<sigh> I pushed a fix.
Thanks Alan. That seems to fix it! <snip> Ready to process requests (0) Received Access-Request Id 0 from 127.0.0.1:62244 to 0.0.0.0:1812 length 122 (0) User-Name = "1234" (0) NAS-IP-Address = 127.0.0.1 (0) Calling-Station-Id = "02-00-00-00-00-01" (0) Framed-MTU = 1400 (0) NAS-Port-Type = Wireless-802.11 (0) Service-Type = Framed-User (0) Connect-Info = "CONNECT 11Mbps 802.11b" (0) EAP-Message = 0x02e900090131323334 (0) Message-Authenticator = 0x8862b1c49abc0f9646933a0c5bd925df (0) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "1234", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) eap: Peer sent EAP Response (code 2) ID 233 length 9 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = eap (0) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (0) authenticate { (0) eap: Peer sent packet with method EAP Identity (1) (0) eap: Calling submodule eap_md5 to process data (0) eap_md5: Issuing MD5 Challenge (0) eap: Sending EAP Request (code 1) ID 234 length 22 (0) eap: EAP session adding &reply:State = 0xb22431b3b2ce35db (0) [eap] = handled (0) } # authenticate = handled (0) Using Post-Auth-Type Challenge (0) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (0) Challenge { ... } # empty sub-section is ignored (0) Sent Access-Challenge Id 0 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0 (0) EAP-Message = 0x01ea001604101b80c0994cef15a0e2e3c889ab57c1fb (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0xb22431b3b2ce35db7f72bc3d985e2006 (0) Finished request Waking up in 5.0 seconds. (1) Received Access-Request Id 1 from 127.0.0.1:62244 to 0.0.0.0:1812 length 137 (1) User-Name = "1234" (1) NAS-IP-Address = 127.0.0.1 (1) Calling-Station-Id = "02-00-00-00-00-01" (1) Framed-MTU = 1400 (1) NAS-Port-Type = Wireless-802.11 (1) Service-Type = Framed-User (1) Connect-Info = "CONNECT 11Mbps 802.11b" (1) EAP-Message = 0x02ea0006032b (1) State = 0xb22431b3b2ce35db7f72bc3d985e2006 (1) Message-Authenticator = 0x0d4078ec678e91427c5dcdea27f451ed (1) session-state: No cached attributes (1) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (1) authorize { (1) policy filter_username { (1) if (&User-Name) { (1) if (&User-Name) -> TRUE (1) if (&User-Name) { (1) if (&User-Name =~ / /) { (1) if (&User-Name =~ / /) -> FALSE (1) if (&User-Name =~ /@[^@]*@/ ) { (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (1) if (&User-Name =~ /\.\./ ) { (1) if (&User-Name =~ /\.\./ ) -> FALSE (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (1) if (&User-Name =~ /\.$/) { (1) if (&User-Name =~ /\.$/) -> FALSE (1) if (&User-Name =~ /@\./) { (1) if (&User-Name =~ /@\./) -> FALSE (1) } # if (&User-Name) = notfound (1) } # policy filter_username = notfound (1) [preprocess] = ok (1) [chap] = noop (1) [mschap] = noop (1) [digest] = noop (1) suffix: Checking for suffix after "@" (1) suffix: No '@' in User-Name = "1234", looking up realm NULL (1) suffix: No such realm "NULL" (1) [suffix] = noop (1) eap: Peer sent EAP Response (code 2) ID 234 length 6 (1) eap: No EAP Start, assuming it's an on-going EAP conversation (1) [eap] = updated (1) [files] = noop (1) [expiration] = noop (1) [logintime] = noop Not doing PAP as Auth-Type is already set. (1) [pap] = noop (1) } # authorize = updated (1) Found Auth-Type = eap (1) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (1) authenticate { (1) eap: Expiring EAP session with state 0xb22431b3b2ce35db (1) eap: Finished EAP session with state 0xb22431b3b2ce35db (1) eap: Previous EAP request found for state 0xb22431b3b2ce35db, released from the list (1) eap: Peer sent packet with method EAP NAK (3) (1) eap: Found mutually acceptable type FAST (43) (1) eap: Calling submodule eap_fast to process data (1) eap_fast: Initiating new TLS session (1) eap_fast: Over-riding main cipher list with 'ALL:!EXPORT:!eNULL:!SSLv2:@SECLEVEL=0' (1) eap: Sending EAP Request (code 1) ID 235 length 26 (1) eap: EAP session adding &reply:State = 0xb22431b3b3cf1adb (1) [eap] = handled (1) } # authenticate = handled (1) Using Post-Auth-Type Challenge (1) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (1) Challenge { ... } # empty sub-section is ignored (1) Sent Access-Challenge Id 1 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0 (1) EAP-Message = 0x01eb001a2b210004001081dc9bdb52d04dc20036dbd8313ed055 (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) State = 0xb22431b3b3cf1adb7f72bc3d985e2006 (1) Finished request Waking up in 4.8 seconds. (2) Received Access-Request Id 2 from 127.0.0.1:62244 to 0.0.0.0:1812 length 435 (2) User-Name = "1234" (2) NAS-IP-Address = 127.0.0.1 (2) Calling-Station-Id = "02-00-00-00-00-01" (2) Framed-MTU = 1400 (2) NAS-Port-Type = Wireless-802.11 (2) Service-Type = Framed-User (2) Connect-Info = "CONNECT 11Mbps 802.11b" (2) EAP-Message = 0x02eb012e2b0116030101230100011f030378420a4919f64442d67aff80fc92e77ed25aa36ae5f79d8ab4a67bf0dae196be000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff010000be000b000403000102000a000c000a001d0017001e00190018002300660002006281dc9bdb52d04dc20036dbd8313ed05500000000000000000000000000000000c74015d15ee1a1baa583108cdc4cd94aa2de29d0a3da8ae33197c989c7a371d3f1d17a12e553b578c02414b0fd3653d967add12b7843eb713e03e320b050a04ef2290016000000170000000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602 (2) State = 0xb22431b3b3cf1adb7f72bc3d985e2006 (2) Message-Authenticator = 0x6736bdb225fc511ed8430552ebaa7960 (2) session-state: No cached attributes (2) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (2) authorize { (2) policy filter_username { (2) if (&User-Name) { (2) if (&User-Name) -> TRUE (2) if (&User-Name) { (2) if (&User-Name =~ / /) { (2) if (&User-Name =~ / /) -> FALSE (2) if (&User-Name =~ /@[^@]*@/ ) { (2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (2) if (&User-Name =~ /\.\./ ) { (2) if (&User-Name =~ /\.\./ ) -> FALSE (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (2) if (&User-Name =~ /\.$/) { (2) if (&User-Name =~ /\.$/) -> FALSE (2) if (&User-Name =~ /@\./) { (2) if (&User-Name =~ /@\./) -> FALSE (2) } # if (&User-Name) = notfound (2) } # policy filter_username = notfound (2) [preprocess] = ok (2) [chap] = noop (2) [mschap] = noop (2) [digest] = noop (2) suffix: Checking for suffix after "@" (2) suffix: No '@' in User-Name = "1234", looking up realm NULL (2) suffix: No such realm "NULL" (2) [suffix] = noop (2) eap: Peer sent EAP Response (code 2) ID 235 length 302 (2) eap: No EAP Start, assuming it's an on-going EAP conversation (2) [eap] = updated (2) [files] = noop (2) [expiration] = noop (2) [logintime] = noop Not doing PAP as Auth-Type is already set. (2) [pap] = noop (2) } # authorize = updated (2) Found Auth-Type = eap (2) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (2) authenticate { (2) eap: Expiring EAP session with state 0xb22431b3b3cf1adb (2) eap: Finished EAP session with state 0xb22431b3b3cf1adb (2) eap: Previous EAP request found for state 0xb22431b3b3cf1adb, released from the list (2) eap: Peer sent packet with method EAP FAST (43) (2) eap: Calling submodule eap_fast to process data (2) eap_fast: Authenticate (2) eap_fast: Continuing EAP-TLS (2) eap_fast: [eaptls verify] = ok (2) eap_fast: Done initial handshake (2) eap_fast: (other): before SSL initialization (2) eap_fast: TLS_accept: before SSL initialization (2) eap_fast: TLS_accept: before SSL initialization (2) eap_fast: <<< recv TLS 1.3 [length 0123] (2) eap_fast: PAC provided via ClientHello SessionTicket extension (2) eap_fast: processing PAC-Opaque (2) eap_fast: TLS_accept: SSLv3/TLS read client hello (2) eap_fast: >>> send TLS 1.1 [length 0061] (2) eap_fast: TLS_accept: SSLv3/TLS write server hello (2) eap_fast: >>> send TLS 1.1 [length 0001] (2) eap_fast: TLS_accept: SSLv3/TLS write change cipher spec (2) eap_fast: >>> send TLS 1.1 [length 0010] (2) eap_fast: TLS_accept: SSLv3/TLS write finished (2) eap_fast: TLS_accept: Need to read more data: SSLv3/TLS write finished (2) eap_fast: TLS - In Handshake Phase (2) eap_fast: TLS - got 181 bytes of data (2) eap_fast: [eaptls process] = handled (2) eap: Sending EAP Request (code 1) ID 236 length 187 (2) eap: EAP session adding &reply:State = 0xb22431b3b0c81adb (2) [eap] = handled (2) } # authenticate = handled (2) Using Post-Auth-Type Challenge (2) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (2) Challenge { ... } # empty sub-section is ignored (2) Sent Access-Challenge Id 2 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0 (2) EAP-Message = 0x01ec00bb2b0116030200610200005d0302bbf51c0cb48cc0765363b9c213a47cf6931892812fe8759e3b6e827995a9b67e20330701c670dbe0d22ffb307123950ac4c6c2ee823ba2dfec928d2a04df3c56c4c014000015ff01000100000b0004030001020016000000170000140302000101160302004495074e2bdb445df173c2d6d8ae04bb4c8c87aac49bc347a09c48fa5e5f992a7c93a5f1b2489d1b00d083a5da13dd60fc0c8872815e8053599ca2188727d82ffd92b0a92e (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0xb22431b3b0c81adb7f72bc3d985e2006 (2) Finished request Waking up in 4.7 seconds. (3) Received Access-Request Id 3 from 127.0.0.1:62244 to 0.0.0.0:1812 length 216 (3) User-Name = "1234" (3) NAS-IP-Address = 127.0.0.1 (3) Calling-Station-Id = "02-00-00-00-00-01" (3) Framed-MTU = 1400 (3) NAS-Port-Type = Wireless-802.11 (3) Service-Type = Framed-User (3) Connect-Info = "CONNECT 11Mbps 802.11b" (3) EAP-Message = 0x02ec00552b01140302000101160302004461b980a6609a1ebb3672eb7087f4eb6eee13106d7747b84de958e9744e47b923804398bf7909c30d7735b1b56364b07b6198879b4ebaf4f99d3b0f0631cf3c64f04922f7 (3) State = 0xb22431b3b0c81adb7f72bc3d985e2006 (3) Message-Authenticator = 0x7aaf468640e84bc844d9bc88c00e0741 (3) session-state: No cached attributes (3) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (3) authorize { (3) policy filter_username { (3) if (&User-Name) { (3) if (&User-Name) -> TRUE (3) if (&User-Name) { (3) if (&User-Name =~ / /) { (3) if (&User-Name =~ / /) -> FALSE (3) if (&User-Name =~ /@[^@]*@/ ) { (3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (3) if (&User-Name =~ /\.