On Friday 19 July 2013 16:57:07 A.L.M.Buxey@lboro.ac.uk wrote:
Hi,
Here you can download the (almost complete) debug log. Near the end I added a text to make evident when I disconnected.
http://webshare.icgeb.org//data/public/ce2e2ee9fbd84c362fd49b10805b36c8.p hp?lang=en
please dont ask me to visit random web sites that require to to click on things etc. just email the output to this list.
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
OK, I thought it was wiser not to send on the list... FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on Oct 2 2012 at 23:16:43 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/opendirectory including configuration file /etc/raddb/modules/replicate including configuration file /etc/raddb/modules/ntlm_auth including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/ldap including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/redis including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/soh including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/f_ticks including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/dynamic_clients including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/rediswho including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/eap.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/eduroam including configuration file /etc/raddb/sites-enabled/eduroam-inner-tunnel main { user = "radiusd" group = "radiusd" allow_core_dumps = no } including dictionary file /etc/raddb/dictionary main { name = "radiusd" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/radius" run_dir = "/var/run/radiusd" libdir = "/usr/lib64/freeradius" radacctdir = "/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 0 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server eduroam-upstream-flr-1 { ipaddr = 192.168.1.1 port = 1812 type = "auth+acct" secret = "secretstuff" response_window = 30 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server eduroam-upstream-flr-2 { ipaddr = 192.168.1.2 port = 1812 type = "auth+acct" secret = "secretstuff" response_window = 30 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } realm icgeb.trieste.it { } realm icgeb.ts.it { } realm NULL { } realm LOCAL { } home_server_pool EDUROAM { type = fail-over home_server = eduroam-upstream-flr-1 home_server = eduroam-upstream-flr-2 } realm ~.+$ { pool = EDUROAM nostrip } radiusd: #### Loading Clients #### client 172.16.254.45 { require_message_authenticator = yes secret = "SECRET" shortname = "ap-test-1" } radiusd: #### Instantiating modules #### radiusd: #### Loading Virtual Servers #### server { # from file /etc/raddb/radiusd.conf modules { } # modules } # server server eduroam { # from file /etc/raddb/sites-enabled/eduroam modules { Module: Creating Post-Auth-Type = REJECT Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/raddb/eap.conf eap { default_eap_type = "peap" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = "/etc/raddb/certs/radius- radiust.icgeb.trieste.it.key" certificate_file = "/etc/raddb/certs/radius- radiust.icgeb.trieste.it.crt" CA_file = "/etc/raddb/certs/ca-helixt.icgeb.trieste.it.crt" private_key_password = "ICGEB_PaSsWoRd" dh_file = "/etc/raddb/certs/radius-dh" random_file = "/dev/urandom" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" cache { enable = yes lifetime = 24 max_entries = 255 } } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes proxy_tunneled_request_as_eap = yes virtual_server = "eduroam-inner-tunnel" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/raddb/modules/preprocess preprocess { huntgroups = "/etc/raddb/huntgroups" hints = "/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Linked to module rlm_detail Module: Instantiating module "auth_log" from file /etc/raddb/modules/detail.log detail auth_log { detailfile = "/var/log/radius/radacct/auth-detail.log" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /etc/raddb/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/raddb/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/raddb/modules/files files { usersfile = "/etc/raddb/users" acctusersfile = "/etc/raddb/acct_users" preproxy_usersfile = "/etc/raddb/preproxy_users" compat = "no" key = "%{%{Stripped-User-Name}:-%{User-Name}}" } Module: Checking accounting {...} for more modules to load Module: Instantiating module "detail" from file /etc/raddb/modules/detail detail { detailfile = "/var/log/radius/radacct/detail" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp radutmp { filename = "/var/log/radius/radutmp" username = "%{%{Stripped-User-Name}:-%{User-Name}}" case_sensitive = yes check_with_nas = no perm = 384 callerid = yes } Module: Instantiating module "sradutmp" from file /etc/raddb/modules/sradutmp radutmp sradutmp { filename = "/var/log/radius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 420 callerid = no } Module: Checking pre-proxy {...} for more modules to load Module: Instantiating module "pre_proxy_log" from file /etc/raddb/modules/detail.log detail pre_proxy_log { detailfile = "/var/log/radius/radacct/pre-proxy-detail.log" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.pre-proxy" from file /etc/raddb/modules/attr_filter attr_filter attr_filter.pre-proxy { attrsfile = "/etc/raddb/attrs.pre-proxy" key = "%{Realm}" relaxed = no } Module: Checking post-proxy {...} for more modules to load Module: Instantiating module "post_proxy_log" from file /etc/raddb/modules/detail.log detail post_proxy_log { detailfile = "/var/log/radius/radacct/post-proxy-detail.log" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating module "attr_filter.post-proxy" from file /etc/raddb/modules/attr_filter attr_filter attr_filter.post-proxy { attrsfile = "/etc/raddb/attrs" key = "%{Realm}" relaxed = no } Module: Checking post-auth {...} for more modules to load Module: Instantiating module "reply_log" from file /etc/raddb/modules/detail.log detail reply_log { detailfile = "/var/log/radius/radacct/reply-detail.log" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_linelog Module: Instantiating module "f_ticks" from file /etc/raddb/modules/f_ticks linelog f_ticks { filename = "/var/log/radius/radacct/f_ticks" permissions = 384 format = "" reference = "f_ticks.