rad_recv: Access-Request packet from host 10.200.30.210 port 32773, id=204, length=156
User-Name = "kenolsen"
NAS-IP-Address = 10.200.30.210
NAS-Port = 0
Called-Station-Id = "00-18-0A-22-81-F0:OIP WiFi"
Calling-Station-Id = "74-E1-B6-BA-72-0C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x0200000d016b656e6f6c73656e
Message-Authenticator = 0xd48e676b8975dc40ae0b7df8b5b866de
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "kenolsen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[sql] expand: %{User-Name} -> kenolsen
[sql] sql_set_user escaped user --> 'kenolsen'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'kenolsen' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'kenolsen' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'kenolsen' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'ext_kenneth' ORDER BY id
[sql] User found in group ext_kenneth
[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'ext_kenneth' ORDER BY id
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 204 to 10.200.30.210 port 32773
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1074"
Tunnel-Type:0 = VLAN
Filter-Id = "ext_kenneth"
EAP-Message = 0x010100061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x89791f5d897806e31f4b857d445452c2
Finished request 54.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.200.30.210 port 32773, id=205, length=313
User-Name = "kenolsen"
NAS-IP-Address = 10.200.30.210
NAS-Port = 0
Called-Station-Id = "00-18-0A-22-81-F0:OIP WiFi"
Calling-Station-Id = "74-E1-B6-BA-72-0C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x0201009819800000008e1603010089010000850301537328e57ad8721aaca3a6e92b0dfa868dc69e9f05858f21fa893789b2fe20ba00004a00ffc024c023c00ac009c007c008c028c027c014c013c011c012c026c025c02ac029c005c004c002c003c00fc00ec00cc00d003d003c002f000500040035000a0067006b00330039001601000012000a00080006001700180019000b00020100
State = 0x89791f5d897806e31f4b857d445452c2
Message-Authenticator = 0x2b88d5e0c5c86dcfdf2b1c4b2e27a56e
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "kenolsen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 152
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 142
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0089], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0039], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 02cc], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
[peap] TLS_accept: SSLv3 write key exchange A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 205 to 10.200.30.210 port 32773
EAP-Message = 0x0102040019c00000046816030100390200003503011dad871036647c20b8574e35f71995aa73797edcbcd01dbd667dbb48258497c400c01400000dff01000100000b00040300010216030102cc0b0002c80002c50002c2308202be308201a6a003020102020900ac021e13336fac03300d06092a864886f70d01010b05003017311530130603550403130c7562756e7475726164697573301e170d3134303530323138333731345a170d3234303432393138333731345a3017311530130603550403130c7562756e747572616469757330820122300d06092a864886f70d01010105000382010f003082010a0282010100e9581f74a35280ab518c25b5
EAP-Message = 0xcedba6c81f8e235b9762f71f084d32dd193caec09e5e4f237129f9dcd168c2f104b3aa27b511d0fe14bb4222b06c69772b1cb445f713576c2094247dac23ba523a5acc3217d810d26baed3e362d8209183eb75e86f8a726388b373c21edbf43d14b94e356d21572b43da914c882531dd68ebf2c5abfd330ff2eac4cab9af33e79a1be14dbeaf61965580bdac6527cb3beea804131f3f87ae30b8fbf812aaa8f042958a54147a9968c13403f0f11477fc022faadf92a1894b97a6f7cc0c4074542ff88c2db4954dddde11d6bcc8b8cf53386ff8e4434dccac5ee39de63d7ca627f45cf0c30e8404cc37e5ed41907b7d584d29e9330203010001a30d300b
EAP-Message = 0x30090603551d1304023000300d06092a864886f70d01010b050003820101002ac1663a6516b752f429fad02eaec1d3eb6c3a346e0c42e809a390d388227558ff65d362bf5551c985abdf3709fd5e6cc5462e3f2df1ebf7eb6cd9e7580f8a47d788bd4b6a9fcb1dcb16c9451659db29e6794cf00cdfd798fff297fcdd1a52597b01ef8c9b463eef515239afe718675cbcc11467fad707e84a965836f78c32dcb49f0f56951a9324193b0f5e3d034d11a714d2d05f7d2169765d2eabc9f4fefed46647a4a949ec29de522c61e0fb3e13c71a344d682f8ea53d52d0108d29c111bdaf08d61b4b12120396125d3669c3dba106a763ff0e80764501f0f630c1
EAP-Message = 0x9a673296a8ab4a178b902ad27f84e8bc51d4776804d752c5491a208a1ba790d8b2bc160301014b0c00014703001741044bea19b4123a8e1f813f354c371e53837bd59da7a923ef7fed1e5d7136392f19bcfbab3e4d9a3a535ca592e441b1287e930887c61729d0723d3e8eef4d28176b0100a78741c2fa11e1a58504346f8e14532adadd6226e7b33545f3ed2d8720a4f383cdd5c038b145c784df485d676a9abaecc3142e616b3942d1a819353c4948e46c19eac709fe009a185fdce3746562c6d057e7fe1aed08bac2ccd1562c9a70b788a1fd5660155a015c32aecbea077cfc324eb2e6a7128997f8aaf61a164a67b516bc75271237db76b6a1d514