\./ ) { (3) if (&User-Name =~ /\.\./ ) -> FALSE (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (3) if (&User-Name =~ /\.$/) { (3) if (&User-Name =~ /\.$/) -> FALSE (3) if (&User-Name =~ /@\./) { (3) if (&User-Name =~ /@\./) -> FALSE (3) } # if (&User-Name) = notfound (3) } # policy filter_username = notfound (3) [preprocess] = ok (3) [chap] = noop (3) [mschap] = noop (3) [digest] = noop (3) suffix: Checking for suffix after "@" (3) suffix: No '@' in User-Name = "1234", looking up realm NULL (3) suffix: No such realm "NULL" (3) [suffix] = noop (3) eap: Peer sent EAP Response (code 2) ID 236 length 85 (3) eap: No EAP Start, assuming it's an on-going EAP conversation (3) [eap] = updated (3) [files] = noop (3) [expiration] = noop (3) [logintime] = noop Not doing PAP as Auth-Type is already set. (3) [pap] = noop (3) } # authorize = updated (3) Found Auth-Type = eap (3) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (3) authenticate { (3) eap: Expiring EAP session with state 0xb22431b3b0c81adb (3) eap: Finished EAP session with state 0xb22431b3b0c81adb (3) eap: Previous EAP request found for state 0xb22431b3b0c81adb, released from the list (3) eap: Peer sent packet with method EAP FAST (43) (3) eap: Calling submodule eap_fast to process data (3) eap_fast: Authenticate (3) eap_fast: Continuing EAP-TLS (3) eap_fast: [eaptls verify] = ok (3) eap_fast: Done initial handshake (3) eap_fast: TLS_accept: SSLv3/TLS write finished (3) eap_fast: TLS_accept: SSLv3/TLS read change cipher spec (3) eap_fast: <<< recv TLS 1.1 [length 0010] (3) eap_fast: TLS_accept: SSLv3/TLS read finished (3) eap_fast: (other): SSL negotiation finished successfully (3) eap_fast: TLS - Connection Established (3) eap_fast: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA" (3) eap_fast: TLS-Session-Version = "TLS 1.1" (3) eap_fast: TLS - Application data. (3) eap_fast: WARNING: No information in cached session 330701c670dbe0d22ffb307123950ac4c6c2ee823ba2dfec928d2a04df3c56c4 (3) eap_fast: [eaptls process] = success (3) eap_fast: Session established. Proceeding to decode tunneled attributes (3) eap_fast: Session Resumed from PAC (3) eap_fast: Deriving EAP-FAST keys (3) eap_fast: OpenSSL: cipher nid 427 digest nid 64 (3) eap_fast: OpenSSL: keyblock size: key_len=32 MD_size=20 IV_len=16 (3) eap_fast: Sending EAP-Identity (3) eap_fast: Challenge (3) eap: Sending EAP Request (code 1) ID 237 length 63 (3) eap: EAP session adding &reply:State = 0xb22431b3b1c91adb (3) [eap] = handled (3) } # authenticate = handled (3) Using Post-Auth-Type Challenge (3) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (3) Challenge { ... } # empty sub-section is ignored (3) session-state: Saving cached attributes (3) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA" (3) TLS-Session-Version = "TLS 1.1" (3) Sent Access-Challenge Id 3 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0 (3) EAP-Message = 0x01ed003f2b011703020034cb57db7430b66bf855e9064c66187f83f6585c2f20fca65dc9ed6f7d3f0fde0a6fe8ed752bb936ca202c3cab5796671194d77336 (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) State = 0xb22431b3b1c91adb7f72bc3d985e2006 (3) Finished request Waking up in 4.5 seconds. (4) Received Access-Request Id 4 from 127.0.0.1:62244 to 0.0.0.0:1812 length 194 (4) User-Name = "1234" (4) NAS-IP-Address = 127.0.0.1 (4) Calling-Station-Id = "02-00-00-00-00-01" (4) Framed-MTU = 1400 (4) NAS-Port-Type = Wireless-802.11 (4) Service-Type = Framed-User (4) Connect-Info = "CONNECT 11Mbps 802.11b" (4) EAP-Message = 0x02ed003f2b011703020034f4ff56e41a0cba313310f866b62b2c6c1e23d9884a80a3cb2b820560f85529fd79e6b93eccf6c842fa56a30c0bc9d1bc0745898e (4) State = 0xb22431b3b1c91adb7f72bc3d985e2006 (4) Message-Authenticator = 0x7147944225bb3ebc6566df9d97ee45fb (4) Restoring &session-state (4) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA" (4) &session-state:TLS-Session-Version = "TLS 1.1" (4) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (4) authorize { (4) policy filter_username { (4) if (&User-Name) { (4) if (&User-Name) -> TRUE (4) if (&User-Name) { (4) if (&User-Name =~ / /) { (4) if (&User-Name =~ / /) -> FALSE (4) if (&User-Name =~ /@[^@]*@/ ) { (4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (4) if (&User-Name =~ /\.