%{%{reply:Packet-Type}:-format}" } } # modules } # server server eduroam-inner-tunnel { # from file /etc/raddb/sites-enabled/eduroam- inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_always Module: Instantiating module "reject" from file /etc/raddb/modules/always always reject { rcode = "reject" simulcount = 0 mpp = no } Module: Linked to module rlm_ldap Module: Instantiating module "ldap1" from file /etc/raddb/modules/ldap ldap ldap1 { server = "ldap1.icgeb.org" port = 389 password = "SECRET" identity = "cn=samba,dc=icgeb,dc=org" net_timeout = 1 timeout = 4 timelimit = 3 tls_mode = no start_tls = no tls_require_cert = "allow" tls { start_tls = yes require_cert = "never" } basedn = "ou=Users,dc=icgeb,dc=org" filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" base_filter = "(objectclass=radiusprofile)" auto_header = no access_attr = "uid" access_attr_used_for_allow = yes groupname_attribute = "cn" groupmembership_filter = "(|(&(objectClass=GroupOfNames) (member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames) (uniquemember=%{Ldap-UserDn})))" dictionary_mapping = "/etc/raddb/ldap.attrmap" ldap_debug = 0 ldap_connections_number = 5 compare_check_items = no do_xlat = yes set_auth_type = yes keepalive { idle = 60 probes = 3 interval = 3 } } rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Creating new attribute ldap1-Ldap-Group rlm_ldap: Registering ldap_groupcmp for ldap1-Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap1 rlm_ldap: Over-riding set_auth_type, as there is no module ldap1 listed in the "authenticate" section. rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk- Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk- Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk- Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private- Group-Id conns: 0x7f4c61f9ac40 Module: Instantiating module "ldap2" from file /etc/raddb/modules/ldap ldap ldap2 { server = "ldap2.icgeb.org" port = 389 password = "SECRET" identity = "cn=samba,dc=icgeb,dc=org" net_timeout = 1 timeout = 4 timelimit = 3 tls_mode = no start_tls = no tls_require_cert = "allow" tls { start_tls = yes require_cert = "never" } basedn = "ou=Users,dc=icgeb,dc=org" filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" base_filter = "(objectclass=radiusprofile)" auto_header = no access_attr = "uid" access_attr_used_for_allow = yes groupname_attribute = "cn" groupmembership_filter = "(|(&(objectClass=GroupOfNames) (member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames) (uniquemember=%{Ldap-UserDn})))" dictionary_mapping = "/etc/raddb/ldap.attrmap" ldap_debug = 0 ldap_connections_number = 5 compare_check_items = no do_xlat = yes set_auth_type = yes keepalive { idle = 60 probes = 3 interval = 3 } } rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Creating new attribute ldap2-Ldap-Group rlm_ldap: Registering ldap_groupcmp for ldap2-Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap2 rlm_ldap: Over-riding set_auth_type, as there is no module ldap2 listed in the "authenticate" section. rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk- Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk- Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk- Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private- Group-Id conns: 0x7f4c61f9c680 Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/raddb/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Checking session {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" virtual_server = "eduroam" ipaddr = * port = 0 } listen { type = "acct" virtual_server = "eduroam" ipaddr = * port = 0 } ... adding new socket proxy address * port 50818 ... adding new socket proxy address * port 48997 ... adding new socket proxy address * port 36625 ... adding new socket proxy address * port 51958 Listening on authentication address * port 1812 as server eduroam Listening on accounting address * port 1813 as server eduroam Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=180, length=251 User-Name = "palmi@icgeb.ts.it" Framed-MTU = 1400 Called-Station-Id = "003a.9ae0.1460" Calling-Station-Id = "d49a.2063.2450" Cisco-AVPair = "ssid=XXX-ER" WISPr-Location-Name = "Floor Ground, Building F1 (test)" Service-Type = Login-User Message-Authenticator = 0xfc2c0afcddc3f092eb89869e5cdccbcc EAP-Message = 0x020100160170616c6d694069636765622e74732e6974 NAS-Port-Type = Wireless-802.11 NAS-Port = 1016 NAS-Port-Id = "1016" NAS-IP-Address = 172.16.254.45 server eduroam { # Executing section authorize from file /etc/raddb/sites-enabled/eduroam +- entering group authorize {...} ++[preprocess] returns ok ++[request] returns ok [auth_log] expand: /var/log/radius/radacct/auth-detail.log -> /var/log/radius/radacct/auth-detail.log [auth_log] /var/log/radius/radacct/auth-detail.log expands to /var/log/radius/radacct/auth-detail.log [auth_log] expand: %t -> Fri Jul 19 15:02:51 2013 ++[auth_log] returns ok [suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi@icgeb.ts.it" [suffix] Found realm "icgeb.ts.it" [suffix] Adding Stripped-User-Name = "palmi" [suffix] Adding Realm = "icgeb.ts.it" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 1 length 22 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/eduroam +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Flushing SSL sessions (of #0) [tls] Initiate [tls] Start returned 1 ++[eap] returns handled } # server eduroam Sending Access-Challenge of id 180 to 172.16.254.45 port 1645 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x669027bd66923e30f26eb21d75d65d85 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=181, length=411 User-Name = "palmi@icgeb.ts.it" Framed-MTU = 1400 Called-Station-Id = "003a.9ae0.1460" Calling-Station-Id = "d49a.2063.2450" Cisco-AVPair = "ssid=XXX-ER" WISPr-Location-Name = "Floor Ground, Building F1 (test)" Service-Type = Login-User Message-Authenticator = 0x79d8e016f5c847ef528f668472bb9a59 EAP-Message = 0x020200a419800000009a160301009501000091030151e93900542f13df3626ff6d17f8c44f8a5b2e5d2789dbdcf49a02dc36bc7d1e000056c00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a000900030008000600320033003800390016001500140013001200110034003a0018001b001a00170019000101000012000a00080006001700180019000b00020100 NAS-Port-Type = Wireless-802.11 NAS-Port = 1016 NAS-Port-Id = "1016" State = 0x669027bd66923e30f26eb21d75d65d85 NAS-IP-Address = 172.16.254.45 server eduroam { # Executing section authorize from file /etc/raddb/sites-enabled/eduroam +- entering group authorize {...