Here is the debug output: Listening on auth address * port 1812 bound to server default Listening on acct address * port 1813 bound to server default Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel Ready to process requests (0) Received Access-Request Id 241 from 203.59.132.253:38386 to 172.17.0.68:1812 length 222 (0) Service-Type = Framed-User (0) Framed-MTU = 1400 (0) User-Name = 'jake' (0) NAS-Port-Id = 'wlan4' (0) NAS-Port-Type = Wireless-802.11 (0) Acct-Session-Id = '82200019' (0) Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18' (0) Calling-Station-Id = 'F8-A9-D0-18-F2-24' (0) Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE' (0) EAP-Message = 0x02000009016a616b65 (0) Message-Authenticator = 0x0942bb06979bc2c6859785baa97efea0 (0) NAS-Identifier = 'MikroTik' (0) NAS-IP-Address = 10.1.1.23 (0) # Executing section authorize from file /etc/freeradius/sites-enabled/default (0) authorize { (0) policy filter_username { (0) if (!&User-Name) { (0) if (!&User-Name) -> FALSE (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@.*@/ ) { (0) if (&User-Name =~ /@.*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "jake", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) eap: Peer sent code Response (2) ID 0 length 9 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = EAP (0) # Executing group from file /etc/freeradius/sites-enabled/default (0) authenticate { (0) eap: Peer sent method Identity (1) (0) eap: Calling eap_md5 to process EAP data (0) eap_md5: Issuing MD5 Challenge (0) eap: EAP session adding &reply:State = 0x2ae8af442ae9ab52 (0) [eap] = handled (0) } # authenticate = handled (0) Using Post-Auth-Type Challenge (0) Post-Auth-Type sub-section not found. Ignoring. (0) # Executing group from file /etc/freeradius/sites-enabled/default (0) Sent Access-Challenge Id 241 from 172.17.0.68:1812 to 203.59.132.253:38386 length 0 (0) EAP-Message = 0x010100160410e9962633c394d82e8af727f23160824c (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0x2ae8af442ae9ab526f505f86b4932430 (0) Finished request Waking up in 4.9 seconds. (1) Received Access-Request Id 242 from 203.59.132.253:44270 to 172.17.0.68:1812 length 237 (1) Service-Type = Framed-User (1) Framed-MTU = 1400 (1) User-Name = 'jake' (1) State = 0x2ae8af442ae9ab526f505f86b4932430 (1) NAS-Port-Id = 'wlan4' (1) NAS-Port-Type = Wireless-802.11 (1) Acct-Session-Id = '82200019' (1) Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18' (1) Calling-Station-Id = 'F8-A9-D0-18-F2-24' (1) Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE' (1) EAP-Message = 0x020100060319 (1) Message-Authenticator = 0x23c1df8ed8c64f231b0e8b9a5c48c798 (1) NAS-Identifier = 'MikroTik' (1) NAS-IP-Address = 10.1.1.23 (1) session-state: No cached attributes (1) # Executing section authorize from file /etc/freeradius/sites-enabled/default (1) authorize { (1) policy filter_username { (1) if (!&User-Name) { (1) if (!&User-Name) -> FALSE (1) if (&User-Name =~ / /) { (1) if (&User-Name =~ / /) -> FALSE (1) if (&User-Name =~ /@.*@/ ) { (1) if (&User-Name =~ /@.*@/ ) -> FALSE (1) if (&User-Name =~ /\.\./ ) { (1) if (&User-Name =~ /\.\./ ) -> FALSE (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (1) if (&User-Name =~ /\.$/) { (1) if (&User-Name =~ /\.$/) -> FALSE (1) if (&User-Name =~ /@\./) { (1) if (&User-Name =~ /@\./) -> FALSE (1) } # policy filter_username = notfound (1) [preprocess] = ok (1) [chap] = noop (1) [mschap] = noop (1) [digest] = noop (1) suffix: Checking for suffix after "@" (1) suffix: No '@' in User-Name = "jake", looking up realm NULL (1) suffix: No such realm "NULL" (1) [suffix] = noop (1) eap: Peer sent code Response (2) ID 1 length 6 (1) eap: No EAP Start, assuming it's an on-going EAP conversation (1) [eap] = updated (1) sql: EXPAND %{User-Name} (1) sql: --> jake (1) sql: SQL-User-Name set to 'jake' rlm_sql (sql): Reserved connection (4) (1) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (1) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'jake' ORDER BY id (1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'jake' ORDER BY id (1) sql: User found in radcheck table (1) sql: Conditional check items matched, merging assignment check items (1) sql: Cleartext-Password := 'fheman123' (1) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id (1) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'jake' ORDER BY id (1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'jake' ORDER BY id (1) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (1) sql: --> SELECT groupname FROM radusergroup WHERE username = 'jake' ORDER BY priority (1) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'jake' ORDER BY priority (1) sql: User found in the group table (1) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id (1) sql: --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '14kimberleyst' ORDER BY id (1) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '14kimberleyst' ORDER BY id (1) sql: Group "14kimberleyst": Conditional check items matched (1) sql: Group "14kimberleyst": Merging assignment check items (1) sql: Reset-Date := '13' (1) sql: Total-Bytes := '999999999999999999' (1) sql: EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id (1) sql: --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '14kimberleyst' ORDER BY id (1) sql: Executing select query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '14kimberleyst' ORDER BY id (1) sql: Group "14kimberleyst": Merging reply items (1) sql: Session-Timeout := 10800 rlm_sql (sql): Released connection (4) (1) [sql] = ok (1) policy site-restriction { (1) update request { (1) EXPAND %{User-Name} (1) --> jake (1) SQL-User-Name set to 'jake' rlm_sql (sql): Reserved connection (4) (1) Executing select query: SET @user = 'jake'; SET @nasmac = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'; SELECT COUNT(*) FROM (SELECT radsitegroup.nasshortname FROM `radsitegroup` INNER JOIN `radusergroup` ON radsitegroup.groupname=radusergroup.groupname WHERE nasshortname='ALL' AND `radusergroup`.`username` = @user UNION ALL SELECT radsitegroup.nasshortname FROM `radsitegroup` INNER JOIN `radusergroup` ON radsitegroup.groupname=radusergroup.groupname INNER JOIN `nas` ON nas.shortname=radsitegroup.nasshortname WHERE nas.nasidentifier=@nasmac AND `radusergroup`.`username` = @user) as a rlm_sql (sql): Released connection (4) (1) EXPAND %{sql:SET @user = '%{User-Name}'; SET @nasmac = '%{request:Called-Station-Id}'; SELECT COUNT(*) FROM (SELECT radsitegroup.nasshortname FROM `radsitegroup` INNER JOIN `radusergroup` ON radsitegroup.groupname=radusergroup.groupname WHERE nasshortname='ALL' AND `radusergroup`.`username` = @user UNION ALL SELECT radsitegroup.nasshortname FROM `radsitegroup` INNER JOIN `radusergroup` ON radsitegroup.groupname=radusergroup.groupname INNER JOIN `nas` ON nas.shortname=radsitegroup.nasshortname WHERE nas.nasidentifier=@nasmac AND `radusergroup`.`username` = @user) as a} (1) --> 1 (1) Site := 1 (1) } # update request = noop (1) if ( Site == '0' ) { (1) if ( Site == '0' ) -> FALSE (1) } # policy site-restriction = noop (1) policy data-restriction { (1) if ((control:Total-Bytes)){ (1) if ((control:Total-Bytes)) -> TRUE (1) if ((control:Total-Bytes)) { (1) update control { (1) EXPAND %{User-Name} (1) --> jake (1) SQL-User-Name set to 'jake' rlm_sql (sql): Reserved connection (4) (1) Executing select query: SET @reset_date = '13'; SELECT IFNULL((sum(acctinputoctets)+sum(acctoutputoctets)),0) FROM `radacct` WHERE UserName='jake' AND DATE(`acctstarttime`) BETWEEN (CASE WHEN @reset_date > DAYOFMONTH(NOW()) THEN DATE( DATE_SUB( CONCAT( YEAR( NOW( ) ) , '-', MONTH( NOW( ) ) , '-', @reset_date ) , INTERVAL 1 MONTH ) ) ELSE CONCAT( YEAR( NOW( ) ) , '-', MONTH( NOW( ) ) , '-', @reset_date )END) AND DATE(NOW()); rlm_sql (sql): Released connection (4) (1) EXPAND %{sql:SET @reset_date = '%{control:Reset-Date}'; SELECT IFNULL((sum(acctinputoctets)+sum(acctoutputoctets)),0) FROM `radacct` WHERE UserName='%{request:User-Name}' AND DATE(`acctstarttime`) BETWEEN (CASE WHEN @reset_date > DAYOFMONTH(NOW()) THEN DATE( DATE_SUB( CONCAT( YEAR( NOW( ) ) , '-', MONTH( NOW( ) ) , '-', @reset_date ) , INTERVAL 1 MONTH ) ) ELSE CONCAT( YEAR( NOW( ) ) , '-', MONTH( NOW( ) ) , '-', @reset_date )END) AND DATE(NOW());} (1) --> 154996 (1) Used-Bytes := 154996 (1) EXPAND %{User-Name} (1) --> jake (1) SQL-User-Name set to 'jake' rlm_sql (sql): Reserved connection (4) (1) Executing select query: SELECT `email` FROM `users` WHERE `username` = 'jake' rlm_sql (sql): Released connection (4) (1) EXPAND %{sql:SELECT `email` FROM `users` WHERE `username` = '%{request:User-Name}'} (1) --> zhex900@gmail.com (1) Email := zhex900@gmail.com (1) EXPAND %{User-Name} (1) --> jake (1) SQL-User-Name set to 'jake' rlm_sql (sql): Reserved connection (4) (1) Executing select query: SELECT `sentmail` FROM `users` WHERE `username` = 'jake' rlm_sql (sql): Released connection (4) (1) EXPAND %{sql:SELECT `sentmail` FROM `users` WHERE `username` = '%{request:User-Name}'} (1) --> 0 (1) Sent-Mail := 0 (1) EXPAND %{User-Name} (1) --> jake (1) SQL-User-Name set to 'jake' rlm_sql (sql): Reserved connection (4) (1) Executing select query: SELECT `mobile_suffix` FROM `users` WHERE `username` = 'jake' rlm_sql (sql): Released connection (4) (1) EXPAND %{sql:SELECT `mobile_suffix` FROM `users` WHERE `username` = '%{request:User-Name}'} (1) --> 0433169153 (1) Mobile := 0433169153 (1) } # update control = noop (1) sendmsg: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'jake' (1) sendmsg: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '10.1.1.23' (1) sendmsg: $RAD_REQUEST{'Service-Type'} = &request:Service-Type -> 'Framed-User' (1) sendmsg: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (1) sendmsg: $RAD_REQUEST{'State'} = &request:State -> '0x2ae8af442ae9ab526f505f86b4932430' (1) sendmsg: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '02-0C-42-B7-A9-5E:GRACE UPON GRACE' (1) sendmsg: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> 'F8-A9-D0-18-F2-24' (1) sendmsg: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> 'MikroTik' (1) sendmsg: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (1) sendmsg: $RAD_REQUEST{'Acct-Session-Id'} = &request:Acct-Session-Id -> '82200019' (1) sendmsg: $RAD_REQUEST{'Acct-Multi-Session-Id'} = &request:Acct-Multi-Session-Id -> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18' (1) sendmsg: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Jun 26 2015 03:36:51 UTC' (1) sendmsg: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020100060319' (1) sendmsg: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0x23c1df8ed8c64f231b0e8b9a5c48c798' (1) sendmsg: $RAD_REQUEST{'NAS-Port-Id'} = &request:NAS-Port-Id -> 'wlan4' (1) sendmsg: $RAD_REQUEST{'EAP-Type'} = &request:EAP-Type -> 'NAK' (1) sendmsg: $RAD_REQUEST{'SQL-User-Name'} = &request:SQL-User-Name -> 'jake' (1) sendmsg: $RAD_REQUEST{'Site'} = &request:Site -> '1' (1) sendmsg: $RAD_REPLY{'Session-Timeout'} = &reply:Session-Timeout -> '10800' (1) sendmsg: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'EAP' (1) sendmsg: $RAD_CHECK{'Cleartext-Password'} = &control:Cleartext-Password -> 'fheman123' (1) sendmsg: $RAD_CHECK{'Total-Bytes'} = &control:Total-Bytes -> '999999999999999999' (1) sendmsg: $RAD_CHECK{'Used-Bytes'} = &control:Used-Bytes -> '154996' (1) sendmsg: $RAD_CHECK{'Reset-Date'} = &control:Reset-Date -> '13' (1) sendmsg: $RAD_CHECK{'Email'} = &control:Email -> 'zhex900@gmail.com' (1) sendmsg: $RAD_CHECK{'Sent-Mail'} = &control:Sent-Mail -> '0' (1) sendmsg: $RAD_CHECK{'Mobile'} = &control:Mobile -> '0433169153' (1) sendmsg: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'EAP' (1) sendmsg: $RAD_CONFIG{'Cleartext-Password'} = &control:Cleartext-Password -> 'fheman123' (1) sendmsg: $RAD_CONFIG{'Total-Bytes'} = &control:Total-Bytes -> '999999999999999999' (1) sendmsg: $RAD_CONFIG{'Used-Bytes'} = &control:Used-Bytes -> '154996' (1) sendmsg: $RAD_CONFIG{'Reset-Date'} = &control:Reset-Date -> '13' (1) sendmsg: $RAD_CONFIG{'Email'} = &control:Email -> 'zhex900@gmail.com' (1) sendmsg: $RAD_CONFIG{'Sent-Mail'} = &control:Sent-Mail -> '0' (1) sendmsg: $RAD_CONFIG{'Mobile'} = &control:Mobile -> '0433169153' (1) sendmsg: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (1) sendmsg: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Jun 26 2015 03:36:51 UTC' (1) sendmsg: &request:Service-Type = $RAD_REQUEST{'Service-Type'} -> 'Framed-User' (1) sendmsg: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> 'F8-A9-D0-18-F2-24' (1) sendmsg: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'jake' (1) sendmsg: &request:EAP-Type = $RAD_REQUEST{'EAP-Type'} -> 'NAK' (1) sendmsg: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0x23c1df8ed8c64f231b0e8b9a5c48c798' (1) sendmsg: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (1) sendmsg: &request:Acct-Multi-Session-Id = $RAD_REQUEST{'Acct-Multi-Session-Id'} -> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18' (1) sendmsg: &request:SQL-User-Name = $RAD_REQUEST{'SQL-User-Name'} -> 'jake' (1) sendmsg: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '02-0C-42-B7-A9-5E:GRACE UPON GRACE' (1) sendmsg: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '10.1.1.23' (1) sendmsg: &request:Acct-Session-Id = $RAD_REQUEST{'Acct-Session-Id'} -> '82200019' (1) sendmsg: &request:NAS-Port-Id = $RAD_REQUEST{'NAS-Port-Id'} -> 'wlan4' (1) sendmsg: &request:Site = $RAD_REQUEST{'Site'} -> '1' (1) sendmsg: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020100060319' (1) sendmsg: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> 'MikroTik' (1) sendmsg: &request:State = $RAD_REQUEST{'State'} -> '0x2ae8af442ae9ab526f505f86b4932430' (1) sendmsg: &reply:Session-Timeout = $RAD_REPLY{'Session-Timeout'} -> '10800' (1) sendmsg: &control:Cleartext-Password = $RAD_CHECK{'Cleartext-Password'} -> 'fheman123' (1) sendmsg: &control:Mobile = $RAD_CHECK{'Mobile'} -> '0433169153' (1) sendmsg: &control:Reset-Date = $RAD_CHECK{'Reset-Date'} -> '13' (1) sendmsg: &control:Sent-Mail = $RAD_CHECK{'Sent-Mail'} -> '0' (1) sendmsg: &control:Total-Bytes = $RAD_CHECK{'Total-Bytes'} -> '999999999999999999' (1) sendmsg: &control:Used-Bytes = $RAD_CHECK{'Used-Bytes'} -> '154996' (1) sendmsg: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'EAP' (1) sendmsg: &control:Email = $RAD_CHECK{'Email'} -> 'zhex900@gmail.com' (1) [sendmsg] = noop (1) check_usage: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'jake' (1) check_usage: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '10.1.1.23' (1) check_usage: $RAD_REQUEST{'Service-Type'} = &request:Service-Type -> 'Framed-User' (1) check_usage: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400' (1) check_usage: $RAD_REQUEST{'State'} = &request:State -> '0x2ae8af442ae9ab526f505f86b4932430' (1) check_usage: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '02-0C-42-B7-A9-5E:GRACE UPON GRACE' (1) check_usage: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> 'F8-A9-D0-18-F2-24' (1) check_usage: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> 'MikroTik' (1) check_usage: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (1) check_usage: $RAD_REQUEST{'Acct-Session-Id'} = &request:Acct-Session-Id -> '82200019' (1) check_usage: $RAD_REQUEST{'Acct-Multi-Session-Id'} = &request:Acct-Multi-Session-Id -> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18' (1) check_usage: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Jun 26 2015 03:36:51 UTC' (1) check_usage: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020100060319' (1) check_usage: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0x23c1df8ed8c64f231b0e8b9a5c48c798' (1) check_usage: $RAD_REQUEST{'NAS-Port-Id'} = &request:NAS-Port-Id -> 'wlan4' (1) check_usage: $RAD_REQUEST{'EAP-Type'} = &request:EAP-Type -> 'NAK' (1) check_usage: $RAD_REQUEST{'SQL-User-Name'} = &request:SQL-User-Name -> 'jake' (1) check_usage: $RAD_REQUEST{'Site'} = &request:Site -> '1' (1) check_usage: $RAD_REPLY{'Session-Timeout'} = &reply:Session-Timeout -> '10800' (1) check_usage: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'EAP' (1) check_usage: $RAD_CHECK{'Cleartext-Password'} = &control:Cleartext-Password -> 'fheman123' (1) check_usage: $RAD_CHECK{'Total-Bytes'} = &control:Total-Bytes -> '999999999999999999' (1) check_usage: $RAD_CHECK{'Used-Bytes'} = &control:Used-Bytes -> '154996' (1) check_usage: $RAD_CHECK{'Reset-Date'} = &control:Reset-Date -> '13' (1) check_usage: $RAD_CHECK{'Email'} = &control:Email -> ' zhex900@gmail.com' (1) check_usage: $RAD_CHECK{'Sent-Mail'} = &control:Sent-Mail -> '0' (1) check_usage: $RAD_CHECK{'Mobile'} = &control:Mobile -> '0433169153' (1) check_usage: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'EAP' (1) check_usage: $RAD_CONFIG{'Cleartext-Password'} = &control:Cleartext-Password -> 'fheman123' (1) check_usage: $RAD_CONFIG{'Total-Bytes'} = &control:Total-Bytes -> '999999999999999999' (1) check_usage: $RAD_CONFIG{'Used-Bytes'} = &control:Used-Bytes -> '154996' (1) check_usage: $RAD_CONFIG{'Reset-Date'} = &control:Reset-Date -> '13' (1) check_usage: $RAD_CONFIG{'Email'} = &control:Email -> ' zhex900@gmail.com' (1) check_usage: $RAD_CONFIG{'Sent-Mail'} = &control:Sent-Mail -> '0' (1) check_usage: $RAD_CONFIG{'Mobile'} = &control:Mobile -> '0433169153' (1) check_usage: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400' (1) check_usage: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Jun 26 2015 03:36:51 UTC' (1) check_usage: &request:Service-Type = $RAD_REQUEST{'Service-Type'} -> 'Framed-User' (1) check_usage: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> 'F8-A9-D0-18-F2-24' (1) check_usage: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'jake' (1) check_usage: &request:EAP-Type = $RAD_REQUEST{'EAP-Type'} -> 'NAK' (1) check_usage: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0x23c1df8ed8c64f231b0e8b9a5c48c798' (1) check_usage: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (1) check_usage: &request:Acct-Multi-Session-Id = $RAD_REQUEST{'Acct-Multi-Session-Id'} -> '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18' (1) check_usage: &request:SQL-User-Name = $RAD_REQUEST{'SQL-User-Name'} -> 'jake' (1) check_usage: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '02-0C-42-B7-A9-5E:GRACE UPON GRACE' (1) check_usage: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '10.1.1.23' (1) check_usage: &request:Acct-Session-Id = $RAD_REQUEST{'Acct-Session-Id'} -> '82200019' (1) check_usage: &request:NAS-Port-Id = $RAD_REQUEST{'NAS-Port-Id'} -> 'wlan4' (1) check_usage: &request:Site = $RAD_REQUEST{'Site'} -> '1' (1) check_usage: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020100060319' (1) check_usage: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> 'MikroTik' (1) check_usage: &request:State = $RAD_REQUEST{'State'} -> '0x2ae8af442ae9ab526f505f86b4932430' (1) check_usage: &reply:Mikrotik-Total-Limit-Gigawords = $RAD_REPLY{'Mikrotik-Total-Limit-Gigawords'} -> '232830643' (1) check_usage: &reply:Mikrotik-Total-Limit = $RAD_REPLY{'Mikrotik-Total-Limit'} -> '2808193675' (1) check_usage: &reply:Session-Timeout = $RAD_REPLY{'Session-Timeout'} -> '10800' (1) check_usage: &control:Cleartext-Password = $RAD_CHECK{'Cleartext-Password'} -> 'fheman123' (1) check_usage: &control:Avail-Bytes = $RAD_CHECK{'Avail-Bytes'} -> '999999999999845003' (1) check_usage: &control:Mobile = $RAD_CHECK{'Mobile'} -> '0433169153' (1) check_usage: &control:Reset-Date = $RAD_CHECK{'Reset-Date'} -> '13' (1) check_usage: &control:Sent-Mail = $RAD_CHECK{'Sent-Mail'} -> '0' (1) check_usage: &control:Total-Bytes = $RAD_CHECK{'Total-Bytes'} -> '999999999999999999' (1) check_usage: &control:Used-Bytes = $RAD_CHECK{'Used-Bytes'} -> '154996' (1) check_usage: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'EAP' (1) check_usage: &control:Email = $RAD_CHECK{'Email'} -> 'zhex900@gmail.com' (1) [check_usage] = updated (1) } # if ((control:Total-Bytes)) = updated (1) } # policy data-restriction = updated (1) [expiration] = noop (1) [logintime] = noop (1) pap: WARNING: Auth-Type already set. Not setting to PAP (1) [pap] = noop (1) } # authorize = updated (1) Found Auth-Type = EAP (1) # Executing group from file /etc/freeradius/sites-enabled/default (1) authenticate { (1) eap: Expiring EAP session with state 0x2ae8af442ae9ab52 (1) eap: Finished EAP session with state 0x2ae8af442ae9ab52 (1) eap: Previous EAP request found for state 0x2ae8af442ae9ab52, released from the list (1) eap: Peer sent method NAK (3) (1) eap: Found mutually acceptable type PEAP (25) (1) eap: Calling eap_peap to process EAP data (1) eap_peap: Flushing SSL sessions (of #0) (1) eap_peap: Initiate (1) eap_peap: Start returned 1 (1) eap: EAP session adding &reply:State = 0x2ae8af442beab652 (1) [eap] = handled (1) } # authenticate = handled (1) Using Post-Auth-Type Challenge (1) Post-Auth-Type sub-section not found. Ignoring. (1) # Executing group from file /etc/freeradius/sites-enabled/default (1) Sent Access-Challenge Id 242 from 172.17.0.68:1812 to 203.59.132.253:44270 length 0 (1) Mikrotik-Total-Limit-Gigawords = 232830643 (1) Mikrotik-Total-Limit = 2808193675 (1) Session-Timeout = 10800 (1) EAP-Message = 0x010200061920 (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) State = 0x2ae8af442beab6526f505f86b4932430 (1) Finished request Waking up in 4.8 seconds. (2) Received Access-Request Id 243 from 203.59.132.253:52144 to 172.17.0.68:1812 length 427 (2) Service-Type = Framed-User (2) Framed-MTU = 1400 (2) User-Name = 'jake' (2) State = 0x2ae8af442beab6526f505f86b4932430 (2) NAS-Port-Id = 'wlan4' (2) NAS-Port-Type = Wireless-802.11 (2) Acct-Session-Id = '82200019' (2) Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18' (2) Calling-Station-Id = 'F8-A9-D0-18-F2-24' (2) Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE' (2) EAP-Message = 0x020200c41980000000ba16030100b5010000b103016e692cd58137a32168d3f582da80112b10f99f0b740669a6ebb3372583558513000048c014c00a00390038c00fc0050035c013c00900330032c00ec004002fc011c007c00cc00200050004c012c00800160013c00dc003000a001500120009001400 (2) Message-Authenticator = 0xe1a2042b676d0a3bca307cb23bd11d3d (2) NAS-Identifier = 'MikroTik' (2) NAS-IP-Address = 10.1.1.23 (2) session-state: No cached attributes (2) # Executing section authorize from file /etc/freeradius/sites-enabled/default (2) authorize { (2) policy filter_username { (2) if (!&User-Name) { (2) if (!&User-Name) -> FALSE (2) if (&User-Name =~ / /) { (2) if (&User-Name =~ / /) -> FALSE (2) if (&User-Name =~ /@.*@/ ) { (2) if (&User-Name =~ /@.*@/ ) -> FALSE (2) if (&User-Name =~ /\.\./ ) { (2) if (&User-Name =~ /\.\./ ) -> FALSE (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (2) if (&User-Name =~ /\.$/) { (2) if (&User-Name =~ /\.$/) -> FALSE (2) if (&User-Name =~ /@\./) { (2) if (&User-Name =~ /@\./) -> FALSE (2) } # policy filter_username = notfound (2) [preprocess] = ok (2) [chap] = noop (2) [mschap] = noop (2) [digest] = noop (2) suffix: Checking for suffix after "@" (2) suffix: No '@' in User-Name = "jake", looking up realm NULL (2) suffix: No such realm "NULL" (2) [suffix] = noop (2) eap: Peer sent code Response (2) ID 2 length 196 (2) eap: Continuing tunnel setup (2) [eap] = ok (2) } # authorize = ok (2) Found Auth-Type = EAP (2) # Executing group from file /etc/freeradius/sites-enabled/default (2) authenticate { (2) eap: Expiring EAP session with state 0x2ae8af442beab652 (2) eap: Finished EAP session with state 0x2ae8af442beab652 (2) eap: Previous EAP request found for state 0x2ae8af442beab652, released from the list (2) eap: Peer sent method PEAP (25) (2) eap: EAP PEAP (25) (2) eap: Calling eap_peap to process EAP data (2) eap_peap: processing EAP-TLS (2) eap_peap: TLS Length 186 (2) eap_peap: Length Included (2) eap_peap: eaptls_verify returned 11 (2) eap_peap: (other): before/accept initialization (2) eap_peap: TLS_accept: before/accept initialization (2) eap_peap: <<< TLS 1.0 Handshake [length 00b5], ClientHello (2) eap_peap: TLS_accept: SSLv3 read client hello A (2) eap_peap: >>> TLS 1.0 Handshake [length 0059], ServerHello (2) eap_peap: TLS_accept: SSLv3 write server hello A (2) eap_peap: >>> TLS 1.0 Handshake [length 08d0], Certificate (2) eap_peap: TLS_accept: SSLv3 write certificate A (2) eap_peap: >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange (2) eap_peap: TLS_accept: SSLv3 write key exchange A (2) eap_peap: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone (2) eap_peap: TLS_accept: SSLv3 write server done A (2) eap_peap: TLS_accept: SSLv3 flush data (2) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A (2) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode (2) eap_peap: eaptls_process returned 13 (2) eap_peap: FR_TLS_HANDLED (2) eap: EAP session adding &reply:State = 0x2ae8af4428ebb652 (2) [eap] = handled (2) } # authenticate = handled (2) Using Post-Auth-Type Challenge (2) Post-Auth-Type sub-section not found. Ignoring. (2) # Executing group from file /etc/freeradius/sites-enabled/default (2) Sent Access-Challenge Id 243 from 172.17.0.68:1812 to 203.59.132.253:52144 length 0 (2) EAP-Message = 0x010303ec19c000000a8c1603010059020000550301d46c8d0a4b602b18e16f0c2eca4ab0b9923c8c75937b6be866c61bccebeff4f020f8318cccbe262c0e3e6529d8f49d6f94bb3d20480c225789496ecaf88b6d23bbc01400000dff01000100000b00040300010216030108d00b0008cc0008c90003de (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0x2ae8af4428ebb6526f505f86b4932430 (2) Finished request Waking up in 4.7 seconds. (3) Received Access-Request Id 244 from 203.59.132.253:35924 to 172.17.0.68:1812 length 237 (3) Service-Type = Framed-User (3) Framed-MTU = 1400 (3) User-Name = 'jake' (3) State = 0x2ae8af4428ebb6526f505f86b4932430 (3) NAS-Port-Id = 'wlan4' (3) NAS-Port-Type = Wireless-802.11 (3) Acct-Session-Id = '82200019' (3) Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18' (3) Calling-Station-Id = 'F8-A9-D0-18-F2-24' (3) Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE' (3) EAP-Message = 0x020300061900 (3) Message-Authenticator = 0xbcede2e1f511c39d7829a8d31d3056ca (3) NAS-Identifier = 'MikroTik' (3) NAS-IP-Address = 10.1.1.23 (3) session-state: No cached attributes (3) # Executing section authorize from file /etc/freeradius/sites-enabled/default (3) authorize { (3) policy filter_username { (3) if (!&User-Name) { (3) if (!&User-Name) -> FALSE (3) if (&User-Name =~ / /) { (3) if (&User-Name =~ / /) -> FALSE (3) if (&User-Name =~ /@.*@/ ) { (3) if (&User-Name =~ /@.*@/ ) -> FALSE (3) if (&User-Name =~ /\.\./ ) { (3) if (&User-Name =~ /\.\./ ) -> FALSE (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (3) if (&User-Name =~ /\.$/) { (3) if (&User-Name =~ /\.$/) -> FALSE (3) if (&User-Name =~ /@\./) { (3) if (&User-Name =~ /@\./) -> FALSE (3) } # policy filter_username = notfound (3) [preprocess] = ok (3) [chap] = noop (3) [mschap] = noop (3) [digest] = noop (3) suffix: Checking for suffix after "@" (3) suffix: No '@' in User-Name = "jake", looking up realm NULL (3) suffix: No such realm "NULL" (3) [suffix] = noop (3) eap: Peer sent code Response (2) ID 3 length 6 (3) eap: Continuing tunnel setup (3) [eap] = ok (3) } # authorize = ok (3) Found Auth-Type = EAP (3) # Executing group from file /etc/freeradius/sites-enabled/default (3) authenticate { (3) eap: Expiring EAP session with state 0x2ae8af4428ebb652 (3) eap: Finished EAP session with state 0x2ae8af4428ebb652 (3) eap: Previous EAP request found for state 0x2ae8af4428ebb652, released from the list (3) eap: Peer sent method PEAP (25) (3) eap: EAP PEAP (25) (3) eap: Calling eap_peap to process EAP data (3) eap_peap: processing EAP-TLS (3) eap_peap: Received TLS ACK (3) eap_peap: Received TLS ACK (3) eap_peap: ACK handshake fragment handler (3) eap_peap: eaptls_verify returned 1 (3) eap_peap: eaptls_process returned 13 (3) eap_peap: FR_TLS_HANDLED (3) eap: EAP session adding &reply:State = 0x2ae8af4429ecb652 (3) [eap] = handled (3) } # authenticate = handled (3) Using Post-Auth-Type Challenge (3) Post-Auth-Type sub-section not found. Ignoring. (3) # Executing group from file /etc/freeradius/sites-enabled/default (3) Sent Access-Challenge Id 244 from 172.17.0.68:1812 to 203.59.132.253:35924 length 0 (3) EAP-Message = 0x010403e8194070fc3072618327914b90833c80b17761d6b71ed327b33f801709abca73c4785893e2238950ca0494c79dceb74a47d2ae97f2cf40c1857e89d6543f5d275ca54082c2d8a4ec8109ca6d7161699efce7a8d33588e1f1403c619f4ebd02f166ab8a0d9b07ad442d0202e60004e5308204e130 (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) State = 0x2ae8af4429ecb6526f505f86b4932430 (3) Finished request Waking up in 4.6 seconds. (4) Received Access-Request Id 245 from 203.59.132.253:39524 to 172.17.0.68:1812 length 237 (4) Service-Type = Framed-User (4) Framed-MTU = 1400 (4) User-Name = 'jake' (4) State = 0x2ae8af4429ecb6526f505f86b4932430 (4) NAS-Port-Id = 'wlan4' (4) NAS-Port-Type = Wireless-802.11 (4) Acct-Session-Id = '82200019' (4) Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18' (4) Calling-Station-Id = 'F8-A9-D0-18-F2-24' (4) Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE' (4) EAP-Message = 0x020400061900 (4) Message-Authenticator = 0x54aecaf6cd05e5bf1bce8ad82728077d (4) NAS-Identifier = 'MikroTik' (4) NAS-IP-Address = 10.1.1.23 (4) session-state: No cached attributes (4) # Executing section authorize from file /etc/freeradius/sites-enabled/default (4) authorize { (4) policy filter_username { (4) if (!