -> TRUE (3) if (&User-Name) { (3) if (&User-Name =~ / /) { (3) if (&User-Name =~ / /) -> FALSE (3) if (&User-Name =~ /@[^@]*@/ ) { (3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (3) if (&User-Name =~ /\.\./ ) { (3) if (&User-Name =~ /\.\./ ) -> FALSE (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALS E (3) if (&User-Name =~ /\.$/) { (3) if (&User-Name =~ /\.$/) -> FALSE (3) if (&User-Name =~ /@\./) { (3) if (&User-Name =~ /@\./) -> FALSE (3) } # if (&User-Name) = notfound (3) } # policy filter_username = notfound (3) [preprocess] = ok (3) [chap] = noop (3) [mschap] = noop (3) [digest] = noop (3) suffix: Checking for suffix after "@" (3) suffix: No '@' in User-Name = "mathias.maes", looking up realm NULL (3) suffix: No such realm "NULL" (3) [suffix] = noop (3) eap: Peer sent EAP Response (code 2) ID 117 length 6 (3) eap: Continuing tunnel setup (3) [eap] = ok (3) } # authorize = ok (3) Found Auth-Type = eap (3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (3) authenticate { (3) eap: Expiring EAP session with state 0x899222038be73b90 (3) eap: Finished EAP session with state 0x899222038be73b90 (3) eap: Previous EAP request found for state 0x899222038be73b90, released from the list (3) eap: Peer sent packet with method EAP PEAP (25) (3) eap: Calling submodule eap_peap to process data (3) eap_peap: Continuing EAP-TLS (3) eap_peap: Peer ACKed our handshake fragment (3) eap_peap: [eaptls verify] = request (3) eap_peap: [eaptls process] = handled (3) eap: Sending EAP Request (code 1) ID 118 length 1000 (3) eap: EAP session adding &reply:State = 0x899222038ae43b90 (3) [eap] = handled (3) } # authenticate = handled (3) Using Post-Auth-Type Challenge (3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (3) Challenge { ... } # empty sub-section is ignored (3) Sent Access-Challenge Id 190 from 172.16.88.201:1812 to 172.16.2.24:43616 le ngth 0 (3) EAP-Message = 0x017603e8194070488ce412eba7500f4d512568bd1d5209d0ad23dd1aaa a05927345a928880590587613a24aca2646c60f387f26fc46616d66ca22af9a18fa8db3dc1ed6173 7e6a2853ac59556b98b291415a51eb702d46518ca694d63afd6941e22d7c05578b40ab6a4182f50f f203346d98eb2a76bd46b0578116fb0416817971000546308205423082042aa003020102021422f4 15a6bd400b4959d074420f3af2929e3504a5300d06092a864886f70d01010b05003081ab310b3009 0603550406130242453118301606035504080c0f576573742d566c61616e646572656e3115301306 035504070c0c426c616e6b656e6265726765311a3018060355040a0c114d6165726c616e74204174 68656e65756d3126302406092a864886f70d0109011617696374406d6165726c616e74617468656e 65756d2e62653127302506035504030c1e4d6165726c616e74204365727469666963617465204175 74686f72697479301e170d3230303632323132303635305a170d (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) State = 0x899222038ae43b90bf08241ae32c8474 (3) Finished request Waking up in 3.7 seconds. (4) Received Access-Request Id 191 from 172.16.2.24:43616 to 172.16.88.201:1812 length 223 (4) User-Name = "mathias.maes" (4) NAS-Identifier = "802aa8d21ff5" (4) Called-Station-Id = "80-2A-A8-D2-1F-F5:FreeRadius Test" (4) NAS-Port-Type = Wireless-802.11 (4) Service-Type = Framed-User (4) Calling-Station-Id = "E4-A7-A0-B0-AE-C8" (4) Connect-Info = "CONNECT 0Mbps 802.11b" (4) Acct-Session-Id = "91947FC2865BC082" (4) WLAN-Pairwise-Cipher = 1027076 (4) WLAN-Group-Cipher = 1027076 (4) WLAN-AKM-Suite = 1027073 (4) Framed-MTU = 1400 (4) EAP-Message = 0x027600061900 (4) State = 0x899222038ae43b90bf08241ae32c8474 (4) Message-Authenticator = 0xa2086c1e567ed9165fcb905e57e9caf5 (4) session-state: No cached attributes (4) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/de fault (4) authorize { (4) policy filter_username { (4) if (&User-Name) { (4) if (&User-Name) -> TRUE (4) if (&User-Name) { (4) if (&User-Name =~ / /) { (4) if (&User-Name =~ / /) -> FALSE (4) if (&User-Name =~ /@[^@]*@/ ) { (4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (4) if (&User-Name =~ /\.\./ ) { (4) if (&User-Name =~ /\.\./ ) -> FALSE (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALS E (4) if (&User-Name =~ /\.$/) { (4) if (&User-Name =~ /\.