\./ ) { (4) if (&User-Name =~ /\.\./ ) -> FALSE (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (4) if (&User-Name =~ /\.$/) { (4) if (&User-Name =~ /\.$/) -> FALSE (4) if (&User-Name =~ /@\./) { (4) if (&User-Name =~ /@\./) -> FALSE (4) } # if (&User-Name) = notfound (4) } # policy filter_username = notfound (4) [preprocess] = ok (4) [chap] = noop (4) [mschap] = noop (4) [digest] = noop (4) suffix: Checking for suffix after "@" (4) suffix: No '@' in User-Name = "1234", looking up realm NULL (4) suffix: No such realm "NULL" (4) [suffix] = noop (4) eap: Peer sent EAP Response (code 2) ID 237 length 63 (4) eap: No EAP Start, assuming it's an on-going EAP conversation (4) [eap] = updated (4) [files] = noop (4) [expiration] = noop (4) [logintime] = noop Not doing PAP as Auth-Type is already set. (4) [pap] = noop (4) } # authorize = updated (4) Found Auth-Type = eap (4) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (4) authenticate { (4) eap: Expiring EAP session with state 0xb22431b3b1c91adb (4) eap: Finished EAP session with state 0xb22431b3b1c91adb (4) eap: Previous EAP request found for state 0xb22431b3b1c91adb, released from the list (4) eap: Peer sent packet with method EAP FAST (43) (4) eap: Calling submodule eap_fast to process data (4) eap_fast: Authenticate (4) eap_fast: Continuing EAP-TLS (4) eap_fast: [eaptls verify] = ok (4) eap_fast: Done initial handshake (4) eap_fast: [eaptls process] = ok (4) eap_fast: Session established. Proceeding to decode tunneled attributes (4) eap_fast: Got Tunneled FAST TLVs (4) eap_fast: FreeRADIUS-EAP-FAST-EAP-Payload = 0x02ed0008016d6777 (4) eap_fast: Processing received EAP Payload (4) eap_fast: Got tunneled request (4) eap_fast: EAP-Message = 0x02ed0008016d6777 (4) eap_fast: Got tunneled identity of mgw (4) eap_fast: AUTHENTICATION (4) Virtual server inner-tunnel received request (4) EAP-Message = 0x02ed0008016d6777 (4) FreeRADIUS-Proxied-To = 127.0.0.1 (4) User-Name = "mgw" (4) WARNING: Outer User-Name is not anonymized. User privacy is compromised. (4) server inner-tunnel { (4) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel (4) authorize { (4) policy filter_username { (4) if (&User-Name) { (4) if (&User-Name) -> TRUE (4) if (&User-Name) { (4) if (&User-Name =~ / /) { (4) if (&User-Name =~ / /) -> FALSE (4) if (&User-Name =~ /@[^@]*@/ ) { (4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (4) if (&User-Name =~ /\.\./ ) { (4) if (&User-Name =~ /\.\./ ) -> FALSE (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (4) if (&User-Name =~ /\.$/) { (4) if (&User-Name =~ /\.$/) -> FALSE (4) if (&User-Name =~ /@\./) { (4) if (&User-Name =~ /@\./) -> FALSE (4) } # if (&User-Name) = notfound (4) } # policy filter_username = notfound (4) [chap] = noop (4) [mschap] = noop (4) suffix: Checking for suffix after "@" (4) suffix: No '@' in User-Name = "mgw", looking up realm NULL (4) suffix: No such realm "NULL" (4) [suffix] = noop (4) update control { (4) &Proxy-To-Realm := LOCAL (4) } # update control = noop (4) eap: Peer sent EAP Response (code 2) ID 237 length 8 (4) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (4) [eap] = ok (4) } # authorize = ok (4) Found Auth-Type = eap (4) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel (4) authenticate { (4) eap: Peer sent packet with method EAP Identity (1) (4) eap: Calling submodule eap_mschapv2 to process data (4) eap_mschapv2: Issuing Challenge (4) eap: Sending EAP Request (code 1) ID 238 length 43 (4) eap: EAP session adding &reply:State = 0xe3368f25e3d895bc (4) [eap] = handled (4) } # authenticate = handled (4) } # server inner-tunnel (4) Virtual server sending reply (4) EAP-Message = 0x01ee002b1a01ee0026103110d50663aee1e22b52404ccb89303b667265657261646975732d332e302e3138 (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0xe3368f25e3d895bc2c65ae25c75c3478 (4) eap_fast: Got tunneled Access-Challenge (4) eap_fast: Challenge (4) eap: Sending EAP Request (code 1) ID 238 length 95 (4) eap: EAP session adding &reply:State = 0xb22431b3b6ca1adb (4) [eap] = handled (4) } # authenticate = handled (4) Using Post-Auth-Type Challenge (4) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (4) Challenge { ... } # empty sub-section is ignored (4) session-state: Saving cached attributes (4) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA" (4) TLS-Session-Version = "TLS 1.1" (4) Sent Access-Challenge Id 4 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0 (4) EAP-Message = 0x01ee005f2b011703020054473429758f9db17f0ae8957b91950face79823365b7cad281515172e53715604e136da70224095aa01ec8400f754cec046515d4fcda35efbc8350dda31439607a2d92976a20e10f2138756795d04eabf0c8693f7 (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0xb22431b3b6ca1adb7f72bc3d985e2006 (4) Finished request Waking up in 4.3 seconds. (5) Received Access-Request Id 5 from 127.0.0.1:62244 to 0.0.0.0:1812 length 258 (5) User-Name = "1234" (5) NAS-IP-Address = 127.0.0.1 (5) Calling-Station-Id = "02-00-00-00-00-01" (5) Framed-MTU = 1400 (5) NAS-Port-Type = Wireless-802.11 (5) Service-Type = Framed-User (5) Connect-Info = "CONNECT 11Mbps 802.11b" (5) EAP-Message = 0x02ee007f2b0117030200747f38e22f07b9ac8bca3a0398c0a7794d11e0a33a3b2b94219f11a1d2442e381d8942a8febe3444e2c28707aab957908f3c0b9254418499b373868e39ce13b825d9718ef42b7a98d699a68e85c9fbf49dfb1a45d9e7762b76f1ed6bde2fe30df088210f67a394d9c4e3becb26d81e9ff41144c0f7 (5) State = 0xb22431b3b6ca1adb7f72bc3d985e2006 (5) Message-Authenticator = 0x8e40c8ea8e4f541690157aa75c2732d6 (5) Restoring &session-state (5) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA" (5) &session-state:TLS-Session-Version = "TLS 1.1" (5) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (5) authorize { (5) policy filter_username { (5) if (&User-Name) { (5) if (&User-Name) -> TRUE (5) if (&User-Name) { (5) if (&User-Name =~ / /) { (5) if (&User-Name =~ / /) -> FALSE (5) if (&User-Name =~ /@[^@]*@/ ) { (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (5) if (&User-Name =~ /\.\./ ) { (5) if (&User-Name =~ /\.\./ ) -> FALSE (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (5) if (&User-Name =~ /\.$/) { (5) if (&User-Name =~ /\.$/) -> FALSE (5) if (&User-Name =~ /@\./) { (5) if (&User-Name =~ /@\./) -> FALSE (5) } # if (&User-Name) = notfound (5) } # policy filter_username = notfound (5) [preprocess] = ok (5) [chap] = noop (5) [mschap] = noop (5) [digest] = noop (5) suffix: Checking for suffix after "@" (5) suffix: No '@' in User-Name = "1234", looking up realm NULL (5) suffix: No such realm "NULL" (5) [suffix] = noop (5) eap: Peer sent EAP Response (code 2) ID 238 length 127 (5) eap: No EAP Start, assuming it's an on-going EAP conversation (5) [eap] = updated (5) [files] = noop (5) [expiration] = noop (5) [logintime] = noop Not doing PAP as Auth-Type is already set. (5) [pap] = noop (5) } # authorize = updated (5) Found Auth-Type = eap (5) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (5) authenticate { (5) eap: Expiring EAP session with state 0xe3368f25e3d895bc (5) eap: Finished EAP session with state 0xb22431b3b6ca1adb (5) eap: Previous EAP request found for state 0xb22431b3b6ca1adb, released from the list (5) eap: Peer sent packet with method EAP FAST (43) (5) eap: Calling submodule eap_fast to process data (5) eap_fast: Authenticate (5) eap_fast: Continuing EAP-TLS (5) eap_fast: [eaptls verify] = ok (5) eap_fast: Done initial handshake (5) eap_fast: [eaptls process] = ok (5) eap_fast: Session established. Proceeding to decode tunneled attributes (5) eap_fast: Got Tunneled FAST TLVs (5) eap_fast: FreeRADIUS-EAP-FAST-EAP-Payload = 0x02ee003e1a02ee003931b788fe4ec73ae1dcef2977c9f261a20b0000000000000000bbfadae962ed13ccba78ef79edde455a8bb19177712d7a9c006d6777 (5) eap_fast: Processing received EAP Payload (5) eap_fast: Got tunneled request (5) eap_fast: EAP-Message = 0x02ee003e1a02ee003931b788fe4ec73ae1dcef2977c9f261a20b0000000000000000bbfadae962ed13ccba78ef79edde455a8bb19177712d7a9c006d6777 (5) eap_fast: AUTHENTICATION (5) Virtual server inner-tunnel received request (5) EAP-Message = 0x02ee003e1a02ee003931b788fe4ec73ae1dcef2977c9f261a20b0000000000000000bbfadae962ed13ccba78ef79edde455a8bb19177712d7a9c006d6777 (5) FreeRADIUS-Proxied-To = 127.0.0.1 (5) User-Name = "mgw" (5) State = 0xe3368f25e3d895bc2c65ae25c75c3478 (5) WARNING: Outer User-Name is not anonymized. User privacy is compromised. (5) server inner-tunnel { (5) session-state: No cached attributes (5) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel (5) authorize { (5) policy filter_username { (5) if (&User-Name) { (5) if (&User-Name) -> TRUE (5) if (&User-Name) { (5) if (&User-Name =~ / /) { (5) if (&User-Name =~ / /) -> FALSE (5) if (&User-Name =~ /@[^@]*@/ ) { (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (5) if (&User-Name =~ /\.\./ ) { (5) if (&User-Name =~ /\.\./ ) -> FALSE (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (5) if (&User-Name =~ /\.$/) { (5) if (&User-Name =~ /\.