Hello list, i hope this is the right list for this question. I've written a python module to be used with freeradius and it works for wlan authentication (mschapv2) with windows, linux and android devices. But it fails with iphone/ios. With iOS is see the request in my python module and it authenticates against my server successfully but the iPhone always tells me "Unable to join the network <ssid>". My python module can be found here: https://github.com/the2nd/otpme/blob/main/otpme/lib/freeradius/otpme.py As it works with linux, windows and android i think its not completely wrong. Debug log of a successful authentication with my android device: FreeRADIUS Version 3.2.6 Copyright (C) 1999-2023 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/share/freeradius/dictionary including dictionary file /usr/share/freeradius/dictionary.dhcp including dictionary file /usr/share/freeradius/dictionary.vqp including configuration file /var/run/otpme/freeradius/radiusd.conf including configuration file /var/run/otpme/freeradius/clients.conf main { security { user = "otpme" group = "otpme" allow_core_dumps = no } name = "freeradius" prefix = "/usr" localstatedir = "/var" logdir = "/var/log/otpme" run_dir = "/var/run/otpme" } main { name = "freeradius" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/otpme" run_dir = "/var/run/otpme" libdir = "/usr/lib" radacctdir = "/var/log/otpme/radacct" hostname_lookups = no max_request_time = 30 proxy_dedup_window = 1 cleanup_delay = 5 max_requests = 16384 max_fds = 512 postauth_client_lost = no pidfile = "/var/run/otpme/pidfiles/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = no log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no colourise = yes msg_denied = "You are already logged in - access denied" } resources { } security { max_attributes = 200 reject_delay = 1.000000 status_server = yes require_message_authenticator = "auto" limit_proxy_state = "auto" } } radiusd: #### Loading Realms and Home Servers #### radiusd: #### Loading Clients #### Debugger not attached # Creating Auth-Type = python_otpme # Creating Auth-Type = EAP # Creating Auth-Type = MS-CHAP radiusd: #### Instantiating modules #### modules { # Loaded module rlm_mschap # Loading module "mschap" from file /var/run/otpme/freeradius/radiusd.conf mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes winbind_retry_with_normalised_username = no } # Loaded module rlm_eap # Loading module "eap" from file /var/run/otpme/freeradius/radiusd.conf eap { default_eap_type = "mschapv2" timer_expire = 60 max_eap_type = 52 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 16384 dedup_key = "" } # Loading module "mschap_otp" from file /var/run/otpme/freeradius/radiusd.conf mschap mschap_otp { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes ntlm_auth = "/usr/local/bin/otpme-auth verify_mschap --socket '%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}' '%{%{mschap_otp:Challenge}:-00}' '%{%{mschap_otp:NT-Response}:-00}' '%{NAS-Identifier}' '%{Client-IP-Address}'" passchange { } allow_retry = yes winbind_retry_with_normalised_username = no } # Loaded module rlm_python3 # Loading module "python_otpme" from file /var/run/otpme/freeradius/radiusd.conf python3 python_otpme { mod_instantiate = "otpme.lib.freeradius.otpme" func_instantiate = "instantiate" mod_authorize = "otpme.lib.freeradius.otpme" func_authorize = "authorize" mod_authenticate = "otpme.lib.freeradius.otpme" func_authenticate = "authenticate" python_path = "/var/run/otpme/freeradius/mods-config/python3:/opt/otpme/lib/python3.11/site-packages" cext_compat = yes pass_all_vps = no pass_all_vps_dict = no } # Instantiating module "mschap" from file /var/run/otpme/freeradius/radiusd.conf rlm_mschap (mschap): using internal authentication # Instantiating module "eap" from file /var/run/otpme/freeradius/radiusd.conf # Linked to sub-module rlm_eap_md5 rlm_eap (EAP): Ignoring EAP method 'leap', because it is no longer supported # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { verify_depth = 0 pem_file_type = yes private_key_file = "/var/run/otpme/freeradius/key.pem" certificate_file = "/var/run/otpme/freeradius/cert.pem" ca_file = "/var/run/otpme/freeradius/ca.pem" fragment_size = 1024 include_length = yes auto_chain = yes check_crl = no check_all_crl = no ca_path_reload_interval = 0 cipher_list = "DEFAULT" cipher_server_preference = no reject_unknown_intermediate_ca = no ecdh_curve = "prime256v1" disable_tlsv1 = yes disable_tlsv1_1 = yes tls_max_version = "1.2" tls_min_version = "1.2" cache { enable = no lifetime = 24 max_entries = 255 } verify { skip_if_ocsp_ok = no } ocsp { enable = no override_cert_url = no use_nonce = yes timeout = 0 softfail = no } } tls: Please use 'tls_min_version' and 'tls_max_version' instead of 'disable_tlsv1' tls: Please use 'tls_min_version' and 'tls_max_version' instead of 'disable_tlsv1_1' # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes virtual_server = "otpme" include_length = yes require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes proxy_tunneled_request_as_eap = yes virtual_server = "otpme" soh = no require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Instantiating module "mschap_otp" from file /var/run/otpme/freeradius/radiusd.conf rlm_mschap (mschap_otp): authenticating by calling 'ntlm_auth' # Instantiating module "python_otpme" from file /var/run/otpme/freeradius/radiusd.conf Python version: 3.11.13 (main, Jul 3 2025, 11:31:00) [GCC 12.2.1 20230428] otpme.py: OTPme config verfied successful. otpme.py: Instantiated OTPme module. } # modules radiusd: #### Loading Virtual Servers #### server { # from file /var/run/otpme/freeradius/radiusd.conf } # server server otpme { # from file /var/run/otpme/freeradius/radiusd.conf # Loading authenticate {...} Compiling Auth-Type EAP for attr Auth-Type Compiling Auth-Type MS-CHAP for attr Auth-Type # Loading authorize {...} } # server otpme radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 1812 client 10.219.195.225 { ipv4addr = 10.219.195.225 secret = <<< secret >>> shortname = "ap01-hbap-1" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 10.219.195.223 { ipv4addr = 10.219.195.223 secret = <<< secret >>> shortname = "cloudix-nextcloud-1" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 127.0.0.1 { ipv4addr = 127.0.0.1 secret = <<< secret >>> shortname = "localhost-1" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 10.219.195.100 { ipv4addr = 10.219.195.100 secret = <<< secret >>> shortname = "sharewatcher-1" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 10.219.195.254 { ipv4addr = 10.219.195.254 secret = <<< secret >>> shortname = "smtp-1" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } } Listening on auth address * port 1812 bound to server otpme Ready to process requests (0) Received Access-Request Id 162 from 10.219.195.225:38276 to 10.219.195.1:1812 length 204 (0) User-Name = "anonymous" (0) NAS-Identifier = "ap01-hbap" (0) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (0) NAS-Port-Type = Wireless-802.11 (0) Service-Type = Framed-User (0) NAS-Port = 1 (0) Calling-Station-Id = "42-33-75-43-BE-2D" (0) Connect-Info = "CONNECT 54Mbps 802.11a" (0) Acct-Session-Id = "BF0C189E956F9999" (0) WLAN-Pairwise-Cipher = 1027076 (0) WLAN-Group-Cipher = 1027076 (0) WLAN-AKM-Suite = 1027073 (0) Framed-MTU = 1400 (0) EAP-Message = 0x0277000e01616e6f6e796d6f7573 (0) Message-Authenticator = 0xe8db3a835195304aa1c2e8655f6cea44 (0) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (0) authorize { (0) eap: Peer sent EAP Response (code 2) ID 119 length 14 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) if (!control:Auth-Type) { (0) if (!control:Auth-Type) -> FALSE (0) } # authorize = ok (0) Found Auth-Type = EAP (0) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (0) Auth-Type EAP { (0) eap: Peer sent packet with method EAP Identity (1) (0) eap: Calling submodule eap_mschapv2 to process data (0) eap_mschapv2: Issuing Challenge (0) eap: Sending EAP Request (code 1) ID 120 length 42 (0) eap: EAP session adding &reply:State = 0x64b8ac1d64c0b641 (0) [eap] = handled (0) } # Auth-Type EAP = handled (0) Using Post-Auth-Type Challenge (0) Post-Auth-Type sub-section not found. Ignoring. (0) Sent Access-Challenge Id 162 from 10.219.195.1:1812 to 10.219.195.225:38276 length 100 (0) EAP-Message = 0x0178002a1a0178002510784b2270bd2bafab1ed5f5a37c9ae5e8667265657261646975732d332e322e36 (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0x64b8ac1d64c0b641aa9dae41afb34712 (0) Finished request Waking up in 4.9 seconds. (1) Received Access-Request Id 163 from 10.219.195.225:38276 to 10.219.195.1:1812 length 214 (1) User-Name = "anonymous" (1) NAS-Identifier = "ap01-hbap" (1) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (1) NAS-Port-Type = Wireless-802.11 (1) Service-Type = Framed-User (1) NAS-Port = 1 (1) Calling-Station-Id = "42-33-75-43-BE-2D" (1) Connect-Info = "CONNECT 54Mbps 802.11a" (1) Acct-Session-Id = "BF0C189E956F9999" (1) WLAN-Pairwise-Cipher = 1027076 (1) WLAN-Group-Cipher = 1027076 (1) WLAN-AKM-Suite = 1027073 (1) Framed-MTU = 1400 (1) EAP-Message = 0x027800060319 (1) State = 0x64b8ac1d64c0b641aa9dae41afb34712 (1) Message-Authenticator = 0x2bd3281b58e070552d01366780334918 (1) session-state: No cached attributes (1) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (1) authorize { (1) eap: Peer sent EAP Response (code 2) ID 120 length 6 (1) eap: No EAP Start, assuming it's an on-going EAP conversation (1) [eap] = updated (1) if (!control:Auth-Type) { (1) if (!control:Auth-Type) -> FALSE (1) } # authorize = updated (1) Found Auth-Type = EAP (1) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (1) Auth-Type EAP { (1) eap: Removing EAP session with state 0x64b8ac1d64c0b641 (1) eap: Previous EAP request found for state 0x64b8ac1d64c0b641, released from the list (1) eap: Peer sent packet with method EAP NAK (3) (1) eap: Found mutually acceptable type PEAP (25) (1) eap: Calling submodule eap_peap to process data (1) eap_peap: (TLS) PEAP -Initiating new session (1) eap: Sending EAP Request (code 1) ID 121 length 6 (1) eap: EAP session adding &reply:State = 0x64b8ac1d65c1b541 (1) [eap] = handled (1) } # Auth-Type EAP = handled (1) Using Post-Auth-Type Challenge (1) Post-Auth-Type sub-section not found. Ignoring. (1) session-state: Saving cached attributes (1) Framed-MTU = 994 (1) Sent Access-Challenge Id 163 from 10.219.195.1:1812 to 10.219.195.225:38276 length 64 (1) EAP-Message = 0x017900061920 (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) State = 0x64b8ac1d65c1b541aa9dae41afb34712 (1) Finished request Waking up in 4.9 seconds. (2) Received Access-Request Id 164 from 10.219.195.225:38276 to 10.219.195.1:1812 length 446 (2) User-Name = "anonymous" (2) NAS-Identifier = "ap01-hbap" (2) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (2) NAS-Port-Type = Wireless-802.11 (2) Service-Type = Framed-User (2) NAS-Port = 1 (2) Calling-Station-Id = "42-33-75-43-BE-2D" (2) Connect-Info = "CONNECT 54Mbps 802.11a" (2) Acct-Session-Id = "BF0C189E956F9999" (2) WLAN-Pairwise-Cipher = 1027076 (2) WLAN-Group-Cipher = 1027076 (2) WLAN-AKM-Suite = 1027073 (2) Framed-MTU = 1400 (2) EAP-Message = 0x027900ee1980000000e416030100df010000db0303204b82994ddeede4b1efd09220705397da7cefa712c268070e9c45dd100931cd20e74544c9e44528171eb11e711a721ac7bce002642c974be41e1cbc3625b7f02d0022130113021303c02bc02fc02cc030cca9cca8c009c013c00ac014009c009d002f00350100007000170000ff01000100000a00080006001d00170018000b00020100000d00140012040308040401050308050501080606010201003300260024001d002032c7b45122c64b455fb50da767a2cc4ce59b726e3cd9bd403abba61c883ac722002d00020101002b0009080304030303020301 (2) State = 0x64b8ac1d65c1b541aa9dae41afb34712 (2) Message-Authenticator = 0xcc735b6b3bf60fe0d35655caee8b130a (2) Restoring &session-state (2) &session-state:Framed-MTU = 994 (2) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (2) authorize { (2) eap: Peer sent EAP Response (code 2) ID 121 length 238 (2) eap: Continuing tunnel setup (2) [eap] = ok (2) if (!control:Auth-Type) { (2) if (!control:Auth-Type) -> FALSE (2) } # authorize = ok (2) Found Auth-Type = EAP (2) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (2) Auth-Type EAP { (2) eap: Removing EAP session with state 0x64b8ac1d65c1b541 (2) eap: Previous EAP request found for state 0x64b8ac1d65c1b541, released from the list (2) eap: Peer sent packet with method EAP PEAP (25) (2) eap: Calling submodule eap_peap to process data (2) eap_peap: (TLS) EAP Peer says that the final record size will be 228 bytes (2) eap_peap: (TLS) EAP Got all data (228 bytes) (2) eap_peap: (TLS) PEAP - Handshake state - before SSL initialization (2) eap_peap: (TLS) PEAP - Handshake state - Server before SSL initialization (2) eap_peap: (TLS) PEAP - Handshake state - Server before SSL initialization (2) eap_peap: (TLS) PEAP - recv TLS 1.3 Handshake, ClientHello (2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read client hello (2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, ServerHello (2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write server hello (2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, Certificate (2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write certificate (2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange (2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write key exchange (2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone (2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write server done (2) eap_peap: (TLS) PEAP - Server : Need to read more data: SSLv3/TLS write server done (2) eap_peap: (TLS) PEAP - In Handshake Phase (2) eap: Sending EAP Request (code 1) ID 122 length 1004 (2) eap: EAP session adding &reply:State = 0x64b8ac1d66c2b541 (2) [eap] = handled (2) } # Auth-Type EAP = handled (2) Using Post-Auth-Type Challenge (2) Post-Auth-Type sub-section not found. Ignoring. (2) session-state: Saving cached attributes (2) Framed-MTU = 994 (2) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (2) Sent Access-Challenge Id 164 from 10.219.195.1:1812 to 10.219.195.225:38276 length 1068 (2) EAP-Message = 0x017a03ec19c000000bd7160303003d020000390303406d024d9f92625990729dd1d0d2b54f155819983be5efc77c0843cfd0c7410400c02f000011ff01000100000b000403000102001700001603030a350b000a31000a2e000499308204953082027da003020102020705fea02d221361300d06092a864886f70d01010b05003076312a302806035504030c212f68626f73732e696e7465726e2f6b6f626c656e7a2f6361732f534954455f4341310b3009060355040613024445310c300a06035504080c03524c503110300e06035504070c074b6f626c656e7a310e300c060355040a0c0548424f5353310b3009060355040b0c024954301e170d3233303632313039313330395a170d3338303631373039313330395a3069311d301b06035504030c146b6f626c656e7a2e68626f73732e696e7465726e310b3009060355040613024445310c300a06035504080c03524c503110300e06035504070c074b6f626c656e7a310e300c060355040a0c0548424f535331 (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0x64b8ac1d66c2b541aa9dae41afb34712 (2) Finished request Waking up in 4.8 seconds. (3) Received Access-Request Id 165 from 10.219.195.225:38276 to 10.219.195.1:1812 length 214 (3) User-Name = "anonymous" (3) NAS-Identifier = "ap01-hbap" (3) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (3) NAS-Port-Type = Wireless-802.11 (3) Service-Type = Framed-User (3) NAS-Port = 1 (3) Calling-Station-Id = "42-33-75-43-BE-2D" (3) Connect-Info = "CONNECT 54Mbps 802.11a" (3) Acct-Session-Id = "BF0C189E956F9999" (3) WLAN-Pairwise-Cipher = 1027076 (3) WLAN-Group-Cipher = 1027076 (3) WLAN-AKM-Suite = 1027073 (3) Framed-MTU = 1400 (3) EAP-Message = 0x027a00061900 (3) State = 0x64b8ac1d66c2b541aa9dae41afb34712 (3) Message-Authenticator = 0xeb39f94920377984aec242aa3813e06a (3) Restoring &session-state (3) &session-state:Framed-MTU = 994 (3) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (3) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (3) authorize { (3) eap: Peer sent EAP Response (code 2) ID 122 length 6 (3) eap: Continuing tunnel setup (3) [eap] = ok (3) if (!control:Auth-Type) { (3) if (!control:Auth-Type) -> FALSE (3) } # authorize = ok (3) Found Auth-Type = EAP (3) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (3) Auth-Type EAP { (3) eap: Removing EAP session with state 0x64b8ac1d66c2b541 (3) eap: Previous EAP request found for state 0x64b8ac1d66c2b541, released from the list (3) eap: Peer sent packet with method EAP PEAP (25) (3) eap: Calling submodule eap_peap to process data (3) eap_peap: (TLS) Peer ACKed our handshake fragment (3) eap: Sending EAP Request (code 1) ID 123 length 1000 (3) eap: EAP session adding &reply:State = 0x64b8ac1d67c3b541 (3) [eap] = handled (3) } # Auth-Type EAP = handled (3) Using Post-Auth-Type Challenge (3) Post-Auth-Type sub-section not found. Ignoring. (3) session-state: Saving cached attributes (3) Framed-MTU = 994 (3) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (3) Sent Access-Challenge Id 165 from 10.219.195.1:1812 to 10.219.195.225:38276 length 1064 (3) EAP-Message = 0x017b03e819406729c41ca39fed55f40b0703e590f4ef3fe75165ed505d0e8e33187c7f82a4fa97311282257e3dca08d5818a76cee90d8aea88403b1d62eda2f8ed0e7cc7d72ce4f25e3497d7cbb88d5fb3e76fd5eb2cb7c29126896e5cf175ca9a6b177812f14e4ad1acc69c7a07a33ad3e880179c3971584f08442b7bfe40153886a8e68f88b2ebd088522f0214474a905d560fa04a8f20a966b67e072e644b106f92e95d3fc468afe1b60ff5b30eabfd9eb217f1847f6a24ab5f922365ecc2bb16be43951cbf4cf33735cd9fc4a0337c1632c68690fb8748b78e6f1fe6534e092fc9b9f25123a0a3ed26215dc6b0b765bbe2272058c9bf0935cb8ac47c5b1f7bd20e474f71a760f1db1b8a45da00058f3082058b30820373a003020102020705fea02cf10b27300d06092a864886f70d01010b05003077312b302906035504030c222f68626f73732e696e7465726e2f6b6f626c656e7a2f6361732f5245414c4d5f4341310b3009060355040613024445310c300a06 (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) State = 0x64b8ac1d67c3b541aa9dae41afb34712 (3) Finished request Waking up in 4.8 seconds. (4) Received Access-Request Id 166 from 10.219.195.225:38276 to 10.219.195.1:1812 length 214 (4) User-Name = "anonymous" (4) NAS-Identifier = "ap01-hbap" (4) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (4) NAS-Port-Type = Wireless-802.11 (4) Service-Type = Framed-User (4) NAS-Port = 1 (4) Calling-Station-Id = "42-33-75-43-BE-2D" (4) Connect-Info = "CONNECT 54Mbps 802.11a" (4) Acct-Session-Id = "BF0C189E956F9999" (4) WLAN-Pairwise-Cipher = 1027076 (4) WLAN-Group-Cipher = 1027076 (4) WLAN-AKM-Suite = 1027073 (4) Framed-MTU = 1400 (4) EAP-Message = 0x027b00061900 (4) State = 0x64b8ac1d67c3b541aa9dae41afb34712 (4) Message-Authenticator = 0xed6b5266742723e30e700e8b4f75739f (4) Restoring &session-state (4) &session-state:Framed-MTU = 994 (4) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (4) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (4) authorize { (4) eap: Peer sent EAP Response (code 2) ID 123 length 6 (4) eap: Continuing tunnel setup (4) [eap] = ok (4) if (!control:Auth-Type) { (4) if (!control:Auth-Type) -> FALSE (4) } # authorize = ok (4) Found Auth-Type = EAP (4) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (4) Auth-Type EAP { (4) eap: Removing EAP session with state 0x64b8ac1d67c3b541 (4) eap: Previous EAP request found for state 0x64b8ac1d67c3b541, released from the list (4) eap: Peer sent packet with method EAP PEAP (25) (4) eap: Calling submodule eap_peap to process data (4) eap_peap: (TLS) Peer ACKed our handshake fragment (4) eap: Sending EAP Request (code 1) ID 124 length 1000 (4) eap: EAP session adding &reply:State = 0x64b8ac1d60c4b541 (4) [eap] = handled (4) } # Auth-Type EAP = handled (4) Using Post-Auth-Type Challenge (4) Post-Auth-Type sub-section not found. Ignoring. (4) session-state: Saving cached attributes (4) Framed-MTU = 994 (4) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (4) Sent Access-Challenge Id 166 from 10.219.195.1:1812 to 10.219.195.225:38276 length 1064 (4) EAP-Message = 0x017c03e81940603ef2f2884b299ace212671ea16a0df8d30640875c03aaef2ac1e4cd0b45487fcb99234083e915ecded1171c41b3eb10b7c736e781a97f17e3aa3b85d0f5b5f35d09ce1570d621b9dc5be4b4f9ecae899a6d0949b7eed4ebcbf64a48aa40d41d3c07d33da2e8d816dd2eba719a8b75d53dfa7ecb5a35b7cec093710efea7ff30203010001a31d301b300c0603551d13040530030101ff300b0603551d0f040403020106300d06092a864886f70d01010b0500038202010048ed80b6b8d9f45c988d3a8c439f33112acf5a1a90a3e79a8622a919c7fa078d6bcfcb743a26ddd8bc1bc56f9071c89b8a986b33eeb0c6defe6f99834b9a90da8089c002815951b451f4b9d4ed8225888e5b77b04f9131487a830c71082209525143b143d9335eb02b382660f462e5b6d5e4dd2991b894148e23f6ce2be12f76406890fe48dba3e0c97b33089c20f7466a37daa34eb110f7d9cf47553fae6f7453ad44e48fa154f1db59066d3250216bde12320eed158d5197 (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0x64b8ac1d60c4b541aa9dae41afb34712 (4) Finished request Waking up in 4.8 seconds. (5) Received Access-Request Id 167 from 10.219.195.225:38276 to 10.219.195.1:1812 length 214 (5) User-Name = "anonymous" (5) NAS-Identifier = "ap01-hbap" (5) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (5) NAS-Port-Type = Wireless-802.11 (5) Service-Type = Framed-User (5) NAS-Port = 1 (5) Calling-Station-Id = "42-33-75-43-BE-2D" (5) Connect-Info = "CONNECT 54Mbps 802.11a" (5) Acct-Session-Id = "BF0C189E956F9999" (5) WLAN-Pairwise-Cipher = 1027076 (5) WLAN-Group-Cipher = 1027076 (5) WLAN-AKM-Suite = 1027073 (5) Framed-MTU = 1400 (5) EAP-Message = 0x027c00061900 (5) State = 0x64b8ac1d60c4b541aa9dae41afb34712 (5) Message-Authenticator = 0xd495f330c78e196eb11dc3995b88a242 (5) Restoring &session-state (5) &session-state:Framed-MTU = 994 (5) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (5) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (5) authorize { (5) eap: Peer sent EAP Response (code 2) ID 124 length 6 (5) eap: Continuing tunnel setup (5) [eap] = ok (5) if (!control:Auth-Type) { (5) if (!control:Auth-Type) -> FALSE (5) } # authorize = ok (5) Found Auth-Type = EAP (5) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (5) Auth-Type EAP { (5) eap: Removing EAP session with state 0x64b8ac1d60c4b541 (5) eap: Previous EAP request found for state 0x64b8ac1d60c4b541, released from the list (5) eap: Peer sent packet with method EAP PEAP (25) (5) eap: Calling submodule eap_peap to process data (5) eap_peap: (TLS) Peer ACKed our handshake fragment (5) eap: Sending EAP Request (code 1) ID 125 length 55 (5) eap: EAP session adding &reply:State = 0x64b8ac1d61c5b541 (5) [eap] = handled (5) } # Auth-Type EAP = handled (5) Using Post-Auth-Type Challenge (5) Post-Auth-Type sub-section not found. Ignoring. (5) session-state: Saving cached attributes (5) Framed-MTU = 994 (5) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (5) Sent Access-Challenge Id 167 from 10.219.195.1:1812 to 10.219.195.225:38276 length 113 (5) EAP-Message = 0x017d00371900501263aad1ec47677b3c48e295891733e13224af67d346d25d68f13a27dd1b6060701aa6f7a4003816030300040e000000 (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) State = 0x64b8ac1d61c5b541aa9dae41afb34712 (5) Finished request Waking up in 4.8 seconds. (6) Received Access-Request Id 168 from 10.219.195.225:38276 to 10.219.195.1:1812 length 344 (6) User-Name = "anonymous" (6) NAS-Identifier = "ap01-hbap" (6) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (6) NAS-Port-Type = Wireless-802.11 (6) Service-Type = Framed-User (6) NAS-Port = 1 (6) Calling-Station-Id = "42-33-75-43-BE-2D" (6) Connect-Info = "CONNECT 54Mbps 802.11a" (6) Acct-Session-Id = "BF0C189E956F9999" (6) WLAN-Pairwise-Cipher = 1027076 (6) WLAN-Group-Cipher = 1027076 (6) WLAN-AKM-Suite = 1027073 (6) Framed-MTU = 1400 (6) EAP-Message = 0x027d008819800000007e1603030046100000424104d03773246fb4ee58f2b210f0d7e78f044a507dfb457b56f714c4f99379b7b54a81c78f01ba73c7a855d726a53e8e06b20bcdd4e9ff3eb63d2aab0e6075f697e114030300010116030300280000000000000000eb102ea08ec0ea6bf3ef1493251569d7fb91064e446e30581e1839c200c0883c (6) State = 0x64b8ac1d61c5b541aa9dae41afb34712 (6) Message-Authenticator = 0x06debe813bbb88b569740faf21dbdcb9 (6) Restoring &session-state (6) &session-state:Framed-MTU = 994 (6) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (6) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (6) authorize { (6) eap: Peer sent EAP Response (code 2) ID 125 length 136 (6) eap: Continuing tunnel setup (6) [eap] = ok (6) if (!control:Auth-Type) { (6) if (!control:Auth-Type) -> FALSE (6) } # authorize = ok (6) Found Auth-Type = EAP (6) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (6) Auth-Type EAP { (6) eap: Removing EAP session with state 0x64b8ac1d61c5b541 (6) eap: Previous EAP request found for state 0x64b8ac1d61c5b541, released from the list (6) eap: Peer sent packet with method EAP PEAP (25) (6) eap: Calling submodule eap_peap to process data (6) eap_peap: (TLS) EAP Peer says that the final record size will be 126 bytes (6) eap_peap: (TLS) EAP Got all data (126 bytes) (6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write server