Hi, radlast shows NAS-Identifier trunked lbazch 009:AP-PV-PB Tue Jul 10 12:10 still logged in mfembe 004:AP-PI-PB Tue Jul 10 12:10 still logged in msabad 005:oficina- Tue Jul 10 12:10 still logged in Why? Is a bug? A misconfiguration? You want the debug output, ok you have it :) FreeRADIUS Version 2.1.12, for host x86_64-unknown-linux-gnu, built on Jan 3 2012 at 16:18:16 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb-testing/radiusd.conf including configuration file /etc/raddb-testing/proxy.conf including configuration file /etc/raddb-testing/clients.conf including files in directory /etc/raddb-testing/modules/ including configuration file /etc/raddb-testing/modules/chap including configuration file /etc/raddb-testing/modules/mschap including configuration file /etc/raddb-testing/modules/sqlcounter_expire_on_login including configuration file /etc/raddb-testing/modules/exec including configuration file /etc/raddb-testing/modules/realm including configuration file /etc/raddb-testing/modules/checkval including configuration file /etc/raddb-testing/modules/rediswho including configuration file /etc/raddb-testing/modules/passwd including configuration file /etc/raddb-testing/modules/attr_filter including configuration file /etc/raddb-testing/modules/linelog including configuration file /etc/raddb-testing/modules/wimax including configuration file /etc/raddb-testing/modules/pam including configuration file /etc/raddb-testing/modules/inner-eap including configuration file /etc/raddb-testing/modules/echo including configuration file /etc/raddb-testing/modules/soh including configuration file /etc/raddb-testing/modules/replicate including configuration file /etc/raddb-testing/modules/acct_unique including configuration file /etc/raddb-testing/modules/etc_group including configuration file /etc/raddb-testing/modules/pap including configuration file /etc/raddb-testing/modules/expr including configuration file /etc/raddb-testing/modules/smbpasswd including configuration file /etc/raddb-testing/modules/attr_rewrite including configuration file /etc/raddb-testing/modules/radutmp including configuration file /etc/raddb-testing/modules/mac2ip including configuration file /etc/raddb-testing/modules/logintime including configuration file /etc/raddb-testing/modules/sql_log including configuration file /etc/raddb-testing/modules/smsotp including configuration file /etc/raddb-testing/modules/preprocess including configuration file /etc/raddb-testing/modules/policy including configuration file /etc/raddb-testing/modules/cui including configuration file /etc/raddb-testing/modules/perl including configuration file /etc/raddb-testing/modules/digest including configuration file /etc/raddb-testing/modules/mac2vlan including configuration file /etc/raddb-testing/modules/otp including configuration file /etc/raddb-testing/modules/files including configuration file /etc/raddb-testing/modules/always including configuration file /etc/raddb-testing/modules/ntlm_auth including configuration file /etc/raddb-testing/modules/detail including configuration file /etc/raddb-testing/modules/krb5 including configuration file /etc/raddb-testing/modules/sradutmp including configuration file /etc/raddb-testing/modules/opendirectory including configuration file /etc/raddb-testing/modules/counter including configuration file /etc/raddb-testing/modules/detail.example.com including configuration file /etc/raddb-testing/modules/ippool including configuration file /etc/raddb-testing/modules/expiration including configuration file /etc/raddb-testing/modules/dynamic_clients including configuration file /etc/raddb-testing/modules/detail.log including configuration file /etc/raddb-testing/modules/redis including configuration file /etc/raddb-testing/modules/ldap including configuration file /etc/raddb-testing/modules/unix including configuration file /etc/raddb-testing/eap.conf including configuration file /etc/raddb-testing/policy.conf including files in directory /etc/raddb-testing/sites-enabled/ including configuration file /etc/raddb-testing/sites-enabled/status including configuration file /etc/raddb-testing/sites-enabled/control-socket including configuration file /etc/raddb-testing/sites-enabled/inner-tunnel including configuration file /etc/raddb-testing/sites-enabled/default including configuration file /etc/raddb-testing/sites-enabled/inner-tunnel-peap main { user = "radiusd" group = "radiusd" allow_core_dumps = no } including dictionary file /etc/raddb-testing/dictionary main { name = "radiusd" prefix = "/usr/local-test" localstatedir = "/usr/local-test/var" sbindir = "/usr/local-test/sbin" logdir = "/usr/local-test/var/log/radius" run_dir = "/usr/local-test/var/run/radiusd" libdir = "/usr/local-test/lib" radacctdir = "/usr/local-test/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/usr/local-test/var/run/radiusd/radiusd.pid" checkrad = "/usr/local-test/sbin/checkrad" debug_level = 0 proxy_requests = no log { stripped_names = yes auth = yes auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "nvam890" response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "nvam890" nastype = "other" } client 192.168.1.5 { require_message_authenticator = no secret = "nvam890" shortname = "vivalapepa.sarlanga.edu" } client 10.129.100.1 { require_message_authenticator = no secret = "sarlangalad0-Red-3-winnie" shortname = "AP-PI-PB" } client 10.129.10.1 { require_message_authenticator = no secret = "sarlangalad0-Red-3-winnie" shortname = "AP-PI-SS" } client 10.129.11.1 { require_message_authenticator = no secret = "sarlangalad0-Red-3-winnie" shortname = "AP-PI-1" } client 10.129.111.1 { require_message_authenticator = no secret = "sarlangalad0-Red-3-winnie" shortname = "AP-PI-1" } client 10.129.12.1 { require_message_authenticator = no secret = "sarlangalad0-Red-3-winnie" shortname = "AP-PI-2" } client 10.129.13.1 { require_message_authenticator = no secret = "sarlangalad0-Red-3-winnie" shortname = "AP-PI-3" } client 10.129.14.1 { require_message_authenticator = no secret = "sarlangalad0-Red-3-winnie" shortname = "AP-PI-4" } client 10.129.199.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "PIVOT-LINKSYS" } client 10.129.200.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "PIVOT-TPLINK" } client 10.129.254.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "Transitional" } client 10.129.15.1 { require_message_authenticator = no secret = "sarlangalad0-Red-3-winnie" shortname = "AP-PI-5" } client 10.129.16.1 { require_message_authenticator = no secret = "sarlangalad0-Red-3-winnie" shortname = "AP-PI-6" } client 10.129.17.1 { require_message_authenticator = no secret = "sarlangalad0-Red-3-winnie" shortname = "AP-PI-7" } client 10.129.60.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-Sociales-0" } client 10.129.61.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-Sociales-I" } client 10.129.62.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-Sociales-I" } client 10.129.158.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-SS" } client 10.129.80.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-PB" } client 10.129.180.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-PB-SUM" } client 10.128.255.81 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-I" } client 10.129.81.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-I" } client 10.128.255.82 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-II" } client 10.129.82.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-II" } client 10.128.250.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-Bridge" } client 10.128.255.172 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-I_bis_test" } client 10.128.255.83 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-III" } client 10.129.83.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-III" } client 10.129.183.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-III" } client 10.129.84.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-IV" } client 10.129.184.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-IV-Bis" } client 10.129.194.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-IV-Bis-2" } client 10.128.255.181 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-I_bis" } client 10.129.181.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-I_bis" } client 10.129.162.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-I_bis_2" } client 10.128.255.86 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-VI" } client 10.129.86.