$/) -> FALSE (4) if (&User-Name =~ /@\./) { (4) if (&User-Name =~ /@\./) -> FALSE (4) } # if (&User-Name) = notfound (4) } # policy filter_username = notfound (4) [preprocess] = ok (4) [chap] = noop (4) [mschap] = noop (4) [digest] = noop (4) suffix: Checking for suffix after "@" (4) suffix: No '@' in User-Name = "mathias.maes", looking up realm NULL (4) suffix: No such realm "NULL" (4) [suffix] = noop (4) eap: Peer sent EAP Response (code 2) ID 118 length 6 (4) eap: Continuing tunnel setup (4) [eap] = ok (4) } # authorize = ok (4) Found Auth-Type = eap (4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (4) authenticate { (4) eap: Expiring EAP session with state 0x899222038ae43b90 (4) eap: Finished EAP session with state 0x899222038ae43b90 (4) eap: Previous EAP request found for state 0x899222038ae43b90, released from the list (4) eap: Peer sent packet with method EAP PEAP (25) (4) eap: Calling submodule eap_peap to process data (4) eap_peap: Continuing EAP-TLS (4) eap_peap: Peer ACKed our handshake fragment (4) eap_peap: [eaptls verify] = request (4) eap_peap: [eaptls process] = handled (4) eap: Sending EAP Request (code 1) ID 119 length 835 (4) eap: EAP session adding &reply:State = 0x899222038de53b90 (4) [eap] = handled (4) } # authenticate = handled (4) Using Post-Auth-Type Challenge (4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (4) Challenge { ... } # empty sub-section is ignored (4) Sent Access-Challenge Id 191 from 172.16.88.201:1812 to 172.16.2.24:43616 le ngth 0 (4) EAP-Message = 0x0177034319006765311a3018060355040a0c114d6165726c616e742041 7468656e65756d3126302406092a864886f70d0109011617696374406d6165726c616e7461746865 6e65756d2e62653127302506035504030c1e4d6165726c616e742043657274696669636174652041 7574686f72697479821422f415a6bd400b4959d074420f3af2929e3504a5300f0603551d130101ff 040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e657861 6d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b05000382 0101001b15ac9e8823380db4f5cd501c671a15f6aa92262343001d1792cbeb33aff78f57b20306b1 84c7dcc4633daeed83a6e24bf2eed1eaee09050c9e09e2c6505857d0c4ffb0556ec0f65bdaf335af 1ba670a759ac6cc5cca630793f1e0dc9b2e9ac842a377944815c8174fced0736dacdf63e1fdc41b8 0d1374c6c57b5a1e308fc9f9311a56972cc72ff3812a9be3a00f (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0x899222038de53b90bf08241ae32c8474 (4) Finished request Waking up in 3.7 seconds. (5) Received Access-Request Id 192 from 172.16.2.24:43616 to 172.16.88.201:1812 length 353 (5) User-Name = "mathias.maes" (5) NAS-Identifier = "802aa8d21ff5" (5) Called-Station-Id = "80-2A-A8-D2-1F-F5:FreeRadius Test" (5) NAS-Port-Type = Wireless-802.11 (5) Service-Type = Framed-User (5) Calling-Station-Id = "E4-A7-A0-B0-AE-C8" (5) Connect-Info = "CONNECT 0Mbps 802.11b" (5) Acct-Session-Id = "91947FC2865BC082" (5) WLAN-Pairwise-Cipher = 1027076 (5) WLAN-Group-Cipher = 1027076 (5) WLAN-AKM-Suite = 1027073 (5) Framed-MTU = 1400 (5) EAP-Message = 0x0277008819800000007e16030300461000004241048b429ff5a317563b 7da86072baa0a06ddf0acf9bd093c9cdad91e512d268070941cf7f9edb8a34ea678d2669435a8fde 3d45f5e0376d5804d6051caccec292981403030001011603030028000000000000000056542f752d 543b1412aa0b51cf32485f64636ebceb87c480b5a4af2967654d12 (5) State = 0x899222038de53b90bf08241ae32c8474 (5) Message-Authenticator = 0xbcb9083b3b2c8b1c84e4c954d0761d67 (5) session-state: No cached attributes (5) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/de fault (5) authorize { (5) policy filter_username { (5) if (&User-Name) { (5) if (&User-Name) -> TRUE (5) if (&User-Name) { (5) if (&User-Name =~ / /) { (5) if (&User-Name =~ / /) -> FALSE (5) if (&User-Name =~ /@[^@]*@/ ) { (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (5) if (&User-Name =~ /\.\./ ) { (5) if (&User-Name =~ /\.\./ ) -> FALSE (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALS E (5) if (&User-Name =~ /\.$/) { (5) if (&User-Name =~ /\.$/) -> FALSE (5) if (&User-Name =~ /@\./) { (5) if (&User-Name =~ /@\./) -> FALSE (5) } # if (&User-Name) = notfound (5) } # policy filter_username = notfound (5) [preprocess] = ok (5) [chap] = noop (5) [mschap] = noop (5) [digest] = noop (5) suffix: Checking for suffix after "@" (5) suffix: No '@' in User-Name = "mathias.maes", looking up realm NULL (5) suffix: No such realm "NULL" (5) [suffix] = noop (5) eap: Peer sent EAP Response (code 2) ID 119 length 136 (5) eap: Continuing tunnel setup (5) [eap] = ok (5) } # authorize = ok (5) Found Auth-Type = eap (5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (5) authenticate { (5) eap: Expiring EAP session with state 0x899222038de53b90 (5) eap: Finished EAP session with state 0x899222038de53b90 (5) eap: Previous EAP request found for state 0x899222038de53b90, released