} ++[preprocess] returns ok ++[request] returns ok [auth_log] expand: /var/log/radius/radacct/auth-detail.log -> /var/log/radius/radacct/auth-detail.log [auth_log] /var/log/radius/radacct/auth-detail.log expands to /var/log/radius/radacct/auth-detail.log [auth_log] expand: %t -> Fri Jul 19 15:02:51 2013 ++[auth_log] returns ok [suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi@icgeb.ts.it" [suffix] Found realm "icgeb.ts.it" [suffix] Adding Stripped-User-Name = "palmi" [suffix] Adding Realm = "icgeb.ts.it" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 2 length 164 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/eduroam +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 154 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0095], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 004a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 0790], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled } # server eduroam Sending Access-Challenge of id 181 to 172.16.254.45 port 1645 EAP-Message = 0x0103040019c0000007ed160301004a02000046030151e938fbc7620d4fbcde52beebee35261e32ac240ac914ded87da542f76fce5420d13d4c1b37c5a8c5abc874c7b8ebcfb2adee9ed86972f10820789335d57620cd002f0016030107900b00078c0007890003cd308203c9308202b1a003020102020101300d06092a864886f70d010105050030819a310b3009060355040613024954310e300c060355040813054974616c793110300e0603550407130754726965737465310e300c060355040a1305494347454231163014060355040b130d436f6d707574657220556e6974311f301d06092a864886f70d010901161073797361646d4069636765 EAP-Message = 0x622e6f72673120301e0603550403131768656c6978742e69636765622e747269657374652e6974301e170d3133303730393039313634345a170d3433303730323039313634345a30819b310b3009060355040613024954310e300c060355040813054974616c793110300e0603550407130754726965737465310e300c060355040a1305494347454231163014060355040b130d436f6d707574657220556e6974311f301d06092a864886f70d010901161073797361646d4069636765622e6f72673121301f06035504031318726164697573742e69636765622e747269657374652e697430820122300d06092a864886f70d01010105000382010f00 EAP-Message = 0x3082010a0282010100c979e46c9cde8cf2c80df8c846dafaf642d4e5855fd369b069bfdf09e1d4d0bad965114dbec1aaacb81543e9399a87a73d723b6ee2a6ff4d1fddb96ca6a8b540bb82bc0fe8d2578937fd34d1b7945c2288f13f4f996a35316c413ce361db45f5b460ce35b5c294a4bf165030bcfd4986b9fc3790d4b4811c06e4f51f473a288029f8e674faa574eafd5d356abfe1295b05d32a344eb19d159526be6d9efc99f4d9f8f5a0a3269441c8535f933b535510e8848bd2518a4cb2096bd3e5e637296072a4ba1e0dff960b124a108329988b2a0eaaa9688cac3f9913bc37b1025f47527f2d972555d65685c509fc0906001fdee214de19 EAP-Message = 0xe2889d4fa82f472920611b0f0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003820101004fc473c5789733c97ddc8b7fe530ecb0fe4f3a86d4c27c8c8154a0872e21d15ee25b16f106b6330921292ec1627cd6e9e066cb36b8ffdd640e87bd8dfa496b362850ef8af23d8f8e3b74714208461fd250240cd7d4a77015e69640b0eeb7ac4a1601329a2c97aee6799446e2320f9a0c670d7b67732a7f3e3a425462adc297d384f4ca3b31bb318061b9f002553d7cbadd8b6342e54823ef44a34a525ea02772b6e6220724e6a2e39ccd9ed54b7d44b58afceff3de5f178ef4ebe691e5210d EAP-Message = 0x5f3eb23962f874699e641862 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x669027bd67933e30f26eb21d75d65d85 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=182, length=253 User-Name = "palmi@icgeb.ts.it" Framed-MTU = 1400 Called-Station-Id = "003a.9ae0.1460" Calling-Station-Id = "d49a.2063.2450" Cisco-AVPair = "ssid=XXX-ER" WISPr-Location-Name = "Floor Ground, Building F1 (test)" Service-Type = Login-User Message-Authenticator = 0x538a1d81b611fde158176047d16a7a69 EAP-Message = 0x020300061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 1016 NAS-Port-Id = "1016" State = 0x669027bd67933e30f26eb21d75d65d85 NAS-IP-Address = 172.16.254.45 server eduroam { # Executing section authorize from file /etc/raddb/sites-enabled/eduroam +- entering group authorize {...} ++[preprocess] returns ok ++[request] returns ok [auth_log] expand: /var/log/radius/radacct/auth-detail.log -> /var/log/radius/radacct/auth-detail.log [auth_log] /var/log/radius/radacct/auth-detail.log expands to /var/log/radius/radacct/auth-detail.log [auth_log] expand: %t -> Fri Jul 19 15:02:52 2013 ++[auth_log] returns ok [suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi@icgeb.ts.it" [suffix] Found realm "icgeb.ts.it" [suffix] Adding Stripped-User-Name = "palmi" [suffix] Adding Realm = "icgeb.ts.it" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/eduroam +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled } # server eduroam Sending Access-Challenge of id 182 to 172.16.254.45 port 1645 EAP-Message = 0x010403fc1940258df22a84e2e9a9aff58ca761d45210d122606db6735bffcea1ad8d0c27606ba3326203b3e415d84d513a1692b992e31683a729d50003b6308203b23082029a020900db825bfb96c90cea300d06092a864886f70d010105050030819a310b3009060355040613024954310e300c060355040813054974616c793110300e0603550407130754726965737465310e300c060355040a1305494347454231163014060355040b130d436f6d707574657220556e6974311f301d06092a864886f70d010901161073797361646d4069636765622e6f72673120301e0603550403131768656c6978742e69636765622e747269657374652e6974 EAP-Message = 0x301e170d3133303730393039313633315a170d3233303730373039313633315a30819a310b3009060355040613024954310e300c060355040813054974616c793110300e0603550407130754726965737465310e300c060355040a1305494347454231163014060355040b130d436f6d707574657220556e6974311f301d06092a864886f70d010901161073797361646d4069636765622e6f72673120301e0603550403131768656c6978742e69636765622e747269657374652e697430820122300d06092a864886f70d01010105000382010f003082010a0282010100ba393288c78bc251ede2a3928cf908844db6bea8a9850b86765ec6bf6ca650 EAP-Message = 0x2d67ab8fb53bead648f7f1c2aaa1a88fc2224317dce1c4e176aa072edb3cb640353dfcfedee8695bce862b7ba1a224ccfc1b96615067d6e7bf824bde42b52763e392b91f2ba163ac501ef4dbeab18eb6e7ed08a8e02a5b4558cb21886d69974ab1404cad961044af66069d1cab98475e5a47ee503111b4a61a7bb393665e5a4404d547e4fc86437ffca7c1073ca29930932977b86b063144e7c6356ac42ed0aa1458275d0f487805142170f29659b175d36eadd01218ac19107ce1a37216fc1372076bbe3d25deef56656eb5905a8be2f0d2e245bf7c1cdde2b97c544c3dc045f10203010001300d06092a864886f70d010105050003820101002ce5c1 EAP-Message = 0x1608e87136325db92df41abad7837ba24969dd7a6833c66a3386cf5a804805fe91c77f46a544da5bd650e09750a3766933b028c8ac6dc91d7c67b9301d50cfb1b820ffd24615e3c6c0dfae04fb1b108af7d15a1c141bc9b3d4cb71e97748495376dd09dfbc791db404b66d2e5226947d2eec3789981daecf310dfb46139e9e054efe7e7eea41e92923db041f91ace2745a19a44e817bc1dc753fda067d35dd33155d468f99240b718d9b30f86e299734860d4e20654c9fead475723ff2720f5f68c63a8530999198b515e3f89012f15bd1696ecb3ef035703d68af0d63f53994c2dcdbb774c0a4ef19db8a7ff047523187b4b7c0d50e549ccde4b77db2 EAP-Message = 0x16030100040e0000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x669027bd64943e30f26eb21d75d65d85 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=183, length=253 User-Name = "palmi@icgeb.ts.it" Framed-MTU = 1400 Called-Station-Id = "003a.9ae0.1460" Calling-Station-Id = "d49a.2063.2450" Cisco-AVPair = "ssid=XXX-ER" WISPr-Location-Name = "Floor Ground, Building F1 (test)" Service-Type = Login-User Message-Authenticator = 0x27c83e5b3123ec9cd32a9a0e4287ea7a EAP-Message = 0x020400061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 1016 NAS-Port-Id = "1016" State = 0x669027bd64943e30f26eb21d75d65d85 NAS-IP-Address = 172.16.254.45 server eduroam { # Executing section authorize from file /etc/raddb/sites-enabled/eduroam +- entering group authorize {...