FreeRADIUS Version 2.1.10, for host x86_64-redhat-linux-gnu, built on Nov  5 2010 at 16:59:42
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. 
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
PARTICULAR PURPOSE. 
You may redistribute copies of FreeRADIUS under the terms of the 
GNU General Public License v2. 
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/detail.wisper
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/dynamic_clients
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/opendirectory
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/detail.wimax
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/eap-canopy.conf
including configuration file /etc/raddb/sql-wisper.conf
including configuration file /etc/raddb/sql/mysql/dialup.conf
including configuration file /etc/raddb/sql/mysql/dialup.conf
including configuration file /etc/raddb/sql/mysql/wimax.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/alvarion-tdd
including configuration file /etc/raddb/sites-enabled/wimax-asn
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/inner-tunnel
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/buffered-sql-wimax
including configuration file /etc/raddb/sites-enabled/originate-coa-wimax
including configuration file /etc/raddb/sites-enabled/canopy
including configuration file /etc/raddb/sites-enabled/status
including configuration file /etc/raddb/sites-enabled/buffered-sql-wisper
main {
        user = "radiusd"
        group = "radiusd"
        allow_core_dumps = no
}
including dictionary file /etc/raddb/dictionary
main {
        prefix = "/usr"
        localstatedir = "/var"
        logdir = "/var/log/radius"
        libdir = "/usr/lib64/freeradius"
        radacctdir = "/var/log/radius/radacct"
        hostname_lookups = no
        max_request_time = 30
        cleanup_delay = 3
        max_requests = 25000
        pidfile = "/var/run/radiusd/radiusd.pid"
        checkrad = "/usr/sbin/checkrad"
        debug_level = 0
        proxy_requests = yes
 log {
        stripped_names = no
        auth = yes
        auth_badpass = no
        auth_goodpass = no
 }
 security {
        max_attributes = 200
        reject_delay = 1
        status_server = yes
 }
}
radiusd: #### Loading Realms and Home Servers ####
 proxy server {
        retry_delay = 5
        retry_count = 3
        default_fallback = no
        dead_time = 120
        wake_all_if_all_dead = no
 }
 home_server localhost {
        ipaddr = 127.0.0.1
        port = 1812
        type = "auth"
        secret = "blah"
        response_window = 20
        max_outstanding = 65536
        require_message_authenticator = yes
        zombie_period = 40
        status_check = "status-server"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 120
        status_check_timeout = 4
        irt = 2
        mrt = 16
        mrc = 5
        mrd = 30
 }
 home_server_pool my_auth_failover {
        type = fail-over
        home_server = localhost
 }
 realm example.com {
        auth_pool = my_auth_failover
 }
 realm LOCAL {
 }
 realm test.wisper-wireless.com {
        authhost = LOCAL
        accthost = LOCAL
 }
 realm wisper-wireless.com {
        authhost = LOCAL
        accthost = LOCAL
 }
 realm WiMax.com {
        authhost = LOCAL
        accthost = LOCAL
 }
 home_server wichorus-coa {
        ipaddr = 172.17.2.20
        port = 3799
        type = "coa"
        secret = "blah"
        response_window = 30
        max_outstanding = 65536
        zombie_period = 40
        status_check = "none"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 300
        status_check_timeout = 4
        irt = 2
        mrt = 16
        mrc = 5
        mrd = 30
 }
 home_server_pool coa {
        type = fail-over
        virtual_server = originate-coa-wimax
        home_server = wichorus-coa
 }
radiusd: #### Loading Clients ####
 client 172.17.2.20 {
        require_message_authenticator = no
        secret = "blah"
        shortname = "wichorus-asn"
        nastype = "other"
        virtual_server = "wimax-asn"
        coa_server = "coa"
 }
radiusd: #### Instantiating modules ####
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating module "exec" from file /etc/raddb/modules/exec
  exec {
        wait = no
        input_pairs = "request"
        shell_escape = yes
  }
 Module: Linked to module rlm_expr
 Module: Instantiating module "expr" from file /etc/raddb/modules/expr
 Module: Linked to module rlm_expiration
 Module: Instantiating module "expiration" from file /etc/raddb/modules/expiration
  expiration {
        reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating module "logintime" from file /etc/raddb/modules/logintime
  logintime {
        reply-message = "You are calling outside your allowed timespan  "
        minimum-timeout = 60
  }
 }
radiusd: #### Loading Virtual Servers ####
server alvarion-tdd { # from file /etc/raddb/sites-enabled/alvarion-tdd
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_pap
 Module: Instantiating module "pap" from file /etc/raddb/modules/pap
  pap {
        encryption_scheme = "auto"
        auto_header = no
  }
 Module: Linked to module rlm_chap
 Module: Instantiating module "chap" from file /etc/raddb/modules/chap
 Module: Linked to module rlm_mschap
 Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap
  mschap {
        use_mppe = yes
        require_encryption = no
        require_strong = no
        with_ntdomain_hack = no
  }
 Module: Linked to module rlm_eap
 Module: Instantiating module "eap" from file /etc/raddb/eap.conf
  eap {
        default_eap_type = "ttls"
        timer_expire = 60
        ignore_unknown_eap_types = yes
        cisco_accounting_username_bug = no
        max_sessions = 2048
  }
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
        rsa_key_exchange = no
        dh_key_exchange = yes
        rsa_key_length = 512
        dh_key_length = 512
        verify_depth = 0
        CA_path = "/etc/raddb/certs"
        pem_file_type = yes
        private_key_file = "/etc/raddb/certs/radius1_key.pem"
        certificate_file = "/etc/raddb/certs/radius1_chain.pem"
        CA_file = "/etc/raddb/certs/ca.pem"
        private_key_password = "FreeRADIUS"
        dh_file = "/etc/raddb/certs/dh"
        random_file = "/etc/raddb/certs/random"
        fragment_size = 1024
        include_length = yes
        check_crl = no
        cipher_list = "DEFAULT"
    cache {
        enable = yes
        lifetime = 24
        max_entries = 4096
    }
    verify {
    }
   }
 Module: Linked to sub-module rlm_eap_ttls
 Module: Instantiating eap-ttls
   ttls {
        default_eap_type = "mschapv2"
        copy_request_to_tunnel = yes
        use_tunneled_reply = yes
        virtual_server = "inner-tunnel"
        include_length = yes
   }
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating module "preprocess" from file /etc/raddb/modules/preprocess
  preprocess {
        huntgroups = "/etc/raddb/huntgroups"
        hints = "/etc/raddb/hints"
        with_ascend_hack = no
        ascend_channels_per_line = 23
        with_ntdomain_hack = no
        with_specialix_jetstream_hack = no
        with_cisco_vsa_hack = no
        with_alvarion_vsa_hack = no
  }
 Module: Linked to module rlm_realm
 Module: Instantiating module "suffix" from file /etc/raddb/modules/realm
  realm suffix {
        format = "suffix"
        delimiter = "@"
        ignore_default = no
        ignore_null = no
  }
 Module: Linked to module rlm_sql
 Module: Instantiating module "sqllocal" from file /etc/raddb/sql-wisper.conf
  sql sqllocal {
        driver = "rlm_sql_mysql"
        server = "localhost"
        port = ""
        login = "radius"
        password = "blah"
        radius_db = "radius2"
        read_groups = yes
        sqltrace = no
        sqltracefile = "/var/log/radius/sqltrace.sql"
        readclients = yes
        deletestalesessions = yes
        num_sql_socks = 15
        lifetime = 0
        max_queries = 0
        sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}"
        default_user_profile = ""
        nas_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
        authorize_check_query = "SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = BINARY '%{SQL-User-Name}'           ORDER BY id"
        authorize_reply_query = "SELECT id, username, attribute, value, op           FROM radreply           WHERE username = BINARY '%{SQL-User-Name}'           ORDER BY id"
        authorize_group_check_query = "SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'           ORDER BY id"
        authorize_group_reply_query = "SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           ORDER BY id"