from the list (5) eap: Peer sent packet with method EAP PEAP (25) (5) eap: Calling submodule eap_peap to process data (5) eap_peap: Continuing EAP-TLS (5) eap_peap: Peer indicated complete TLS record size will be 126 bytes (5) eap_peap: Got complete TLS record (126 bytes) (5) eap_peap: [eaptls verify] = length included (5) eap_peap: TLS_accept: SSLv3/TLS write server done (5) eap_peap: <<< recv TLS 1.2 [length 0046] (5) eap_peap: TLS_accept: SSLv3/TLS read client key exchange (5) eap_peap: TLS_accept: SSLv3/TLS read change cipher spec (5) eap_peap: <<< recv TLS 1.2 [length 0010] (5) eap_peap: TLS_accept: SSLv3/TLS read finished (5) eap_peap: >>> send TLS 1.2 [length 0001] (5) eap_peap: TLS_accept: SSLv3/TLS write change cipher spec (5) eap_peap: >>> send TLS 1.2 [length 0010] (5) eap_peap: TLS_accept: SSLv3/TLS write finished (5) eap_peap: (other): SSL negotiation finished successfully (5) eap_peap: TLS - Connection Established (5) eap_peap: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (5) eap_peap: TLS-Session-Version = "TLS 1.2" (5) eap_peap: TLS - got 51 bytes of data (5) eap_peap: [eaptls process] = handled (5) eap: Sending EAP Request (code 1) ID 120 length 57 (5) eap: EAP session adding &reply:State = 0x899222038cea3b90 (5) [eap] = handled (5) } # authenticate = handled (5) Using Post-Auth-Type Challenge (5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (5) Challenge { ... } # empty sub-section is ignored (5) session-state: Saving cached attributes (5) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (5) TLS-Session-Version = "TLS 1.2" (5) Sent Access-Challenge Id 192 from 172.16.88.201:1812 to 172.16.2.24:43616 le ngth 0 (5) EAP-Message = 0x01780039190014030300010116030300285fb253d979c740904027949a 5e2d92a0cee956cab654dbb996b86aa71a8b29cbe4ecaaddf16277fb (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) State = 0x899222038cea3b90bf08241ae32c8474 (5) Finished request Waking up in 3.7 seconds. (6) Received Access-Request Id 193 from 172.16.2.24:43616 to 172.16.88.201:1812 length 223 (6) User-Name = "mathias.maes" (6) NAS-Identifier = "802aa8d21ff5" (6) Called-Station-Id = "80-2A-A8-D2-1F-F5:FreeRadius Test" (6) NAS-Port-Type = Wireless-802.11 (6) Service-Type = Framed-User (6) Calling-Station-Id = "E4-A7-A0-B0-AE-C8" (6) Connect-Info = "CONNECT 0Mbps 802.11b" (6) Acct-Session-Id = "91947FC2865BC082" (6) WLAN-Pairwise-Cipher = 1027076 (6) WLAN-Group-Cipher = 1027076 (6) WLAN-AKM-Suite = 1027073 (6) Framed-MTU = 1400 (6) EAP-Message = 0x027800061900 (6) State = 0x899222038cea3b90bf08241ae32c8474 (6) Message-Authenticator = 0xc2a64f445aab020dba5dbe2e5007f270 (6) Restoring &session-state (6) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (6) &session-state:TLS-Session-Version = "TLS 1.2" (6) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/de fault (6) authorize { (6) policy filter_username { (6) if (&User-Name) { (6) if (&User-Name) -> TRUE (6) if (&User-Name) { (6) if (&User-Name =~ / /) { (6) if (&User-Name =~ / /) -> FALSE (6) if (&User-Name =~ /@[^@]*@/ ) { (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (6) if (&User-Name =~ /\.\./ ) { (6) if (&User-Name =~ /\.\./ ) -> FALSE (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALS E (6) if (&User-Name =~ /\.$/) { (6) if (&User-Name =~ /\.$/) -> FALSE (6) if (&User-Name =~ /@\./) { (6) if (&User-Name =~ /@\./) -> FALSE (6) } # if (&User-Name) = notfound (6) } # policy filter_username = notfound (6) [preprocess] = ok (6) [chap] = noop (6) [mschap] = noop (6) [digest] = noop (6) suffix: Checking for suffix after "@" (6) suffix: No '@' in User-Name = "mathias.maes", looking up realm NULL (6) suffix: No such realm "NULL" (6) [suffix] = noop (6) eap: Peer sent EAP Response (code 2) ID 120 length 6 (6) eap: Continuing tunnel setup (6) [eap] = ok (6) } # authorize = ok (6) Found Auth-Type = eap (6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (6) authenticate { (6) eap: Expiring EAP session with state 0x899222038cea3b90 (6) eap: Finished EAP session with state 0x899222038cea3b90 (6) eap: Previous EAP request found for state 0x899222038cea3b90, released from the list (6) eap: Peer sent packet with method EAP PEAP (25) (6) eap: Calling submodule eap_peap to process data (6) eap_peap: Continuing EAP-TLS (6) eap_peap: Peer ACKed our handshake fragment. handshake is finished (6) eap_peap: [eaptls verify] = success (6) eap_peap: [eaptls process] = success (6) eap_peap: Session established. Decoding tunneled attributes (6) eap_peap: PEAP state TUNNEL ESTABLISHED (6) eap: Sending EAP Request (code 1) ID 121 length 40 (6) eap: EAP session adding &reply:State = 0x899222038feb3b90 (6) [eap] = handled (6) } # authenticate = handled (6) Using Post-Auth-Type Challenge (6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (6) Challenge { ... } # empty sub-section is ignored (6) session-state: Saving cached attributes (6) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (6) TLS-Session-Version = "TLS 1.2" (6) Sent Access-Challenge Id 193 from 172.16.88.201:1812 to 172.16.2.24:43616 le ngth 0 (6) EAP-Message = 0x017900281900170303001d5fb253d979c74091903e99498f277d8556b9 8dc21e6eeedc1aed42a81a (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0x899222038feb3b90bf08241ae32c8474 (6) Finished request Waking up in 0.9 seconds. (7) Received Access-Request Id 194 from 172.16.2.24:43616 to 172.16.88.201:1812 length 265 (7) User-Name = "mathias.maes" (7) NAS-Identifier = "802aa8d21ff5" (7) Called-Station-Id = "80-2A-A8-D2-1F-F5:FreeRadius Test" (7) NAS-Port-Type = Wireless-802.11 (7) Service-Type = Framed-User (7) Calling-Station-Id = "E4-A7-A0-B0-AE-C8" (7) Connect-Info = "CONNECT 0Mbps 802.11b" (7) Acct-Session-Id = "91947FC2865BC082" (7) WLAN-Pairwise-Cipher = 1027076 (7) WLAN-Group-Cipher = 1027076 (7) WLAN-AKM-Suite = 1027073 (7) Framed-MTU = 1400 (7) EAP-Message = 0x0279003019001703030025000000000000000163ae27ed6104c9ba4fd4 b42a8a5d6e01c023c9203e1187756780144b95 (7) State = 0x899222038feb3b90bf08241ae32c8474 (7) Message-Authenticator = 0x04c4a4ba869547230d3d295735f2d4fa (7) Restoring &session-state (7) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (7) &session-state:TLS-Session-Version = "TLS 1.2" (7) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/de fault (7) authorize { (7) policy filter_username { (7) if (&User-Name) { (7) if (&User-Name) -> TRUE (7) if (&User-Name) { (7) if (&User-Name =~ / /) { (7) if (&User-Name =~ / /) -> FALSE (7) if (&User-Name =~ /@[^@]*@/ ) { (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (7) if (&User-Name =~ /\.\./ ) { (7) if (&User-Name =~ /\.\./ ) -> FALSE (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALS E (7) if (&User-Name =~ /\.$/) { (7) if (&User-Name =~ /\.$/) -> FALSE (7) if (&User-Name =~ /@\./) { (7) if (&User-Name =~ /@\./) -> FALSE (7) } # if (&User-Name) = notfound (7) } # policy filter_username = notfound (7) [preprocess] = ok (7) [chap] = noop (7) [mschap] = noop (7) [digest] = noop (7) suffix: Checking for suffix after "@" (7) suffix: No '@' in User-Name = "mathias.maes", looking up realm NULL (7) suffix: No such realm "NULL" (7) [suffix] = noop (7) eap: Peer sent EAP Response (code 2) ID 121 length 48 (7) eap: Continuing tunnel setup (7) [eap] = ok (7) } # authorize = ok (7) Found Auth-Type = eap (7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (7) authenticate { (7) eap: Expiring EAP session with state 0x899222038feb3b90 (7) eap: Finished EAP session with state 0x899222038feb3b90 (7) eap: Previous EAP request found for state 0x899222038feb3b90, released from the list (7) eap: Peer sent packet with method EAP PEAP (25) (7) eap: Calling submodule eap_peap to process data (7) eap_peap: Continuing EAP-TLS (7) eap_peap: [eaptls verify] = ok (7) eap_peap: Done initial handshake (7) eap_peap: [eaptls process] = ok (7) eap_peap: Session established. Decoding tunneled attributes (7) eap_peap: PEAP state WAITING FOR INNER IDENTITY (7) eap_peap: Identity - mathias.maes (7) eap_peap: Got inner identity 'mathias.maes' (7) eap_peap: Setting default EAP type for tunneled EAP session (7) eap_peap: Got tunneled request (7) eap_peap: EAP-Message = 0x02790011016d6174686961732e6d616573 (7) eap_peap: Setting User-Name to mathias.maes (7) eap_peap: Sending tunneled request to inner-tunnel (7) eap_peap: EAP-Message = 0x02790011016d6174686961732e6d616573 (7) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (7) eap_peap: User-Name = "mathias.maes" (7) Virtual server inner-tunnel received request (7) EAP-Message = 0x02790011016d6174686961732e6d616573 (7) FreeRADIUS-Proxied-To = 127.0.0.1 (7) User-Name = "mathias.maes" (7) WARNING: Outer and inner identities are the same. User privacy is compromis ed. (7) server inner-tunnel { (7) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/ inner-tunnel (7) authorize { (7) policy filter_username { (7) if (&User-Name) { (7) if (&User-Name) -> TRUE (7) if (&User-Name) { (7) if (&User-Name =~ / /) { (7) if (&User-Name =~ / /) -> FALSE (7) if (&User-Name =~ /@[^@]*@/ ) { (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (7) if (&User-Name =~ /\.