EAP-Message = 0x72a1101e42f39faa95f47a5a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x89791f5d887b06e31f4b857d445452c2
Finished request 55.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.200.30.210 port 32773, id=206, length=167
User-Name = "kenolsen"
NAS-IP-Address = 10.200.30.210
NAS-Port = 0
Called-Station-Id = "00-18-0A-22-81-F0:OIP WiFi"
Calling-Station-Id = "74-E1-B6-BA-72-0C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x020200061900
State = 0x89791f5d887b06e31f4b857d445452c2
Message-Authenticator = 0x394037ddb3b0fdbf46f42ae3223d445d
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "kenolsen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 206 to 10.200.30.210 port 32773
EAP-Message = 0x0103007819003732e9439005ca9b383b2a85d0436a86416a80f59fbf23cff4e758bb28b07ef6affd47dae2d117d4610cd53941468ae58ac04790c46df96846a2fe3a5be146588cab8a994df221155ca0a716de3ba5b3eee7f5618946e8286d197e26ee0c4fc8923e2af5e06d0747fb16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x89791f5d8b7a06e31f4b857d445452c2
Finished request 56.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.200.30.210 port 32773, id=207, length=305
User-Name = "kenolsen"
NAS-IP-Address = 10.200.30.210
NAS-Port = 0
Called-Station-Id = "00-18-0A-22-81-F0:OIP WiFi"
Calling-Station-Id = "74-E1-B6-BA-72-0C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x0203009019800000008616030100461000004241045594ec9c45c56983087ee7f91eaaaefaa65032b687010df247207f6a0cd8005dfa15648f7b7ff91d885851d7f8ee0653653ae7e6b281c4927bd53394496befe7140301000101160301003029a2298cd0bacb7b20b4b1829a7629dd304c854359504524bf4fd6a4813e56b479b0f4ee5496d102d39ffb9703c40189
State = 0x89791f5d8b7a06e31f4b857d445452c2
Message-Authenticator = 0xc50f2f7b4a32a29dda8f343ced424816
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "kenolsen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 144
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 134
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 207 to 10.200.30.210 port 32773
EAP-Message = 0x01040041190014030100010116030100308fe191de88bb7fea6f8ee608099440717fbf95bfcbda0f10edbcdec19613b0bb609f1a046dbcbf60202dca0fb7fbd104
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x89791f5d8a7d06e31f4b857d445452c2
Finished request 57.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.200.30.210 port 32773, id=208, length=167
User-Name = "kenolsen"
NAS-IP-Address = 10.200.30.210
NAS-Port = 0
Called-Station-Id = "00-18-0A-22-81-F0:OIP WiFi"
Calling-Station-Id = "74-E1-B6-BA-72-0C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x020400061900
State = 0x89791f5d8a7d06e31f4b857d445452c2
Message-Authenticator = 0xcb9d2a18897c7f67f1763c2c11e11a0f
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "kenolsen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 208 to 10.200.30.210 port 32773
EAP-Message = 0x0105002b19001703010020d91162c1d81bf6ab6e5d8621dea9fe70392b1202506d88628bc0f14a27aa7918
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x89791f5d8d7c06e31f4b857d445452c2
Finished request 58.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.200.30.210 port 32773, id=209, length=204
User-Name = "kenolsen"
NAS-IP-Address = 10.200.30.210
NAS-Port = 0
Called-Station-Id = "00-18-0A-22-81-F0:OIP WiFi"
Calling-Station-Id = "74-E1-B6-BA-72-0C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x0205002b19001703010020fa27eeccbbc2bd134e39ae7caba12b8d0f18105d7977c3aff8ab6f988f7726b6
State = 0x89791f5d8d7c06e31f4b857d445452c2
Message-Authenticator = 0xeeb9b317c2e9c14168d5e08e8858071a
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "kenolsen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - kenolsen
[peap] Got inner identity 'kenolsen'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message = 0x0205000d016b656e6f6c73656e
server {
[peap] Setting User-Name to kenolsen
Sending tunneled request
EAP-Message = 0x0205000d016b656e6f6c73656e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "kenolsen"
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "kenolsen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 5 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} -> kenolsen
[sql] sql_set_user escaped user --> 'kenolsen'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'kenolsen' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'kenolsen' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'kenolsen' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'ext_kenneth' ORDER BY id
[sql] User found in group ext_kenneth