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-VI" } client 10.128.255.87 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-VII" } client 10.129.87.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-VII" } client 10.129.187.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-VII-Derecho" } client 10.129.99.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-Pivot" } client 10.129.52.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-PV-PB" } client 10.128.255.85 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-V" } client 10.129.85.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-V" } client 10.129.189.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-IX-HD" } client 10.129.88.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-VIII" } client 10.129.89.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "oficina-test" } client 10.129.160.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-Sociales-Auditorio" } client 10.129.182.1 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-yocadorneotucadorneas-X" } client 192.168.2.53 { require_message_authenticator = no secret = "akantilad0-Green-22" shortname = "sarlanga3" } client 192.168.45 { require_message_authenticator = no secret = "sarlangalad0-black-54" shortname = "sarlanga4" } client 192.168.3.201 { require_message_authenticator = no secret = "sarlangalad0-blue-246692" shortname = "sarlanga7" } client 192.168.4 { require_message_authenticator = no secret = "Zarag0Za-Muppet5-32" shortname = "AP-sarlanga7" } client 192.168.142.240 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-Cabre-1" } client 192.168.142.241 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-Cabre-2" } client 192.168.142.242 { require_message_authenticator = no secret = "sarlangalad0-Red-398952" shortname = "AP-Cabre-3" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /etc/raddb-testing/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/raddb-testing/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/raddb-testing/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /etc/raddb-testing/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file /etc/raddb-testing/radiusd.conf modules { Module: Creating Post-Auth-Type = REJECT Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/raddb-testing/modules/pap pap { encryption_scheme = "auto" auto_header = yes } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/raddb-testing/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/raddb-testing/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes } Module: Linked to module rlm_pam Module: Instantiating module "pam" from file /etc/raddb-testing/modules/pam pam { pam_auth = "radiusd" } Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /etc/raddb-testing/modules/unix unix { radwtmp = "/usr/local-test/var/log/radius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/raddb-testing/eap.conf eap { default_eap_type = "md5" timer_expire = 600 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = "/etc/pki/tls/certs/ips-vivalapepa-key.pem" certificate_file = "/etc/pki/tls/certs/vivalapepa.sarlanga.edu.cer" CA_file = "/etc/pki/tls/certs/IPS-IPSCABUNDLE.crt" dh_file = "/etc/raddb-testing/certs/dh" random_file = "/etc/raddb-testing/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" cache { enable = yes lifetime = 6 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = yes use_tunneled_reply = yes virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = yes } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/raddb-testing/modules/preprocess preprocess { huntgroups = "/etc/raddb-testing/huntgroups" hints = "/etc/raddb-testing/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Linked to module rlm_detail Module: Instantiating module "auth_log" from file /etc/raddb-testing/modules/detail.log detail auth_log { detailfile = "/usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /etc/raddb-testing/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/raddb-testing/modules/files files { usersfile = "/etc/raddb-testing/users" acctusersfile = "/etc/raddb-testing/acct_users" preproxy_usersfile = "/etc/raddb-testing/preproxy_users" compat = "no" } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/raddb-testing/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Instantiating module "detail" from file /etc/raddb-testing/modules/detail detail { detailfile = "/usr/local-test/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = yes } Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/raddb-testing/modules/radutmp radutmp { filename = "/usr/local-test/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb-testing/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/raddb-testing/attrs.accounting_response" key = "%{User-Name}" relaxed = no } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_linelog Module: Instantiating module "linelog" from file /etc/raddb-testing/modules/linelog linelog { filename = "/usr/local-test/var/log/radius/linelog" permissions = 384 format = "%{Packet-Type} %{reply:Packet-Type} %{User-Name} %{EAP-Type:-PAP} %{NAS-IP-Address} %{NAS-Identifier}" } Module: Instantiating module "reply_log" from file /etc/raddb-testing/modules/detail.log detail reply_log { detailfile = "/usr/local-test/var/log/radius/radacct/replies/%{Client-IP-Address}/reply-detail-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating module "attr_filter.access_reject" from file /etc/raddb-testing/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/raddb-testing/attrs.access_reject" key = "%{User-Name}" relaxed = no } } # modules } # server server status { # from file /etc/raddb-testing/sites-enabled/status modules { Module: Creating Autz-Type = Status-Server Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_always Module: Instantiating module "ok" from file /etc/raddb-testing/modules/always always ok { rcode = "ok" simulcount = 0 mpp = no } } # modules } # server server inner-tunnel { # from file /etc/raddb-testing/sites-enabled/inner-tunnel modules { Module: Creating Auth-Type = LDAP Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_ldap Module: Instantiating module "ldap" from file /etc/raddb-testing/modules/ldap ldap { server = "ldap.sarlanga.edu" port = 636 password = "sarlanga" identity = "cn=freeradius,ou=applications,dc=sarlanga,dc=edu" net_timeout = 10 timeout = 120 timelimit = 30 tls_mode = no start_tls = no tls_require_cert = "allow" tls { start_tls = no cacertfile = "/etc/raddb-testing/cacert.pem" randfile = "/dev/urandom" require_cert = "demand" } basedn = "ou=people,dc=sarlanga,dc=edu" filter = "(uid=%u)" base_filter = "(objectclass=radiusprofile)" auto_header = no access_attr = "radiusAllowed" access_attr_used_for_allow = yes groupname_attribute = "cn" groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" dictionary_mapping = "/etc/raddb-testing/ldap.attrmap" ldap_debug = 40 ldap_connections_number = 15 compare_check_items = no do_xlat = yes set_auth_type = yes keepalive { interval = 3 } } rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap rlm_ldap: reading ldap<->radius mappings from file /etc/raddb-testing/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusPassword mapped to RADIUS Cleartext-Password rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id conns: 0x6cb0ac0 Module: Checking authorize {...} for more modules to load Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server server inner-tunnel-peap { # from file /etc/raddb-testing/sites-enabled/inner-tunnel-peap modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = 192.168.1.5 port = 0 } listen { type = "acct" ipaddr = 192.168.1.5 port = 0 } listen { type = "control" listen { socket = "/usr/local-test/var/run/radiusd/radiusd.sock" } } listen { type = "status" ipaddr = 127.0.0.1 port = 18120 client admin { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "YellowSubmarine" } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18121 } Listening on authentication address 192.168.1.5 port 1812 Listening on accounting address 192.168.1.5 port 1813 Listening on command file /usr/local-test/var/run/radiusd/radiusd.sock Listening on status address 127.0.0.1 port 18120 as server status Listening on authentication address 127.0.0.1 port 18121 as server inner-tunnel Ready to process requests. rad_recv: Access-Request packet from host 10.129.180.1 port 55764, id=58, length=167 User-Name = "yyyyy" NAS-Identifier = "AP-yocadorneotucadorneas-PB-SUM" NAS-Port = 5 Called-Station-Id = "00-XX-XX-XX-25-D0:sarlanga-I" Calling-Station-Id = "A8-FF-FF-AA-E7-48" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x02a1000b016d6c656e6f69 