        accounting_onoff_query = "          UPDATE radacct           SET              acctstoptime       =  '%S',              acctsessiontime    =  unix_timestamp('%S') -                                    unix_timestamp(acctstarttime),              acctterminatecause =  '%{Acct-Terminate-Cause}',              acctstopdelay      =  %{%{Acct-Delay-Time}:-0}           WHERE acctstoptime IS NULL           AND nasipaddress      =  '%{NAS-IP-Address}'           AND acctstarttime     <= '%S'"
        accounting_update_query = "           UPDATE radacct           SET              framedipaddress = '%{Framed-IP-Address}',              acctsessiontime     = '%{Acct-Session-Time}',              acctinputoctets     = '%{%{Acct-Input-Gigawords}:-0}'  << 32 |                                    '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets    = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                    '%{%{Acct-Output-Octets}:-0}'           WHERE acctsessionid = '%{Acct-Session-Id}'           AND username        = '%{SQL-User-Name}'           AND nasipaddress    = '%{NAS-IP-Address}'"
        accounting_update_query_alt = "           INSERT INTO radacct             (acctsessionid,    acctuniqueid,      username,              realm,            nasipaddress,      nasportid,              nasporttype,      acctstarttime,     acctsessiontime,              acctauthentic,    connectinfo_start, acctinputoctets,              acctoutputoctets, calledstationid,   callingstationid,              servicetype,      framedprotocol,    framedipaddress,              acctstartdelay,   xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}',              DATE_SUB('%S',                       INTERVAL (%{%{Acct-Session-Time}:-0} +                                 %{%{Acct-Delay-Time}:-0}) SECOND),                       '%{Acct-Session-Time}',              '%{Acct-Authentic}', '',              '%{%{Acct-Input-Gigawords}:-0}' << 32 |              '%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}' << 32 |              '%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}', '%{Calling-Station-Id}',              '%{Service-Type}', '%{Framed-Protocol}',              '%{Framed-IP-Address}',              '0', '%{X-Ascend-Session-Svr-Key}')"
        accounting_start_query = "           INSERT INTO radacct             (acctsessionid,    acctuniqueid,     username,              realm,            nasipaddress,     nasportid,              nasporttype,      acctstarttime,    acctstoptime,              acctsessiontime,  acctauthentic,    connectinfo_start,              connectinfo_stop, acctinputoctets,  acctoutputoctets,              calledstationid,  callingstationid, acctterminatecause,              servicetype,      framedprotocol,   framedipaddress,              acctstartdelay,   acctstopdelay,    xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,              '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0', '0',              '%{Called-Station-Id}', '%{Calling-Station-Id}', '',              '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',              '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
        accounting_start_query_alt = "           UPDATE radacct SET              acctstarttime     = '%S',              acctstartdelay    = '%{%{Acct-Delay-Time}:-0}',              connectinfo_start = '%{Connect-Info}'           WHERE acctsessionid  = '%{Acct-Session-Id}'           AND username         = '%{SQL-User-Name}'           AND nasipaddress     = '%{NAS-IP-Address}'"
        accounting_stop_query = "           UPDATE radacct SET              acctstoptime       = '%S',              acctsessiontime    = '%{Acct-Session-Time}',              acctinputoctets    = '%{%{Acct-Input-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets   = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Output-Octets}:-0}',              acctterminatecause = '%{Acct-Terminate-Cause}',              acctstopdelay      = '%{%{Acct-Delay-Time}:-0}',              connectinfo_stop   = '%{Connect-Info}'           WHERE acctsessionid   = '%{Acct-Session-Id}'           AND username          = '%{SQL-User-Name}'           AND nasipaddress      = '%{NAS-IP-Address}'"
        accounting_stop_query_alt = "           INSERT INTO radacct             (acctsessionid, acctuniqueid, username,              realm, nasipaddress, nasportid,              nasporttype, acctstarttime, acctstoptime,              acctsessiontime, acctauthentic, connectinfo_start,              connectinfo_stop, acctinputoctets, acctoutputoctets,              calledstationid, callingstationid, acctterminatecause,              servicetype, framedprotocol, framedipaddress,              acctstartdelay, acctstopdelay)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}',              DATE_SUB('%S',                  INTERVAL (%{%{Acct-Session-Time}:-0} +                  %{%{Acct-Delay-Time}:-0}) SECOND),              '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '',              '%{Connect-Info}',              '%{%{Acct-Input-Gigawords}:-0}' << 32 |              '%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}' << 32 |              '%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}', '%{Calling-Station-Id}',              '%{Acct-Terminate-Cause}',              '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',              '0', '%{%{Acct-Delay-Time}:-0}')"
        group_membership_query = "SELECT groupname           FROM radusergroup           WHERE username = BINARY '%{SQL-User-Name}'           ORDER BY priority"
        connect_failure_retry_delay = 60
        simul_count_query = ""
        simul_verify_query = "SELECT radacctid, acctsessionid, username,                                nasipaddress, nasportid, framedipaddress,                                callingstationid, framedprotocol                                FROM radacct                                WHERE username = '%{SQL-User-Name}'                                AND acctstoptime IS NULL"
        postauth_query = "INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '%{User-Name}',                           '%{%{User-Password}:-%{Chap-Password}}',                           '%{reply:Packet-Type}', '%S')"
        safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /{}"
  }
rlm_sql Creating new attribute sqllocal-SQL-Group
rlm_sql: Registering sql_groupcmp for sqllocal-SQL-Group
rlm_sql (sqllocal): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sqllocal): Attempting to connect to radius@localhost:/radius2
rlm_sql (sqllocal): starting 0
rlm_sql (sqllocal): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sqllocal): Connected new DB handle, #0
rlm_sql (sqllocal): starting 1
rlm_sql (sqllocal): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sqllocal): Connected new DB handle, #1
rlm_sql (sqllocal): starting 2
rlm_sql (sqllocal): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sqllocal): Connected new DB handle, #2
rlm_sql (sqllocal): starting 3
rlm_sql (sqllocal): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sqllocal): Connected new DB handle, #3
rlm_sql (sqllocal): starting 4
rlm_sql (sqllocal): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sqllocal): Connected new DB handle, #4
rlm_sql (sqllocal): starting 5
rlm_sql (sqllocal): Attempting to connect rlm_sql_mysql #5
rlm_sql_mysql: Starting connect to MySQL server for #5
rlm_sql (sqllocal): Connected new DB handle, #5
rlm_sql (sqllocal): starting 6
rlm_sql (sqllocal): Attempting to connect rlm_sql_mysql #6
rlm_sql_mysql: Starting connect to MySQL server for #6
rlm_sql (sqllocal): Connected new DB handle, #6
rlm_sql (sqllocal): starting 7
rlm_sql (sqllocal): Attempting to connect rlm_sql_mysql #7
rlm_sql_mysql: Starting connect to MySQL server for #7
rlm_sql (sqllocal): Connected new DB handle, #7
rlm_sql (sqllocal): starting 8
rlm_sql (sqllocal): Attempting to connect rlm_sql_mysql #8
rlm_sql_mysql: Starting connect to MySQL server for #8
rlm_sql (sqllocal): Connected new DB handle, #8
rlm_sql (sqllocal): starting 9
rlm_sql (sqllocal): Attempting to connect rlm_sql_mysql #9
rlm_sql_mysql: Starting connect to MySQL server for #9
rlm_sql (sqllocal): Connected new DB handle, #9
rlm_sql (sqllocal): starting 10
rlm_sql (sqllocal): Attempting to connect rlm_sql_mysql #10
rlm_sql_mysql: Starting connect to MySQL server for #10
rlm_sql (sqllocal): Connected new DB handle, #10
rlm_sql (sqllocal): starting 11
rlm_sql (sqllocal): Attempting to connect rlm_sql_mysql #11
rlm_sql_mysql: Starting connect to MySQL server for #11
rlm_sql (sqllocal): Connected new DB handle, #11
rlm_sql (sqllocal): starting 12
rlm_sql (sqllocal): Attempting to connect rlm_sql_mysql #12
rlm_sql_mysql: Starting connect to MySQL server for #12
rlm_sql (sqllocal): Connected new DB handle, #12
rlm_sql (sqllocal): starting 13
rlm_sql (sqllocal): Attempting to connect rlm_sql_mysql #13
rlm_sql_mysql: Starting connect to MySQL server for #13
rlm_sql (sqllocal): Connected new DB handle, #13