\./ ) { (7) if (&User-Name =~ /\.\./ ) -> FALSE (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FA LSE (7) if (&User-Name =~ /\.$/) { (7) if (&User-Name =~ /\.$/) -> FALSE (7) if (&User-Name =~ /@\./) { (7) if (&User-Name =~ /@\./) -> FALSE (7) } # if (&User-Name) = notfound (7) } # policy filter_username = notfound (7) suffix: Checking for suffix after "@" (7) suffix: No '@' in User-Name = "mathias.maes", looking up realm NULL (7) suffix: No such realm "NULL" (7) [suffix] = noop (7) update control { (7) &Proxy-To-Realm := LOCAL (7) } # update control = noop (7) eap: Peer sent EAP Response (code 2) ID 121 length 17 (7) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (7) [eap] = ok (7) } # authorize = ok (7) Found Auth-Type = eap (7) # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (7) authenticate { (7) eap: Peer sent packet with method EAP Identity (1) (7) eap: Calling submodule eap_mschapv2 to process data (7) eap_mschapv2: Issuing Challenge (7) eap: Sending EAP Request (code 1) ID 122 length 43 (7) eap: EAP session adding &reply:State = 0xd6a318ead6d902b4 (7) [eap] = handled (7) } # authenticate = handled (7) } # server inner-tunnel (7) Virtual server sending reply (7) EAP-Message = 0x017a002b1a017a002610af39985abac40acf623e7c81b06bacd3667265 657261646975732d332e302e3230 (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0xd6a318ead6d902b4bcc6c898d0560e68 (7) eap_peap: Got tunneled reply code 11 (7) eap_peap: EAP-Message = 0x017a002b1a017a002610af39985abac40acf623e7c81b06b acd3667265657261646975732d332e302e3230 (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (7) eap_peap: State = 0xd6a318ead6d902b4bcc6c898d0560e68 (7) eap_peap: Got tunneled reply RADIUS code 11 (7) eap_peap: EAP-Message = 0x017a002b1a017a002610af39985abac40acf623e7c81b06b acd3667265657261646975732d332e302e3230 (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (7) eap_peap: State = 0xd6a318ead6d902b4bcc6c898d0560e68 (7) eap_peap: Got tunneled Access-Challenge (7) eap: Sending EAP Request (code 1) ID 122 length 74 (7) eap: EAP session adding &reply:State = 0x899222038ee83b90 (7) [eap] = handled (7) } # authenticate = handled (7) Using Post-Auth-Type Challenge (7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (7) Challenge { ... } # empty sub-section is ignored (7) session-state: Saving cached attributes (7) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (7) TLS-Session-Version = "TLS 1.2" (7) Sent Access-Challenge Id 194 from 172.16.88.201:1812 to 172.16.2.24:43616 le ngth 0 (7) EAP-Message = 0x017a004a1900170303003f5fb253d979c740921eb3e65834ef373ec35d e2fbae7d484dae98a561985509704ae6c71383396416e8c1756691c23c6e03785ff3f757b540dba6 b7d380e15f (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0x899222038ee83b90bf08241ae32c8474 (7) Finished request Waking up in 0.9 seconds. (8) Received Access-Request Id 195 from 172.16.2.24:43616 to 172.16.88.201:1812 length 319 (8) User-Name = "mathias.maes" (8) NAS-Identifier = "802aa8d21ff5" (8) Called-Station-Id = "80-2A-A8-D2-1F-F5:FreeRadius Test" (8) NAS-Port-Type = Wireless-802.11 (8) Service-Type = Framed-User (8) Calling-Station-Id = "E4-A7-A0-B0-AE-C8" (8) Connect-Info = "CONNECT 0Mbps 802.11b" (8) Acct-Session-Id = "91947FC2865BC082" (8) WLAN-Pairwise-Cipher = 1027076 (8) WLAN-Group-Cipher = 1027076 (8) WLAN-AKM-Suite = 1027073 (8) Framed-MTU = 1400 (8) EAP-Message = 0x027a00661900170303005b00000000000000027e5a30666bb006bee7dc 9188424c2f8d2d323705d3302c337288fbb4449c7305ce51c5a411dc54675908867ba9c07b971bcd 65c0a2568ce529f3415607805b578a5c28d87d8780e328ddaa1c7c630559d69d7a (8) State = 0x899222038ee83b90bf08241ae32c8474 (8) Message-Authenticator = 0xfdacbbf0542569a766183455eb59bd92 (8) Restoring &session-state (8) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (8) &session-state:TLS-Session-Version = "TLS 1.2" (8) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/de fault (8) authorize { (8) policy filter_username { (8) if (&User-Name) { (8) if (&User-Name) -> TRUE (8) if (&User-Name) { (8) if (&User-Name =~ / /) { (8) if (&User-Name =~ / /) -> FALSE (8) if (&User-Name =~ /@[^@]*@/ ) { (8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (8) if (&User-Name =~ /\.