Message-Authenticator = 0x88fcf4ca35b563fb01a0f63ff55a27d4 # Executing section authorize from file /etc/raddb-testing/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: %{Virtual-Server} -> [auth_log] ... expanding second conditional [auth_log] expand: /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d -> /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d expands to /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] expand: %t -> Tue Jul 10 12:19:46 2012 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "yyyyy", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 161 length 11 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb-testing/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 58 to 10.129.180.1 port 55764 EAP-Message = 0x01a200160410eba586f1a4e43e386b7cba670d11fc58 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8814deeb88b6daa97df52ad5b75d5386 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.129.180.1 port 55764, id=59, length=180 User-Name = "yyyyy" NAS-Identifier = "AP-yocadorneotucadorneas-PB-SUM" NAS-Port = 5 Called-Station-Id = "00-XX-XX-XX-25-D0:sarlanga-I" Calling-Station-Id = "A8-FF-FF-AA-E7-48" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x02a200060319 State = 0x8814deeb88b6daa97df52ad5b75d5386 Message-Authenticator = 0x1e5fcf13dc906487e9bc6138d2def512 # Executing section authorize from file /etc/raddb-testing/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: %{Virtual-Server} -> [auth_log] ... expanding second conditional [auth_log] expand: /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d -> /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d expands to /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] expand: %t -> Tue Jul 10 12:19:46 2012 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "yyyyy", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 162 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb-testing/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Flushing SSL sessions (of #0) [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 59 to 10.129.180.1 port 55764 EAP-Message = 0x01a300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8814deeb89b7c7a97df52ad5b75d5386 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.129.180.1 port 55764, id=60, length=240 User-Name = "yyyyy" NAS-Identifier = "AP-yocadorneotucadorneas-PB-SUM" NAS-Port = 5 Called-Station-Id = "00-XX-XX-XX-25-D0:sarlanga-I" Calling-Station-Id = "A8-FF-FF-AA-E7-48" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x02a30042190016030100370100003303014ffc4751a6a0a85eeb3cb3cc0924f3d862ce97c74999acb91562f01c3c4ccef500000c0013000a0033002f000500040100 State = 0x8814deeb89b7c7a97df52ad5b75d5386 Message-Authenticator = 0x3fba2ff705f2bf305cb8c711deff0b96 # Executing section authorize from file /etc/raddb-testing/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: %{Virtual-Server} -> [auth_log] ... expanding second conditional [auth_log] expand: /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d -> /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d expands to /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] expand: %t -> Tue Jul 10 12:19:46 2012 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "yyyyy", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 163 length 66 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb-testing/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0037], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 004a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 1324], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 60 to 10.129.180.1 port 55764 EAP-Message = 0x01a4040019c000001381160301004a0200004603014ffc4812c847086e3bf550b27dec5092792445e353e4d1a3e2db9eaa97196478205c12f92d381891c8b63481c5b06d636edd829eb656da4bb5fe754809f8f741f8000a0016030113240b00132000131d00071730820713308205fba0030201020214101b7f691cb7a76e4d2434f172207f0d6457bfd6300d06092a864886f70d01010505003081b0310b3009060355040613024553310f300d060355040813064d4144524944310f300d060355040713064d414452494431243022060355040a131b6970732043657274696669636174696f6e20417574686f7269747931183016060355040b130f EAP-Message = 0x43657274696669636163696f6e657331193017060355040313106970734341204c6576656c20312043413124302206092a864886f70d010901161569707363616c6576656c314069707363612e636f6d301e170d3132303132373132303731335a170d3134303230313132303731335a30818d310b3009060355040613024152311530130603550407130c4275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f31273025060355040b131e446570617274616d656e746f20646520436f6d756e69636163696f6e6573311d301b06035504031314737065637472756d2e70616c65726d6f2e EAP-Message = 0x65647530820122300d06092a864886f70d01010105000382010f003082010a0282010100a8efabc6c785b1314fc7a643f75a6b1e1ae645b4ad47d23a5ce062cd3fa5a998112d48b88960da17628181430eb1e6dbcd806eb3b77ad9ca5728e86d333f9a910107d90c0e2dad1951587fb6ebe0b1f99665fad04e352e1d87dbf1a1292ae3cc8bb936511b10cc25facb79db7df50a443359a5c46213253cfbee9db5a262221e23d6961c6f2e4bff6c7702fe05eeff8c97c3c4558f84d3d61a1571017d5638863ec4f341613113aca1b385ae7598065503f28f78c83c632ebb0183d6d8ffd21edd8cd4db50c1550443f12706847a053769c1c5c7f94eff9fff EAP-Message = 0x8c3091d3892db2f35ab46dc208d1e03f37b82fb96d7fba474b42279ecb74157fdc521c038949dd0203010001a38203443082034030090603551d1304023000301106096086480186f8420101040403020640300b0603551d0f0404030205a030130603551d25040c300a06082b06010505070301301d0603551d0e04160414d57dbba6130341755d2138e3ed9faacb3e65cdcb301f0603551d230418301680147d9e6b0efc13e1c48ba77f61ae6021cfcda0d30630090603551d1104023000305b0603551d1204543052a450304e310b300906035504061302455331243022060355040a131b6970732043657274696669636174696f6e20417574686f EAP-Message = 0x726974793119301706035504 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8814deeb8ab0c7a97df52ad5b75d5386 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.129.180.1 port 55764, id=61, length=180 User-Name = "yyyyy" NAS-Identifier = "AP-yocadorneotucadorneas-PB-SUM" NAS-Port = 5 Called-Station-Id = "00-XX-XX-XX-25-D0:sarlanga-I" Calling-Station-Id = "A8-FF-FF-AA-E7-48" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x02a400061900 State = 0x8814deeb8ab0c7a97df52ad5b75d5386 Message-Authenticator = 0x6151ed5595147071dcca331db578ce31 # Executing section authorize from file /etc/raddb-testing/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: %{Virtual-Server} -> [auth_log] ... expanding second conditional [auth_log] expand: /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d -> /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d expands to /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] expand: %t -> Tue Jul 10 12:19:46 2012 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "yyyyy", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 164 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb-testing/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 61 to 10.129.180.1 port 55764 EAP-Message = 0x01a503fc19400313106970734341204c6576656c2031204341307106096086480186f842010d046416624f7267616e697a6174696f6e20496e666f726d6174696f6e204e4f542056414c4944415445442e204c4556454c3120536572766572204365727469666963617465206973737565642062792068747470733a2f2f7777772e69707363612e636f6d2f302906096086480186f8420102041c161a687474703a2f2f6c6576656c3130312e69707363612e636f6d2f303c06096086480186f8420104042f162d687474703a2f2f6c6576656c3130312e69707363612e636f6d2f63726c2f69707363616c6576656c312e63726c3043060960864801 EAP-Message = 0x86f842010304361634687474703a2f2f6c6576656c3130312e69707363612e636f6d2f63726c2f7265766f636174696f6e4c4556454c312e68746d6c3f304006096086480186f842010704331631687474703a2f2f6c6576656c3130312e69707363612e636f6d2f63726c2f72656e6577616c4c4556454c312e68746d6c3f303e06096086480186f84201080431162f687474703a2f2f6c6576656c3130312e69707363612e636f6d2f63726c2f706f6c6963794c4556454c312e68746d6c30730603551d1f046c306a3033a031a02f862d687474703a2f2f6c6576656c3130312e69707363612e636f6d2f63726c2f69707363616c6576656c312e63 EAP-Message = 0x726c3033a031a02f862d687474703a2f2f6c6576656c3130322e69707363612e636f6d2f63726c2f69707363616c6576656c312e63726c303e06082b0601050507010104323030302e06082b060105050730018622687474703a2f2f6f6373706c6576656c3130312e69707363612e636f6d2f6f637370300d06092a864886f70d010105050003820101004b61ec4cf7163dad3601e3de9938175ec4ec75d60f658eabf37b1e331283419e7438e584e8cfc47c087c7cba005dcd9d7d165a470bd7aaea70b69b1a18ad2a6cc136cf2ff5cb948ae2866b1c46bbf8ef999ecb510407f28a091e7aa75684d90938f85c3fcd39580112b6979f3284c581f86b EAP-Message = 