rlm_sql (sqllocal): starting 14
rlm_sql (sqllocal): Attempting to connect rlm_sql_mysql #14
rlm_sql_mysql: Starting connect to MySQL server for #14
rlm_sql (sqllocal): Connected new DB handle, #14
rlm_sql (sqllocal): Processing generate_sql_clients
rlm_sql (sqllocal) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas
rlm_sql (sqllocal): Reserving sql socket id: 14
...snip
rlm_sql (sqllocal): Released sql socket id: 14
 Module: Instantiating module "sqlmain" from file /etc/raddb/sql-wisper.conf
  sql sqlmain {
        driver = "rlm_sql_mysql"
        server = "172.17.0.150"
        port = ""
        login = "radius"
        password = "blah"
        radius_db = "radius2"
        read_groups = yes
        sqltrace = no
        sqltracefile = "/var/log/radius/sqltrace.sql"
        readclients = yes
        deletestalesessions = yes
        num_sql_socks = 15
        lifetime = 0
        max_queries = 0
        sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}"
        default_user_profile = ""
        nas_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
        authorize_check_query = "SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = BINARY '%{SQL-User-Name}'           ORDER BY id"
        authorize_reply_query = "SELECT id, username, attribute, value, op           FROM radreply           WHERE username = BINARY '%{SQL-User-Name}'           ORDER BY id"
        authorize_group_check_query = "SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'           ORDER BY id"
        authorize_group_reply_query = "SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           ORDER BY id"
        accounting_onoff_query = "          UPDATE radacct           SET              acctstoptime       =  '%S',              acctsessiontime    =  unix_timestamp('%S') -                                    unix_timestamp(acctstarttime),              acctterminatecause =  '%{Acct-Terminate-Cause}',              acctstopdelay      =  %{%{Acct-Delay-Time}:-0}           WHERE acctstoptime IS NULL           AND nasipaddress      =  '%{NAS-IP-Address}'           AND acctstarttime     <= '%S'"
        accounting_update_query = "           UPDATE radacct           SET              framedipaddress = '%{Framed-IP-Address}',              acctsessiontime     = '%{Acct-Session-Time}',              acctinputoctets     = '%{%{Acct-Input-Gigawords}:-0}'  << 32 |                                    '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets    = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                    '%{%{Acct-Output-Octets}:-0}'           WHERE acctsessionid = '%{Acct-Session-Id}'           AND username        = '%{SQL-User-Name}'           AND nasipaddress    = '%{NAS-IP-Address}'"
        accounting_update_query_alt = "           INSERT INTO radacct             (acctsessionid,    acctuniqueid,      username,              realm,            nasipaddress,      nasportid,              nasporttype,      acctstarttime,     acctsessiontime,              acctauthentic,    connectinfo_start, acctinputoctets,              acctoutputoctets, calledstationid,   callingstationid,              servicetype,      framedprotocol,    framedipaddress,              acctstartdelay,   xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}',              DATE_SUB('%S',                       INTERVAL (%{%{Acct-Session-Time}:-0} +                                 %{%{Acct-Delay-Time}:-0}) SECOND),                       '%{Acct-Session-Time}',              '%{Acct-Authentic}', '',              '%{%{Acct-Input-Gigawords}:-0}' << 32 |              '%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}' << 32 |              '%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}', '%{Calling-Station-Id}',              '%{Service-Type}', '%{Framed-Protocol}',              '%{Framed-IP-Address}',              '0', '%{X-Ascend-Session-Svr-Key}')"
        accounting_start_query = "           INSERT INTO radacct             (acctsessionid,    acctuniqueid,     username,              realm,            nasipaddress,     nasportid,              nasporttype,      acctstarttime,    acctstoptime,              acctsessiontime,  acctauthentic,    connectinfo_start,              connectinfo_stop, acctinputoctets,  acctoutputoctets,              calledstationid,  callingstationid, acctterminatecause,              servicetype,      framedprotocol,   framedipaddress,              acctstartdelay,   acctstopdelay,    xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,              '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0', '0',              '%{Called-Station-Id}', '%{Calling-Station-Id}', '',              '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',              '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
        accounting_start_query_alt = "           UPDATE radacct SET              acctstarttime     = '%S',              acctstartdelay    = '%{%{Acct-Delay-Time}:-0}',              connectinfo_start = '%{Connect-Info}'           WHERE acctsessionid  = '%{Acct-Session-Id}'           AND username         = '%{SQL-User-Name}'           AND nasipaddress     = '%{NAS-IP-Address}'"
        accounting_stop_query = "           UPDATE radacct SET              acctstoptime       = '%S',              acctsessiontime    = '%{Acct-Session-Time}',              acctinputoctets    = '%{%{Acct-Input-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets   = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Output-Octets}:-0}',              acctterminatecause = '%{Acct-Terminate-Cause}',              acctstopdelay      = '%{%{Acct-Delay-Time}:-0}',              connectinfo_stop   = '%{Connect-Info}'           WHERE acctsessionid   = '%{Acct-Session-Id}'           AND username          = '%{SQL-User-Name}'           AND nasipaddress      = '%{NAS-IP-Address}'"
        accounting_stop_query_alt = "           INSERT INTO radacct             (acctsessionid, acctuniqueid, username,              realm, nasipaddress, nasportid,              nasporttype, acctstarttime, acctstoptime,              acctsessiontime, acctauthentic, connectinfo_start,              connectinfo_stop, acctinputoctets, acctoutputoctets,              calledstationid, callingstationid, acctterminatecause,              servicetype, framedprotocol, framedipaddress,              acctstartdelay, acctstopdelay)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}',              DATE_SUB('%S',                  INTERVAL (%{%{Acct-Session-Time}:-0} +                  %{%{Acct-Delay-Time}:-0}) SECOND),              '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '',              '%{Connect-Info}',              '%{%{Acct-Input-Gigawords}:-0}' << 32 |              '%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}' << 32 |              '%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}', '%{Calling-Station-Id}',              '%{Acct-Terminate-Cause}',              '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',              '0', '%{%{Acct-Delay-Time}:-0}')"
        group_membership_query = "SELECT groupname           FROM radusergroup           WHERE username = BINARY '%{SQL-User-Name}'           ORDER BY priority"
        connect_failure_retry_delay = 60
        simul_count_query = ""
        simul_verify_query = "SELECT radacctid, acctsessionid, username,                                nasipaddress, nasportid, framedipaddress,                                callingstationid, framedprotocol                                FROM radacct                                WHERE username = '%{SQL-User-Name}'                                AND acctstoptime IS NULL"
        postauth_query = "INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '%{User-Name}',                           '%{%{User-Password}:-%{Chap-Password}}',                           '%{reply:Packet-Type}', '%S')"
        safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /{}"
  }
rlm_sql Creating new attribute sqlmain-SQL-Group
rlm_sql: Registering sql_groupcmp for sqlmain-SQL-Group
rlm_sql (sqlmain): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sqlmain): Attempting to connect to radius@172.17.0.150:/radius2
rlm_sql (sqlmain): starting 0
rlm_sql (sqlmain): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sqlmain): Connected new DB handle, #0
rlm_sql (sqlmain): starting 1
rlm_sql (sqlmain): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sqlmain): Connected new DB handle, #1
rlm_sql (sqlmain): starting 2
rlm_sql (sqlmain): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sqlmain): Connected new DB handle, #2
rlm_sql (sqlmain): starting 3
rlm_sql (sqlmain): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sqlmain): Connected new DB handle, #3
rlm_sql (sqlmain): starting 4