\./ ) { (8) if (&User-Name =~ /\.\./ ) -> FALSE (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALS E (8) if (&User-Name =~ /\.$/) { (8) if (&User-Name =~ /\.$/) -> FALSE (8) if (&User-Name =~ /@\./) { (8) if (&User-Name =~ /@\./) -> FALSE (8) } # if (&User-Name) = notfound (8) } # policy filter_username = notfound (8) [preprocess] = ok (8) [chap] = noop (8) [mschap] = noop (8) [digest] = noop (8) suffix: Checking for suffix after "@" (8) suffix: No '@' in User-Name = "mathias.maes", looking up realm NULL (8) suffix: No such realm "NULL" (8) [suffix] = noop (8) eap: Peer sent EAP Response (code 2) ID 122 length 102 (8) eap: Continuing tunnel setup (8) [eap] = ok (8) } # authorize = ok (8) Found Auth-Type = eap (8) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (8) authenticate { (8) eap: Expiring EAP session with state 0xd6a318ead6d902b4 (8) eap: Finished EAP session with state 0x899222038ee83b90 (8) eap: Previous EAP request found for state 0x899222038ee83b90, released from the list (8) eap: Peer sent packet with method EAP PEAP (25) (8) eap: Calling submodule eap_peap to process data (8) eap_peap: Continuing EAP-TLS (8) eap_peap: [eaptls verify] = ok (8) eap_peap: Done initial handshake (8) eap_peap: [eaptls process] = ok (8) eap_peap: Session established. Decoding tunneled attributes (8) eap_peap: PEAP state phase2 (8) eap_peap: EAP method MSCHAPv2 (26) (8) eap_peap: Got tunneled request (8) eap_peap: EAP-Message = 0x027a00471a027a004231007c3c0965072c9267b33a349677 dcd000000000000000007180797575f18a484b780fedad03f2c98c4a3b026b4bfb77006d61746869 61732e6d616573 (8) eap_peap: Setting User-Name to mathias.maes (8) eap_peap: Sending tunneled request to inner-tunnel (8) eap_peap: EAP-Message = 0x027a00471a027a004231007c3c0965072c9267b33a349677 dcd000000000000000007180797575f18a484b780fedad03f2c98c4a3b026b4bfb77006d61746869 61732e6d616573 (8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (8) eap_peap: User-Name = "mathias.maes" (8) eap_peap: State = 0xd6a318ead6d902b4bcc6c898d0560e68 (8) Virtual server inner-tunnel received request (8) EAP-Message = 0x027a00471a027a004231007c3c0965072c9267b33a349677dcd0000000 00000000007180797575f18a484b780fedad03f2c98c4a3b026b4bfb77006d6174686961732e6d61 6573 (8) FreeRADIUS-Proxied-To = 127.0.0.1 (8) User-Name = "mathias.maes" (8) State = 0xd6a318ead6d902b4bcc6c898d0560e68 (8) WARNING: Outer and inner identities are the same. User privacy is compromis ed. (8) server inner-tunnel { (8) session-state: No cached attributes (8) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/ inner-tunnel (8) authorize { (8) policy filter_username { (8) if (&User-Name) { (8) if (&User-Name) -> TRUE (8) if (&User-Name) { (8) if (&User-Name =~ / /) { (8) if (&User-Name =~ / /) -> FALSE (8) if (&User-Name =~ /@[^@]*@/ ) { (8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (8) if (&User-Name =~ /\.\./ ) { (8) if (&User-Name =~ /\.\./ ) -> FALSE (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FA LSE (8) if (&User-Name =~ /\.$/) { (8) if (&User-Name =~ /\.$/) -> FALSE (8) if (&User-Name =~ /@\./) { (8) if (&User-Name =~ /@\./) -> FALSE (8) } # if (&User-Name) = notfound (8) } # policy filter_username = notfound (8) suffix: Checking for suffix after "@" (8) suffix: No '@' in User-Name = "mathias.maes", looking up realm NULL (8) suffix: No such realm "NULL" (8) [suffix] = noop (8) update control { (8) &Proxy-To-Realm := LOCAL (8) } # update control = noop (8) eap: Peer sent EAP Response (code 2) ID 122 length 71 (8) eap: No EAP Start, assuming it's an on-going EAP conversation (8) [eap] = updated rlm_ldap (ldap): Reserved connection (1) (8) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (8) ldap: --> (uid=mathias.maes) (8) ldap: Performing search in "dc=maerlantatheneum,dc=be" with filter "(uid=mat hias.maes)", scope "sub" (8) ldap: Waiting for search result... (8) ldap: User object found at DN "uid=mathias.maes,ou=Secretariaat,ou=Atheneum, ou=Users,dc=maerlantatheneum,dc=be" (8) ldap: Processing user attributes (8) ldap: WARNING: No "known good" password added. Ensure the admin user has per mission to read the password attribute (8) ldap: WARNING: PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure) rlm_ldap (ldap): Released