I'm trying to enable tls caching on my radius server. the radius -X output is included below. I'm also including some additional information for reference. Looking at the debug output I see where the cache config is loaded and it looks right to me. I don't see any errors around it. I'm expecting to see a file in the tlscache folder after a successful auth, however the folder remains empty. # freeradius -v radiusd: FreeRADIUS Version 3.0.17, for host x86_64-pc-linux-gnu, built on Apr 22 2019 at 21:23:36 FreeRADIUS Version 3.0.17 # ls -al /var/lib/radiusd total 12 drwxr-xr-x 3 freerad freerad 4096 Aug 29 12:27 . drwxr-xr-x 29 root root 4096 Aug 29 12:26 .. drwxr-xr-x 2 freerad freerad 4096 Aug 29 12:27 tlscache =============radius -X output============= Ready to process requests (0) Received Access-Request Id 0 from 128.180.10.10:37390 to 128.180.1.12:1812 length 126 (0) User-Name = "x19a19" (0) Calling-Station-Id = "00-0A-CD-31-6C-B4" (0) Framed-MTU = 1400 (0) NAS-Port-Type = Wireless-802.11 (0) Service-Type = Framed-User (0) Connect-Info = "CONNECT 11Mbps 802.11b" (0) NAS-IP-Address = 128.180.10.10 (0) EAP-Message = 0x0257000b01783139613139 (0) Message-Authenticator = 0x3a48dc0be2decd0e236d376f69ffe48a (0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [mschap] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "x19a19", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) eap: Peer sent EAP Response (code 2) ID 87 length 11 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = eap (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (0) authenticate { (0) eap: Peer sent packet with method EAP Identity (1) (0) eap: Calling submodule eap_peap to process data (0) eap_peap: Initiating new EAP-TLS session (0) eap_peap: [eaptls start] = request (0) eap: Sending EAP Request (code 1) ID 88 length 6 (0) eap: EAP session adding &reply:State = 0xd5cab529d592ace4 (0) [eap] = handled (0) } # authenticate = handled (0) Using Post-Auth-Type Challenge (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (0) Challenge { ... } # empty sub-section is ignored (0) Sent Access-Challenge Id 0 from 128.180.1.12:1812 to 128.180.10.10:37390 length 0 (0) EAP-Message = 0x015800061920 (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0xd5cab529d592ace4f6d40de07aff4d01 (0) Finished request Waking up in 4.9 seconds. (1) Received Access-Request Id 1 from 128.180.10.10:37390 to 128.180.1.12:1812 length 333 (1) User-Name = "x19a19" (1) Calling-Station-Id = "00-0A-CD-31-6C-B4" (1) Framed-MTU = 1400 (1) NAS-Port-Type = Wireless-802.11 (1) Service-Type = Framed-User (1) Connect-Info = "CONNECT 11Mbps 802.11b" (1) NAS-IP-Address = 128.180.10.10 (1) EAP-Message = 0x025800c81980000000be16030100b9010000b50303132d25755eaabb15aee43b60d657ccc2cc1fd1edb3aae7d48eaabd8658411197000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff01000054000b00 (1) State = 0xd5cab529d592ace4f6d40de07aff4d01 (1) Message-Authenticator = 0xbd4519f715be469fa75c83986884eab7 (1) session-state: No cached attributes (1) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (1) authorize { (1) policy filter_username { (1) if (&User-Name) { (1) if (&User-Name) -> TRUE (1) if (&User-Name) { (1) if (&User-Name =~ / /) { (1) if (&User-Name =~ / /) -> FALSE (1) if (&User-Name =~ /@[^@]*@/ ) { (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (1) if (&User-Name =~ /\.\./ ) { (1) if (&User-Name =~ /\.\./ ) -> FALSE (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (1) if (&User-Name =~ /\.$/) { (1) if (&User-Name =~ /\.$/) -> FALSE (1) if (&User-Name =~ /@\./) { (1) if (&User-Name =~ /@\./) -> FALSE (1) } # if (&User-Name) = notfound (1) } # policy filter_username = notfound (1) [preprocess] = ok (1) [mschap] = noop (1) suffix: Checking for suffix after "@" (1) suffix: No '@' in User-Name = "x19a19", looking up realm NULL (1) suffix: No such realm "NULL" (1) [suffix] = noop (1) eap: Peer sent EAP Response (code 2) ID 88 length 200 (1) eap: Continuing tunnel setup (1) [eap] = ok (1) } # authorize = ok (1) Found Auth-Type = eap (1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (1) authenticate { (1) eap: Expiring EAP session with state 0xd5cab529d592ace4 (1) eap: Finished EAP session with state 0xd5cab529d592ace4 (1) eap: Previous EAP request found for state 0xd5cab529d592ace4, released from the list (1) eap: Peer sent packet with method EAP PEAP (25) (1) eap: Calling submodule eap_peap to process data (1) eap_peap: Continuing EAP-TLS (1) eap_peap: Peer indicated complete TLS record size will be 190 bytes (1) eap_peap: Got complete TLS record (190 bytes) (1) eap_peap: [eaptls verify] = length included (1) eap_peap: (other): before SSL initialization (1) eap_peap: TLS_accept: before SSL initialization (1) eap_peap: TLS_accept: before SSL initialization (1) eap_peap: <<< recv UNKNOWN TLS VERSION ?0304? [length 00b9] (1) eap_peap: TLS_accept: SSLv3/TLS read client hello (1) eap_peap: >>> send TLS 1.2 [length 003d] (1) eap_peap: TLS_accept: SSLv3/TLS write server hello (1) eap_peap: >>> send TLS 