rlm_sql (sqlmain): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sqlmain): Connected new DB handle, #4
rlm_sql (sqlmain): starting 5
rlm_sql (sqlmain): Attempting to connect rlm_sql_mysql #5
rlm_sql_mysql: Starting connect to MySQL server for #5
rlm_sql (sqlmain): Connected new DB handle, #5
rlm_sql (sqlmain): starting 6
rlm_sql (sqlmain): Attempting to connect rlm_sql_mysql #6
rlm_sql_mysql: Starting connect to MySQL server for #6
rlm_sql (sqlmain): Connected new DB handle, #6
rlm_sql (sqlmain): starting 7
rlm_sql (sqlmain): Attempting to connect rlm_sql_mysql #7
rlm_sql_mysql: Starting connect to MySQL server for #7
rlm_sql (sqlmain): Connected new DB handle, #7
rlm_sql (sqlmain): starting 8
rlm_sql (sqlmain): Attempting to connect rlm_sql_mysql #8
rlm_sql_mysql: Starting connect to MySQL server for #8
rlm_sql (sqlmain): Connected new DB handle, #8
rlm_sql (sqlmain): starting 9
rlm_sql (sqlmain): Attempting to connect rlm_sql_mysql #9
rlm_sql_mysql: Starting connect to MySQL server for #9
rlm_sql (sqlmain): Connected new DB handle, #9
rlm_sql (sqlmain): starting 10
rlm_sql (sqlmain): Attempting to connect rlm_sql_mysql #10
rlm_sql_mysql: Starting connect to MySQL server for #10
rlm_sql (sqlmain): Connected new DB handle, #10
rlm_sql (sqlmain): starting 11
rlm_sql (sqlmain): Attempting to connect rlm_sql_mysql #11
rlm_sql_mysql: Starting connect to MySQL server for #11
rlm_sql (sqlmain): Connected new DB handle, #11
rlm_sql (sqlmain): starting 12
rlm_sql (sqlmain): Attempting to connect rlm_sql_mysql #12
rlm_sql_mysql: Starting connect to MySQL server for #12
rlm_sql (sqlmain): Connected new DB handle, #12
rlm_sql (sqlmain): starting 13
rlm_sql (sqlmain): Attempting to connect rlm_sql_mysql #13
rlm_sql_mysql: Starting connect to MySQL server for #13
rlm_sql (sqlmain): Connected new DB handle, #13
rlm_sql (sqlmain): starting 14
rlm_sql (sqlmain): Attempting to connect rlm_sql_mysql #14
rlm_sql_mysql: Starting connect to MySQL server for #14
rlm_sql (sqlmain): Connected new DB handle, #14
rlm_sql (sqlmain): Processing generate_sql_clients
rlm_sql (sqlmain) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas
... snip
rlm_sql (sqlmain): Released sql socket id: 14
 Module: Checking preacct {...} for more modules to load
 Module: Linked to module rlm_acct_unique
 Module: Instantiating module "acct_unique" from file /etc/raddb/modules/acct_unique
  acct_unique {
        key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  }
 Module: Checking accounting {...} for more modules to load
 Module: Linked to module rlm_detail
 Module: Instantiating module "detail_wisper" from file /etc/raddb/modules/detail.wisper
  detail detail_wisper {
        detailfile = "/var/log/radius/radacct/wisper/detail-%Y%m%d"
        header = "%t"
        detailperm = 432
        dirperm = 493
        locking = no
        log_packet_header = no
  }
 Module: Linked to module rlm_always
 Module: Instantiating module "ok" from file /etc/raddb/modules/always
  always ok {
        rcode = "ok"
        simulcount = 0
        mpp = no
  }
 Module: Linked to module rlm_attr_filter
 Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb/modules/attr_filter
  attr_filter attr_filter.accounting_response {
        attrsfile = "/etc/raddb/attrs.accounting_response"
        key = "%{User-Name}"
  }
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 Module: Instantiating module "attr_filter.alvarion_tdd" from file /etc/raddb/modules/attr_filter
  attr_filter attr_filter.alvarion_tdd {
        attrsfile = "/etc/raddb/attrs.alvarion_tdd"
        key = "%{User-Name}"
  }
 Module: Instantiating module "attr_filter.access_reject" from file /etc/raddb/modules/attr_filter
  attr_filter attr_filter.access_reject {
        attrsfile = "/etc/raddb/attrs.access_reject"
        key = "%{User-Name}"
  }
 } # modules
} # server
server wimax-asn { # from file /etc/raddb/sites-enabled/wimax-asn
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Checking authorize {...} for more modules to load
 Module: Loading virtual module init_wimax
 Module: Loading virtual module verify_wimax_asn
 Module: Instantiating module "reject" from file /etc/raddb/modules/always
  always reject {
        rcode = "reject"
        simulcount = 0
        mpp = no
  }
 Module: Instantiating module "noop" from file /etc/raddb/modules/always
  always noop {
        rcode = "noop"
        simulcount = 0
        mpp = no
  }
 Module: Linked to module rlm_wimax
 Module: Instantiating module "wimax" from file /etc/raddb/modules/wimax
  wimax {
        delete_mppe_keys = no
  }
 Module: Checking preacct {...} for more modules to load
 Module: Checking accounting {...} for more modules to load
 Module: Instantiating module "detail_wimax" from file /etc/raddb/modules/detail.wimax
  detail detail_wimax {
        detailfile = "/var/log/radius/radacct/wimax/detail-%Y%m%d"
        header = "%t"
        detailperm = 432
        dirperm = 493
        locking = no
        log_packet_header = no
  }
 Module: Instantiating module "sqlsession" from file /etc/raddb/sql-wisper.conf
  sql sqlsession {
        driver = "rlm_sql_mysql"
        server = "172.17.0.150"
        port = ""
        login = "radius"
        password = "blah"
        radius_db = "radius2"
        read_groups = no
        sqltrace = no
        sqltracefile = "/var/log/radius/sqltrace.sql"
        readclients = no
        deletestalesessions = no
        num_sql_socks = 15
        lifetime = 0
        max_queries = 0
        sql_user_name = "%{User-Name}"
        default_user_profile = ""
        nas_query = "SELECT id,nasname,shortname,type,secret FROM nas"
        authorize_check_query = "SELECT id, username, 'WiMAX-hHA-IP-MIP4' as attribute, `hha-ip-address` as value, '==' as op    FROM wimax      WHERE username = BINARY '%{SQL-User-Name}'"
        authorize_reply_query = "select id, username, 'WiMAX-MN-hHA-MIP4-Key' as attribute, `mn-ha-key` as value, ':=' as op     FROM wimax      WHERE username = BINARY '%{SQL-User-Name}' AND `mn-ha-key-spi` = %{WiMAX-MN-hHA-MIP4-SPI}"
        authorize_group_check_query = ""
        authorize_group_reply_query = ""
        accounting_onoff_query = ""
        accounting_update_query = ""
        accounting_update_query_alt = ""
        accounting_start_query = ""
        accounting_start_query_alt = ""
        accounting_stop_query = "           DELETE FROM wimax           WHERE `username`                = BINARY '%{SQL-User-Name}'       AND `wimax-session-id`        = '%{Acct-Multi-Session-Id}'"
        accounting_stop_query_alt = ""
        connect_failure_retry_delay = 60
        simul_count_query = ""
        simul_verify_query = ""
        postauth_query = "INSERT INTO wimax                           (`username`,      `wimax-session-id`,     `calling-station-id`,                            `nas-id`,    `nas-ip-address`, `framed-ip-address`,                      `mip-rk`,                            `fa-rk`,     `fa-rk-spi`,               `mn-ha-key`,                            `mn-ha-spi`,    `hha-ip-address`,       `vha-ip-address`,                            `authdate`,       `lifetime` )                           VALUES (                            '%{SQL-User-Name}',                            %{reply:WiMAX-AAA-Session-Id},                 '%{Calling-Station-Id}',                            '%{NAS-Identifier}',                            '%{NAS-IP-Address}',                            '%{reply:Framed-IP-Address}',                        NULL,                            %{%{reply:WiMAX-FA-RK-Key}:-NULL},                            %{%{reply:WiMAX-FA-RK-SPI}:-NULL},                            %{%{reply:WiMAX-MN-hHA-MIP4-Key}:-%{%{reply:WiMAX-MN-hHA-MIP6-Key}:-NULL}},                      %{%{reply:WiMAX-MN-hHA-MIP4-SPI}:-%{%{reply:WiMAX-MN-hHA-MIP6-SPI}:-NULL}},                     '%{%{reply:WiMAX-hHA-IP-MIP4}:-%{reply:WiMAX-hHA-IP-MIP6}}',          '%{%{reply:WiMAX-vHA-IP-MIP4}:-%{reply:WiMAX-vHA-IP-MIP6}}',                     '%S', '%{%{reply:Session-Timeout}:-86400}' )"
        safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  }
rlm_sql Creating new attribute sqlsession-SQL-Group
rlm_sql (sqlsession): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sqlsession): Attempting to connect to radius@172.17.0.150:/radius2
rlm_sql (sqlsession): starting 0
rlm_sql (sqlsession): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sqlsession): Connected new DB handle, #0
rlm_sql (sqlsession): starting 1
rlm_sql (sqlsession): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sqlsession): Connected new DB handle, #1
rlm_sql (sqlsession): starting 2
rlm_sql (sqlsession): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sqlsession): Connected new DB handle, #2
rlm_sql (sqlsession): starting 3
rlm_sql (sqlsession): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sqlsession): Connected new DB handle, #3