0x998bc211c1de82e87fd57ee7a975905e9dec75020feda29cf4f29dc59dc3946ccf328f7380c6f3f4064d3f6f496fffd640ed2c813c44d648f9ee0143f894d41f4970f30e158064b305a4ae264887a62b5ee51f4f7f3241ddeebcd1153f836262d7c24c4cd7a09f2ab6bc052cd2ecf78e948f240e526538478893fb776f27d44d620c8e58641b4231958c85d758080005f2308205ee308204d6a00302010202141000000000000000000000000000000000000011300d06092a864886f70d01010505003081b2310b3009060355040613024553310f300d060355040813064d6164726964310f300d060355040713064d6164726964312f302d06035504 EAP-Message = 0x0a13264950532043 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8814deeb8bb1c7a97df52ad5b75d5386 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.129.180.1 port 55764, id=62, length=180 User-Name = "yyyyy" NAS-Identifier = "AP-yocadorneotucadorneas-PB-SUM" NAS-Port = 5 Called-Station-Id = "00-XX-XX-XX-25-D0:sarlanga-I" Calling-Station-Id = "A8-FF-FF-AA-E7-48" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x02a500061900 State = 0x8814deeb8bb1c7a97df52ad5b75d5386 Message-Authenticator = 0x67cd523cc7b68fde1645669d61b7fd97 # Executing section authorize from file /etc/raddb-testing/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: %{Virtual-Server} -> [auth_log] ... expanding second conditional [auth_log] expand: /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d -> /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d expands to /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] expand: %t -> Tue Jul 10 12:19:46 2012 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "yyyyy", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 165 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb-testing/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 62 to 10.129.180.1 port 55764 EAP-Message = 0x01a603fc1940657274696669636174696f6e20417574686f7269747920732e6c2e206970734341310e300c060355040b13056970734341311d301b06035504031314697073434120476c6f62616c20434120526f6f743121301f06092a864886f70d0109011612676c6f62616c30314069707363612e636f6d301e170d3039313231303131333835325a170d3239313232343131333835325a3081b0310b3009060355040613024553310f300d060355040813064d4144524944310f300d060355040713064d414452494431243022060355040a131b6970732043657274696669636174696f6e20417574686f7269747931183016060355040b130f43 EAP-Message = 0x657274696669636163696f6e657331193017060355040313106970734341204c6576656c20312043413124302206092a864886f70d010901161569707363616c6576656c314069707363612e636f6d30820122300d06092a864886f70d01010105000382010f003082010a02820101009f4db33023c13a798527825d45ce5b64f82bafe15d6001e2940ed501863645858c0c8e76e1a0a40d935417986aeeb2840b23eabf217cc0ee49c026791954d6311890f7fb970be3a8c51640de2eb88c655b32d953f7c8ff06fb896654f8ea44420fb74fc7b0e94fd1d0bbfa968a33e346b7fa64bc65b11fb1e0e105f80cdd4af58b3097b4480a94feaf1d63f269 EAP-Message = 0x2c6b1b446afd3bd9dae70df0c68ab6e0190160a309a2b320401b14073a8c22df33f476c185b862b849b975c196ed1108af3c3f4e59e840dc995a134747e3b2840a7e8130b71c969f2e0d1cd0e5845e5bad3cce4a6b7d684522f54d5ae79f5c19004827a5787882d3e2ffb1e680dfeb2a125bb10203010001a38201fa308201f6302a06096086480186f8420102041d161b68747470733a2f2f6c6576656c3130312e69707363612e636f6d2f302106096086480186f84201030414161265737461646f2f65737461646f2e6173703f302706096086480186f8420104041a161865737461646f4341544553542f65737461646f2e6173703f3022060960 EAP-Message = 0x86480186f84201070415161365737461646f2f72656e756576612e6173703f302006096086480186f84201080413161165737461646f2f706f6c6963792e617370302406096086480186f842010d04171615436572746966696361646f20706f72206970734341301106096086480186f8420101040403020007300c0603551d13040530030101ff301d0603551d0e041604147d9e6b0efc13e1c48ba77f61ae6021cfcda0d306303e0603551d1f043730353033a031a02f862d687474703a2f2f6c6576656c3130312e69707363612e636f6d2f63726c2f69707363616c6576656c312e63726c303a06082b06010505070101042e302c302a06082b06 EAP-Message = 0x010505073001861e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8814deeb8cb2c7a97df52ad5b75d5386 Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.129.180.1 port 55764, id=63, length=180 User-Name = "yyyyy" NAS-Identifier = "AP-yocadorneotucadorneas-PB-SUM" NAS-Port = 5 Called-Station-Id = "00-XX-XX-XX-25-D0:sarlanga-I" Calling-Station-Id = "A8-FF-FF-AA-E7-48" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x02a600061900 State = 0x8814deeb8cb2c7a97df52ad5b75d5386 Message-Authenticator = 0xf9928a64da7f9a2233d6f45dd4ddd309 # Executing section authorize from file /etc/raddb-testing/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: %{Virtual-Server} -> [auth_log] ... expanding second conditional [auth_log] expand: /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d -> /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d expands to /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] expand: %t -> Tue Jul 10 12:19:46 2012 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "yyyyy", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 166 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb-testing/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 63 to 10.129.180.1 port 55764 EAP-Message = 0x01a703fc1940687474703a2f2f6f6373706c6576656c3130312e69707363612e636f6d2f300b0603551d0f04040302010630470603551d250440303e06082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308060a2b0601040182370a0304300d06092a864886f70d010105050003820101008737bf8f76d31d2eca683935839d2958fe74add252963aff06e84cb0308e3316c5972d29aebe28e77e10ab20e1ed509ecfbbd394fe1da47370d27e6239b31cd636e1d4782bace12bedc753a14dd4281f588e56e2c924f956ec0ad0df5268575ea4393bb9e46619c4cff0a7fbb7717f EAP-Message = 0xd7f247a501f8245587996ac61064ada017958080eb6d4bd3e9171685a951ae6e69419776e8de7f43fb891b853397030059549676d110ed837018f76ca7231a20647365211bee7e1e67f8026ad21c2e37a31e7001bb866076bc7adc7eff3475f2e33e94c60ed70ce792cc33c31c32df09e853cf3587c59453f98efa685cce193a482a52f3da46c2e6bd5d02b5471eb9954000060b30820607308204efa003020102020100300d06092a864886f70d01010505003081b2310b3009060355040613024553310f300d060355040813064d6164726964310f300d060355040713064d6164726964312f302d060355040a132649505320436572746966696361 EAP-Message = 0x74696f6e20417574686f7269747920732e6c2e206970734341310e300c060355040b13056970734341311d301b06035504031314697073434120476c6f62616c20434120526f6f743121301f06092a864886f70d0109011612676c6f62616c30314069707363612e636f6d301e170d3039303930373134333834345a170d3239313232353134333834345a3081b2310b3009060355040613024553310f300d060355040813064d6164726964310f300d060355040713064d6164726964312f302d060355040a13264950532043657274696669636174696f6e20417574686f7269747920732e6c2e206970734341310e300c060355040b130569707343 EAP-Message = 0x41311d301b06035504031314697073434120476c6f62616c20434120526f6f743121301f06092a864886f70d0109011612676c6f62616c30314069707363612e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100a7efcc8030b091244fb068f8c3ca2d1538555882e23863b0f7a3926f83b8b05eb08cac54b177d050e097b390ad8ab31f392b4556f7aae2df7cb2ec6f532f9acbd0e666cbc913e872e2b4cd31578712b593e8fa72ceea47f28cb4b063d70400b764363997e895f188f9710d03278c61cf0883964f83c54ee85cf80670f102aa1c1ea9c8aa7ee75dcd8d3c146f67d01ba923488b21283a8a4ce6 EAP-Message = 0x1131f9212eb26766 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8814deeb8db3c7a97df52ad5b75d5386 Finished request 5. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.129.180.1 port 55764, id=64, length=180 User-Name = "yyyyy" NAS-Identifier = "AP-yocadorneotucadorneas-PB-SUM" NAS-Port = 5 Called-Station-Id = "00-XX-XX-XX-25-D0:sarlanga-I" Calling-Station-Id = "A8-FF-FF-AA-E7-48" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x02a700061900 State = 0x8814deeb8db3c7a97df52ad5b75d5386 Message-Authenticator = 0xed341e6a8b2de2aae596dcc6c65dc1c9 # Executing section authorize from file /etc/raddb-testing/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: %{Virtual-Server} -> [auth_log] ... expanding second conditional [auth_log] expand: /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d -> /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d expands to /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] expand: %t -> Tue Jul 10 12:19:46 2012 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "yyyyy", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 167 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb-testing/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 64 to 10.129.180.1 port 55764 EAP-Message = 