1.2 [length 02ff] (1) eap_peap: TLS_accept: SSLv3/TLS write certificate (1) eap_peap: >>> send TLS 1.2 [length 014d] (1) eap_peap: TLS_accept: SSLv3/TLS write key exchange (1) eap_peap: >>> send TLS 1.2 [length 0004] (1) eap_peap: TLS_accept: SSLv3/TLS write server done (1) eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server done (1) eap_peap: In SSL Handshake Phase (1) eap_peap: In SSL Accept mode (1) eap_peap: [eaptls process] = handled (1) eap: Sending EAP Request (code 1) ID 89 length 1004 (1) eap: EAP session adding &reply:State = 0xd5cab529d493ace4 (1) [eap] = handled (1) } # authenticate = handled (1) Using Post-Auth-Type Challenge (1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (1) Challenge { ... } # empty sub-section is ignored (1) Sent Access-Challenge Id 1 from 128.180.1.12:1812 to 128.180.10.10:37390 length 0 (1) EAP-Message = 0x015903ec19c0000004a1160303003d020000390303dd83be8c2d3373ce58eee72115d28fd891a538ba5fcf3717444f574e4752440100c030000011ff01000100000b0004030001020017000016030302ff0b0002fb0002f80002f5308202f1308201d9a00302010202146434b6d539827cbeb8e5394cc7 (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) State = 0xd5cab529d493ace4f6d40de07aff4d01 (1) Finished request Waking up in 4.9 seconds. (2) Received Access-Request Id 2 from 128.180.10.10:37390 to 128.180.1.12:1812 length 139 (2) User-Name = "x19a19" (2) Calling-Station-Id = "00-0A-CD-31-6C-B4" (2) Framed-MTU = 1400 (2) NAS-Port-Type = Wireless-802.11 (2) Service-Type = Framed-User (2) Connect-Info = "CONNECT 11Mbps 802.11b" (2) NAS-IP-Address = 128.180.10.10 (2) EAP-Message = 0x025900061900 (2) State = 0xd5cab529d493ace4f6d40de07aff4d01 (2) Message-Authenticator = 0x7b647a04b11930721a7fe202c4e2db1d (2) session-state: No cached attributes (2) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (2) authorize { (2) policy filter_username { (2) if (&User-Name) { (2) if (&User-Name) -> TRUE (2) if (&User-Name) { (2) if (&User-Name =~ / /) { (2) if (&User-Name =~ / /) -> FALSE (2) if (&User-Name =~ /@[^@]*@/ ) { (2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (2) if (&User-Name =~ /\.\./ ) { (2) if (&User-Name =~ /\.\./ ) -> FALSE (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (2) if (&User-Name =~ /\.$/) { (2) if (&User-Name =~ /\.$/) -> FALSE (2) if (&User-Name =~ /@\./) { (2) if (&User-Name =~ /@\./) -> FALSE (2) } # if (&User-Name) = notfound (2) } # policy filter_username = notfound (2) [preprocess] = ok (2) [mschap] = noop (2) suffix: Checking for suffix after "@" (2) suffix: No '@' in User-Name = "x19a19", looking up realm NULL (2) suffix: No such realm "NULL" (2) [suffix] = noop (2) eap: Peer sent EAP Response (code 2) ID 89 length 6 (2) eap: Continuing tunnel setup (2) [eap] = ok (2) } # authorize = ok (2) Found Auth-Type = eap (2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (2) authenticate { (2) eap: Expiring EAP session with state 0xd5cab529d493ace4 (2) eap: Finished EAP session with state 0xd5cab529d493ace4 (2) eap: Previous EAP request found for state 0xd5cab529d493ace4, released from the list (2) eap: Peer sent packet with method EAP PEAP (25) (2) eap: Calling submodule eap_peap to process data (2) eap_peap: Continuing EAP-TLS (2) eap_peap: Peer ACKed our handshake fragment (2) eap_peap: [eaptls verify] = request (2) eap_peap: [eaptls process] = handled (2) eap: Sending EAP Request (code 1) ID 90 length 197 (2) eap: EAP session adding &reply:State = 0xd5cab529d790ace4 (2) [eap] = handled (2) } # authenticate = handled (2) Using Post-Auth-Type Challenge (2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (2) Challenge { ... } # empty sub-section is ignored (2) Sent Access-Challenge Id 2 from 128.180.1.12:1812 to 128.180.10.10:37390 length 0 (2) EAP-Message = 0x015a00c519009514387a2a99cbc5bc7bf00cd5a29c255b83772ba796b69dae86ff9b01f62cd587cd98518e7b3476015a262ecd457d3d4907b7ea5078d7f296d2f954319aa2bff38c213fd16268b2602ae9b69d9e89420a7a7232915386dac92e9f835425586551deb8019cfb47aca33d279ff611294f8b (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0xd5cab529d790ace4f6d40de07aff4d01 (2) Finished request Waking up in 4.9 seconds. (3) Received Access-Request Id 3 from 128.180.10.10:37390 to 128.180.1.12:1812 length 269 (3) User-Name = "x19a19" (3) Calling-Station-Id = "00-0A-CD-31-6C-B4" (3) Framed-MTU = 1400 (3) NAS-Port-Type = Wireless-802.11 (3) Service-Type = Framed-User (3) Connect-Info = "CONNECT 11Mbps 802.11b" (3) NAS-IP-Address = 128.180.10.10 (3) EAP-Message = 0x025a008819800000007e1603030046100000424104fc5bb0a7a1c6d364acac1b9577d6da13d37ae7f5be2269a13a2dd8ff073c07355810fe52fe84b6478bf08c55e531ced723650d13c9c3eb6b6ccd8b9a303640be140303000101160303002850823d0b0711a0e3ca25a3d3c0b0608532302156d36f93 (3) State = 0xd5cab529d790ace4f6d40de07aff4d01 (3) Message-Authenticator = 0xb228fa99ab9bc2c005e4a529b3e61308 (3) session-state: No cached attributes (3) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (3) authorize { (3) policy filter_username { (3) if (&User-Name) { (3) if (&User-Name) -> TRUE (3) if (&User-Name) { (3) if (&User-Name =~ / /) { (3) if (&User-Name =~ / /) -> FALSE (3) if (&User-Name =~ /@[^@]*@/ ) { (3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (3) if (&User-Name =~ /\.