rlm_sql (sqlsession): starting 4
rlm_sql (sqlsession): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sqlsession): Connected new DB handle, #4
rlm_sql (sqlsession): starting 5
rlm_sql (sqlsession): Attempting to connect rlm_sql_mysql #5
rlm_sql_mysql: Starting connect to MySQL server for #5
rlm_sql (sqlsession): Connected new DB handle, #5
rlm_sql (sqlsession): starting 6
rlm_sql (sqlsession): Attempting to connect rlm_sql_mysql #6
rlm_sql_mysql: Starting connect to MySQL server for #6
rlm_sql (sqlsession): Connected new DB handle, #6
rlm_sql (sqlsession): starting 7
rlm_sql (sqlsession): Attempting to connect rlm_sql_mysql #7
rlm_sql_mysql: Starting connect to MySQL server for #7
rlm_sql (sqlsession): Connected new DB handle, #7
rlm_sql (sqlsession): starting 8
rlm_sql (sqlsession): Attempting to connect rlm_sql_mysql #8
rlm_sql_mysql: Starting connect to MySQL server for #8
rlm_sql (sqlsession): Connected new DB handle, #8
rlm_sql (sqlsession): starting 9
rlm_sql (sqlsession): Attempting to connect rlm_sql_mysql #9
rlm_sql_mysql: Starting connect to MySQL server for #9
rlm_sql (sqlsession): Connected new DB handle, #9
rlm_sql (sqlsession): starting 10
rlm_sql (sqlsession): Attempting to connect rlm_sql_mysql #10
rlm_sql_mysql: Starting connect to MySQL server for #10
rlm_sql (sqlsession): Connected new DB handle, #10
rlm_sql (sqlsession): starting 11
rlm_sql (sqlsession): Attempting to connect rlm_sql_mysql #11
rlm_sql_mysql: Starting connect to MySQL server for #11
rlm_sql (sqlsession): Connected new DB handle, #11
rlm_sql (sqlsession): starting 12
rlm_sql (sqlsession): Attempting to connect rlm_sql_mysql #12
rlm_sql_mysql: Starting connect to MySQL server for #12
rlm_sql (sqlsession): Connected new DB handle, #12
rlm_sql (sqlsession): starting 13
rlm_sql (sqlsession): Attempting to connect rlm_sql_mysql #13
rlm_sql_mysql: Starting connect to MySQL server for #13
rlm_sql (sqlsession): Connected new DB handle, #13
rlm_sql (sqlsession): starting 14
rlm_sql (sqlsession): Attempting to connect rlm_sql_mysql #14
rlm_sql_mysql: Starting connect to MySQL server for #14
rlm_sql (sqlsession): Connected new DB handle, #14
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 Module: Instantiating module "handled" from file /etc/raddb/modules/always
  always handled {
        rcode = "handled"
        simulcount = 0
        mpp = no
  }
 } # modules
} # server
server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Checking authorize {...} for more modules to load
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 } # modules
} # server
server buffered-sql-wimax { # from file /etc/raddb/sites-enabled/buffered-sql-wimax
 modules {
 Module: Checking preacct {...} for more modules to load
 Module: Checking accounting {...} for more modules to load
 } # modules
} # server
server originate-coa-wimax { # from file /etc/raddb/sites-enabled/originate-coa-wimax
 modules {
 Module: Checking post-proxy {...} for more modules to load
 Module: Instantiating module "fail" from file /etc/raddb/modules/always
  always fail {
        rcode = "fail"
        simulcount = 0
        mpp = no
  }
 } # modules
} # server
server canopy { # from file /etc/raddb/sites-enabled/canopy
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Instantiating module "eap_canopy" from file /etc/raddb/eap-canopy.conf
  eap eap_canopy {
        default_eap_type = "ttls"
        timer_expire = 60
        ignore_unknown_eap_types = yes
        cisco_accounting_username_bug = no
        max_sessions = 2048
  }
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
        rsa_key_exchange = no
        dh_key_exchange = yes
        rsa_key_length = 512
        dh_key_length = 512
        verify_depth = 0
        CA_path = "/etc/raddb/certs"
        pem_file_type = yes
        private_key_file = "/etc/raddb/certs/server-canopy.key"
        certificate_file = "/etc/raddb/certs/server-canopy.pem"
        CA_file = "/etc/raddb/certs/ca-canopy.pem"
        private_key_password = "blah"
        dh_file = "/etc/raddb/certs/dh"
        random_file = "/etc/raddb/certs/random"
        fragment_size = 1024
        include_length = yes
        check_crl = no
        cipher_list = "DEFAULT"
    cache {
        enable = yes
        lifetime = 24
        max_entries = 0
    }
    verify {
    }
   }
 Module: Linked to sub-module rlm_eap_ttls
 Module: Instantiating eap-ttls
   ttls {
        default_eap_type = "mschapv2"
        copy_request_to_tunnel = no
        use_tunneled_reply = yes
        virtual_server = "inner-tunnel"
        include_length = yes
   }
 Module: Checking authorize {...} for more modules to load
 Module: Checking preacct {...} for more modules to load
 Module: Checking accounting {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 } # modules
} # server
server status { # from file /etc/raddb/sites-enabled/status
 modules {
 Module: Checking authorize {...} for more modules to load
 } # modules
} # server
server buffered-sql-wisper { # from file /etc/raddb/sites-enabled/buffered-sql-wisper
 modules {
 Module: Checking preacct {...} for more modules to load
 Module: Checking accounting {...} for more modules to load
 } # modules
} # server
server { # from file /etc/raddb/radiusd.conf
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Checking authorize {...} for more modules to load
 Module: Checking preacct {...} for more modules to load
 Module: Checking accounting {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 } # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
        type = "auth"
        ipaddr = *
        port = 0
}
listen {
        type = "acct"
        ipaddr = *
        port = 0
}
listen {
        type = "control"
 listen {
        socket = "/var/run/radiusd/radiusd.sock"
 }
}
listen {
        type = "detail"
  listen {
        filename = "/var/log/radius/radacct/wimax/detail-*"
        load_factor = 10
        poll_interval = 20
        retry_interval = 30
  }
}
listen {
        type = "status"
        ipaddr = *
        port = 18120
  client admin {
        ipaddr = 127.0.0.1
        require_message_authenticator = no
        secret = "blah"
  }
  client cacti {
        ipaddr = 172.17.0.138
        require_message_authenticator = no
        secret = "blah"
  }
}
listen {
        type = "detail"
  listen {
        filename = "/var/log/radius/radacct/wisper/detail-*"
        load_factor = 10
        poll_interval = 10
        retry_interval = 30
  }
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on detail file /var/log/radius/radacct/wimax/detail-* as server buffered-sql-wimax
Detail listener /var/log/radius/radacct/wimax/detail-* state unopened signalled 0 waiting 20.000000 sec
Listening on status address * port 18120 as server status
Listening on detail file /var/log/radius/radacct/wisper/detail-* as server buffered-sql-wisper
Detail listener /var/log/radius/radacct/wisper/detail-* state unopened signalled 0 waiting 10.000000 sec
Listening on proxy address * port 1814
Waking up in 9.9 seconds.
Polling for detail file /var/log/radius/radacct/wimax/detail-*
Detail listener /var/log/radius/radacct/wimax/detail-* state unopened signalled 0 waiting 19.957937 sec
Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/wisper/detail-*
Detail listener /var/log/radius/radacct/wisper/detail-* state unopened signalled 0 waiting 9.775853 sec
Waking up in 9.7 seconds.
Polling for detail file /var/log/radius/radacct/wisper/detail-*
Detail listener /var/log/radius/radacct/wisper/detail-* state unopened signalled 0 waiting 9.775887 sec
Waking up in 9.7 seconds.
rad_recv: Access-Request packet from host 10.0.12.129 port 1273, id=0, length=90
        User-Name = "anonymous"
        NAS-IP-Address = 10.0.12.129
        NAS-Port = 5
        NAS-Port-Type = Wireless-802.11
        Framed-MTU = 1020
        EAP-Message = 0x0201000f01616e6f6e796d6f757300
        Message-Authenticator = 0x65b040497ebaec709ea9214ef25682a4
server canopy {
# Executing section authorize from file /etc/raddb/sites-enabled/canopy
+- entering group authorize {...}
        expand: %{User-Name} -> anonymous
++[reply] returns notfound
++[preprocess] returns ok
[eap_canopy] EAP packet type response id 1 length 15
[eap_canopy] No EAP Start, assuming it's an on-going EAP conversation
++[eap_canopy] returns updated
Found Auth-Type = eap_canopy
# Executing group from file /etc/raddb/sites-enabled/canopy
+- entering group authenticate {...}
[eap_canopy] EAP Identity
[eap_canopy] processing type tls
[tls] Flushing SSL sessions (of #0)
[tls] Initiate
[tls] Start returned 1
++[eap_canopy] returns handled
} # server canopy
Sending Access-Challenge of id 0 to 10.0.12.129 port 1273
        User-Name = "anonymous"
        EAP-Message = 0x010200061520
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc2539648c25183204cf5c8028cb0d506
Finished request 4.