connection (1) Need 4 more connections to reach 10 spares rlm_ldap (ldap): Opening additional connection (6), 1 of 26 pending slots used rlm_ldap (ldap): Connecting to ldaps://ldap.google.com:636 rlm_ldap (ldap): Waiting for bind result... ber_get_next failed. rlm_ldap (ldap): Bind successful (8) [ldap] = ok (8) [expiration] = noop (8) [logintime] = noop (8) [pap] = noop (8) if (User-Password) { (8) if (User-Password) -> FALSE (8) } # authorize = updated (8) Found Auth-Type = eap (8) # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (8) authenticate { (8) eap: Expiring EAP session with state 0xd6a318ead6d902b4 (8) eap: Finished EAP session with state 0xd6a318ead6d902b4 (8) eap: Previous EAP request found for state 0xd6a318ead6d902b4, released from the list (8) eap: Peer sent packet with method EAP MSCHAPv2 (26) (8) eap: Calling submodule eap_mschapv2 to process data (8) eap_mschapv2: # Executing group from file /etc/freeradius/3.0/sites-enabled/ inner-tunnel (8) eap_mschapv2: authenticate { (8) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Passwor d (8) mschap: Creating challenge hash with username: mathias.maes (8) mschap: Client is using MS-CHAPv2 (8) mschap: ERROR: FAILED: No NT/LM-Password. Cannot perform authentication (8) mschap: ERROR: MS-CHAP2-Response is incorrect (8) eap_mschapv2: [mschap] = reject (8) eap_mschapv2: } # authenticate = reject (8) eap: Sending EAP Failure (code 4) ID 122 length 4 (8) eap: Freeing handler (8) [eap] = reject (8) } # authenticate = reject (8) Failed to authenticate the user (8) Using Post-Auth-Type Reject (8) # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (8) Post-Auth-Type REJECT { (8) attr_filter.access_reject: EXPAND %{User-Name} (8) attr_filter.access_reject: --> mathias.maes (8) attr_filter.access_reject: Matched entry DEFAULT at line 11 (8) [attr_filter.access_reject] = updated (8) update outer.session-state { (8) &Module-Failure-Message := &request:Module-Failure-Message -> 'mscha p: FAILED: No NT/LM-Password. Cannot perform authentication' (8) } # update outer.session-state = noop (8) } # Post-Auth-Type REJECT = updated (8) } # server inner-tunnel (8) Virtual server sending reply (8) MS-CHAP-Error = "zE=691 R=1 C=b10924bc7abd75c0851b13250ed2f621 V=3 M=Authe ntication rejected" (8) EAP-Message = 0x047a0004 (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) eap_peap: Got tunneled reply code 3 (8) eap_peap: MS-CHAP-Error = "zE=691 R=1 C=b10924bc7abd75c0851b13250ed2f621 V =3 M=Authentication rejected" (8) eap_peap: EAP-Message = 0x047a0004 (8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (8) eap_peap: Got tunneled reply RADIUS code 3 (8) eap_peap: MS-CHAP-Error = "zE=691 R=1 C=b10924bc7abd75c0851b13250ed2f621 V =3 M=Authentication rejected" (8) eap_peap: EAP-Message = 0x047a0004 (8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (8) eap_peap: Tunneled authentication was rejected (8) eap_peap: FAILURE (8) eap: Sending EAP Request (code 1) ID 123 length 46 (8) eap: EAP session adding &reply:State = 0x8992220381e93b90 (8) [eap] = handled (8) } # authenticate = handled (8) Using Post-Auth-Type Challenge (8) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (8) Challenge { ... } # empty sub-section is ignored (8) session-state: Saving cached attributes (8) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (8) TLS-Session-Version = "TLS 1.2" (8) Module-Failure-Message := "mschap: FAILED: No NT/LM-Password. Cannot perf orm authentication" (8) Sent Access-Challenge Id 195 from 172.16.88.201:1812 to 172.16.2.24:43616 le ngth 0 (8) EAP-Message = 0x017b002e190017030300235fb253d979c7409379efaaa15a1635ba03bc dbc4bbf12fde6352e9ae47dafcf94c9ee5 (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) State = 0x8992220381e93b90bf08241ae32c8474 (8) Finished request (0) Cleaning up request packet ID 187 with timestamp +18 Waking up in 0.9 seconds. (9) Received Access-Request Id 196 from 172.16.2.24:43616 to 172.16.88.201:1812 length 263 (9) User-Name = "mathias.maes" (9) NAS-Identifier = "802aa8d21ff5" (9) Called-Station-Id = "80-2A-A8-D2-1F-F5:FreeRadius Test" (9) NAS-Port-Type = Wireless-802.11 (9) Service-Type = Framed-User (9) Calling-Station-Id = "E4-A7-A0-B0-AE-C8" (9) Connect-Info = "CONNECT 0Mbps 802.11b" (9) Acct-Session-Id = "91947FC2865BC082" (9) WLAN-Pairwise-Cipher = 1027076 (9) WLAN-Group-Cipher = 1027076 (9) WLAN-AKM-Suite = 