0x01a803af1900c6296e9493cf4096fcb03dbfb2b493bf5671b6a54187b058b559232849b898f9501e2d15280b4cac49d184a99b9ae77254b738d0dbc9fea973d56d10cd8e75ebfe97fd803cfcb4d848f499460b8814a4b62edb4c60f421c16c809514d5afd50203010001a382022430820220301d0603551d0e0416041415a69680b1154b31c3c29cf6e7130b4bf318cd863081df0603551d230481d73081d4801415a69680b1154b31c3c29cf6e7130b4bf318cd86a181b8a481b53081b2310b3009060355040613024553310f300d060355040813064d6164726964310f300d060355040713064d6164726964312f302d060355040a13264950532043 EAP-Message = 0x657274696669636174696f6e20417574686f7269747920732e6c2e206970734341310e300c060355040b13056970734341311d301b06035504031314697073434120476c6f62616c20434120526f6f743121301f06092a864886f70d0109011612676c6f62616c30314069707363612e636f6d820100300c0603551d13040530030101ff300b0603551d0f04040302010630470603551d250440303e06082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308060a2b0601040182370a0304301d0603551d11041630148112676c6f62616c30314069707363612e636f6d301d0603 EAP-Message = 0x551d12041630148112676c6f62616c30314069707363612e636f6d30410603551d1f043a30383036a034a0328630687474703a2f2f63726c676c6f62616c30312e69707363612e636f6d2f63726c2f63726c676c6f62616c30312e63726c303806082b06010505070101042c302a302806082b06010505073001861c687474703a2f2f63726c676c6f62616c30312e69707363612e636f6d300d06092a864886f70d0101050500038201010018f4aefe800f8ec1776fa25a47489f2355a1536bf95da730a524be432ff8c1d157f93e2c8025cc46a936f3495b1df67cd763b34d3e78f6a7b40277f8790d3e6acb1860b8fd00af0cdd54e3548f223df310 EAP-Message = 0x6f110db51e7a8d27cc08b85bc3b81a5f2ba7603f001cf70f5c4266649e8712807089e0fa57280e4e1f102fd90580b6802f1c69f0f6b66534056fcad93ef8d45d3732c7b82bccff73930071e001c8aa43bda9f1cefa80f9f1431291a665e560074d47ba2b2f04f64a8529886510c9b253629c6c9b605c1a1bd3aec51d729906ff05cc862673b4d45405dd1e6b003bb789e8e391022012ebefe9fe0a29238123a300da70cc925f3723d01c7b355c037a16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8814deeb8ebcc7a97df52ad5b75d5386 Finished request 6. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.129.180.1 port 55764, id=65, length=500 User-Name = "yyyyy" NAS-Identifier = "AP-yocadorneotucadorneas-PB-SUM" NAS-Port = 5 Called-Station-Id = "00-XX-XX-XX-25-D0:sarlanga-I" Calling-Station-Id = "A8-FF-FF-AA-E7-48" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x02a8014419001603010106100001020100422704cd2992a92b33a0a1516a61525d92c4dfb23f82f13d7b5f56317b8668a17155e3e2db2f75abdc226796641cb7b202dbb1848b69d8dfbc9516be04e509aea5daa181ff82a299d1461247d5eaeac52c51c4e0fd970eda3675f726e29e528089f432cf1969857b47a5589ae03dedc4b2504710c7bff51ec058c224cb9d9c03e67635e9491f822d5f2b7b4cc325df76f6d7b4f95ae47a83d736e4013e02e4636b883d00cd9efd5faab5074cd2d5d2ef6200d92c35ef95a04c8943228e3d54f9c864bd52472a461a4f4a001a34004855f560759d43b008102d6ca5316311ac5d169ad14ff2ae6de1df49f05c EAP-Message = 0x8381e6e6b4115f6cea0ee09eb3e6d38b1358d7781403010001011603010028d07f0c5c09b511758626eb89bb222bd25ea4a04957e579211de5c394aa80202f9f928fe9b2cfef6f State = 0x8814deeb8ebcc7a97df52ad5b75d5386 Message-Authenticator = 0x5e5b913676276daf39e1c9ff83c259aa # Executing section authorize from file /etc/raddb-testing/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: %{Virtual-Server} -> [auth_log] ... expanding second conditional [auth_log] expand: /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d -> /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d expands to /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] expand: %t -> Tue Jul 10 12:19:46 2012 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "yyyyy", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 168 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb-testing/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data SSL: adding session 5c12f92d381891c8b63481c5b06d636edd829eb656da4bb5fe754809f8f741f8 to cache [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 65 to 10.129.180.1 port 55764 EAP-Message = 0x01a9003919001403010001011603010028d821d133aa4769658355f7b458637264e48e690e4e79bdb4b0d2d18ef509335e35e751de3bf1d351 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8814deeb8fbdc7a97df52ad5b75d5386 Finished request 7. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.129.180.1 port 55764, id=66, length=180 User-Name = "yyyyy" NAS-Identifier = "AP-yocadorneotucadorneas-PB-SUM" NAS-Port = 5 Called-Station-Id = "00-XX-XX-XX-25-D0:sarlanga-I" Calling-Station-Id = "A8-FF-FF-AA-E7-48" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x02a900061900 State = 0x8814deeb8fbdc7a97df52ad5b75d5386 Message-Authenticator = 0xca4cc7ef534339b7d9aeaf0a2a352aa5 # Executing section authorize from file /etc/raddb-testing/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: %{Virtual-Server} -> [auth_log] ... expanding second conditional [auth_log] expand: /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d -> /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d expands to /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] expand: %t -> Tue Jul 10 12:19:46 2012 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "yyyyy", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 169 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb-testing/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] returns handled Sending Access-Challenge of id 66 to 10.129.180.1 port 55764 EAP-Message = 0x01aa002b1900170301002086365ff559740ef850f6911a41fa412f9b1630f7051310898c0fc537065e9e2e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8814deeb80bec7a97df52ad5b75d5386 Finished request 8. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.129.180.1 port 55764, id=67, length=246 User-Name = "yyyyy" NAS-Identifier = "AP-yocadorneotucadorneas-PB-SUM" NAS-Port = 5 Called-Station-Id = "00-XX-XX-XX-25-D0:sarlanga-I" Calling-Station-Id = "A8-FF-FF-AA-E7-48" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x02aa0048190017030100185c83e2174ed058a36cc14e00cc4fae5a9179da770e44ac83170301002078727b4506bc63126fa2517afc18e439fd9f2f4ffdd00d99700217f127b402dd State = 0x8814deeb80bec7a97df52ad5b75d5386 Message-Authenticator = 0xecc9f19ff811e3e27e70eae209dbb6e9 # Executing section authorize from file /etc/raddb-testing/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: %{Virtual-Server} -> [auth_log] ... expanding second conditional [auth_log] expand: /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d -> /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d expands to /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] expand: %t -> Tue Jul 10 12:19:46 2012 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "yyyyy", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 170 length 72 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb-testing/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - yyyyy [peap] Got inner identity 'yyyyy' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x02aa000b016d6c656e6f69 server { [peap] Setting User-Name to yyyyy Sending tunneled request EAP-Message = 0x02aa000b016d6c656e6f69 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "yyyyy" NAS-Identifier = "AP-yocadorneotucadorneas-PB-SUM" NAS-Port = 5 Called-Station-Id = "00-XX-XX-XX-25-D0:sarlanga-I" Calling-Station-Id = "A8-FF-FF-AA-E7-48" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" NAS-IP-Address = 10.129.180.1 server inner-tunnel { # Executing section authorize from file /etc/raddb-testing/sites-enabled/inner-tunnel +- entering group authorize {...} [auth_log] expand: %{Virtual-Server} -> inner-tunnel [auth_log] expand: /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d -> /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-inner-tunnel-20120710 [auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d expands to /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-inner-tunnel-20120710 [auth_log] expand: %t -> Tue Jul 10 12:19:46 2012 ++[auth_log] returns ok ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "yyyyy", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 170 length 11 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop [ldap] performing user authorization for yyyyy [ldap] expand: (uid=%u) -> (uid=yyyyy) [ldap] expand: ou=people,dc=sarlanga,dc=edu -> ou=people,dc=sarlanga,dc=edu [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] attempting LDAP reconnection [ldap] (re)connect to ldap.sarlanga.edu:636, authentication 0 [ldap] setting TLS mode to 1 [ldap] setting TLS CACert File to /etc/raddb-testing/cacert.pem [ldap] setting TLS Require Cert to demand [ldap] setting TLS Key File to /dev/urandom [ldap] bind as cn=freeradius,ou=applications,dc=sarlanga,dc=edu/sarlanga to ldap.sarlanga.edu:636 [ldap] waiting for bind result ... [ldap] Bind was successful [ldap] performing search in ou=people,dc=sarlanga,dc=edu, with filter (uid=yyyyy) [ldap] checking if remote access for yyyyy is allowed by radiusAllowed [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{crypt}5.glupOqHA" [ldap] radiusPassword -> Cleartext-Password == "pulgas" [ldap] looking for reply items in directory... [ldap] user yyyyy authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb-testing/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x01ab00201a01ab001b109bf4c3c47d874e0e30116053130d22176d6c656e6f69 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbb51c5a6bbfadfaf825abcaa22d694a6 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x01ab00201a01ab001b109bf4c3c47d874e0e30116053130d22176d6c656e6f69 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbb51c5a6bbfadfaf825abcaa22d694a6 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 67 to 10.129.180.1 port 55764 EAP-Message = 0x01ab0043190017030100384becf00fe9503ff392eb0ef0d3775f51ebbbdc99abb097e7e43649e4cf5a6b045b10dd51fae88ce51dd17e63c292e1d3b6bc4d2b5e524350 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8814deeb81bfc7a97df52ad5b75d5386 Finished request 9. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.129.180.1 port 55764, id=68, length=302 User-Name = "yyyyy" NAS-Identifier = "AP-yocadorneotucadorneas-PB-SUM" NAS-Port = 5 Called-Station-Id = "00-XX-XX-XX-25-D0:sarlanga-I" Calling-Station-Id = "A8-FF-FF-AA-E7-48" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x02ab008019001703010018e5c8db5aac6c066c485ed9d84349c06661d80cb88cac9bd71703010058f95b5203bf5406a11f8204e5c9ff3c031497b8c48e2c4ed596a8f9cfa51ff75e2b9bf76ac3c68495721e19293d195ed2d472041ba9539e60d5c703a1829363d37341dddc900803343450801dbcd56b5ebae15794da693e6d State = 0x8814deeb81bfc7a97df52ad5b75d5386 Message-Authenticator = 0x692eac82692b4c4c30c5e03ca653c1de # Executing section authorize from file /etc/raddb-testing/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: %{Virtual-Server} -> [auth_log] ... expanding second conditional [auth_log] expand: /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d -> /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d expands to /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] expand: %t -> Tue Jul 10 12:19:46 2012 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "yyyyy", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 171 length 128 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb-testing/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x02ab00411a02ab003c313eb695228fced3448bf448185a1b560b0000000000000000f252c6370bc3705bdfe5555ae9338a10b5ba72288de07e4a006d6c656e6f69 server { [peap] Setting User-Name to yyyyy Sending tunneled request EAP-Message = 0x02ab00411a02ab003c313eb695228fced3448bf448185a1b560b0000000000000000f252c6370bc3705bdfe5555ae9338a10b5ba72288de07e4a006d6c656e6f69 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "yyyyy" State = 0xbb51c5a6bbfadfaf825abcaa22d694a6 NAS-Identifier = "AP-yocadorneotucadorneas-PB-SUM" NAS-Port = 5 Called-Station-Id = "00-XX-XX-XX-25-D0:sarlanga-I" Calling-Station-Id = "A8-FF-FF-AA-E7-48" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" NAS-IP-Address = 10.129.180.1 server inner-tunnel { # Executing section authorize from file /etc/raddb-testing/sites-enabled/inner-tunnel +- entering group authorize {...} [auth_log] expand: %{Virtual-Server} -> inner-tunnel [auth_log] expand: /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d -> /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-inner-tunnel-20120710 [auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d expands to /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-inner-tunnel-20120710 [auth_log] expand: %t -> Tue Jul 10 12:19:46 2012 ++[auth_log] returns ok ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "yyyyy", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 171 length 65 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop [ldap] performing user authorization for yyyyy [ldap] expand: (uid=%u) -> (uid=yyyyy) [ldap] expand: ou=people,dc=sarlanga,dc=edu -> ou=people,dc=sarlanga,dc=edu [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in ou=people,dc=sarlanga,dc=edu, with filter (uid=yyyyy) [ldap] checking if remote access for yyyyy is allowed by radiusAllowed [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{crypt}5.glupOqHA" [ldap] radiusPassword -> Cleartext-Password == "pulgas" [ldap] looking for reply items in directory... [ldap] user yyyyy authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb-testing/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/raddb-testing/sites-enabled/inner-tunnel [mschapv2] +- entering group MS-CHAP {...} [mschap] Creating challenge hash with username: yyyyy [mschap] Told to do MS-CHAPv2 for yyyyy with NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x01ac00331a03ab002e533d39413841374339354142433645443831334534384146373535453037463639433846314244443044 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbb51c5a6bafddfaf825abcaa22d694a6 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x01ac00331a03ab002e533d39413841374339354142433645443831334534384146373535453037463639433846314244443044 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbb51c5a6bafddfaf825abcaa22d694a6 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 68 to 10.129.180.1 port 55764 EAP-Message = 0x01ac005319001703010048582dc8183c53ae3d2134db71275f243f43601712a6c44627b4d1381f1c2141a19c9aaba8810d9d9de13075eec7e6a1cff66065961e308bf24cf9a473d8f5d0dc43be68270b31990c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8814deeb82b8c7a97df52ad5b75d5386 Finished request 10. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.129.180.1 port 55764, id=69, length=238 User-Name = "yyyyy" NAS-Identifier = "AP-yocadorneotucadorneas-PB-SUM" NAS-Port = 5 Called-Station-Id = "00-XX-XX-XX-25-D0:sarlanga-I" Calling-Station-Id = "A8-FF-FF-AA-E7-48" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x02ac004019001703010018b43d2d7c7f82555756d2fd3b16e87a5af6b0ac44b0b5d2a61703010018fd3842857f995c59fa42e79d67210d7146eec97a1d953fd1 State = 0x8814deeb82b8c7a97df52ad5b75d5386 Message-Authenticator = 0xbdc84070e732333a170a84aceec7dd0a # Executing section authorize from file /etc/raddb-testing/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: %{Virtual-Server} -> [auth_log] ... expanding second conditional [auth_log] expand: /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d -> /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d expands to /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] expand: %t -> Tue Jul 10 12:19:46 2012 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "yyyyy", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 172 length 64 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb-testing/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x02ac00061a03 server { [peap] Setting User-Name to yyyyy Sending tunneled request EAP-Message = 0x02ac00061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "yyyyy" State = 0xbb51c5a6bafddfaf825abcaa22d694a6 NAS-Identifier = "AP-yocadorneotucadorneas-PB-SUM" NAS-Port = 5 Called-Station-Id = "00-XX-XX-XX-25-D0:sarlanga-I" Calling-Station-Id = "A8-FF-FF-AA-E7-48" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" NAS-IP-Address = 10.129.180.1 server inner-tunnel { # Executing section authorize from file /etc/raddb-testing/sites-enabled/inner-tunnel +- entering group authorize {...} [auth_log] expand: %{Virtual-Server} -> inner-tunnel [auth_log] expand: /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d -> /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-inner-tunnel-20120710 [auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d expands to /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-inner-tunnel-20120710 [auth_log] expand: %t -> Tue Jul 10 12:19:46 2012 ++[auth_log] returns ok ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "yyyyy", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 172 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop [ldap] performing user authorization for yyyyy [ldap] expand: (uid=%u) -> (uid=yyyyy) [ldap] expand: ou=people,dc=sarlanga,dc=edu -> ou=people,dc=sarlanga,dc=edu [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in ou=people,dc=sarlanga,dc=edu, with filter (uid=yyyyy) [ldap] checking if remote access for yyyyy is allowed by radiusAllowed [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{crypt}5.glupOqHA" [ldap] radiusPassword -> Cleartext-Password == "pulgas" [ldap] looking for reply items in directory... [ldap] user yyyyy authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb-testing/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Freeing handler ++[eap] returns ok Login OK: [yyyyy] (from client AP-yocadorneotucadorneas-PB-SUM port 5 cli A8-FF-FF-AA-E7-48 via TLS tunnel) # Executing section post-auth from file /etc/raddb-testing/sites-enabled/inner-tunnel +- entering group post-auth {...