\./ ) { (3) if (&User-Name =~ /\.\./ ) -> FALSE (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (3) if (&User-Name =~ /\.$/) { (3) if (&User-Name =~ /\.$/) -> FALSE (3) if (&User-Name =~ /@\./) { (3) if (&User-Name =~ /@\./) -> FALSE (3) } # if (&User-Name) = notfound (3) } # policy filter_username = notfound (3) [preprocess] = ok (3) [mschap] = noop (3) suffix: Checking for suffix after "@" (3) suffix: No '@' in User-Name = "x19a19", looking up realm NULL (3) suffix: No such realm "NULL" (3) [suffix] = noop (3) eap: Peer sent EAP Response (code 2) ID 90 length 136 (3) eap: Continuing tunnel setup (3) [eap] = ok (3) } # authorize = ok (3) Found Auth-Type = eap (3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (3) authenticate { (3) eap: Expiring EAP session with state 0xd5cab529d790ace4 (3) eap: Finished EAP session with state 0xd5cab529d790ace4 (3) eap: Previous EAP request found for state 0xd5cab529d790ace4, released from the list (3) eap: Peer sent packet with method EAP PEAP (25) (3) eap: Calling submodule eap_peap to process data (3) eap_peap: Continuing EAP-TLS (3) eap_peap: Peer indicated complete TLS record size will be 126 bytes (3) eap_peap: Got complete TLS record (126 bytes) (3) eap_peap: [eaptls verify] = length included (3) eap_peap: TLS_accept: SSLv3/TLS write server done (3) eap_peap: <<< recv TLS 1.2 [length 0046] (3) eap_peap: TLS_accept: SSLv3/TLS read client key exchange (3) eap_peap: TLS_accept: SSLv3/TLS read change cipher spec (3) eap_peap: <<< recv TLS 1.2 [length 0010] (3) eap_peap: TLS_accept: SSLv3/TLS read finished (3) eap_peap: >>> send TLS 1.2 [length 0001] (3) eap_peap: TLS_accept: SSLv3/TLS write change cipher spec (3) eap_peap: >>> send TLS 1.2 [length 0010] (3) eap_peap: TLS_accept: SSLv3/TLS write finished (3) eap_peap: (other): SSL negotiation finished successfully (3) eap_peap: SSL Connection Established (3) eap_peap: [eaptls process] = handled (3) eap: Sending EAP Request (code 1) ID 91 length 57 (3) eap: EAP session adding &reply:State = 0xd5cab529d691ace4 (3) [eap] = handled (3) } # authenticate = handled (3) Using Post-Auth-Type Challenge (3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (3) Challenge { ... } # empty sub-section is ignored (3) Sent Access-Challenge Id 3 from 128.180.1.12:1812 to 128.180.10.10:37390 length 0 (3) EAP-Message = 0x015b0039190014030300010116030300284d99b5c3c5193bcc51b4aa1ed19ca2be71cfdb79c560a09d671240792b6456674737f95c176ab1d7 (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) State = 0xd5cab529d691ace4f6d40de07aff4d01 (3) Finished request Waking up in 4.9 seconds. (4) Received Access-Request Id 4 from 128.180.10.10:37390 to 128.180.1.12:1812 length 139 (4) User-Name = "x19a19" (4) Calling-Station-Id = "00-0A-CD-31-6C-B4" (4) Framed-MTU = 1400 (4) NAS-Port-Type = Wireless-802.11 (4) Service-Type = Framed-User (4) Connect-Info = "CONNECT 11Mbps 802.11b" (4) NAS-IP-Address = 128.180.10.10 (4) EAP-Message = 0x025b00061900 (4) State = 0xd5cab529d691ace4f6d40de07aff4d01 (4) Message-Authenticator = 0xf00cd599fd7c7eb90b7e5382f9f10bde (4) session-state: No cached attributes (4) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (4) authorize { (4) policy filter_username { (4) if (&User-Name) { (4) if (&User-Name) -> TRUE (4) if (&User-Name) { (4) if (&User-Name =~ / /) { (4) if (&User-Name =~ / /) -> FALSE (4) if (&User-Name =~ /@[^@]*@/ ) { (4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (4) if (&User-Name =~ /\.\./ ) { (4) if (&User-Name =~ /\.\./ ) -> FALSE (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (4) if (&User-Name =~ /\.$/) { (4) if (&User-Name =~ /\.$/) -> FALSE (4) if (&User-Name =~ /@\./) { (4) if (&User-Name =~ /@\./) -> FALSE (4) } # if (&User-Name) = notfound (4) } # policy filter_username = notfound (4) [preprocess] = ok (4) [mschap] = noop (4) suffix: Checking for suffix after "@" (4) suffix: No '@' in User-Name = "x19a19", looking up realm NULL (4) suffix: No such realm "NULL" (4) [suffix] = noop (4) eap: Peer sent EAP Response (code 2) ID 91 length 6 (4) eap: Continuing tunnel setup (4) [eap] = ok (4) } # authorize = ok (4) Found Auth-Type = eap (4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (4) authenticate { (4) eap: Expiring EAP session with state 0xd5cab529d691ace4 (4) eap: Finished EAP session with state 0xd5cab529d691ace4 (4) eap: Previous EAP request found for state 0xd5cab529d691ace4, released from the list (4) eap: Peer sent packet with method EAP PEAP (25) (4) eap: Calling submodule eap_peap to process data (4) eap_peap: Continuing EAP-TLS (4) eap_peap: Peer ACKed our handshake fragment. handshake is finished (4) eap_peap: [eaptls verify] = success (4) eap_peap: [eaptls process] = success (4) eap_peap: Session established. Decoding tunneled attributes (4) eap_peap: PEAP state TUNNEL ESTABLISHED (4) eap: Sending EAP