1027073 (9) Framed-MTU = 1400 (9) EAP-Message = 0x027b002e190017030300230000000000000003b61f8dd5fb5be5381960 387d24bd9010c892d135ab85f950759b0f (9) State = 0x8992220381e93b90bf08241ae32c8474 (9) Message-Authenticator = 0x61b91cb7c65c108a7be276cd6e3c0e6e (9) Restoring &session-state (9) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (9) &session-state:TLS-Session-Version = "TLS 1.2" (9) &session-state:Module-Failure-Message := "mschap: FAILED: No NT/LM-Passwor d. Cannot perform authentication" (9) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/de fault (9) authorize { (9) policy filter_username { (9) if (&User-Name) { (9) if (&User-Name) -> TRUE (9) if (&User-Name) { (9) if (&User-Name =~ / /) { (9) if (&User-Name =~ / /) -> FALSE (9) if (&User-Name =~ /@[^@]*@/ ) { (9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (9) if (&User-Name =~ /\.\./ ) { (9) if (&User-Name =~ /\.\./ ) -> FALSE (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALS E (9) if (&User-Name =~ /\.$/) { (9) if (&User-Name =~ /\.$/) -> FALSE (9) if (&User-Name =~ /@\./) { (9) if (&User-Name =~ /@\./) -> FALSE (9) } # if (&User-Name) = notfound (9) } # policy filter_username = notfound (9) [preprocess] = ok (9) [chap] = noop (9) [mschap] = noop (9) [digest] = noop (9) suffix: Checking for suffix after "@" (9) suffix: No '@' in User-Name = "mathias.maes", looking up realm NULL (9) suffix: No such realm "NULL" (9) [suffix] = noop (9) eap: Peer sent EAP Response (code 2) ID 123 length 46 (9) eap: Continuing tunnel setup (9) [eap] = ok (9) } # authorize = ok (9) Found Auth-Type = eap (9) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (9) authenticate { (9) eap: Expiring EAP session with state 0x8992220381e93b90 (9) eap: Finished EAP session with state 0x8992220381e93b90 (9) eap: Previous EAP request found for state 0x8992220381e93b90, released from the list (9) eap: Peer sent packet with method EAP PEAP (25) (9) eap: Calling submodule eap_peap to process data (9) eap_peap: Continuing EAP-TLS (9) eap_peap: [eaptls verify] = ok (9) eap_peap: Done initial handshake (9) eap_peap: [eaptls process] = ok (9) eap_peap: Session established. Decoding tunneled attributes (9) eap_peap: PEAP state send tlv failure (9) eap_peap: Received EAP-TLV response (9) eap_peap: ERROR: The users session was previously rejected: returning reje ct (again.) (9) eap_peap: This means you need to read the PREVIOUS messages in the debug o utput (9) eap_peap: to find out the reason why the user was rejected (9) eap_peap: Look for "reject" or "fail". Those earlier messages will tell y ou (9) eap_peap: what went wrong, and how to fix the problem (9) eap: ERROR: Failed continuing EAP PEAP (25) session. EAP sub-module failed (9) eap: Sending EAP Failure (code 4) ID 123 length 4 (9) eap: Failed in EAP select (9) [eap] = invalid (9) } # authenticate = invalid (9) Failed to authenticate the user (9) Using Post-Auth-Type Reject (9) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (9) Post-Auth-Type REJECT { (9) attr_filter.access_reject: EXPAND %{User-Name} (9) attr_filter.access_reject: --> mathias.maes (9) attr_filter.access_reject: Matched entry DEFAULT at line 11 (9) [attr_filter.access_reject] = updated (9) [eap] = noop (9) policy remove_reply_message_if_eap { (9) if (&reply:EAP-Message && &reply:Reply-Message) { (9) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (9) else { (9) [noop] = noop (9) } # else = noop (9) } # policy remove_reply_message_if_eap = noop (9) } # Post-Auth-Type REJECT = updated (9) Delaying response for 1.000000 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (1) Cleaning up request packet ID 188 with timestamp +18 (2) Cleaning up request packet ID 189 with timestamp +19 (3) Cleaning up request packet ID 190 with timestamp +19 (4) Cleaning up request packet ID 191 with timestamp +19 (5) Cleaning up request packet ID 192 with timestamp +19 (9) Sending delayed response (9) Sent Access-Reject Id 196 from 172.16.88.201:1812 to 172.16.2.24:43616 lengt h 44 (9) EAP-Message = 0x047b0004 (9) Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 2.7 seconds. (6) Cleaning up request packet ID 193 with timestamp +22 (7) Cleaning up request packet ID 194 with timestamp +22 Waking up in 1.2 seconds. (8) Cleaning up request packet ID 195 with timestamp +22 (9) Cleaning up request packet ID 196 with timestamp +23 Ready to process requests