Yes. Alan DeKok.
Thank you for your answer. I am still stuck with the problem. The radius server just does not want to send me the attributes. I suspect a problem with the inner-tunnel. Maybe you could help me here? Ready to process requests (0) Received Access-Request Id 131 from 10.30.156.65:37368 to 10.15.0.136:1812 length 217 (0) User-Name = "5001" (0) NAS-IP-Address = 10.30.156.65 (0) NAS-Identifier = "c0e4000b1733" (0) Called-Station-Id = "C0-E4-00-0B-17-33:TestAuth" (0) NAS-Port-Type = Wireless-802.11 (0) Service-Type = Framed-User (0) Calling-Station-Id = "F6-1C-00-0B-07-03" (0) Connect-Info = "CONNECT 0Mbps 802.11b" (0) Acct-Session-Id = "212F019475EE742B" (0) Acct-Multi-Session-Id = "140719517FC880F8" (0) WLAN-Pairwise-Cipher = 1027076 (0) WLAN-Group-Cipher = 1027076 (0) WLAN-AKM-Suite = 1027073 (0) Framed-MTU = 1400 (0) EAP-Message = 0x026200090135303031 (0) Message-Authenticator = 0x40c853e732061fe7ef8b834200e86e85 (0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "5001", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) policy rewrite_calling_station_id { (0) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (0) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE (0) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (0) update request { (0) EXPAND %{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}} (0) --> F6-1C-00-0B-07-03 (0) &Calling-Station-Id := F6-1C-00-0B-07-03 (0) } # update request = noop (0) [updated] = updated (0) } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated (0) ... skipping else: Preceding "if" was taken (0) } # policy rewrite_calling_station_id = updated (0) eap: Peer sent EAP Response (code 2) ID 98 length 9 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = eap (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (0) authenticate { (0) eap: Peer sent packet with method EAP Identity (1) (0) eap: Calling submodule eap_pwd to process data (0) eap: Sending EAP Request (code 1) ID 99 length 46 (0) eap: EAP session adding &reply:State = 0x7746780c77254c9b (0) [eap] = handled (0) } # authenticate = handled (0) Using Post-Auth-Type Challenge (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (0) Challenge { ... } # empty sub-section is ignored (0) Sent Access-Challenge Id 131 from 10.15.0.136:1812 to 10.30.156.65:37368 length 0 (0) EAP-Message = 0x0163002e340100130101f04ae61e0066726565726164697573407372762d667265657261646975732d7664686f74 (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0x7746780c77254c9bc64706082ad8092a (0) Finished request Waking up in 4.9 seconds. (1) Received Access-Request Id 132 from 10.30.156.65:37368 to 10.15.0.136:1812 length 245 (1) User-Name = "5001" (1) NAS-IP-Address = 10.30.156.65 (1) NAS-Identifier = "c0e4000b1733" (1) Called-Station-Id = "C0-E4-00-0B-17-33:TestAuth" (1) NAS-Port-Type = Wireless-802.11 (1) Service-Type = Framed-User (1) Calling-Station-Id = "F6-1C-00-0B-07-03" (1) Connect-Info = "CONNECT 0Mbps 802.11b" (1) Acct-Session-Id = "212F019475EE742B" (1) Acct-Multi-Session-Id = "140719517FC880F8" (1) WLAN-Pairwise-Cipher = 1027076 (1) WLAN-Group-Cipher = 1027076 (1) WLAN-AKM-Suite = 1027073 (1) Framed-MTU = 1400 (1) EAP-Message = 0x02630013340100130101f04ae61e0035303031 (1) State = 0x7746780c77254c9bc64706082ad8092a (1) Message-Authenticator = 0x7b79b35ea1f61596294cd984d984b446 (1) session-state: No cached attributes (1) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (1) authorize { (1) policy filter_username { (1) if (&User-Name) { (1) if (&User-Name) -> TRUE (1) if (&User-Name) { (1) if (&User-Name =~ / /) { (1) if (&User-Name =~ / /) -> FALSE (1) if (&User-Name =~ /@[^@]*@/ ) { (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (1) if (&User-Name =~ /\.\./ ) { (1) if (&User-Name =~ /\.\./ ) -> FALSE (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (1) if (&User-Name =~ /\.$/) { (1) if (&User-Name =~ /\.