} ++[preprocess] returns ok ++[request] returns ok [auth_log] expand: /var/log/radius/radacct/auth-detail.log -> /var/log/radius/radacct/auth-detail.log [auth_log] /var/log/radius/radacct/auth-detail.log expands to /var/log/radius/radacct/auth-detail.log [auth_log] expand: %t -> Fri Jul 19 15:02:52 2013 ++[auth_log] returns ok [suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi@icgeb.ts.it" [suffix] Found realm "icgeb.ts.it" [suffix] Adding Stripped-User-Name = "palmi" [suffix] Adding Realm = "icgeb.ts.it" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/eduroam +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled } # server eduroam Sending Access-Challenge of id 183 to 172.16.254.45 port 1645 EAP-Message = 0x01050007190000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x669027bd65953e30f26eb21d75d65d85 Finished request 3. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=184, length=585 User-Name = "palmi@icgeb.ts.it" Framed-MTU = 1400 Called-Station-Id = "003a.9ae0.1460" Calling-Station-Id = "d49a.2063.2450" Cisco-AVPair = "ssid=XXX-ER" WISPr-Location-Name = "Floor Ground, Building F1 (test)" Service-Type = Login-User Message-Authenticator = 0x4f4006c7ee8fc3c4d08f33997ef0f9ea EAP-Message = 0x0205015019800000014616030101061000010201005cbeaf7e39a5128df9b044ded226d6da6a1df06c4c14b6248c3b017e350a3c18ff08ea6e865545f21f29187c9cbbeca27526b21e5d3e7c172068d92318972e404019e7d241b473c0f2f6288f6b25f78cec134805f2d45b51a8d09095e30be78c069e8c2681c00da8bde4cd70411f0a5e694d4f7f94e4efaaabb32fb80e99b8b79163e574aa56094b6007743d0ae1886934242ee6bca933f4d500df29976c80ef6b77dac039faa296079b9eb8fa234a800788add69c2981962048ba3a965d56c93438a808db460918deac5deb2af03ebb682c972cb9a8361897793b667a77317c4027e29fe7f69c5e EAP-Message = 0x97bb4f0d9afebd4e276d9c2e7ae1565dae8fcb2c50bf94681403010001011603010030cac6507c26ca4546f6571611d86d8a9cf189a6cd3d7a827e0693e92fc2403dd8d394adf41b299e3a165846ba39108984 NAS-Port-Type = Wireless-802.11 NAS-Port = 1016 NAS-Port-Id = "1016" State = 0x669027bd65953e30f26eb21d75d65d85 NAS-IP-Address = 172.16.254.45 server eduroam { # Executing section authorize from file /etc/raddb/sites-enabled/eduroam +- entering group authorize {...} ++[preprocess] returns ok ++[request] returns ok [auth_log] expand: /var/log/radius/radacct/auth-detail.log -> /var/log/radius/radacct/auth-detail.log [auth_log] /var/log/radius/radacct/auth-detail.log expands to /var/log/radius/radacct/auth-detail.log [auth_log] expand: %t -> Fri Jul 19 15:02:52 2013 ++[auth_log] returns ok [suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi@icgeb.ts.it" [suffix] Found realm "icgeb.ts.it" [suffix] Adding Stripped-User-Name = "palmi" [suffix] Adding Realm = "icgeb.ts.it" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 5 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/eduroam +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 326 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data SSL: adding session d13d4c1b37c5a8c5abc874c7b8ebcfb2adee9ed86972f10820789335d57620cd to cache [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled } # server eduroam Sending Access-Challenge of id 184 to 172.16.254.45 port 1645 EAP-Message = 0x01060041190014030100010116030100307628a872abf1034fb3f8c9e92cde545d25d682118edb43927185247ec8f5ab630379ea6045aa8a5177f25cbae275a27f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x669027bd62963e30f26eb21d75d65d85 Finished request 4. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=185, length=253 User-Name = "palmi@icgeb.ts.it" Framed-MTU = 1400 Called-Station-Id = "003a.9ae0.1460" Calling-Station-Id = "d49a.2063.2450" Cisco-AVPair = "ssid=XXX-ER" WISPr-Location-Name = "Floor Ground, Building F1 (test)" Service-Type = Login-User Message-Authenticator = 0x12b44dd4d38f59bdfd0f7cdf01739c54 EAP-Message = 0x020600061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 1016 NAS-Port-Id = "1016" State = 0x669027bd62963e30f26eb21d75d65d85 NAS-IP-Address = 172.16.254.45 server eduroam { # Executing section authorize from file /etc/raddb/sites-enabled/eduroam +- entering group authorize {...} ++[preprocess] returns ok ++[request] returns ok [auth_log] expand: /var/log/radius/radacct/auth-detail.log -> /var/log/radius/radacct/auth-detail.log [auth_log] /var/log/radius/radacct/auth-detail.log expands to /var/log/radius/radacct/auth-detail.log [auth_log] expand: %t -> Fri Jul 19 15:02:52 2013 ++[auth_log] returns ok [suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi@icgeb.ts.it" [suffix] Found realm "icgeb.ts.it" [suffix] Adding Stripped-User-Name = "palmi" [suffix] Adding Realm = "icgeb.ts.it" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 6 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/eduroam +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] returns handled } # server eduroam Sending Access-Challenge of id 185 to 172.16.254.45 port 1645 EAP-Message = 0x0107002b19001703010020a9e273a342b9e50c6f22c2b7decbfa7a9ad396cbbcb7c91663c8c6dc3059382e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x669027bd63973e30f26eb21d75d65d85 Finished request 5. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=186, length=306 User-Name = "palmi@icgeb.ts.it" Framed-MTU = 1400 Called-Station-Id = "003a.9ae0.1460" Calling-Station-Id = "d49a.2063.2450" Cisco-AVPair = "ssid=XXX-ER" WISPr-Location-Name = "Floor Ground, Building F1 (test)" Service-Type = Login-User Message-Authenticator = 0x58780dba17878ac8570d3045fb9218b4 EAP-Message = 0x0207003b19001703010030d4189c5081ce041f25e2e134a4e9d7ba2067f9c7a525156f41405eec84b3c4e9255fa1fbb1db92587f815951ee27b8e9 NAS-Port-Type = Wireless-802.11 NAS-Port = 1016 NAS-Port-Id = "1016" State = 0x669027bd63973e30f26eb21d75d65d85 NAS-IP-Address = 172.16.254.45 server eduroam { # Executing section authorize from file /etc/raddb/sites-enabled/eduroam +- entering group authorize {...} ++[preprocess] returns ok ++[request] returns ok [auth_log] expand: /var/log/radius/radacct/auth-detail.log -> /var/log/radius/radacct/auth-detail.log [auth_log] /var/log/radius/radacct/auth-detail.log expands to /var/log/radius/radacct/auth-detail.log [auth_log] expand: %t -> Fri Jul 19 15:02:52 2013 ++[auth_log] returns ok [suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi@icgeb.ts.it" [suffix] Found realm "icgeb.ts.it" [suffix] Adding Stripped-User-Name = "palmi" [suffix] Adding Realm = "icgeb.ts.it" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 7 length 59 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/eduroam +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - palmi@icgeb.ts.it [peap] Got inner identity 'palmi@icgeb.ts.it' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x020700160170616c6d694069636765622e74732e6974 server eduroam { [peap] Setting User-Name to palmi@icgeb.ts.it Sending tunneled request EAP-Message = 0x020700160170616c6d694069636765622e74732e6974 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "palmi@icgeb.ts.it" Framed-MTU = 1400 Called-Station-Id = "003a.9ae0.1460" Calling-Station-Id = "d49a.2063.2450" Cisco-AVPair = "ssid=XXX-ER" WISPr-Location-Name = "Floor Ground, Building F1 (test)" Service-Type = Login-User NAS-Port-Type = Wireless-802.11 NAS-Port = 1016 NAS-Port-Id = "1016" NAS-IP-Address = 172.16.254.45 Operator-Name = "1icgeb.trieste.it" server eduroam-inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/eduroam- inner-tunnel +- entering group authorize {...