&User-Name) { (4) if (!&User-Name) -> FALSE (4) if (&User-Name =~ / /) { (4) if (&User-Name =~ / /) -> FALSE (4) if (&User-Name =~ /@.*@/ ) { (4) if (&User-Name =~ /@.*@/ ) -> FALSE (4) if (&User-Name =~ /\.\./ ) { (4) if (&User-Name =~ /\.\./ ) -> FALSE (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (4) if (&User-Name =~ /\.$/) { (4) if (&User-Name =~ /\.$/) -> FALSE (4) if (&User-Name =~ /@\./) { (4) if (&User-Name =~ /@\./) -> FALSE (4) } # policy filter_username = notfound (4) [preprocess] = ok (4) [chap] = noop (4) [mschap] = noop (4) [digest] = noop (4) suffix: Checking for suffix after "@" (4) suffix: No '@' in User-Name = "jake", looking up realm NULL (4) suffix: No such realm "NULL" (4) [suffix] = noop (4) eap: Peer sent code Response (2) ID 4 length 6 (4) eap: Continuing tunnel setup (4) [eap] = ok (4) } # authorize = ok (4) Found Auth-Type = EAP (4) # Executing group from file /etc/freeradius/sites-enabled/default (4) authenticate { (4) eap: Expiring EAP session with state 0x2ae8af4429ecb652 (4) eap: Finished EAP session with state 0x2ae8af4429ecb652 (4) eap: Previous EAP request found for state 0x2ae8af4429ecb652, released from the list (4) eap: Peer sent method PEAP (25) (4) eap: EAP PEAP (25) (4) eap: Calling eap_peap to process EAP data (4) eap_peap: processing EAP-TLS (4) eap_peap: Received TLS ACK (4) eap_peap: Received TLS ACK (4) eap_peap: ACK handshake fragment handler (4) eap_peap: eaptls_verify returned 1 (4) eap_peap: eaptls_process returned 13 (4) eap_peap: FR_TLS_HANDLED (4) eap: EAP session adding &reply:State = 0x2ae8af442eedb652 (4) [eap] = handled (4) } # authenticate = handled (4) Using Post-Auth-Type Challenge (4) Post-Auth-Type sub-section not found. Ignoring. (4) # Executing group from file /etc/freeradius/sites-enabled/default (4) Sent Access-Challenge Id 245 from 172.17.0.68:1812 to 203.59.132.253:39524 length 0 (4) EAP-Message = 0x010502ce190020417574686f72697479820900b019525dc1d9412e300c0603551d13040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101006f73 (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0x2ae8af442eedb6526f505f86b4932430 (4) Finished request Waking up in 4.4 seconds. (5) Received Access-Request Id 246 from 203.59.132.253:45440 to 172.17.0.68:1812 length 375 (5) Service-Type = Framed-User (5) Framed-MTU = 1400 (5) User-Name = 'jake' (5) State = 0x2ae8af442eedb6526f505f86b4932430 (5) NAS-Port-Id = 'wlan4' (5) NAS-Port-Type = Wireless-802.11 (5) Acct-Session-Id = '82200019' (5) Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18' (5) Calling-Station-Id = 'F8-A9-D0-18-F2-24' (5) Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE' (5) EAP-Message = 0x020500901980000000861603010046100000424104bd66ff8372c1dc049759a9b955193ffa8e8e4da7348cc4e36500cb9b5198ba94ea171b8d06416f4894d5ff73e68fa74a8d6fd8563daec796148288a0a5ed0ebb1403010001011603010030bfe20542d15a4dfa96fecdb720ea6156305308632d1890 (5) Message-Authenticator = 0x7df94396891c33014810e3acbeafcbb1 (5) NAS-Identifier = 'MikroTik' (5) NAS-IP-Address = 10.1.1.23 (5) session-state: No cached attributes (5) # Executing section authorize from file /etc/freeradius/sites-enabled/default (5) authorize { (5) policy filter_username { (5) if (!&User-Name) { (5) if (!&User-Name) -> FALSE (5) if (&User-Name =~ / /) { (5) if (&User-Name =~ / /) -> FALSE (5) if (&User-Name =~ /@.*@/ ) { (5) if (&User-Name =~ /@.*@/ ) -> FALSE (5) if (&User-Name =~ /\.\./ ) { (5) if (&User-Name =~ /\.\./ ) -> FALSE (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (5) if (&User-Name =~ /\.$/) { (5) if (&User-Name =~ /\.$/) -> FALSE (5) if (&User-Name =~ /@\./) { (5) if (&User-Name =~ /@\./) -> FALSE (5) } # policy filter_username = notfound (5) [preprocess] = ok (5) [chap] = noop (5) [mschap] = noop (5) [digest] = noop (5) suffix: Checking for suffix after "@" (5) suffix: No '@' in User-Name = "jake", looking up realm NULL (5) suffix: No such realm "NULL" (5) [suffix] = noop (5) eap: Peer sent code Response (2) ID 5 length 144 (5) eap: Continuing tunnel setup (5) [eap] = ok (5) } # authorize = ok (5) Found Auth-Type = EAP (5) # Executing group from file /etc/freeradius/sites-enabled/default (5) authenticate { (5) eap: Expiring EAP session with state 0x2ae8af442eedb652 (5) eap: Finished EAP session with state 0x2ae8af442eedb652 (5) eap: Previous EAP request found for state 0x2ae8af442eedb652, released from the list (5) eap: Peer sent method PEAP (25) (5) eap: EAP PEAP (25) (5) eap: Calling eap_peap to process EAP data (5) eap_peap: processing EAP-TLS (5) eap_peap: TLS Length 134 (5) eap_peap: Length Included (5) eap_peap: eaptls_verify returned 11 (5) eap_peap: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange (5) eap_peap: TLS_accept: SSLv3 read client key exchange A (5) eap_peap: <<< TLS 1.0 ChangeCipherSpec [length 0001] (5) eap_peap: <<< TLS 1.0 Handshake [length 0010], Finished (5) eap_peap: TLS_accept: SSLv3 read finished A (5) eap_peap: >>> TLS 1.0 ChangeCipherSpec [length 0001] (5) eap_peap: TLS_accept: SSLv3 write change cipher spec A (5) eap_peap: >>> TLS 1.0 Handshake [length 0010], Finished (5) eap_peap: TLS_accept: SSLv3 write finished A (5) eap_peap: TLS_accept: SSLv3 flush data TLS: adding session f8318cccbe262c0e3e6529d8f49d6f94bb3d20480c225789496ecaf88b6d23bb to cache (5) eap_peap: (other): SSL negotiation finished successfully SSL Connection Established (5) eap_peap: eaptls_process returned 13 (5) eap_peap: FR_TLS_HANDLED (5) eap: EAP session adding &reply:State = 0x2ae8af442feeb652 (5) [eap] = handled (5) } # authenticate = handled (5) Using Post-Auth-Type Challenge (5) Post-Auth-Type sub-section not found. Ignoring. (5) # Executing group from file /etc/freeradius/sites-enabled/default (5) Sent Access-Challenge Id 246 from 172.17.0.68:1812 to 203.59.132.253:45440 length 0 (5) EAP-Message = 0x0106004119001403010001011603010030b50c5c6bcd7f1f0c3cdb9a9dd16fb6d24bfc64db51180644d3f3806f9a566ed700be78e43a68b107312669ee0fbe6d1f (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) State = 0x2ae8af442feeb6526f505f86b4932430 (5) Finished request Waking up in 4.3 seconds. (6) Received Access-Request Id 247 from 203.59.132.253:39369 to 172.17.0.68:1812 length 237 (6) Service-Type = Framed-User (6) Framed-MTU = 1400 (6) User-Name = 'jake' (6) State = 0x2ae8af442feeb6526f505f86b4932430 (6) NAS-Port-Id = 'wlan4' (6) NAS-Port-Type = Wireless-802.11 (6) Acct-Session-Id = '82200019' (6) Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18' (6) Calling-Station-Id = 'F8-A9-D0-18-F2-24' (6) Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE' (6) EAP-Message = 0x020600061900 (6) Message-Authenticator = 0xb6affee6faf6ee543b6ef9c9f52f74ec (6) NAS-Identifier = 'MikroTik' (6) NAS-IP-Address = 10.1.1.23 (6) session-state: No cached attributes (6) # Executing section authorize from file /etc/freeradius/sites-enabled/default (6) authorize { (6) policy filter_username { (6) if (!&User-Name) { (6) if (!&User-Name) -> FALSE (6) if (&User-Name =~ / /) { (6) if (&User-Name =~ / /) -> FALSE (6) if (&User-Name =~ /@.*@/ ) { (6) if (&User-Name =~ /@.*@/ ) -> FALSE (6) if (&User-Name =~ /\.\./ ) { (6) if (&User-Name =~ /\.\./ ) -> FALSE (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (6) if (&User-Name =~ /\.$/) { (6) if (&User-Name =~ /\.$/) -> FALSE (6) if (&User-Name =~ /@\./) { (6) if (&User-Name =~ /@\./) -> FALSE (6) } # policy filter_username = notfound (6) [preprocess] = ok (6) [chap] = noop (6) [mschap] = noop (6) [digest] = noop (6) suffix: Checking for suffix after "@" (6) suffix: No '@' in User-Name = "jake", looking up realm NULL (6) suffix: No such realm "NULL" (6) [suffix] = noop (6) eap: Peer sent code Response (2) ID 6 length 6 (6) eap: Continuing tunnel setup (6) [eap] = ok (6) } # authorize = ok (6) Found Auth-Type = EAP (6) # Executing group from file /etc/freeradius/sites-enabled/default (6) authenticate { (6) eap: Expiring EAP session with state 0x2ae8af442feeb652 (6) eap: Finished EAP session with state 0x2ae8af442feeb652 (6) eap: Previous EAP request found for state 0x2ae8af442feeb652, released from the list (6) eap: Peer sent method PEAP (25) (6) eap: EAP PEAP (25) (6) eap: Calling eap_peap to process EAP data (6) eap_peap: processing EAP-TLS (6) eap_peap: Received TLS ACK (6) eap_peap: Received TLS ACK (6) eap_peap: ACK handshake is finished (6) eap_peap: eaptls_verify returned 3 (6) eap_peap: eaptls_process returned 3 (6) eap_peap: FR_TLS_SUCCESS (6) eap_peap: Session established. Decoding tunneled attributes (6) eap_peap: PEAP state TUNNEL ESTABLISHED (6) eap: EAP session adding &reply:State = 0x2ae8af442cefb652 (6) [eap] = handled (6) } # authenticate = handled (6) Using Post-Auth-Type Challenge (6) Post-Auth-Type sub-section not found. Ignoring. (6) # Executing group from file /etc/freeradius/sites-enabled/default (6) Sent Access-Challenge Id 247 from 172.17.0.68:1812 to 203.59.132.253:39369 length 0 (6) EAP-Message = 0x0107002b190017030100209db4b82b7785ec126910f4c56f3693646b7c87d993175dec544c881e17ff7e66 (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0x2ae8af442cefb6526f505f86b4932430 (6) Finished request Waking up in 4.2 seconds. (7) Received Access-Request Id 248 from 203.59.132.253:54163 to 172.17.0.68:1812 length 274 (7) Service-Type = Framed-User (7) Framed-MTU = 1400 (7) User-Name = 'jake' (7) State = 0x2ae8af442cefb6526f505f86b4932430 (7) NAS-Port-Id = 'wlan4' (7) NAS-Port-Type = Wireless-802.11 (7) Acct-Session-Id = '82200019' (7) Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18' (7) Calling-Station-Id = 'F8-A9-D0-18-F2-24' (7) Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE' (7) EAP-Message = 0x0207002b190017030100208286978455a47dcaa043b6ee4493bf1162e7a1a6105b84d369f022c49c2db0b8 (7) Message-Authenticator = 0xb259288f94fab665a32a8e25909eabe9 (7) NAS-Identifier = 'MikroTik' (7) NAS-IP-Address = 10.1.1.23 (7) session-state: No cached attributes (7) # Executing section authorize from file /etc/freeradius/sites-enabled/default (7) authorize { (7) policy filter_username { (7) if (!