$/) -> FALSE (1) if (&User-Name =~ /@\./) { (1) if (&User-Name =~ /@\./) -> FALSE (1) } # if (&User-Name) = notfound (1) } # policy filter_username = notfound (1) [preprocess] = ok (1) suffix: Checking for suffix after "@" (1) suffix: No '@' in User-Name = "5001", looking up realm NULL (1) suffix: No such realm "NULL" (1) [suffix] = noop (1) policy rewrite_calling_station_id { (1) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (1) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE (1) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (1) update request { (1) EXPAND %{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}} (1) --> F6-1C-00-0B-07-03 (1) &Calling-Station-Id := F6-1C-00-0B-07-03 (1) } # update request = noop (1) [updated] = updated (1) } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated (1) ... skipping else: Preceding "if" was taken (1) } # policy rewrite_calling_station_id = updated (1) eap: Peer sent EAP Response (code 2) ID 99 length 19 (1) eap: No EAP Start, assuming it's an on-going EAP conversation (1) [eap] = updated (1) } # authorize = updated (1) Found Auth-Type = eap (1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (1) authenticate { (1) eap: Expiring EAP session with state 0x7746780c77254c9b (1) eap: Finished EAP session with state 0x7746780c77254c9b (1) eap: Previous EAP request found for state 0x7746780c77254c9b, released from the list (1) eap: Peer sent packet with method EAP PWD (52) (1) eap: Calling submodule eap_pwd to process data (1) eap_pwd: Sending tunneled request (1) eap_pwd: User-Name = "5001" (1) eap_pwd: server inner-tunnel { (1) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (1) authorize { (1) policy filter_username { (1) if (&User-Name) { (1) if (&User-Name) -> TRUE (1) if (&User-Name) { (1) if (&User-Name =~ / /) { (1) if (&User-Name =~ / /) -> FALSE (1) if (&User-Name =~ /@[^@]*@/ ) { (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (1) if (&User-Name =~ /\.\./ ) { (1) if (&User-Name =~ /\.\./ ) -> FALSE (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (1) if (&User-Name =~ /\.$/) { (1) if (&User-Name =~ /\.$/) -> FALSE (1) if (&User-Name =~ /@\./) { (1) if (&User-Name =~ /@\./) -> FALSE (1) } # if (&User-Name) = notfound (1) } # policy filter_username = notfound (1) suffix: Checking for suffix after "@" (1) suffix: No '@' in User-Name = "5001", looking up realm NULL (1) suffix: No such realm "NULL" (1) [suffix] = noop (1) update control { (1) &Proxy-To-Realm := LOCAL (1) } # update control = noop (1) eap: No EAP-Message, not doing EAP (1) [eap] = noop (1) sql: EXPAND %{User-Name} (1) sql: --> 5001 (1) sql: SQL-User-Name set to '5001' rlm_sql (sql): Reserved connection (0) (1) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (1) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '5001' ORDER BY id (1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '5001' ORDER BY id (1) sql: User found in radcheck table (1) sql: Conditional check items matched, merging assignment check items (1) sql: Cleartext-Password := "abc123" (1) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id (1) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = '5001' ORDER BY id (1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = '5001' ORDER BY id (1) sql: User found in radreply table, merging reply items (1) sql: LCS-TxRateLimit = 10500 (1) sql: LCS-RxRateLimit = 3600 (1) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (1) sql: --> SELECT groupname FROM radusergroup WHERE username = '5001' ORDER BY priority (1) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = '5001' ORDER BY priority (1) sql: User not found in any groups rlm_sql (sql): Released connection (0) Need 5 more connections to reach 10 spares rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on 10.15.0.134 via TCP/IP, server version 5.7.30-log, protocol version 10 (1) [sql] = ok (1) [logintime] = noop (1) pap: No User-Password attribute in the request. Cannot do PAP (1) [pap] = noop (1) } # authorize = ok (1) eap_pwd: } # server inner-tunnel (1) eap_pwd: Got tunneled reply code 0 (1) eap_pwd: LCS-TxRateLimit = 10500 (1) eap_pwd: LCS-RxRateLimit = 3600 (1) eap: Sending EAP Request (code 1) ID 100 length 102 (1) eap: EAP session adding &reply:State = 0x7746780c76224c9b (1) [eap] = handled (1) } # authenticate = handled (1) Using Post-Auth-Type Challenge (1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (1) Challenge { ... } # empty sub-section is ignored (1) Sent Access-Challenge Id 132 from 10.15.0.136:1812 to 10.30.156.65:37368 length 0 (1) EAP-Message = 0x016400663402c2210083a3269c8fdc7a59bd8f948c417cf16e9e0766b4ffbb3cebffa97df893a7561900ca1e1919da6a33fa8a92339ec8010b44accf6c9d4a01e427fee1f152720b5b45d4f710ff0996339038c280c217db7061d1b6337ced479ecde0815022 (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) State = 0x7746780c76224c9bc64706082ad8092a (1) Finished request Waking up in 4.9 seconds. (2) Received Access-Request Id 133 from 10.30.156.65:37368 to 10.15.0.136:1812 length 328 (2) User-Name = "5001" (2) NAS-IP-Address = 10.30.156.65 (2) NAS-Identifier = "c0e4000b1733" (2) Called-Station-Id = "C0-E4-00-0B-17-33:TestAuth" (2) NAS-Port-Type = Wireless-802.11 (2) Service-Type = Framed-User (2) Calling-Station-Id = "F6-1C-00-0B-07-03" (2) Connect-Info = "CONNECT 0Mbps 802.11b" (2) Acct-Session-Id = "212F019475EE742B" (2) Acct-Multi-Session-Id = "140719517FC880F8" (2) WLAN-Pairwise-Cipher = 1027076 (2) WLAN-Group-Cipher = 1027076 (2) WLAN-AKM-Suite = 1027073 (2) Framed-MTU = 1400 (2) EAP-Message = 0x026400663402e5ff4eb08991c163fd5128ce39375ab5aacf1e10cbc62d289e9cdec763bd51be0391bf4a4a550cefbd37564819fbee344376feaba44f726566f2f655b714c314c544af8bc9d0149f7fb6565ecbd5083d2f9c57f51431dce45488765ba1c987ea (2) State = 0x7746780c76224c9bc64706082ad8092a (2) Message-Authenticator = 0xa9f3aced80dc79fc22b8af1713a940e0 (2) session-state: No cached attributes (2) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (2) authorize { (2) policy filter_username { (2) if (&User-Name) { (2) if (&User-Name) -> TRUE (2) if (&User-Name) { (2) if (&User-Name =~ / /) { (2) if (&User-Name =~ / /) -> FALSE (2) if (&User-Name =~ /@[^@]*@/ ) { (2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (2) if (&User-Name =~ /\.\./ ) { (2) if (&User-Name =~ /\.\./ ) -> FALSE (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (2) if (&User-Name =~ /\.$/) { (2) if (&User-Name =~ /\.$/) -> FALSE (2) if (&User-Name =~ /@\./) { (2) if (&User-Name =~ /@\./) -> FALSE (2) } # if (&User-Name) = notfound (2) } # policy filter_username = notfound (2) [preprocess] = ok (2) suffix: Checking for suffix after "@" (2) suffix: No '@' in User-Name = "5001", looking up realm NULL (2) suffix: No such realm "NULL" (2) [suffix] = noop (2) policy rewrite_calling_station_id { (2) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (2) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE (2) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (2) update request { (2) EXPAND %{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}} (2) --> F6-1C-00-0B-07-03 (2) &Calling-Station-Id := F6-1C-00-0B-07-03 (2) } # update request = noop (2) [updated] = updated (2) } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated (2) ... skipping else: Preceding "if" was taken (2) } # policy rewrite_calling_station_id = updated (2) eap: Peer sent EAP Response (code 2) ID 100 length 102 (2) eap: No EAP Start, assuming it's an on-going EAP conversation (2) [eap] = updated (2) } # authorize = updated (2) Found Auth-Type = eap (2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (2) authenticate { (2) eap: Expiring EAP session with state 0x7746780c76224c9b (2) eap: Finished EAP session with state 0x7746780c76224c9b (2) eap: Previous EAP request found for state 0x7746780c76224c9b, released from the list (2) eap: Peer sent packet with method EAP PWD (52) (2) eap: Calling submodule eap_pwd to process data (2) eap: Sending EAP Request (code 1) ID 101 length 38 (2) eap: EAP session adding &reply:State = 0x7746780c75234c9b (2) [eap] = handled (2) } # authenticate = handled (2) Using Post-Auth-Type Challenge (2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (2) Challenge { ... } # empty sub-section is ignored (2) Sent Access-Challenge Id 133 from 10.15.0.136:1812 to 10.30.156.65:37368 length 0 (2) EAP-Message = 0x0165002634037466e2384d2efd73818f0e4cdcc666a769a4bc85fe6895a78b0f5fc853d4e5cd (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0x7746780c75234c9bc64706082ad8092a (2) Finished request Waking up in 4.9 seconds. (3) Received Access-Request