Request (code 1) ID 92 length 40 (4) eap: EAP session adding &reply:State = 0xd5cab529d196ace4 (4) [eap] = handled (4) } # authenticate = handled (4) Using Post-Auth-Type Challenge (4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (4) Challenge { ... } # empty sub-section is ignored (4) Sent Access-Challenge Id 4 from 128.180.1.12:1812 to 128.180.10.10:37390 length 0 (4) EAP-Message = 0x015c00281900170303001d4d99b5c3c5193bcd9137302e88e4ffe708354e681dbf61a648e63395ac (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0xd5cab529d196ace4f6d40de07aff4d01 (4) Finished request Waking up in 4.9 seconds. (5) Received Access-Request Id 5 from 128.180.10.10:37390 to 128.180.1.12:1812 length 175 (5) User-Name = "x19a19" (5) Calling-Station-Id = "00-0A-CD-31-6C-B4" (5) Framed-MTU = 1400 (5) NAS-Port-Type = Wireless-802.11 (5) Service-Type = Framed-User (5) Connect-Info = "CONNECT 11Mbps 802.11b" (5) NAS-IP-Address = 128.180.10.10 (5) EAP-Message = 0x025c002a1900170303001f50823d0b0711a0e49fe1c10b3d17b529a59955d132202ac16d913e01a58e73 (5) State = 0xd5cab529d196ace4f6d40de07aff4d01 (5) Message-Authenticator = 0x3f6f9dcc52fc81ba4a45772b1c6ffc6b (5) session-state: No cached attributes (5) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (5) authorize { (5) policy filter_username { (5) if (&User-Name) { (5) if (&User-Name) -> TRUE (5) if (&User-Name) { (5) if (&User-Name =~ / /) { (5) if (&User-Name =~ / /) -> FALSE (5) if (&User-Name =~ /@[^@]*@/ ) { (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (5) if (&User-Name =~ /\.\./ ) { (5) if (&User-Name =~ /\.\./ ) -> FALSE (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (5) if (&User-Name =~ /\.$/) { (5) if (&User-Name =~ /\.$/) -> FALSE (5) if (&User-Name =~ /@\./) { (5) if (&User-Name =~ /@\./) -> FALSE (5) } # if (&User-Name) = notfound (5) } # policy filter_username = notfound (5) [preprocess] = ok (5) [mschap] = noop (5) suffix: Checking for suffix after "@" (5) suffix: No '@' in User-Name = "x19a19", looking up realm NULL (5) suffix: No such realm "NULL" (5) [suffix] = noop (5) eap: Peer sent EAP Response (code 2) ID 92 length 42 (5) eap: Continuing tunnel setup (5) [eap] = ok (5) } # authorize = ok (5) Found Auth-Type = eap (5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (5) authenticate { (5) eap: Expiring EAP session with state 0xd5cab529d196ace4 (5) eap: Finished EAP session with state 0xd5cab529d196ace4 (5) eap: Previous EAP request found for state 0xd5cab529d196ace4, released from the list (5) eap: Peer sent packet with method EAP PEAP (25) (5) eap: Calling submodule eap_peap to process data (5) eap_peap: Continuing EAP-TLS (5) eap_peap: [eaptls verify] = ok (5) eap_peap: Done initial handshake (5) eap_peap: [eaptls process] = ok (5) eap_peap: Session established. Decoding tunneled attributes (5) eap_peap: PEAP state WAITING FOR INNER IDENTITY (5) eap_peap: Identity - x19a19 (5) eap_peap: Got inner identity 'x19a19' (5) eap_peap: Setting default EAP type for tunneled EAP session (5) eap_peap: Got tunneled request (5) eap_peap: EAP-Message = 0x025c000b01783139613139 (5) eap_peap: Setting User-Name to x19a19 (5) eap_peap: Sending tunneled request to inner-tunnel (5) eap_peap: EAP-Message = 0x025c000b01783139613139 (5) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (5) eap_peap: User-Name = "x19a19" (5) Virtual server inner-tunnel received request (5) EAP-Message = 0x025c000b01783139613139 (5) FreeRADIUS-Proxied-To = 127.0.0.1 (5) User-Name = "x19a19" (5) WARNING: Outer and inner identities are the same. User privacy is compromised. (5) server inner-tunnel { (5) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (5) authorize { (5) policy filter_username { (5) if (&User-Name) { (5) if (&User-Name) -> TRUE (5) if (&User-Name) { (5) if (&User-Name =~ / /) { (5) if (&User-Name =~ / /) -> FALSE (5) if (&User-Name =~ /@[^@]*@/ ) { (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (5) if (&User-Name =~ /\.\./ ) { (5) if (&User-Name =~ /\.\./ ) -> FALSE (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (5) if (&User-Name =~ /\.$/) { (5) if (&User-Name =~ /\.$/) -> FALSE (5) if (&User-Name =~ /@\./) { (5) if (&User-Name =~ /@\./) -> FALSE (5) } # if (&User-Name) = notfound (5) } # policy filter_username = notfound (5) [chap] = noop (5) [mschap] = noop (5) suffix: Checking for suffix after "@" (5) suffix: No '@' in User-Name = "x19a19", looking up realm NULL (5) suffix: No such realm "NULL" (5) [suffix] = noop (5) update control { (5) &Proxy-To-Realm := LOCAL (5) } # update control = noop (5) eap: Peer sent EAP Response (code 2) ID 92 length 11 (5) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (5) [eap] = ok (5) } # authorize = ok (5) Found Auth-Type = eap (5) # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (5) authenticate { (5) eap: Peer sent packet with method EAP Identity (1) (5) eap: Calling submodule eap_mschapv2 to process data (5) eap_mschapv2: Issuing Challenge (5) eap: Sending EAP Request (code 1) ID 93 length 43 (5) eap: EAP session adding &reply:State = 0x97ebaf3b97b6b5d2 (5) [eap] = handled (5) } # authenticate = handled (5) } # server inner-tunnel (5) Virtual server sending reply (5) EAP-Message = 0x015d002b1a015d0026107c13a4105e1039e486e7f86a4e2d4b9c667265657261646975732d332e302e3137 (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) State = 0x97ebaf3b97b6b5d21f4ac90eaae0ae9c (5) eap_peap: Got tunneled reply code 11 (5) eap_peap: EAP-Message = 0x015d002b1a015d0026107c13a4105e1039e486e7f86a4e2d4b9c667265657261646975732d332e302e3137 (5) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (5) eap_peap: State = 0x97ebaf3b97b6b5d21f4ac90eaae0ae9c (5) eap_peap: Got tunneled reply RADIUS code 11 (5) eap_peap: EAP-Message = 0x015d002b1a015d0026107c13a4105e1039e486e7f86a4e2d4b9c667265657261646975732d332e302e3137 (5) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (5) eap_peap: State = 0x97ebaf3b97b6b5d21f4ac90eaae0ae9c (5) eap_peap: Got tunneled Access-Challenge (5) eap: Sending EAP Request (code 1) ID 93 length 74 (5) eap: EAP session adding &reply:State = 0xd5cab529d097ace4 (5) [eap] = handled (5) } # authenticate = handled (5) Using Post-Auth-Type Challenge (5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (5) Challenge { ... } # empty sub-section is ignored (5) Sent Access-Challenge Id 5 from 128.180.1.12:1812 to 128.180.10.10:37390 length 0 (5) EAP-Message = 0x015d004a1900170303003f4d99b5c3c5193bced34dea26eb084492b33e0c0a8590d44411cccab329b81d25a3bb5c6eb0b98906ef940b0afff59de07f275f1743963056a5e713fdb5f1ae (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) State = 0xd5cab529d097ace4f6d40de07aff4d01 (5) Finished request Waking up in 4.9 seconds. (6) Received Access-Request Id 6 from 128.180.10.10:37390 to 128.180.1.12:1812 length 229 (6) User-Name = "x19a19" (6) Calling-Station-Id = "00-0A-CD-31-6C-B4" (6) Framed-MTU = 1400 (6) NAS-Port-Type = Wireless-802.11 (6) Service-Type = Framed-User (6) Connect-Info = "CONNECT 11Mbps 802.11b" (6) NAS-IP-Address = 128.180.10.10 (6) EAP-Message = 0x025d00601900170303005550823d0b0711a0e5c1ab4673218f7703e98d7ae9be258bb253344c2b53be68a837fd1f45e10d7a14397b7f051e20d1c55158b3638b42b8acfb55492ce8a90ba4f38da594d8dd9148ed0e509eee492ac6e9ab270a94 (6) State = 0xd5cab529d097ace4f6d40de07aff4d01 (6) Message-Authenticator = 0xcd8033c23d61a2240a845706bbc692e2 (6) session-state: No cached attributes (6) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (6) authorize { (6) policy filter_username { (6) if (&User-Name) { (6) if (&User-Name) -> TRUE (6) if (&User-Name) { (6) if (&User-Name =~ / /) { (6) if (&User-Name =~ / /) -> FALSE (6) if (&User-Name =~ /@[^@]*@/ ) { (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (6) if (&User-Name =~ /\.\./ ) { (6) if (&User-Name =~ /\.\./ ) -> FALSE (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (6) if (&User-Name =~ /\.$/) { (6) if (&User-Name =~ /\.$/) -> FALSE (6) if (&User-Name =~ /@\./) { (6) if (&User-Name =~ /@\./) -> FALSE (6) } # if (&User-Name) = notfound (6) } # policy filter_username = notfound (6) [preprocess] = ok (6) [mschap] = noop (6) suffix: Checking for suffix after "@" (6) suffix: No '@' in User-Name = "x19a19", looking up realm NULL (6) suffix: No such realm "NULL" (6) [suffix] = noop (6) eap: Peer sent EAP Response (code 2) ID 93 length 96 (6) eap: Continuing tunnel setup (6) [eap] = ok (6) } # authorize = ok (6) Found Auth-Type = eap (6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (6) authenticate { (6) eap: Expiring EAP session with state 0x97ebaf3b97b6b5d2 (6) eap: Finished EAP session with state 0xd5cab529d097ace4 (6) eap: Previous EAP request found for state 0xd5cab529d097ace4, released from the list (6) eap: Peer sent packet with method EAP PEAP (25) (6) eap: Calling submodule eap_peap to process data (6) eap_peap: Continuing EAP-TLS (6) eap_peap: [eaptls verify] = ok (6) eap_peap: Done initial handshake (6) eap_peap: [eaptls process] = ok (6) eap_peap: Session established. Decoding tunneled attributes (6) eap_peap: PEAP state phase2 (6) eap_peap: EAP method MSCHAPv2 (26) (6) eap_peap: Got tunneled request (6) eap_peap: EAP-Message = 0x025d00411a025d003c31e0ecf5de1b0eaa47a2fae06c0ea80a06000000000000000061407f8eb8e26fb9e634cbed4006b3f6280b910bfaaf75c600783139613139 (6) eap_peap: Setting User-Name to x19a19 (6) eap_peap: Sending tunneled request to inner-tunnel (6) eap_peap: EAP-Message = 0x025d00411a025d003c31e0ecf5de1b0eaa47a2fae06c0ea80a06000000000000000061407f8eb8e26fb9e634cbed4006b3f6280b910bfaaf75c600783139613139 (6) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (6) eap_peap: User-Name = "x19a19" (6) eap_peap: State = 0x97ebaf3b97b6b5d21f4ac90eaae0ae9c (6) Virtual server inner-tunnel received request (6) EAP-Message = 0x025d00411a025d003c31e0ecf5de1b0eaa47a2fae06c0ea80a06000000000000000061407f8eb8e26fb9e634cbed4006b3f6280b910bfaaf75c600783139613139 (6) FreeRADIUS-Proxied-To = 127.0.0.1 (6) User-Name = "x19a19" (6) State = 0x97ebaf3b97b6b5d21f4ac90eaae0ae9c (6) WARNING: Outer and inner identities are the same. User privacy is compromised. (6) server inner-tunnel { (6) session-state: No cached attributes (6) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (6) authorize { (6) policy filter_username { (6) if (&User-Name) { (6) if (&User-Name) -> TRUE (6) if (&User-Name) { (6) if (&User-Name =~ / /) { (6) if (&User-Name =~ / /) -> FALSE (6) if (&User-Name =~ /@[^@]*@/ ) { (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (6) if (&User-Name =~ /\.