We are trying to setup a freeradius 3.0.7 server that uses EAP-PEAP and EAP-TTLS, both with MSCHAPv2. This server reads a users Cleartext-Password from an ldap server. In order to minimize the calls to the ldap server we are trying to use rlm_cache to cache the NT-Password and LM-Password so that when a user logs in after the initial log in freeradius does not need to query the ldap server. This works with EAP-TTLS, but it does not work with EAP-PEAP. The NT-Password and LM-Password do not seem to be available to the caching module with EAP-PEAP. I am pasting the parts of the config files related to this below. Please let me know if there is any other information needed. mods-enabled/cache: update { control:NT-Password := "%{control:NT-Password}" control:LM-Password := "%{control:LM-Password}" } mods-enabled/eap: eap { default_eap_type = peap ignore_unknown_eap_types = no ttls { tls = tls-common default_eap_type = mschapv2 copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" } peap { tls = tls-common default_eap_type = mschapv2 copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = no virtual_server = "inner-tunnel" } } sites-enabled/inner-tunnel: authorize { eap { ok = return } update control { Cache-Status-Only = 'yes' } cache if (notfound) { ldap } else { cache } mschap } post-auth { cache } I am also posting excerpts from the debug, again if more is needed let me know. This is for en EAP-TTLS session: Tue Feb 24 16:32:57 2015 : Debug: (7) modsingle[post-auth]: calling cache (rlm_cache) for request 7 Tue Feb 24 16:32:57 2015 : Debug: %{User-Name}%{outer.request:Calling-Station-Id} Tue Feb 24 16:32:57 2015 : Debug: Parsed xlat tree: Tue Feb 24 16:32:57 2015 : Debug: attribute --> User-Name Tue Feb 24 16:32:57 2015 : Debug: attribute --> Calling-Station-Id Tue Feb 24 16:32:57 2015 : Debug: (7) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id} Tue Feb 24 16:32:57 2015 : Debug: (7) cache: --> andyresd022be6e8229 Tue Feb 24 16:32:57 2015 : Debug: (7) cache: Mutex acquired Tue Feb 24 16:32:57 2015 : Debug: (7) cache: No cache entry found for "andyresd022be6e8229" Tue Feb 24 16:32:57 2015 : Debug: (7) cache: Creating new cache entry Tue Feb 24 16:32:57 2015 : Debug: %{control:NT-Password} Tue Feb 24 16:32:57 2015 : Debug: Parsed xlat tree: Tue Feb 24 16:32:57 2015 : Debug: attribute --> NT-Password Tue Feb 24 16:32:57 2015 : Debug: (7) cache: EXPAND %{control:NT-Password} Tue Feb 24 16:32:57 2015 : Debug: (7) cache: --> 0x927b45aa1c222ebeaad483703f11c465 Tue Feb 24 16:32:57 2015 : Debug: (7) cache: control:NT-Password := 0x927b45aa1c222ebeaad483703f11c465 Tue Feb 24 16:32:57 2015 : Debug: (7) cache: Merging cache entry into request Tue Feb 24 16:32:57 2015 : Debug: (7) cache: &control:NT-Password := 0x927b45aa1c222ebeaad483703f11c465 Tue Feb 24 16:32:57 2015 : Debug: (7) cache: ::: FROM 1 TO 6 MAX 7 Tue Feb 24 16:32:57 2015 : Debug: (7) cache: ::: Examining NT-Password Tue Feb 24 16:32:57 2015 : Debug: (7) cache: ::: OVERWRITING NT-Password FROM 0 TO 4 Tue Feb 24 16:32:57 2015 : Debug: (7) cache: ::: TO in 6 out 6 Tue Feb 24 16:32:57 2015 : Debug: (7) cache: ::: to[0] = Proxy-To-Realm Tue Feb 24 16:32:57 2015 : Debug: (7) cache: ::: to[1] = Ldap-UserDn Tue Feb 24 16:32:57 2015 : Debug: (7) cache: ::: to[2] = Cleartext-Password Tue Feb 24 16:32:57 2015 : Debug: (7) cache: ::: to[3] = Auth-Type Tue Feb 24 16:32:57 2015 : Debug: (7) cache: ::: to[4] = NT-Password Tue Feb 24 16:32:57 2015 : Debug: (7) cache: ::: to[5] = LM-Password Tue Feb 24 16:32:57 2015 : Debug: (7) cache: Commited entry, TTL 86400 seconds Tue Feb 24 16:32:57 2015 : Debug: (7) cache: Mutex released Tue Feb 24 16:32:57 2015 : Debug: (7) modsingle[post-auth]: returned from cache (rlm_cache) for request 7 Tue Feb 24 16:32:57 2015 : Debug: (7) [cache] = updated Tue Feb 24 16:32:57 2015 : Debug: (7) } # post-auth = updated Tue Feb 24 16:32:57 2015 : Debug: (7) } # server inner-tunnel This is for an EAP-PEAP Session: Tue Feb 24 16:34:57 2015 : Debug: (8) modsingle[post-auth]: calling cache (rlm_cache) for request 8 Tue Feb 24 16:34:57 2015 : Debug: %{User-Name}%{outer.request:Calling-Station-Id} Tue Feb 24 16:34:57 2015 : Debug: Parsed xlat tree: Tue Feb 24 16:34:57 2015 : Debug: attribute --> User-Name Tue Feb 24 16:34:57 2015 : Debug: attribute --> Calling-Station-Id Tue Feb 24 16:34:57 2015 : Debug: (8) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id} Tue Feb 24 16:34:57 2015 : Debug: (8) cache: --> qaresdonE8-99-C4-72-33-D8 Tue Feb 24 16:34:57 2015 : Debug: (8) cache: Mutex acquired Tue Feb 24 16:34:57 2015 : Debug: (8) cache: No cache entry found for "qaresdonE8-99-C4-72-33-D8" Tue Feb 24 16:34:57 2015 : Debug: (8) cache: Creating new cache entry Tue Feb 24 16:34:57 2015 : Debug: %{control:NT-Password} Tue Feb 24 16:34:57 2015 : Debug: Parsed xlat tree: Tue Feb 24 16:34:57 2015 : Debug: attribute --> NT-Password Tue Feb 24 16:34:57 2015 : Debug: (8) cache: EXPAND %{control:NT-Password} Tue Feb 24 16:34:57 2015 : Debug: (8) cache: --> Tue Feb 24 16:34:57 2015 : Debug: (8) cache: control:NT-Password := 0x Tue Feb 24 16:34:57 2015 : Debug: %{control:LM-Password} Tue Feb 24 16:34:57 2015 : Debug: Parsed xlat tree: Tue Feb 24 16:34:57 2015 : Debug: attribute --> LM-Password Tue Feb 24 16:34:57 2015 : Debug: (8) cache: EXPAND %{control:LM-Password} Tue Feb 24 16:34:57 2015 : Debug: (8) cache: --> Tue Feb 24 16:34:57 2015 : Debug: (8) cache: control:LM-Password := 0x Tue Feb 24 16:34:57 2015 : Debug: (8) cache: Merging cache entry into request Tue Feb 24 16:34:57 2015 : Debug: (8) cache: &control:NT-Password := 0x Tue Feb 24 16:34:57 2015 : Debug: (8) cache: &control:LM-Password := 0x Tue Feb 24 16:34:57 2015 : Debug: (8) cache: ::: FROM 2 TO 4 MAX 6 Tue Feb 24 16:34:57 2015 : Debug: (8) cache: ::: Examining NT-Password Tue Feb 24 16:34:57 2015 : Debug: (8) cache: ::: APPENDING NT-Password FROM 0 TO 4 Tue Feb 24 16:34:57 2015 : Debug: (8) cache: ::: Examining LM-Password Tue Feb 24 16:34:57 2015 : Debug: (8) cache: ::: APPENDING LM-Password FROM 1 TO 5 Tue Feb 24 16:34:57 2015 : Debug: (8) cache: ::: TO in 4 out 6 Tue Feb 24 16:34:57 2015 : Debug: (8) cache: ::: to[0] = Proxy-To-Realm Tue Feb 24 16:34:57 2015 : Debug: (8) cache: ::: to[1] = Auth-Type Tue Feb 24 16:34:57 2015 : Debug: (8) cache: ::: to[2] = Ldap-UserDn Tue Feb 24 16:34:57 2015 : Debug: (8) cache: ::: to[3] = Cleartext-Password Tue Feb 24 16:34:57 2015 : Debug: (8) cache: ::: to[4] = NT-Password Tue Feb 24 16:34:57 2015 : Debug: (8) cache: ::: to[5] = LM-Password Tue Feb 24 16:34:57 2015 : Debug: (8) cache: Commited entry, TTL 86400 seconds Tue Feb 24 16:34:57 2015 : Debug: (8) cache: Mutex released ________________________________ CONFIDENTIALITY NOTICE: This e-mail may contain information that is privileged, confidential or otherwise protected from disclosure. **If you are not the intended recipient of this e-mail, please notify the sender immediately by return e-mail, purge it and do not disseminate or copy it.
On Fri, Feb 27, 2015 at 04:04:04PM +0000, Sherker, Donald wrote:
We are trying to setup a freeradius 3.0.7 server that uses EAP-PEAP and EAP-TTLS, both with MSCHAPv2. This server reads a users Cleartext-Password from an ldap server. In order to minimize the calls to the ldap server we are trying to use rlm_cache to cache the NT-Password and LM-Password so that when a user logs in after the initial log in freeradius does not need to query the ldap server.
Surely that means that when the password is changed the RADIUS server doesn't notice immediately?
This works with EAP-TTLS, but it does not work with EAP-PEAP. The NT-Password and LM-Password do not seem to be available to the caching module with EAP-PEAP.
My guess: EAP-TTLS tunnels standard mschap internally, so hits the mschap module. Using PEAP, you're actually doing PEAP/EAP-MSCHAPv2 (an EAP type), so the eap module calls mschap behind the scenes, and the mschap call in your config isn't used. So by the time you call cache/ldap/mschap, mschap has already been called and done its stuff. I'd first try moving eap, as per below, but I've not tested this. Matthew
sites-enabled/inner-tunnel:
authorize { update control { Cache-Status-Only = 'yes' } cache if (notfound) { ldap } else { cache } eap { ok = return } mschap }
-- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>
We are trying to setup a freeradius 3.0.7 server that uses EAP-PEAP and EAP-TTLS, both with MSCHAPv2. This server reads a users Cleartext-Password from an ldap server. In order to minimize the calls to the ldap server we are trying to use rlm_cache to cache the NT-Password and LM-Password so that when a user logs in after the initial log in freeradius does not need to query the ldap server.
Surely that means that when the password is changed the RADIUS server doesn't notice immediately?
We are only caching the entry for a couple hours. So yes there could be instances of the cache in radius not being synchronized with ldap.
This works with EAP-TTLS, but it does not work with EAP-PEAP. The NT-Password and LM-Password do not seem to be available to the caching module with EAP-PEAP.
My guess: EAP-TTLS tunnels standard mschap internally, so hits the mschap module. Using PEAP, you're actually doing PEAP/EAP-MSCHAPv2 (an EAP type), so the eap module calls mschap behind the scenes, and the mschap call in your config isn't used. So by the time you call cache/ldap/mschap, mschap has already been called and done its stuff.
I'd first try moving eap, as per below, but I've not tested this.
Matthew
sites-enabled/inner-tunnel:
authorize { update control { Cache-Status-Only = 'yes' } cache if (notfound) { ldap } else { cache } eap { ok = return } mschap }
I have made this change, but the behavior is still the same.
-- Matthew Newton, Ph.D. <mcn4@le.ac.uk>
Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk> -
________________________________ CONFIDENTIALITY NOTICE: This e-mail may contain information that is privileged, confidential or otherwise protected from disclosure. **If you are not the intended recipient of this e-mail, please notify the sender immediately by return e-mail, purge it and do not disseminate or copy it.
On 27 Feb 2015, at 11:57, Sherker, Donald <Donald.Sherker@mybrighthouse.com> wrote:
We are trying to setup a freeradius 3.0.7 server that uses EAP-PEAP and EAP-TTLS, both with MSCHAPv2. This server reads a users Cleartext-Password from an ldap server. In order to minimize the calls to the ldap server we are trying to use rlm_cache to cache the NT-Password and LM-Password so that when a user logs in after the initial log in freeradius does not need to query the ldap server.
Surely that means that when the password is changed the RADIUS server doesn't notice immediately?
We are only caching the entry for a couple hours. So yes there could be instances of the cache in radius not being synchronized with ldap.
If it's OpenLDAP use syncrepl to replicate to a local instance. Though honestly unless you really did something to break OpenLDAP it will be able to cope with the load. Switch to LMDB if you're not using it already. If it's AD you don't have access to the NT-Password anyway... If it's Novell you have access to the plaintext password, and I guess, yes, there you might want to cache it.
I have made this change, but the behavior is still the same.
Key's different? Tue Feb 24 16:32:57 2015 : Debug: (7) cache: No cache entry found for "andyresd022be6e8229" Tue Feb 24 16:34:57 2015 : Debug: (8) cache: No cache entry found for "qaresdonE8-99-C4-72-33-D8" Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
We are trying to setup a freeradius 3.0.7 server that uses
EAP-PEAP and EAP-TTLS, both with MSCHAPv2. This server reads a users Cleartext-Password from an ldap server. In order to minimize the calls to the ldap server we are trying to use rlm_cache to cache the NT-Password and LM-Password so that when a user logs in after the initial log in freeradius does not need to query the ldap server.
Surely that means that when the password is changed the RADIUS server doesn't notice immediately?
We are only caching the entry for a couple hours. So yes there could be instances of the cache in radius not being >synchronized with ldap.
If it's OpenLDAP use syncrepl to replicate to a local instance. Though honestly unless you really did something to >break OpenLDAP it will be able to cope with the load. Switch to LMDB if you're not using it already.
If it's AD you don't have access to the NT-Password anyway...
If it's Novell you have access to the plaintext password, and I guess, yes, there you might want to cache it.
We are using Novell eDirectory
I have made this change, but the behavior is still the same.
Key's different?
Tue Feb 24 16:32:57 2015 : Debug: (7) cache: No cache entry found for "andyresd022be6e8229" Tue Feb 24 16:34:57 2015 : Debug: (8) cache: No cache entry found for "qaresdonE8-99-C4-72-33-D8"
We are using the username and client mac address for the key. One of the entries was my device and the other was a coworker with a different device. I can duplicate this with my device by changing between PEAP and TTLS.
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
________________________________ CONFIDENTIALITY NOTICE: This e-mail may contain information that is privileged, confidential or otherwise protected from disclosure. **If you are not the intended recipient of this e-mail, please notify the sender immediately by return e-mail, purge it and do not disseminate or copy it.
On 27 Feb 2015, at 12:34, Sherker, Donald <Donald.Sherker@mybrighthouse.com> wrote:
We are trying to setup a freeradius 3.0.7 server that uses
EAP-PEAP and EAP-TTLS, both with MSCHAPv2. This server reads a users Cleartext-Password from an ldap server. In order to minimize the calls to the ldap server we are trying to use rlm_cache to cache the NT-Password and LM-Password so that when a user logs in after the initial log in freeradius does not need to query the ldap server.
Surely that means that when the password is changed the RADIUS server doesn't notice immediately?
We are only caching the entry for a couple hours. So yes there could be instances of the cache in radius not being >synchronized with ldap.
If it's OpenLDAP use syncrepl to replicate to a local instance. Though honestly unless you really did something to >break OpenLDAP it will be able to cope with the load. Switch to LMDB if you're not using it already.
If it's AD you don't have access to the NT-Password anyway...
If it's Novell you have access to the plaintext password, and I guess, yes, there you might want to cache it.
We are using Novell eDirectory
I have made this change, but the behavior is still the same.
Key's different?
Tue Feb 24 16:32:57 2015 : Debug: (7) cache: No cache entry found for "andyresd022be6e8229" Tue Feb 24 16:34:57 2015 : Debug: (8) cache: No cache entry found for "qaresdonE8-99-C4-72-33-D8"
We are using the username and client mac address for the key. One of the entries was my device and the other was a coworker with a different device. I can duplicate this with my device by changing between PEAP and TTLS.
Then the debug output you provided is useless? You need to show two attempts with the same user, so we can see what's happening on the second attempt. Also, it's PEAP, why not just enable Session-Resumption? -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
Then the debug output you provided is useless?
You need to show two attempts with the same user, so we can see what's happening on the second attempt.
I apologize for that. I have included the debug outputs at the bottom of this message for the same user from the same device. The only difference is EAP-PEAP vs EAP-TTLS.
Also, it's PEAP, why not just enable Session-Resumption?
We were working on Session-Resumption or rlm_cache. We were not able to get Session-Resumption working, but we were having some luck with rlm_cache so we moved forward in that direction.