$/) -> FALSE (5) if (&User-Name =~ /@\./) { (5) if (&User-Name =~ /@\./) -> FALSE (5) } # if (&User-Name) = notfound (5) } # policy filter_username = notfound (5) [chap] = noop (5) [mschap] = noop (5) suffix: Checking for suffix after "@" (5) suffix: No '@' in User-Name = "mgw", looking up realm NULL (5) suffix: No such realm "NULL" (5) [suffix] = noop (5) update control { (5) &Proxy-To-Realm := LOCAL (5) } # update control = noop (5) eap: Peer sent EAP Response (code 2) ID 238 length 62 (5) eap: No EAP Start, assuming it's an on-going EAP conversation (5) [eap] = updated (5) files: users: Matched entry mgw at line 68 (5) [files] = ok (5) [expiration] = noop (5) [logintime] = noop (5) pap: WARNING: Auth-Type already set. Not setting to PAP (5) [pap] = noop (5) } # authorize = updated (5) Found Auth-Type = eap (5) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel (5) authenticate { (5) eap: Expiring EAP session with state 0xe3368f25e3d895bc (5) eap: Finished EAP session with state 0xe3368f25e3d895bc (5) eap: Previous EAP request found for state 0xe3368f25e3d895bc, released from the list (5) eap: Peer sent packet with method EAP MSCHAPv2 (26) (5) eap: Calling submodule eap_mschapv2 to process data (5) eap_mschapv2: # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel (5) eap_mschapv2: authenticate { (5) mschap: Found Cleartext-Password, hashing to create NT-Password (5) mschap: Found Cleartext-Password, hashing to create LM-Password (5) mschap: Creating challenge hash with username: mgw (5) mschap: Client is using MS-CHAPv2 (5) mschap: Adding MS-CHAPv2 MPPE keys (5) [mschap] = ok (5) } # authenticate = ok (5) MSCHAP Success (5) eap: Sending EAP Request (code 1) ID 239 length 51 (5) eap: EAP session adding &reply:State = 0xe3368f25e2d995bc (5) [eap] = handled (5) } # authenticate = handled (5) } # server inner-tunnel (5) Virtual server sending reply (5) EAP-Message = 0x01ef00331a03ee002e533d37393836433534434446394230334436444441393837384442413736333044303244383234344142 (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) State = 0xe3368f25e2d995bc2c65ae25c75c3478 (5) eap_fast: Got tunneled Access-Challenge (5) eap_fast: Challenge (5) eap: Sending EAP Request (code 1) ID 239 length 111 (5) eap: EAP session adding &reply:State = 0xb22431b3b7cb1adb (5) [eap] = handled (5) } # authenticate = handled (5) Using Post-Auth-Type Challenge (5) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (5) Challenge { ... } # empty sub-section is ignored (5) session-state: Saving cached attributes (5) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA" (5) TLS-Session-Version = "TLS 1.1" (5) Sent Access-Challenge Id 5 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0 (5) EAP-Message = 0x01ef006f2b011703020064e77850006db663e3cb8f8bc0a50bc2da30a5689ce3dc0a39c694374e26c5cc5932f3e543c1ff63b44aafa554bdc04d5c8a1bc8beb819653b75ac4760be0c7f6ce69f0f9d23a1d819176fba30e9269991d7901a377638e0cdb86599cecb11d552c614b262 (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) State = 0xb22431b3b7cb1adb7f72bc3d985e2006 (5) Finished request Waking up in 4.1 seconds. (6) Received Access-Request Id 6 from 127.0.0.1:62244 to 0.0.0.0:1812 length 194 (6) User-Name = "1234" (6) NAS-IP-Address = 127.0.0.1 (6) Calling-Station-Id = "02-00-00-00-00-01" (6) Framed-MTU = 1400 (6) NAS-Port-Type = Wireless-802.11 (6) Service-Type = Framed-User (6) Connect-Info = "CONNECT 11Mbps 802.11b" (6) EAP-Message = 0x02ef003f2b011703020034215c7108855a146498fb7e075f8a21004c222739fd3a10199ec97b6661def96b46be7a7fd36d88cb87d5adf864a7bc008cdafefb (6) State = 0xb22431b3b7cb1adb7f72bc3d985e2006 (6) Message-Authenticator = 0x2789e6c321d010bb4970f96d043f9a91 (6) Restoring &session-state (6) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA" (6) &session-state:TLS-Session-Version = "TLS 1.1" (6) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (6) authorize { (6) policy filter_username { (6) if (&User-Name) { (6) if (&User-Name) -> TRUE (6) if (&User-Name) { (6) if (&User-Name =~ / /) { (6) if (&User-Name =~ / /) -> FALSE (6) if (&User-Name =~ /@[^@]*@/ ) { (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (6) if (&User-Name =~ /\.\./ ) { (6) if (&User-Name =~ /\.\./ ) -> FALSE (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (6) if (&User-Name =~ /\.$/) { (6) if (&User-Name =~ /\.$/) -> FALSE (6) if (&User-Name =~ /@\./) { (6) if (&User-Name =~ /@\./) -> FALSE (6) } # if (&User-Name) = notfound (6) } # policy filter_username = notfound (6) [preprocess] = ok (6) [chap] = noop (6) [mschap] = noop (6) [digest] = noop (6) suffix: Checking for suffix after "@" (6) suffix: No '@' in User-Name = "1234", looking up realm NULL (6) suffix: No such realm "NULL" (6) [suffix] = noop (6) eap: Peer sent EAP Response (code 2) ID 239 length 63 (6) eap: No EAP Start, assuming it's an on-going EAP conversation (6) [eap] = updated (6) [files] = noop (6) [expiration] = noop (6) [logintime] = noop Not doing PAP as Auth-Type is already set. (6) [pap] = noop (6) } # authorize = updated (6) Found Auth-Type = eap (6) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (6) authenticate { (6) eap: Expiring EAP session with state 0xe3368f25e2d995bc (6) eap: Finished EAP session with state 0xb22431b3b7cb1adb (6) eap: Previous EAP request found for state 0xb22431b3b7cb1adb, released from the list (6) eap: Peer sent packet with method EAP FAST (43) (6) eap: Calling submodule eap_fast to process data (6) eap_fast: Authenticate (6) eap_fast: Continuing EAP-TLS (6) eap_fast: [eaptls verify] = ok (6) eap_fast: Done initial handshake (6) eap_fast: [eaptls process] = ok (6) eap_fast: Session established. Proceeding to decode tunneled attributes (6) eap_fast: Got Tunneled FAST TLVs (6) eap_fast: FreeRADIUS-EAP-FAST-EAP-Payload = 0x02ef00061a03 (6) eap_fast: Processing received EAP Payload (6) eap_fast: Got tunneled request (6) eap_fast: EAP-Message = 0x02ef00061a03 (6) eap_fast: AUTHENTICATION (6) Virtual server inner-tunnel received request (6) EAP-Message = 0x02ef00061a03 (6) FreeRADIUS-Proxied-To = 127.0.0.1 (6) User-Name = "mgw" (6) State = 0xe3368f25e2d995bc2c65ae25c75c3478 (6) WARNING: Outer User-Name is not anonymized. User privacy is compromised. (6) server inner-tunnel { (6) session-state: No cached attributes (6) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel (6) authorize { (6) policy filter_username { (6) if (&User-Name) { (6) if (&User-Name) -> TRUE (6) if (&User-Name) { (6) if (&User-Name =~ / /) { (6) if (&User-Name =~ / /) -> FALSE (6) if (&User-Name =~ /@[^@]*@/ ) { (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (6) if (&User-Name =~ /\.\./ ) { (6) if (&User-Name =~ /\.\./ ) -> FALSE (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (6) if (&User-Name =~ /\.$/) { (6) if (&User-Name =~ /\.$/) -> FALSE (6) if (&User-Name =~ /@\./) { (6) if (&User-Name =~ /@\./) -> FALSE (6) } # if (&User-Name) = notfound (6) } # policy filter_username = notfound (6) [chap] = noop (6) [mschap] = noop (6) suffix: Checking for suffix after "@" (6) suffix: No '@' in User-Name = "mgw", looking up realm NULL (6) suffix: No such realm "NULL" (6) [suffix] = noop (6) update control { (6) &Proxy-To-Realm := LOCAL (6) } # update control = noop (6) eap: Peer sent EAP Response (code 2) ID 239 length 6 (6) eap: No EAP Start, assuming it's an on-going EAP conversation (6) [eap] = updated (6) files: users: Matched entry mgw at line 68 (6) [files] = ok (6) [expiration] = noop (6) [logintime] = noop (6) pap: WARNING: Auth-Type already set. Not setting to PAP (6) [pap] = noop (6) } # authorize = updated (6) Found Auth-Type = eap (6) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel (6) authenticate { (6) eap: Expiring EAP session with state 0xe3368f25e2d995bc (6) eap: Finished EAP session with state 0xe3368f25e2d995bc (6) eap: Previous EAP request found for state 0xe3368f25e2d995bc, released from the list (6) eap: Peer sent packet with method EAP MSCHAPv2 (26) (6) eap: Calling submodule eap_mschapv2 to process data (6) eap: Sending EAP Success (code 3) ID 239 length 4 (6) eap: Freeing handler (6) [eap] = ok (6) } # authenticate = ok (6) # Executing section post-auth from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel (6) post-auth { (6) if (0) { (6) if (0) -> FALSE (6) } # post-auth = noop (6) } # server inner-tunnel (6) Virtual server sending reply (6) MS-MPPE-Encryption-Policy = Encryption-Allowed (6) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (6) MS-MPPE-Send-Key = 0xce9491926bc2c79a3f1431e5e21391f5 (6) MS-MPPE-Recv-Key = 0xeb638c24bfa050d0069792e946c20e23 (6) EAP-Message = 0x03ef0004 (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) User-Name = "mgw" (6) eap_fast: Got tunneled Access-Accept (6) eap_fast: Updating ICMK (6) eap_fast: Sending Cryptobinding (6) eap_fast: Challenge (6) eap: Sending EAP Request (code 1) ID 240 length 127 (6) eap: EAP session adding &reply:State = 0xb22431b3b4d41adb (6) [eap] = handled (6) } # authenticate = handled (6) Using Post-Auth-Type Challenge (6) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (6) Challenge { ... } # empty sub-section is ignored (6) session-state: Saving cached attributes (6) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA" (6) TLS-Session-Version = "TLS 1.1" (6) Sent Access-Challenge Id 6 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0 (6) EAP-Message = 0x01f0007f2b011703020074299c8187b828c7d3995e79e4ff3d74d800a552a67ffd98f85b3d0bc79e5aee5f0f1f5cdcb314ced5f0a322acf7722de24b0610dc0e98f6413d77620150aa052194b876d892cef177aa7ce513411df490a3fc7460e8c44c491d183df33eabc4dd34f5266ab8c869d902547e859054c24b60b15dfb (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0xb22431b3b4d41adb7f72bc3d985e2006 (6) Finished request Waking up in 3.9 seconds. (7) Received Access-Request Id 7 from 127.0.0.1:62244 to 0.0.0.0:1812 length 258 (7) User-Name = "1234" (7) NAS-IP-Address = 127.0.0.1 (7) Calling-Station-Id = "02-00-00-00-00-01" (7) Framed-MTU = 1400 (7) NAS-Port-Type = Wireless-802.11 (7) Service-Type = Framed-User (7) Connect-Info = "CONNECT 11Mbps 802.11b" (7) EAP-Message = 0x02f0007f2b011703020074780334064673d0fb51e06fe8ec527ed50174de91c8e6105d1c66c95e40987481ac18b2559b8642a58e12e8dbc8ebdfb5666c973da24b5f437251ac90cedb46b871fb0b1894810a453546090d56eed532a88d2d63ebecb4f0f5c66c44f5e22b338889b42e7cfb746d5dbe9d91069feb40f1b3f66e (7) State = 0xb22431b3b4d41adb7f72bc3d985e2006 (7) Message-Authenticator = 0x4553f5e6d65b5993e23f64147bf95f06 (7) Restoring &session-state (7) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA" (7) &session-state:TLS-Session-Version = "TLS 1.1" (7) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (7) authorize { (7) policy filter_username { (7) if (&User-Name) { (7) if (&User-Name) -> TRUE (7) if (&User-Name) { (7) if (&User-Name =~ / /) { (7) if (&User-Name =~ / /) -> FALSE (7) if (&User-Name =~ /@[^@]*@/ ) { (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (7) if (&User-Name =~ /\.\./ ) { (7) if (&User-Name =~ /\.\./ ) -> FALSE (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (7) if (&User-Name =~ /\.$/) { (7) if (&User-Name =~ /\.$/) -> FALSE (7) if (&User-Name =~ /@\./) { (7) if (&User-Name =~ /@\./) -> FALSE (7) } # if (&User-Name) = notfound (7) } # policy filter_username = notfound (7) [preprocess] = ok (7) [chap] = noop (7) [mschap] = noop (7) [digest] = noop (7) suffix: Checking for suffix after "@" (7) suffix: No '@' in User-Name = "1234", looking up realm NULL (7) suffix: No such realm "NULL" (7) [suffix] = noop (7) eap: Peer sent EAP Response (code 2) ID 240 length 127 (7) eap: No EAP Start, assuming it's an on-going EAP conversation (7) [eap] = updated (7) [files] = noop (7) [expiration] = noop (7) [logintime] = noop Not doing PAP as Auth-Type is already set. (7) [pap] = noop (7) } # authorize = updated (7) Found Auth-Type = eap (7) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (7) authenticate { (7) eap: Expiring EAP session with state 0xb22431b3b4d41adb (7) eap: Finished EAP session with state 0xb22431b3b4d41adb (7) eap: Previous EAP request found for state 0xb22431b3b4d41adb, released from the list (7) eap: Peer sent packet with method EAP FAST (43) (7) eap: Calling submodule eap_fast to process data (7) eap_fast: Authenticate (7) eap_fast: Continuing EAP-TLS (7) eap_fast: [eaptls verify] = ok (7) eap_fast: Done initial handshake (7) eap_fast: [eaptls process] = ok (7) eap_fast: Session established. Proceeding to decode tunneled attributes (7) eap_fast: Got Tunneled FAST TLVs (7) eap_fast: FreeRADIUS-EAP-FAST-Result = 1 (7) eap_fast: FreeRADIUS-EAP-FAST-Crypto-Binding = 0x00010101ac837d7f5580b23cd65efd092cef4cc5a7fe7d46b32327c6ba8037304146643d4f9e2cef97169b908fe30c1865b53909b0903557 (7) eap_fast: Forcibly stopping session resumption as it is not allowed (7) eap: Sending EAP Success (code 3) ID 240 length 4 (7) eap: Freeing handler (7) [eap] = ok (7) } # authenticate = ok (7) # Executing section post-auth from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default (7) post-auth { (7) update { (7) &reply::TLS-Session-Cipher-Suite += &session-state:TLS-Session-Cipher-Suite[*] -> 'ECDHE-RSA-AES256-SHA' (7) &reply::TLS-Session-Version += &session-state:TLS-Session-Version[*] -> 'TLS 1.1' (7) } # update = noop (7) [exec] = noop (7) policy remove_reply_message_if_eap { (7) if (&reply:EAP-Message && &reply:Reply-Message) { (7) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (7) else { (7) [noop] = noop (7) } # else = noop (7) } # policy remove_reply_message_if_eap = noop (7) } # post-auth = noop (7) Sent Access-Accept Id 7 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0 (7) MS-MPPE-Recv-Key = 0x41cce86a7d5697650b7f5ffce0fc1285f330cae573c5140484f030572881adee (7) MS-MPPE-Send-Key = 0xc0b77cfa7d332913d1fe7741d41a25139c0c73523d31f70cc5cc211a44a3318a (7) EAP-Message = 0x03f00004 (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) User-Name = "1234" (7) Finished request Waking up in 3.7 seconds. (0) Cleaning up request packet ID 0 with timestamp +10 (1) Cleaning up request packet ID 1 with timestamp +10 Waking up in 0.1 seconds. (2) Cleaning up request packet ID 2 with timestamp +10 Waking up in 0.1 seconds. (3) Cleaning up request packet ID 3 with timestamp +10 Waking up in 0.1 seconds. (4) Cleaning up request packet ID 4 with timestamp +10 Waking up in 0.2 seconds. (5) Cleaning up request packet ID 5 with timestamp +11 Waking up in 0.1 seconds. (6) Cleaning up request packet ID 6 with timestamp +11 Waking up in 0.1 seconds. (7) Cleaning up request packet ID 7 with timestamp +11 Ready to process requests