Going to the next request
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 10.0.12.129 port 1273, id=0, length=161
Cleaning up request 4 ID 0 with timestamp +53
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0xc2539648c2518320 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
        User-Name = "anonymous"
        State = 0xc2539648c25183204cf5c8028cb0d506
        NAS-IP-Address = 10.0.12.129
        NAS-Port = 5
        NAS-Port-Type = Wireless-802.11
        Framed-MTU = 1020
        EAP-Message = 0x0202004415800000003a1603010035010000310301c3e593b7cd880289cf8d37db5fcb2973a43640f0f9b9135f1ebf479a08478a2800000a0035002f00040005000a0100
        Message-Authenticator = 0xa93371092d9e966ee0f11b522cad6601
server canopy {
# Executing section authorize from file /etc/raddb/sites-enabled/canopy
+- entering group authorize {...}
        expand: %{User-Name} -> anonymous
++[reply] returns notfound
++[preprocess] returns ok
[eap_canopy] EAP packet type response id 2 length 68
[eap_canopy] Continuing tunnel setup.
++[eap_canopy] returns ok
Found Auth-Type = eap_canopy
# Executing group from file /etc/raddb/sites-enabled/canopy
+- entering group authenticate {...}
[eap_canopy] Request found, released from the list
[eap_canopy] EAP/ttls
[eap_canopy] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
  TLS Length 58
[ttls] Length Included
[ttls] eaptls_verify returned 11 
[ttls]     (other): before/accept initialization
[ttls]     TLS_accept: before/accept initialization
[ttls] <<< TLS 1.0 Handshake [length 0035], ClientHello  
[ttls]     TLS_accept: SSLv3 read client hello A
[ttls] >>> TLS 1.0 Handshake [length 004a], ServerHello  
[ttls]     TLS_accept: SSLv3 write server hello A
[ttls] >>> TLS 1.0 Handshake [length 08fe], Certificate  
[ttls]     TLS_accept: SSLv3 write certificate A
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
[ttls]     TLS_accept: SSLv3 write server done A
[ttls]     TLS_accept: SSLv3 flush data
[ttls]     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase 
In SSL Accept mode  
[ttls] eaptls_process returned 13 
++[eap_canopy] returns handled
} # server canopy
Sending Access-Challenge of id 0 to 10.0.12.129 port 1273
        User-Name = "anonymous"
        EAP-Message = 0x010303f815c00000095b160301004a0200004603014d9490e7f82d8ddf3b36fd4682312bf5a83963c8eafdef75e849f523ed8a786820548ce1cdfea173737e592eeba4c2bf4d4afc86b6e362b690d3f42b5176e37a4100350016030108fe0b0008fa0008f70003e7308203e3308202cba003020102020108300d06092a864886f70d01010505003081b2310b300906035504061302555331123010060355040813094d696e6e65736f74613110300e060355040713074d656c726f736531273025060355040a131e57697370657220576972656c65737320536f6c7574696f6e732c204c4c433128302606092a864886f70d010901161961646d696e40
        EAP-Message = 0x7769737065722d776972656c6573732e636f6d312a30280603550403132157697370657220576972656c65737320536f6c7574696f6e732c204c4c43204341301e170d3031303130313030303030305a170d3134313233313233353935395a30819d310b300906035504061302555331123010060355040813094d696e6e65736f746131273025060355040a131e57697370657220576972656c65737320536f6c7574696f6e732c204c4c43312730250603550403131e7261646975732d6465762e7769737065722d776972656c6573732e636f6d3128302606092a864886f70d010901161961646d696e407769737065722d776972656c6573732e63
        EAP-Message = 0x6f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b3e528772d31d4d5726ef96dfb8aa1717a9edf893a55fe71ba80a6ec6baa57fa79e7d4fa118994d0dce5efe3e89e7f146e0767f0f4bb6cd279eb1dce2cb3012baf3c86d9ca9011d9884e60e328030a396ebfa813f9174300818cce22445ca1d854fd7d63240cf9ceb56b210f1c2e0983714fa90f8cf32c484c4ce18690cf97deb6fa5d9079c44cd5bb5af2d13a8b06f001130047ef6fae6bd57b2d2dd7a0d107444822a952e540cbf407d92a5b2960dfdeb585503bc9f0a6b300894f779da45fae45ef3def3a9eedad7e9b6f58ffb9cbc8c2af2f46fed882368e
        EAP-Message = 0x0cb5b35de5fc5bcec3b1122fed348518f91202482332b408701b288340358b25e3f1108b187b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038201010091924538017294d22e46793b31cbee7af72f85d40b58df8aaa6ba977b33a77b7a4b82c9d1ef301c83ab13c2e9e116bc5cd75017338f24891a9102f2aa0f3dea90e6104a8ab54fa79f9c3a8c335ddbbe92eadc3b7ee957259e335f6e5d417a4e1d467a27f618dbbd734ae203eeb0f59df00fc08df0ead746fc1c07f28ff163d83555f684d1f12f8efe58054ca115da9dd48794233f28698c6027890ca4ab1ca3b1aeaa41619
        EAP-Message = 0x3ee57fcb
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc2539648c35083204cf5c8028cb0d506
Finished request 5.
Going to the next request
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 10.0.12.129 port 1273, id=0, length=99
Cleaning up request 5 ID 0 with timestamp +53
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0xc2539648c3508320 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
        User-Name = "anonymous"
        State = 0xc2539648c35083204cf5c8028cb0d506
        NAS-IP-Address = 10.0.12.129
        NAS-Port = 5
        NAS-Port-Type = Wireless-802.11
        Framed-MTU = 1020
        EAP-Message = 0x020300061500
        Message-Authenticator = 0xf34fe63a74798c718f389f3bbd927a25
server canopy {
# Executing section authorize from file /etc/raddb/sites-enabled/canopy
+- entering group authorize {...}
        expand: %{User-Name} -> anonymous
++[reply] returns notfound
++[preprocess] returns ok
[eap_canopy] EAP packet type response id 3 length 6
[eap_canopy] Continuing tunnel setup.
++[eap_canopy] returns ok
Found Auth-Type = eap_canopy
# Executing group from file /etc/raddb/sites-enabled/canopy
+- entering group authenticate {...}
[eap_canopy] Request found, released from the list
[eap_canopy] EAP/ttls
[eap_canopy] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1 
[ttls] eaptls_process returned 13 
++[eap_canopy] returns handled
} # server canopy
Sending Access-Challenge of id 0 to 10.0.12.129 port 1273
        User-Name = "anonymous"
        EAP-Message = 0x010403f815c00000095b4e098e2c3c712fdac248c36f680b7b0072ec7db3dae6a879b63638c57c6599553b5fa3290acff183ee6ef3d9f5d46b590efe938aa844fdd6f268d9df8de69e3c24f0152e3a645d2e308091cb4c0c28a4ad509a702555d300050a30820506308203eea00302010202090096e848e0eb496252300d06092a864886f70d01010505003081b2310b300906035504061302555331123010060355040813094d696e6e65736f74613110300e060355040713074d656c726f736531273025060355040a131e57697370657220576972656c65737320536f6c7574696f6e732c204c4c433128302606092a864886f70d01090116196164
        EAP-Message = 0x6d696e407769737065722d776972656c6573732e636f6d312a30280603550403132157697370657220576972656c65737320536f6c7574696f6e732c204c4c43204341301e170d3030313233313232303530365a170d3135313232383232303530365a3081b2310b300906035504061302555331123010060355040813094d696e6e65736f74613110300e060355040713074d656c726f736531273025060355040a131e57697370657220576972656c65737320536f6c7574696f6e732c204c4c433128302606092a864886f70d010901161961646d696e407769737065722d776972656c6573732e636f6d312a302806035504031321576973706572
        EAP-Message = 0x20576972656c65737320536f6c7574696f6e732c204c4c4320434130820122300d06092a864886f70d01010105000382010f003082010a0282010100b0517a775fb4d8bf3b98b3a75eeef147c7b24c1894baa7e2bcd00f623df8beae18f0304d172736db5b85f6b628b4cb53fda5a472764229b0564c99a0d6f33656cab25a5abbd6cee7f3c592d501dc8fd279e507ac31d2da174079eceb82bcb0333bb72e80a5ee76a034dff8aebb95d52ed90d74e407609730762596b72d0dfdd30e201603e2a1cf54c8d407e518a3330f9ae7feed645f327efff0fc83a7a6698614a2e15bc66f85ae60ea44c55d5525ad6196ddd40b03a34a0511a52664ad60f8c7
        EAP-Message = 0xd761d3d566dadee5737d641940ca42fa950aa3349960729e1ec2175c9018b817bc457bf54236e7947788b38aa4613776ebd9fb6a1ce6579d1266afe43bbbd50203010001a382011b30820117301d0603551d0e04160414deebd0277d4aa41a7cec953aa7acae03349069853081e70603551d230481df3081dc8014deebd0277d4aa41a7cec953aa7acae0334906985a181b8a481b53081b2310b300906035504061302555331123010060355040813094d696e6e65736f74613110300e060355040713074d656c726f736531273025060355040a131e57697370657220576972656c65737320536f6c7574696f6e732c204c4c433128302606092a8648
        EAP-Message = 0x86f70d01
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc2539648c05783204cf5c8028cb0d506
Finished request 6.