\./ ) { (6) if (&User-Name =~ /\.\./ ) -> FALSE (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (6) if (&User-Name =~ /\.$/) { (6) if (&User-Name =~ /\.$/) -> FALSE (6) if (&User-Name =~ /@\./) { (6) if (&User-Name =~ /@\./) -> FALSE (6) } # if (&User-Name) = notfound (6) } # policy filter_username = notfound (6) [chap] = noop (6) [mschap] = noop (6) suffix: Checking for suffix after "@" (6) suffix: No '@' in User-Name = "x19a19", looking up realm NULL (6) suffix: No such realm "NULL" (6) [suffix] = noop (6) update control { (6) &Proxy-To-Realm := LOCAL (6) } # update control = noop (6) eap: Peer sent EAP Response (code 2) ID 93 length 65 (6) eap: No EAP Start, assuming it's an on-going EAP conversation (6) [eap] = updated (6) [files] = noop (6) [expiration] = noop (6) [logintime] = noop (6) [pap] = noop (6) } # authorize = updated (6) Found Auth-Type = eap (6) # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (6) authenticate { (6) eap: Expiring EAP session with state 0x97ebaf3b97b6b5d2 (6) eap: Finished EAP session with state 0x97ebaf3b97b6b5d2 (6) eap: Previous EAP request found for state 0x97ebaf3b97b6b5d2, released from the list (6) eap: Peer sent packet with method EAP MSCHAPv2 (26) (6) eap: Calling submodule eap_mschapv2 to process data (6) eap_mschapv2: # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (6) eap_mschapv2: authenticate { (6) mschap: Creating challenge hash with username: x19a19 (6) mschap: Client is using MS-CHAPv2 (6) mschap: EXPAND %{mschap:User-Name} (6) mschap: --> x19a19 rlm_mschap (mschap): Reserved connection (0) (6) mschap: sending authentication request user='x19a19' domain='AD' rlm_mschap (mschap): Released connection (0) Need 5 more connections to reach 10 spares rlm_mschap (mschap): Opening additional connection (5), 1 of 27 pending slots used (6) mschap: Authenticated successfully (6) mschap: Adding MS-CHAPv2 MPPE keys (6) [mschap] = ok (6) } # authenticate = ok (6) MSCHAP Success (6) eap: Sending EAP Request (code 1) ID 94 length 51 (6) eap: EAP session adding &reply:State = 0x97ebaf3b96b5b5d2 (6) [eap] = handled (6) } # authenticate = handled (6) } # server inner-tunnel (6) Virtual server sending reply (6) EAP-Message = 0x015e00331a035d002e533d32364236443532434631443937453031424333314332343541464438364431304133363037454234 (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0x97ebaf3b96b5b5d21f4ac90eaae0ae9c (6) eap_peap: Got tunneled reply code 11 (6) eap_peap: EAP-Message = 0x015e00331a035d002e533d32364236443532434631443937453031424333314332343541464438364431304133363037454234 (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (6) eap_peap: State = 0x97ebaf3b96b5b5d21f4ac90eaae0ae9c (6) eap_peap: Got tunneled reply RADIUS code 11 (6) eap_peap: EAP-Message = 0x015e00331a035d002e533d32364236443532434631443937453031424333314332343541464438364431304133363037454234 (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (6) eap_peap: State = 0x97ebaf3b96b5b5d21f4ac90eaae0ae9c (6) eap_peap: Got tunneled Access-Challenge (6) eap: Sending EAP Request (code 1) ID 94 length 82 (6) eap: EAP session adding &reply:State = 0xd5cab529d394ace4 (6) [eap] = handled (6) } # authenticate = handled (6) Using Post-Auth-Type Challenge (6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (6) Challenge { ... } # empty sub-section is ignored (6) Sent Access-Challenge Id 6 from 128.180.1.12:1812 to 128.180.10.10:37390 length 0 (6) EAP-Message = 0x015e0052190017030300474d99b5c3c5193bcfed6bc205bbb3e97baa83ae82f585e2f28775992d1da91a9e8cba0c1a820eee27064fc71137c771a15c648a1dc5e69d794a37d671a294003a83ce621e4c9ca8 (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0xd5cab529d394ace4f6d40de07aff4d01 (6) Finished request Waking up in 4.9 seconds. (7) Received Access-Request Id 7 from 128.180.10.10:37390 to 128.180.1.12:1812 length 170 (7) User-Name = "x19a19" (7) Calling-Station-Id = "00-0A-CD-31-6C-B4" (7) Framed-MTU = 1400 (7) NAS-Port-Type = Wireless-802.11 (7) Service-Type = Framed-User (7) Connect-Info = "CONNECT 11Mbps 802.11b" (7) NAS-IP-Address = 128.180.10.10 (7) EAP-Message = 0x025e00251900170303001a50823d0b0711a0e6d862f400ba40e4e3346eb03ba1666f089bdb (7) State = 0xd5cab529d394ace4f6d40de07aff4d01 (7) Message-Authenticator = 0x2187a05fc656d964f49bac68b0d01e1f (7) session-state: No cached attributes (7) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (7) authorize { (7) policy filter_username { (7) if (&User-Name) { (7) if (&User-Name) -> TRUE (7) if (&User-Name) { (7) if (&User-Name =~ / /) { (7) if (&User-Name =~ / /) -> FALSE (7) if (&User-Name =~ /@[^@]*@/ ) { (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (7) if (&User-Name =~ /\.