&User-Name) { (7) if (!&User-Name) -> FALSE (7) if (&User-Name =~ / /) { (7) if (&User-Name =~ / /) -> FALSE (7) if (&User-Name =~ /@.*@/ ) { (7) if (&User-Name =~ /@.*@/ ) -> FALSE (7) if (&User-Name =~ /\.\./ ) { (7) if (&User-Name =~ /\.\./ ) -> FALSE (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (7) if (&User-Name =~ /\.$/) { (7) if (&User-Name =~ /\.$/) -> FALSE (7) if (&User-Name =~ /@\./) { (7) if (&User-Name =~ /@\./) -> FALSE (7) } # policy filter_username = notfound (7) [preprocess] = ok (7) [chap] = noop (7) [mschap] = noop (7) [digest] = noop (7) suffix: Checking for suffix after "@" (7) suffix: No '@' in User-Name = "jake", looking up realm NULL (7) suffix: No such realm "NULL" (7) [suffix] = noop (7) eap: Peer sent code Response (2) ID 7 length 43 (7) eap: Continuing tunnel setup (7) [eap] = ok (7) } # authorize = ok (7) Found Auth-Type = EAP (7) # Executing group from file /etc/freeradius/sites-enabled/default (7) authenticate { (7) eap: Expiring EAP session with state 0x2ae8af442cefb652 (7) eap: Finished EAP session with state 0x2ae8af442cefb652 (7) eap: Previous EAP request found for state 0x2ae8af442cefb652, released from the list (7) eap: Peer sent method PEAP (25) (7) eap: EAP PEAP (25) (7) eap: Calling eap_peap to process EAP data (7) eap_peap: processing EAP-TLS (7) eap_peap: eaptls_verify returned 7 (7) eap_peap: Done initial handshake (7) eap_peap: eaptls_process returned 7 (7) eap_peap: FR_TLS_OK (7) eap_peap: Session established. Decoding tunneled attributes (7) eap_peap: PEAP state WAITING FOR INNER IDENTITY (7) eap_peap: Identity - jake (7) eap_peap: Got inner identity 'jake' (7) eap_peap: Setting default EAP type for tunneled EAP session (7) eap_peap: Got tunneled request (7) eap_peap: EAP-Message = 0x02070009016a616b65 (7) eap_peap: Setting User-Name to jake (7) eap_peap: Sending tunneled request to inner-tunnel (7) eap_peap: EAP-Message = 0x02070009016a616b65 (7) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (7) eap_peap: User-Name = 'jake' (7) eap_peap: Service-Type = Framed-User (7) eap_peap: Framed-MTU = 1400 (7) eap_peap: NAS-Port-Id = 'wlan4' (7) eap_peap: NAS-Port-Type = Wireless-802.11 (7) eap_peap: Acct-Session-Id = '82200019' (7) eap_peap: Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18' (7) eap_peap: Calling-Station-Id = 'F8-A9-D0-18-F2-24' (7) eap_peap: Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE' (7) eap_peap: NAS-Identifier = 'MikroTik' (7) eap_peap: NAS-IP-Address = 10.1.1.23 (7) eap_peap: Event-Timestamp = 'Jun 26 2015 03:36:52 UTC' (7) Virtual server inner-tunnel received request (7) EAP-Message = 0x02070009016a616b65 (7) FreeRADIUS-Proxied-To = 127.0.0.1 (7) User-Name = 'jake' (7) Service-Type = Framed-User (7) Framed-MTU = 1400 (7) NAS-Port-Id = 'wlan4' (7) NAS-Port-Type = Wireless-802.11 (7) Acct-Session-Id = '82200019' (7) Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18' (7) Calling-Station-Id = 'F8-A9-D0-18-F2-24' (7) Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE' (7) NAS-Identifier = 'MikroTik' (7) NAS-IP-Address = 10.1.1.23 (7) Event-Timestamp = 'Jun 26 2015 03:36:52 UTC' (7) server inner-tunnel { (7) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel (7) authorize { (7) [chap] = noop (7) [mschap] = noop (7) suffix: Checking for suffix after "@" (7) suffix: No '@' in User-Name = "jake", looking up realm NULL (7) suffix: No such realm "NULL" (7) [suffix] = noop (7) update control { (7) &Proxy-To-Realm := LOCAL (7) } # update control = noop (7) eap: Peer sent code Response (2) ID 7 length 9 (7) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (7) [eap] = ok (7) } # authorize = ok (7) Found Auth-Type = EAP (7) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (7) authenticate { (7) eap: Peer sent method Identity (1) (7) eap: Calling eap_mschapv2 to process EAP data (7) eap_mschapv2: Issuing Challenge (7) eap: EAP session adding &reply:State = 0x22b0356022b82f2e (7) [eap] = handled (7) } # authenticate = handled (7) } # server inner-tunnel (7) Virtual server sending reply (7) EAP-Message = 0x0108002a1a010800251014f3168a99ab99e591528dc482b16e2c667265657261646975732d332e302e38 (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0x22b0356022b82f2e85a63bb65e619718 (7) eap_peap: Got tunneled reply code 11 (7) eap_peap: EAP-Message = 0x0108002a1a010800251014f3168a99ab99e591528dc482b16e2c667265657261646975732d332e302e38 (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (7) eap_peap: State = 0x22b0356022b82f2e85a63bb65e619718 (7) eap_peap: Got tunneled reply RADIUS code 11 (7) eap_peap: EAP-Message = 0x0108002a1a010800251014f3168a99ab99e591528dc482b16e2c667265657261646975732d332e302e38 (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (7) eap_peap: State = 0x22b0356022b82f2e85a63bb65e619718 (7) eap_peap: Got tunneled Access-Challenge (7) eap: EAP session adding &reply:State = 0x2ae8af442de0b652 (7) [eap] = handled (7) } # authenticate = handled (7) Using Post-Auth-Type Challenge (7) Post-Auth-Type sub-section not found. Ignoring. (7) # Executing group from file /etc/freeradius/sites-enabled/default (7) Sent Access-Challenge Id 248 from 172.17.0.68:1812 to 203.59.132.253:54163 length 0 (7) EAP-Message = 0x0108004b190017030100405d23e6bcb09cb6d20b68d9aaca1f83e4091ceff102e5083ddd35b9012b3d0e7188c3b1e155ea8f9bddc0ea1f850f357d2b8f6240e497819ecfd11cf2a7c0fbbb (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0x2ae8af442de0b6526f505f86b4932430 (7) Finished request Waking up in 4.1 seconds. (8) Received Access-Request Id 249 from 203.59.132.253:36869 to 172.17.0.68:1812 length 322 (8) Service-Type = Framed-User (8) Framed-MTU = 1400 (8) User-Name = 'jake' (8) State = 0x2ae8af442de0b6526f505f86b4932430 (8) NAS-Port-Id = 'wlan4' (8) NAS-Port-Type = Wireless-802.11 (8) Acct-Session-Id = '82200019' (8) Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18' (8) Calling-Station-Id = 'F8-A9-D0-18-F2-24' (8) Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE' (8) EAP-Message = 0x0208005b190017030100507a6c5910e9c1dc3a4adf8951c44d459517e50c2a6116265ff2d8924df35f0557e921ca3264d2be55f40dc688cb5fa91b6d9c14b1c9a895996ca03e1c224e31a2efb0740a6415f05685f77b4427b49f76 (8) Message-Authenticator = 0x1b7b410bbe118d5b2da8add5b4ac1a43 (8) NAS-Identifier = 'MikroTik' (8) NAS-IP-Address = 10.1.1.23 (8) session-state: No cached attributes (8) # Executing section authorize from file /etc/freeradius/sites-enabled/default (8) authorize { (8) policy filter_username { (8) if (!&User-Name) { (8) if (!&User-Name) -> FALSE (8) if (&User-Name =~ / /) { (8) if (&User-Name =~ / /) -> FALSE (8) if (&User-Name =~ /@.*@/ ) { (8) if (&User-Name =~ /@.*@/ ) -> FALSE (8) if (&User-Name =~ /\.\./ ) { (8) if (&User-Name =~ /\.\./ ) -> FALSE (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (8) if (&User-Name =~ /\.$/) { (8) if (&User-Name =~ /\.