} [linelog] expand: /usr/local-test/var/log/radius/linelog -> /usr/local-test/var/log/radius/linelog [linelog] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [linelog] expand: %{Packet-Type} %{reply:Packet-Type} %{User-Name} %{EAP-Type:-PAP} %{NAS-IP-Address} %{NAS-Identifier} -> Access-Request Access-Accept yyyyy MS-CHAP-V2 10.129.180.1 AP-yocadorneotucadorneas-PB-SUM ++[linelog] returns ok [reply_log] expand: %{Virtual-Server} -> inner-tunnel [reply_log] expand: /usr/local-test/var/log/radius/radacct/replies/%{Client-IP-Address}/reply-detail-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d -> /usr/local-test/var/log/radius/radacct/replies/10.129.180.1/reply-detail-inner-tunnel-20120710 [reply_log] /usr/local-test/var/log/radius/radacct/replies/%{Client-IP-Address}/reply-detail-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d expands to /usr/local-test/var/log/radius/radacct/replies/10.129.180.1/reply-detail-inner-tunnel-20120710 [reply_log] expand: %t -> Tue Jul 10 12:19:46 2012 ++[reply_log] returns ok } # server inner-tunnel [peap] Got tunneled reply code 2 MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 MS-MPPE-Send-Key = 0x016b3d4d79555d8ffdd2999bdc4ed987 MS-MPPE-Recv-Key = 0xb01b2bb020cf345a4141d5d2d6c82ca9 EAP-Message = 0x03ac0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "yyyyy" [peap] Got tunneled reply RADIUS code 2 MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 MS-MPPE-Send-Key = 0x016b3d4d79555d8ffdd2999bdc4ed987 MS-MPPE-Recv-Key = 0xb01b2bb020cf345a4141d5d2d6c82ca9 EAP-Message = 0x03ac0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "yyyyy" [peap] Tunneled authentication was successful. [peap] SUCCESS [peap] Saving tunneled attributes for later ++[eap] returns handled Sending Access-Challenge of id 69 to 10.129.180.1 port 55764 EAP-Message = 0x01ad002b19001703010020be08b0114c9fff08b9bec860f8bea503abcbdafac449467b0b92a56001336215 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8814deeb83b9c7a97df52ad5b75d5386 Finished request 11. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.129.180.1 port 55764, id=70, length=246 User-Name = "yyyyy" NAS-Identifier = "AP-yocadorneotucadorneas-PB-SUM" NAS-Port = 5 Called-Station-Id = "00-XX-XX-XX-25-D0:sarlanga-I" Calling-Station-Id = "A8-FF-FF-AA-E7-48" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x02ad004819001703010018256b110d9946f17c6d89933febaccaf415e820c89ea931981703010020af0105fc0964b833222e642a69e790f244caea25a0a4219d56da823f8c03ed88 State = 0x8814deeb83b9c7a97df52ad5b75d5386 Message-Authenticator = 0x187841b23947f774d7a9ce533effc1db # Executing section authorize from file /etc/raddb-testing/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: %{Virtual-Server} -> [auth_log] ... expanding second conditional [auth_log] expand: /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d -> /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d expands to /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] expand: %t -> Tue Jul 10 12:19:46 2012 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "yyyyy", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 173 length 72 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb-testing/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv success [peap] Received EAP-TLV response. [peap] Success [peap] Using saved attributes from the original Access-Accept User-Name = "yyyyy" [peap] Saving response in the cache [eap] Freeing handler ++[eap] returns ok Login OK: [yyyyy] (from client AP-yocadorneotucadorneas-PB-SUM port 5 cli A8-FF-FF-AA-E7-48) # Executing section post-auth from file /etc/raddb-testing/sites-enabled/default +- entering group post-auth {...} [auth_log] expand: %{Virtual-Server} -> [auth_log] ... expanding second conditional [auth_log] expand: /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d -> /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d expands to /usr/local-test/var/log/radius/radacct/requests/10.129.180.1/auth-detail-AP-yocadorneotucadorneas-PB-SUM-DEFAULT-20120710 [auth_log] expand: %t -> Tue Jul 10 12:19:46 2012 ++[auth_log] returns ok [linelog] expand: /usr/local-test/var/log/radius/linelog -> /usr/local-test/var/log/radius/linelog [linelog] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [linelog] expand: %{Packet-Type} %{reply:Packet-Type} %{User-Name} %{EAP-Type:-PAP} %{NAS-IP-Address} %{NAS-Identifier} -> Access-Request Access-Accept yyyyy PEAP 10.129.180.1 AP-yocadorneotucadorneas-PB-SUM ++[linelog] returns ok [reply_log] expand: %{Virtual-Server} -> [reply_log] ... expanding second conditional [reply_log] expand: /usr/local-test/var/log/radius/radacct/replies/%{Client-IP-Address}/reply-detail-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d -> /usr/local-test/var/log/radius/radacct/replies/10.129.180.1/reply-detail-DEFAULT-20120710 [reply_log] /usr/local-test/var/log/radius/radacct/replies/%{Client-IP-Address}/reply-detail-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d expands to /usr/local-test/var/log/radius/radacct/replies/10.129.180.1/reply-detail-DEFAULT-20120710 [reply_log] expand: %t -> Tue Jul 10 12:19:46 2012 ++[reply_log] returns ok ++[exec] returns noop Sending Access-Accept of id 70 to 10.129.180.1 port 55764 User-Name = "yyyyy" MS-MPPE-Recv-Key = 0xe51a247fdc7439415a900365b5d85218ff058272cf645fdbef6c6e90b5bb1dea MS-MPPE-Send-Key = 0x9fc773164859d4fe14b4890fb97748a4253016cde71c265c05fd7436040a4569 EAP-Message = 0x03ad0004 Message-Authenticator = 0x00000000000000000000000000000000 Finished request 12. Going to the next request Waking up in 4.7 seconds. rad_recv: Accounting-Request packet from host 10.129.180.1 port 48923, id=71, length=161 Acct-Session-Id = "4FFC46F9-00000004" Acct-Status-Type = Start Acct-Authentic = RADIUS User-Name = "yyyyy" NAS-Identifier = "AP-yocadorneotucadorneas-PB-SUM" NAS-Port = 5 Called-Station-Id = "00-XX-XX-XX-25-D0:sarlanga-I" Calling-Station-Id = "A8-FF-FF-AA-E7-48" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" # Executing section preacct from file /etc/raddb-testing/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 5,Client-IP-Address = 10.129.180.1,NAS-IP-Address = 10.129.180.1,Acct-Session-Id = "4FFC46F9-00000004",User-Name = "yyyyy"' [acct_unique] Acct-Unique-Session-ID = "dddf83abe2685566". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "yyyyy", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /etc/raddb-testing/sites-enabled/default +- entering group accounting {...} [detail] expand: /usr/local-test/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /usr/local-test/var/log/radius/radacct/10.129.180.1/detail-20120710 [detail] /usr/local-test/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local-test/var/log/radius/radacct/10.129.180.1/detail-20120710 [detail] expand: %t -> Tue Jul 10 12:19:46 2012 ++[detail] returns ok ++[unix] returns ok [radutmp] expand: /usr/local-test/var/log/radius/radutmp -> /usr/local-test/var/log/radius/radutmp [radutmp] expand: %{User-Name} -> yyyyy ++[radutmp] returns ok ++[exec] returns noop [attr_filter.accounting_response] expand: %{User-Name} -> yyyyy attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 71 to 10.129.180.1 port 48923 Finished request 13. Cleaning up request 13 ID 71 with timestamp +2 Going to the next request Waking up in 4.6 seconds. Thanks in advance -- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com LPIC-2 Certified - http://www.lpi.org
Hi,
radlast shows NAS-Identifier trunked
lbazch 009:AP-PV-PB Tue Jul 10 12:10 still logged in mfembe 004:AP-PI-PB Tue Jul 10 12:10 still logged in msabad 005:oficina- Tue Jul 10 12:10 still logged in
I believe the radutmp code has the NAS-Identitier limited to just 8 characters (radlast is just a wrapper which runs 'last -f' on the radwtmp file) alan
-----Original Message----- From: freeradius-users-bounces+tamas.becz=ericsson.com@lists.freerad ius.org [mailto:freeradius-users-> bounces+tamas.becz=ericsson.com@lists.freeradius.org] On Behalf Of Sergio Belkin Sent: Tuesday, July 10, 2012 5:41 PM To: FreeRadius users mailing list Subject: radlast output
Hi,
radlast shows NAS-Identifier trunked
lbazch 009:AP-PV-PB Tue Jul 10 12:10 still logged in mfembe 004:AP-PI-PB Tue Jul 10 12:10 still logged in msabad 005:oficina- Tue Jul 10 12:10 still logged in
Why? Is a bug? A misconfiguration?