} ++[preprocess] returns ok [suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi@icgeb.ts.it" [suffix] Found realm "icgeb.ts.it" [suffix] Adding Stripped-User-Name = "palmi" [suffix] Adding Realm = "icgeb.ts.it" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [auth_log] expand: /var/log/radius/radacct/auth-detail.log -> /var/log/radius/radacct/auth-detail.log [auth_log] /var/log/radius/radacct/auth-detail.log expands to /var/log/radius/radacct/auth-detail.log [auth_log] expand: %t -> Fri Jul 19 15:02:52 2013 ++[auth_log] returns ok [eap] EAP packet type response id 7 length 22 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] expand: %{Stripped-User-Name} -> palmi [files] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi [files] users: Matched entry palmi at line 438 ++[files] returns ok ++? if (Cisco-AVPair == "ssid=XXX-ER" && Realm == NULL) ? Evaluating (Cisco-AVPair == "ssid=XXX-ER" ) -> TRUE ? Evaluating (Realm == NULL) -> FALSE ++? if (Cisco-AVPair == "ssid=XXX-ER" && Realm == NULL) -> FALSE ++? elsif (Cisco-AVPair == "ssid=XXX-ER" && (!control:ICGEB-Eduroam-Enabled || control:ICGEB-Eduroam-Enabled != Yes)) ? Evaluating (Cisco-AVPair == "ssid=XXX-ER" ) -> TRUE ?? Evaluating !(control:ICGEB-Eduroam-Enabled ) -> FALSE ?? Evaluating (control:ICGEB-Eduroam-Enabled != Yes) -> FALSE ++? elsif (Cisco-AVPair == "ssid=XXX-ER" && (!control:ICGEB-Eduroam-Enabled || control:ICGEB-Eduroam-Enabled != Yes)) -> FALSE ++- entering else else {...} +++- entering redundant-load-balance group redundant-load-balance {...} [ldap1] performing user authorization for palmi [ldap1] expand: %{Stripped-User-Name} -> palmi [ldap1] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=palmi) [ldap1] expand: ou=Users,dc=icgeb,dc=org -> ou=Users,dc=icgeb,dc=org [ldap1] ldap_get_conn: Checking Id: 0 [ldap1] ldap_get_conn: Got Id: 0 [ldap1] attempting LDAP reconnection [ldap1] (re)connect to ldap1.icgeb.org:389, authentication 0 [ldap1] setting TLS Require Cert to never [ldap1] starting TLS [ldap1] bind as cn=samba,dc=icgeb,dc=org/SECRET to ldap1.icgeb.org:389 [ldap1] waiting for bind result ... [ldap1] Bind was successful [ldap1] performing search in ou=Users,dc=icgeb,dc=org, with filter (uid=palmi) [ldap1] checking if remote access for palmi is allowed by uid [ldap1] looking for check items in directory... [ldap1] sambaNtPassword -> NT-Password == 0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX [ldap1] sambaLmPassword -> LM-Password == 0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX [ldap1] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap1] user palmi authorized to use remote access [ldap1] ldap_release_conn: Release Id: 0 ++++[ldap1] returns ok +++- redundant-load-balance group redundant-load-balance returns ok +++[expiration] returns noop ++- else else returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/eduroam-inner-tunnel +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server eduroam-inner-tunnel [peap] Got tunneled reply code 11 Tunnel-Type:0 := VLAN Tunnel-Medium-Type:0 := IEEE-802 Tunnel-Private-Group-Id:0 := "220" EAP-Message = 0x0108002b1a010800261031bbf45a68ff5991a784b7775ad66d0f70616c6d694069636765622e74732e6974 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xac6f4ed7ac6754fe563139e39634b030 [peap] Got tunneled reply RADIUS code 11 Tunnel-Type:0 := VLAN Tunnel-Medium-Type:0 := IEEE-802 Tunnel-Private-Group-Id:0 := "220" EAP-Message = 0x0108002b1a010800261031bbf45a68ff5991a784b7775ad66d0f70616c6d694069636765622e74732e6974 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xac6f4ed7ac6754fe563139e39634b030 [peap] Got tunneled Access-Challenge ++[eap] returns handled } # server eduroam Sending Access-Challenge of id 186 to 172.16.254.45 port 1645 EAP-Message = 0x0108004b190017030100407551bcc12b2ed0feac5f15ba5fa6ad83f217dd6ae55063326b6059264b1f953c94ccc718eadc9621d0be180137c8f111fbafe7bc100eff058756bebb490d095a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x669027bd60983e30f26eb21d75d65d85 Finished request 6. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=187, length=354 User-Name = "palmi@icgeb.ts.it" Framed-MTU = 1400 Called-Station-Id = "003a.9ae0.1460" Calling-Station-Id = "d49a.2063.2450" Cisco-AVPair = "ssid=XXX-ER" WISPr-Location-Name = "Floor Ground, Building F1 (test)" Service-Type = Login-User Message-Authenticator = 0x9a32cc720eca9c8424fd7ad00e8ab3bf EAP-Message = 0x0208006b19001703010060adc8a19d618921aa8fa847c35215bbd5da5aff1bb2e5181cee87cc1be6f7a74a4fd73f16dc290bf5937c44dfe080a9b6b9570b42011aac39617c06480c879c28116d65575bf375e04be2490fb411ba819a4411060d439e2a366841bfe801a741 NAS-Port-Type = Wireless-802.11 NAS-Port = 1016 NAS-Port-Id = "1016" State = 0x669027bd60983e30f26eb21d75d65d85 NAS-IP-Address = 172.16.254.45 server eduroam { # Executing section authorize from file /etc/raddb/sites-enabled/eduroam +- entering group authorize {...} ++[preprocess] returns ok ++[request] returns ok [auth_log] expand: /var/log/radius/radacct/auth-detail.log -> /var/log/radius/radacct/auth-detail.log [auth_log] /var/log/radius/radacct/auth-detail.log expands to /var/log/radius/radacct/auth-detail.log [auth_log] expand: %t -> Fri Jul 19 15:02:52 2013 ++[auth_log] returns ok [suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi@icgeb.ts.it" [suffix] Found realm "icgeb.ts.it" [suffix] Adding Stripped-User-Name = "palmi" [suffix] Adding Realm = "icgeb.ts.it" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 8 length 107 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/eduroam +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x0208004c1a02080047317b0c4f82dc21d6ba0960f3d09523fda00000000000000000f3daf62acb5f6cbc9566592c64b57d73ba4ebf437eb029910070616c6d694069636765622e74732e6974 server eduroam { [peap] Setting User-Name to palmi@icgeb.ts.it Sending tunneled request EAP-Message = 0x0208004c1a02080047317b0c4f82dc21d6ba0960f3d09523fda00000000000000000f3daf62acb5f6cbc9566592c64b57d73ba4ebf437eb029910070616c6d694069636765622e74732e6974 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "palmi@icgeb.ts.it" State = 0xac6f4ed7ac6754fe563139e39634b030 Framed-MTU = 1400 Called-Station-Id = "003a.9ae0.1460" Calling-Station-Id = "d49a.2063.2450" Cisco-AVPair = "ssid=XXX-ER" WISPr-Location-Name = "Floor Ground, Building F1 (test)" Service-Type = Login-User NAS-Port-Type = Wireless-802.11 NAS-Port = 1016 NAS-Port-Id = "1016" NAS-IP-Address = 172.16.254.45 Operator-Name = "1icgeb.trieste.it" server eduroam-inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/eduroam- inner-tunnel +- entering group authorize {...