$/) -> FALSE (8) if (&User-Name =~ /@\./) { (8) if (&User-Name =~ /@\./) -> FALSE (8) } # policy filter_username = notfound (8) [preprocess] = ok (8) [chap] = noop (8) [mschap] = noop (8) [digest] = noop (8) suffix: Checking for suffix after "@" (8) suffix: No '@' in User-Name = "jake", looking up realm NULL (8) suffix: No such realm "NULL" (8) [suffix] = noop (8) eap: Peer sent code Response (2) ID 8 length 91 (8) eap: Continuing tunnel setup (8) [eap] = ok (8) } # authorize = ok (8) Found Auth-Type = EAP (8) # Executing group from file /etc/freeradius/sites-enabled/default (8) authenticate { (8) eap: Expiring EAP session with state 0x22b0356022b82f2e (8) eap: Finished EAP session with state 0x2ae8af442de0b652 (8) eap: Previous EAP request found for state 0x2ae8af442de0b652, released from the list (8) eap: Peer sent method PEAP (25) (8) eap: EAP PEAP (25) (8) eap: Calling eap_peap to process EAP data (8) eap_peap: processing EAP-TLS (8) eap_peap: eaptls_verify returned 7 (8) eap_peap: Done initial handshake (8) eap_peap: eaptls_process returned 7 (8) eap_peap: FR_TLS_OK (8) eap_peap: Session established. Decoding tunneled attributes (8) eap_peap: PEAP state phase2 (8) eap_peap: EAP type MSCHAPv2 (26) (8) eap_peap: Got tunneled request (8) eap_peap: EAP-Message = 0x0208003f1a0208003a31fcc0fb5d30dd364f4a9edc06a2029b9d0000000000000000312629d61823e24eb9069392de30e57b93615a8ff11013d1006a616b65 (8) eap_peap: Setting User-Name to jake (8) eap_peap: Sending tunneled request to inner-tunnel (8) eap_peap: EAP-Message = 0x0208003f1a0208003a31fcc0fb5d30dd364f4a9edc06a2029b9d0000000000000000312629d61823e24eb9069392de30e57b93615a8ff11013d1006a616b65 (8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (8) eap_peap: User-Name = 'jake' (8) eap_peap: State = 0x22b0356022b82f2e85a63bb65e619718 (8) eap_peap: Service-Type = Framed-User (8) eap_peap: Framed-MTU = 1400 (8) eap_peap: NAS-Port-Id = 'wlan4' (8) eap_peap: NAS-Port-Type = Wireless-802.11 (8) eap_peap: Acct-Session-Id = '82200019' (8) eap_peap: Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18' (8) eap_peap: Calling-Station-Id = 'F8-A9-D0-18-F2-24' (8) eap_peap: Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE' (8) eap_peap: NAS-Identifier = 'MikroTik' (8) eap_peap: NAS-IP-Address = 10.1.1.23 (8) eap_peap: Event-Timestamp = 'Jun 26 2015 03:36:52 UTC' (8) Virtual server inner-tunnel received request (8) EAP-Message = 0x0208003f1a0208003a31fcc0fb5d30dd364f4a9edc06a2029b9d0000000000000000312629d61823e24eb9069392de30e57b93615a8ff11013d1006a616b65 (8) FreeRADIUS-Proxied-To = 127.0.0.1 (8) User-Name = 'jake' (8) State = 0x22b0356022b82f2e85a63bb65e619718 (8) Service-Type = Framed-User (8) Framed-MTU = 1400 (8) NAS-Port-Id = 'wlan4' (8) NAS-Port-Type = Wireless-802.11 (8) Acct-Session-Id = '82200019' (8) Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18' (8) Calling-Station-Id = 'F8-A9-D0-18-F2-24' (8) Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE' (8) NAS-Identifier = 'MikroTik' (8) NAS-IP-Address = 10.1.1.23 (8) Event-Timestamp = 'Jun 26 2015 03:36:52 UTC' (8) server inner-tunnel { (8) session-state: No cached attributes (8) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel (8) authorize { (8) [chap] = noop (8) [mschap] = noop (8) suffix: Checking for suffix after "@" (8) suffix: No '@' in User-Name = "jake", looking up realm NULL (8) suffix: No such realm "NULL" (8) [suffix] = noop (8) update control { (8) &Proxy-To-Realm := LOCAL (8) } # update control = noop (8) eap: Peer sent code Response (2) ID 8 length 63 (8) eap: No EAP Start, assuming it's an on-going EAP conversation (8) [eap] = updated (8) [files] = noop (8) sql: EXPAND %{User-Name} (8) sql: --> jake (8) sql: SQL-User-Name set to 'jake' rlm_sql (sql): Reserved connection (4) (8) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (8) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'jake' ORDER BY id (8) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'jake' ORDER BY id (8) sql: User found in radcheck table (8) sql: Conditional check items matched, merging assignment check items (8) sql: Cleartext-Password := 'fheman123' (8) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id (8) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'jake' ORDER BY id (8) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'jake' ORDER BY id (8) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (8) sql: --> SELECT groupname FROM radusergroup WHERE username = 'jake' ORDER BY priority (8) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'jake' ORDER BY priority (8) sql: User found in the group table (8) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id (8) sql: --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '14kimberleyst' ORDER BY id (8) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '14kimberleyst' ORDER BY id (8) sql: Group "14kimberleyst": Conditional check items matched (8) sql: Group "14kimberleyst": Merging assignment check items (8) sql: Reset-Date := '13' (8) sql: Total-Bytes := '999999999999999999' (8) sql: EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id (8) sql: --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '14kimberleyst' ORDER BY id (8) sql: Executing select query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '14kimberleyst' ORDER BY id (8) sql: Group "14kimberleyst": Merging reply items (8) sql: Session-Timeout := 10800 rlm_sql (sql): Released connection (4) (8) [sql] = ok (8) [expiration] = noop (8) [logintime] = noop (8) pap: WARNING: Auth-Type already set. Not setting to PAP (8) [pap] = noop (8) } # authorize = updated (8) Found Auth-Type = EAP (8) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (8) authenticate { (8) eap: Expiring EAP session with state 0x22b0356022b82f2e (8) eap: Finished EAP session with state 0x22b0356022b82f2e (8) eap: Previous EAP request found for state 0x22b0356022b82f2e, released from the list (8) eap: Peer sent method MSCHAPv2 (26) (8) eap: EAP MSCHAPv2 (26) (8) eap: Calling eap_mschapv2 to process EAP data (8) eap_mschapv2: # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (8) eap_mschapv2: Auth-Type MS-CHAP { (8) mschap: Found Cleartext-Password, hashing to create NT-Password (8) mschap: Found Cleartext-Password, hashing to create LM-Password (8) mschap: Creating challenge hash with username: jake (8) mschap: Client is using MS-CHAPv2 (8) mschap: Adding MS-CHAPv2 MPPE keys (8) [mschap] = ok (8) } # Auth-Type MS-CHAP = ok (8) MSCHAP Success (8) eap: EAP session adding &reply:State = 0x22b0356023b92f2e (8) [eap] = handled (8) } # authenticate = handled (8) } # server inner-tunnel (8) Virtual server sending reply (8) Session-Timeout = 10800 (8) EAP-Message = 0x010900331a0308002e533d41333944323941353645323936313832444636323842413142393243463244353430393334463042 (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) State = 0x22b0356023b92f2e85a63bb65e619718 (8) eap_peap: Got tunneled reply code 11 (8) eap_peap: Session-Timeout = 10800 (8) eap_peap: EAP-Message = 0x010900331a0308002e533d41333944323941353645323936313832444636323842413142393243463244353430393334463042 (8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (8) eap_peap: State = 0x22b0356023b92f2e85a63bb65e619718 (8) eap_peap: Got tunneled reply RADIUS code 11 (8) eap_peap: Session-Timeout = 10800 (8) eap_peap: EAP-Message = 0x010900331a0308002e533d41333944323941353645323936313832444636323842413142393243463244353430393334463042 (8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (8) eap_peap: State = 0x22b0356023b92f2e85a63bb65e619718 (8) eap_peap: Got tunneled Access-Challenge (8) eap: EAP session adding &reply:State = 0x2ae8af4422e1b652 (8) [eap] = handled (8) } # authenticate = handled (8) Using Post-Auth-Type Challenge (8) Post-Auth-Type sub-section not found. Ignoring. (8) # Executing group from file /etc/freeradius/sites-enabled/default (8) Sent Access-Challenge Id 249 from 172.17.0.68:1812 to 203.59.132.253:36869 length 0 (8) EAP-Message = 0x0109005b19001703010050ff2fa83e838510f3b311adc6a2de5dd4e3bf9e49ca7b67699dc84fd1c698570243feeaa1c808dee3846a38ffbdf223dee1afbe871ba2398fe4bc3653e21b24c6fcee8c9607bbe10fe7370c07f0b041f4 (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) State = 0x2ae8af4422e1b6526f505f86b4932430 (8) Finished request Waking up in 4.0 seconds. (9) Received Access-Request Id 250 from 203.59.132.253:51671 to 172.17.0.68:1812 length 274 (9) Service-Type = Framed-User (9) Framed-MTU = 1400 (9) User-Name = 'jake' (9) State = 0x2ae8af4422e1b6526f505f86b4932430 (9) NAS-Port-Id = 'wlan4' (9) NAS-Port-Type = Wireless-802.11 (9) Acct-Session-Id = '82200019' (9) Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18' (9) Calling-Station-Id = 'F8-A9-D0-18-F2-24' (9) Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE' (9) EAP-Message = 0x0209002b19001703010020b385b35defe2309a0a1087757d0f1334ba0c847fa90fecacec7d8233ff986872 (9) Message-Authenticator = 0xd85c93784094e1af3cf813ae7c2212c5 (9) NAS-Identifier = 'MikroTik' (9) NAS-IP-Address = 10.1.1.23 (9) session-state: No cached attributes (9) # Executing section authorize from file /etc/freeradius/sites-enabled/default (9) authorize { (9) policy filter_username { (9) if (!&User-Name) { (9) if (!&User-Name) -> FALSE (9) if (&User-Name =~ / /) { (9) if (&User-Name =~ / /) -> FALSE (9) if (&User-Name =~ /@.*@/ ) { (9) if (&User-Name =~ /@.*@/ ) -> FALSE (9) if (&User-Name =~ /\.\./ ) { (9) if (&User-Name =~ /\.\./ ) -> FALSE (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (9) if (&User-Name =~ /\.$/) { (9) if (&User-Name =~ /\.