done (6) eap_peap: (TLS) PEAP - recv TLS 1.2 Handshake, ClientKeyExchange (6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read client key exchange (6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read change cipher spec (6) eap_peap: (TLS) PEAP - recv TLS 1.2 Handshake, Finished (6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read finished (6) eap_peap: (TLS) PEAP - send TLS 1.2 ChangeCipherSpec (6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write change cipher spec (6) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, Finished (6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write finished (6) eap_peap: (TLS) PEAP - Handshake state - SSL negotiation finished successfully (6) eap_peap: (TLS) PEAP - Connection Established (6) eap_peap: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256" (6) eap_peap: TLS-Session-Version = "TLS 1.2" (6) eap: Sending EAP Request (code 1) ID 126 length 57 (6) eap: EAP session adding &reply:State = 0x64b8ac1d62c6b541 (6) [eap] = handled (6) } # Auth-Type EAP = handled (6) Using Post-Auth-Type Challenge (6) Post-Auth-Type sub-section not found. Ignoring. (6) session-state: Saving cached attributes (6) Framed-MTU = 994 (6) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (6) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (6) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, Finished" (6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec" (6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Finished" (6) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256" (6) TLS-Session-Version = "TLS 1.2" (6) Sent Access-Challenge Id 168 from 10.219.195.1:1812 to 10.219.195.225:38276 length 115 (6) EAP-Message = 0x017e0039190014030300010116030300283fbfcc47e7ff15335d94fe3f3b7f1d2683dbacec358f9dfdd26341970bf6679ebf855cd4a6aafe17 (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0x64b8ac1d62c6b541aa9dae41afb34712 (6) Finished request Waking up in 4.8 seconds. (7) Received Access-Request Id 169 from 10.219.195.225:38276 to 10.219.195.1:1812 length 214 (7) User-Name = "anonymous" (7) NAS-Identifier = "ap01-hbap" (7) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (7) NAS-Port-Type = Wireless-802.11 (7) Service-Type = Framed-User (7) NAS-Port = 1 (7) Calling-Station-Id = "42-33-75-43-BE-2D" (7) Connect-Info = "CONNECT 54Mbps 802.11a" (7) Acct-Session-Id = "BF0C189E956F9999" (7) WLAN-Pairwise-Cipher = 1027076 (7) WLAN-Group-Cipher = 1027076 (7) WLAN-AKM-Suite = 1027073 (7) Framed-MTU = 1400 (7) EAP-Message = 0x027e00061900 (7) State = 0x64b8ac1d62c6b541aa9dae41afb34712 (7) Message-Authenticator = 0xe942008c55e4659b864a6a49b1848ae5 (7) Restoring &session-state (7) &session-state:Framed-MTU = 994 (7) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (7) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (7) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, Finished" (7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec" (7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Finished" (7) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256" (7) &session-state:TLS-Session-Version = "TLS 1.2" (7) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (7) authorize { (7) eap: Peer sent EAP Response (code 2) ID 126 length 6 (7) eap: Continuing tunnel setup (7) [eap] = ok (7) if (!control:Auth-Type) { (7) if (!control:Auth-Type) -> FALSE (7) } # authorize = ok (7) Found Auth-Type = EAP (7) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (7) Auth-Type EAP { (7) eap: Removing EAP session with state 0x64b8ac1d62c6b541 (7) eap: Previous EAP request found for state 0x64b8ac1d62c6b541, released from the list (7) eap: Peer sent packet with method EAP PEAP (25) (7) eap: Calling submodule eap_peap to process data (7) eap_peap: (TLS) Peer ACKed our handshake fragment. handshake is finished (7) eap_peap: Session established. Decoding tunneled attributes (7) eap_peap: PEAP state TUNNEL ESTABLISHED (7) eap: Sending EAP Request (code 1) ID 127 length 40 (7) eap: EAP session adding &reply:State = 0x64b8ac1d63c7b541 (7) [eap] = handled (7) } # Auth-Type EAP = handled (7) Using Post-Auth-Type Challenge (7) Post-Auth-Type sub-section not found. Ignoring. (7) session-state: Saving cached attributes (7) Framed-MTU = 994 (7) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (7) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (7) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, Finished" (7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec" (7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Finished" (7) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256" (7) TLS-Session-Version = "TLS 1.2" (7) Sent Access-Challenge Id 169 from 10.219.195.1:1812 to 10.219.195.225:38276 length 98 (7) EAP-Message = 0x017f00281900170303001d3fbfcc47e7ff15344cfac04ed63722fa13bff21b90d93b042ce8c29282 (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0x64b8ac1d63c7b541aa9dae41afb34712 (7) Finished request Waking up in 4.8 seconds. (8) Received Access-Request Id 170 from 10.219.195.225:38276 to 10.219.195.1:1812 length 257 (8) User-Name = "anonymous" (8) NAS-Identifier = "ap01-hbap" (8) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (8) NAS-Port-Type = Wireless-802.11 (8) Service-Type = Framed-User (8) NAS-Port = 1 (8) Calling-Station-Id = "42-33-75-43-BE-2D" (8) Connect-Info = "CONNECT 54Mbps 802.11a" (8) Acct-Session-Id = "BF0C189E956F9999" (8) WLAN-Pairwise-Cipher = 1027076 (8) WLAN-Group-Cipher = 1027076 (8) WLAN-AKM-Suite = 1027073 (8) Framed-MTU = 1400 (8) EAP-Message = 0x027f0031190017030300260000000000000001c658b8d37ccad3ed1c1cb348b9a92784ffb1c57cf6dfcd328673aaf30788 (8) State = 0x64b8ac1d63c7b541aa9dae41afb34712 (8) Message-Authenticator = 0x4db29f5f022a1b50adf137196caea97c (8) Restoring &session-state (8) &session-state:Framed-MTU = 994 (8) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (8) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (8) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, Finished" (8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec" (8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Finished" (8) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256" (8) &session-state:TLS-Session-Version = "TLS 1.2" (8) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (8) authorize { (8) eap: Peer sent EAP Response (code 2) ID 127 length 49 (8) eap: Continuing tunnel setup (8) [eap] = ok (8) if (!control:Auth-Type) { (8) if (!control:Auth-Type) -> FALSE (8) } # authorize = ok (8) Found Auth-Type = EAP (8) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (8) Auth-Type EAP { (8) eap: Removing EAP session with state 0x64b8ac1d63c7b541 (8) eap: Previous EAP request found for state 0x64b8ac1d63c7b541, released from the list (8) eap: Peer sent packet with method EAP PEAP (25) (8) eap: Calling submodule eap_peap to process data (8) eap_peap: (TLS) EAP Done initial handshake (8) eap_peap: Session established. Decoding tunneled attributes (8) eap_peap: PEAP state WAITING FOR INNER IDENTITY (8) eap_peap: Identity - heiko.baumann (8) eap_peap: Got inner identity 'heiko.baumann' (8) eap_peap: Setting default EAP type for tunneled EAP session (8) eap_peap: Got tunneled request (8) eap_peap: EAP-Message = 0x027f0012016865696b6f2e6261756d616e6e (8) eap_peap: Setting User-Name to heiko.baumann (8) eap_peap: Sending tunneled request to otpme (8) eap_peap: EAP-Message = 0x027f0012016865696b6f2e6261756d616e6e (8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (8) eap_peap: User-Name = "heiko.baumann" (8) eap_peap: NAS-Identifier = "ap01-hbap" (8) eap_peap: Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (8) eap_peap: NAS-Port-Type = Wireless-802.11 (8) eap_peap: Service-Type = Framed-User (8) eap_peap: NAS-Port = 1 (8) eap_peap: Calling-Station-Id = "42-33-75-43-BE-2D" (8) eap_peap: Connect-Info = "CONNECT 54Mbps 802.11a" (8) eap_peap: Acct-Session-Id = "BF0C189E956F9999" (8) eap_peap: WLAN-Pairwise-Cipher = 1027076 (8) eap_peap: WLAN-Group-Cipher = 1027076 (8) eap_peap: WLAN-AKM-Suite = 1027073 (8) eap_peap: Framed-MTU = 1400 (8) Virtual server otpme received request (8) EAP-Message = 0x027f0012016865696b6f2e6261756d616e6e (8) FreeRADIUS-Proxied-To = 127.0.0.1 (8) User-Name = "heiko.baumann" (8) NAS-Identifier = "ap01-hbap" (8) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (8) NAS-Port-Type = Wireless-802.11 (8) Service-Type = Framed-User (8) NAS-Port = 1 (8) Calling-Station-Id = "42-33-75-43-BE-2D" (8) Connect-Info = "CONNECT 54Mbps 802.11a" (8) Acct-Session-Id = "BF0C189E956F9999" (8) WLAN-Pairwise-Cipher = 1027076 (8) WLAN-Group-Cipher = 1027076 (8) WLAN-AKM-Suite = 1027073 (8) Framed-MTU = 1400 (8) server otpme { (8) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (8) authorize { (8) eap: Peer sent EAP Response (code 2) ID 127 length 18 (8) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (8) [eap] = ok (8) if (!control:Auth-Type) { (8) if (!control:Auth-Type) -> FALSE (8) } # authorize = ok (8) Found Auth-Type = EAP (8) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (8) Auth-Type EAP { (8) eap: Peer sent packet with method EAP Identity (1) (8) eap: Calling submodule eap_mschapv2 to process data (8) eap_mschapv2: Issuing Challenge (8) eap: Sending EAP Request (code 1) ID 128 length 42 (8) eap: EAP session adding &reply:State = 0xfae70ce5fa67161a (8) [eap] = handled (8) } # Auth-Type EAP = handled (8) Using Post-Auth-Type Challenge (8) Post-Auth-Type sub-section not found. Ignoring. (8) } # server otpme (8) Virtual server sending reply (8) EAP-Message = 0x0180002a1a0180002510920798cb42b9ebd036cf4ec5f867de88667265657261646975732d332e322e36 (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) State = 0xfae70ce5fa67161a0a330e080f4ac17b (8) eap_peap: Got tunneled reply code 11 (8) eap_peap: EAP-Message = 0x0180002a1a0180002510920798cb42b9ebd036cf4ec5f867de88667265657261646975732d332e322e36 (8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (8) eap_peap: State = 0xfae70ce5fa67161a0a330e080f4ac17b (8) eap_peap: Got tunneled reply RADIUS code 11 (8) eap_peap: EAP-Message = 0x0180002a1a0180002510920798cb42b9ebd036cf4ec5f867de88667265657261646975732d332e322e36 (8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (8) eap_peap: State = 0xfae70ce5fa67161a0a330e080f4ac17b (8) eap_peap: Got tunneled Access-Challenge (8) eap: Sending EAP Request (code 1) ID 128 length 73 (8) eap: EAP session adding &reply:State = 0x64b8ac1d6c38b541 (8) [eap] = handled (8) } # Auth-Type EAP = handled (8) Using Post-Auth-Type Challenge (8) Post-Auth-Type sub-section not found. Ignoring. (8) session-state: Saving cached attributes (8) Framed-MTU = 994 (8) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (8) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (8) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, Finished" (8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec" (8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Finished" (8) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256" (8) TLS-Session-Version = "TLS 1.2" (8) Sent Access-Challenge Id 170 from 10.219.195.1:1812 to 10.219.195.225:38276 length 131 (8) EAP-Message = 0x018000491900170303003e3fbfcc47e7ff15357d447a7f7984baab3d24cc5e608d3e9b1f1732d6a0ca80dc81cb5017596f1ecb3eb7dab2ad8c55187f67c2271843c3645767e378659b (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) State = 0x64b8ac1d6c38b541aa9dae41afb34712 (8) Finished request Waking up in 4.8 seconds. (9) Received Access-Request Id 171 from 10.219.195.225:38276 to 10.219.195.1:1812 length 311 (9) User-Name = "anonymous" (9) NAS-Identifier = "ap01-hbap" (9) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (9) NAS-Port-Type = Wireless-802.11 (9) Service-Type = Framed-User (9) NAS-Port = 1 (9) Calling-Station-Id = "42-33-75-43-BE-2D" (9) Connect-Info = "CONNECT 54Mbps 802.11a" (9) Acct-Session-Id = "BF0C189E956F9999" (9) WLAN-Pairwise-Cipher = 1027076 (9) WLAN-Group-Cipher = 1027076 (9) WLAN-AKM-Suite = 1027073 (9) Framed-MTU = 1400 (9) EAP-Message = 0x028000671900170303005c00000000000000020b045bbce75f04f16e2985586e3d8ddbb45c4e798479b6033a504fc6a1cb4e043e8039b454a3da869b72d32d72c5c2654d8c11604829788b46e22513ff41d8a0e6b4d9fcd835b3c3cdfe90e8d4b22b911d2c7298 (9) State = 0x64b8ac1d6c38b541aa9dae41afb34712 (9) Message-Authenticator = 0x3118fa5cac060f01aad3516f4dfc5902 (9) Restoring &session-state (9) &session-state:Framed-MTU = 994 (9) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (9) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (9) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, Finished" (9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec" (9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Finished" (9) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256" (9) &session-state:TLS-Session-Version = "TLS 1.2" (9) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (9) authorize { (9) eap: Peer sent EAP Response (code 2) ID 128 length 103 (9) eap: Continuing tunnel setup (9) [eap] = ok (9) if (!control:Auth-Type) { (9) if (!control:Auth-Type) -> FALSE (9) } # authorize = ok (9) Found Auth-Type = EAP (9) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (9) Auth-Type EAP { (9) eap: Removing EAP session with state 0x64b8ac1d6c38b541 (9) eap: Previous EAP request found for state 0x64b8ac1d6c38b541, released from the list (9) eap: Peer sent packet with method EAP PEAP (25) (9) eap: Calling submodule eap_peap to process data (9) eap_peap: (TLS) EAP Done initial handshake (9) eap_peap: Session established. Decoding tunneled attributes (9) eap_peap: PEAP state phase2 (9) eap_peap: EAP method MSCHAPv2 (26) (9) eap_peap: Got tunneled request (9) eap_peap: EAP-Message = 0x028000481a028000433172039eb9ff06e5540b22dd821eaa1c9d0000000000000000f106b113ed0eb2328181e98bcff722c56cee58e54f33ca1c006865696b6f2e6261756d616e6e (9) eap_peap: Setting User-Name to heiko.baumann (9) eap_peap: Sending tunneled request to otpme (9) eap_peap: EAP-Message = 0x028000481a028000433172039eb9ff06e5540b22dd821eaa1c9d0000000000000000f106b113ed0eb2328181e98bcff722c56cee58e54f33ca1c006865696b6f2e6261756d616e6e (9) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (9) eap_peap: User-Name = "heiko.baumann" (9) eap_peap: State = 0xfae70ce5fa67161a0a330e080f4ac17b (9) eap_peap: NAS-Identifier = "ap01-hbap" (9) eap_peap: Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (9) eap_peap: NAS-Port-Type = Wireless-802.11 (9) eap_peap: Service-Type = Framed-User (9) eap_peap: NAS-Port = 1 (9) eap_peap: Calling-Station-Id = "42-33-75-43-BE-2D" (9) eap_peap: Connect-Info = "CONNECT 54Mbps 802.11a" (9) eap_peap: Acct-Session-Id = "BF0C189E956F9999" (9) eap_peap: WLAN-Pairwise-Cipher = 1027076 (9) eap_peap: WLAN-Group-Cipher = 1027076 (9) eap_peap: WLAN-AKM-Suite = 1027073 (9) eap_peap: Framed-MTU = 1400 (9) Virtual server otpme received request (9) EAP-Message = 0x028000481a028000433172039eb9ff06e5540b22dd821eaa1c9d0000000000000000f106b113ed0eb2328181e98bcff722c56cee58e54f33ca1c006865696b6f2e6261756d616e6e (9) FreeRADIUS-Proxied-To = 127.0.0.1 (9) User-Name = "heiko.baumann" (9) State = 0xfae70ce5fa67161a0a330e080f4ac17b (9) NAS-Identifier = "ap01-hbap" (9) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (9) NAS-Port-Type = Wireless-802.11 (9) Service-Type = Framed-User (9) NAS-Port = 1 (9) Calling-Station-Id = "42-33-75-43-BE-2D" (9) Connect-Info = "CONNECT 54Mbps 802.11a" (9) Acct-Session-Id = "BF0C189E956F9999" (9) WLAN-Pairwise-Cipher = 1027076 (9) WLAN-Group-Cipher = 1027076 (9) WLAN-AKM-Suite = 1027073 (9) Framed-MTU = 1400 (9) server otpme { (9) session-state: No cached attributes (9) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (9) authorize { (9) eap: Peer sent EAP Response (code 2) ID 128 length 72 (9) eap: No EAP Start, assuming it's an on-going EAP conversation (9) [eap] = updated (9) if (!control:Auth-Type) { (9) if (!control:Auth-Type) -> FALSE (9) } # authorize = updated (9) Found Auth-Type = EAP (9) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (9) Auth-Type EAP { (9) eap: Removing EAP session with state 0xfae70ce5fa67161a (9) eap: Previous EAP request found for state 0xfae70ce5fa67161a, released from the list (9) eap: Peer sent packet with method EAP MSCHAPv2 (26) (9) eap: Calling submodule eap_mschapv2 to process data (9) eap_mschapv2: # Executing group from file /var/run/otpme/freeradius/radiusd.conf (9) eap_mschapv2: Auth-Type MS-CHAP { otpme.py: adding MS-CHAP2-Success: '3S=44f6bccdca0cf8377cbd06122065d7f895050076' otpme.py: adding MS-MPPE-Send-Key: '99420b0d55925232c6c62e7e8b913301' otpme.py: adding MS-MPPE-Recv-Key: '1114b25f146360e67f9bad689e3e9c88' otpme.py: adding MS-MPPE-Encryption-Policy: '0x00000001' otpme.py: adding MS-MPPE-Encryption-Types: '0x00000006' otpme.py: adding Auth-Type: 'MS-CHAP' authenticate - 'reply:Reply-Message' = 'Authentication successful' authenticate - 'reply:MS-CHAP2-Success' = '0x33533d34346636626363646361306366383337376362643036313232303635643766383935303530303736' authenticate - 'reply:MS-MPPE-Encryption-Policy' = '0x00000001' authenticate - 'reply:MS-MPPE-Encryption-Types' = '0x00000006' authenticate - 'reply:MS-MPPE-Send-Key' = '0x99420b0d55925232c6c62e7e8b913301' authenticate - 'reply:MS-MPPE-Recv-Key' = '0x1114b25f146360e67f9bad689e3e9c88' authenticate - 'config:Auth-Type' = 'MS-CHAP' (9) eap_mschapv2: [python_otpme] = ok (9) eap_mschapv2: } # Auth-Type MS-CHAP = ok (9) eap_mschapv2: MSCHAP Success (9) eap: Sending EAP Request (code 1) ID 129 length 51 (9) eap: EAP session adding &reply:State = 0xfae70ce5fb66161a (9) [eap] = handled (9) } # Auth-Type EAP = handled (9) Using Post-Auth-Type Challenge (9) Post-Auth-Type sub-section not found. Ignoring. (9) } # server otpme (9) Virtual server sending reply (9) Reply-Message = "Authentication successful" (9) EAP-Message = 0x018100331a0380002e533d34346636626363646361306366383337376362643036313232303635643766383935303530303736 (9) Message-Authenticator = 0x00000000000000000000000000000000 (9) State = 0xfae70ce5fb66161a0a330e080f4ac17b (9) eap_peap: Got tunneled reply code 11 (9) eap_peap: Reply-Message = "Authentication successful" (9) eap_peap: EAP-Message = 0x018100331a0380002e533d34346636626363646361306366383337376362643036313232303635643766383935303530303736 (9) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (9) eap_peap: State = 0xfae70ce5fb66161a0a330e080f4ac17b (9) eap_peap: Got tunneled reply RADIUS code 11 (9) eap_peap: Reply-Message = "Authentication successful" (9) eap_peap: EAP-Message = 0x018100331a0380002e533d34346636626363646361306366383337376362643036313232303635643766383935303530303736 (9) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (9) eap_peap: State = 0xfae70ce5fb66161a0a330e080f4ac17b (9) eap_peap: Got tunneled Access-Challenge (9) eap: Sending EAP Request (code 1) ID 129 length 82 (9) eap: EAP session adding &reply:State = 0x64b8ac1d6d39b541 (9) [eap] = handled (9) } # Auth-Type EAP = handled (9) Using Post-Auth-Type Challenge (9) Post-Auth-Type sub-section not found. Ignoring. (9) session-state: Saving cached attributes (9) Framed-MTU = 994 (9) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (9) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (9) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, Finished" (9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec" (9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Finished" (9) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256" (9) TLS-Session-Version = "TLS 1.2" (9) Sent Access-Challenge Id 171 from 10.219.195.1:1812 to 10.219.195.225:38276 length 140 (9) EAP-Message = 0x01810052190017030300473fbfcc47e7ff153625de7e663dc1113d94046a6050434ba068b90ab3a11c1d9f82ea1de4187ef8e19cf8f9fbc5dbf084c02faa214014b226b04d2f410be0964a728ea31d7d7d6d (9) Message-Authenticator = 0x00000000000000000000000000000000 (9) State = 0x64b8ac1d6d39b541aa9dae41afb34712 (9) Finished request Waking up in 3.4 seconds. (10) Received Access-Request Id 172 from 10.219.195.225:38276 to 10.219.195.1:1812 length 245 (10) User-Name = "anonymous" (10) NAS-Identifier = "ap01-hbap" (10) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (10) NAS-Port-Type = Wireless-802.11 (10) Service-Type = Framed-User (10) NAS-Port = 1 (10) Calling-Station-Id = "42-33-75-43-BE-2D" (10) Connect-Info = "CONNECT 54Mbps 802.11a" (10) Acct-Session-Id = "BF0C189E956F9999" (10) WLAN-Pairwise-Cipher = 1027076 (10) WLAN-Group-Cipher = 1027076 (10) WLAN-AKM-Suite = 1027073 (10) Framed-MTU = 1400 (10) EAP-Message = 0x028100251900170303001a00000000000000031685834550dd6a5554a79de46d67b072c3cb (10) State = 0x64b8ac1d6d39b541aa9dae41afb34712 (10) Message-Authenticator = 0xce20e30f4de7c6a5a7563cd6ac38935f (10) Restoring &session-state (10) &session-state:Framed-MTU = 994 (10) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (10) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (10) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (10) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (10) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (10) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (10) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, Finished" (10) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec" (10) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Finished" (10) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256" (10) &session-state:TLS-Session-Version = "TLS 1.2" (10) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (10) authorize { (10) eap: Peer sent EAP Response (code 2) ID 129 length 37 (10) eap: Continuing tunnel setup (10) [eap] = ok (10) if (!control:Auth-Type) { (10) if (!control:Auth-Type) -> FALSE (10) } # authorize = ok (10) Found Auth-Type = EAP (10) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (10) Auth-Type EAP { (10) eap: Removing EAP session with state 0x64b8ac1d6d39b541 (10) eap: Previous EAP request found for state 0x64b8ac1d6d39b541, released from the list (10) eap: Peer sent packet with method EAP PEAP (25) (10) eap: Calling submodule eap_peap to process data (10) eap_peap: (TLS) EAP Done initial handshake (10) eap_peap: Session established. Decoding tunneled attributes (10) eap_peap: PEAP state phase2 (10) eap_peap: EAP method MSCHAPv2 (26) (10) eap_peap: Got tunneled request (10) eap_peap: EAP-Message = 0x028100061a03 (10) eap_peap: Setting User-Name to heiko.baumann (10) eap_peap: Sending tunneled request to otpme (10) eap_peap: EAP-Message = 0x028100061a03 (10) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (10) eap_peap: User-Name = "heiko.baumann" (10) eap_peap: State = 0xfae70ce5fb66161a0a330e080f4ac17b (10) eap_peap: NAS-Identifier = "ap01-hbap" (10) eap_peap: Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (10) eap_peap: NAS-Port-Type = Wireless-802.11 (10) eap_peap: Service-Type = Framed-User (10) eap_peap: NAS-Port = 1 (10) eap_peap: Calling-Station-Id = "42-33-75-43-BE-2D" (10) eap_peap: Connect-Info = "CONNECT 54Mbps 802.11a" (10) eap_peap: Acct-Session-Id = "BF0C189E956F9999" (10) eap_peap: WLAN-Pairwise-Cipher = 1027076 (10) eap_peap: WLAN-Group-Cipher = 1027076 (10) eap_peap: WLAN-AKM-Suite = 1027073 (10) eap_peap: Framed-MTU = 1400 (10) Virtual server otpme received request (10) EAP-Message = 0x028100061a03 (10) FreeRADIUS-Proxied-To = 127.0.0.1 (10) User-Name = "heiko.baumann" (10) State = 0xfae70ce5fb66161a0a330e080f4ac17b (10) NAS-Identifier = "ap01-hbap" (10) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (10) NAS-Port-Type = Wireless-802.11 (10) Service-Type = Framed-User (10) NAS-Port = 1 (10) Calling-Station-Id = "42-33-75-43-BE-2D" (10) Connect-Info = "CONNECT 54Mbps 802.11a" (10) Acct-Session-Id = "BF0C189E956F9999" (10) WLAN-Pairwise-Cipher = 1027076 (10) WLAN-Group-Cipher = 1027076 (10) WLAN-AKM-Suite = 1027073 (10) Framed-MTU = 1400 (10) server otpme { (10) session-state: No cached attributes (10) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (10) authorize { (10) eap: Peer sent EAP Response (code 2) ID 129 length 6 (10) eap: No EAP Start, assuming it's an on-going EAP conversation (10) [eap] = updated (10) if (!control:Auth-Type) { (10) if (!control:Auth-Type) -> FALSE (10) } # authorize = updated (10) Found Auth-Type = EAP (10) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (10) Auth-Type EAP { (10) eap: Removing EAP session with state 0xfae70ce5fb66161a (10) eap: Previous EAP request found for state 0xfae70ce5fb66161a, released from the list (10) eap: Peer sent packet with method EAP MSCHAPv2 (26) (10) eap: Calling submodule eap_mschapv2 to process data (10) eap: Sending EAP Success (code 3) ID 129 length 4 (10) eap: Freeing handler (10) [eap] = ok (10) } # Auth-Type EAP = ok (10) } # server otpme (10) Virtual server sending reply (10) MS-MPPE-Encryption-Policy = Encryption-Allowed (10) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (10) MS-MPPE-Send-Key = 0x99420b0d55925232c6c62e7e8b913301 (10) MS-MPPE-Recv-Key = 0x1114b25f146360e67f9bad689e3e9c88 (10) EAP-Message = 0x03810004 (10) Message-Authenticator = 0x00000000000000000000000000000000 (10) User-Name = "heiko.baumann" (10) eap_peap: Got tunneled reply code 2 (10) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed (10) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (10) eap_peap: MS-MPPE-Send-Key = 0x99420b0d55925232c6c62e7e8b913301 (10) eap_peap: MS-MPPE-Recv-Key = 0x1114b25f146360e67f9bad689e3e9c88 (10) eap_peap: EAP-Message = 0x03810004 (10) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (10) eap_peap: User-Name = "heiko.baumann" (10) eap_peap: Got tunneled reply RADIUS code 2 (10) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed (10) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (10) eap_peap: MS-MPPE-Send-Key = 0x99420b0d55925232c6c62e7e8b913301 (10) eap_peap: MS-MPPE-Recv-Key = 0x1114b25f146360e67f9bad689e3e9c88 (10) eap_peap: EAP-Message = 0x03810004 (10) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (10) eap_peap: User-Name = "heiko.baumann" (10) eap_peap: Tunneled authentication was successful (10) eap_peap: SUCCESS (10) eap_peap: Saving tunneled attributes for later (10) eap: Sending EAP Request (code 1) ID 130 length 46 (10) eap: EAP session adding &reply:State = 0x64b8ac1d6e3ab541 (10) [eap] = handled (10) } # Auth-Type EAP = handled (10) Using Post-Auth-Type Challenge (10) Post-Auth-Type sub-section not found. Ignoring. (10) session-state: Saving cached attributes (10) Framed-MTU = 994 (10) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (10) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (10) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (10) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (10) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (10) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (10) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, Finished" (10) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec" (10) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Finished" (10) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256" (10) TLS-Session-Version = "TLS 1.2" (10) Sent Access-Challenge Id 172 from 10.219.195.1:1812 to 10.219.195.225:38276 length 104 (10) EAP-Message = 0x0182002e190017030300233fbfcc47e7ff153753fdd6108d64e215a21d55da7ef02d5dee925bc76d6a4e6392574b (10) Message-Authenticator = 0x00000000000000000000000000000000 (10) State = 0x64b8ac1d6e3ab541aa9dae41afb34712 (10) Finished request Waking up in 3.4 seconds. (11) Received Access-Request Id 173 from 10.219.195.225:38276 to 10.219.195.1:1812 length 254 (11) User-Name = "anonymous" (11) NAS-Identifier = "ap01-hbap" (11) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (11) NAS-Port-Type = Wireless-802.11 (11) Service-Type = Framed-User (11) NAS-Port = 1 (11) Calling-Station-Id = "42-33-75-43-BE-2D" (11) Connect-Info = "CONNECT 54Mbps 802.11a" (11) Acct-Session-Id = "BF0C189E956F9999" (11) WLAN-Pairwise-Cipher = 1027076 (11) WLAN-Group-Cipher = 1027076 (11) WLAN-AKM-Suite = 1027073 (11) Framed-MTU = 1400 (11) EAP-Message = 0x0282002e190017030300230000000000000004f4cfa29e4ec86e3245b7e5cbd0fb74dea5e8ff12c7bc2100be801a (11) State = 0x64b8ac1d6e3ab541aa9dae41afb34712 (11) Message-Authenticator = 0x8353375023b7e469efb93d9e282cd1a3 (11) Restoring &session-state (11) &session-state:Framed-MTU = 994 (11) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (11) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (11) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (11) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (11) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (11) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (11) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, Finished" (11) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec" (11) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Finished" (11) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256" (11) &session-state:TLS-Session-Version = "TLS 1.2" (11) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (11) authorize { (11) eap: Peer sent EAP Response (code 2) ID 130 length 46 (11) eap: Continuing tunnel setup (11) [eap] = ok (11) if (!control:Auth-Type) { (11) if (!control:Auth-Type) -> FALSE (11) } # authorize = ok (11) Found Auth-Type = EAP (11) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (11) Auth-Type EAP { (11) eap: Removing EAP session with state 0x64b8ac1d6e3ab541 (11) eap: Previous EAP request found for state 0x64b8ac1d6e3ab541, released from the list (11) eap: Peer sent packet with method EAP PEAP (25) (11) eap: Calling submodule eap_peap to process data (11) eap_peap: (TLS) EAP Done initial handshake (11) eap_peap: Session established. Decoding tunneled attributes (11) eap_peap: PEAP state send tlv success (11) eap_peap: Received EAP-TLV response (11) eap_peap: Success (11) eap_peap: Using saved attributes from the original Access-Accept (11) eap_peap: User-Name = "heiko.baumann" (11) eap: Sending EAP Success (code 3) ID 130 length 4 (11) eap: Freeing handler (11) [eap] = ok (11) } # Auth-Type EAP = ok (11) Sent Access-Accept Id 173 from 10.219.195.1:1812 to 10.219.195.225:38276 length 175 (11) User-Name = "heiko.baumann" (11) MS-MPPE-Recv-Key = 0x7fd1806ac0bae3a4dce0733ee3ba2285ec93eb01ffaa19010f48e0bdabebb623 (11) MS-MPPE-Send-Key = 0x833cfac00c66d42a0bcbc62e008e5591890e585ae00c8d3b56707e5b49a140f5 (11) EAP-Message = 0x03820004 (11) Message-Authenticator = 0x00000000000000000000000000000000 (11) Finished request Waking up in 3.4 seconds. Debug output of a failed request with an iPhone: FreeRADIUS Version 3.2.6 Copyright (C) 1999-2023 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/share/freeradius/dictionary including dictionary file /usr/share/freeradius/dictionary.dhcp including dictionary file /usr/share/freeradius/dictionary.vqp including configuration file /var/run/otpme/freeradius/radiusd.conf including configuration file /var/run/otpme/freeradius/clients.conf main { security { user = "otpme" group = "otpme" allow_core_dumps = no } name = "freeradius" prefix = "/usr" localstatedir = "/var" logdir = "/var/log/otpme" run_dir = "/var/run/otpme" } main { name = "freeradius" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/otpme" run_dir = "/var/run/otpme" libdir = "/usr/lib" radacctdir = "/var/log/otpme/radacct" hostname_lookups = no max_request_time = 30 proxy_dedup_window = 1 cleanup_delay = 5 max_requests = 16384 max_fds = 512 postauth_client_lost = no pidfile = "/var/run/otpme/pidfiles/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = no log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no colourise = yes msg_denied = "You are already logged in - access denied" } resources { } security { max_attributes = 200 reject_delay = 1.000000 status_server = yes require_message_authenticator = "auto" limit_proxy_state = "auto" } } radiusd: #### Loading Realms and Home Servers #### radiusd: #### Loading Clients #### Debugger not attached # Creating Auth-Type = python_otpme # Creating Auth-Type = EAP # Creating Auth-Type = MS-CHAP radiusd: #### Instantiating modules #### modules { # Loaded module rlm_mschap # Loading module "mschap" from file /var/run/otpme/freeradius/radiusd.conf mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes winbind_retry_with_normalised_username = no } # Loaded module rlm_eap # Loading module "eap" from file /var/run/otpme/freeradius/radiusd.conf eap { default_eap_type = "mschapv2" timer_expire = 60 max_eap_type = 52 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 16384 dedup_key = "" } # Loading module "mschap_otp" from file /var/run/otpme/freeradius/radiusd.conf mschap mschap_otp { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes ntlm_auth = "/usr/local/bin/otpme-auth verify_mschap --socket '%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}' '%{%{mschap_otp:Challenge}:-00}' '%{%{mschap_otp:NT-Response}:-00}' '%{NAS-Identifier}' '%{Client-IP-Address}'" passchange { } allow_retry = yes winbind_retry_with_normalised_username = no } # Loaded module rlm_python3 # Loading module "python_otpme" from file /var/run/otpme/freeradius/radiusd.conf python3 python_otpme { mod_instantiate = "otpme.lib.freeradius.otpme" func_instantiate = "instantiate" mod_authorize = "otpme.lib.freeradius.otpme" func_authorize = "authorize" mod_authenticate = "otpme.lib.freeradius.otpme" func_authenticate = "authenticate" python_path = "/var/run/otpme/freeradius/mods-config/python3:/opt/otpme/lib/python3.11/site-packages" cext_compat = yes pass_all_vps = no pass_all_vps_dict = no } # Instantiating module "mschap" from file /var/run/otpme/freeradius/radiusd.conf rlm_mschap (mschap): using internal authentication # Instantiating module "eap" from file /var/run/otpme/freeradius/radiusd.conf # Linked to sub-module rlm_eap_md5 rlm_eap (EAP): Ignoring EAP method 'leap', because it is no longer supported # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { verify_depth = 0 pem_file_type = yes private_key_file = "/var/run/otpme/freeradius/key.pem" certificate_file = "/var/run/otpme/freeradius/cert.pem" ca_file = "/var/run/otpme/freeradius/ca.pem" fragment_size = 1024 include_length = yes auto_chain = yes check_crl = no check_all_crl = no ca_path_reload_interval = 0 cipher_list = "DEFAULT" cipher_server_preference = no reject_unknown_intermediate_ca = no ecdh_curve = "prime256v1" disable_tlsv1 = yes disable_tlsv1_1 = yes tls_max_version = "1.2" tls_min_version = "1.2" cache { enable = no lifetime = 24 max_entries = 255 } verify { skip_if_ocsp_ok = no } ocsp { enable = no override_cert_url = no use_nonce = yes timeout = 0 softfail = no } } tls: Please use 'tls_min_version' and 'tls_max_version' instead of 'disable_tlsv1' tls: Please use 'tls_min_version' and 'tls_max_version' instead of 'disable_tlsv1_1' # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes virtual_server = "otpme" include_length = yes require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes proxy_tunneled_request_as_eap = yes virtual_server = "otpme" soh = no require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Instantiating module "mschap_otp" from file /var/run/otpme/freeradius/radiusd.conf rlm_mschap (mschap_otp): authenticating by calling 'ntlm_auth' # Instantiating module "python_otpme" from file /var/run/otpme/freeradius/radiusd.conf Python version: 3.11.13 (main, Jul 3 2025, 11:31:00) [GCC 12.2.1 20230428] otpme.py: OTPme config verfied successful. otpme.py: Instantiated OTPme module. } # modules radiusd: #### Loading Virtual Servers #### server { # from file /var/run/otpme/freeradius/radiusd.conf } # server server otpme { # from file /var/run/otpme/freeradius/radiusd.conf # Loading authenticate {...} Compiling Auth-Type EAP for attr Auth-Type Compiling Auth-Type MS-CHAP for attr Auth-Type # Loading authorize {...