} ++[preprocess] returns ok [suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi@icgeb.ts.it" [suffix] Found realm "icgeb.ts.it" [suffix] Adding Stripped-User-Name = "palmi" [suffix] Adding Realm = "icgeb.ts.it" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [auth_log] expand: /var/log/radius/radacct/auth-detail.log -> /var/log/radius/radacct/auth-detail.log [auth_log] /var/log/radius/radacct/auth-detail.log expands to /var/log/radius/radacct/auth-detail.log [auth_log] expand: %t -> Fri Jul 19 15:02:52 2013 ++[auth_log] returns ok [eap] EAP packet type response id 8 length 76 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] expand: %{Stripped-User-Name} -> palmi [files] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi [files] users: Matched entry palmi at line 438 ++[files] returns ok ++? if (Cisco-AVPair == "ssid=XXX-ER" && Realm == NULL) ? Evaluating (Cisco-AVPair == "ssid=XXX-ER" ) -> TRUE ? Evaluating (Realm == NULL) -> FALSE ++? if (Cisco-AVPair == "ssid=XXX-ER" && Realm == NULL) -> FALSE ++? elsif (Cisco-AVPair == "ssid=XXX-ER" && (!control:ICGEB-Eduroam-Enabled || control:ICGEB-Eduroam-Enabled != Yes)) ? Evaluating (Cisco-AVPair == "ssid=XXX-ER" ) -> TRUE ?? Evaluating !(control:ICGEB-Eduroam-Enabled ) -> FALSE ?? Evaluating (control:ICGEB-Eduroam-Enabled != Yes) -> FALSE ++? elsif (Cisco-AVPair == "ssid=XXX-ER" && (!control:ICGEB-Eduroam-Enabled || control:ICGEB-Eduroam-Enabled != Yes)) -> FALSE ++- entering else else {...} +++- entering redundant-load-balance group redundant-load-balance {...} [ldap1] performing user authorization for palmi [ldap1] expand: %{Stripped-User-Name} -> palmi [ldap1] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=palmi) [ldap1] expand: ou=Users,dc=icgeb,dc=org -> ou=Users,dc=icgeb,dc=org [ldap1] ldap_get_conn: Checking Id: 0 [ldap1] ldap_get_conn: Got Id: 0 [ldap1] performing search in ou=Users,dc=icgeb,dc=org, with filter (uid=palmi) [ldap1] checking if remote access for palmi is allowed by uid [ldap1] looking for check items in directory... [ldap1] sambaNtPassword -> NT-Password == 0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX [ldap1] sambaLmPassword -> LM-Password == 0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX [ldap1] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap1] user palmi authorized to use remote access [ldap1] ldap_release_conn: Release Id: 0 ++++[ldap1] returns ok +++- redundant-load-balance group redundant-load-balance returns ok +++[expiration] returns noop ++- else else returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/eduroam-inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/raddb/sites-enabled/eduroam-inner- tunnel [mschapv2] +- entering group MS-CHAP {...} [mschap] Found LM-Password [mschap] Found NT-Password [mschap] Creating challenge hash with username: palmi@icgeb.ts.it [mschap] Told to do MS-CHAPv2 for palmi@icgeb.ts.it with NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server eduroam-inner-tunnel [peap] Got tunneled reply code 11 Tunnel-Type:0 := VLAN Tunnel-Medium-Type:0 := IEEE-802 Tunnel-Private-Group-Id:0 := "220" EAP-Message = 0x010900331a0308002e533d46434546384137334445324244353032344230414632413139334635464446444637453838364532 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xac6f4ed7ad6654fe563139e39634b030 [peap] Got tunneled reply RADIUS code 11 Tunnel-Type:0 := VLAN Tunnel-Medium-Type:0 := IEEE-802 Tunnel-Private-Group-Id:0 := "220" EAP-Message = 0x010900331a0308002e533d46434546384137334445324244353032344230414632413139334635464446444637453838364532 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xac6f4ed7ad6654fe563139e39634b030 [peap] Got tunneled Access-Challenge ++[eap] returns handled } # server eduroam Sending Access-Challenge of id 187 to 172.16.254.45 port 1645 EAP-Message = 0x0109005b190017030100508b428fcbaba9455852f5170646e2df5522351f71a2ce8c1d7a276dcd36366d325356aec936a2282d9fe3386fde30c15f2c6b08faf44485a0d35b368aa684156593d286df9a3dbb8285733e737f2bc604 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x669027bd61993e30f26eb21d75d65d85 Finished request 7. Going to the next request Waking up in 4.6 seconds. rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=188, length=290 User-Name = "palmi@icgeb.ts.it" Framed-MTU = 1400 Called-Station-Id = "003a.9ae0.1460" Calling-Station-Id = "d49a.2063.2450" Cisco-AVPair = "ssid=XXX-ER" WISPr-Location-Name = "Floor Ground, Building F1 (test)" Service-Type = Login-User Message-Authenticator = 0x1b70ff8392af063cd76871601bb653aa EAP-Message = 0x0209002b19001703010020aca48497bb2e628cb8380aecb52865e5ff28b39d4cf95a8aef162a3b0bc703fe NAS-Port-Type = Wireless-802.11 NAS-Port = 1016 NAS-Port-Id = "1016" State = 0x669027bd61993e30f26eb21d75d65d85 NAS-IP-Address = 172.16.254.45 server eduroam { # Executing section authorize from file /etc/raddb/sites-enabled/eduroam +- entering group authorize {...} ++[preprocess] returns ok ++[request] returns ok [auth_log] expand: /var/log/radius/radacct/auth-detail.log -> /var/log/radius/radacct/auth-detail.log [auth_log] /var/log/radius/radacct/auth-detail.log expands to /var/log/radius/radacct/auth-detail.log [auth_log] expand: %t -> Fri Jul 19 15:02:52 2013 ++[auth_log] returns ok [suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi@icgeb.ts.it" [suffix] Found realm "icgeb.ts.it" [suffix] Adding Stripped-User-Name = "palmi" [suffix] Adding Realm = "icgeb.ts.it" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 9 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/eduroam +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020900061a03 server eduroam { [peap] Setting User-Name to palmi@icgeb.ts.it Sending tunneled request EAP-Message = 0x020900061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "palmi@icgeb.ts.it" State = 0xac6f4ed7ad6654fe563139e39634b030 Framed-MTU = 1400 Called-Station-Id = "003a.9ae0.1460" Calling-Station-Id = "d49a.2063.2450" Cisco-AVPair = "ssid=XXX-ER" WISPr-Location-Name = "Floor Ground, Building F1 (test)" Service-Type = Login-User NAS-Port-Type = Wireless-802.11 NAS-Port = 1016 NAS-Port-Id = "1016" NAS-IP-Address = 172.16.254.45 Operator-Name = "1icgeb.trieste.it" server eduroam-inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/eduroam- inner-tunnel +- entering group authorize {...