[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'ext_kenneth' ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1074"
Tunnel-Type:0 = VLAN
Filter-Id = "ext_kenneth"
EAP-Message = 0x010600221a0106001d10256bbeb94704e7c7167dca04979c1e626b656e6f6c73656e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf91b84c8f91d9eac41ebdf4972430c9b
[peap] Got tunneled reply RADIUS code 11
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1074"
Tunnel-Type:0 = VLAN
Filter-Id = "ext_kenneth"
EAP-Message = 0x010600221a0106001d10256bbeb94704e7c7167dca04979c1e626b656e6f6c73656e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf91b84c8f91d9eac41ebdf4972430c9b
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 209 to 10.200.30.210 port 32773
EAP-Message = 0x0106004b1900170301004064907aed054cfeccb100a980d466367158a766137fa38a3068cd4b89bb7ecba7a1b1c77482d4827899cf0ff2145ccfff18987b4c1e92a5268799359040077654
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x89791f5d8c7f06e31f4b857d445452c2
Finished request 59.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.200.30.210 port 32773, id=210, length=268
User-Name = "kenolsen"
NAS-IP-Address = 10.200.30.210
NAS-Port = 0
Called-Station-Id = "00-18-0A-22-81-F0:OIP WiFi"
Calling-Station-Id = "74-E1-B6-BA-72-0C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x0206006b19001703010060336b6f124c1b571e2aa169389df561909bcfe7039f1f5a03234de50d80091740d49cd8c1e099318e4835407bd6a2071c01b80b6c46dc5e94601079e89d199e4f165c6e809af34374a53cc1c74313f5881138c09aa0eb44614de08c05df47154f
State = 0x89791f5d8c7f06e31f4b857d445452c2
Message-Authenticator = 0x29f944cc1f7f6e54d5a07ba3303542f6
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "kenolsen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 107
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020600431a0206003e318e2efd553869920b66176b5c5ed263d0000000000000000070b6121e45b577d6fddc595bd0eeac6640904df533a6bee3006b656e6f6c73656e
server {
[peap] Setting User-Name to kenolsen
Sending tunneled request
EAP-Message = 0x020600431a0206003e318e2efd553869920b66176b5c5ed263d0000000000000000070b6121e45b577d6fddc595bd0eeac6640904df533a6bee3006b656e6f6c73656e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "kenolsen"
State = 0xf91b84c8f91d9eac41ebdf4972430c9b
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "kenolsen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 6 length 67
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} -> kenolsen
[sql] sql_set_user escaped user --> 'kenolsen'
rlm_sql (sql): Reserving sql socket id: 0
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'kenolsen' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'kenolsen' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'kenolsen' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'ext_kenneth' ORDER BY id
[sql] User found in group ext_kenneth
[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'ext_kenneth' ORDER BY id
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username: kenolsen
[mschap] Told to do MS-CHAPv2 for kenolsen with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1074"
Tunnel-Type:0 = VLAN
Filter-Id = "ext_kenneth"
EAP-Message = 0x010700331a0306002e533d36434246424633333039373935433938383538433438363934394637313233344535424545323237
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf91b84c8f81c9eac41ebdf4972430c9b
[peap] Got tunneled reply RADIUS code 11
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1074"
Tunnel-Type:0 = VLAN
Filter-Id = "ext_kenneth"
EAP-Message = 0x010700331a0306002e533d36434246424633333039373935433938383538433438363934394637313233344535424545323237
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf91b84c8f81c9eac41ebdf4972430c9b
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 210 to 10.200.30.210 port 32773
EAP-Message = 0x0107005b19001703010050ad29dd793787e29fa7a506c5989bf283b193cff7502e0dd8fd52f5d180c0bc5615c76d86b2bd5e2260dff9ffb2a8aae8b5ff443dd30bff2a9fded9dfe79c9b0296b16d23e23ee6bdebb261ffc64acc65
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x89791f5d8f7e06e31f4b857d445452c2
Finished request 60.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.200.30.210 port 32773, id=211, length=204
User-Name = "kenolsen"
NAS-IP-Address = 10.200.30.210
NAS-Port = 0
Called-Station-Id = "00-18-0A-22-81-F0:OIP WiFi"
Calling-Station-Id = "74-E1-B6-BA-72-0C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x0207002b19001703010020a0b3ebc1fad29d64094462a34bd388d1296a2a1d89c6e32a740f4f0449c1bdd8
State = 0x89791f5d8f7e06e31f4b857d445452c2