} } # server otpme radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 1812 client 10.219.195.225 { ipv4addr = 10.219.195.225 secret = <<< secret >>> shortname = "ap01-hbap-1" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 10.219.195.223 { ipv4addr = 10.219.195.223 secret = <<< secret >>> shortname = "cloudix-nextcloud-1" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 127.0.0.1 { ipv4addr = 127.0.0.1 secret = <<< secret >>> shortname = "localhost-1" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 10.219.195.100 { ipv4addr = 10.219.195.100 secret = <<< secret >>> shortname = "sharewatcher-1" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 10.219.195.254 { ipv4addr = 10.219.195.254 secret = <<< secret >>> shortname = "smtp-1" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } } Listening on auth address * port 1812 bound to server otpme Ready to process requests (0) Received Access-Request Id 204 from 10.219.195.225:38276 to 10.219.195.1:1812 length 194 (0) User-Name = "test" (0) NAS-Identifier = "ap01-hbap" (0) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (0) NAS-Port-Type = Wireless-802.11 (0) Service-Type = Framed-User (0) NAS-Port = 3 (0) Calling-Station-Id = "A6-5F-75-98-A5-06" (0) Connect-Info = "CONNECT 54Mbps 802.11a" (0) Acct-Session-Id = "EEFF590BE3BB6A1C" (0) WLAN-Pairwise-Cipher = 1027076 (0) WLAN-Group-Cipher = 1027076 (0) WLAN-AKM-Suite = 1027073 (0) Framed-MTU = 1400 (0) EAP-Message = 0x022200090174657374 (0) Message-Authenticator = 0x7dfcffdfd9fbf339765f6ac0c092a78d (0) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (0) authorize { (0) eap: Peer sent EAP Response (code 2) ID 34 length 9 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) if (!control:Auth-Type) { (0) if (!control:Auth-Type) -> FALSE (0) } # authorize = ok (0) Found Auth-Type = EAP (0) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (0) Auth-Type EAP { (0) eap: Peer sent packet with method EAP Identity (1) (0) eap: Calling submodule eap_mschapv2 to process data (0) eap_mschapv2: Issuing Challenge (0) eap: Sending EAP Request (code 1) ID 35 length 42 (0) eap: EAP session adding &reply:State = 0xac2b487aac085271 (0) [eap] = handled (0) } # Auth-Type EAP = handled (0) Using Post-Auth-Type Challenge (0) Post-Auth-Type sub-section not found. Ignoring. (0) Sent Access-Challenge Id 204 from 10.219.195.1:1812 to 10.219.195.225:38276 length 100 (0) EAP-Message = 0x0123002a1a0123002510807cf25a7f0593f308104a2a7f1bbe28667265657261646975732d332e322e36 (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0xac2b487aac0852714e974a6b4baa7cab (0) Finished request Waking up in 4.9 seconds. (1) Received Access-Request Id 205 from 10.219.195.225:38276 to 10.219.195.1:1812 length 211 (1) User-Name = "test" (1) NAS-Identifier = "ap01-hbap" (1) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (1) NAS-Port-Type = Wireless-802.11 (1) Service-Type = Framed-User (1) NAS-Port = 3 (1) Calling-Station-Id = "A6-5F-75-98-A5-06" (1) Connect-Info = "CONNECT 54Mbps 802.11a" (1) Acct-Session-Id = "EEFF590BE3BB6A1C" (1) WLAN-Pairwise-Cipher = 1027076 (1) WLAN-Group-Cipher = 1027076 (1) WLAN-AKM-Suite = 1027073 (1) Framed-MTU = 1400 (1) EAP-Message = 0x022300080319152b (1) State = 0xac2b487aac0852714e974a6b4baa7cab (1) Message-Authenticator = 0x87e934652733a17be1765b4b6f4f24c4 (1) session-state: No cached attributes (1) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (1) authorize { (1) eap: Peer sent EAP Response (code 2) ID 35 length 8 (1) eap: No EAP Start, assuming it's an on-going EAP conversation (1) [eap] = updated (1) if (!control:Auth-Type) { (1) if (!control:Auth-Type) -> FALSE (1) } # authorize = updated (1) Found Auth-Type = EAP (1) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (1) Auth-Type EAP { (1) eap: Removing EAP session with state 0xac2b487aac085271 (1) eap: Previous EAP request found for state 0xac2b487aac085271, released from the list (1) eap: Peer sent packet with method EAP NAK (3) (1) eap: Found mutually acceptable type PEAP (25) (1) eap: Calling submodule eap_peap to process data (1) eap_peap: (TLS) PEAP -Initiating new session (1) eap: Sending EAP Request (code 1) ID 36 length 6 (1) eap: EAP session adding &reply:State = 0xac2b487aad0f5171 (1) [eap] = handled (1) } # Auth-Type EAP = handled (1) Using Post-Auth-Type Challenge (1) Post-Auth-Type sub-section not found. Ignoring. (1) session-state: Saving cached attributes (1) Framed-MTU = 994 (1) Sent Access-Challenge Id 205 from 10.219.195.1:1812 to 10.219.195.225:38276 length 64 (1) EAP-Message = 0x012400061920 (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) State = 0xac2b487aad0f51714e974a6b4baa7cab (1) Finished request Waking up in 4.9 seconds. (2) Received Access-Request Id 206 from 10.219.195.225:38276 to 10.219.195.1:1812 length 364 (2) User-Name = "test" (2) NAS-Identifier = "ap01-hbap" (2) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (2) NAS-Port-Type = Wireless-802.11 (2) Service-Type = Framed-User (2) NAS-Port = 3 (2) Calling-Station-Id = "A6-5F-75-98-A5-06" (2) Connect-Info = "CONNECT 54Mbps 802.11a" (2) Acct-Session-Id = "EEFF590BE3BB6A1C" (2) WLAN-Pairwise-Cipher = 1027076 (2) WLAN-Group-Cipher = 1027076 (2) WLAN-AKM-Suite = 1027073 (2) Framed-MTU = 1400 (2) EAP-Message = 0x022400a119800000009716030100920100008e0303696381086bafdecf86b47ad4c93e56a3b253ab52e8d2d1935c21005877f5eeb700002c00ffc02cc02bc024c023c00ac009c008c030c02fc028c027c014c013c012009d009c003d003c0035002f000a01000039000a00080006001700180019000b00020100000d00120010040102010501060104030203050306030005000501000000000012000000170000 (2) State = 0xac2b487aad0f51714e974a6b4baa7cab (2) Message-Authenticator = 0x8d8adccff2d8071b49b73e04caacb294 (2) Restoring &session-state (2) &session-state:Framed-MTU = 994 (2) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (2) authorize { (2) eap: Peer sent EAP Response (code 2) ID 36 length 161 (2) eap: Continuing tunnel setup (2) [eap] = ok (2) if (!control:Auth-Type) { (2) if (!control:Auth-Type) -> FALSE (2) } # authorize = ok (2) Found Auth-Type = EAP (2) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (2) Auth-Type EAP { (2) eap: Removing EAP session with state 0xac2b487aad0f5171 (2) eap: Previous EAP request found for state 0xac2b487aad0f5171, released from the list (2) eap: Peer sent packet with method EAP PEAP (25) (2) eap: Calling submodule eap_peap to process data (2) eap_peap: (TLS) EAP Peer says that the final record size will be 151 bytes (2) eap_peap: (TLS) EAP Got all data (151 bytes) (2) eap_peap: (TLS) PEAP - Handshake state - before SSL initialization (2) eap_peap: (TLS) PEAP - Handshake state - Server before SSL initialization (2) eap_peap: (TLS) PEAP - Handshake state - Server before SSL initialization (2) eap_peap: (TLS) PEAP - recv TLS 1.3 Handshake, ClientHello (2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read client hello (2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, ServerHello (2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write server hello (2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, Certificate (2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write certificate (2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange (2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write key exchange (2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone (2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write server done (2) eap_peap: (TLS) PEAP - Server : Need to read more data: SSLv3/TLS write server done (2) eap_peap: (TLS) PEAP - In Handshake Phase (2) eap: Sending EAP Request (code 1) ID 37 length 1004 (2) eap: EAP session adding &reply:State = 0xac2b487aae0e5171 (2) [eap] = handled (2) } # Auth-Type EAP = handled (2) Using Post-Auth-Type Challenge (2) Post-Auth-Type sub-section not found. Ignoring. (2) session-state: Saving cached attributes (2) Framed-MTU = 994 (2) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (2) Sent Access-Challenge Id 206 from 10.219.195.1:1812 to 10.219.195.225:38276 length 1068 (2) EAP-Message = 0x012503ec19c000000bd7160303003d0200003903037d9615ce8191f6cead070312ee58c68647bb340519841c210fc1a6f586ebbff400c030000011ff01000100000b000403000102001700001603030a350b000a31000a2e000499308204953082027da003020102020705fea02d221361300d06092a864886f70d01010b05003076312a302806035504030c212f68626f73732e696e7465726e2f6b6f626c656e7a2f6361732f534954455f4341310b3009060355040613024445310c300a06035504080c03524c503110300e06035504070c074b6f626c656e7a310e300c060355040a0c0548424f5353310b3009060355040b0c024954301e170d3233303632313039313330395a170d3338303631373039313330395a3069311d301b06035504030c146b6f626c656e7a2e68626f73732e696e7465726e310b3009060355040613024445310c300a06035504080c03524c503110300e06035504070c074b6f626c656e7a310e300c060355040a0c0548424f535331 (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0xac2b487aae0e51714e974a6b4baa7cab (2) Finished request Waking up in 4.9 seconds. (3) Received Access-Request Id 207 from 10.219.195.225:38276 to 10.219.195.1:1812 length 209 (3) User-Name = "test" (3) NAS-Identifier = "ap01-hbap" (3) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (3) NAS-Port-Type = Wireless-802.11 (3) Service-Type = Framed-User (3) NAS-Port = 3 (3) Calling-Station-Id = "A6-5F-75-98-A5-06" (3) Connect-Info = "CONNECT 54Mbps 802.11a" (3) Acct-Session-Id = "EEFF590BE3BB6A1C" (3) WLAN-Pairwise-Cipher = 1027076 (3) WLAN-Group-Cipher = 1027076 (3) WLAN-AKM-Suite = 1027073 (3) Framed-MTU = 1400 (3) EAP-Message = 0x022500061900 (3) State = 0xac2b487aae0e51714e974a6b4baa7cab (3) Message-Authenticator = 0xbfa1456c3a23563d3ae031e3ab7b871c (3) Restoring &session-state (3) &session-state:Framed-MTU = 994 (3) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (3) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (3) authorize { (3) eap: Peer sent EAP Response (code 2) ID 37 length 6 (3) eap: Continuing tunnel setup (3) [eap] = ok (3) if (!control:Auth-Type) { (3) if (!control:Auth-Type) -> FALSE (3) } # authorize = ok (3) Found Auth-Type = EAP (3) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (3) Auth-Type EAP { (3) eap: Removing EAP session with state 0xac2b487aae0e5171 (3) eap: Previous EAP request found for state 0xac2b487aae0e5171, released from the list (3) eap: Peer sent packet with method EAP PEAP (25) (3) eap: Calling submodule eap_peap to process data (3) eap_peap: (TLS) Peer ACKed our handshake fragment (3) eap: Sending EAP Request (code 1) ID 38 length 1000 (3) eap: EAP session adding &reply:State = 0xac2b487aaf0d5171 (3) [eap] = handled (3) } # Auth-Type EAP = handled (3) Using Post-Auth-Type Challenge (3) Post-Auth-Type sub-section not found. Ignoring. (3) session-state: Saving cached attributes (3) Framed-MTU = 994 (3) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (3) Sent Access-Challenge Id 207 from 10.219.195.1:1812 to 10.219.195.225:38276 length 1064 (3) EAP-Message = 0x012603e819406729c41ca39fed55f40b0703e590f4ef3fe75165ed505d0e8e33187c7f82a4fa97311282257e3dca08d5818a76cee90d8aea88403b1d62eda2f8ed0e7cc7d72ce4f25e3497d7cbb88d5fb3e76fd5eb2cb7c29126896e5cf175ca9a6b177812f14e4ad1acc69c7a07a33ad3e880179c3971584f08442b7bfe40153886a8e68f88b2ebd088522f0214474a905d560fa04a8f20a966b67e072e644b106f92e95d3fc468afe1b60ff5b30eabfd9eb217f1847f6a24ab5f922365ecc2bb16be43951cbf4cf33735cd9fc4a0337c1632c68690fb8748b78e6f1fe6534e092fc9b9f25123a0a3ed26215dc6b0b765bbe2272058c9bf0935cb8ac47c5b1f7bd20e474f71a760f1db1b8a45da00058f3082058b30820373a003020102020705fea02cf10b27300d06092a864886f70d01010b05003077312b302906035504030c222f68626f73732e696e7465726e2f6b6f626c656e7a2f6361732f5245414c4d5f4341310b3009060355040613024445310c300a06 (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) State = 0xac2b487aaf0d51714e974a6b4baa7cab (3) Finished request Waking up in 4.9 seconds. (4) Received Access-Request Id 208 from 10.219.195.225:38276 to 10.219.195.1:1812 length 209 (4) User-Name = "test" (4) NAS-Identifier = "ap01-hbap" (4) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (4) NAS-Port-Type = Wireless-802.11 (4) Service-Type = Framed-User (4) NAS-Port = 3 (4) Calling-Station-Id = "A6-5F-75-98-A5-06" (4) Connect-Info = "CONNECT 54Mbps 802.11a" (4) Acct-Session-Id = "EEFF590BE3BB6A1C" (4) WLAN-Pairwise-Cipher = 1027076 (4) WLAN-Group-Cipher = 1027076 (4) WLAN-AKM-Suite = 1027073 (4) Framed-MTU = 1400 (4) EAP-Message = 0x022600061900 (4) State = 0xac2b487aaf0d51714e974a6b4baa7cab (4) Message-Authenticator = 0x5cb8800c3a7ed09d207a2ef341573028 (4) Restoring &session-state (4) &session-state:Framed-MTU = 994 (4) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (4) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (4) authorize { (4) eap: Peer sent EAP Response (code 2) ID 38 length 6 (4) eap: Continuing tunnel setup (4) [eap] = ok (4) if (!control:Auth-Type) { (4) if (!control:Auth-Type) -> FALSE (4) } # authorize = ok (4) Found Auth-Type = EAP (4) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (4) Auth-Type EAP { (4) eap: Removing EAP session with state 0xac2b487aaf0d5171 (4) eap: Previous EAP request found for state 0xac2b487aaf0d5171, released from the list (4) eap: Peer sent packet with method EAP PEAP (25) (4) eap: Calling submodule eap_peap to process data (4) eap_peap: (TLS) Peer ACKed our handshake fragment (4) eap: Sending EAP Request (code 1) ID 39 length 1000 (4) eap: EAP session adding &reply:State = 0xac2b487aa80c5171 (4) [eap] = handled (4) } # Auth-Type EAP = handled (4) Using Post-Auth-Type Challenge (4) Post-Auth-Type sub-section not found. Ignoring. (4) session-state: Saving cached attributes (4) Framed-MTU = 994 (4) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (4) Sent Access-Challenge Id 208 from 10.219.195.1:1812 to 10.219.195.225:38276 length 1064 (4) EAP-Message = 