You want the debug output, ok you have it :)
Uhm, you might want to spend the next couple of hours changing those secrets :)
2012/7/11 Tamás Becz <tamas.becz@ericsson.com>:
-----Original Message----- From: freeradius-users-bounces+tamas.becz=ericsson.com@lists.freerad ius.org [mailto:freeradius-users-> bounces+tamas.becz=ericsson.com@lists.freeradius.org] On Behalf Of Sergio Belkin Sent: Tuesday, July 10, 2012 5:41 PM To: FreeRadius users mailing list Subject: radlast output
Hi,
radlast shows NAS-Identifier trunked
lbazch 009:AP-PV-PB Tue Jul 10 12:10 still logged in mfembe 004:AP-PI-PB Tue Jul 10 12:10 still logged in msabad 005:oficina- Tue Jul 10 12:10 still logged in
Why? Is a bug? A misconfiguration?
You want the debug output, ok you have it :)
Uhm, you might want to spend the next couple of hours changing those secrets :) -
Hehehe, I've read once time ago somewhat like "the stupid thinks that everyone is stupid" :) What a pity, I thought you had something interesting to teach us! Oh I see you are trying to teach us something of social engineering in a open source mailing list! Wow... -- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com LPIC-2 Certified - http://www.lpi.org
Hehehe, I've read once time ago somewhat like "the stupid thinks that everyone is stupid" :) What a pity, I thought you had something interesting to teach us! Oh I see you are trying to teach us something of social engineering in a open source mailing list! Wow...
you posted a lot of sensitive stuff there that has not obviously been replaced by some random garbage. You wouldn't be the first to do that, sorry for drawing your attention to it. As to what does that have to do with social engineering, i've no clue, but at least you teach us about sarcasm. Wow..
Sergio Belkin wrote:
What a pity, I thought you had something interesting to teach us! Oh I see you are trying to teach us something of social engineering in a open source mailing list! Wow...
You're getting upset at people who are trying to help you. Be nice, or you can be unsubscribed and banned from the list. Alan DeKok.
2012/7/11 Alan DeKok <aland@deployingradius.com>:
Sergio Belkin wrote:
What a pity, I thought you had something interesting to teach us! Oh I see you are trying to teach us something of social engineering in a open source mailing list! Wow...
You're getting upset at people who are trying to help you.
Be nice, or you can be unsubscribed and banned from the list.
Alan DeKok. -
Alan, thanks for your advice, always in this mailing list I was willing to learn and to admit when I have to fix something. Mail from Tamás it looked somewhat sarcastic and had nothing to do with the main subject. In fact, a kind of such a message could have been private. It's not my habit, to be sarcastic. But ok, perhaps it was my mistake, it was not my will offend to Tamas, so my apologies. Thanks as always. -- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com LPIC-2 Certified - http://www.lpi.org
On Thu, Jul 12, 2012 at 3:17 AM, Sergio Belkin <sebelk@gmail.com> wrote:
Alan, thanks for your advice, always in this mailing list I was willing to learn and to admit when I have to fix something. Mail from Tamás it looked somewhat sarcastic and had nothing to do with the main subject.
If you're still interested in getting full NAS-Identifier, you should store accounting data in sql table. Even if you don't want to manage separate sql server (e.g. mysql), you can use something like sqlite to store the data. Needs some effort (e.g. the module is not built by default), but should be doable. -- Fajar
2012/7/12 Fajar A. Nugraha <list@fajar.net>:
On Thu, Jul 12, 2012 at 3:17 AM, Sergio Belkin <sebelk@gmail.com> wrote:
Alan, thanks for your advice, always in this mailing list I was willing to learn and to admit when I have to fix something. Mail from Tamás it looked somewhat sarcastic and had nothing to do with the main subject.
If you're still interested in getting full NAS-Identifier, you should store accounting data in sql table. Even if you don't want to manage separate sql server (e.g. mysql), you can use something like sqlite to store the data. Needs some effort (e.g. the module is not built by default), but should be doable.
-- Fajar -
Thanks Fajar, I wanted to get the "last access" of users. I was getting that informaNAS-Identifiertion parsing log files, but I found that radlast is a simple but useful thing except the NAS-Identifier characters limit. Storing data in a sql db looks interesting. I've never configured it. If I use sql only for logging is /etc/raddb/sql.conf the main file that I have to look? Do sql storing exclude from using plain log files? Thanks in advance -- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com LPIC-2 Certified - http://www.lpi.org
On Fri, Jul 13, 2012 at 1:42 AM, Sergio Belkin <sebelk@gmail.com> wrote:
Storing data in a sql db looks interesting. I've never configured it. If I use sql only for logging is /etc/raddb/sql.conf the main file that I have to look?
http://wiki.freeradius.org/SQL-HOWTO http://wiki.freeradius.org/Rlm_sql
Do sql storing exclude from using plain log files?
you can use both. -- Fajar
2012/7/12 Fajar A. Nugraha <list@fajar.net>:
On Fri, Jul 13, 2012 at 1:42 AM, Sergio Belkin <sebelk@gmail.com> wrote:
Storing data in a sql db looks interesting. I've never configured it. If I use sql only for logging is /etc/raddb/sql.conf the main file that I have to look?
http://wiki.freeradius.org/SQL-HOWTO http://wiki.freeradius.org/Rlm_sql
Do sql storing exclude from using plain log files?
you can use both.
Thanks that's good -- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com LPIC-2 Certified - http://www.lpi.org
participants (5)
-
alan buxey -
Alan DeKok -
Fajar A. Nugraha -
Sergio Belkin -
Tamás Becz