Going to the next request
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 10.0.12.129 port 1273, id=0, length=99
Cleaning up request 6 ID 0 with timestamp +53
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0xc2539648c0578320 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
        User-Name = "anonymous"
        State = 0xc2539648c05783204cf5c8028cb0d506
        NAS-IP-Address = 10.0.12.129
        NAS-Port = 5
        NAS-Port-Type = Wireless-802.11
        Framed-MTU = 1020
        EAP-Message = 0x020400061500
        Message-Authenticator = 0xf0263207349fdf30792dfc479cae98e6
server canopy {
# Executing section authorize from file /etc/raddb/sites-enabled/canopy
+- entering group authorize {...}
        expand: %{User-Name} -> anonymous
++[reply] returns notfound
++[preprocess] returns ok
[eap_canopy] EAP packet type response id 4 length 6
[eap_canopy] Continuing tunnel setup.
++[eap_canopy] returns ok
Found Auth-Type = eap_canopy
# Executing group from file /etc/raddb/sites-enabled/canopy
+- entering group authenticate {...}
[eap_canopy] Request found, released from the list
[eap_canopy] EAP/ttls
[eap_canopy] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1 
[ttls] eaptls_process returned 13 
++[eap_canopy] returns handled
} # server canopy
Sending Access-Challenge of id 0 to 10.0.12.129 port 1273
        User-Name = "anonymous"
        EAP-Message = 0x0105018915800000095b0901161961646d696e407769737065722d776972656c6573732e636f6d312a30280603550403132157697370657220576972656c65737320536f6c7574696f6e732c204c4c4320434182090096e848e0eb496252300c0603551d13040530030101ff300d06092a864886f70d010105050003820101003f8a869aa97312233726fdc11d4a70c617f0b7c997c98e4373a2aba58b2732c3ae0db5654d7ba6734ed418ed7c7fc10af97d0dabafa90e2525aee56e479f0befdd54e87cf83a53ab1512e74959e2658ff483c0dd92dbe84200727f95e3d9c776d97c2952d1b04bafddb98fc42b0e087f902f4728a00ad0744cb613922e
        EAP-Message = 0x4d4eba0fb41acc76f4055ad96e7786315801814b3c1809cff359c49b5c1709af17b79fc3d4987518cfa44f093f4d9f439cf86eb956a65ce9e3d7dad017ec22243b0a1a3bb6210ca731ad5c0bbc199b6d2954492feaa13449cee53b35e3ab92370163b4f24740cafa1c0e29992a2a26f1d19abb722c36e7efb3e91a530427a15b20e8f316030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc2539648c15683204cf5c8028cb0d506
Finished request 7.
Going to the next request
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 10.0.12.129 port 1273, id=0, length=431
Cleaning up request 7 ID 0 with timestamp +53
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0xc2539648c1568320 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
        User-Name = "anonymous"
        State = 0xc2539648c15683204cf5c8028cb0d506
        NAS-IP-Address = 10.0.12.129
        NAS-Port = 5
        NAS-Port-Type = Wireless-802.11
        Framed-MTU = 1020
        EAP-Message = 0x0205015015800000014616030101061000010201005db10c27284bb7f6fc02ea93a0bbd7f2f25f91867e08da0ebe58b14d33b4d6413eec642bde1f3c66459d970c87deb4e2c266cb7ef5148bbd03b46d7cb2d4a9fddb61827aeb29edf76250ab687b7dec61b50bb5079d45ff4057d89feb5aeb58f1c0cc2ac98ce58421c112579fd77d70c657965790f915980fc7881f2790b705ac330ecdd24dc1a31b719befcc7c0e00d24f2036d37464ead2ce25a1773a3c1c4e445649a5b2dabeeb79990345d6fc5f952544b933976eae7b6ada5fb016abe60bad12c2a6e4d6856b01f489bed37314488b0531f4b8a5f98c3f037c9da3c088aee5c3c598908caf25
        EAP-Message = 0x6a727a7539bc8a58b029d093facf1a6db9d57c66b4051df31403010001011603010030ad8ca83d9c5e5784964cd4caeceb18bd7bca83561dec8a20d028e9a55fd80c7a8196290f41fbb799bf26d271e038eeb5
        Message-Authenticator = 0x51ddf340d16c57a58baed766fd479ac9
server canopy {
# Executing section authorize from file /etc/raddb/sites-enabled/canopy
+- entering group authorize {...}
        expand: %{User-Name} -> anonymous
++[reply] returns notfound
++[preprocess] returns ok
[eap_canopy] EAP packet type response id 5 length 253
[eap_canopy] Continuing tunnel setup.
++[eap_canopy] returns ok
Found Auth-Type = eap_canopy
# Executing group from file /etc/raddb/sites-enabled/canopy
+- entering group authenticate {...}
[eap_canopy] Request found, released from the list
[eap_canopy] EAP/ttls
[eap_canopy] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
  TLS Length 326
[ttls] Length Included
[ttls] eaptls_verify returned 11 
[ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange  
[ttls]     TLS_accept: SSLv3 read client key exchange A
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]  
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished  
[ttls]     TLS_accept: SSLv3 read finished A
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]  
[ttls]     TLS_accept: SSLv3 write change cipher spec A
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished  
[ttls]     TLS_accept: SSLv3 write finished A
[ttls]     TLS_accept: SSLv3 flush data
  SSL: adding session 548ce1cdfea173737e592eeba4c2bf4d4afc86b6e362b690d3f42b5176e37a41 to cache
[ttls]     (other): SSL negotiation finished successfully
SSL Connection Established 
[ttls] eaptls_process returned 13 
++[eap_canopy] returns handled
} # server canopy
Sending Access-Challenge of id 0 to 10.0.12.129 port 1273
        User-Name = "anonymous"
        EAP-Message = 0x0106004515800000003b1403010001011603010030af11cf70d4a1223a1654d10a23ebced4f6aa3f866c9cd5ae420bcc24c8529b91bacf4e5ff34ab0089150d7de781edce8
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc2539648c65583204cf5c8028cb0d506
Finished request 8.
Going to the next request
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 10.0.12.129 port 1273, id=0, length=252
Cleaning up request 8 ID 0 with timestamp +54
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0xc2539648c6558320 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
        User-Name = "anonymous"
        State = 0xc2539648c65583204cf5c8028cb0d506
        NAS-IP-Address = 10.0.12.129
        NAS-Port = 5
        NAS-Port-Type = Wireless-802.11
        Framed-MTU = 1020
        EAP-Message = 0x0206009f1580000000951703010090ade1c05aaae973d670b78cd131df01d4cbb9bc8293dd069180b4550fe0dadcf997d229ac0e5b5948287f55b2348d9768a83ef39963a26caad71730bff7610a819720941e310bbaee29018d02f795eb504c03ca879f464755a7a3ff5ead3cbace88b98317451eb3db2b9281f4e4c43599e22319e220c93af774c0ce1a997234848d5d4de51dab7cc6ceff9d39d9dcaacb
        Message-Authenticator = 0xe7f6e11e2a6fb79ec4b8f3b65ab1dc01
server canopy {
# Executing section authorize from file /etc/raddb/sites-enabled/canopy
+- entering group authorize {...}
        expand: %{User-Name} -> anonymous
++[reply] returns notfound
++[preprocess] returns ok
[eap_canopy] EAP packet type response id 6 length 159
[eap_canopy] Continuing tunnel setup.