-Arran
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
EAP-TTLS: Fri Feb 27 11:47:46 2015 : Debug: (0) Received Access-Request Id 216 from 24.94.145.173:50154 to 71.46.62.133:1812 length 180 Fri Feb 27 11:47:46 2015 : Debug: (0) User-Name = 'qaresdon' Fri Feb 27 11:47:46 2015 : Debug: (0) NAS-IP-Address = 24.94.145.173 Fri Feb 27 11:47:46 2015 : Debug: (0) NAS-Identifier = 'Ericsson' Fri Feb 27 11:47:46 2015 : Debug: (0) Called-Station-Id = '000d67218560:BHN_E_Secure' Fri Feb 27 11:47:46 2015 : Debug: (0) NAS-Port-Type = Wireless-802.11 Fri Feb 27 11:47:46 2015 : Debug: (0) NAS-Port = 0 Fri Feb 27 11:47:46 2015 : Debug: (0) Calling-Station-Id = 'e899c47233d8' Fri Feb 27 11:47:46 2015 : Debug: (0) Connect-Info = 'CONNECT 0Mbps 802.11b' Fri Feb 27 11:47:46 2015 : Debug: (0) Acct-Session-Id = '54ECEF48-00000184' Fri Feb 27 11:47:46 2015 : Debug: (0) Framed-MTU = 1400 Fri Feb 27 11:47:46 2015 : Debug: (0) EAP-Message = 0x020f000d017161726573646f6e Fri Feb 27 11:47:46 2015 : Debug: (0) Message-Authenticator = 0x352ef6f51334f1be3f498321a4e4049a Fri Feb 27 11:47:46 2015 : Debug: (0) session-state: No State attribute Fri Feb 27 11:47:46 2015 : Debug: (0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:47:46 2015 : Debug: (0) authorize { Fri Feb 27 11:47:46 2015 : Debug: (0) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Fri Feb 27 11:47:46 2015 : Debug: (0) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Fri Feb 27 11:47:46 2015 : Debug: (0) [preprocess] = ok Fri Feb 27 11:47:46 2015 : Debug: (0) modsingle[authorize]: calling chap (rlm_chap) for request 0 Fri Feb 27 11:47:46 2015 : Debug: (0) modsingle[authorize]: returned from chap (rlm_chap) for request 0 Fri Feb 27 11:47:46 2015 : Debug: (0) [chap] = noop Fri Feb 27 11:47:46 2015 : Debug: (0) modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Fri Feb 27 11:47:46 2015 : Debug: (0) modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Fri Feb 27 11:47:46 2015 : Debug: (0) [mschap] = noop Fri Feb 27 11:47:46 2015 : Debug: (0) modsingle[authorize]: calling digest (rlm_digest) for request 0 Fri Feb 27 11:47:46 2015 : Debug: (0) modsingle[authorize]: returned from digest (rlm_digest) for request 0 Fri Feb 27 11:47:46 2015 : Debug: (0) [digest] = noop Fri Feb 27 11:47:46 2015 : Debug: (0) modsingle[authorize]: calling suffix (rlm_realm) for request 0 Fri Feb 27 11:47:46 2015 : Debug: (0) suffix: Checking for suffix after "@" Fri Feb 27 11:47:46 2015 : Debug: (0) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL Fri Feb 27 11:47:46 2015 : Debug: (0) suffix: No such realm "NULL" Fri Feb 27 11:47:46 2015 : Debug: (0) modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Fri Feb 27 11:47:46 2015 : Debug: (0) [suffix] = noop Fri Feb 27 11:47:46 2015 : Debug: (0) modsingle[authorize]: calling eap (rlm_eap) for request 0 Fri Feb 27 11:47:46 2015 : Debug: (0) eap: Peer sent code Response (2) ID 15 length 13 Fri Feb 27 11:47:46 2015 : Debug: (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize Fri Feb 27 11:47:46 2015 : Debug: (0) modsingle[authorize]: returned from eap (rlm_eap) for request 0 Fri Feb 27 11:47:46 2015 : Debug: (0) [eap] = ok Fri Feb 27 11:47:46 2015 : Debug: (0) } # authorize = ok Fri Feb 27 11:47:46 2015 : Debug: (0) Found Auth-Type = EAP Fri Feb 27 11:47:46 2015 : Debug: (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:47:46 2015 : Debug: (0) authenticate { Fri Feb 27 11:47:46 2015 : Debug: (0) modsingle[authenticate]: calling eap (rlm_eap) for request 0 Fri Feb 27 11:47:46 2015 : Debug: (0) eap: Peer sent method Identity (1) Fri Feb 27 11:47:46 2015 : Debug: (0) eap: Calling eap_peap to process EAP data Fri Feb 27 11:47:46 2015 : Debug: (0) eap_peap: Initiate Fri Feb 27 11:47:46 2015 : Debug: (0) eap_peap: Start returned 1 Fri Feb 27 11:47:46 2015 : Debug: (0) eap: EAP session adding &reply:State = 0x204f2982205f3066 Fri Feb 27 11:47:46 2015 : Debug: (0) modsingle[authenticate]: returned from eap (rlm_eap) for request 0 Fri Feb 27 11:47:46 2015 : Debug: (0) [eap] = handled Fri Feb 27 11:47:46 2015 : Debug: (0) } # authenticate = handled Fri Feb 27 11:47:46 2015 : Debug: (0) session-state: Nothing to cache Fri Feb 27 11:47:46 2015 : Debug: (0) Sent Access-Challenge Id 216 from 71.46.62.133:1812 to 24.94.145.173:50154 length 64 Fri Feb 27 11:47:46 2015 : Debug: (0) EAP-Message = 0x011000061920 Fri Feb 27 11:47:46 2015 : Debug: (0) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:47:46 2015 : Debug: (0) State = 0x204f2982205f30668c4bee58afd4d0c1 Fri Feb 27 11:47:46 2015 : Debug: (0) Finished request Fri Feb 27 11:47:46 2015 : Debug: Waking up in 0.3 seconds. Fri Feb 27 11:47:46 2015 : Debug: (1) Received Access-Request Id 217 from 24.94.145.173:50154 to 71.46.62.133:1812 length 191 Fri Feb 27 11:47:46 2015 : Debug: (1) User-Name = 'qaresdon' Fri Feb 27 11:47:46 2015 : Debug: (1) NAS-IP-Address = 24.94.145.173 Fri Feb 27 11:47:46 2015 : Debug: (1) NAS-Identifier = 'Ericsson' Fri Feb 27 11:47:46 2015 : Debug: (1) Called-Station-Id = '000d67218560:BHN_E_Secure' Fri Feb 27 11:47:46 2015 : Debug: (1) NAS-Port-Type = Wireless-802.11 Fri Feb 27 11:47:46 2015 : Debug: (1) NAS-Port = 0 Fri Feb 27 11:47:46 2015 : Debug: (1) Calling-Station-Id = 'e899c47233d8' Fri Feb 27 11:47:46 2015 : Debug: (1) Connect-Info = 'CONNECT 0Mbps 802.11b' Fri Feb 27 11:47:46 2015 : Debug: (1) Acct-Session-Id = '54ECEF48-00000184' Fri Feb 27 11:47:46 2015 : Debug: (1) Framed-MTU = 1400 Fri Feb 27 11:47:46 2015 : Debug: (1) EAP-Message = 0x021000060315 Fri Feb 27 11:47:46 2015 : Debug: (1) State = 0x204f2982205f30668c4bee58afd4d0c1 Fri Feb 27 11:47:46 2015 : Debug: (1) Message-Authenticator = 0x350ae249e135c3b369ec550f08d32733 Fri Feb 27 11:47:46 2015 : Debug: (1) session-state: No cached attributes Fri Feb 27 11:47:46 2015 : Debug: (1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:47:46 2015 : Debug: (1) authorize { Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) [preprocess] = ok Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: calling chap (rlm_chap) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: returned from chap (rlm_chap) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) [chap] = noop Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: calling mschap (rlm_mschap) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: returned from mschap (rlm_mschap) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) [mschap] = noop Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: calling digest (rlm_digest) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: returned from digest (rlm_digest) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) [digest] = noop Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: calling suffix (rlm_realm) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) suffix: Checking for suffix after "@" Fri Feb 27 11:47:46 2015 : Debug: (1) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL Fri Feb 27 11:47:46 2015 : Debug: (1) suffix: No such realm "NULL" Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: returned from suffix (rlm_realm) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) [suffix] = noop Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: calling eap (rlm_eap) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) eap: Peer sent code Response (2) ID 16 length 6 Fri Feb 27 11:47:46 2015 : Debug: (1) eap: No EAP Start, assuming it's an on-going EAP conversation Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: returned from eap (rlm_eap) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) [eap] = updated Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: calling files (rlm_files) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: returned from files (rlm_files) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) [files] = noop Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: calling ldap (rlm_ldap) for request 1 Fri Feb 27 11:47:46 2015 : Debug: rlm_ldap (ldap): Reserved connection (4) Fri Feb 27 11:47:46 2015 : Debug: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) Fri Feb 27 11:47:46 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:47:46 2015 : Debug: literal --> (uid= Fri Feb 27 11:47:46 2015 : Debug: if { Fri Feb 27 11:47:46 2015 : Debug: attribute --> Stripped-User-Name Fri Feb 27 11:47:46 2015 : Debug: } Fri Feb 27 11:47:46 2015 : Debug: else { Fri Feb 27 11:47:46 2015 : Debug: attribute --> User-Name Fri Feb 27 11:47:46 2015 : Debug: } Fri Feb 27 11:47:46 2015 : Debug: literal --> ) Fri Feb 27 11:47:46 2015 : Debug: (1) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) Fri Feb 27 11:47:46 2015 : Debug: (1) ldap: --> (uid=qaresdon) Fri Feb 27 11:47:46 2015 : Debug: ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:47:46 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:47:46 2015 : Debug: literal --> ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:47:46 2015 : Debug: (1) ldap: EXPAND ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:47:46 2015 : Debug: (1) ldap: --> ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:47:46 2015 : Debug: (1) ldap: Performing search in 'ou=Customers,dc=brighthouse,dc=com' with filter '(uid=qaresdon)', scope 'sub' Fri Feb 27 11:47:46 2015 : Debug: (1) ldap: Waiting for search result... Fri Feb 27 11:47:46 2015 : Debug: (1) ldap: User object found at DN "rrCustomerID=A6398B1D-9057-4873-B13F-E41B1808B52A,ou=18,ou=Customers,dc=brighthouse,dc=com" Fri Feb 27 11:47:46 2015 : Debug: (1) ldap: Added eDirectory password. control:Cleartext-Password += 'xxxxxxxxx' Fri Feb 27 11:47:46 2015 : Debug: rlm_ldap (ldap): Released connection (4) Fri Feb 27 11:47:46 2015 : Info: rlm_ldap (ldap): Closing connection (0), from 1 unused connections Fri Feb 27 11:47:46 2015 : Debug: rlm_ldap: Closing libldap handle 0x1ae5a40 Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: returned from ldap (rlm_ldap) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) [ldap] = ok Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: calling expiration (rlm_expiration) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: returned from expiration (rlm_expiration) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) [expiration] = noop Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: calling logintime (rlm_logintime) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: returned from logintime (rlm_logintime) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) [logintime] = noop Fri Feb 27 11:47:46 2015 : Debug: (1) } # authorize = updated Fri Feb 27 11:47:46 2015 : Debug: (1) Found Auth-Type = EAP Fri Feb 27 11:47:46 2015 : Debug: (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:47:46 2015 : Debug: (1) authenticate { Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authenticate]: calling eap (rlm_eap) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) eap: Expiring EAP session with state 0x204f2982205f3066 Fri Feb 27 11:47:46 2015 : Debug: (1) eap: Finished EAP session with state 0x204f2982205f3066 Fri Feb 27 11:47:46 2015 : Debug: (1) eap: Previous EAP request found for state 0x204f2982205f3066, released from the list Fri Feb 27 11:47:46 2015 : Debug: (1) eap: Peer sent method NAK (3) Fri Feb 27 11:47:46 2015 : Debug: (1) eap: Found mutually acceptable type TTLS (21) Fri Feb 27 11:47:46 2015 : Debug: (1) eap: Calling eap_ttls to process EAP data Fri Feb 27 11:47:46 2015 : Debug: (1) eap_ttls: Initiate Fri Feb 27 11:47:46 2015 : Debug: (1) eap_ttls: Start returned 1 Fri Feb 27 11:47:46 2015 : Debug: (1) eap: EAP session adding &reply:State = 0x204f2982215e3c66 Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authenticate]: returned from eap (rlm_eap) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) [eap] = handled Fri Feb 27 11:47:46 2015 : Debug: (1) } # authenticate = handled Fri Feb 27 11:47:46 2015 : Debug: (1) session-state: Nothing to cache Fri Feb 27 11:47:46 2015 : Debug: (1) Sent Access-Challenge Id 217 from 71.46.62.133:1812 to 24.94.145.173:50154 length 64 Fri Feb 27 11:47:46 2015 : Debug: (1) EAP-Message = 0x011100061520 Fri Feb 27 11:47:46 2015 : Debug: (1) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:47:46 2015 : Debug: (1) State = 0x204f2982215e3c668c4bee58afd4d0c1 Fri Feb 27 11:47:46 2015 : Debug: (1) Finished request Fri Feb 27 11:47:46 2015 : Debug: Waking up in 0.2 seconds. Fri Feb 27 11:47:46 2015 : Debug: (2) Received Access-Request Id 218 from 24.94.145.173:50154 to 71.46.62.133:1812 length 381 Fri Feb 27 11:47:46 2015 : Debug: (2) User-Name = 'qaresdon' Fri Feb 27 11:47:46 2015 : Debug: (2) NAS-IP-Address = 24.94.145.173 Fri Feb 27 11:47:46 2015 : Debug: (2) NAS-Identifier = 'Ericsson' Fri Feb 27 11:47:46 2015 : Debug: (2) Called-Station-Id = '000d67218560:BHN_E_Secure' Fri Feb 27 11:47:46 2015 : Debug: (2) NAS-Port-Type = Wireless-802.11 Fri Feb 27 11:47:46 2015 : Debug: (2) NAS-Port = 0 Fri Feb 27 11:47:46 2015 : Debug: (2) Calling-Station-Id = 'e899c47233d8' Fri Feb 27 11:47:46 2015 : Debug: (2) Connect-Info = 'CONNECT 0Mbps 802.11b' Fri Feb 27 11:47:46 2015 : Debug: (2) Acct-Session-Id = '54ECEF48-00000184' Fri Feb 27 11:47:46 2015 : Debug: (2) Framed-MTU = 1400 Fri Feb 27 11:47:46 2015 : Debug: (2) EAP-Message = 0x021100c4150016030100b9010000b5030154f09fb17b997012a57293df71d3e04759962d8e6fb7d3341c14004b24e98f3d000048c014c00a00390038c00fc0050035c012c00800160013c00dc003000ac013c00900330032c00ec004002fc011c007c00cc0020005000400150012000900140011000800 Fri Feb 27 11:47:46 2015 : Debug: (2) State = 0x204f2982215e3c668c4bee58afd4d0c1 Fri Feb 27 11:47:46 2015 : Debug: (2) Message-Authenticator = 0xcfe4fe8da219ab3af3d6306699d9b87f Fri Feb 27 11:47:46 2015 : Debug: (2) session-state: No cached attributes Fri Feb 27 11:47:46 2015 : Debug: (2) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:47:46 2015 : Debug: (2) authorize { Fri Feb 27 11:47:46 2015 : Debug: (2) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 2 Fri Feb 27 11:47:46 2015 : Debug: (2) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 2 Fri Feb 27 11:47:46 2015 : Debug: (2) [preprocess] = ok Fri Feb 27 11:47:46 2015 : Debug: (2) modsingle[authorize]: calling chap (rlm_chap) for request 2 Fri Feb 27 11:47:46 2015 : Debug: (2) modsingle[authorize]: returned from chap (rlm_chap) for request 2 Fri Feb 27 11:47:46 2015 : Debug: (2) [chap] = noop Fri Feb 27 11:47:46 2015 : Debug: (2) modsingle[authorize]: calling mschap (rlm_mschap) for request 2 Fri Feb 27 11:47:46 2015 : Debug: (2) modsingle[authorize]: returned from mschap (rlm_mschap) for request 2 Fri Feb 27 11:47:46 2015 : Debug: (2) [mschap] = noop Fri Feb 27 11:47:46 2015 : Debug: (2) modsingle[authorize]: calling digest (rlm_digest) for request 2 Fri Feb 27 11:47:46 2015 : Debug: (2) modsingle[authorize]: returned from digest (rlm_digest) for request 2 Fri Feb 27 11:47:46 2015 : Debug: (2) [digest] = noop Fri Feb 27 11:47:46 2015 : Debug: (2) modsingle[authorize]: calling suffix (rlm_realm) for request 2 Fri Feb 27 11:47:46 2015 : Debug: (2) suffix: Checking for suffix after "@" Fri Feb 27 11:47:46 2015 : Debug: (2) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL Fri Feb 27 11:47:46 2015 : Debug: (2) suffix: No such realm "NULL" Fri Feb 27 11:47:46 2015 : Debug: (2) modsingle[authorize]: returned from suffix (rlm_realm) for request 2 Fri Feb 27 11:47:46 2015 : Debug: (2) [suffix] = noop Fri Feb 27 11:47:46 2015 : Debug: (2) modsingle[authorize]: calling eap (rlm_eap) for request 2 Fri Feb 27 11:47:46 2015 : Debug: (2) eap: Peer sent code Response (2) ID 17 length 196 Fri Feb 27 11:47:46 2015 : Debug: (2) eap: Continuing tunnel setup Fri Feb 27 11:47:46 2015 : Debug: (2) modsingle[authorize]: returned from eap (rlm_eap) for request 2 Fri Feb 27 11:47:46 2015 : Debug: (2) [eap] = ok Fri Feb 27 11:47:46 2015 : Debug: (2) } # authorize = ok Fri Feb 27 11:47:46 2015 : Debug: (2) Found Auth-Type = EAP Fri Feb 27 11:47:46 2015 : Debug: (2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:47:46 2015 : Debug: (2) authenticate { Fri Feb 27 11:47:46 2015 : Debug: (2) modsingle[authenticate]: calling eap (rlm_eap) for request 2 Fri Feb 27 11:47:46 2015 : Debug: (2) eap: Expiring EAP session with state 0x204f2982215e3c66 Fri Feb 27 11:47:46 2015 : Debug: (2) eap: Finished EAP session with state 0x204f2982215e3c66 Fri Feb 27 11:47:46 2015 : Debug: (2) eap: Previous EAP request found for state 0x204f2982215e3c66, released from the list Fri Feb 27 11:47:46 2015 : Debug: (2) eap: Peer sent method TTLS (21) Fri Feb 27 11:47:46 2015 : Debug: (2) eap: EAP TTLS (21) Fri Feb 27 11:47:46 2015 : Debug: (2) eap: Calling eap_ttls to process EAP data Fri Feb 27 11:47:46 2015 : Debug: (2) eap_ttls: Authenticate Fri Feb 27 11:47:46 2015 : Debug: (2) eap_ttls: processing EAP-TLS Fri Feb 27 11:47:46 2015 : Debug: (2) eap_ttls: eaptls_verify returned 7 Fri Feb 27 11:47:46 2015 : Debug: (2) eap_ttls: Done initial handshake Fri Feb 27 11:47:46 2015 : Debug: (2) eap_ttls: (other): before/accept initialization Fri Feb 27 11:47:46 2015 : Debug: (2) eap_ttls: TLS_accept: before/accept initialization Fri Feb 27 11:47:46 2015 : Debug: (2) eap_ttls: <<< TLS 1.0 Handshake [length 00b9], ClientHello Fri Feb 27 11:47:46 2015 : Debug: (2) eap_ttls: TLS_accept: SSLv3 read client hello A Fri Feb 27 11:47:46 2015 : Debug: (2) eap_ttls: >>> TLS 1.0 Handshake [length 0039], ServerHello Fri Feb 27 11:47:46 2015 : Debug: (2) eap_ttls: TLS_accept: SSLv3 write server hello A Fri Feb 27 11:47:46 2015 : Debug: (2) eap_ttls: >>> TLS 1.0 Handshake [length 0e58], Certificate Fri Feb 27 11:47:46 2015 : Debug: (2) eap_ttls: TLS_accept: SSLv3 write certificate A Fri Feb 27 11:47:46 2015 : Debug: (2) eap_ttls: >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange Fri Feb 27 11:47:46 2015 : Debug: (2) eap_ttls: TLS_accept: SSLv3 write key exchange A Fri Feb 27 11:47:46 2015 : Debug: (2) eap_ttls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone Fri Feb 27 11:47:46 2015 : Debug: (2) eap_ttls: TLS_accept: SSLv3 write server done A Fri Feb 27 11:47:46 2015 : Debug: (2) eap_ttls: TLS_accept: SSLv3 flush data Fri Feb 27 11:47:46 2015 : Debug: (2) eap_ttls: TLS_accept: Need to read more data: SSLv3 read client certificate A Fri Feb 27 11:47:46 2015 : Debug: (2) eap_ttls: TLS_accept: Need to read more data: SSLv3 read client certificate A Fri Feb 27 11:47:46 2015 : Debug: In SSL Handshake Phase Fri Feb 27 11:47:46 2015 : Debug: In SSL Accept mode Fri Feb 27 11:47:46 2015 : Debug: (2) eap_ttls: eaptls_process returned 13 Fri Feb 27 11:47:46 2015 : Debug: (2) eap: EAP session adding &reply:State = 0x204f2982225d3c66 Fri Feb 27 11:47:46 2015 : Debug: (2) modsingle[authenticate]: returned from eap (rlm_eap) for request 2 Fri Feb 27 11:47:46 2015 : Debug: (2) [eap] = handled Fri Feb 27 11:47:46 2015 : Debug: (2) } # authenticate = handled Fri Feb 27 11:47:46 2015 : Debug: (2) session-state: Nothing to cache Fri Feb 27 11:47:46 2015 : Debug: (2) Sent Access-Challenge Id 218 from 71.46.62.133:1812 to 24.94.145.173:50154 length 1448 Fri Feb 27 11:47:46 2015 : Debug: (2) EAP-Message = 0x0112056415c000000ff4160301003902000035030154f09fb2ceda632faec6aa1156d5c57b9496e8a50656460d50f4ece465c22dc800c01400000dff01000100000b0004030001021603010e580b000e54000e510005213082051d30820405a00302010202044c233c7e300d06092a864886f70d010105 Fri Feb 27 11:47:46 2015 : Debug: (2) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:47:46 2015 : Debug: (2) State = 0x204f2982225d3c668c4bee58afd4d0c1 Fri Feb 27 11:47:46 2015 : Debug: (2) Finished request Fri Feb 27 11:47:46 2015 : Debug: Waking up in 0.1 seconds. Fri Feb 27 11:47:46 2015 : Debug: (3) Received Access-Request Id 219 from 24.94.145.173:50154 to 71.46.62.133:1812 length 191 Fri Feb 27 11:47:46 2015 : Debug: (3) User-Name = 'qaresdon' Fri Feb 27 11:47:46 2015 : Debug: (3) NAS-IP-Address = 24.94.145.173 Fri Feb 27 11:47:46 2015 : Debug: (3) NAS-Identifier = 'Ericsson' Fri Feb 27 11:47:46 2015 : Debug: (3) Called-Station-Id = '000d67218560:BHN_E_Secure' Fri Feb 27 11:47:46 2015 : Debug: (3) NAS-Port-Type = Wireless-802.11 Fri Feb 27 11:47:46 2015 : Debug: (3) NAS-Port = 0 Fri Feb 27 11:47:46 2015 : Debug: (3) Calling-Station-Id = 'e899c47233d8' Fri Feb 27 11:47:46 2015 : Debug: (3) Connect-Info = 'CONNECT 0Mbps 802.11b' Fri Feb 27 11:47:46 2015 : Debug: (3) Acct-Session-Id = '54ECEF48-00000184' Fri Feb 27 11:47:46 2015 : Debug: (3) Framed-MTU = 1400 Fri Feb 27 11:47:46 2015 : Debug: (3) EAP-Message = 0x021200061500 Fri Feb 27 11:47:46 2015 : Debug: (3) State = 0x204f2982225d3c668c4bee58afd4d0c1 Fri Feb 27 11:47:46 2015 : Debug: (3) Message-Authenticator = 0x9f82c59ec923d84c532dccde8772cda2 Fri Feb 27 11:47:46 2015 : Debug: (3) session-state: No cached attributes Fri Feb 27 11:47:46 2015 : Debug: (3) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:47:46 2015 : Debug: (3) authorize { Fri Feb 27 11:47:46 2015 : Debug: (3) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 3 Fri Feb 27 11:47:46 2015 : Debug: (3) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 3 Fri Feb 27 11:47:46 2015 : Debug: (3) [preprocess] = ok Fri Feb 27 11:47:46 2015 : Debug: (3) modsingle[authorize]: calling chap (rlm_chap) for request 3 Fri Feb 27 11:47:46 2015 : Debug: (3) modsingle[authorize]: returned from chap (rlm_chap) for request 3 Fri Feb 27 11:47:46 2015 : Debug: (3) [chap] = noop Fri Feb 27 11:47:46 2015 : Debug: (3) modsingle[authorize]: calling mschap (rlm_mschap) for request 3 Fri Feb 27 11:47:46 2015 : Debug: (3) modsingle[authorize]: returned from mschap (rlm_mschap) for request 3 Fri Feb 27 11:47:46 2015 : Debug: (3) [mschap] = noop Fri Feb 27 11:47:46 2015 : Debug: (3) modsingle[authorize]: calling digest (rlm_digest) for request 3 Fri Feb 27 11:47:46 2015 : Debug: (3) modsingle[authorize]: returned from digest (rlm_digest) for request 3 Fri Feb 27 11:47:46 2015 : Debug: (3) [digest] = noop Fri Feb 27 11:47:46 2015 : Debug: (3) modsingle[authorize]: calling suffix (rlm_realm) for request 3 Fri Feb 27 11:47:46 2015 : Debug: (3) suffix: Checking for suffix after "@" Fri Feb 27 11:47:46 2015 : Debug: (3) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL Fri Feb 27 11:47:46 2015 : Debug: (3) suffix: No such realm "NULL" Fri Feb 27 11:47:46 2015 : Debug: (3) modsingle[authorize]: returned from suffix (rlm_realm) for request 3 Fri Feb 27 11:47:46 2015 : Debug: (3) [suffix] = noop Fri Feb 27 11:47:46 2015 : Debug: (3) modsingle[authorize]: calling eap (rlm_eap) for request 3 Fri Feb 27 11:47:46 2015 : Debug: (3) eap: Peer sent code Response (2) ID 18 length 6 Fri Feb 27 11:47:46 2015 : Debug: (3) eap: Continuing tunnel setup Fri Feb 27 11:47:46 2015 : Debug: (3) modsingle[authorize]: returned from eap (rlm_eap) for request 3 Fri Feb 27 11:47:46 2015 : Debug: (3) [eap] = ok Fri Feb 27 11:47:46 2015 : Debug: (3) } # authorize = ok Fri Feb 27 11:47:46 2015 : Debug: (3) Found Auth-Type = EAP Fri Feb 27 11:47:46 2015 : Debug: (3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:47:46 2015 : Debug: (3) authenticate { Fri Feb 27 11:47:46 2015 : Debug: (3) modsingle[authenticate]: calling eap (rlm_eap) for request 3 Fri Feb 27 11:47:46 2015 : Debug: (3) eap: Expiring EAP session with state 0x204f2982225d3c66 Fri Feb 27 11:47:46 2015 : Debug: (3) eap: Finished EAP session with state 0x204f2982225d3c66 Fri Feb 27 11:47:46 2015 : Debug: (3) eap: Previous EAP request found for state 0x204f2982225d3c66, released from the list Fri Feb 27 11:47:46 2015 : Debug: (3) eap: Peer sent method TTLS (21) Fri Feb 27 11:47:46 2015 : Debug: (3) eap: EAP TTLS (21) Fri Feb 27 11:47:46 2015 : Debug: (3) eap: Calling eap_ttls to process EAP data Fri Feb 27 11:47:46 2015 : Debug: (3) eap_ttls: Authenticate Fri Feb 27 11:47:46 2015 : Debug: (3) eap_ttls: processing EAP-TLS Fri Feb 27 11:47:46 2015 : Debug: (3) eap_ttls: Received TLS ACK Fri Feb 27 11:47:46 2015 : Debug: (3) eap_ttls: Received TLS ACK Fri Feb 27 11:47:46 2015 : Debug: (3) eap_ttls: ACK handshake fragment handler Fri Feb 27 11:47:46 2015 : Debug: (3) eap_ttls: eaptls_verify returned 1 Fri Feb 27 11:47:46 2015 : Debug: (3) eap_ttls: eaptls_process returned 13 Fri Feb 27 11:47:46 2015 : Debug: (3) eap: EAP session adding &reply:State = 0x204f2982235c3c66 Fri Feb 27 11:47:46 2015 : Debug: (3) modsingle[authenticate]: returned from eap (rlm_eap) for request 3 Fri Feb 27 11:47:46 2015 : Debug: (3) [eap] = handled Fri Feb 27 11:47:46 2015 : Debug: (3) } # authenticate = handled Fri Feb 27 11:47:46 2015 : Debug: (3) session-state: Nothing to cache Fri Feb 27 11:47:46 2015 : Debug: (3) Sent Access-Challenge Id 219 from 71.46.62.133:1812 to 24.94.145.173:50154 length 1448 Fri Feb 27 11:47:46 2015 : Debug: (3) EAP-Message = 0x0113056415c000000ff4f3fa6ff051ec9a0730ea94aaa1596407296688590004f9308204f5308203dda00302010202044c0e8c39300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f Fri Feb 27 11:47:46 2015 : Debug: (3) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:47:46 2015 : Debug: (3) State = 0x204f2982235c3c668c4bee58afd4d0c1 Fri Feb 27 11:47:46 2015 : Debug: (3) Finished request Fri Feb 27 11:47:46 2015 : Debug: Waking up in 0.1 seconds. Fri Feb 27 11:47:46 2015 : Debug: (4) Received Access-Request Id 220 from 24.94.145.173:50154 to 71.46.62.133:1812 length 191 Fri Feb 27 11:47:46 2015 : Debug: (4) User-Name = 'qaresdon' Fri Feb 27 11:47:46 2015 : Debug: (4) NAS-IP-Address = 24.94.145.173 Fri Feb 27 11:47:46 2015 : Debug: (4) NAS-Identifier = 'Ericsson' Fri Feb 27 11:47:46 2015 : Debug: (4) Called-Station-Id = '000d67218560:BHN_E_Secure' Fri Feb 27 11:47:46 2015 : Debug: (4) NAS-Port-Type = Wireless-802.11 Fri Feb 27 11:47:46 2015 : Debug: (4) NAS-Port = 0 Fri Feb 27 11:47:46 2015 : Debug: (4) Calling-Station-Id = 'e899c47233d8' Fri Feb 27 11:47:46 2015 : Debug: (4) Connect-Info = 'CONNECT 0Mbps 802.11b' Fri Feb 27 11:47:46 2015 : Debug: (4) Acct-Session-Id = '54ECEF48-00000184' Fri Feb 27 11:47:46 2015 : Debug: (4) Framed-MTU = 1400 Fri Feb 27 11:47:46 2015 : Debug: (4) EAP-Message = 0x021300061500 Fri Feb 27 11:47:46 2015 : Debug: (4) State = 0x204f2982235c3c668c4bee58afd4d0c1 Fri Feb 27 11:47:46 2015 : Debug: (4) Message-Authenticator = 0x221e5e8b53095d686f4ad64ce74e85c2 Fri Feb 27 11:47:46 2015 : Debug: (4) session-state: No cached attributes Fri Feb 27 11:47:46 2015 : Debug: (4) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:47:46 2015 : Debug: (4) authorize { Fri Feb 27 11:47:46 2015 : Debug: (4) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 4 Fri Feb 27 11:47:46 2015 : Debug: (4) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 4 Fri Feb 27 11:47:46 2015 : Debug: (4) [preprocess] = ok Fri Feb 27 11:47:46 2015 : Debug: (4) modsingle[authorize]: calling chap (rlm_chap) for request 4 Fri Feb 27 11:47:46 2015 : Debug: (4) modsingle[authorize]: returned from chap (rlm_chap) for request 4 Fri Feb 27 11:47:46 2015 : Debug: (4) [chap] = noop Fri Feb 27 11:47:46 2015 : Debug: (4) modsingle[authorize]: calling mschap (rlm_mschap) for request 4 Fri Feb 27 11:47:46 2015 : Debug: (4) modsingle[authorize]: returned from mschap (rlm_mschap) for request 4 Fri Feb 27 11:47:46 2015 : Debug: (4) [mschap] = noop Fri Feb 27 11:47:46 2015 : Debug: (4) modsingle[authorize]: calling digest (rlm_digest) for request 4 Fri Feb 27 11:47:46 2015 : Debug: (4) modsingle[authorize]: returned from digest (rlm_digest) for request 4 Fri Feb 27 11:47:46 2015 : Debug: (4) [digest] = noop Fri Feb 27 11:47:46 2015 : Debug: (4) modsingle[authorize]: calling suffix (rlm_realm) for request 4 Fri Feb 27 11:47:46 2015 : Debug: (4) suffix: Checking for suffix after "@" Fri Feb 27 11:47:46 2015 : Debug: (4) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL Fri Feb 27 11:47:46 2015 : Debug: (4) suffix: No such realm "NULL" Fri Feb 27 11:47:46 2015 : Debug: (4) modsingle[authorize]: returned from suffix (rlm_realm) for request 4 Fri Feb 27 11:47:46 2015 : Debug: (4) [suffix] = noop Fri Feb 27 11:47:46 2015 : Debug: (4) modsingle[authorize]: calling eap (rlm_eap) for request 4 Fri Feb 27 11:47:46 2015 : Debug: (4) eap: Peer sent code Response (2) ID 19 length 6 Fri Feb 27 11:47:46 2015 : Debug: (4) eap: Continuing tunnel setup Fri Feb 27 11:47:46 2015 : Debug: (4) modsingle[authorize]: returned from eap (rlm_eap) for request 4 Fri Feb 27 11:47:46 2015 : Debug: (4) [eap] = ok Fri Feb 27 11:47:46 2015 : Debug: (4) } # authorize = ok Fri Feb 27 11:47:46 2015 : Debug: (4) Found Auth-Type = EAP Fri Feb 27 11:47:46 2015 : Debug: (4) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:47:46 2015 : Debug: (4) authenticate { Fri Feb 27 11:47:46 2015 : Debug: (4) modsingle[authenticate]: calling eap (rlm_eap) for request 4 Fri Feb 27 11:47:46 2015 : Debug: (4) eap: Expiring EAP session with state 0x204f2982235c3c66 Fri Feb 27 11:47:46 2015 : Debug: (4) eap: Finished EAP session with state 0x204f2982235c3c66 Fri Feb 27 11:47:46 2015 : Debug: (4) eap: Previous EAP request found for state 0x204f2982235c3c66, released from the list Fri Feb 27 11:47:46 2015 : Debug: (4) eap: Peer sent method TTLS (21) Fri Feb 27 11:47:46 2015 : Debug: (4) eap: EAP TTLS (21) Fri Feb 27 11:47:46 2015 : Debug: (4) eap: Calling eap_ttls to process EAP data Fri Feb 27 11:47:46 2015 : Debug: (4) eap_ttls: Authenticate Fri Feb 27 11:47:46 2015 : Debug: (4) eap_ttls: processing EAP-TLS Fri Feb 27 11:47:46 2015 : Debug: (4) eap_ttls: Received TLS ACK Fri Feb 27 11:47:46 2015 : Debug: (4) eap_ttls: Received TLS ACK Fri Feb 27 11:47:46 2015 : Debug: (4) eap_ttls: ACK handshake fragment handler Fri Feb 27 11:47:46 2015 : Debug: (4) eap_ttls: eaptls_verify returned 1 Fri Feb 27 11:47:46 2015 : Debug: (4) eap_ttls: eaptls_process returned 13 Fri Feb 27 11:47:46 2015 : Debug: (4) eap: EAP session adding &reply:State = 0x204f2982245b3c66 Fri Feb 27 11:47:46 2015 : Debug: (4) modsingle[authenticate]: returned from eap (rlm_eap) for request 4 Fri Feb 27 11:47:46 2015 : Debug: (4) [eap] = handled Fri Feb 27 11:47:46 2015 : Debug: (4) } # authenticate = handled Fri Feb 27 11:47:46 2015 : Debug: (4) session-state: Nothing to cache Fri Feb 27 11:47:46 2015 : Debug: (4) Sent Access-Challenge Id 220 from 71.46.62.133:1812 to 24.94.145.173:50154 length 1422 Fri Feb 27 11:47:46 2015 : Debug: (4) EAP-Message = 0x0114054a158000000ff477772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e747275 Fri Feb 27 11:47:46 2015 : Debug: (4) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:47:46 2015 : Debug: (4) State = 0x204f2982245b3c668c4bee58afd4d0c1 Fri Feb 27 11:47:46 2015 : Debug: (4) Finished request Fri Feb 27 11:47:47 2015 : Debug: Waking up in 4.3 seconds. Fri Feb 27 11:47:49 2015 : Debug: (5) Received Access-Request Id 221 from 24.94.145.173:50154 to 71.46.62.133:1812 length 325 Fri Feb 27 11:47:49 2015 : Debug: (5) User-Name = 'qaresdon' Fri Feb 27 11:47:49 2015 : Debug: (5) NAS-IP-Address = 24.94.145.173 Fri Feb 27 11:47:49 2015 : Debug: (5) NAS-Identifier = 'Ericsson' Fri Feb 27 11:47:49 2015 : Debug: (5) Called-Station-Id = '000d67218560:BHN_E_Secure' Fri Feb 27 11:47:49 2015 : Debug: (5) NAS-Port-Type = Wireless-802.11 Fri Feb 27 11:47:49 2015 : Debug: (5) NAS-Port = 0 Fri Feb 27 11:47:49 2015 : Debug: (5) Calling-Station-Id = 'e899c47233d8' Fri Feb 27 11:47:49 2015 : Debug: (5) Connect-Info = 'CONNECT 0Mbps 802.11b' Fri Feb 27 11:47:49 2015 : Debug: (5) Acct-Session-Id = '54ECEF48-00000184' Fri Feb 27 11:47:49 2015 : Debug: (5) Framed-MTU = 1400 Fri Feb 27 11:47:49 2015 : Debug: (5) EAP-Message = 0x0214008c15001603010046100000424104c6ff59ecbd2e7d5287728ef70866b5622324a3c64450e9a3ff59475a2400ba003a7234d0aacc3bf5d72f4eb3846c651b61c0a3409dc59f28f5285586e7103bff14030100010116030100303c7fda42cabf457d2cfaa6af65b6e309a9d52088b26654a81f15a1 Fri Feb 27 11:47:49 2015 : Debug: (5) State = 0x204f2982245b3c668c4bee58afd4d0c1 Fri Feb 27 11:47:49 2015 : Debug: (5) Message-Authenticator = 0x5837cbf7cda0a8f4f3f10d48fe2d6632 Fri Feb 27 11:47:49 2015 : Debug: (5) session-state: No cached attributes Fri Feb 27 11:47:49 2015 : Debug: (5) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:47:49 2015 : Debug: (5) authorize { Fri Feb 27 11:47:49 2015 : Debug: (5) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 5 Fri Feb 27 11:47:49 2015 : Debug: (5) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 5 Fri Feb 27 11:47:49 2015 : Debug: (5) [preprocess] = ok Fri Feb 27 11:47:49 2015 : Debug: (5) modsingle[authorize]: calling chap (rlm_chap) for request 5 Fri Feb 27 11:47:49 2015 : Debug: (5) modsingle[authorize]: returned from chap (rlm_chap) for request 5 Fri Feb 27 11:47:49 2015 : Debug: (5) [chap] = noop Fri Feb 27 11:47:49 2015 : Debug: (5) modsingle[authorize]: calling mschap (rlm_mschap) for request 5 Fri Feb 27 11:47:49 2015 : Debug: (5) modsingle[authorize]: returned from mschap (rlm_mschap) for request 5 Fri Feb 27 11:47:49 2015 : Debug: (5) [mschap] = noop Fri Feb 27 11:47:49 2015 : Debug: (5) modsingle[authorize]: calling digest (rlm_digest) for request 5 Fri Feb 27 11:47:49 2015 : Debug: (5) modsingle[authorize]: returned from digest (rlm_digest) for request 5 Fri Feb 27 11:47:49 2015 : Debug: (5) [digest] = noop Fri Feb 27 11:47:49 2015 : Debug: (5) modsingle[authorize]: calling suffix (rlm_realm) for request 5 Fri Feb 27 11:47:49 2015 : Debug: (5) suffix: Checking for suffix after "@" Fri Feb 27 11:47:49 2015 : Debug: (5) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL Fri Feb 27 11:47:49 2015 : Debug: (5) suffix: No such realm "NULL" Fri Feb 27 11:47:49 2015 : Debug: (5) modsingle[authorize]: returned from suffix (rlm_realm) for request 5 Fri Feb 27 11:47:49 2015 : Debug: (5) [suffix] = noop Fri Feb 27 11:47:49 2015 : Debug: (5) modsingle[authorize]: calling eap (rlm_eap) for request 5 Fri Feb 27 11:47:49 2015 : Debug: (5) eap: Peer sent code Response (2) ID 20 length 140 Fri Feb 27 11:47:49 2015 : Debug: (5) eap: Continuing tunnel setup Fri Feb 27 11:47:49 2015 : Debug: (5) modsingle[authorize]: returned from eap (rlm_eap) for request 5 Fri Feb 27 11:47:49 2015 : Debug: (5) [eap] = ok Fri Feb 27 11:47:49 2015 : Debug: (5) } # authorize = ok Fri Feb 27 11:47:49 2015 : Debug: (5) Found Auth-Type = EAP Fri Feb 27 11:47:49 2015 : Debug: (5) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:47:49 2015 : Debug: (5) authenticate { Fri Feb 27 11:47:49 2015 : Debug: (5) modsingle[authenticate]: calling eap (rlm_eap) for request 5 Fri Feb 27 11:47:49 2015 : Debug: (5) eap: Expiring EAP session with state 0x204f2982245b3c66 Fri Feb 27 11:47:49 2015 : Debug: (5) eap: Finished EAP session with state 0x204f2982245b3c66 Fri Feb 27 11:47:49 2015 : Debug: (5) eap: Previous EAP request found for state 0x204f2982245b3c66, released from the list Fri Feb 27 11:47:49 2015 : Debug: (5) eap: Peer sent method TTLS (21) Fri Feb 27 11:47:49 2015 : Debug: (5) eap: EAP TTLS (21) Fri Feb 27 11:47:49 2015 : Debug: (5) eap: Calling eap_ttls to process EAP data Fri Feb 27 11:47:49 2015 : Debug: (5) eap_ttls: Authenticate Fri Feb 27 11:47:49 2015 : Debug: (5) eap_ttls: processing EAP-TLS Fri Feb 27 11:47:49 2015 : Debug: (5) eap_ttls: eaptls_verify returned 7 Fri Feb 27 11:47:49 2015 : Debug: (5) eap_ttls: Done initial handshake Fri Feb 27 11:47:49 2015 : Debug: (5) eap_ttls: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange Fri Feb 27 11:47:49 2015 : Debug: (5) eap_ttls: TLS_accept: SSLv3 read client key exchange A Fri Feb 27 11:47:49 2015 : Debug: (5) eap_ttls: <<< TLS 1.0 ChangeCipherSpec [length 0001] Fri Feb 27 11:47:49 2015 : Debug: (5) eap_ttls: <<< TLS 1.0 Handshake [length 0010], Finished Fri Feb 27 11:47:49 2015 : Debug: (5) eap_ttls: TLS_accept: SSLv3 read finished A Fri Feb 27 11:47:49 2015 : Debug: (5) eap_ttls: >>> TLS 1.0 ChangeCipherSpec [length 0001] Fri Feb 27 11:47:49 2015 : Debug: (5) eap_ttls: TLS_accept: SSLv3 write change cipher spec A Fri Feb 27 11:47:49 2015 : Debug: (5) eap_ttls: >>> TLS 1.0 Handshake [length 0010], Finished Fri Feb 27 11:47:49 2015 : Debug: (5) eap_ttls: TLS_accept: SSLv3 write finished A Fri Feb 27 11:47:49 2015 : Debug: (5) eap_ttls: TLS_accept: SSLv3 flush data Fri Feb 27 11:47:49 2015 : Debug: (5) eap_ttls: (other): SSL negotiation finished successfully Fri Feb 27 11:47:49 2015 : Debug: SSL Connection Established Fri Feb 27 11:47:49 2015 : Debug: (5) eap_ttls: eaptls_process returned 13 Fri Feb 27 11:47:49 2015 : Debug: (5) eap: EAP session adding &reply:State = 0x204f2982255a3c66 Fri Feb 27 11:47:49 2015 : Debug: (5) modsingle[authenticate]: returned from eap (rlm_eap) for request 5 Fri Feb 27 11:47:49 2015 : Debug: (5) [eap] = handled Fri Feb 27 11:47:49 2015 : Debug: (5) } # authenticate = handled Fri Feb 27 11:47:49 2015 : Debug: (5) session-state: Nothing to cache Fri Feb 27 11:47:49 2015 : Debug: (5) Sent Access-Challenge Id 221 from 71.46.62.133:1812 to 24.94.145.173:50154 length 127 Fri Feb 27 11:47:49 2015 : Debug: (5) EAP-Message = 0x0115004515800000003b1403010001011603010030ef1a9168c18bbdb7d8d81ec8a81430a71efb715f74b6d18e99232e5e6b8ca2e4d1292a643cd105a8b9ef62cb17f8c99f Fri Feb 27 11:47:49 2015 : Debug: (5) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:47:49 2015 : Debug: (5) State = 0x204f2982255a3c668c4bee58afd4d0c1 Fri Feb 27 11:47:49 2015 : Debug: (5) Finished request Fri Feb 27 11:47:49 2015 : Debug: Waking up in 0.3 seconds. Fri Feb 27 11:47:49 2015 : Debug: (6) Received Access-Request Id 222 from 24.94.145.173:50154 to 71.46.62.133:1812 length 377 Fri Feb 27 11:47:49 2015 : Debug: (6) User-Name = 'qaresdon' Fri Feb 27 11:47:49 2015 : Debug: (6) NAS-IP-Address = 24.94.145.173 Fri Feb 27 11:47:49 2015 : Debug: (6) NAS-Identifier = 'Ericsson' Fri Feb 27 11:47:49 2015 : Debug: (6) Called-Station-Id = '000d67218560:BHN_E_Secure' Fri Feb 27 11:47:49 2015 : Debug: (6) NAS-Port-Type = Wireless-802.11 Fri Feb 27 11:47:49 2015 : Debug: (6) NAS-Port = 0 Fri Feb 27 11:47:49 2015 : Debug: (6) Calling-Station-Id = 'e899c47233d8' Fri Feb 27 11:47:49 2015 : Debug: (6) Connect-Info = 'CONNECT 0Mbps 802.11b' Fri Feb 27 11:47:49 2015 : Debug: (6) Acct-Session-Id = '54ECEF48-00000184' Fri Feb 27 11:47:49 2015 : Debug: (6) Framed-MTU = 1400 Fri Feb 27 11:47:49 2015 : Debug: (6) EAP-Message = 0x021500c015001703010020a89138440256e2daa07ded2d3ec034263809105ea0b2322343fe6f14b0a0294617030100903fd34fa6097117766f7ec9f7faed812457ea0d521469fdca2a6a6377b57157efd3670ebfa59d368a24a50b44e7d84e1fa3546290cc17e64d1c0fdc15621209a0be2b10c91f6dff Fri Feb 27 11:47:49 2015 : Debug: (6) State = 0x204f2982255a3c668c4bee58afd4d0c1 Fri Feb 27 11:47:49 2015 : Debug: (6) Message-Authenticator = 0xd55d3ec1b632d97371ff5c039c111f5d Fri Feb 27 11:47:49 2015 : Debug: (6) session-state: No cached attributes Fri Feb 27 11:47:49 2015 : Debug: (6) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:47:49 2015 : Debug: (6) authorize { Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) [preprocess] = ok Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: calling chap (rlm_chap) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: returned from chap (rlm_chap) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) [chap] = noop Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: calling mschap (rlm_mschap) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: returned from mschap (rlm_mschap) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) [mschap] = noop Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: calling digest (rlm_digest) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: returned from digest (rlm_digest) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) [digest] = noop Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: calling suffix (rlm_realm) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) suffix: Checking for suffix after "@" Fri Feb 27 11:47:49 2015 : Debug: (6) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL Fri Feb 27 11:47:49 2015 : Debug: (6) suffix: No such realm "NULL" Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: returned from suffix (rlm_realm) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) [suffix] = noop Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: calling eap (rlm_eap) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) eap: Peer sent code Response (2) ID 21 length 192 Fri Feb 27 11:47:49 2015 : Debug: (6) eap: Continuing tunnel setup Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: returned from eap (rlm_eap) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) [eap] = ok Fri Feb 27 11:47:49 2015 : Debug: (6) } # authorize = ok Fri Feb 27 11:47:49 2015 : Debug: (6) Found Auth-Type = EAP Fri Feb 27 11:47:49 2015 : Debug: (6) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:47:49 2015 : Debug: (6) authenticate { Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authenticate]: calling eap (rlm_eap) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) eap: Expiring EAP session with state 0x204f2982255a3c66 Fri Feb 27 11:47:49 2015 : Debug: (6) eap: Finished EAP session with state 0x204f2982255a3c66 Fri Feb 27 11:47:49 2015 : Debug: (6) eap: Previous EAP request found for state 0x204f2982255a3c66, released from the list Fri Feb 27 11:47:49 2015 : Debug: (6) eap: Peer sent method TTLS (21) Fri Feb 27 11:47:49 2015 : Debug: (6) eap: EAP TTLS (21) Fri Feb 27 11:47:49 2015 : Debug: (6) eap: Calling eap_ttls to process EAP data Fri Feb 27 11:47:49 2015 : Debug: (6) eap_ttls: Authenticate Fri Feb 27 11:47:49 2015 : Debug: (6) eap_ttls: processing EAP-TLS Fri Feb 27 11:47:49 2015 : Debug: (6) eap_ttls: eaptls_verify returned 7 Fri Feb 27 11:47:49 2015 : Debug: (6) eap_ttls: Done initial handshake Fri Feb 27 11:47:49 2015 : Debug: (6) eap_ttls: eaptls_process returned 7 Fri Feb 27 11:47:49 2015 : Debug: (6) eap_ttls: Session established. Proceeding to decode tunneled attributes Fri Feb 27 11:47:49 2015 : Debug: (6) eap_ttls: Got tunneled request Fri Feb 27 11:47:49 2015 : Debug: (6) eap_ttls: User-Name = 'qaresdon' Fri Feb 27 11:47:49 2015 : Debug: (6) eap_ttls: MS-CHAP-Challenge = 0xaf2fdf5314c6b2d4080496ccd142e6e1 Fri Feb 27 11:47:49 2015 : Debug: (6) eap_ttls: MS-CHAP2-Response = 0xd2001d385400b1d0f0200000002b00000057000000000000000066eec45b7cacf02aff803f58e135eecfd4655da4e2ee2efe Fri Feb 27 11:47:49 2015 : Debug: (6) eap_ttls: Sending tunneled request Fri Feb 27 11:47:49 2015 : Debug: (6) Virtual server received request Fri Feb 27 11:47:49 2015 : Debug: (6) User-Name = 'qaresdon' Fri Feb 27 11:47:49 2015 : Debug: (6) MS-CHAP-Challenge = 0xaf2fdf5314c6b2d4080496ccd142e6e1 Fri Feb 27 11:47:49 2015 : Debug: (6) MS-CHAP2-Response = 0xd2001d385400b1d0f0200000002b00000057000000000000000066eec45b7cacf02aff803f58e135eecfd4655da4e2ee2efe