$/) -> FALSE (9) if (&User-Name =~ /@\./) { (9) if (&User-Name =~ /@\./) -> FALSE (9) } # policy filter_username = notfound (9) [preprocess] = ok (9) [chap] = noop (9) [mschap] = noop (9) [digest] = noop (9) suffix: Checking for suffix after "@" (9) suffix: No '@' in User-Name = "jake", looking up realm NULL (9) suffix: No such realm "NULL" (9) [suffix] = noop (9) eap: Peer sent code Response (2) ID 9 length 43 (9) eap: Continuing tunnel setup (9) [eap] = ok (9) } # authorize = ok (9) Found Auth-Type = EAP (9) # Executing group from file /etc/freeradius/sites-enabled/default (9) authenticate { (9) eap: Expiring EAP session with state 0x22b0356023b92f2e (9) eap: Finished EAP session with state 0x2ae8af4422e1b652 (9) eap: Previous EAP request found for state 0x2ae8af4422e1b652, released from the list (9) eap: Peer sent method PEAP (25) (9) eap: EAP PEAP (25) (9) eap: Calling eap_peap to process EAP data (9) eap_peap: processing EAP-TLS (9) eap_peap: eaptls_verify returned 7 (9) eap_peap: Done initial handshake (9) eap_peap: eaptls_process returned 7 (9) eap_peap: FR_TLS_OK (9) eap_peap: Session established. Decoding tunneled attributes (9) eap_peap: PEAP state phase2 (9) eap_peap: EAP type MSCHAPv2 (26) (9) eap_peap: Got tunneled request (9) eap_peap: EAP-Message = 0x020900061a03 (9) eap_peap: Setting User-Name to jake (9) eap_peap: Sending tunneled request to inner-tunnel (9) eap_peap: EAP-Message = 0x020900061a03 (9) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (9) eap_peap: User-Name = 'jake' (9) eap_peap: State = 0x22b0356023b92f2e85a63bb65e619718 (9) eap_peap: Service-Type = Framed-User (9) eap_peap: Framed-MTU = 1400 (9) eap_peap: NAS-Port-Id = 'wlan4' (9) eap_peap: NAS-Port-Type = Wireless-802.11 (9) eap_peap: Acct-Session-Id = '82200019' (9) eap_peap: Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18' (9) eap_peap: Calling-Station-Id = 'F8-A9-D0-18-F2-24' (9) eap_peap: Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE' (9) eap_peap: NAS-Identifier = 'MikroTik' (9) eap_peap: NAS-IP-Address = 10.1.1.23 (9) eap_peap: Event-Timestamp = 'Jun 26 2015 03:36:52 UTC' (9) Virtual server inner-tunnel received request (9) EAP-Message = 0x020900061a03 (9) FreeRADIUS-Proxied-To = 127.0.0.1 (9) User-Name = 'jake' (9) State = 0x22b0356023b92f2e85a63bb65e619718 (9) Service-Type = Framed-User (9) Framed-MTU = 1400 (9) NAS-Port-Id = 'wlan4' (9) NAS-Port-Type = Wireless-802.11 (9) Acct-Session-Id = '82200019' (9) Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18' (9) Calling-Station-Id = 'F8-A9-D0-18-F2-24' (9) Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE' (9) NAS-Identifier = 'MikroTik' (9) NAS-IP-Address = 10.1.1.23 (9) Event-Timestamp = 'Jun 26 2015 03:36:52 UTC' (9) server inner-tunnel { (9) session-state: No cached attributes (9) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel (9) authorize { (9) [chap] = noop (9) [mschap] = noop (9) suffix: Checking for suffix after "@" (9) suffix: No '@' in User-Name = "jake", looking up realm NULL (9) suffix: No such realm "NULL" (9) [suffix] = noop (9) update control { (9) &Proxy-To-Realm := LOCAL (9) } # update control = noop (9) eap: Peer sent code Response (2) ID 9 length 6 (9) eap: No EAP Start, assuming it's an on-going EAP conversation (9) [eap] = updated (9) [files] = noop (9) sql: EXPAND %{User-Name} (9) sql: --> jake (9) sql: SQL-User-Name set to 'jake' rlm_sql (sql): Reserved connection (4) (9) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (9) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'jake' ORDER BY id (9) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'jake' ORDER BY id (9) sql: User found in radcheck table (9) sql: Conditional check items matched, merging assignment check items (9) sql: Cleartext-Password := 'fheman123' (9) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id (9) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'jake' ORDER BY id (9) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'jake' ORDER BY id (9) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (9) sql: --> SELECT groupname FROM radusergroup WHERE username = 'jake' ORDER BY priority (9) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'jake' ORDER BY priority (9) sql: User found in the group table (9) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id (9) sql: --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '14kimberleyst' ORDER BY id (9) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '14kimberleyst' ORDER BY id (9) sql: Group "14kimberleyst": Conditional check items matched (9) sql: Group "14kimberleyst": Merging assignment check items (9) sql: Reset-Date := '13' (9) sql: Total-Bytes := '999999999999999999' (9) sql: EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id (9) sql: --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '14kimberleyst' ORDER BY id (9) sql: Executing select query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '14kimberleyst' ORDER BY id (9) sql: Group "14kimberleyst": Merging reply items (9) sql: Session-Timeout := 10800 rlm_sql (sql): Released connection (4) (9) [sql] = ok (9) [expiration] = noop (9) [logintime] = noop (9) pap: WARNING: Auth-Type already set. Not setting to PAP (9) [pap] = noop (9) } # authorize = updated (9) Found Auth-Type = EAP (9) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (9) authenticate { (9) eap: Expiring EAP session with state 0x22b0356023b92f2e (9) eap: Finished EAP session with state 0x22b0356023b92f2e (9) eap: Previous EAP request found for state 0x22b0356023b92f2e, released from the list (9) eap: Peer sent method MSCHAPv2 (26) (9) eap: EAP MSCHAPv2 (26) (9) eap: Calling eap_mschapv2 to process EAP data (9) eap: Freeing handler (9) [eap] = ok (9) } # authenticate = ok (9) # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel (9) post-auth { (9) sql: EXPAND .query (9) sql: --> .query (9) sql: Using query template 'query' rlm_sql (sql): Reserved connection (4) (9) sql: EXPAND %{User-Name} (9) sql: --> jake (9) sql: SQL-User-Name set to 'jake' (9) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') (9) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'jake', '', 'Access-Accept', '2015-06-26 03:36:52') (9) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'jake', '', 'Access-Accept', '2015-06-26 03:36:52') (9) sql: SQL query returned: success (9) sql: 1 record(s) updated rlm_sql (sql): Released connection (4) (9) [sql] = ok (9) update { (9) &outer.session-state:Session-Timeout += &reply:Session-Timeout -> 10800 (9) &outer.session-state:MS-MPPE-Encryption-Policy += &reply:MS-MPPE-Encryption-Policy -> Encryption-Allowed (9) &outer.session-state:MS-MPPE-Encryption-Types += &reply:MS-MPPE-Encryption-Types -> RC4-40or128-bit-Allowed (9) &outer.session-state:MS-MPPE-Send-Key += &reply:MS-MPPE-Send-Key -> 0x89180aba877672b89e8af47487914f88 (9) &outer.session-state:MS-MPPE-Recv-Key += &reply:MS-MPPE-Recv-Key -> 0xeb1d86612d6cfa12c45d9dfa87f470d1 (9) &outer.session-state:EAP-Message += &reply:EAP-Message -> 0x03090004 (9) &outer.session-state:Message-Authenticator += &reply:Message-Authenticator -> 0x00000000000000000000000000000000 (9) &outer.session-state:User-Name += &reply:User-Name -> jake (9) } # update = noop (9) update outer.session-state { (9) MS-MPPE-Encryption-Policy !* ANY (9) MS-MPPE-Encryption-Types !* ANY (9) MS-MPPE-Send-Key !* ANY (9) MS-MPPE-Recv-Key !* ANY (9) Message-Authenticator !* ANY (9) EAP-Message !* ANY (9) Proxy-State !* ANY (9) } # update outer.session-state = noop (9) } # post-auth = ok (9) } # server inner-tunnel (9) Virtual server sending reply (9) Session-Timeout = 10800 (9) MS-MPPE-Encryption-Policy = Encryption-Allowed (9) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (9) MS-MPPE-Send-Key = 0x89180aba877672b89e8af47487914f88 (9) MS-MPPE-Recv-Key = 0xeb1d86612d6cfa12c45d9dfa87f470d1 (9) EAP-Message = 0x03090004 (9) Message-Authenticator = 0x00000000000000000000000000000000 (9) User-Name = 'jake' (9) eap_peap: Got tunneled reply code 2 (9) eap_peap: Session-Timeout = 10800 (9) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed (9) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (9) eap_peap: MS-MPPE-Send-Key = 0x89180aba877672b89e8af47487914f88 (9) eap_peap: MS-MPPE-Recv-Key = 0xeb1d86612d6cfa12c45d9dfa87f470d1 (9) eap_peap: EAP-Message = 0x03090004 (9) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (9) eap_peap: User-Name = 'jake' (9) eap_peap: Got tunneled reply RADIUS code 2 (9) eap_peap: Session-Timeout = 10800 (9) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed (9) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (9) eap_peap: MS-MPPE-Send-Key = 0x89180aba877672b89e8af47487914f88 (9) eap_peap: MS-MPPE-Recv-Key = 0xeb1d86612d6cfa12c45d9dfa87f470d1 (9) eap_peap: EAP-Message = 0x03090004 (9) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (9) eap_peap: User-Name = 'jake' (9) eap_peap: Tunneled authentication was successful (9) eap_peap: SUCCESS (9) eap_peap: Saving tunneled attributes for later (9) eap: EAP session adding &reply:State = 0x2ae8af4423e2b652 (9) [eap] = handled (9) } # authenticate = handled (9) Using Post-Auth-Type Challenge (9) Post-Auth-Type sub-section not found. Ignoring. (9) # Executing group from file /etc/freeradius/sites-enabled/default (9) session-state: Saving cached attributes (9) Session-Timeout += 10800 (9) User-Name += 'jake' (9) Sent Access-Challenge Id 250 from 172.17.0.68:1812 to 203.59.132.253:51671 length 0 (9) EAP-Message = 0x010a002b190017030100209ffa89db62ad66cc4ddee6a4a1950f7ef37a98001a17f318cb0b6beb1492a1e0 (9) Message-Authenticator = 0x00000000000000000000000000000000 (9) State = 0x2ae8af4423e2b6526f505f86b4932430 (9) Finished request Waking up in 3.9 seconds. (10) Received Access-Request Id 251 from 203.59.132.253:49242 to 172.17.0.68:1812 length 274 (10) Service-Type = Framed-User (10) Framed-MTU = 1400 (10) User-Name = 'jake' (10) State = 0x2ae8af4423e2b6526f505f86b4932430 (10) NAS-Port-Id = 'wlan4' (10) NAS-Port-Type = Wireless-802.11 (10) Acct-Session-Id = '82200019' (10) Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18' (10) Calling-Station-Id = 'F8-A9-D0-18-F2-24' (10) Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE' (10) EAP-Message = 0x020a002b1900170301002026447f2d4d239efdc5f79e265525ede34826f132b7d0c5c8874169bacc4ac3a3 (10) Message-Authenticator = 0xa5e90887435c642376fc2a49a006da0b (10) NAS-Identifier = 'MikroTik' (10) NAS-IP-Address = 10.1.1.23 (10) session-state: Found cached attributes (10) Session-Timeout += 10800 (10) User-Name += 'jake' (10) # Executing section authorize from file /etc/freeradius/sites-enabled/default (10) authorize { (10) policy filter_username { (10) if (!&User-Name) { (10) if (!&User-Name) -> FALSE (10) if (&User-Name =~ / /) { (10) if (&User-Name =~ / /) -> FALSE (10) if (&User-Name =~ /@.