Id 134 from 10.30.156.65:37368 to 10.15.0.136:1812 length 264 (3) User-Name = "5001" (3) NAS-IP-Address = 10.30.156.65 (3) NAS-Identifier = "c0e4000b1733" (3) Called-Station-Id = "C0-E4-00-0B-17-33:TestAuth" (3) NAS-Port-Type = Wireless-802.11 (3) Service-Type = Framed-User (3) Calling-Station-Id = "F6-1C-00-0B-07-03" (3) Connect-Info = "CONNECT 0Mbps 802.11b" (3) Acct-Session-Id = "212F019475EE742B" (3) Acct-Multi-Session-Id = "140719517FC880F8" (3) WLAN-Pairwise-Cipher = 1027076 (3) WLAN-Group-Cipher = 1027076 (3) WLAN-AKM-Suite = 1027073 (3) Framed-MTU = 1400 (3) EAP-Message = 0x026500263403bb6184d17965cbf286f91ab7a6bce8af297c878e5d4ef27995065b48833e06ce (3) State = 0x7746780c75234c9bc64706082ad8092a (3) Message-Authenticator = 0x68727675cf8809530dd137abdfbb4589 (3) session-state: No cached attributes (3) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (3) authorize { (3) policy filter_username { (3) if (&User-Name) { (3) if (&User-Name) -> TRUE (3) if (&User-Name) { (3) if (&User-Name =~ / /) { (3) if (&User-Name =~ / /) -> FALSE (3) if (&User-Name =~ /@[^@]*@/ ) { (3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (3) if (&User-Name =~ /\.\./ ) { (3) if (&User-Name =~ /\.\./ ) -> FALSE (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (3) if (&User-Name =~ /\.$/) { (3) if (&User-Name =~ /\.$/) -> FALSE (3) if (&User-Name =~ /@\./) { (3) if (&User-Name =~ /@\./) -> FALSE (3) } # if (&User-Name) = notfound (3) } # policy filter_username = notfound (3) [preprocess] = ok (3) suffix: Checking for suffix after "@" (3) suffix: No '@' in User-Name = "5001", looking up realm NULL (3) suffix: No such realm "NULL" (3) [suffix] = noop (3) policy rewrite_calling_station_id { (3) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (3) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE (3) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (3) update request { (3) EXPAND %{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}} (3) --> F6-1C-00-0B-07-03 (3) &Calling-Station-Id := F6-1C-00-0B-07-03 (3) } # update request = noop (3) [updated] = updated (3) } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated (3) ... skipping else: Preceding "if" was taken (3) } # policy rewrite_calling_station_id = updated (3) eap: Peer sent EAP Response (code 2) ID 101 length 38 (3) eap: No EAP Start, assuming it's an on-going EAP conversation (3) [eap] = updated (3) } # authorize = updated (3) Found Auth-Type = eap (3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (3) authenticate { (3) eap: Expiring EAP session with state 0x7746780c75234c9b (3) eap: Finished EAP session with state 0x7746780c75234c9b (3) eap: Previous EAP request found for state 0x7746780c75234c9b, released from the list (3) eap: Peer sent packet with method EAP PWD (52) (3) eap: Calling submodule eap_pwd to process data (3) eap: Sending EAP Success (code 3) ID 101 length 4 (3) eap: Freeing handler (3) [eap] = ok (3) } # authenticate = ok (3) # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/default (3) post-auth { (3) update { (3) No attributes updated (3) } # update = noop (3) sql: EXPAND .query (3) sql: --> .query (3) sql: Using query template 'query' rlm_sql (sql): Reserved connection (1) (3) sql: EXPAND %{User-Name} (3) sql: --> 5001 (3) sql: SQL-User-Name set to '5001' (3) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') (3) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '5001', '', 'Access-Accept', '2021-01-26 14:21:40') (3) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '5001', '', 'Access-Accept', '2021-01-26 14:21:40') (3) sql: SQL query returned: success (3) sql: 1 record(s) updated rlm_sql (sql): Released connection (1) (3) [sql] = ok (3) [exec] = noop (3) } # post-auth = ok (3) Sent Access-Accept Id 134 from 10.15.0.136:1812 to 10.30.156.65:37368 length 0 (3) MS-MPPE-Recv-Key = 0x54f1496249a0aeed71eebb1a9b0e0cff5a1f1992fb46553c655f308b108591cd (3) MS-MPPE-Send-Key = 0x6fc7161e06565a9b0c1bb0d85559807aba0a65aa8accc2bec14a2fffa6835be4 (3) EAP-Message = 0x03650004 (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) User-Name = "5001" (3) Finished request Waking up in 4.8 seconds.