Fri Feb 27 11:47:49 2015 : Debug: (6) server inner-tunnel { Fri Feb 27 11:47:49 2015 : Debug: (6) session-state: No State attribute Fri Feb 27 11:47:49 2015 : Debug: (6) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Feb 27 11:47:49 2015 : Debug: (6) authorize { Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: calling suffix (rlm_realm) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) suffix: Checking for suffix after "@" Fri Feb 27 11:47:49 2015 : Debug: (6) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL Fri Feb 27 11:47:49 2015 : Debug: (6) suffix: No such realm "NULL" Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: returned from suffix (rlm_realm) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) [suffix] = noop Fri Feb 27 11:47:49 2015 : Debug: (6) update control { Fri Feb 27 11:47:49 2015 : Debug: (6) &Proxy-To-Realm := 'LOCAL' Fri Feb 27 11:47:49 2015 : Debug: (6) } # update control = noop Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: calling files (rlm_files) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: returned from files (rlm_files) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) [files] = noop Fri Feb 27 11:47:49 2015 : Debug: (6) update control { Fri Feb 27 11:47:49 2015 : Debug: (6) Cache-Status-Only = yes Fri Feb 27 11:47:49 2015 : Debug: (6) } # update control = noop Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: calling cache (rlm_cache) for request 6 Fri Feb 27 11:47:49 2015 : Debug: %{User-Name}%{outer.request:Calling-Station-Id} Fri Feb 27 11:47:49 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:47:49 2015 : Debug: attribute --> User-Name Fri Feb 27 11:47:49 2015 : Debug: attribute --> Calling-Station-Id Fri Feb 27 11:47:49 2015 : Debug: (6) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id} Fri Feb 27 11:47:49 2015 : Debug: (6) cache: --> qaresdone899c47233d8 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Mutex acquired Fri Feb 27 11:47:49 2015 : Debug: (6) cache: No cache entry found for "qaresdone899c47233d8" Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Mutex released Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: returned from cache (rlm_cache) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) [cache] = notfound Fri Feb 27 11:47:49 2015 : Debug: (6) if (notfound) { Fri Feb 27 11:47:49 2015 : Debug: (6) if (notfound) -> TRUE Fri Feb 27 11:47:49 2015 : Debug: (6) if (notfound) { Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: calling ldap (rlm_ldap) for request 6 Fri Feb 27 11:47:49 2015 : Debug: rlm_ldap (ldap): Reserved connection (4) Fri Feb 27 11:47:49 2015 : Debug: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) Fri Feb 27 11:47:49 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:47:49 2015 : Debug: literal --> (uid= Fri Feb 27 11:47:49 2015 : Debug: if { Fri Feb 27 11:47:49 2015 : Debug: attribute --> Stripped-User-Name Fri Feb 27 11:47:49 2015 : Debug: } Fri Feb 27 11:47:49 2015 : Debug: else { Fri Feb 27 11:47:49 2015 : Debug: attribute --> User-Name Fri Feb 27 11:47:49 2015 : Debug: } Fri Feb 27 11:47:49 2015 : Debug: literal --> ) Fri Feb 27 11:47:49 2015 : Debug: (6) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) Fri Feb 27 11:47:49 2015 : Debug: (6) ldap: --> (uid=qaresdon) Fri Feb 27 11:47:49 2015 : Debug: ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:47:49 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:47:49 2015 : Debug: literal --> ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:47:49 2015 : Debug: (6) ldap: EXPAND ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:47:49 2015 : Debug: (6) ldap: --> ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:47:49 2015 : Debug: (6) ldap: Performing search in 'ou=Customers,dc=brighthouse,dc=com' with filter '(uid=qaresdon)', scope 'sub' Fri Feb 27 11:47:49 2015 : Debug: (6) ldap: Waiting for search result... Fri Feb 27 11:47:49 2015 : Debug: (6) ldap: User object found at DN "rrCustomerID=A6398B1D-9057-4873-B13F-E41B1808B52A,ou=18,ou=Customers,dc=brighthouse,dc=com" Fri Feb 27 11:47:49 2015 : Debug: (6) ldap: Added eDirectory password. control:Cleartext-Password += 'xxxxxxxxx' Fri Feb 27 11:47:49 2015 : Debug: rlm_ldap (ldap): Released connection (4) Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: returned from ldap (rlm_ldap) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) [ldap] = ok Fri Feb 27 11:47:49 2015 : Debug: (6) } # if (notfound) = ok Fri Feb 27 11:47:49 2015 : Debug: (6) ... skipping else for request 6: Preceding "if" was taken Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: calling eap (rlm_eap) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) eap: No EAP-Message, not doing EAP Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: returned from eap (rlm_eap) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) [eap] = noop Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: calling mschap (rlm_mschap) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap' Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: returned from mschap (rlm_mschap) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) [mschap] = ok Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: calling expiration (rlm_expiration) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: returned from expiration (rlm_expiration) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) [expiration] = noop Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: calling logintime (rlm_logintime) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: returned from logintime (rlm_logintime) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) [logintime] = noop Fri Feb 27 11:47:49 2015 : Debug: (6) } # authorize = ok Fri Feb 27 11:47:49 2015 : Debug: (6) Found Auth-Type = MSCHAP Fri Feb 27 11:47:49 2015 : Debug: (6) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Feb 27 11:47:49 2015 : Debug: (6) Auth-Type MS-CHAP { Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authenticate]: calling mschap (rlm_mschap) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) mschap: Found Cleartext-Password, hashing to create NT-Password Fri Feb 27 11:47:49 2015 : Debug: (6) mschap: Found Cleartext-Password, hashing to create LM-Password Fri Feb 27 11:47:49 2015 : Debug: (6) mschap: Creating challenge hash with username: qaresdon Fri Feb 27 11:47:49 2015 : Debug: (6) mschap: Client is using MS-CHAPv2 Fri Feb 27 11:47:49 2015 : Debug: (6) mschap: Adding MS-CHAPv2 MPPE keys Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authenticate]: returned from mschap (rlm_mschap) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) [mschap] = ok Fri Feb 27 11:47:49 2015 : Debug: (6) } # Auth-Type MS-CHAP = ok Fri Feb 27 11:47:49 2015 : Debug: (6) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Feb 27 11:47:49 2015 : Debug: (6) post-auth { Fri Feb 27 11:47:49 2015 : Debug: (6) policy cui-inner.post-auth { Fri Feb 27 11:47:49 2015 : Debug: (6) if (&outer.request:Chargeable-User-Identity && (&outer.request:Operator-Name || ('no' != 'yes'))) { Fri Feb 27 11:47:49 2015 : Debug: (6) if (&outer.request:Chargeable-User-Identity && (&outer.request:Operator-Name || ('no' != 'yes'))) -> FALSE Fri Feb 27 11:47:49 2015 : Debug: (6) } # policy cui-inner.post-auth = noop Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[post-auth]: calling cache (rlm_cache) for request 6 Fri Feb 27 11:47:49 2015 : Debug: %{User-Name}%{outer.request:Calling-Station-Id} Fri Feb 27 11:47:49 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:47:49 2015 : Debug: attribute --> User-Name Fri Feb 27 11:47:49 2015 : Debug: attribute --> Calling-Station-Id Fri Feb 27 11:47:49 2015 : Debug: (6) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id} Fri Feb 27 11:47:49 2015 : Debug: (6) cache: --> qaresdone899c47233d8 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Mutex acquired Fri Feb 27 11:47:49 2015 : Debug: (6) cache: No cache entry found for "qaresdone899c47233d8" Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Creating new cache entry Fri Feb 27 11:47:49 2015 : Debug: %{control:NT-Password} Fri Feb 27 11:47:49 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:47:49 2015 : Debug: attribute --> NT-Password Fri Feb 27 11:47:49 2015 : Debug: (6) cache: EXPAND %{control:NT-Password} Fri Feb 27 11:47:49 2015 : Debug: (6) cache: --> 0x5835048ce94ad0564e29a924a03510ef Fri Feb 27 11:47:49 2015 : Debug: (6) cache: control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef Fri Feb 27 11:47:49 2015 : Debug: %{control:LM-Password} Fri Feb 27 11:47:49 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:47:49 2015 : Debug: attribute --> LM-Password Fri Feb 27 11:47:49 2015 : Debug: (6) cache: EXPAND %{control:LM-Password} Fri Feb 27 11:47:49 2015 : Debug: (6) cache: --> 0xe52cac67419a9a2238f10713b629b565 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: control:LM-Password := 0xe52cac67419a9a2238f10713b629b565 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Merging cache entry into request Fri Feb 27 11:47:49 2015 : Debug: (6) cache: &control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef Fri Feb 27 11:47:49 2015 : Debug: (6) cache: &control:LM-Password := 0xe52cac67419a9a2238f10713b629b565 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: FROM 2 TO 6 MAX 8 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: Examining NT-Password Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: OVERWRITING NT-Password FROM 0 TO 4 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: Examining LM-Password Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: OVERWRITING LM-Password FROM 1 TO 5 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: TO in 6 out 6 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[0] = Proxy-To-Realm Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[1] = Ldap-UserDn Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[2] = Cleartext-Password Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[3] = Auth-Type Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[4] = NT-Password Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[5] = LM-Password Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Commited entry, TTL 86400 seconds Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Mutex released Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[post-auth]: returned from cache (rlm_cache) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) [cache] = updated Fri Feb 27 11:47:49 2015 : Debug: (6) } # post-auth = updated Fri Feb 27 11:47:49 2015 : Debug: (6) } # server inner-tunnel Fri Feb 27 11:47:49 2015 : Debug: (6) Virtual server sending reply Fri Feb 27 11:47:49 2015 : Debug: (6) MS-CHAP2-Success = 0xd2533d36314530323939313234324633454637463032464243383932303731453845303636363339373132 Fri Feb 27 11:47:49 2015 : Debug: (6) MS-MPPE-Recv-Key = 0x0f43250c72b196e120162ef6248bb3ee Fri Feb 27 11:47:49 2015 : Debug: (6) MS-MPPE-Send-Key = 0x201b62ef56ed0c1ff0a7beb46260ed91 Fri Feb 27 11:47:49 2015 : Debug: (6) MS-MPPE-Encryption-Policy = Encryption-Required Fri Feb 27 11:47:49 2015 : Debug: (6) MS-MPPE-Encryption-Types = 4 Fri Feb 27 11:47:49 2015 : Debug: (6) eap_ttls: Got tunneled Access-Accept Fri Feb 27 11:47:49 2015 : Debug: (6) eap_ttls: Got MS-CHAP2-Success, tunneling it to the client in a challenge Fri Feb 27 11:47:49 2015 : Debug: (6) eap_ttls: Sending tunneled reply attributes Fri Feb 27 11:47:49 2015 : Debug: (6) eap_ttls: MS-CHAP2-Success = 0xd2533d36314530323939313234324633454637463032464243383932303731453845303636363339373132 Fri Feb 27 11:47:49 2015 : Debug: (6) eap: EAP session adding &reply:State = 0x204f298226593c66 Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authenticate]: returned from eap (rlm_eap) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) [eap] = handled Fri Feb 27 11:47:49 2015 : Debug: (6) } # authenticate = handled Fri Feb 27 11:47:49 2015 : Debug: (6) session-state: Nothing to cache Fri Feb 27 11:47:49 2015 : Debug: (6) Sent Access-Challenge Id 222 from 71.46.62.133:1812 to 24.94.145.173:50154 length 153 Fri Feb 27 11:47:49 2015 : Debug: (6) EAP-Message = 0x0116005f15800000005517030100500bbcd646b14c483eab6bd7474e470b3a1d615471c7612c204526cadb5bf080f8796bf81253c6bcc95d731a988caa8aa66743d7dc7d2f86f460f4d91b1252a6b8973446461f0cf19a01cb348c9e4848bb Fri Feb 27 11:47:49 2015 : Debug: (6) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:47:49 2015 : Debug: (6) State = 0x204f298226593c668c4bee58afd4d0c1 Fri Feb 27 11:47:49 2015 : Debug: (6) Finished request Fri Feb 27 11:47:49 2015 : Debug: Waking up in 0.2 seconds. Fri Feb 27 11:47:49 2015 : Debug: (7) Received Access-Request Id 223 from 24.94.145.173:50154 to 71.46.62.133:1812 length 191 Fri Feb 27 11:47:49 2015 : Debug: (7) User-Name = 'qaresdon' Fri Feb 27 11:47:49 2015 : Debug: (7) NAS-IP-Address = 24.94.145.173 Fri Feb 27 11:47:49 2015 : Debug: (7) NAS-Identifier = 'Ericsson' Fri Feb 27 11:47:49 2015 : Debug: (7) Called-Station-Id = '000d67218560:BHN_E_Secure' Fri Feb 27 11:47:49 2015 : Debug: (7) NAS-Port-Type = Wireless-802.11 Fri Feb 27 11:47:49 2015 : Debug: (7) NAS-Port = 0 Fri Feb 27 11:47:49 2015 : Debug: (7) Calling-Station-Id = 'e899c47233d8' Fri Feb 27 11:47:49 2015 : Debug: (7) Connect-Info = 'CONNECT 0Mbps 802.11b' Fri Feb 27 11:47:49 2015 : Debug: (7) Acct-Session-Id = '54ECEF48-00000184' Fri Feb 27 11:47:49 2015 : Debug: (7) Framed-MTU = 1400 Fri Feb 27 11:47:49 2015 : Debug: (7) EAP-Message = 0x021600061500 Fri Feb 27 11:47:49 2015 : Debug: (7) State = 0x204f298226593c668c4bee58afd4d0c1 Fri Feb 27 11:47:49 2015 : Debug: (7) Message-Authenticator = 0x88f9758bbbc36c476fea06350ff96944 Fri Feb 27 11:47:49 2015 : Debug: (7) session-state: No cached attributes Fri Feb 27 11:47:49 2015 : Debug: (7) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:47:49 2015 : Debug: (7) authorize { Fri Feb 27 11:47:49 2015 : Debug: (7) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 7 Fri Feb 27 11:47:49 2015 : Debug: (7) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 7 Fri Feb 27 11:47:49 2015 : Debug: (7) [preprocess] = ok Fri Feb 27 11:47:49 2015 : Debug: (7) modsingle[authorize]: calling chap (rlm_chap) for request 7 Fri Feb 27 11:47:49 2015 : Debug: (7) modsingle[authorize]: returned from chap (rlm_chap) for request 7 Fri Feb 27 11:47:49 2015 : Debug: (7) [chap] = noop Fri Feb 27 11:47:49 2015 : Debug: (7) modsingle[authorize]: calling mschap (rlm_mschap) for request 7 Fri Feb 27 11:47:49 2015 : Debug: (7) modsingle[authorize]: returned from mschap (rlm_mschap) for request 7 Fri Feb 27 11:47:49 2015 : Debug: (7) [mschap] = noop Fri Feb 27 11:47:49 2015 : Debug: (7) modsingle[authorize]: calling digest (rlm_digest) for request 7 Fri Feb 27 11:47:49 2015 : Debug: (7) modsingle[authorize]: returned from digest (rlm_digest) for request 7 Fri Feb 27 11:47:49 2015 : Debug: (7) [digest] = noop Fri Feb 27 11:47:49 2015 : Debug: (7) modsingle[authorize]: calling suffix (rlm_realm) for request 7 Fri Feb 27 11:47:49 2015 : Debug: (7) suffix: Checking for suffix after "@" Fri Feb 27 11:47:49 2015 : Debug: (7) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL Fri Feb 27 11:47:49 2015 : Debug: (7) suffix: No such realm "NULL" Fri Feb 27 11:47:49 2015 : Debug: (7) modsingle[authorize]: returned from suffix (rlm_realm) for request 7 Fri Feb 27 11:47:49 2015 : Debug: (7) [suffix] = noop Fri Feb 27 11:47:49 2015 : Debug: (7) modsingle[authorize]: calling eap (rlm_eap) for request 7 Fri Feb 27 11:47:49 2015 : Debug: (7) eap: Peer sent code Response (2) ID 22 length 6 Fri Feb 27 11:47:49 2015 : Debug: (7) eap: Continuing tunnel setup Fri Feb 27 11:47:49 2015 : Debug: (7) modsingle[authorize]: returned from eap (rlm_eap) for request 7 Fri Feb 27 11:47:49 2015 : Debug: (7) [eap] = ok Fri Feb 27 11:47:49 2015 : Debug: (7) } # authorize = ok Fri Feb 27 11:47:49 2015 : Debug: (7) Found Auth-Type = EAP Fri Feb 27 11:47:49 2015 : Debug: (7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:47:49 2015 : Debug: (7) authenticate { Fri Feb 27 11:47:49 2015 : Debug: (7) modsingle[authenticate]: calling eap (rlm_eap) for request 7 Fri Feb 27 11:47:49 2015 : Debug: (7) eap: Expiring EAP session with state 0x204f298226593c66 Fri Feb 27 11:47:49 2015 : Debug: (7) eap: Finished EAP session with state 0x204f298226593c66 Fri Feb 27 11:47:49 2015 : Debug: (7) eap: Previous EAP request found for state 0x204f298226593c66, released from the list Fri Feb 27 11:47:49 2015 : Debug: (7) eap: Peer sent method TTLS (21) Fri Feb 27 11:47:49 2015 : Debug: (7) eap: EAP TTLS (21) Fri Feb 27 11:47:49 2015 : Debug: (7) eap: Calling eap_ttls to process EAP data Fri Feb 27 11:47:49 2015 : Debug: (7) eap_ttls: Authenticate Fri Feb 27 11:47:49 2015 : Debug: (7) eap_ttls: processing EAP-TLS Fri Feb 27 11:47:49 2015 : Debug: (7) eap_ttls: Received TLS ACK Fri Feb 27 11:47:49 2015 : Debug: (7) eap_ttls: Received TLS ACK Fri Feb 27 11:47:49 2015 : Debug: (7) eap_ttls: ACK handshake is finished Fri Feb 27 11:47:49 2015 : Debug: (7) eap_ttls: eaptls_verify returned 3 Fri Feb 27 11:47:49 2015 : Debug: (7) eap_ttls: eaptls_process returned 3 Fri Feb 27 11:47:49 2015 : Debug: (7) eap: Freeing handler Fri Feb 27 11:47:49 2015 : Debug: (7) modsingle[authenticate]: returned from eap (rlm_eap) for request 7 Fri Feb 27 11:47:49 2015 : Debug: (7) [eap] = ok Fri Feb 27 11:47:49 2015 : Debug: (7) } # authenticate = ok Fri Feb 27 11:47:49 2015 : Debug: (7) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:47:49 2015 : Debug: (7) post-auth { Fri Feb 27 11:47:49 2015 : Debug: (7) update { Fri Feb 27 11:47:49 2015 : Debug: (7) No attributes updated Fri Feb 27 11:47:49 2015 : Debug: (7) } # update = noop Fri Feb 27 11:47:49 2015 : Debug: (7) modsingle[post-auth]: calling linelog (rlm_linelog) for request 7 Fri Feb 27 11:47:49 2015 : Debug: Accounting-Request.%{%{Acct-Status-Type}:-unknown} Fri Feb 27 11:47:49 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:47:49 2015 : Debug: literal --> Accounting-Request. Fri Feb 27 11:47:49 2015 : Debug: if { Fri Feb 27 11:47:49 2015 : Debug: attribute --> Acct-Status-Type Fri Feb 27 11:47:49 2015 : Debug: } Fri Feb 27 11:47:49 2015 : Debug: else { Fri Feb 27 11:47:49 2015 : Debug: literal --> unknown Fri Feb 27 11:47:49 2015 : Debug: } Fri Feb 27 11:47:49 2015 : Debug: (7) linelog: EXPAND Accounting-Request.