} ++[preprocess] returns ok [suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi@icgeb.ts.it" [suffix] Found realm "icgeb.ts.it" [suffix] Adding Stripped-User-Name = "palmi" [suffix] Adding Realm = "icgeb.ts.it" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [auth_log] expand: /var/log/radius/radacct/auth-detail.log -> /var/log/radius/radacct/auth-detail.log [auth_log] /var/log/radius/radacct/auth-detail.log expands to /var/log/radius/radacct/auth-detail.log [auth_log] expand: %t -> Fri Jul 19 15:02:52 2013 ++[auth_log] returns ok [eap] EAP packet type response id 9 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] expand: %{Stripped-User-Name} -> palmi [files] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi [files] users: Matched entry palmi at line 438 ++[files] returns ok ++? if (Cisco-AVPair == "ssid=XXX-ER" && Realm == NULL) ? Evaluating (Cisco-AVPair == "ssid=XXX-ER" ) -> TRUE ? Evaluating (Realm == NULL) -> FALSE ++? if (Cisco-AVPair == "ssid=XXX-ER" && Realm == NULL) -> FALSE ++? elsif (Cisco-AVPair == "ssid=XXX-ER" && (!control:ICGEB-Eduroam-Enabled || control:ICGEB-Eduroam-Enabled != Yes)) ? Evaluating (Cisco-AVPair == "ssid=XXX-ER" ) -> TRUE ?? Evaluating !(control:ICGEB-Eduroam-Enabled ) -> FALSE ?? Evaluating (control:ICGEB-Eduroam-Enabled != Yes) -> FALSE ++? elsif (Cisco-AVPair == "ssid=XXX-ER" && (!control:ICGEB-Eduroam-Enabled || control:ICGEB-Eduroam-Enabled != Yes)) -> FALSE ++- entering else else {...} +++- entering redundant-load-balance group redundant-load-balance {...} [ldap1] performing user authorization for palmi [ldap1] expand: %{Stripped-User-Name} -> palmi [ldap1] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=palmi) [ldap1] expand: ou=Users,dc=icgeb,dc=org -> ou=Users,dc=icgeb,dc=org [ldap1] ldap_get_conn: Checking Id: 0 [ldap1] ldap_get_conn: Got Id: 0 [ldap1] performing search in ou=Users,dc=icgeb,dc=org, with filter (uid=palmi) [ldap1] checking if remote access for palmi is allowed by uid [ldap1] looking for check items in directory... [ldap1] sambaNtPassword -> NT-Password == 0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX [ldap1] sambaLmPassword -> LM-Password == 0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX [ldap1] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap1] user palmi authorized to use remote access [ldap1] ldap_release_conn: Release Id: 0 ++++[ldap1] returns ok +++- redundant-load-balance group redundant-load-balance returns ok +++[expiration] returns noop ++- else else returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/eduroam-inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Freeing handler ++[eap] returns ok # Executing section session from file /etc/raddb/sites-enabled/eduroam-inner- tunnel +- entering group session {...} [radutmp] expand: /var/log/radius/radutmp -> /var/log/radius/radutmp [radutmp] expand: %{Stripped-User-Name} -> palmi [radutmp] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi ++[radutmp] returns ok # Executing section post-auth from file /etc/raddb/sites-enabled/eduroam- inner-tunnel +- entering group post-auth {...} ++? if (outer.request:User-Name != "%{request:User-Name}") expand: %{request:User-Name} -> palmi@icgeb.ts.it ? Evaluating (outer.request:User-Name != "%{request:User-Name}") -> FALSE ++? if (outer.request:User-Name != "%{request:User-Name}") -> FALSE [reply_log] expand: /var/log/radius/radacct/reply-detail.log -> /var/log/radius/radacct/reply-detail.log [reply_log] /var/log/radius/radacct/reply-detail.log expands to /var/log/radius/radacct/reply-detail.log [reply_log] expand: %t -> Fri Jul 19 15:02:52 2013 ++[reply_log] returns ok } # server eduroam-inner-tunnel [peap] Got tunneled reply code 2 Tunnel-Type:0 := VLAN Tunnel-Medium-Type:0 := IEEE-802 Tunnel-Private-Group-Id:0 := "220" MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 MS-MPPE-Send-Key = 0xbe1daddb8ed87c9b5e06ce402b322c71 MS-MPPE-Recv-Key = 0x4bd89713a7634f3d3ce739d3e21738f3 EAP-Message = 0x03090004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "palmi" [peap] Got tunneled reply RADIUS code 2 Tunnel-Type:0 := VLAN Tunnel-Medium-Type:0 := IEEE-802 Tunnel-Private-Group-Id:0 := "220" MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 MS-MPPE-Send-Key = 0xbe1daddb8ed87c9b5e06ce402b322c71 MS-MPPE-Recv-Key = 0x4bd89713a7634f3d3ce739d3e21738f3 EAP-Message = 0x03090004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "palmi" [peap] Tunneled authentication was successful. [peap] SUCCESS [peap] Saving tunneled attributes for later ++[eap] returns handled } # server eduroam Sending Access-Challenge of id 188 to 172.16.254.45 port 1645 EAP-Message = 0x010a002b19001703010020723574f51e400d5fd7c58894bf8b6d79afe0482191f3a11696858d1afad5bded Message-Authenticator = 0x00000000000000000000000000000000 State = 0x669027bd6e9a3e30f26eb21d75d65d85 Finished request 8. Going to the next request Waking up in 4.6 seconds. rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=189, length=290 User-Name = "palmi@icgeb.ts.it" Framed-MTU = 1400 Called-Station-Id = "003a.9ae0.1460" Calling-Station-Id = "d49a.2063.2450" Cisco-AVPair = "ssid=XXX-ER" WISPr-Location-Name = "Floor Ground, Building F1 (test)" Service-Type = Login-User Message-Authenticator = 0xf30f3bd40f6109c508a83f933cd65d1e EAP-Message = 0x020a002b190017030100209afce8ff8c13dd63d65628da201d3ea4bf820c83dbc028062ce807b02c1931e4 NAS-Port-Type = Wireless-802.11 NAS-Port = 1016 NAS-Port-Id = "1016" State = 0x669027bd6e9a3e30f26eb21d75d65d85 NAS-IP-Address = 172.16.254.45 server eduroam { # Executing section authorize from file /etc/raddb/sites-enabled/eduroam +- entering group authorize {...} ++[preprocess] returns ok ++[request] returns ok [auth_log] expand: /var/log/radius/radacct/auth-detail.log -> /var/log/radius/radacct/auth-detail.log [auth_log] /var/log/radius/radacct/auth-detail.log expands to /var/log/radius/radacct/auth-detail.log [auth_log] expand: %t -> Fri Jul 19 15:02:52 2013 ++[auth_log] returns ok [suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi@icgeb.ts.it" [suffix] Found realm "icgeb.ts.it" [suffix] Adding Stripped-User-Name = "palmi" [suffix] Adding Realm = "icgeb.ts.it" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 10 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/eduroam +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv success [peap] Received EAP-TLV response. [peap] Success [peap] Using saved attributes from the original Access-Accept Tunnel-Type:0 := VLAN Tunnel-Medium-Type:0 := IEEE-802 Tunnel-Private-Group-Id:0 := "220" User-Name = "palmi" [peap] Saving response in the cache [eap] Freeing handler ++[eap] returns ok # Executing section post-auth from file /etc/raddb/sites-enabled/eduroam +- entering group post-auth {...