\./ ) { (7) if (&User-Name =~ /\.\./ ) -> FALSE (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (7) if (&User-Name =~ /\.$/) { (7) if (&User-Name =~ /\.$/) -> FALSE (7) if (&User-Name =~ /@\./) { (7) if (&User-Name =~ /@\./) -> FALSE (7) } # if (&User-Name) = notfound (7) } # policy filter_username = notfound (7) [preprocess] = ok (7) [mschap] = noop (7) suffix: Checking for suffix after "@" (7) suffix: No '@' in User-Name = "x19a19", looking up realm NULL (7) suffix: No such realm "NULL" (7) [suffix] = noop (7) eap: Peer sent EAP Response (code 2) ID 94 length 37 (7) eap: Continuing tunnel setup (7) [eap] = ok (7) } # authorize = ok (7) Found Auth-Type = eap (7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (7) authenticate { (7) eap: Expiring EAP session with state 0x97ebaf3b96b5b5d2 (7) eap: Finished EAP session with state 0xd5cab529d394ace4 (7) eap: Previous EAP request found for state 0xd5cab529d394ace4, released from the list (7) eap: Peer sent packet with method EAP PEAP (25) (7) eap: Calling submodule eap_peap to process data (7) eap_peap: Continuing EAP-TLS (7) eap_peap: [eaptls verify] = ok (7) eap_peap: Done initial handshake (7) eap_peap: [eaptls process] = ok (7) eap_peap: Session established. Decoding tunneled attributes (7) eap_peap: PEAP state phase2 (7) eap_peap: EAP method MSCHAPv2 (26) (7) eap_peap: Got tunneled request (7) eap_peap: EAP-Message = 0x025e00061a03 (7) eap_peap: Setting User-Name to x19a19 (7) eap_peap: Sending tunneled request to inner-tunnel (7) eap_peap: EAP-Message = 0x025e00061a03 (7) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (7) eap_peap: User-Name = "x19a19" (7) eap_peap: State = 0x97ebaf3b96b5b5d21f4ac90eaae0ae9c (7) Virtual server inner-tunnel received request (7) EAP-Message = 0x025e00061a03 (7) FreeRADIUS-Proxied-To = 127.0.0.1 (7) User-Name = "x19a19" (7) State = 0x97ebaf3b96b5b5d21f4ac90eaae0ae9c (7) WARNING: Outer and inner identities are the same. User privacy is compromised. (7) server inner-tunnel { (7) session-state: No cached attributes (7) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (7) authorize { (7) policy filter_username { (7) if (&User-Name) { (7) if (&User-Name) -> TRUE (7) if (&User-Name) { (7) if (&User-Name =~ / /) { (7) if (&User-Name =~ / /) -> FALSE (7) if (&User-Name =~ /@[^@]*@/ ) { (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (7) if (&User-Name =~ /\.\./ ) { (7) if (&User-Name =~ /\.\./ ) -> FALSE (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (7) if (&User-Name =~ /\.$/) { (7) if (&User-Name =~ /\.$/) -> FALSE (7) if (&User-Name =~ /@\./) { (7) if (&User-Name =~ /@\./) -> FALSE (7) } # if (&User-Name) = notfound (7) } # policy filter_username = notfound (7) [chap] = noop (7) [mschap] = noop (7) suffix: Checking for suffix after "@" (7) suffix: No '@' in User-Name = "x19a19", looking up realm NULL (7) suffix: No such realm "NULL" (7) [suffix] = noop (7) update control { (7) &Proxy-To-Realm := LOCAL (7) } # update control = noop (7) eap: Peer sent EAP Response (code 2) ID 94 length 6 (7) eap: No EAP Start, assuming it's an on-going EAP conversation (7) [eap] = updated (7) [files] = noop (7) [expiration] = noop (7) [logintime] = noop (7) [pap] = noop (7) } # authorize = updated (7) Found Auth-Type = eap (7) # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (7) authenticate { (7) eap: Expiring EAP session with state 0x97ebaf3b96b5b5d2 (7) eap: Finished EAP session with state 0x97ebaf3b96b5b5d2 (7) eap: Previous EAP request found for state 0x97ebaf3b96b5b5d2, released from the list (7) eap: Peer sent packet with method EAP MSCHAPv2 (26) (7) eap: Calling submodule eap_mschapv2 to process data (7) eap: Sending EAP Success (code 3) ID 94 length 4 (7) eap: Freeing handler (7) [eap] = ok (7) } # authenticate = ok (7) # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (7) post-auth { (7) if (0) { (7) if (0) -> FALSE (7) } # post-auth = noop (7) Login OK: [x19a19] (from client newguy port 0 via TLS tunnel) (7) } # server inner-tunnel (7) Virtual server sending reply (7) MS-MPPE-Encryption-Policy = Encryption-Allowed (7) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (7) MS-MPPE-Send-Key = 0x3dbd0e514b1011ad90ebe00e330e8c11 (7) MS-MPPE-Recv-Key = 0xd49ea8ea1406bcc4b9177cfd006a0a4d (7) EAP-Message = 0x035e0004 (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) User-Name = "x19a19" (7) eap_peap: Got tunneled reply code 2 (7) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed (7) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (7) eap_peap: MS-MPPE-Send-Key = 0x3dbd0e514b1011ad90ebe00e330e8c11 (7) eap_peap: MS-MPPE-Recv-Key = 0xd49ea8ea1406bcc4b9177cfd006a0a4d (7) eap_peap: EAP-Message = 0x035e0004 (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (7) eap_peap: User-Name = "x19a19" (7) eap_peap: Got tunneled reply RADIUS code 2 (7) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed (7) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (7) eap_peap: MS-MPPE-Send-Key = 