Message-Authenticator = 0x8e4244440c13ad3141e4c5d5f38de28d
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "kenolsen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020700061a03
server {
[peap] Setting User-Name to kenolsen
Sending tunneled request
EAP-Message = 0x020700061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "kenolsen"
State = 0xf91b84c8f81c9eac41ebdf4972430c9b
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "kenolsen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 7 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} -> kenolsen
[sql] sql_set_user escaped user --> 'kenolsen'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'kenolsen' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'kenolsen' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'kenolsen' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'ext_kenneth' ORDER BY id
[sql] User found in group ext_kenneth
[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'ext_kenneth' ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-auth {...}
[sql] expand: %{User-Name} -> kenolsen
[sql] sql_set_user escaped user --> 'kenolsen'
[sql] expand: %{User-Password} ->
[sql] ... expanding second conditional
[sql] expand: %{Chap-Password} ->
[sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'kenolsen', '', 'Access-Accept', '2014-05-14 10:27:17')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'kenolsen', '', 'Access-Accept', '2014-05-14 10:27:17')
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
} # server inner-tunnel
[peap] Got tunneled reply code 2
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1074"
Tunnel-Type:0 = VLAN
Filter-Id = "ext_kenneth"
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
MS-MPPE-Send-Key = 0x292b03d1d71d918f92a7a1c71d3947da
MS-MPPE-Recv-Key = 0x85063f06d1fd87ecf9a50aba1f5de2c1
EAP-Message = 0x03070004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "kenolsen"
[peap] Got tunneled reply RADIUS code 2
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1074"
Tunnel-Type:0 = VLAN
Filter-Id = "ext_kenneth"
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
MS-MPPE-Send-Key = 0x292b03d1d71d918f92a7a1c71d3947da
MS-MPPE-Recv-Key = 0x85063f06d1fd87ecf9a50aba1f5de2c1
EAP-Message = 0x03070004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "kenolsen"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 211 to 10.200.30.210 port 32773
EAP-Message = 0x0108002b19001703010020cd3aca9070802ab7d205d353bd0e2a804426053fbf6136b5dbf3d6b501c3123d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x89791f5d8e7106e31f4b857d445452c2
Finished request 61.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.200.30.210 port 32773, id=212, length=204
User-Name = "kenolsen"
NAS-IP-Address = 10.200.30.210
NAS-Port = 0
Called-Station-Id = "00-18-0A-22-81-F0:OIP WiFi"
Calling-Station-Id = "74-E1-B6-BA-72-0C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x0208002b19001703010020d04c58c70d255ea291896a91cccaddb422002fa0744b17c8cf87e32e0c64f2e3
State = 0x89791f5d8e7106e31f4b857d445452c2
Message-Authenticator = 0x6719a85861f6424e1e18d6a1fe2bc9c6
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "kenolsen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
[sql] expand: %{User-Name} -> kenolsen
[sql] sql_set_user escaped user --> 'kenolsen'
[sql] expand: %{User-Password} ->
[sql] ... expanding second conditional
[sql] expand: %{Chap-Password} ->
[sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'kenolsen', '', 'Access-Accept', '2014-05-14 10:27:17')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'kenolsen', '', 'Access-Accept', '2014-05-14 10:27:17')
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 212 to 10.200.30.210 port 32773
MS-MPPE-Recv-Key = 0xf711f46ef6d9c788413cf7c8eed91729daeadf901d63a58c1f89a3d06452eb73
MS-MPPE-Send-Key = 0x0513d5a68982c335ec6b23cb6e805f2bc8e22b03ee0f1bc0bbdc324970f31779
EAP-Message = 0x03080004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "kenolsen"
Finished request 62.
Going to the next request
Waking up in 4.8 seconds.
Cleaning up request 54 ID 204 with timestamp +3210
Cleaning up request 55 ID 205 with timestamp +3210
Cleaning up request 56 ID 206 with timestamp +3210
Cleaning up request 57 ID 207 with timestamp +3210
Cleaning up request 58 ID 208 with timestamp +3210
Cleaning up request 59 ID 209 with timestamp +3210
Cleaning up request 60 ID 210 with timestamp +3210
Cleaning up request 61 ID 211 with timestamp +3210
Cleaning up request 62 ID 212 with timestamp +3210
Ready to process requests.
Regards
Jan-Ivar