++[eap_canopy] returns ok
Found Auth-Type = eap_canopy
# Executing group from file /etc/raddb/sites-enabled/canopy
+- entering group authenticate {...}
[eap_canopy] Request found, released from the list
[eap_canopy] EAP/ttls
[eap_canopy] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
  TLS Length 149
[ttls] Length Included
[ttls] eaptls_verify returned 11 
[ttls] eaptls_process returned 7 
[ttls] Session established.  Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
        User-Name = "0a-00-3e-92-3c-58"
        MS-CHAP-Challenge = 0x832c33daf06ed8631b02bd239ac87735
        MS-CHAP2-Response = 0xc60042613cdc91dbce020888b852f31397d9000000000000000093a1a4d8e81bfc7e793b0f67b86b128121d584ba2c348f43
        FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
        User-Name = "0a-00-3e-92-3c-58"
        MS-CHAP-Challenge = 0x832c33daf06ed8631b02bd239ac87735
        MS-CHAP2-Response = 0xc60042613cdc91dbce020888b852f31397d9000000000000000093a1a4d8e81bfc7e793b0f67b86b128121d584ba2c348f43
        FreeRADIUS-Proxied-To = 127.0.0.1
server inner-tunnel {
# Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
++[mschap] returns ok
[suffix] No '@' in User-Name = "0a-00-3e-92-3c-58", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++- entering policy redundant {...}
[sqllocal]      expand: %{Stripped-User-Name} -> 
[sqllocal]      ... expanding second conditional
[sqllocal]      expand: %{User-Name} -> 0a-00-3e-92-3c-58
[sqllocal]      expand: %{%{User-Name}:-DEFAULT} -> 0a-00-3e-92-3c-58
[sqllocal]      expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> 0a-00-3e-92-3c-58
[sqllocal] sql_set_user escaped user --> '0a-00-3e-92-3c-58'
rlm_sql (sqllocal): Reserving sql socket id: 12
[sqllocal]      expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = BINARY '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = BINARY '0a-00-3e-92-3c-58'           ORDER BY id
[sqllocal] User found in radcheck table
[sqllocal]      expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = BINARY '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = BINARY '0a-00-3e-92-3c-58'           ORDER BY id
[sqllocal]      expand: SELECT groupname           FROM radusergroup           WHERE username = BINARY '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = BINARY '0a-00-3e-92-3c-58'           ORDER BY priority
[sqllocal]      expand: SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = 'Canopy'           ORDER BY id
[sqllocal] User found in group Canopy
[sqllocal]      expand: SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = 'Canopy'           ORDER BY id
[sqllocal]      expand: SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = 'Canopy_Res384'           ORDER BY id
[sqllocal] User found in group Canopy_Res384
[sqllocal]      expand: SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = 'Canopy_Res384'           ORDER BY id
rlm_sql (sqllocal): Released sql socket id: 12
+++[sqllocal] returns ok
++- policy redundant returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = MSCHAP
# Executing group from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username: 0a-00-3e-92-3c-58
[mschap] Told to do MS-CHAPv2 for 0a-00-3e-92-3c-58 with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
Login OK: [0a-00-3e-92-3c-58] (from client canopy-sauk-ap1 port 0 via TLS tunnel)
  WARNING: Empty post-auth section.  Using default return values.
# Executing section post-auth from file /etc/raddb/sites-enabled/inner-tunnel
} # server inner-tunnel
[ttls] Got tunneled reply code 2
        Motorola-Canopy-VLLEARNEN = Enable
        Motorola-Canopy-VLFRAMES = All
        Motorola-Canopy-VLAGETO = 1440
        Motorola-Canopy-VLSMMGPASS = Enable
        Motorola-Canopy-BCASTMIR = 200
        Motorola-Canopy-ULBR = 256
        Motorola-Canopy-ULBL = 512
        Motorola-Canopy-DLBR = 384
        Motorola-Canopy-DLBL = 768
        Motorola-Canopy-HPENABLE = Disable
        Motorola-Canopy-VLIGVID = 100
        MS-CHAP2-Success = 0xc6533d44424639364445394231333044374246324531433231384535423545393545314432413436383043
        MS-MPPE-Recv-Key = 0xea3ad5e884d38ac8a8dcc709d2f21de3
        MS-MPPE-Send-Key = 0x2f18593aae5e2a1d73eaa21f67bf22c7
        MS-MPPE-Encryption-Policy = 0x00000001
        MS-MPPE-Encryption-Types = 0x00000006
[ttls] Got tunneled Access-Accept
[ttls] Got MS-CHAP2-Success, tunneling it to the client in a challenge.
++[eap_canopy] returns handled
} # server canopy
Sending Access-Challenge of id 0 to 10.0.12.129 port 1273
        User-Name = "anonymous"
        EAP-Message = 0x0107005f15800000005517030100508d4766c847a9447872b323a9bd33e47f6b3fc9a3be04184631d16bb14289d9d3f2387d214da2b3103eb90e7f9934044382fbe188be4b0a54956e6059b864b36088912d8de6da414965ea8577aca8bf87
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc2539648c75483204cf5c8028cb0d506
Finished request 9.
Going to the next request
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 10.0.12.129 port 1273, id=0, length=99
Cleaning up request 9 ID 0 with timestamp +54
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0xc2539648c7548320 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
        User-Name = "anonymous"
        State = 0xc2539648c75483204cf5c8028cb0d506
        NAS-IP-Address = 10.0.12.129
        NAS-Port = 5
        NAS-Port-Type = Wireless-802.11
        Framed-MTU = 1020
        EAP-Message = 0x020700061500
        Message-Authenticator = 0x333490df7d6b149bd645a83de291660e
server canopy {
# Executing section authorize from file /etc/raddb/sites-enabled/canopy
+- entering group authorize {...}
        expand: %{User-Name} -> anonymous
++[reply] returns notfound
++[preprocess] returns ok
[eap_canopy] EAP packet type response id 7 length 6
[eap_canopy] Continuing tunnel setup.
++[eap_canopy] returns ok
Found Auth-Type = eap_canopy
# Executing group from file /etc/raddb/sites-enabled/canopy
+- entering group authenticate {...}
[eap_canopy] Request found, released from the list
[eap_canopy] EAP/ttls
[eap_canopy] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake is finished
[ttls] eaptls_verify returned 3 
[ttls] eaptls_process returned 3 
[ttls] Using saved attributes from the original Access-Accept
        Motorola-Canopy-VLLEARNEN = Enable
        Motorola-Canopy-VLFRAMES = All
        Motorola-Canopy-VLAGETO = 1440
        Motorola-Canopy-VLSMMGPASS = Enable
        Motorola-Canopy-BCASTMIR = 200
        Motorola-Canopy-ULBR = 256
        Motorola-Canopy-ULBL = 512
        Motorola-Canopy-DLBR = 384
        Motorola-Canopy-DLBL = 768
        Motorola-Canopy-HPENABLE = Disable
        Motorola-Canopy-VLIGVID = 100
[ttls] Saving response in the cache
[eap_canopy] Freeing handler
++[eap_canopy] returns ok
Login OK: [anonymous] (from client canopy-sauk-ap1 port 5)
# Executing section post-auth from file /etc/raddb/sites-enabled/canopy
+- entering group post-auth {...}
        expand: %{Huntgroup-Name} -> Canopy-Management-VID7
++- entering switch %{Huntgroup-Name} {...}
+++- entering case Canopy-Management-VID7 {...}
++++[reply] returns noop
+++- case Canopy-Management-VID7 returns noop
++- switch %{Huntgroup-Name} returns noop
} # server canopy
Sending Access-Accept of id 0 to 10.0.12.129 port 1273
        User-Name = "anonymous"
        Motorola-Canopy-VLLEARNEN = Enable
        Motorola-Canopy-VLFRAMES = All
        Motorola-Canopy-VLAGETO = 1440
        Motorola-Canopy-VLSMMGPASS = Enable
        Motorola-Canopy-BCASTMIR = 200
        Motorola-Canopy-ULBR = 256
        Motorola-Canopy-ULBL = 512
        Motorola-Canopy-DLBR = 384
        Motorola-Canopy-DLBL = 768
        Motorola-Canopy-HPENABLE = Disable
        Motorola-Canopy-VLIGVID = 100
        MS-MPPE-Recv-Key = 0xebaeecb2843674e18f54ebc77f35907407b2e94ae599465588059f3979680feb
        MS-MPPE-Send-Key = 0x3295e2b6af6103d8ebb00f0acc6c7716e311a3d089ca4c3281137b5e67b0aa7d
        EAP-Message = 0x03070004
        Message-Authenticator = 0x00000000000000000000000000000000
        Motorola-Canopy-VLMGVID = 7
Finished request 10.
Going to the next request
Waking up in 2.9 seconds.
Cleaning up request 10 ID 0 with timestamp +54
Waking up in 2.7 seconds.