0x3dbd0e514b1011ad90ebe00e330e8c11 (7) eap_peap: MS-MPPE-Recv-Key = 0xd49ea8ea1406bcc4b9177cfd006a0a4d (7) eap_peap: EAP-Message = 0x035e0004 (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (7) eap_peap: User-Name = "x19a19" (7) eap_peap: Tunneled authentication was successful (7) eap_peap: SUCCESS (7) eap_peap: Saving tunneled attributes for later (7) eap: Sending EAP Request (code 1) ID 95 length 46 (7) eap: EAP session adding &reply:State = 0xd5cab529d295ace4 (7) [eap] = handled (7) } # authenticate = handled (7) Using Post-Auth-Type Challenge (7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (7) Challenge { ... } # empty sub-section is ignored (7) Sent Access-Challenge Id 7 from 128.180.1.12:1812 to 128.180.10.10:37390 length 0 (7) EAP-Message = 0x015f002e190017030300234d99b5c3c5193bd0e3e0b11c153c0a53c5faf2042fe8196c9af5cb39839e67021928c9 (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0xd5cab529d295ace4f6d40de07aff4d01 (7) Finished request Waking up in 4.9 seconds. (8) Received Access-Request Id 8 from 128.180.10.10:37390 to 128.180.1.12:1812 length 179 (8) User-Name = "x19a19" (8) Calling-Station-Id = "00-0A-CD-31-6C-B4" (8) Framed-MTU = 1400 (8) NAS-Port-Type = Wireless-802.11 (8) Service-Type = Framed-User (8) Connect-Info = "CONNECT 11Mbps 802.11b" (8) NAS-IP-Address = 128.180.10.10 (8) EAP-Message = 0x025f002e1900170303002350823d0b0711a0e7d347b3a8a91250f7493bf70002a55422ab652f6755c4548e415fe6 (8) State = 0xd5cab529d295ace4f6d40de07aff4d01 (8) Message-Authenticator = 0x1a6e7c8c91c24cf2f319ba78834bf0a3 (8) session-state: No cached attributes (8) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (8) authorize { (8) policy filter_username { (8) if (&User-Name) { (8) if (&User-Name) -> TRUE (8) if (&User-Name) { (8) if (&User-Name =~ / /) { (8) if (&User-Name =~ / /) -> FALSE (8) if (&User-Name =~ /@[^@]*@/ ) { (8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (8) if (&User-Name =~ /\.\./ ) { (8) if (&User-Name =~ /\.\./ ) -> FALSE (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (8) if (&User-Name =~ /\.$/) { (8) if (&User-Name =~ /\.$/) -> FALSE (8) if (&User-Name =~ /@\./) { (8) if (&User-Name =~ /@\./) -> FALSE (8) } # if (&User-Name) = notfound (8) } # policy filter_username = notfound (8) [preprocess] = ok (8) [mschap] = noop (8) suffix: Checking for suffix after "@" (8) suffix: No '@' in User-Name = "x19a19", looking up realm NULL (8) suffix: No such realm "NULL" (8) [suffix] = noop (8) eap: Peer sent EAP Response (code 2) ID 95 length 46 (8) eap: Continuing tunnel setup (8) [eap] = ok (8) } # authorize = ok (8) Found Auth-Type = eap (8) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (8) authenticate { (8) eap: Expiring EAP session with state 0xd5cab529d295ace4 (8) eap: Finished EAP session with state 0xd5cab529d295ace4 (8) eap: Previous EAP request found for state 0xd5cab529d295ace4, released from the list (8) eap: Peer sent packet with method EAP PEAP (25) (8) eap: Calling submodule eap_peap to process data (8) eap_peap: Continuing EAP-TLS (8) eap_peap: [eaptls verify] = ok (8) eap_peap: Done initial handshake (8) eap_peap: [eaptls process] = ok (8) eap_peap: Session established. Decoding tunneled attributes (8) eap_peap: PEAP state send tlv success (8) eap_peap: Received EAP-TLV response (8) eap_peap: Success (8) eap_peap: Using saved attributes from the original Access-Accept (8) eap_peap: User-Name = "x19a19" (8) eap: Sending EAP Success (code 3) ID 95 length 4 (8) eap: Freeing handler (8) [eap] = ok (8) } # authenticate = ok (8) # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/default (8) post-auth { (8) update { (8) No attributes updated (8) } # update = noop (8) [exec] = noop (8) policy remove_reply_message_if_eap { (8) if (&reply:EAP-Message && &reply:Reply-Message) { (8) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (8) else { (8) [noop] = noop (8) } # else = noop (8) } # policy remove_reply_message_if_eap = noop (8) } # post-auth = noop (8) Login OK: [x19a19] (from client newguy port 0 cli 00-0A-CD-31-6C-B4) (8) Sent Access-Accept Id 8 from 128.180.1.12:1812 to 128.180.10.10:37390 length 0 (8) User-Name = "x19a19" (8) MS-MPPE-Recv-Key = 0xed9fcdc627d86a2652543851d8f6e2cc7aca7e941eaaac46904ea2d5cae72824 (8) MS-MPPE-Send-Key = 0x8d5faa43ee07dc194f806593f94351a2c29933f4944df7044a49b984e13e65a3 (8) EAP-Message = 0x035f0004 (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) Finished request Waking up in 4.9 seconds. (0) Cleaning up request packet ID 0 with timestamp +3 (1) Cleaning up request packet ID 1 with timestamp +3 (2) Cleaning up request packet ID 2 with timestamp +3 (3) Cleaning up request packet ID 3 with timestamp +3 (4) Cleaning up request packet ID 4 with timestamp +3 (5) Cleaning up request packet ID 5 with timestamp +3 (6) Cleaning up request packet ID 6 with timestamp +3 (7) Cleaning up request packet ID 7 with timestamp +3 (8) Cleaning up request packet ID 8 with timestamp +3 Ready to process requests -- Munroe Sollog Senior Network Engineer munroe@lehigh.edu