} [reply_log] expand: /var/log/radius/radacct/reply-detail.log -> /var/log/radius/radacct/reply-detail.log [reply_log] /var/log/radius/radacct/reply-detail.log expands to /var/log/radius/radacct/reply-detail.log [reply_log] expand: %t -> Fri Jul 19 15:02:52 2013 ++[reply_log] returns ok ++? if (Cisco-AVPair == "ssid=XXX-ER") ? Evaluating (Cisco-AVPair == "ssid=XXX-ER") -> TRUE ++? if (Cisco-AVPair == "ssid=XXX-ER") -> TRUE ++- entering if (Cisco-AVPair == "ssid=XXX-ER") {...} [f_ticks] expand: %{reply:Packet-Type} -> Access-Accept [f_ticks] expand: f_ticks.%{%{reply:Packet-Type}:-format} -> f_ticks.Access-Accept [f_ticks] expand: /var/log/radius/radacct/f_ticks -> /var/log/radius/radacct/f_ticks [f_ticks] expand: F- TICKS/eduroam/1.0#REALM=%{Realm}#VISCOUNTRY=LU#VISINST=YOUR-ID#CSI=%{Calling- Station-Id}#RESULT=OK# -> F- TICKS/eduroam/1.0#REALM=icgeb.ts.it#VISCOUNTRY=LU#VISINST=YOUR- ID#CSI=d49a.2063.2450#RESULT=OK# +++[f_ticks] returns ok ++- if (Cisco-AVPair == "ssid=XXX-ER") returns ok } # server eduroam Sending Access-Accept of id 189 to 172.16.254.45 port 1645 Tunnel-Type:0 := VLAN Tunnel-Medium-Type:0 := IEEE-802 Tunnel-Private-Group-Id:0 := "220" User-Name = "palmi" MS-MPPE-Recv-Key = 0xf308f970d2507771e30d0f1cc87c6d35ab9a6c65b56dfec2141f50273d6045ff MS-MPPE-Send-Key = 0xa68961323bdf00916cf8ee1043d99477eeaf6a46de78f1101234e9a8a5faf8e2 EAP-Message = 0x030a0004 Message-Authenticator = 0x00000000000000000000000000000000 Finished request 9. Going to the next request Waking up in 4.6 seconds. rad_recv: Accounting-Request packet from host 172.16.254.45 port 1646, id=17, length=366 Acct-Session-Id = "0000038C" Called-Station-Id = "003a.9ae0.1460" Calling-Station-Id = "d49a.2063.2450" Cisco-AVPair = "ssid=XXX-ER" Cisco-AVPair = "vlan-id=220" Cisco-AVPair = "nas-location=Floor Ground, Building F1 (test)" WISPr-Location-Name = "Floor Ground, Building F1 (test)" User-Name = "palmi" Cisco-AVPair = "connect-progress=Call Up" Acct-Authentic = RADIUS Acct-Status-Type = Start NAS-Port-Type = Wireless-802.11 NAS-Port = 1016 NAS-Port-Id = "1016" Service-Type = Framed-User NAS-IP-Address = 172.16.254.45 Acct-Delay-Time = 0 server eduroam { # Executing section preacct from file /etc/raddb/sites-enabled/eduroam +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 1016,Client-IP-Address = 172.16.254.45,NAS- IP-Address = 172.16.254.45,Acct-Session-Id = "0000038C",User-Name = "palmi"' [acct_unique] Acct-Unique-Session-ID = "4cdcd06ed9699fd5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "palmi", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Stripped-User-Name = "palmi" [suffix] Adding Realm = "NULL" [suffix] Accounting realm is LOCAL. ++[suffix] returns ok [files] expand: %{Stripped-User-Name} -> palmi [files] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi ++[files] returns noop # Executing section accounting from file /etc/raddb/sites-enabled/eduroam +- entering group accounting {...} [detail] expand: /var/log/radius/radacct/detail -> /var/log/radius/radacct/detail [detail] /var/log/radius/radacct/detail expands to /var/log/radius/radacct/detail [detail] expand: %t -> Fri Jul 19 15:02:52 2013 ++[detail] returns ok [radutmp] expand: /var/log/radius/radutmp -> /var/log/radius/radutmp [radutmp] expand: %{Stripped-User-Name} -> palmi [radutmp] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi ++[radutmp] returns ok [sradutmp] expand: /var/log/radius/sradutmp -> /var/log/radius/sradutmp [sradutmp] expand: %{User-Name} -> palmi ++[sradutmp] returns ok } # server eduroam Sending Accounting-Response of id 17 to 172.16.254.45 port 1646 Finished request 10. Cleaning up request 10 ID 17 with timestamp +7 Going to the next request Waking up in 4.5 seconds. Cleaning up request 0 ID 180 with timestamp +6 Cleaning up request 1 ID 181 with timestamp +6 Cleaning up request 2 ID 182 with timestamp +7 Cleaning up request 3 ID 183 with timestamp +7 Cleaning up request 4 ID 184 with timestamp +7 Cleaning up request 5 ID 185 with timestamp +7 Cleaning up request 6 ID 186 with timestamp +7 Cleaning up request 7 ID 187 with timestamp +7 Cleaning up request 8 ID 188 with timestamp +7 Cleaning up request 9 ID 189 with timestamp +7 Ready to process requests. ################################################################################################### HERE I DISCONNECTED FROM WIRELESS NETWORK ################################################################################################### rad_recv: Accounting-Request packet from host 172.16.254.45 port 1646, id=18, length=465 Acct-Session-Id = "0000038C" Called-Station-Id = "003a.9ae0.1460" Calling-Station-Id = "d49a.2063.2450" Cisco-AVPair = "ssid=XXX-ER" Cisco-AVPair = "vlan-id=220" Cisco-AVPair = "nas-location=Floor Ground, Building F1 (test)" WISPr-Location-Name = "Floor Ground, Building F1 (test)" Cisco-AVPair = "auth-algo-type=eap-peap" User-Name = "palmi" Acct-Authentic = RADIUS Cisco-AVPair = "connect-progress=Call Up" Acct-Session-Time = 37 Acct-Input-Octets = 19549 Acct-Output-Octets = 15498 Acct-Input-Packets = 88 Acct-Output-Packets = 72 Acct-Terminate-Cause = Lost-Carrier Cisco-AVPair = "disc-cause-ext=No Reason" Acct-Status-Type = Stop NAS-Port-Type = Wireless-802.11 NAS-Port = 1016 NAS-Port-Id = "1016" Service-Type = Framed-User NAS-IP-Address = 172.16.254.45 Acct-Delay-Time = 0 server eduroam { # Executing section preacct from file /etc/raddb/sites-enabled/eduroam +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 1016,Client-IP-Address = 172.16.254.45,NAS- IP-Address = 172.16.254.45,Acct-Session-Id = "0000038C",User-Name = "palmi"' [acct_unique] Acct-Unique-Session-ID = "4cdcd06ed9699fd5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "palmi", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Stripped-User-Name = "palmi" [suffix] Adding Realm = "NULL" [suffix] Accounting realm is LOCAL. ++[suffix] returns ok [files] expand: %{Stripped-User-Name} -> palmi [files] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi ++[files] returns noop # Executing section accounting from file /etc/raddb/sites-enabled/eduroam +- entering group accounting {...} [detail] expand: /var/log/radius/radacct/detail -> /var/log/radius/radacct/detail [detail] /var/log/radius/radacct/detail expands to /var/log/radius/radacct/detail [detail] expand: %t -> Fri Jul 19 15:03:28 2013 ++[detail] returns ok [radutmp] expand: /var/log/radius/radutmp -> /var/log/radius/radutmp [radutmp] expand: %{Stripped-User-Name} -> palmi [radutmp] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi ++[radutmp] returns ok [sradutmp] expand: /var/log/radius/sradutmp -> /var/log/radius/sradutmp [sradutmp] expand: %{User-Name} -> palmi ++[sradutmp] returns ok } # server eduroam Sending Accounting-Response of id 18 to 172.16.254.45 port 1646 Finished request 11. Cleaning up request 11 ID 18 with timestamp +43 Going to the next request Ready to process requests.