*@/ ) { (10) if (&User-Name =~ /@.*@/ ) -> FALSE (10) if (&User-Name =~ /\.\./ ) { (10) if (&User-Name =~ /\.\./ ) -> FALSE (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (10) if (&User-Name =~ /\.$/) { (10) if (&User-Name =~ /\.$/) -> FALSE (10) if (&User-Name =~ /@\./) { (10) if (&User-Name =~ /@\./) -> FALSE (10) } # policy filter_username = notfound (10) [preprocess] = ok (10) [chap] = noop (10) [mschap] = noop (10) [digest] = noop (10) suffix: Checking for suffix after "@" (10) suffix: No '@' in User-Name = "jake", looking up realm NULL (10) suffix: No such realm "NULL" (10) [suffix] = noop (10) eap: Peer sent code Response (2) ID 10 length 43 (10) eap: Continuing tunnel setup (10) [eap] = ok (10) } # authorize = ok (10) Found Auth-Type = EAP (10) # Executing group from file /etc/freeradius/sites-enabled/default (10) authenticate { (10) eap: Expiring EAP session with state 0x2ae8af4423e2b652 (10) eap: Finished EAP session with state 0x2ae8af4423e2b652 (10) eap: Previous EAP request found for state 0x2ae8af4423e2b652, released from the list (10) eap: Peer sent method PEAP (25) (10) eap: EAP PEAP (25) (10) eap: Calling eap_peap to process EAP data (10) eap_peap: processing EAP-TLS (10) eap_peap: eaptls_verify returned 7 (10) eap_peap: Done initial handshake (10) eap_peap: eaptls_process returned 7 (10) eap_peap: FR_TLS_OK (10) eap_peap: Session established. Decoding tunneled attributes (10) eap_peap: PEAP state send tlv success (10) eap_peap: Received EAP-TLV response (10) eap_peap: Success (10) eap_peap: Using saved attributes from the original Access-Accept (10) eap_peap: Session-Timeout = 10800 (10) eap_peap: User-Name = 'jake' (10) eap_peap: Saving session f8318cccbe262c0e3e6529d8f49d6f94bb3d20480c225789496ecaf88b6d23bb vps 0x18cb740 in the cache (10) eap: Freeing handler (10) [eap] = ok (10) } # authenticate = ok (10) # Executing section post-auth from file /etc/freeradius/sites-enabled/default (10) post-auth { (10) update { (10) &reply:Session-Timeout += &session-state:Session-Timeout -> 10800 (10) &reply:User-Name += &session-state:User-Name -> jake (10) } # update = noop (10) sql: EXPAND .query (10) sql: --> .query (10) sql: Using query template 'query' rlm_sql (sql): Reserved connection (4) (10) sql: EXPAND %{User-Name} (10) sql: --> jake (10) sql: SQL-User-Name set to 'jake' (10) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') (10) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'jake', '', 'Access-Accept', '2015-06-26 03:36:52') (10) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'jake', '', 'Access-Accept', '2015-06-26 03:36:52') (10) sql: SQL query returned: success (10) sql: 1 record(s) updated rlm_sql (sql): Released connection (4) (10) [sql] = ok (10) [exec] = noop (10) policy remove_reply_message_if_eap { (10) if (&reply:EAP-Message && &reply:Reply-Message) { (10) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (10) else { (10) [noop] = noop (10) } # else = noop (10) } # policy remove_reply_message_if_eap = noop (10) } # post-auth = ok (10) Sent Access-Accept Id 251 from 172.17.0.68:1812 to 203.59.132.253:49242 length 0 (10) Session-Timeout = 10800 (10) User-Name = 'jake' (10) MS-MPPE-Recv-Key = 0xe5deb546fc8f6e00acdf29b623d95704d2ed1020f037955b5200e47def068653 (10) MS-MPPE-Send-Key = 0x1c0c6d0296a173ab78c88bae351114f84de5cdc9386cbb1dc93bb9ff188d29ef (10) EAP-Message = 0x030a0004 (10) Message-Authenticator = 0x00000000000000000000000000000000 (10) Session-Timeout += 10800 (10) User-Name += 'jake' (10) Finished request Waking up in 3.8 seconds. (11) Received Accounting-Request Id 252 from 203.59.132.253:49829 to 172.17.0.68:1813 length 205 (11) Service-Type = Framed-User (11) NAS-Port-Id = 'wlan4' (11) NAS-Port-Type = Wireless-802.11 (11) User-Name = 'jake' (11) Acct-Session-Id = '82200019' (11) Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18' (11) Calling-Station-Id = 'F8-A9-D0-18-F2-24' (11) Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE' (11) Acct-Authentic = RADIUS (11) Acct-Status-Type = Start (11) NAS-Identifier = 'MikroTik' (11) Acct-Delay-Time = 0 (11) NAS-IP-Address = 10.1.1.23 (11) # Executing section preacct from file /etc/freeradius/sites-enabled/default (11) preacct { (11) [preprocess] = ok (11) policy acct_unique { (11) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) { (11) EXPAND %{string:Class} (11) --> (11) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) -> FALSE (11) else { (11) update request { (11) EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} (11) --> fbad663f9e23f248b243af3297e4a26d (11) &Acct-Unique-Session-Id := fbad663f9e23f248b243af3297e4a26d (11) } # update request = noop (11) } # else = noop (11) } # policy acct_unique = noop (11) suffix: Checking for suffix after "@" (11) suffix: No '@' in User-Name = "jake", looking up realm NULL (11) suffix: No such realm "NULL" (11) [suffix] = noop (11) [files] = noop (11) } # preacct = ok (11) # Executing section accounting from file /etc/freeradius/sites-enabled/default (11) accounting { (11) detail: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d (11) detail: --> /var/log/freeradius/radacct/ 203.59.132.253/detail-20150626 (11) detail: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/203.59.132.253/detail-20150626 (11) detail: EXPAND %t (11) detail: --> Fri Jun 26 03:36:52 2015 (11) [detail] = ok (11) [unix] = ok (11) sql: EXPAND %{tolower:type.%{Acct-Status-Type}.query} (11) sql: --> type.start.query (11) sql: Using query template 'query' rlm_sql (sql): Reserved connection (4) (11) sql: EXPAND %{User-Name} (11) sql: --> jake (11) sql: SQL-User-Name set to 'jake' (11) sql: EXPAND INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype,acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp}), FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}') (11) sql: --> INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype,acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('82200019', 'fbad663f9e23f248b243af3297e4a26d', 'jake', '', '10.1.1.23', '', 'Wireless-802.11', FROM_UNIXTIME(1435289812), FROM_UNIXTIME(1435289812), NULL, '0', 'RADIUS', '', '', '0', '0', '02-0C-42-B7-A9-5E:GRACE UPON GRACE', 'F8-A9-D0-18-F2-24', '', 'Framed-User', '', '') (11) sql: Executing query: INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('82200019', 'fbad663f9e23f248b243af3297e4a26d', 'jake', '', '10.1.1.23', '', 'Wireless-802.11', FROM_UNIXTIME(1435289812), FROM_UNIXTIME(1435289812), NULL, '0', 'RADIUS', '', '', '0', '0', '02-0C-42-B7-A9-5E:GRACE UPON GRACE', 'F8-A9-D0-18-F2-24', '', 'Framed-User', '', '') (11) sql: SQL query returned: success (11) sql: 1 record(s) updated rlm_sql (sql): Released connection (4) (11) [sql] = ok (11) [exec] = noop (11) attr_filter.accounting_response: EXPAND %{User-Name} (11) attr_filter.accounting_response: --> jake (11) attr_filter.accounting_response: Matched entry DEFAULT at line 15 (11) [attr_filter.accounting_response] = updated (11) } # accounting = updated (11) Sent Accounting-Response Id 252 from 172.17.0.68:1813 to 203.59.132.253:49829 length 0 (11) Finished request (11) <done>: Cleaning up request packet ID 252 with timestamp +10 Waking up in 3.7 seconds. (0) <done>: Cleaning up request packet ID 241 with timestamp +9 Waking up in 0.1 seconds. (1) <done>: Cleaning up request packet ID 242 with timestamp +9 Waking up in 0.1 seconds. (2) <done>: Cleaning up request packet ID 243 with timestamp +9 Waking up in 0.1 seconds. (3) <done>: Cleaning up request packet ID 244 with timestamp +9 Waking up in 0.1 seconds. (4) <done>: Cleaning up request packet ID 245 with timestamp +9 Waking up in 0.1 seconds. (5) <done>: Cleaning up request packet ID 246 with timestamp +9 Waking up in 0.1 seconds. (6) <done>: Cleaning up request packet ID 247 with timestamp +10 (7) <done>: Cleaning up request packet ID 248 with timestamp +10 Waking up in 0.1 seconds. (8) <done>: Cleaning up request packet ID 249 with timestamp +10 Waking up in 0.1 seconds. (9) <done>: Cleaning up request packet ID 250 with timestamp +10 Waking up in 0.1 seconds. (10) <done>: Cleaning up request packet ID 251 with timestamp +10 Ready to process requests On 26 June 2015 at 11:33, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
On 25 Jun 2015, at 23:21, Jake He <jake.he@gmail.com> wrote:
Hi,
I have a problem where Attribute MT-Recv-Limit is returned in Access-Challenge but not in Access-Accept.
This is my setup. FR 3.0.8
I have configured following in the eap.conf file in the ttls section :
copy_request_to_tunnel = yes use_tunneled_reply = yes virtual_server = "inner-tunnel"
/etc/freeradius/sites-available/inner-tunnel. post-auth block,
uncommented.
update { &outer.session-state: += &reply: }
update outer.session-state {
MS-MPPE-Encryption-Policy !* ANY
MS-MPPE-Encryption-Types !* ANY
MS-MPPE-Send-Key !* ANY
MS-MPPE-Recv-Key !* ANY
Message-Authenticator !* ANY
EAP-Message !* ANY
Proxy-State !* ANY
}
I have a fixed radreply attribute Session-Timeout in the database. This
is
sent in the Access-Accept.
MT-Recv-Limit is sent by a perl script < https://raw.githubusercontent.com/zhex900/radius-config/master/version.3/mod... . This script add a new radreply $RAD_REPLY{'Mikrotik-Recv-Limit'}. This is called in the site-available/default authorize block. Mikrotik-Recv-Limit does appear in the Access-Challenge but not in the Access-Accept.
Any ideas?
Not really, seeing as you've not provided the debug output...
-Arran
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html