%{%{Acct-Status-Type}:-unknown} Fri Feb 27 11:47:49 2015 : Debug: (7) linelog: --> Accounting-Request.unknown Fri Feb 27 11:47:49 2015 : Debug: /var/log/radius/linelog Fri Feb 27 11:47:49 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:47:49 2015 : Debug: literal --> /var/log/radius/linelog Fri Feb 27 11:47:49 2015 : Debug: (7) linelog: EXPAND /var/log/radius/linelog Fri Feb 27 11:47:49 2015 : Debug: (7) linelog: --> /var/log/radius/linelog Fri Feb 27 11:47:49 2015 : Debug: NAS %{Packet-Src-IP-Address} (%{NAS-IP-Address}) sent unknown Acct-Status-Type %{Acct-Status-Type} Fri Feb 27 11:47:49 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:47:49 2015 : Debug: literal --> NAS Fri Feb 27 11:47:49 2015 : Debug: attribute --> Packet-Src-IP-Address Fri Feb 27 11:47:49 2015 : Debug: literal --> ( Fri Feb 27 11:47:49 2015 : Debug: attribute --> NAS-IP-Address Fri Feb 27 11:47:49 2015 : Debug: literal --> ) sent unknown Acct-Status-Type Fri Feb 27 11:47:49 2015 : Debug: attribute --> Acct-Status-Type Fri Feb 27 11:47:49 2015 : Debug: (7) linelog: EXPAND NAS %{Packet-Src-IP-Address} (%{NAS-IP-Address}) sent unknown Acct-Status-Type %{Acct-Status-Type} Fri Feb 27 11:47:49 2015 : Debug: (7) linelog: --> NAS 24.94.145.173 (24.94.145.173) sent unknown Acct-Status-Type Fri Feb 27 11:47:49 2015 : Debug: (7) modsingle[post-auth]: returned from linelog (rlm_linelog) for request 7 Fri Feb 27 11:47:49 2015 : Debug: (7) [linelog] = ok Fri Feb 27 11:47:49 2015 : Debug: (7) modsingle[post-auth]: calling exec (rlm_exec) for request 7 Fri Feb 27 11:47:49 2015 : Debug: (7) modsingle[post-auth]: returned from exec (rlm_exec) for request 7 Fri Feb 27 11:47:49 2015 : Debug: (7) [exec] = noop Fri Feb 27 11:47:49 2015 : Debug: (7) policy remove_reply_message_if_eap { Fri Feb 27 11:47:49 2015 : Debug: (7) if (&reply:EAP-Message && &reply:Reply-Message) { Fri Feb 27 11:47:49 2015 : Debug: (7) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE Fri Feb 27 11:47:49 2015 : Debug: (7) else { Fri Feb 27 11:47:49 2015 : Debug: (7) modsingle[post-auth]: calling noop (rlm_always) for request 7 Fri Feb 27 11:47:49 2015 : Debug: (7) modsingle[post-auth]: returned from noop (rlm_always) for request 7 Fri Feb 27 11:47:49 2015 : Debug: (7) [noop] = noop Fri Feb 27 11:47:49 2015 : Debug: (7) } # else = noop Fri Feb 27 11:47:49 2015 : Debug: (7) } # policy remove_reply_message_if_eap = noop Fri Feb 27 11:47:49 2015 : Debug: (7) } # post-auth = ok Fri Feb 27 11:47:49 2015 : Debug: (7) Sent Access-Accept Id 223 from 71.46.62.133:1812 to 24.94.145.173:50154 length 170 Fri Feb 27 11:47:49 2015 : Debug: (7) MS-MPPE-Recv-Key = 0xa94ada91d68540debb2cf793bc7b2248ba77c9122fca4e0216f70f7372c1c941 Fri Feb 27 11:47:49 2015 : Debug: (7) MS-MPPE-Send-Key = 0xc8a95a2451025da064a28b146384cdfb5ecb6d1423896aaf416728e640727217 Fri Feb 27 11:47:49 2015 : Debug: (7) EAP-Message = 0x03160004 Fri Feb 27 11:47:49 2015 : Debug: (7) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:47:49 2015 : Debug: (7) User-Name = 'qaresdon' EAP-PEAP: Fri Feb 27 11:48:43 2015 : Debug: (0) Received Access-Request Id 224 from 24.94.145.173:50155 to 71.46.62.133:1812 length 180 Fri Feb 27 11:48:43 2015 : Debug: (0) User-Name = 'qaresdon' Fri Feb 27 11:48:43 2015 : Debug: (0) NAS-IP-Address = 24.94.145.173 Fri Feb 27 11:48:43 2015 : Debug: (0) NAS-Identifier = 'Ericsson' Fri Feb 27 11:48:43 2015 : Debug: (0) Called-Station-Id = '000d67218560:BHN_E_Secure' Fri Feb 27 11:48:43 2015 : Debug: (0) NAS-Port-Type = Wireless-802.11 Fri Feb 27 11:48:43 2015 : Debug: (0) NAS-Port = 0 Fri Feb 27 11:48:43 2015 : Debug: (0) Calling-Station-Id = 'e899c47233d8' Fri Feb 27 11:48:43 2015 : Debug: (0) Connect-Info = 'CONNECT 0Mbps 802.11b' Fri Feb 27 11:48:43 2015 : Debug: (0) Acct-Session-Id = '54ECEF48-00000185' Fri Feb 27 11:48:43 2015 : Debug: (0) Framed-MTU = 1400 Fri Feb 27 11:48:43 2015 : Debug: (0) EAP-Message = 0x0276000d017161726573646f6e Fri Feb 27 11:48:43 2015 : Debug: (0) Message-Authenticator = 0x2df871fab7b93602aac9a68c61e2e4cb Fri Feb 27 11:48:43 2015 : Debug: (0) session-state: No State attribute Fri Feb 27 11:48:43 2015 : Debug: (0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:48:43 2015 : Debug: (0) authorize { Fri Feb 27 11:48:43 2015 : Debug: (0) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Fri Feb 27 11:48:43 2015 : Debug: (0) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Fri Feb 27 11:48:43 2015 : Debug: (0) [preprocess] = ok Fri Feb 27 11:48:43 2015 : Debug: (0) modsingle[authorize]: calling chap (rlm_chap) for request 0 Fri Feb 27 11:48:43 2015 : Debug: (0) modsingle[authorize]: returned from chap (rlm_chap) for request 0 Fri Feb 27 11:48:43 2015 : Debug: (0) [chap] = noop Fri Feb 27 11:48:43 2015 : Debug: (0) modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Fri Feb 27 11:48:43 2015 : Debug: (0) modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Fri Feb 27 11:48:43 2015 : Debug: (0) [mschap] = noop Fri Feb 27 11:48:43 2015 : Debug: (0) modsingle[authorize]: calling digest (rlm_digest) for request 0 Fri Feb 27 11:48:43 2015 : Debug: (0) modsingle[authorize]: returned from digest (rlm_digest) for request 0 Fri Feb 27 11:48:43 2015 : Debug: (0) [digest] = noop Fri Feb 27 11:48:43 2015 : Debug: (0) modsingle[authorize]: calling suffix (rlm_realm) for request 0 Fri Feb 27 11:48:43 2015 : Debug: (0) suffix: Checking for suffix after "@" Fri Feb 27 11:48:43 2015 : Debug: (0) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL Fri Feb 27 11:48:43 2015 : Debug: (0) suffix: No such realm "NULL" Fri Feb 27 11:48:43 2015 : Debug: (0) modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Fri Feb 27 11:48:43 2015 : Debug: (0) [suffix] = noop Fri Feb 27 11:48:43 2015 : Debug: (0) modsingle[authorize]: calling eap (rlm_eap) for request 0 Fri Feb 27 11:48:43 2015 : Debug: (0) eap: Peer sent code Response (2) ID 118 length 13 Fri Feb 27 11:48:43 2015 : Debug: (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize Fri Feb 27 11:48:43 2015 : Debug: (0) modsingle[authorize]: returned from eap (rlm_eap) for request 0 Fri Feb 27 11:48:43 2015 : Debug: (0) [eap] = ok Fri Feb 27 11:48:43 2015 : Debug: (0) } # authorize = ok Fri Feb 27 11:48:43 2015 : Debug: (0) Found Auth-Type = EAP Fri Feb 27 11:48:43 2015 : Debug: (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:48:43 2015 : Debug: (0) authenticate { Fri Feb 27 11:48:43 2015 : Debug: (0) modsingle[authenticate]: calling eap (rlm_eap) for request 0 Fri Feb 27 11:48:43 2015 : Debug: (0) eap: Peer sent method Identity (1) Fri Feb 27 11:48:43 2015 : Debug: (0) eap: Calling eap_peap to process EAP data Fri Feb 27 11:48:43 2015 : Debug: (0) eap_peap: Initiate Fri Feb 27 11:48:43 2015 : Debug: (0) eap_peap: Start returned 1 Fri Feb 27 11:48:43 2015 : Debug: (0) eap: EAP session adding &reply:State = 0x43bc3b6943cb22ae Fri Feb 27 11:48:43 2015 : Debug: (0) modsingle[authenticate]: returned from eap (rlm_eap) for request 0 Fri Feb 27 11:48:43 2015 : Debug: (0) [eap] = handled Fri Feb 27 11:48:43 2015 : Debug: (0) } # authenticate = handled Fri Feb 27 11:48:43 2015 : Debug: (0) session-state: Nothing to cache Fri Feb 27 11:48:43 2015 : Debug: (0) Sent Access-Challenge Id 224 from 71.46.62.133:1812 to 24.94.145.173:50155 length 64 Fri Feb 27 11:48:43 2015 : Debug: (0) EAP-Message = 0x017700061920 Fri Feb 27 11:48:43 2015 : Debug: (0) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:48:43 2015 : Debug: (0) State = 0x43bc3b6943cb22ae11358de93389f275 Fri Feb 27 11:48:43 2015 : Debug: (0) Finished request Fri Feb 27 11:48:43 2015 : Debug: Waking up in 0.3 seconds. Fri Feb 27 11:48:43 2015 : Debug: (1) Received Access-Request Id 225 from 24.94.145.173:50155 to 71.46.62.133:1812 length 385 Fri Feb 27 11:48:43 2015 : Debug: (1) User-Name = 'qaresdon' Fri Feb 27 11:48:43 2015 : Debug: (1) NAS-IP-Address = 24.94.145.173 Fri Feb 27 11:48:43 2015 : Debug: (1) NAS-Identifier = 'Ericsson' Fri Feb 27 11:48:43 2015 : Debug: (1) Called-Station-Id = '000d67218560:BHN_E_Secure' Fri Feb 27 11:48:43 2015 : Debug: (1) NAS-Port-Type = Wireless-802.11 Fri Feb 27 11:48:43 2015 : Debug: (1) NAS-Port = 0 Fri Feb 27 11:48:43 2015 : Debug: (1) Calling-Station-Id = 'e899c47233d8' Fri Feb 27 11:48:43 2015 : Debug: (1) Connect-Info = 'CONNECT 0Mbps 802.11b' Fri Feb 27 11:48:43 2015 : Debug: (1) Acct-Session-Id = '54ECEF48-00000185' Fri Feb 27 11:48:43 2015 : Debug: (1) Framed-MTU = 1400 Fri Feb 27 11:48:43 2015 : Debug: (1) EAP-Message = 0x027700c81980000000be16030100b9010000b5030154f09feabdf3ea9c6d5ecce97b79e5502ea898b7e4a91e7cae67cf33462d80dd000048c014c00a00390038c00fc0050035c012c00800160013c00dc003000ac013c00900330032c00ec004002fc011c007c00cc00200050004001500120009001400 Fri Feb 27 11:48:43 2015 : Debug: (1) State = 0x43bc3b6943cb22ae11358de93389f275 Fri Feb 27 11:48:43 2015 : Debug: (1) Message-Authenticator = 0x0bcd8c310b2363a798deb6f6fa43dacb Fri Feb 27 11:48:43 2015 : Debug: (1) session-state: No cached attributes Fri Feb 27 11:48:43 2015 : Debug: (1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:48:43 2015 : Debug: (1) authorize { Fri Feb 27 11:48:43 2015 : Debug: (1) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1 Fri Feb 27 11:48:43 2015 : Debug: (1) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1 Fri Feb 27 11:48:43 2015 : Debug: (1) [preprocess] = ok Fri Feb 27 11:48:43 2015 : Debug: (1) modsingle[authorize]: calling chap (rlm_chap) for request 1 Fri Feb 27 11:48:43 2015 : Debug: (1) modsingle[authorize]: returned from chap (rlm_chap) for request 1 Fri Feb 27 11:48:43 2015 : Debug: (1) [chap] = noop Fri Feb 27 11:48:43 2015 : Debug: (1) modsingle[authorize]: calling mschap (rlm_mschap) for request 1 Fri Feb 27 11:48:43 2015 : Debug: (1) modsingle[authorize]: returned from mschap (rlm_mschap) for request 1 Fri Feb 27 11:48:43 2015 : Debug: (1) [mschap] = noop Fri Feb 27 11:48:43 2015 : Debug: (1) modsingle[authorize]: calling digest (rlm_digest) for request 1 Fri Feb 27 11:48:43 2015 : Debug: (1) modsingle[authorize]: returned from digest (rlm_digest) for request 1 Fri Feb 27 11:48:43 2015 : Debug: (1) [digest] = noop Fri Feb 27 11:48:43 2015 : Debug: (1) modsingle[authorize]: calling suffix (rlm_realm) for request 1 Fri Feb 27 11:48:43 2015 : Debug: (1) suffix: Checking for suffix after "@" Fri Feb 27 11:48:43 2015 : Debug: (1) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL Fri Feb 27 11:48:43 2015 : Debug: (1) suffix: No such realm "NULL" Fri Feb 27 11:48:43 2015 : Debug: (1) modsingle[authorize]: returned from suffix (rlm_realm) for request 1 Fri Feb 27 11:48:43 2015 : Debug: (1) [suffix] = noop Fri Feb 27 11:48:43 2015 : Debug: (1) modsingle[authorize]: calling eap (rlm_eap) for request 1 Fri Feb 27 11:48:43 2015 : Debug: (1) eap: Peer sent code Response (2) ID 119 length 200 Fri Feb 27 11:48:43 2015 : Debug: (1) eap: Continuing tunnel setup Fri Feb 27 11:48:43 2015 : Debug: (1) modsingle[authorize]: returned from eap (rlm_eap) for request 1 Fri Feb 27 11:48:43 2015 : Debug: (1) [eap] = ok Fri Feb 27 11:48:43 2015 : Debug: (1) } # authorize = ok Fri Feb 27 11:48:43 2015 : Debug: (1) Found Auth-Type = EAP Fri Feb 27 11:48:43 2015 : Debug: (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:48:43 2015 : Debug: (1) authenticate { Fri Feb 27 11:48:43 2015 : Debug: (1) modsingle[authenticate]: calling eap (rlm_eap) for request 1 Fri Feb 27 11:48:43 2015 : Debug: (1) eap: Expiring EAP session with state 0x43bc3b6943cb22ae Fri Feb 27 11:48:43 2015 : Debug: (1) eap: Finished EAP session with state 0x43bc3b6943cb22ae Fri Feb 27 11:48:43 2015 : Debug: (1) eap: Previous EAP request found for state 0x43bc3b6943cb22ae, released from the list Fri Feb 27 11:48:43 2015 : Debug: (1) eap: Peer sent method PEAP (25) Fri Feb 27 11:48:43 2015 : Debug: (1) eap: EAP PEAP (25) Fri Feb 27 11:48:43 2015 : Debug: (1) eap: Calling eap_peap to process EAP data Fri Feb 27 11:48:43 2015 : Debug: (1) eap_peap: processing EAP-TLS Fri Feb 27 11:48:43 2015 : Debug: (1) eap_peap: TLS Length 190 Fri Feb 27 11:48:43 2015 : Debug: (1) eap_peap: Length Included Fri Feb 27 11:48:43 2015 : Debug: (1) eap_peap: eaptls_verify returned 11 Fri Feb 27 11:48:43 2015 : Debug: (1) eap_peap: (other): before/accept initialization Fri Feb 27 11:48:43 2015 : Debug: (1) eap_peap: TLS_accept: before/accept initialization Fri Feb 27 11:48:43 2015 : Debug: (1) eap_peap: <<< TLS 1.0 Handshake [length 00b9], ClientHello Fri Feb 27 11:48:43 2015 : Debug: (1) eap_peap: TLS_accept: SSLv3 read client hello A Fri Feb 27 11:48:43 2015 : Debug: (1) eap_peap: >>> TLS 1.0 Handshake [length 0039], ServerHello Fri Feb 27 11:48:43 2015 : Debug: (1) eap_peap: TLS_accept: SSLv3 write server hello A Fri Feb 27 11:48:43 2015 : Debug: (1) eap_peap: >>> TLS 1.0 Handshake [length 0e58], Certificate Fri Feb 27 11:48:43 2015 : Debug: (1) eap_peap: TLS_accept: SSLv3 write certificate A Fri Feb 27 11:48:43 2015 : Debug: (1) eap_peap: >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange Fri Feb 27 11:48:43 2015 : Debug: (1) eap_peap: TLS_accept: SSLv3 write key exchange A Fri Feb 27 11:48:43 2015 : Debug: (1) eap_peap: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone Fri Feb 27 11:48:43 2015 : Debug: (1) eap_peap: TLS_accept: SSLv3 write server done A Fri Feb 27 11:48:43 2015 : Debug: (1) eap_peap: TLS_accept: SSLv3 flush data Fri Feb 27 11:48:43 2015 : Debug: (1) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A Fri Feb 27 11:48:43 2015 : Debug: (1) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A Fri Feb 27 11:48:43 2015 : Debug: In SSL Handshake Phase Fri Feb 27 11:48:43 2015 : Debug: In SSL Accept mode Fri Feb 27 11:48:43 2015 : Debug: (1) eap_peap: eaptls_process returned 13 Fri Feb 27 11:48:43 2015 : Debug: (1) eap_peap: FR_TLS_HANDLED Fri Feb 27 11:48:43 2015 : Debug: (1) eap: EAP session adding &reply:State = 0x43bc3b6942c422ae Fri Feb 27 11:48:43 2015 : Debug: (1) modsingle[authenticate]: returned from eap (rlm_eap) for request 1 Fri Feb 27 11:48:43 2015 : Debug: (1) [eap] = handled Fri Feb 27 11:48:43 2015 : Debug: (1) } # authenticate = handled Fri Feb 27 11:48:43 2015 : Debug: (1) session-state: Nothing to cache Fri Feb 27 11:48:43 2015 : Debug: (1) Sent Access-Challenge Id 225 from 71.46.62.133:1812 to 24.94.145.173:50155 length 1448 Fri Feb 27 11:48:43 2015 : Debug: (1) EAP-Message = 0x0178056419c000000ff4160301003902000035030154f09feb681c6ba51cd254aa5263ce9d10486dc5fe1a766c3f2aa5dc2c36a9ca00c01400000dff01000100000b0004030001021603010e580b000e54000e510005213082051d30820405a00302010202044c233c7e300d06092a864886f70d010105 Fri Feb 27 11:48:43 2015 : Debug: (1) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:48:43 2015 : Debug: (1) State = 0x43bc3b6942c422ae11358de93389f275 Fri Feb 27 11:48:43 2015 : Debug: (1) Finished request Fri Feb 27 11:48:43 2015 : Debug: Waking up in 0.2 seconds. Fri Feb 27 11:48:43 2015 : Debug: (2) Received Access-Request Id 226 from 24.94.145.173:50155 to 71.46.62.133:1812 length 191 Fri Feb 27 11:48:43 2015 : Debug: (2) User-Name = 'qaresdon' Fri Feb 27 11:48:43 2015 : Debug: (2) NAS-IP-Address = 24.94.145.173 Fri Feb 27 11:48:43 2015 : Debug: (2) NAS-Identifier = 'Ericsson' Fri Feb 27 11:48:43 2015 : Debug: (2) Called-Station-Id = '000d67218560:BHN_E_Secure' Fri Feb 27 11:48:43 2015 : Debug: (2) NAS-Port-Type = Wireless-802.11 Fri Feb 27 11:48:43 2015 : Debug: (2) NAS-Port = 0 Fri Feb 27 11:48:43 2015 : Debug: (2) Calling-Station-Id = 'e899c47233d8' Fri Feb 27 11:48:43 2015 : Debug: (2) Connect-Info = 'CONNECT 0Mbps 802.11b' Fri Feb 27 11:48:43 2015 : Debug: (2) Acct-Session-Id = '54ECEF48-00000185' Fri Feb 27 11:48:43 2015 : Debug: (2) Framed-MTU = 1400 Fri Feb 27 11:48:43 2015 : Debug: (2) EAP-Message = 0x027800061900 Fri Feb 27 11:48:43 2015 : Debug: (2) State = 0x43bc3b6942c422ae11358de93389f275 Fri Feb 27 11:48:43 2015 : Debug: (2) Message-Authenticator = 0x419f17062a6f0402ea3c66d7edf382ff Fri Feb 27 11:48:43 2015 : Debug: (2) session-state: No cached attributes Fri Feb 27 11:48:43 2015 : Debug: (2) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:48:43 2015 : Debug: (2) authorize { Fri Feb 27 11:48:43 2015 : Debug: (2) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 2 Fri Feb 27 11:48:43 2015 : Debug: (2) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 2 Fri Feb 27 11:48:43 2015 : Debug: (2) [preprocess] = ok Fri Feb 27 11:48:43 2015 : Debug: (2) modsingle[authorize]: calling chap (rlm_chap) for request 2 Fri Feb 27 11:48:43 2015 : Debug: (2) modsingle[authorize]: returned from chap (rlm_chap) for request 2 Fri Feb 27 11:48:43 2015 : Debug: (2) [chap] = noop Fri Feb 27 11:48:43 2015 : Debug: (2) modsingle[authorize]: calling mschap (rlm_mschap) for request 2 Fri Feb 27 11:48:43 2015 : Debug: (2) modsingle[authorize]: returned from mschap (rlm_mschap) for request 2 Fri Feb 27 11:48:43 2015 : Debug: (2) [mschap] = noop Fri Feb 27 11:48:43 2015 : Debug: (2) modsingle[authorize]: calling digest (rlm_digest) for request 2 Fri Feb 27 11:48:43 2015 : Debug: (2) modsingle[authorize]: returned from digest (rlm_digest) for request 2 Fri Feb 27 11:48:43 2015 : Debug: (2) [digest] = noop Fri Feb 27 11:48:43 2015 : Debug: (2) modsingle[authorize]: calling suffix (rlm_realm) for request 2 Fri Feb 27 11:48:43 2015 : Debug: (2) suffix: Checking for suffix after "@" Fri Feb 27 11:48:43 2015 : Debug: (2) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL Fri Feb 27 11:48:43 2015 : Debug: (2) suffix: No such realm "NULL" Fri Feb 27 11:48:43 2015 : Debug: (2) modsingle[authorize]: returned from suffix (rlm_realm) for request 2 Fri Feb 27 11:48:43 2015 : Debug: (2) [suffix] = noop Fri Feb 27 11:48:43 2015 : Debug: (2) modsingle[authorize]: calling eap (rlm_eap) for request 2 Fri Feb 27 11:48:43 2015 : Debug: (2) eap: Peer sent code Response (2) ID 120 length 6 Fri Feb 27 11:48:43 2015 : Debug: (2) eap: Continuing tunnel setup Fri Feb 27 11:48:43 2015 : Debug: (2) modsingle[authorize]: returned from eap (rlm_eap) for request 2 Fri Feb 27 11:48:43 2015 : Debug: (2) [eap] = ok Fri Feb 27 11:48:43 2015 : Debug: (2) } # authorize = ok Fri Feb 27 11:48:43 2015 : Debug: (2) Found Auth-Type = EAP Fri Feb 27 11:48:43 2015 : Debug: (2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:48:43 2015 : Debug: (2) authenticate { Fri Feb 27 11:48:43 2015 : Debug: (2) modsingle[authenticate]: calling eap (rlm_eap) for request 2 Fri Feb 27 11:48:43 2015 : Debug: (2) eap: Expiring EAP session with state 0x43bc3b6942c422ae Fri Feb 27 11:48:43 2015 : Debug: (2) eap: Finished EAP session with state 0x43bc3b6942c422ae Fri Feb 27 11:48:43 2015 : Debug: (2) eap: Previous EAP request found for state 0x43bc3b6942c422ae, released from the list Fri Feb 27 11:48:43 2015 : Debug: (2) eap: Peer sent method PEAP (25) Fri Feb 27 11:48:43 2015 : Debug: (2) eap: EAP PEAP (25) Fri Feb 27 11:48:43 2015 : Debug: (2) eap: Calling eap_peap to process EAP data Fri Feb 27 11:48:43 2015 : Debug: (2) eap_peap: processing EAP-TLS Fri Feb 27 11:48:43 2015 : Debug: (2) eap_peap: Received TLS ACK Fri Feb 27 11:48:43 2015 : Debug: (2) eap_peap: Received TLS ACK Fri Feb 27 11:48:43 2015 : Debug: (2) eap_peap: ACK handshake fragment handler Fri Feb 27 11:48:43 2015 : Debug: (2) eap_peap: eaptls_verify returned 1 Fri Feb 27 11:48:43 2015 : Debug: (2) eap_peap: eaptls_process returned 13 Fri Feb 27 11:48:43 2015 : Debug: (2) eap_peap: FR_TLS_HANDLED Fri Feb 27 11:48:43 2015 : Debug: (2) eap: EAP session adding &reply:State = 0x43bc3b6941c522ae Fri Feb 27 11:48:43 2015 : Debug: (2) modsingle[authenticate]: returned from eap (rlm_eap) for request 2 Fri Feb 27 11:48:43 2015 : Debug: (2) [eap] = handled Fri Feb 27 11:48:43 2015 : Debug: (2) } # authenticate = handled Fri Feb 27 11:48:43 2015 : Debug: (2) session-state: Nothing to cache Fri Feb 27 11:48:43 2015 : Debug: (2) Sent Access-Challenge Id 226 from 71.46.62.133:1812 to 24.94.145.173:50155 length 1444 Fri Feb 27 11:48:43 2015 : Debug: (2) EAP-Message = 0x017905601940f3fa6ff051ec9a0730ea94aaa1596407296688590004f9308204f5308203dda00302010202044c0e8c39300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f Fri Feb 27 11:48:43 2015 : Debug: (2) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:48:43 2015 : Debug: (2) State = 0x43bc3b6941c522ae11358de93389f275 Fri Feb 27 11:48:43 2015 : Debug: (2) Finished request Fri Feb 27 11:48:43 2015 : Debug: Waking up in 0.1 seconds. Fri Feb 27 11:48:43 2015 : Debug: (3) Received Access-Request Id 227 from 24.94.145.173:50155 to 71.46.62.133:1812 length 191 Fri Feb 27 11:48:43 2015 : Debug: (3) User-Name = 'qaresdon' Fri Feb 27 11:48:43 2015 : Debug: (3) NAS-IP-Address = 24.94.145.173 Fri Feb 27 11:48:43 2015 : Debug: (3) NAS-Identifier = 'Ericsson' Fri Feb 27 11:48:43 2015 : Debug: (3) Called-Station-Id = '000d67218560:BHN_E_Secure' Fri Feb 27 11:48:43 2015 : Debug: (3) NAS-Port-Type = Wireless-802.11 Fri Feb 27 11:48:43 2015 : Debug: (3) NAS-Port = 0 Fri Feb 27 11:48:43 2015 : Debug: (3) Calling-Station-Id = 'e899c47233d8' Fri Feb 27 11:48:43 2015 : Debug: (3) Connect-Info = 'CONNECT 0Mbps 802.11b' Fri Feb 27 11:48:43 2015 : Debug: (3) Acct-Session-Id = '54ECEF48-00000185' Fri Feb 27 11:48:43 2015 : Debug: (3) Framed-MTU = 1400 Fri Feb 27 11:48:43 2015 : Debug: (3) EAP-Message = 0x027900061900 Fri Feb 27 11:48:43 2015 : Debug: (3) State = 0x43bc3b6941c522ae11358de93389f275 Fri Feb 27 11:48:43 2015 : Debug: (3) Message-Authenticator = 0x7c859c81b0ed2f35fcc34558fd0ee33b Fri Feb 27 11:48:43 2015 : Debug: (3) session-state: No cached attributes Fri Feb 27 11:48:43 2015 : Debug: (3) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:48:43 2015 : Debug: (3) authorize { Fri Feb 27 11:48:43 2015 : Debug: (3) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 3 Fri Feb 27 11:48:43 2015 : Debug: (3) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 3 Fri Feb 27 11:48:43 2015 : Debug: (3) [preprocess] = ok Fri Feb 27 11:48:43 2015 : Debug: (3) modsingle[authorize]: calling chap (rlm_chap) for request 3 Fri Feb 27 11:48:43 2015 : Debug: (3) modsingle[authorize]: returned from chap (rlm_chap) for request 3 Fri Feb 27 11:48:43 2015 : Debug: (3) [chap] = noop Fri Feb 27 11:48:43 2015 : Debug: (3) modsingle[authorize]: calling mschap (rlm_mschap) for request 3 Fri Feb 27 11:48:43 2015 : Debug: (3) modsingle[authorize]: returned from mschap (rlm_mschap) for request 3 Fri Feb 27 11:48:43 2015 : Debug: (3) [mschap] = noop Fri Feb 27 11:48:43 2015 : Debug: (3) modsingle[authorize]: calling digest (rlm_digest) for request 3 Fri Feb 27 11:48:43 2015 : Debug: (3) modsingle[authorize]: returned from digest (rlm_digest) for request 3 Fri Feb 27 11:48:43 2015 : Debug: (3) [digest] = noop Fri Feb 27 11:48:43 2015 : Debug: (3) modsingle[authorize]: calling suffix (rlm_realm) for request 3 Fri Feb 27 11:48:43 2015 : Debug: (3) suffix: Checking for suffix after "@" Fri Feb 27 11:48:43 2015 : Debug: (3) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL Fri Feb 27 11:48:43 2015 : Debug: (3) suffix: No such realm "NULL" Fri Feb 27 11:48:43 2015 : Debug: (3) modsingle[authorize]: returned from suffix (rlm_realm) for request 3 Fri Feb 27 11:48:43 2015 : Debug: (3) [suffix] = noop Fri Feb 27 11:48:43 2015 : Debug: (3) modsingle[authorize]: calling eap (rlm_eap) for request 3 Fri Feb 27 11:48:43 2015 : Debug: (3) eap: Peer sent code Response (2) ID 121 length 6 Fri Feb 27 11:48:43 2015 : Debug: (3) eap: Continuing tunnel setup Fri Feb 27 11:48:43 2015 : Debug: (3) modsingle[authorize]: returned from eap (rlm_eap) for request 3 Fri Feb 27 11:48:43 2015 : Debug: (3) [eap] = ok Fri Feb 27 11:48:43 2015 : Debug: (3) } # authorize = ok Fri Feb 27 11:48:43 2015 : Debug: (3) Found Auth-Type = EAP Fri Feb 27 11:48:43 2015 : Debug: (3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:48:43 2015 : Debug: (3) authenticate { Fri Feb 27 11:48:43 2015 : Debug: (3) modsingle[authenticate]: calling eap (rlm_eap) for request 3 Fri Feb 27 11:48:43 2015 : Debug: (3) eap: Expiring EAP session with state 0x43bc3b6941c522ae Fri Feb 27 11:48:43 2015 : Debug: (3) eap: Finished EAP session with state 0x43bc3b6941c522ae Fri Feb 27 11:48:43 2015 : Debug: (3) eap: Previous