0x012703e81940603ef2f2884b299ace212671ea16a0df8d30640875c03aaef2ac1e4cd0b45487fcb99234083e915ecded1171c41b3eb10b7c736e781a97f17e3aa3b85d0f5b5f35d09ce1570d621b9dc5be4b4f9ecae899a6d0949b7eed4ebcbf64a48aa40d41d3c07d33da2e8d816dd2eba719a8b75d53dfa7ecb5a35b7cec093710efea7ff30203010001a31d301b300c0603551d13040530030101ff300b0603551d0f040403020106300d06092a864886f70d01010b0500038202010048ed80b6b8d9f45c988d3a8c439f33112acf5a1a90a3e79a8622a919c7fa078d6bcfcb743a26ddd8bc1bc56f9071c89b8a986b33eeb0c6defe6f99834b9a90da8089c002815951b451f4b9d4ed8225888e5b77b04f9131487a830c71082209525143b143d9335eb02b382660f462e5b6d5e4dd2991b894148e23f6ce2be12f76406890fe48dba3e0c97b33089c20f7466a37daa34eb110f7d9cf47553fae6f7453ad44e48fa154f1db59066d3250216bde12320eed158d5197 (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0xac2b487aa80c51714e974a6b4baa7cab (4) Finished request Waking up in 4.9 seconds. (5) Received Access-Request Id 209 from 10.219.195.225:38276 to 10.219.195.1:1812 length 209 (5) User-Name = "test" (5) NAS-Identifier = "ap01-hbap" (5) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (5) NAS-Port-Type = Wireless-802.11 (5) Service-Type = Framed-User (5) NAS-Port = 3 (5) Calling-Station-Id = "A6-5F-75-98-A5-06" (5) Connect-Info = "CONNECT 54Mbps 802.11a" (5) Acct-Session-Id = "EEFF590BE3BB6A1C" (5) WLAN-Pairwise-Cipher = 1027076 (5) WLAN-Group-Cipher = 1027076 (5) WLAN-AKM-Suite = 1027073 (5) Framed-MTU = 1400 (5) EAP-Message = 0x022700061900 (5) State = 0xac2b487aa80c51714e974a6b4baa7cab (5) Message-Authenticator = 0x4904b50139129c9ee3d149be137fb45e (5) Restoring &session-state (5) &session-state:Framed-MTU = 994 (5) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (5) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (5) authorize { (5) eap: Peer sent EAP Response (code 2) ID 39 length 6 (5) eap: Continuing tunnel setup (5) [eap] = ok (5) if (!control:Auth-Type) { (5) if (!control:Auth-Type) -> FALSE (5) } # authorize = ok (5) Found Auth-Type = EAP (5) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (5) Auth-Type EAP { (5) eap: Removing EAP session with state 0xac2b487aa80c5171 (5) eap: Previous EAP request found for state 0xac2b487aa80c5171, released from the list (5) eap: Peer sent packet with method EAP PEAP (25) (5) eap: Calling submodule eap_peap to process data (5) eap_peap: (TLS) Peer ACKed our handshake fragment (5) eap: Sending EAP Request (code 1) ID 40 length 55 (5) eap: EAP session adding &reply:State = 0xac2b487aa9035171 (5) [eap] = handled (5) } # Auth-Type EAP = handled (5) Using Post-Auth-Type Challenge (5) Post-Auth-Type sub-section not found. Ignoring. (5) session-state: Saving cached attributes (5) Framed-MTU = 994 (5) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (5) Sent Access-Challenge Id 209 from 10.219.195.1:1812 to 10.219.195.225:38276 length 113 (5) EAP-Message = 0x012800371900b048c07ac17f86f9c727014f0cc6a508653ff99a95e6e84a4829d48058b9132be05c9c1b68de733316030300040e000000 (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) State = 0xac2b487aa90351714e974a6b4baa7cab (5) Finished request Waking up in 4.9 seconds. (6) Received Access-Request Id 210 from 10.219.195.225:38276 to 10.219.195.1:1812 length 339 (6) User-Name = "test" (6) NAS-Identifier = "ap01-hbap" (6) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (6) NAS-Port-Type = Wireless-802.11 (6) Service-Type = Framed-User (6) NAS-Port = 3 (6) Calling-Station-Id = "A6-5F-75-98-A5-06" (6) Connect-Info = "CONNECT 54Mbps 802.11a" (6) Acct-Session-Id = "EEFF590BE3BB6A1C" (6) WLAN-Pairwise-Cipher = 1027076 (6) WLAN-Group-Cipher = 1027076 (6) WLAN-AKM-Suite = 1027073 (6) Framed-MTU = 1400 (6) EAP-Message = 0x0228008819800000007e16030300461000004241041914318456c90b3eed960cc0f427749a4a58dea1c45b04d88e0d4aa358aa753149db3707404dba0da11104816db305bfb16c221d10d02ca05f66f05e90868b1914030300010116030300284ae33342f449b98c815966dbee60f4bfb147c6898c284415f0f4f449d2ff033a5ec9027ddb4ce85f (6) State = 0xac2b487aa90351714e974a6b4baa7cab (6) Message-Authenticator = 0x4765ff00e4d57c7b8098fe86dc4fa440 (6) Restoring &session-state (6) &session-state:Framed-MTU = 994 (6) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (6) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (6) authorize { (6) eap: Peer sent EAP Response (code 2) ID 40 length 136 (6) eap: Continuing tunnel setup (6) [eap] = ok (6) if (!control:Auth-Type) { (6) if (!control:Auth-Type) -> FALSE (6) } # authorize = ok (6) Found Auth-Type = EAP (6) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (6) Auth-Type EAP { (6) eap: Removing EAP session with state 0xac2b487aa9035171 (6) eap: Previous EAP request found for state 0xac2b487aa9035171, released from the list (6) eap: Peer sent packet with method EAP PEAP (25) (6) eap: Calling submodule eap_peap to process data (6) eap_peap: (TLS) EAP Peer says that the final record size will be 126 bytes (6) eap_peap: (TLS) EAP Got all data (126 bytes) (6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write server done (6) eap_peap: (TLS) PEAP - recv TLS 1.2 Handshake, ClientKeyExchange (6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read client key exchange (6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read change cipher spec (6) eap_peap: (TLS) PEAP - recv TLS 1.2 Handshake, Finished (6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read finished (6) eap_peap: (TLS) PEAP - send TLS 1.2 ChangeCipherSpec (6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write change cipher spec (6) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, Finished (6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write finished (6) eap_peap: (TLS) PEAP - Handshake state - SSL negotiation finished successfully (6) eap_peap: (TLS) PEAP - Connection Established (6) eap_peap: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (6) eap_peap: TLS-Session-Version = "TLS 1.2" (6) eap: Sending EAP Request (code 1) ID 41 length 57 (6) eap: EAP session adding &reply:State = 0xac2b487aaa025171 (6) [eap] = handled (6) } # Auth-Type EAP = handled (6) Using Post-Auth-Type Challenge (6) Post-Auth-Type sub-section not found. Ignoring. (6) session-state: Saving cached attributes (6) Framed-MTU = 994 (6) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (6) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (6) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, Finished" (6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec" (6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Finished" (6) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (6) TLS-Session-Version = "TLS 1.2" (6) Sent Access-Challenge Id 210 from 10.219.195.1:1812 to 10.219.195.225:38276 length 115 (6) EAP-Message = 0x01290039190014030300010116030300282209ea55626d5fee2bc36d1a8a06ba29ee44eb2847cffb3da18d6d212b1f8b681bddb7d42c7dc10a (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0xac2b487aaa0251714e974a6b4baa7cab (6) Finished request Waking up in 4.8 seconds. (7) Received Access-Request Id 211 from 10.219.195.225:38276 to 10.219.195.1:1812 length 209 (7) User-Name = "test" (7) NAS-Identifier = "ap01-hbap" (7) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (7) NAS-Port-Type = Wireless-802.11 (7) Service-Type = Framed-User (7) NAS-Port = 3 (7) Calling-Station-Id = "A6-5F-75-98-A5-06" (7) Connect-Info = "CONNECT 54Mbps 802.11a" (7) Acct-Session-Id = "EEFF590BE3BB6A1C" (7) WLAN-Pairwise-Cipher = 1027076 (7) WLAN-Group-Cipher = 1027076 (7) WLAN-AKM-Suite = 1027073 (7) Framed-MTU = 1400 (7) EAP-Message = 0x022900061900 (7) State = 0xac2b487aaa0251714e974a6b4baa7cab (7) Message-Authenticator = 0xb01820edd9de0eb9ebd79cea4c818884 (7) Restoring &session-state (7) &session-state:Framed-MTU = 994 (7) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (7) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (7) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, Finished" (7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec" (7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Finished" (7) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (7) &session-state:TLS-Session-Version = "TLS 1.2" (7) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (7) authorize { (7) eap: Peer sent EAP Response (code 2) ID 41 length 6 (7) eap: Continuing tunnel setup (7) [eap] = ok (7) if (!control:Auth-Type) { (7) if (!control:Auth-Type) -> FALSE (7) } # authorize = ok (7) Found Auth-Type = EAP (7) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (7) Auth-Type EAP { (7) eap: Removing EAP session with state 0xac2b487aaa025171 (7) eap: Previous EAP request found for state 0xac2b487aaa025171, released from the list (7) eap: Peer sent packet with method EAP PEAP (25) (7) eap: Calling submodule eap_peap to process data (7) eap_peap: (TLS) Peer ACKed our handshake fragment. handshake is finished (7) eap_peap: Session established. Decoding tunneled attributes (7) eap_peap: PEAP state TUNNEL ESTABLISHED (7) eap: Sending EAP Request (code 1) ID 42 length 40 (7) eap: EAP session adding &reply:State = 0xac2b487aab015171 (7) [eap] = handled (7) } # Auth-Type EAP = handled (7) Using Post-Auth-Type Challenge (7) Post-Auth-Type sub-section not found. Ignoring. (7) session-state: Saving cached attributes (7) Framed-MTU = 994 (7) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (7) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (7) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, Finished" (7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec" (7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Finished" (7) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (7) TLS-Session-Version = "TLS 1.2" (7) Sent Access-Challenge Id 211 from 10.219.195.1:1812 to 10.219.195.225:38276 length 98 (7) EAP-Message = 0x012a00281900170303001d2209ea55626d5fef324c805c6b28f660cb29d8bd4026022faedaf16c29 (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0xac2b487aab0151714e974a6b4baa7cab (7) Finished request Waking up in 4.8 seconds. (8) Received Access-Request Id 212 from 10.219.195.225:38276 to 10.219.195.1:1812 length 243 (8) User-Name = "test" (8) NAS-Identifier = "ap01-hbap" (8) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (8) NAS-Port-Type = Wireless-802.11 (8) Service-Type = Framed-User (8) NAS-Port = 3 (8) Calling-Station-Id = "A6-5F-75-98-A5-06" (8) Connect-Info = "CONNECT 54Mbps 802.11a" (8) Acct-Session-Id = "EEFF590BE3BB6A1C" (8) WLAN-Pairwise-Cipher = 1027076 (8) WLAN-Group-Cipher = 1027076 (8) WLAN-AKM-Suite = 1027073 (8) Framed-MTU = 1400 (8) EAP-Message = 0x022a00281900170303001d4ae33342f449b98d13c961f594f00dcb253fa40f83e7aec02fab3fb55a (8) State = 0xac2b487aab0151714e974a6b4baa7cab (8) Message-Authenticator = 0xcea0cff4f6afbee50b7007acbe9993a1 (8) Restoring &session-state (8) &session-state:Framed-MTU = 994 (8) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (8) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (8) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, Finished" (8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec" (8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Finished" (8) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (8) &session-state:TLS-Session-Version = "TLS 1.2" (8) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (8) authorize { (8) eap: Peer sent EAP Response (code 2) ID 42 length 40 (8) eap: Continuing tunnel setup (8) [eap] = ok (8) if (!control:Auth-Type) { (8) if (!control:Auth-Type) -> FALSE (8) } # authorize = ok (8) Found Auth-Type = EAP (8) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (8) Auth-Type EAP { (8) eap: Removing EAP session with state 0xac2b487aab015171 (8) eap: Previous EAP request found for state 0xac2b487aab015171, released from the list (8) eap: Peer sent packet with method EAP PEAP (25) (8) eap: Calling submodule eap_peap to process data (8) eap_peap: (TLS) EAP Done initial handshake (8) eap_peap: Session established. Decoding tunneled attributes (8) eap_peap: PEAP state WAITING FOR INNER IDENTITY (8) eap_peap: Identity - test (8) eap_peap: Got inner identity 'test' (8) eap_peap: Setting default EAP type for tunneled EAP session (8) eap_peap: Got tunneled request (8) eap_peap: EAP-Message = 0x022a00090174657374 (8) eap_peap: Setting User-Name to test (8) eap_peap: Sending tunneled request to otpme (8) eap_peap: EAP-Message = 0x022a00090174657374 (8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (8) eap_peap: User-Name = "test" (8) eap_peap: NAS-Identifier = "ap01-hbap" (8) eap_peap: Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (8) eap_peap: NAS-Port-Type = Wireless-802.11 (8) eap_peap: Service-Type = Framed-User (8) eap_peap: NAS-Port = 3 (8) eap_peap: Calling-Station-Id = "A6-5F-75-98-A5-06" (8) eap_peap: Connect-Info = "CONNECT 54Mbps 802.11a" (8) eap_peap: Acct-Session-Id = "EEFF590BE3BB6A1C" (8) eap_peap: WLAN-Pairwise-Cipher = 1027076 (8) eap_peap: WLAN-Group-Cipher = 1027076 (8) eap_peap: WLAN-AKM-Suite = 1027073 (8) eap_peap: Framed-MTU = 1400 (8) Virtual server otpme received request (8) EAP-Message = 0x022a00090174657374 (8) FreeRADIUS-Proxied-To = 127.0.0.1 (8) User-Name = "test" (8) NAS-Identifier = "ap01-hbap" (8) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (8) NAS-Port-Type = Wireless-802.11 (8) Service-Type = Framed-User (8) NAS-Port = 3 (8) Calling-Station-Id = "A6-5F-75-98-A5-06" (8) Connect-Info = "CONNECT 54Mbps 802.11a" (8) Acct-Session-Id = "EEFF590BE3BB6A1C" (8) WLAN-Pairwise-Cipher = 1027076 (8) WLAN-Group-Cipher = 1027076 (8) WLAN-AKM-Suite = 1027073 (8) Framed-MTU = 1400 (8) WARNING: Outer and inner identities are the same. User privacy is compromised. (8) server otpme { (8) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (8) authorize { (8) eap: Peer sent EAP Response (code 2) ID 42 length 9 (8) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (8) [eap] = ok (8) if (!control:Auth-Type) { (8) if (!control:Auth-Type) -> FALSE (8) } # authorize = ok (8) Found Auth-Type = EAP (8) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (8) Auth-Type EAP { (8) eap: Peer sent packet with method EAP Identity (1) (8) eap: Calling submodule eap_mschapv2 to process data (8) eap_mschapv2: Issuing Challenge (8) eap: Sending EAP Request (code 1) ID 43 length 42 (8) eap: EAP session adding &reply:State = 0x4d7ab8054d51a258 (8) [eap] = handled (8) } # Auth-Type EAP = handled (8) Using Post-Auth-Type Challenge (8) Post-Auth-Type sub-section not found. Ignoring. (8) } # server otpme (8) Virtual server sending reply (8) EAP-Message = 0x012b002a1a012b002510b158d692e01e55d324fba4bd46d9b3a1667265657261646975732d332e322e36 (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) State = 0x4d7ab8054d51a258be49ba37bb208c58 (8) eap_peap: Got tunneled reply code 11 (8) eap_peap: EAP-Message = 0x012b002a1a012b002510b158d692e01e55d324fba4bd46d9b3a1667265657261646975732d332e322e36 (8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (8) eap_peap: State = 0x4d7ab8054d51a258be49ba37bb208c58 (8) eap_peap: Got tunneled reply RADIUS code 11 (8) eap_peap: EAP-Message = 0x012b002a1a012b002510b158d692e01e55d324fba4bd46d9b3a1667265657261646975732d332e322e36 (8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (8) eap_peap: State = 0x4d7ab8054d51a258be49ba37bb208c58 (8) eap_peap: Got tunneled Access-Challenge (8) eap: Sending EAP Request (code 1) ID 43 length 73 (8) eap: EAP session adding &reply:State = 0xac2b487aa4005171 (8) [eap] = handled (8) } # Auth-Type EAP = handled (8) Using Post-Auth-Type Challenge (8) Post-Auth-Type sub-section not found. Ignoring. (8) session-state: Saving cached attributes (8) Framed-MTU = 994 (8) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (8) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (8) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, Finished" (8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec" (8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Finished" (8) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (8) TLS-Session-Version = "TLS 1.2" (8) Sent Access-Challenge Id 212 from 10.219.195.1:1812 to 10.219.195.225:38276 length 131 (8) EAP-Message = 0x012b00491900170303003e2209ea55626d5ff0baf80a2c42ec6788dd5d4663e3245c6aaaef10c2c1deb1d2ad96fab8a4438ea319ff3f70d6d27ae2c8a9d4aa8dc68429000232767ded (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) State = 0xac2b487aa40051714e974a6b4baa7cab (8) Finished request Waking up in 4.8 seconds. (9) Received Access-Request Id 213 from 10.219.195.225:38276 to 10.219.195.1:1812 length 297 (9) User-Name = "test" (9) NAS-Identifier = "ap01-hbap" (9) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (9) NAS-Port-Type = Wireless-802.11 (9) Service-Type = Framed-User (9) NAS-Port = 3 (9) Calling-Station-Id = "A6-5F-75-98-A5-06" (9) Connect-Info = "CONNECT 54Mbps 802.11a" (9) Acct-Session-Id = "EEFF590BE3BB6A1C" (9) WLAN-Pairwise-Cipher = 1027076 (9) WLAN-Group-Cipher = 1027076 (9) WLAN-AKM-Suite = 1027073 (9) Framed-MTU = 1400 (9) EAP-Message = 0x022b005e190017030300534ae33342f449b98e94136a54fa9773216317d2ebacdd3c8cea4603265909a0054c9dbb0bc8083fe2bd3ff8548dde3574e03c15d2b5a9ba2568d6711d69a8859b8fe148f477919afc4ccdbd64664e50b2cf5a5f (9) State = 0xac2b487aa40051714e974a6b4baa7cab (9) Message-Authenticator = 0x70ed0ad4ec446ceb8871e3c49ec3026a (9) Restoring &session-state (9) &session-state:Framed-MTU = 994 (9) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (9) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (9) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, Finished" (9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec" (9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Finished" (9) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (9) &session-state:TLS-Session-Version = "TLS 1.2" (9) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (9) authorize { (9) eap: Peer sent EAP Response (code 2) ID 43 length 94 (9) eap: Continuing tunnel setup (9) [eap] = ok (9) if (!control:Auth-Type) { (9) if (!control:Auth-Type) -> FALSE (9) } # authorize = ok (9) Found Auth-Type = EAP (9) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (9) Auth-Type EAP { (9) eap: Removing EAP session with state 0xac2b487aa4005171 (9) eap: Previous EAP request found for state 0xac2b487aa4005171, released from the list (9) eap: Peer sent packet with method EAP PEAP (25) (9) eap: Calling submodule eap_peap to process data (9) eap_peap: (TLS) EAP Done initial handshake (9) eap_peap: Session established. Decoding tunneled attributes (9) eap_peap: PEAP state phase2 (9) eap_peap: EAP method MSCHAPv2 (26) (9) eap_peap: Got tunneled request (9) eap_peap: EAP-Message = 0x022b003f1a022b003a3106a05c6e463eb6c51b322211d9918db400000000000000002d5a72c8ea7f1462f326cb9167cd3ef55e1d254c2141aafa0074657374 (9) eap_peap: Setting User-Name to test (9) eap_peap: Sending tunneled request to otpme (9) eap_peap: EAP-Message = 0x022b003f1a022b003a3106a05c6e463eb6c51b322211d9918db400000000000000002d5a72c8ea7f1462f326cb9167cd3ef55e1d254c2141aafa0074657374 (9) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (9) eap_peap: User-Name = "test" (9) eap_peap: State = 0x4d7ab8054d51a258be49ba37bb208c58 (9) eap_peap: NAS-Identifier = "ap01-hbap" (9) eap_peap: Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (9) eap_peap: NAS-Port-Type = Wireless-802.11 (9) eap_peap: Service-Type = Framed-User (9) eap_peap: NAS-Port = 3 (9) eap_peap: Calling-Station-Id = "A6-5F-75-98-A5-06" (9) eap_peap: Connect-Info = "CONNECT 54Mbps 802.11a" (9) eap_peap: Acct-Session-Id = "EEFF590BE3BB6A1C" (9) eap_peap: WLAN-Pairwise-Cipher = 1027076 (9) eap_peap: WLAN-Group-Cipher = 1027076 (9) eap_peap: WLAN-AKM-Suite = 1027073 (9) eap_peap: Framed-MTU = 1400 (9) Virtual server otpme received request (9) EAP-Message = 0x022b003f1a022b003a3106a05c6e463eb6c51b322211d9918db400000000000000002d5a72c8ea7f1462f326cb9167cd3ef55e1d254c2141aafa0074657374 (9) FreeRADIUS-Proxied-To = 127.0.0.1 (9) User-Name = "test" (9) State = 0x4d7ab8054d51a258be49ba37bb208c58 (9) NAS-Identifier = "ap01-hbap" (9) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss" (9) NAS-Port-Type = Wireless-802.11 (9) Service-Type = Framed-User (9) NAS-Port = 3 (9) Calling-Station-Id = "A6-5F-75-98-A5-06" (9) Connect-Info = "CONNECT 54Mbps 802.11a" (9) Acct-Session-Id = "EEFF590BE3BB6A1C" (9) WLAN-Pairwise-Cipher = 1027076 (9) WLAN-Group-Cipher = 1027076 (9) WLAN-AKM-Suite = 1027073 (9) Framed-MTU = 1400 (9) WARNING: Outer and inner identities are the same. User privacy is compromised. (9) server otpme { (9) session-state: No cached attributes (9) # Executing section authorize from file /var/run/otpme/freeradius/radiusd.conf (9) authorize { (9) eap: Peer sent EAP Response (code 2) ID 43 length 63 (9) eap: No EAP Start, assuming it's an on-going EAP conversation (9) [eap] = updated (9) if (!control:Auth-Type) { (9) if (!control:Auth-Type) -> FALSE (9) } # authorize = updated (9) Found Auth-Type = EAP (9) # Executing group from file /var/run/otpme/freeradius/radiusd.conf (9) Auth-Type EAP { (9) eap: Removing EAP session with state 0x4d7ab8054d51a258 (9) eap: Previous EAP request found for state 0x4d7ab8054d51a258, released from the list (9) eap: Peer sent packet with method EAP MSCHAPv2 (26) (9) eap: Calling submodule eap_mschapv2 to process data (9) eap_mschapv2: # Executing group from file /var/run/otpme/freeradius/radiusd.conf (9) eap_mschapv2: Auth-Type MS-CHAP { otpme.py: adding MS-CHAP2-Success: '3S=c3971529e7869293a9a388ede7e667182aeaa22c' otpme.py: adding MS-MPPE-Send-Key: 'c7726ce0b854c17314668bc50df88203' otpme.py: adding MS-MPPE-Recv-Key: '7019a1e6577898bd8acfecd45e55a41d' otpme.py: adding MS-MPPE-Encryption-Policy: '0x00000001' otpme.py: adding MS-MPPE-Encryption-Types: '0x00000006' otpme.py: adding Auth-Type: 'MS-CHAP' authenticate - 'reply:Reply-Message' = 'Authentication successful' authenticate - 'reply:MS-CHAP2-Success' = '0x33533d63333937313532396537383639323933613961333838656465376536363731383261656161323263' authenticate - 'reply:MS-MPPE-Encryption-Policy' = '0x00000001' authenticate - 'reply:MS-MPPE-Encryption-Types' = '0x00000006' authenticate - 'reply:MS-MPPE-Send-Key' = '0xc7726ce0b854c17314668bc50df88203' authenticate - 'reply:MS-MPPE-Recv-Key' = '0x7019a1e6577898bd8acfecd45e55a41d' authenticate - 'config:Auth-Type' = 'MS-CHAP' (9) eap_mschapv2: [python_otpme] = ok (9) eap_mschapv2: } # Auth-Type MS-CHAP = ok (9) eap_mschapv2: MSCHAP Success (9) eap: Sending EAP Request (code 1) ID 44 length 51 (9) eap: EAP session adding &reply:State = 0x4d7ab8054c56a258 (9) [eap] = handled (9) } # Auth-Type EAP = handled (9) Using Post-Auth-Type Challenge (9) Post-Auth-Type sub-section not found. Ignoring. (9) } # server otpme (9) Virtual server sending reply (9) Reply-Message = "Authentication successful" (9) EAP-Message = 0x012c00331a032b002e533d63333937313532396537383639323933613961333838656465376536363731383261656161323263 (9) Message-Authenticator = 0x00000000000000000000000000000000 (9) State = 0x4d7ab8054c56a258be49ba37bb208c58 (9) eap_peap: Got tunneled reply code 11 (9) eap_peap: Reply-Message = "Authentication successful" (9) eap_peap: EAP-Message = 0x012c00331a032b002e533d63333937313532396537383639323933613961333838656465376536363731383261656161323263 (9) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (9) eap_peap: State = 0x4d7ab8054c56a258be49ba37bb208c58 (9) eap_peap: Got tunneled reply RADIUS code 11 (9) eap_peap: Reply-Message = "Authentication successful" (9) eap_peap: EAP-Message = 0x012c00331a032b002e533d63333937313532396537383639323933613961333838656465376536363731383261656161323263 (9) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (9) eap_peap: State = 0x4d7ab8054c56a258be49ba37bb208c58 (9) eap_peap: Got tunneled Access-Challenge (9) eap: Sending EAP Request (code 1) ID 44 length 82 (9) eap: EAP session adding &reply:State = 0xac2b487aa5075171 (9) [eap] = handled (9) } # Auth-Type EAP = handled (9) Using Post-Auth-Type Challenge (9) Post-Auth-Type sub-section not found. Ignoring. (9) session-state: Saving cached attributes (9) Framed-MTU = 994 (9) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake, ClientHello" (9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHello" (9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Certificate" (9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange" (9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone" (9) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (9) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake, Finished" (9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec" (9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake, Finished" (9) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (9) TLS-Session-Version = "TLS 1.2" (9) Sent Access-Challenge Id 213 from 10.219.195.1:1812 to 10.219.195.225:38276 length 140 (9) EAP-Message = 0x012c0052190017030300472209ea55626d5ff1c5bfe6da41424c37ee71bb77118b8f1f51e7bdb050466709030848e8afe46e99cd47ef4337957aa870e14a5a42c006d97a017640d76c88fd54daf3585dae47 (9) Message-Authenticator = 0x00000000000000000000000000000000 (9) State = 0xac2b487aa50751714e974a6b4baa7cab (9) Finished request Waking up in 4.0 seconds.