EAP request found for state 0x43bc3b6941c522ae, released from the list Fri Feb 27 11:48:43 2015 : Debug: (3) eap: Peer sent method PEAP (25) Fri Feb 27 11:48:43 2015 : Debug: (3) eap: EAP PEAP (25) Fri Feb 27 11:48:43 2015 : Debug: (3) eap: Calling eap_peap to process EAP data Fri Feb 27 11:48:43 2015 : Debug: (3) eap_peap: processing EAP-TLS Fri Feb 27 11:48:43 2015 : Debug: (3) eap_peap: Received TLS ACK Fri Feb 27 11:48:43 2015 : Debug: (3) eap_peap: Received TLS ACK Fri Feb 27 11:48:43 2015 : Debug: (3) eap_peap: ACK handshake fragment handler Fri Feb 27 11:48:43 2015 : Debug: (3) eap_peap: eaptls_verify returned 1 Fri Feb 27 11:48:43 2015 : Debug: (3) eap_peap: eaptls_process returned 13 Fri Feb 27 11:48:43 2015 : Debug: (3) eap_peap: FR_TLS_HANDLED Fri Feb 27 11:48:43 2015 : Debug: (3) eap: EAP session adding &reply:State = 0x43bc3b6940c622ae Fri Feb 27 11:48:43 2015 : Debug: (3) modsingle[authenticate]: returned from eap (rlm_eap) for request 3 Fri Feb 27 11:48:43 2015 : Debug: (3) [eap] = handled Fri Feb 27 11:48:43 2015 : Debug: (3) } # authenticate = handled Fri Feb 27 11:48:43 2015 : Debug: (3) session-state: Nothing to cache Fri Feb 27 11:48:43 2015 : Debug: (3) Sent Access-Challenge Id 227 from 71.46.62.133:1812 to 24.94.145.173:50155 length 1418 Fri Feb 27 11:48:43 2015 : Debug: (3) EAP-Message = 0x017a0546190077772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e Fri Feb 27 11:48:43 2015 : Debug: (3) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:48:43 2015 : Debug: (3) State = 0x43bc3b6940c622ae11358de93389f275 Fri Feb 27 11:48:43 2015 : Debug: (3) Finished request Fri Feb 27 11:48:43 2015 : Debug: Waking up in 0.1 seconds. Fri Feb 27 11:48:43 2015 : Debug: (4) Received Access-Request Id 228 from 24.94.145.173:50155 to 71.46.62.133:1812 length 329 Fri Feb 27 11:48:43 2015 : Debug: (4) User-Name = 'qaresdon' Fri Feb 27 11:48:43 2015 : Debug: (4) NAS-IP-Address = 24.94.145.173 Fri Feb 27 11:48:43 2015 : Debug: (4) NAS-Identifier = 'Ericsson' Fri Feb 27 11:48:43 2015 : Debug: (4) Called-Station-Id = '000d67218560:BHN_E_Secure' Fri Feb 27 11:48:43 2015 : Debug: (4) NAS-Port-Type = Wireless-802.11 Fri Feb 27 11:48:43 2015 : Debug: (4) NAS-Port = 0 Fri Feb 27 11:48:43 2015 : Debug: (4) Calling-Station-Id = 'e899c47233d8' Fri Feb 27 11:48:43 2015 : Debug: (4) Connect-Info = 'CONNECT 0Mbps 802.11b' Fri Feb 27 11:48:43 2015 : Debug: (4) Acct-Session-Id = '54ECEF48-00000185' Fri Feb 27 11:48:43 2015 : Debug: (4) Framed-MTU = 1400 Fri Feb 27 11:48:43 2015 : Debug: (4) EAP-Message = 0x027a00901980000000861603010046100000424104803348866a6e6f8ad30a762c0bbf64bf080581fa5b07610e5322ace24522608dd8a386e022a7f9650a6d9c1272fc2113de7a534114636527b205435cc86de2d91403010001011603010030add691281c44821485829298cd46a46c7118a96d85a753 Fri Feb 27 11:48:43 2015 : Debug: (4) State = 0x43bc3b6940c622ae11358de93389f275 Fri Feb 27 11:48:43 2015 : Debug: (4) Message-Authenticator = 0x0b75f005e5983b11afa351d560ad76a8 Fri Feb 27 11:48:43 2015 : Debug: (4) session-state: No cached attributes Fri Feb 27 11:48:43 2015 : Debug: (4) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:48:43 2015 : Debug: (4) authorize { Fri Feb 27 11:48:43 2015 : Debug: (4) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 4 Fri Feb 27 11:48:43 2015 : Debug: (4) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 4 Fri Feb 27 11:48:43 2015 : Debug: (4) [preprocess] = ok Fri Feb 27 11:48:43 2015 : Debug: (4) modsingle[authorize]: calling chap (rlm_chap) for request 4 Fri Feb 27 11:48:43 2015 : Debug: (4) modsingle[authorize]: returned from chap (rlm_chap) for request 4 Fri Feb 27 11:48:43 2015 : Debug: (4) [chap] = noop Fri Feb 27 11:48:43 2015 : Debug: (4) modsingle[authorize]: calling mschap (rlm_mschap) for request 4 Fri Feb 27 11:48:43 2015 : Debug: (4) modsingle[authorize]: returned from mschap (rlm_mschap) for request 4 Fri Feb 27 11:48:43 2015 : Debug: (4) [mschap] = noop Fri Feb 27 11:48:43 2015 : Debug: (4) modsingle[authorize]: calling digest (rlm_digest) for request 4 Fri Feb 27 11:48:43 2015 : Debug: (4) modsingle[authorize]: returned from digest (rlm_digest) for request 4 Fri Feb 27 11:48:43 2015 : Debug: (4) [digest] = noop Fri Feb 27 11:48:43 2015 : Debug: (4) modsingle[authorize]: calling suffix (rlm_realm) for request 4 Fri Feb 27 11:48:43 2015 : Debug: (4) suffix: Checking for suffix after "@" Fri Feb 27 11:48:43 2015 : Debug: (4) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL Fri Feb 27 11:48:43 2015 : Debug: (4) suffix: No such realm "NULL" Fri Feb 27 11:48:43 2015 : Debug: (4) modsingle[authorize]: returned from suffix (rlm_realm) for request 4 Fri Feb 27 11:48:43 2015 : Debug: (4) [suffix] = noop Fri Feb 27 11:48:43 2015 : Debug: (4) modsingle[authorize]: calling eap (rlm_eap) for request 4 Fri Feb 27 11:48:43 2015 : Debug: (4) eap: Peer sent code Response (2) ID 122 length 144 Fri Feb 27 11:48:43 2015 : Debug: (4) eap: Continuing tunnel setup Fri Feb 27 11:48:43 2015 : Debug: (4) modsingle[authorize]: returned from eap (rlm_eap) for request 4 Fri Feb 27 11:48:43 2015 : Debug: (4) [eap] = ok Fri Feb 27 11:48:43 2015 : Debug: (4) } # authorize = ok Fri Feb 27 11:48:43 2015 : Debug: (4) Found Auth-Type = EAP Fri Feb 27 11:48:43 2015 : Debug: (4) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:48:43 2015 : Debug: (4) authenticate { Fri Feb 27 11:48:43 2015 : Debug: (4) modsingle[authenticate]: calling eap (rlm_eap) for request 4 Fri Feb 27 11:48:43 2015 : Debug: (4) eap: Expiring EAP session with state 0x43bc3b6940c622ae Fri Feb 27 11:48:43 2015 : Debug: (4) eap: Finished EAP session with state 0x43bc3b6940c622ae Fri Feb 27 11:48:43 2015 : Debug: (4) eap: Previous EAP request found for state 0x43bc3b6940c622ae, released from the list Fri Feb 27 11:48:43 2015 : Debug: (4) eap: Peer sent method PEAP (25) Fri Feb 27 11:48:43 2015 : Debug: (4) eap: EAP PEAP (25) Fri Feb 27 11:48:43 2015 : Debug: (4) eap: Calling eap_peap to process EAP data Fri Feb 27 11:48:43 2015 : Debug: (4) eap_peap: processing EAP-TLS Fri Feb 27 11:48:43 2015 : Debug: (4) eap_peap: TLS Length 134 Fri Feb 27 11:48:43 2015 : Debug: (4) eap_peap: Length Included Fri Feb 27 11:48:43 2015 : Debug: (4) eap_peap: eaptls_verify returned 11 Fri Feb 27 11:48:43 2015 : Debug: (4) eap_peap: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange Fri Feb 27 11:48:43 2015 : Debug: (4) eap_peap: TLS_accept: SSLv3 read client key exchange A Fri Feb 27 11:48:43 2015 : Debug: (4) eap_peap: <<< TLS 1.0 ChangeCipherSpec [length 0001] Fri Feb 27 11:48:43 2015 : Debug: (4) eap_peap: <<< TLS 1.0 Handshake [length 0010], Finished Fri Feb 27 11:48:43 2015 : Debug: (4) eap_peap: TLS_accept: SSLv3 read finished A Fri Feb 27 11:48:43 2015 : Debug: (4) eap_peap: >>> TLS 1.0 ChangeCipherSpec [length 0001] Fri Feb 27 11:48:43 2015 : Debug: (4) eap_peap: TLS_accept: SSLv3 write change cipher spec A Fri Feb 27 11:48:43 2015 : Debug: (4) eap_peap: >>> TLS 1.0 Handshake [length 0010], Finished Fri Feb 27 11:48:43 2015 : Debug: (4) eap_peap: TLS_accept: SSLv3 write finished A Fri Feb 27 11:48:43 2015 : Debug: (4) eap_peap: TLS_accept: SSLv3 flush data Fri Feb 27 11:48:43 2015 : Debug: (4) eap_peap: (other): SSL negotiation finished successfully Fri Feb 27 11:48:43 2015 : Debug: SSL Connection Established Fri Feb 27 11:48:43 2015 : Debug: (4) eap_peap: eaptls_process returned 13 Fri Feb 27 11:48:43 2015 : Debug: (4) eap_peap: FR_TLS_HANDLED Fri Feb 27 11:48:43 2015 : Debug: (4) eap: EAP session adding &reply:State = 0x43bc3b6947c722ae Fri Feb 27 11:48:43 2015 : Debug: (4) modsingle[authenticate]: returned from eap (rlm_eap) for request 4 Fri Feb 27 11:48:43 2015 : Debug: (4) [eap] = handled Fri Feb 27 11:48:43 2015 : Debug: (4) } # authenticate = handled Fri Feb 27 11:48:43 2015 : Debug: (4) session-state: Nothing to cache Fri Feb 27 11:48:43 2015 : Debug: (4) Sent Access-Challenge Id 228 from 71.46.62.133:1812 to 24.94.145.173:50155 length 123 Fri Feb 27 11:48:43 2015 : Debug: (4) EAP-Message = 0x017b004119001403010001011603010030ef4c19b55c657f8ff6c637ec72128819272aeb07655a85753dd99d6ff1b79706345e65ca8ae7c3a6ac649703f7ee3684 Fri Feb 27 11:48:43 2015 : Debug: (4) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:48:43 2015 : Debug: (4) State = 0x43bc3b6947c722ae11358de93389f275 Fri Feb 27 11:48:43 2015 : Debug: (4) Finished request Fri Feb 27 11:48:44 2015 : Debug: (5) Received Access-Request Id 229 from 24.94.145.173:50155 to 71.46.62.133:1812 length 191 Fri Feb 27 11:48:44 2015 : Debug: (5) User-Name = 'qaresdon' Fri Feb 27 11:48:44 2015 : Debug: (5) NAS-IP-Address = 24.94.145.173 Fri Feb 27 11:48:44 2015 : Debug: (5) NAS-Identifier = 'Ericsson' Fri Feb 27 11:48:44 2015 : Debug: (5) Called-Station-Id = '000d67218560:BHN_E_Secure' Fri Feb 27 11:48:44 2015 : Debug: (5) NAS-Port-Type = Wireless-802.11 Fri Feb 27 11:48:44 2015 : Debug: (5) NAS-Port = 0 Fri Feb 27 11:48:44 2015 : Debug: (5) Calling-Station-Id = 'e899c47233d8' Fri Feb 27 11:48:44 2015 : Debug: (5) Connect-Info = 'CONNECT 0Mbps 802.11b' Fri Feb 27 11:48:44 2015 : Debug: (5) Acct-Session-Id = '54ECEF48-00000185' Fri Feb 27 11:48:44 2015 : Debug: (5) Framed-MTU = 1400 Fri Feb 27 11:48:44 2015 : Debug: (5) EAP-Message = 0x027b00061900 Fri Feb 27 11:48:44 2015 : Debug: (5) State = 0x43bc3b6947c722ae11358de93389f275 Fri Feb 27 11:48:44 2015 : Debug: (5) Message-Authenticator = 0x26fbcdf393cfc34938f4cb49fc549a34 Fri Feb 27 11:48:44 2015 : Debug: (5) session-state: No cached attributes Fri Feb 27 11:48:44 2015 : Debug: (5) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:48:44 2015 : Debug: (5) authorize { Fri Feb 27 11:48:44 2015 : Debug: (5) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 5 Fri Feb 27 11:48:44 2015 : Debug: (5) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 5 Fri Feb 27 11:48:44 2015 : Debug: (5) [preprocess] = ok Fri Feb 27 11:48:44 2015 : Debug: (5) modsingle[authorize]: calling chap (rlm_chap) for request 5 Fri Feb 27 11:48:44 2015 : Debug: (5) modsingle[authorize]: returned from chap (rlm_chap) for request 5 Fri Feb 27 11:48:44 2015 : Debug: (5) [chap] = noop Fri Feb 27 11:48:44 2015 : Debug: (5) modsingle[authorize]: calling mschap (rlm_mschap) for request 5 Fri Feb 27 11:48:44 2015 : Debug: (5) modsingle[authorize]: returned from mschap (rlm_mschap) for request 5 Fri Feb 27 11:48:44 2015 : Debug: (5) [mschap] = noop Fri Feb 27 11:48:44 2015 : Debug: (5) modsingle[authorize]: calling digest (rlm_digest) for request 5 Fri Feb 27 11:48:44 2015 : Debug: (5) modsingle[authorize]: returned from digest (rlm_digest) for request 5 Fri Feb 27 11:48:44 2015 : Debug: (5) [digest] = noop Fri Feb 27 11:48:44 2015 : Debug: (5) modsingle[authorize]: calling suffix (rlm_realm) for request 5 Fri Feb 27 11:48:44 2015 : Debug: (5) suffix: Checking for suffix after "@" Fri Feb 27 11:48:44 2015 : Debug: (5) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL Fri Feb 27 11:48:44 2015 : Debug: (5) suffix: No such realm "NULL" Fri Feb 27 11:48:44 2015 : Debug: (5) modsingle[authorize]: returned from suffix (rlm_realm) for request 5 Fri Feb 27 11:48:44 2015 : Debug: (5) [suffix] = noop Fri Feb 27 11:48:44 2015 : Debug: (5) modsingle[authorize]: calling eap (rlm_eap) for request 5 Fri Feb 27 11:48:44 2015 : Debug: (5) eap: Peer sent code Response (2) ID 123 length 6 Fri Feb 27 11:48:44 2015 : Debug: (5) eap: Continuing tunnel setup Fri Feb 27 11:48:44 2015 : Debug: (5) modsingle[authorize]: returned from eap (rlm_eap) for request 5 Fri Feb 27 11:48:44 2015 : Debug: (5) [eap] = ok Fri Feb 27 11:48:44 2015 : Debug: (5) } # authorize = ok Fri Feb 27 11:48:44 2015 : Debug: (5) Found Auth-Type = EAP Fri Feb 27 11:48:44 2015 : Debug: (5) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:48:44 2015 : Debug: (5) authenticate { Fri Feb 27 11:48:44 2015 : Debug: (5) modsingle[authenticate]: calling eap (rlm_eap) for request 5 Fri Feb 27 11:48:44 2015 : Debug: (5) eap: Expiring EAP session with state 0x43bc3b6947c722ae Fri Feb 27 11:48:44 2015 : Debug: (5) eap: Finished EAP session with state 0x43bc3b6947c722ae Fri Feb 27 11:48:44 2015 : Debug: (5) eap: Previous EAP request found for state 0x43bc3b6947c722ae, released from the list Fri Feb 27 11:48:44 2015 : Debug: (5) eap: Peer sent method PEAP (25) Fri Feb 27 11:48:44 2015 : Debug: (5) eap: EAP PEAP (25) Fri Feb 27 11:48:44 2015 : Debug: (5) eap: Calling eap_peap to process EAP data Fri Feb 27 11:48:44 2015 : Debug: (5) eap_peap: processing EAP-TLS Fri Feb 27 11:48:44 2015 : Debug: (5) eap_peap: Received TLS ACK Fri Feb 27 11:48:44 2015 : Debug: (5) eap_peap: Received TLS ACK Fri Feb 27 11:48:44 2015 : Debug: (5) eap_peap: ACK handshake is finished Fri Feb 27 11:48:44 2015 : Debug: (5) eap_peap: eaptls_verify returned 3 Fri Feb 27 11:48:44 2015 : Debug: (5) eap_peap: eaptls_process returned 3 Fri Feb 27 11:48:44 2015 : Debug: (5) eap_peap: FR_TLS_SUCCESS Fri Feb 27 11:48:44 2015 : Debug: (5) eap_peap: Session established. Decoding tunneled attributes Fri Feb 27 11:48:44 2015 : Debug: (5) eap_peap: PEAP state TUNNEL ESTABLISHED Fri Feb 27 11:48:44 2015 : Debug: (5) eap: EAP session adding &reply:State = 0x43bc3b6946c022ae Fri Feb 27 11:48:44 2015 : Debug: (5) modsingle[authenticate]: returned from eap (rlm_eap) for request 5 Fri Feb 27 11:48:44 2015 : Debug: (5) [eap] = handled Fri Feb 27 11:48:44 2015 : Debug: (5) } # authenticate = handled Fri Feb 27 11:48:44 2015 : Debug: (5) session-state: Nothing to cache Fri Feb 27 11:48:44 2015 : Debug: (5) Sent Access-Challenge Id 229 from 71.46.62.133:1812 to 24.94.145.173:50155 length 101 Fri Feb 27 11:48:44 2015 : Debug: (5) EAP-Message = 0x017c002b1900170301002007afa2959ac5a35ab7be1c21e6e25a0d6413eaf0677db7d0fe19697e5f250723 Fri Feb 27 11:48:44 2015 : Debug: (5) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:48:44 2015 : Debug: (5) State = 0x43bc3b6946c022ae11358de93389f275 Fri Feb 27 11:48:44 2015 : Debug: (5) Finished request Fri Feb 27 11:48:44 2015 : Debug: (6) Received Access-Request Id 230 from 24.94.145.173:50155 to 71.46.62.133:1812 length 265 Fri Feb 27 11:48:44 2015 : Debug: (6) User-Name = 'qaresdon' Fri Feb 27 11:48:44 2015 : Debug: (6) NAS-IP-Address = 24.94.145.173 Fri Feb 27 11:48:44 2015 : Debug: (6) NAS-Identifier = 'Ericsson' Fri Feb 27 11:48:44 2015 : Debug: (6) Called-Station-Id = '000d67218560:BHN_E_Secure' Fri Feb 27 11:48:44 2015 : Debug: (6) NAS-Port-Type = Wireless-802.11 Fri Feb 27 11:48:44 2015 : Debug: (6) NAS-Port = 0 Fri Feb 27 11:48:44 2015 : Debug: (6) Calling-Station-Id = 'e899c47233d8' Fri Feb 27 11:48:44 2015 : Debug: (6) Connect-Info = 'CONNECT 0Mbps 802.11b' Fri Feb 27 11:48:44 2015 : Debug: (6) Acct-Session-Id = '54ECEF48-00000185' Fri Feb 27 11:48:44 2015 : Debug: (6) Framed-MTU = 1400 Fri Feb 27 11:48:44 2015 : Debug: (6) EAP-Message = 0x027c0050190017030100204c14e44d14e786f23214914585acb1ff7210b2b406f0494d90b6bcb8bf089b6c17030100204d7cb98434e7e3b344376e1f72e94ba3feaff899d19fb679385e7b238feeaaed Fri Feb 27 11:48:44 2015 : Debug: (6) State = 0x43bc3b6946c022ae11358de93389f275 Fri Feb 27 11:48:44 2015 : Debug: (6) Message-Authenticator = 0xc8f4975baf27b73352f6bd5e238706b5 Fri Feb 27 11:48:44 2015 : Debug: (6) session-state: No cached attributes Fri Feb 27 11:48:44 2015 : Debug: (6) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:48:44 2015 : Debug: (6) authorize { Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) [preprocess] = ok Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authorize]: calling chap (rlm_chap) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authorize]: returned from chap (rlm_chap) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) [chap] = noop Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authorize]: calling mschap (rlm_mschap) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authorize]: returned from mschap (rlm_mschap) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) [mschap] = noop Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authorize]: calling digest (rlm_digest) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authorize]: returned from digest (rlm_digest) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) [digest] = noop Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authorize]: calling suffix (rlm_realm) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) suffix: Checking for suffix after "@" Fri Feb 27 11:48:44 2015 : Debug: (6) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL Fri Feb 27 11:48:44 2015 : Debug: (6) suffix: No such realm "NULL" Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authorize]: returned from suffix (rlm_realm) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) [suffix] = noop Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authorize]: calling eap (rlm_eap) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) eap: Peer sent code Response (2) ID 124 length 80 Fri Feb 27 11:48:44 2015 : Debug: (6) eap: Continuing tunnel setup Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authorize]: returned from eap (rlm_eap) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) [eap] = ok Fri Feb 27 11:48:44 2015 : Debug: (6) } # authorize = ok Fri Feb 27 11:48:44 2015 : Debug: (6) Found Auth-Type = EAP Fri Feb 27 11:48:44 2015 : Debug: (6) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:48:44 2015 : Debug: (6) authenticate { Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authenticate]: calling eap (rlm_eap) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) eap: Expiring EAP session with state 0x43bc3b6946c022ae Fri Feb 27 11:48:44 2015 : Debug: (6) eap: Finished EAP session with state 0x43bc3b6946c022ae Fri Feb 27 11:48:44 2015 : Debug: (6) eap: Previous EAP request found for state 0x43bc3b6946c022ae, released from the list Fri Feb 27 11:48:44 2015 : Debug: (6) eap: Peer sent method PEAP (25) Fri Feb 27 11:48:44 2015 : Debug: (6) eap: EAP PEAP (25) Fri Feb 27 11:48:44 2015 : Debug: (6) eap: Calling eap_peap to process EAP data Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: processing EAP-TLS Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: eaptls_verify returned 7 Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: Done initial handshake Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: eaptls_process returned 7 Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: FR_TLS_OK Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: Session established. Decoding tunneled attributes Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: PEAP state WAITING FOR INNER IDENTITY Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: Identity - qaresdon Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: Got inner identity 'qaresdon' Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: Setting default EAP type for tunneled EAP session Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: Got tunneled request Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: EAP-Message = 0x027c000d017161726573646f6e Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: Setting User-Name to qaresdon Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: Sending tunneled request to inner-tunnel Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: EAP-Message = 0x027c000d017161726573646f6e Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: User-Name = 'qaresdon' Fri Feb 27 11:48:44 2015 : Debug: (6) Virtual server received request Fri Feb 27 11:48:44 2015 : Debug: (6) EAP-Message = 0x027c000d017161726573646f6e Fri Feb 27 11:48:44 2015 : Debug: (6) FreeRADIUS-Proxied-To = 127.0.0.1 Fri Feb 27 11:48:44 2015 : Debug: (6) User-Name = 'qaresdon' Fri Feb 27 11:48:44 2015 : Debug: (6) server inner-tunnel { Fri Feb 27 11:48:44 2015 : Debug: (6) session-state: No State attribute Fri Feb 27 11:48:44 2015 : Debug: (6) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Feb 27 11:48:44 2015 : Debug: (6) authorize { Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authorize]: calling suffix (rlm_realm) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) suffix: Checking for suffix after "@" Fri Feb 27 11:48:44 2015 : Debug: (6) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL Fri Feb 27 11:48:44 2015 : Debug: (6) suffix: No such realm "NULL" Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authorize]: returned from suffix (rlm_realm) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) [suffix] = noop Fri Feb 27 11:48:44 2015 : Debug: (6) update control { Fri Feb 27 11:48:44 2015 : Debug: (6) &Proxy-To-Realm := 'LOCAL' Fri Feb 27 11:48:44 2015 : Debug: (6) } # update control = noop Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authorize]: calling files (rlm_files) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authorize]: returned from files (rlm_files) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) [files] = noop Fri Feb 27 11:48:44 2015 : Debug: (6) update control { Fri Feb 27 11:48:44 2015 : Debug: (6) Cache-Status-Only = yes Fri Feb 27 11:48:44 2015 : Debug: (6) } # update control = noop Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authorize]: calling cache (rlm_cache) for request 6 Fri Feb 27 11:48:44 2015 : Debug: %{User-Name}%{outer.request:Calling-Station-Id} Fri Feb 27 11:48:44 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:48:44 2015 : Debug: attribute --> User-Name Fri Feb 27 11:48:44 2015 : Debug: attribute --> Calling-Station-Id Fri Feb 27 11:48:44 2015 : Debug: (6) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id} Fri Feb 27 11:48:44 2015 : Debug: (6) cache: --> qaresdone899c47233d8 Fri Feb 27 11:48:44 2015 : Debug: (6) cache: Mutex acquired Fri Feb 27 11:48:44 2015 : Debug: (6) cache: No cache entry found for "qaresdone899c47233d8" Fri Feb 27 11:48:44 2015 : Debug: (6) cache: Mutex released Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authorize]: returned from cache (rlm_cache) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) [cache] = notfound Fri Feb 27 11:48:44 2015 : Debug: (6) if (notfound) { Fri Feb 27 11:48:44 2015 : Debug: (6) if (notfound) -> TRUE Fri Feb 27 11:48:44 2015 : Debug: (6) if (notfound) { Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authorize]: calling ldap (rlm_ldap) for request 6 Fri Feb 27 11:48:44 2015 : Debug: rlm_ldap (ldap): Reserved connection (4) Fri Feb 27 11:48:44 2015 : Debug: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) Fri Feb 27 11:48:44 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:48:44 2015 : Debug: literal --> (uid= Fri Feb 27 11:48:44 2015 : Debug: if { Fri Feb 27 11:48:44 2015 : Debug: attribute --> Stripped-User-Name Fri Feb 27 11:48:44 2015 : Debug: } Fri Feb 27 11:48:44 2015 : Debug: else { Fri Feb 27 11:48:44 2015 : Debug: attribute --> User-Name Fri Feb 27 11:48:44 2015 : Debug: } Fri Feb 27 11:48:44 2015 : Debug: literal --> ) Fri Feb 27 11:48:44 2015 : Debug: (6) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) Fri Feb 27 11:48:44 2015 : Debug: (6) ldap: --> (uid=qaresdon) Fri Feb 27 11:48:44 2015 : Debug: ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:48:44 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:48:44 2015 : Debug: literal --> ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:48:44 2015 : Debug: (6) ldap: EXPAND ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:48:44 2015 : Debug: (6) ldap: --> ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:48:44 2015 : Debug: (6) ldap: Performing search in 'ou=Customers,dc=brighthouse,dc=com' with filter '(uid=qaresdon)', scope 'sub' Fri Feb 27 11:48:44 2015 : Debug: (6) ldap: Waiting for search result... Fri Feb 27 11:48:44 2015 : Debug: (6) ldap: User object found at DN "rrCustomerID=A6398B1D-9057-4873-B13F-E41B1808B52A,ou=18,ou=Customers,dc=brighthouse,dc=com" Fri Feb 27 11:48:44 2015 : Debug: (6) ldap: Added eDirectory password. control:Cleartext-Password += 'xxxxxxxxx' Fri Feb 27 11:48:44 2015 : Debug: rlm_ldap (ldap): Released connection (4) Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authorize]: returned from ldap (rlm_ldap) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) [ldap] = ok Fri Feb 27 11:48:44 2015 : Debug: (6) } # if (notfound) = ok Fri Feb 27 11:48:44 2015 : Debug: (6) ... skipping else for request 6: Preceding "if" was taken Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authorize]: calling eap (rlm_eap) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) eap: Peer sent code Response (2) ID 124 length 13 Fri Feb 27 11:48:44 2015 : Debug: (6) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authorize]: returned from eap (rlm_eap) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) [eap] = ok Fri Feb 27 11:48:44 2015 : Debug: (6) } # authorize = ok Fri Feb 27 11:48:44 2015 : Debug: (6) Found Auth-Type = EAP Fri Feb 27 11:48:44 2015 : Debug: (6) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Feb 27 11:48:44 2015 : Debug: (6) authenticate { Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authenticate]: calling eap (rlm_eap) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) eap: Peer sent method Identity (1) Fri Feb 27 11:48:44 2015 : Debug: (6) eap: Calling eap_mschapv2 to process EAP data Fri Feb 27 11:48:44 2015 : Debug: (6) eap_mschapv2: Issuing Challenge Fri Feb 27 11:48:44 2015 : Debug: (6) eap: EAP session adding &reply:State = 0x6b88392f6bf52321 Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authenticate]: returned from eap (rlm_eap) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) [eap] = handled Fri Feb 27 11:48:44 2015 : Debug: (6) } # authenticate = handled Fri Feb 27 11:48:44 2015 : Debug: (6) session-state: Nothing to cache Fri Feb 27 11:48:44 2015 : Debug: (6) } # server inner-tunnel Fri Feb 27 11:48:44 2015 : Debug: (6) Virtual server sending reply Fri Feb 27 11:48:44 2015 : Debug: (6) EAP-Message = 0x017d00221a017d001d10fbfbbf8ba4b1db205dcc5219e907e91f7161726573646f6e Fri Feb 27 11:48:44 2015 : Debug: (6) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:48:44 2015 : Debug: (6) State = 0x6b88392f6bf5232156f28677d6cf42f4 Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: Got tunneled reply code 11 Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: EAP-Message = 0x017d00221a017d001d10fbfbbf8ba4b1db205dcc5219e907e91f7161726573646f6e Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: State = 0x6b88392f6bf5232156f28677d6cf42f4 Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: Got tunneled reply RADIUS code 11 Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: EAP-Message = 0x017d00221a017d001d10fbfbbf8ba4b1db205dcc5219e907e91f7161726573646f6e Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: State = 0x6b88392f6bf5232156f28677d6cf42f4 Fri Feb 27 11:48:44 2015 : Debug: (6) eap_peap: Got tunneled Access-Challenge Fri Feb 27 11:48:44 2015 : Debug: (6) eap: EAP session adding &reply:State = 0x43bc3b6945c122ae Fri Feb 27 11:48:44 2015 : Debug: (6) modsingle[authenticate]: returned from eap (rlm_eap) for request 6 Fri Feb 27 11:48:44 2015 : Debug: (6) [eap] = handled Fri Feb 27 11:48:44 2015 : Debug: (6) } # authenticate = handled Fri Feb 27 11:48:44 2015 : Debug: (6) session-state: Nothing to cache Fri Feb 27 11:48:44 2015 : Debug: (6) Sent Access-Challenge Id 230 from 71.46.62.133:1812 to 24.94.145.173:50155 length 133 Fri Feb 27 11:48:44 2015 : Debug: (6) EAP-Message = 0x017d004b190017030100403dcc9aa3a1008804f371755d196e3ee3506abdd0a53d8ba83fb250e40f9cfde61b5591c899ff06286cc78c1be57fb3e0fded46cb3dc961d2ab1fe7466a171b46 Fri Feb 27 11:48:44 2015 : Debug: (6) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:48:44 2015 : Debug: (6) State = 0x43bc3b6945c122ae11358de93389f275 Fri Feb 27 11:48:44 2015 : Debug: (6) Finished request Fri Feb 27 11:48:44 2015 : Debug: Waking up in 0.1 seconds. Fri Feb 27 11:48:44 2015 : Debug: (7) Received Access-Request Id 231 from 24.94.145.173:50155 to 71.46.62.133:1812 length 329 Fri Feb 27 11:48:44 2015 : Debug: (7) User-Name = 'qaresdon' Fri Feb 27 11:48:44 2015 : Debug: (7) NAS-IP-Address = 24.94.145.173 Fri Feb 27 11:48:44 2015 : Debug: (7) NAS-Identifier = 'Ericsson' Fri Feb 27 11:48:44 2015 : Debug: (7) Called-Station-Id = '000d67218560:BHN_E_Secure' Fri Feb 27 11:48:44 2015 : Debug: (7) NAS-Port-Type = Wireless-802.11 Fri Feb 27 11:48:44 2015 : Debug: (7) NAS-Port = 0 Fri Feb 27 11:48:44 2015 : Debug: (7) Calling-Station-Id = 'e899c47233d8' Fri Feb 27 11:48:44 2015 : Debug: (7) Connect-Info = 'CONNECT 0Mbps 802.11b' Fri Feb 27 11:48:44 2015 : Debug: (7) Acct-Session-Id = '54ECEF48-00000185' Fri Feb 27 11:48:44 2015 : Debug: (7) Framed-MTU = 1400 Fri Feb 27 11:48:44 2015 : Debug: (7) EAP-Message = 0x027d00901900170301002028b62386607152c2ee4e621bbbe67318a10319d55f50790b823ade126586647317030100606c0b54a6dbec65d6f822482e20fa62f3a00532a86daa88d7c607fbfb16b7337d01b2277c026dda0cdcd1898e0dd01fc6df09786f9daff0d5f6945feb2252b0968995a8d7d21f95 Fri Feb 27 11:48:44 2015 : Debug: (7) State = 0x43bc3b6945c122ae11358de93389f275 Fri Feb 27 11:48:44 2015 : Debug: (7) Message-Authenticator = 0x7545a7d9ea81e6116bbbbd401a5b6537 Fri Feb 27 11:48:44 2015 : Debug: (7) session-state: No cached attributes Fri Feb 27 11:48:44 2015 : Debug: (7) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:48:44 2015 : Debug: (7) authorize { Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) [preprocess] = ok Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: calling chap (rlm_chap) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: returned from chap (rlm_chap) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) [chap] = noop Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: calling mschap (rlm_mschap) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: returned from mschap (rlm_mschap) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) [mschap] = noop Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: calling digest (rlm_digest) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: returned from digest (rlm_digest) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) [digest] = noop Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: calling suffix (rlm_realm) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) suffix: Checking for suffix after "@" Fri Feb 27 11:48:44 2015 : Debug: (7) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL Fri Feb 27 11:48:44 2015 : Debug: (7) suffix: No such realm "NULL" Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: returned from suffix (rlm_realm) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) [suffix] = noop Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: calling eap (rlm_eap) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) eap: Peer sent code Response (2) ID 125 length 144 Fri Feb 27 11:48:44 2015 : Debug: (7) eap: Continuing tunnel setup Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: returned from eap (rlm_eap) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) [eap] = ok Fri Feb 27 11:48:44 2015 : Debug: (7) } # authorize = ok Fri Feb 27 11:48:44 2015 : Debug: (7) Found Auth-Type = EAP Fri Feb 27 11:48:44 2015 : Debug: (7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:48:44 2015 : Debug: (7) authenticate { Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authenticate]: calling eap (rlm_eap) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) eap: Expiring EAP session with state 0x6b88392f6bf52321 Fri Feb 27 11:48:44 2015 : Debug: (7) eap: Finished EAP session with state 0x43bc3b6945c122ae Fri Feb 27 11:48:44 2015 : Debug: (7) eap: Previous EAP request found for state 0x43bc3b6945c122ae, released from the list Fri Feb 27 11:48:44 2015 : Debug: (7) eap: Peer sent method PEAP (25) Fri Feb 27 11:48:44 2015 : Debug: (7) eap: EAP PEAP (25) Fri Feb 27 11:48:44 2015 : Debug: (7) eap: Calling eap_peap to process EAP data Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: processing EAP-TLS Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: eaptls_verify returned 7 Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: Done initial handshake Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: eaptls_process returned 7 Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: FR_TLS_OK Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: Session established. Decoding tunneled attributes Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: PEAP state phase2 Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: EAP type MSCHAPv2 (26) Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: Got tunneled request Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: EAP-Message = 0x027d00431a027d003e31e9285a78d42e3a93726ee1bbf6e3535f00000000000000001bc3e5cd456bb9130ca8c059f9b20edc266084fd17d2fc35007161726573646f6e Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: Setting User-Name to qaresdon Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: Sending tunneled request to inner-tunnel Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: EAP-Message = 0x027d00431a027d003e31e9285a78d42e3a93726ee1bbf6e3535f00000000000000001bc3e5cd456bb9130ca8c059f9b20edc266084fd17d2fc35007161726573646f6e Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: User-Name = 'qaresdon' Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: State = 0x6b88392f6bf5232156f28677d6cf42f4 Fri Feb 27 11:48:44 2015 : Debug: (7) Virtual server received request Fri Feb 27 11:48:44 2015 : Debug: (7) EAP-Message = 0x027d00431a027d003e31e9285a78d42e3a93726ee1bbf6e3535f00000000000000001bc3e5cd456bb9130ca8c059f9b20edc266084fd17d2fc35007161726573646f6e Fri Feb 27 11:48:44 2015 : Debug: (7) FreeRADIUS-Proxied-To = 127.0.0.1 Fri Feb 27 11:48:44 2015 : Debug: (7) User-Name = 'qaresdon' Fri Feb 27 11:48:44 2015 : Debug: (7) State = 0x6b88392f6bf5232156f28677d6cf42f4 Fri Feb 27 11:48:44 2015 : Debug: (7) server inner-tunnel { Fri Feb 27 11:48:44 2015 : Debug: (7) session-state: No cached attributes Fri Feb 27 11:48:44 2015 : Debug: (7) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Feb 27 11:48:44 2015 : Debug: (7) authorize { Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: calling suffix (rlm_realm) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) suffix: Checking for suffix after "@" Fri Feb 27 11:48:44 2015 : Debug: (7) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL Fri Feb 27 11:48:44 2015 : Debug: (7) suffix: No such realm "NULL" Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: returned from suffix (rlm_realm) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) [suffix] = noop Fri Feb 27 11:48:44 2015 : Debug: (7) update control { Fri Feb 27 11:48:44 2015 : Debug: (7) &Proxy-To-Realm := 'LOCAL' Fri Feb 27 11:48:44 2015 : Debug: (7) } # update control = noop Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: calling files (rlm_files) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: returned from files (rlm_files) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) [files] = noop Fri Feb 27 11:48:44 2015 : Debug: (7) update control { Fri Feb 27 11:48:44 2015 : Debug: (7) Cache-Status-Only = yes Fri Feb 27 11:48:44 2015 : Debug: (7) } # update control = noop Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: calling cache (rlm_cache) for request 7 Fri Feb 27 11:48:44 2015 : Debug: %{User-Name}%{outer.request:Calling-Station-Id} Fri Feb 27 11:48:44 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:48:44 2015 : Debug: attribute --> User-Name Fri Feb 27 11:48:44 2015 : Debug: attribute --> Calling-Station-Id Fri Feb 27 11:48:44 2015 : Debug: (7) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id} Fri Feb 27 11:48:44 2015 : Debug: (7) cache: --> qaresdone899c47233d8 Fri Feb 27 11:48:44 2015 : Debug: (7) cache: Mutex acquired Fri Feb 27 11:48:44 2015 : Debug: (7) cache: No cache entry found for "qaresdone899c47233d8" Fri Feb 27 11:48:44 2015 : Debug: (7) cache: Mutex released Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: returned from cache (rlm_cache) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) [cache] = notfound Fri Feb 27 11:48:44 2015 : Debug: (7) if (notfound) { Fri Feb 27 11:48:44 2015 : Debug: (7) if (notfound) -> TRUE Fri Feb 27 11:48:44 2015 : Debug: (7) if (notfound) { Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: calling ldap (rlm_ldap) for request 7 Fri Feb 27 11:48:44 2015 : Debug: rlm_ldap (ldap): Reserved connection (4) Fri Feb 27 11:48:44 2015 : Debug: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) Fri Feb 27 11:48:44 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:48:44 2015 : Debug: literal --> (uid= Fri Feb 27 11:48:44 2015 : Debug: if { Fri Feb 27 11:48:44 2015 : Debug: attribute --> Stripped-User-Name Fri Feb 27 11:48:44 2015 : Debug: } Fri Feb 27 11:48:44 2015 : Debug: else { Fri Feb 27 11:48:44 2015 : Debug: attribute --> User-Name Fri Feb 27 11:48:44 2015 : Debug: } Fri Feb 27 11:48:44 2015 : Debug: literal --> ) Fri Feb 27 11:48:44 2015 : Debug: (7) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) Fri Feb 27 11:48:44 2015 : Debug: (7) ldap: --> (uid=qaresdon) Fri Feb 27 11:48:44 2015 : Debug: ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:48:44 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:48:44 2015 : Debug: literal --> ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:48:44 2015 : Debug: (7) ldap: EXPAND ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:48:44 2015 : Debug: (7) ldap: --> ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:48:44 2015 : Debug: (7) ldap: Performing search in 'ou=Customers,dc=brighthouse,dc=com' with filter '(uid=qaresdon)', scope 'sub' Fri Feb 27 11:48:44 2015 : Debug: (7) ldap: Waiting for search result... Fri Feb 27 11:48:44 2015 : Debug: (7) ldap: User object found at DN "rrCustomerID=A6398B1D-9057-4873-B13F-E41B1808B52A,ou=18,ou=Customers,dc=brighthouse,dc=com" Fri Feb 27 11:48:44 2015 : Debug: (7) ldap: Added eDirectory password. control:Cleartext-Password += xxxxxxxxx' Fri Feb 27 11:48:44 2015 : Debug: rlm_ldap (ldap): Released connection (4) Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: returned from ldap (rlm_ldap) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) [ldap] = ok Fri Feb 27 11:48:44 2015 : Debug: (7) } # if (notfound) = ok Fri Feb 27 11:48:44 2015 : Debug: (7) ... skipping else for request 7: Preceding "if" was taken Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: calling eap (rlm_eap) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) eap: Peer sent code Response (2) ID 125 length 67 Fri Feb 27 11:48:44 2015 : Debug: (7) eap: No EAP Start, assuming it's an on-going EAP conversation Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: returned from eap (rlm_eap) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) [eap] = updated Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: calling mschap (rlm_mschap) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: returned from mschap (rlm_mschap) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) [mschap] = noop Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: calling expiration (rlm_expiration) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: returned from expiration (rlm_expiration) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) [expiration] = noop Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: calling logintime (rlm_logintime) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authorize]: returned from logintime (rlm_logintime) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) [logintime] = noop Fri Feb 27 11:48:44 2015 : Debug: (7) } # authorize = updated Fri Feb 27 11:48:44 2015 : Debug: (7) Found Auth-Type = EAP Fri Feb 27 11:48:44 2015 : Debug: (7) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Feb 27 11:48:44 2015 : Debug: (7) authenticate { Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authenticate]: calling eap (rlm_eap) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) eap: Expiring EAP session with state 0x6b88392f6bf52321 Fri Feb 27 11:48:44 2015 : Debug: (7) eap: Finished EAP session with state 0x6b88392f6bf52321 Fri Feb 27 11:48:44 2015 : Debug: (7) eap: Previous EAP request found for state 0x6b88392f6bf52321, released from the list Fri Feb 27 11:48:44 2015 : Debug: (7) eap: Peer sent method MSCHAPv2 (26) Fri Feb 27 11:48:44 2015 : Debug: (7) eap: EAP MSCHAPv2 (26) Fri Feb 27 11:48:44 2015 : Debug: (7) eap: Calling eap_mschapv2 to process EAP data Fri Feb 27 11:48:44 2015 : Debug: (7) eap_mschapv2: # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Feb 27 11:48:44 2015 : Debug: (7) eap_mschapv2: Auth-Type MS-CHAP { Fri Feb 27 11:48:44 2015 : Debug: (7) eap_mschapv2: modsingle[authenticate]: calling mschap (rlm_mschap) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) mschap: Found Cleartext-Password, hashing to create NT-Password Fri Feb 27 11:48:44 2015 : Debug: (7) mschap: Found Cleartext-Password, hashing to create LM-Password Fri Feb 27 11:48:44 2015 : Debug: (7) mschap: Creating challenge hash with username: qaresdon Fri Feb 27 11:48:44 2015 : Debug: (7) mschap: Client is using MS-CHAPv2 Fri Feb 27 11:48:44 2015 : Debug: (7) mschap: Adding MS-CHAPv2 MPPE keys Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authenticate]: returned from mschap (rlm_mschap) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) [mschap] = ok Fri Feb 27 11:48:44 2015 : Debug: (7) } # Auth-Type MS-CHAP = ok Fri Feb 27 11:48:44 2015 : Debug: MSCHAP Success Fri Feb 27 11:48:44 2015 : Debug: (7) eap: EAP session adding &reply:State = 0x6b88392f6af62321 Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authenticate]: returned from eap (rlm_eap) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) [eap] = handled Fri Feb 27 11:48:44 2015 : Debug: (7) } # authenticate = handled Fri Feb 27 11:48:44 2015 : Debug: (7) session-state: Nothing to cache Fri Feb 27 11:48:44 2015 : Debug: (7) } # server inner-tunnel Fri Feb 27 11:48:44 2015 : Debug: (7) Virtual server sending reply Fri Feb 27 11:48:44 2015 : Debug: (7) EAP-Message = 0x017e00331a037d002e533d35414646464342363839433035393834453941344330454241343939354442343842303746423330 Fri Feb 27 11:48:44 2015 : Debug: (7) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:48:44 2015 : Debug: (7) State = 0x6b88392f6af6232156f28677d6cf42f4 Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: Got tunneled reply code 11 Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: EAP-Message = 0x017e00331a037d002e533d35414646464342363839433035393834453941344330454241343939354442343842303746423330 Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: State = 0x6b88392f6af6232156f28677d6cf42f4 Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: Got tunneled reply RADIUS code 11 Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: EAP-Message = 0x017e00331a037d002e533d35414646464342363839433035393834453941344330454241343939354442343842303746423330 Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: State = 0x6b88392f6af6232156f28677d6cf42f4 Fri Feb 27 11:48:44 2015 : Debug: (7) eap_peap: Got tunneled Access-Challenge Fri Feb 27 11:48:44 2015 : Debug: (7) eap: EAP session adding &reply:State = 0x43bc3b6944c222ae Fri Feb 27 11:48:44 2015 : Debug: (7) modsingle[authenticate]: returned from eap (rlm_eap) for request 7 Fri Feb 27 11:48:44 2015 : Debug: (7) [eap] = handled Fri Feb 27 11:48:44 2015 : Debug: (7) } # authenticate = handled Fri Feb 27 11:48:44 2015 : Debug: (7) session-state: Nothing to cache Fri Feb 27 11:48:44 2015 : Debug: (7) Sent Access-Challenge Id 231 from 71.46.62.133:1812 to 24.94.145.173:50155 length 149 Fri Feb 27 11:48:44 2015 : Debug: (7) EAP-Message = 0x017e005b190017030100506f8c0fad2c150493f6f8f759190e77949efcaf4d1eb9491b591127034df269b255fb7607e16850bb9aea522c4c27833281217b4d32d2b3adf6f93b0be1da43add5ee8762da31eaa872c6dc0f32282b8a Fri Feb 27 11:48:44 2015 : Debug: (7) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:48:44 2015 : Debug: (7) State = 0x43bc3b6944c222ae11358de93389f275 Fri Feb 27 11:48:44 2015 : Debug: (7) Finished request Fri Feb 27 11:48:44 2015 : Debug: (8) Received Access-Request Id 232 from 24.94.145.173:50155 to 71.46.62.133:1812 length 265 Fri Feb 27 11:48:44 2015 : Debug: (8) User-Name = 'qaresdon' Fri Feb 27 11:48:44 2015 : Debug: (8) NAS-IP-Address = 24.94.145.173 Fri Feb 27 11:48:44 2015 : Debug: (8) NAS-Identifier = 'Ericsson' Fri Feb 27 11:48:44 2015 : Debug: (8) Called-Station-Id = '000d67218560:BHN_E_Secure' Fri Feb 27 11:48:44 2015 : Debug: (8) NAS-Port-Type = Wireless-802.11 Fri Feb 27 11:48:44 2015 : Debug: (8) NAS-Port = 0 Fri Feb 27 11:48:44 2015 : Debug: (8) Calling-Station-Id = 'e899c47233d8' Fri Feb 27 11:48:44 2015 : Debug: (8) Connect-Info = 'CONNECT 0Mbps 802.11b' Fri Feb 27 11:48:44 2015 : Debug: (8) Acct-Session-Id = '54ECEF48-00000185' Fri Feb 27 11:48:44 2015 : Debug: (8) Framed-MTU = 1400 Fri Feb 27 11:48:44 2015 : Debug: (8) EAP-Message = 0x027e005019001703010020a950bd75dc6307af1141c1662042728c039dbdb7a3f447e708efdaf6a9d4e27a1703010020d2a93caa71b032db036e214d9e1bb7cbd0f0ea7a13d755f73534e81ca4895dd5 Fri Feb 27 11:48:44 2015 : Debug: (8) State = 0x43bc3b6944c222ae11358de93389f275 Fri Feb 27 11:48:44 2015 : Debug: (8) Message-Authenticator = 0x338b376fcc47f2c2c65739ee6043e0f3 Fri Feb 27 11:48:44 2015 : Debug: (8) session-state: No cached attributes Fri Feb 27 11:48:44 2015 : Debug: (8) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:48:44 2015 : Debug: (8) authorize { Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) [preprocess] = ok Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: calling chap (rlm_chap) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: returned from chap (rlm_chap) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) [chap] = noop Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: calling mschap (rlm_mschap) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: returned from mschap (rlm_mschap) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) [mschap] = noop Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: calling digest (rlm_digest) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: returned from digest (rlm_digest) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) [digest] = noop Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: calling suffix (rlm_realm) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) suffix: Checking for suffix after "@" Fri Feb 27 11:48:44 2015 : Debug: (8) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL Fri Feb 27 11:48:44 2015 : Debug: (8) suffix: No such realm "NULL" Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: returned from suffix (rlm_realm) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) [suffix] = noop Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: calling eap (rlm_eap) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) eap: Peer sent code Response (2) ID 126 length 80 Fri Feb 27 11:48:44 2015 : Debug: (8) eap: Continuing tunnel setup Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: returned from eap (rlm_eap) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) [eap] = ok Fri Feb 27 11:48:44 2015 : Debug: (8) } # authorize = ok Fri Feb 27 11:48:44 2015 : Debug: (8) Found Auth-Type = EAP Fri Feb 27 11:48:44 2015 : Debug: (8) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:48:44 2015 : Debug: (8) authenticate { Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authenticate]: calling eap (rlm_eap) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) eap: Expiring EAP session with state 0x6b88392f6af62321 Fri Feb 27 11:48:44 2015 : Debug: (8) eap: Finished EAP session with state 0x43bc3b6944c222ae Fri Feb 27 11:48:44 2015 : Debug: (8) eap: Previous EAP request found for state 0x43bc3b6944c222ae, released from the list Fri Feb 27 11:48:44 2015 : Debug: (8) eap: Peer sent method PEAP (25) Fri Feb 27 11:48:44 2015 : Debug: (8) eap: EAP PEAP (25) Fri Feb 27 11:48:44 2015 : Debug: (8) eap: Calling eap_peap to process EAP data Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: processing EAP-TLS Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: eaptls_verify returned 7 Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: Done initial handshake Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: eaptls_process returned 7 Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: FR_TLS_OK Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: Session established. Decoding tunneled attributes Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: PEAP state phase2 Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: EAP type MSCHAPv2 (26) Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: Got tunneled request Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: EAP-Message = 0x027e00061a03 Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: Setting User-Name to qaresdon Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: Sending tunneled request to inner-tunnel Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: EAP-Message = 0x027e00061a03 Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: User-Name = 'qaresdon' Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: State = 0x6b88392f6af6232156f28677d6cf42f4 Fri Feb 27 11:48:44 2015 : Debug: (8) Virtual server received request Fri Feb 27 11:48:44 2015 : Debug: (8) EAP-Message = 0x027e00061a03 Fri Feb 27 11:48:44 2015 : Debug: (8) FreeRADIUS-Proxied-To = 127.0.0.1 Fri Feb 27 11:48:44 2015 : Debug: (8) User-Name = 'qaresdon' Fri Feb 27 11:48:44 2015 : Debug: (8) State = 0x6b88392f6af6232156f28677d6cf42f4 Fri Feb 27 11:48:44 2015 : Debug: (8) server inner-tunnel { Fri Feb 27 11:48:44 2015 : Debug: (8) session-state: No cached attributes Fri Feb 27 11:48:44 2015 : Debug: (8) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Feb 27 11:48:44 2015 : Debug: (8) authorize { Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: calling suffix (rlm_realm) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) suffix: Checking for suffix after "@" Fri Feb 27 11:48:44 2015 : Debug: (8) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL Fri Feb 27 11:48:44 2015 : Debug: (8) suffix: No such realm "NULL" Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: returned from suffix (rlm_realm) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) [suffix] = noop Fri Feb 27 11:48:44 2015 : Debug: (8) update control { Fri Feb 27 11:48:44 2015 : Debug: (8) &Proxy-To-Realm := 'LOCAL' Fri Feb 27 11:48:44 2015 : Debug: (8) } # update control = noop Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: calling files (rlm_files) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: returned from files (rlm_files) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) [files] = noop Fri Feb 27 11:48:44 2015 : Debug: (8) update control { Fri Feb 27 11:48:44 2015 : Debug: (8) Cache-Status-Only = yes Fri Feb 27 11:48:44 2015 : Debug: (8) } # update control = noop Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: calling cache (rlm_cache) for request 8 Fri Feb 27 11:48:44 2015 : Debug: %{User-Name}%{outer.request:Calling-Station-Id} Fri Feb 27 11:48:44 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:48:44 2015 : Debug: attribute --> User-Name Fri Feb 27 11:48:44 2015 : Debug: attribute --> Calling-Station-Id Fri Feb 27 11:48:44 2015 : Debug: (8) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id} Fri Feb 27 11:48:44 2015 : Debug: (8) cache: --> qaresdone899c47233d8 Fri Feb 27 11:48:44 2015 : Debug: (8) cache: Mutex acquired Fri Feb 27 11:48:44 2015 : Debug: (8) cache: No cache entry found for "qaresdone899c47233d8" Fri Feb 27 11:48:44 2015 : Debug: (8) cache: Mutex released Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: returned from cache (rlm_cache) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) [cache] = notfound Fri Feb 27 11:48:44 2015 : Debug: (8) if (notfound) { Fri Feb 27 11:48:44 2015 : Debug: (8) if (notfound) -> TRUE Fri Feb 27 11:48:44 2015 : Debug: (8) if (notfound) { Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: calling ldap (rlm_ldap) for request 8 Fri Feb 27 11:48:44 2015 : Debug: rlm_ldap (ldap): Reserved connection (4) Fri Feb 27 11:48:44 2015 : Debug: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) Fri Feb 27 11:48:44 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:48:44 2015 : Debug: literal --> (uid= Fri Feb 27 11:48:44 2015 : Debug: if { Fri Feb 27 11:48:44 2015 : Debug: attribute --> Stripped-User-Name Fri Feb 27 11:48:44 2015 : Debug: } Fri Feb 27 11:48:44 2015 : Debug: else { Fri Feb 27 11:48:44 2015 : Debug: attribute --> User-Name Fri Feb 27 11:48:44 2015 : Debug: } Fri Feb 27 11:48:44 2015 : Debug: literal --> ) Fri Feb 27 11:48:44 2015 : Debug: (8) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) Fri Feb 27 11:48:44 2015 : Debug: (8) ldap: --> (uid=qaresdon) Fri Feb 27 11:48:44 2015 : Debug: ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:48:44 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:48:44 2015 : Debug: literal --> ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:48:44 2015 : Debug: (8) ldap: EXPAND ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:48:44 2015 : Debug: (8) ldap: --> ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:48:44 2015 : Debug: (8) ldap: Performing search in 'ou=Customers,dc=brighthouse,dc=com' with filter '(uid=qaresdon)', scope 'sub' Fri Feb 27 11:48:44 2015 : Debug: (8) ldap: Waiting for search result... Fri Feb 27 11:48:44 2015 : Debug: (8) ldap: User object found at DN "rrCustomerID=A6398B1D-9057-4873-B13F-E41B1808B52A,ou=18,ou=Customers,dc=brighthouse,dc=com" Fri Feb 27 11:48:44 2015 : Debug: (8) ldap: Added eDirectory password. control:Cleartext-Password += 'xxxxxxxxx' Fri Feb 27 11:48:44 2015 : Debug: rlm_ldap (ldap): Released connection (4) Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: returned from ldap (rlm_ldap) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) [ldap] = ok Fri Feb 27 11:48:44 2015 : Debug: (8) } # if (notfound) = ok Fri Feb 27 11:48:44 2015 : Debug: (8) ... skipping else for request 8: Preceding "if" was taken Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: calling eap (rlm_eap) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) eap: Peer sent code Response (2) ID 126 length 6 Fri Feb 27 11:48:44 2015 : Debug: (8) eap: No EAP Start, assuming it's an on-going EAP conversation Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: returned from eap (rlm_eap) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) [eap] = updated Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: calling mschap (rlm_mschap) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: returned from mschap (rlm_mschap) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) [mschap] = noop Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: calling expiration (rlm_expiration) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: returned from expiration (rlm_expiration) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) [expiration] = noop Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: calling logintime (rlm_logintime) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authorize]: returned from logintime (rlm_logintime) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) [logintime] = noop Fri Feb 27 11:48:44 2015 : Debug: (8) } # authorize = updated Fri Feb 27 11:48:44 2015 : Debug: (8) Found Auth-Type = EAP Fri Feb 27 11:48:44 2015 : Debug: (8) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Feb 27 11:48:44 2015 : Debug: (8) authenticate { Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authenticate]: calling eap (rlm_eap) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) eap: Expiring EAP session with state 0x6b88392f6af62321 Fri Feb 27 11:48:44 2015 : Debug: (8) eap: Finished EAP session with state 0x6b88392f6af62321 Fri Feb 27 11:48:44 2015 : Debug: (8) eap: Previous EAP request found for state 0x6b88392f6af62321, released from the list Fri Feb 27 11:48:44 2015 : Debug: (8) eap: Peer sent method MSCHAPv2 (26) Fri Feb 27 11:48:44 2015 : Debug: (8) eap: EAP MSCHAPv2 (26) Fri Feb 27 11:48:44 2015 : Debug: (8) eap: Calling eap_mschapv2 to process EAP data Fri Feb 27 11:48:44 2015 : Debug: (8) eap: Freeing handler Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authenticate]: returned from eap (rlm_eap) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) [eap] = ok Fri Feb 27 11:48:44 2015 : Debug: (8) } # authenticate = ok Fri Feb 27 11:48:44 2015 : Debug: (8) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Feb 27 11:48:44 2015 : Debug: (8) post-auth { Fri Feb 27 11:48:44 2015 : Debug: (8) policy cui-inner.post-auth { Fri Feb 27 11:48:44 2015 : Debug: (8) if (&outer.request:Chargeable-User-Identity && (&outer.request:Operator-Name || ('no' != 'yes'))) { Fri Feb 27 11:48:44 2015 : Debug: (8) if (&outer.request:Chargeable-User-Identity && (&outer.request:Operator-Name || ('no' != 'yes'))) -> FALSE Fri Feb 27 11:48:44 2015 : Debug: (8) } # policy cui-inner.post-auth = noop Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[post-auth]: calling cache (rlm_cache) for request 8 Fri Feb 27 11:48:44 2015 : Debug: %{User-Name}%{outer.request:Calling-Station-Id} Fri Feb 27 11:48:44 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:48:44 2015 : Debug: attribute --> User-Name Fri Feb 27 11:48:44 2015 : Debug: attribute --> Calling-Station-Id Fri Feb 27 11:48:44 2015 : Debug: (8) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id} Fri Feb 27 11:48:44 2015 : Debug: (8) cache: --> qaresdone899c47233d8 Fri Feb 27 11:48:44 2015 : Debug: (8) cache: Mutex acquired Fri Feb 27 11:48:44 2015 : Debug: (8) cache: No cache entry found for "qaresdone899c47233d8" Fri Feb 27 11:48:44 2015 : Debug: (8) cache: Creating new cache entry Fri Feb 27 11:48:44 2015 : Debug: %{control:NT-Password} Fri Feb 27 11:48:44 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:48:44 2015 : Debug: attribute --> NT-Password Fri Feb 27 11:48:44 2015 : Debug: (8) cache: EXPAND %{control:NT-Password} Fri Feb 27 11:48:44 2015 : Debug: (8) cache: --> Fri Feb 27 11:48:44 2015 : Debug: (8) cache: control:NT-Password := 0x Fri Feb 27 11:48:44 2015 : Debug: %{control:LM-Password} Fri Feb 27 11:48:44 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:48:44 2015 : Debug: attribute --> LM-Password Fri Feb 27 11:48:44 2015 : Debug: (8) cache: EXPAND %{control:LM-Password} Fri Feb 27 11:48:44 2015 : Debug: (8) cache: --> Fri Feb 27 11:48:44 2015 : Debug: (8) cache: control:LM-Password := 0x Fri Feb 27 11:48:44 2015 : Debug: (8) cache: Merging cache entry into request Fri Feb 27 11:48:44 2015 : Debug: (8) cache: &control:NT-Password := 0x Fri Feb 27 11:48:44 2015 : Debug: (8) cache: &control:LM-Password := 0x Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: FROM 2 TO 4 MAX 6 Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: Examining NT-Password Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: APPENDING NT-Password FROM 0 TO 4 Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: Examining LM-Password Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: APPENDING LM-Password FROM 1 TO 5 Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: TO in 4 out 6 Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: to[0] = Proxy-To-Realm Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: to[1] = Ldap-UserDn Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: to[2] = Cleartext-Password Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: to[3] = Auth-Type Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: to[4] = NT-Password Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: to[5] = LM-Password Fri Feb 27 11:48:44 2015 : Debug: (8) cache: Commited entry, TTL 86400 seconds Fri Feb 27 11:48:44 2015 : Debug: (8) cache: Mutex released Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[post-auth]: returned from cache (rlm_cache) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) [cache] = updated Fri Feb 27 11:48:44 2015 : Debug: (8) } # post-auth = updated Fri Feb 27 11:48:44 2015 : Debug: (8) } # server inner-tunnel Fri Feb 27 11:48:44 2015 : Debug: (8) Virtual server sending reply Fri Feb 27 11:48:44 2015 : Debug: (8) MS-MPPE-Encryption-Policy = Encryption-Required Fri Feb 27 11:48:44 2015 : Debug: (8) MS-MPPE-Encryption-Types = 4 Fri Feb 27 11:48:44 2015 : Debug: (8) MS-MPPE-Send-Key = 0x82aec3d769a163ccc766fb41c013b37a Fri Feb 27 11:48:44 2015 : Debug: (8) MS-MPPE-Recv-Key = 0xdfe3b05c037d0adfaa6fce66ada59d8e Fri Feb 27 11:48:44 2015 : Debug: (8) EAP-Message = 0x037e0004 Fri Feb 27 11:48:44 2015 : Debug: (8) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:48:44 2015 : Debug: (8) User-Name = 'qaresdon' Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: Got tunneled reply code 2 Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Required Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: MS-MPPE-Encryption-Types = 4 Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: MS-MPPE-Send-Key = 0x82aec3d769a163ccc766fb41c013b37a Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: MS-MPPE-Recv-Key = 0xdfe3b05c037d0adfaa6fce66ada59d8e Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: EAP-Message = 0x037e0004 Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: User-Name = 'qaresdon' Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: Got tunneled reply RADIUS code 2 Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Required Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: MS-MPPE-Encryption-Types = 4 Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: MS-MPPE-Send-Key = 0x82aec3d769a163ccc766fb41c013b37a Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: MS-MPPE-Recv-Key = 0xdfe3b05c037d0adfaa6fce66ada59d8e Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: EAP-Message = 0x037e0004 Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: User-Name = 'qaresdon' Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: Tunneled authentication was successful Fri Feb 27 11:48:44 2015 : Debug: (8) eap_peap: SUCCESS Fri Feb 27 11:48:44 2015 : Debug: (8) eap: EAP session adding &reply:State = 0x43bc3b694bc322ae Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[authenticate]: returned from eap (rlm_eap) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) [eap] = handled Fri Feb 27 11:48:44 2015 : Debug: (8) } # authenticate = handled Fri Feb 27 11:48:44 2015 : Debug: (8) session-state: Nothing to cache Fri Feb 27 11:48:44 2015 : Debug: (8) Sent Access-Challenge Id 232 from 71.46.62.133:1812 to 24.94.145.173:50155 length 101 Fri Feb 27 11:48:44 2015 : Debug: (8) EAP-Message = 0x017f002b1900170301002039ba24b117670330f3fa6c9fd5a5dca913596bb6c42c15d56031c60ca5f94490 Fri Feb 27 11:48:44 2015 : Debug: (8) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:48:44 2015 : Debug: (8) State = 0x43bc3b694bc322ae11358de93389f275 Fri Feb 27 11:48:44 2015 : Debug: (8) Finished request Fri Feb 27 11:48:44 2015 : Debug: (9) Received Access-Request Id 233 from 24.94.145.173:50155 to 71.46.62.133:1812 length 265 Fri Feb 27 11:48:44 2015 : Debug: (9) User-Name = 'qaresdon' Fri Feb 27 11:48:44 2015 : Debug: (9) NAS-IP-Address = 24.94.145.173 Fri Feb 27 11:48:44 2015 : Debug: (9) NAS-Identifier = 'Ericsson' Fri Feb 27 11:48:44 2015 : Debug: (9) Called-Station-Id = '000d67218560:BHN_E_Secure' Fri Feb 27 11:48:44 2015 : Debug: (9) NAS-Port-Type = Wireless-802.11 Fri Feb 27 11:48:44 2015 : Debug: (9) NAS-Port = 0 Fri Feb 27 11:48:44 2015 : Debug: (9) Calling-Station-Id = 'e899c47233d8' Fri Feb 27 11:48:44 2015 : Debug: (9) Connect-Info = 'CONNECT 0Mbps 802.11b' Fri Feb 27 11:48:44 2015 : Debug: (9) Acct-Session-Id = '54ECEF48-00000185' Fri Feb 27 11:48:44 2015 : Debug: (9) Framed-MTU = 1400 Fri Feb 27 11:48:44 2015 : Debug: (9) EAP-Message = 0x027f0050190017030100204a3f77e84975f8dc7a043f03dc642b872e979c5b5350f2a2d58242d5f3c474c917030100201909ec387bf04a8b2bfa1855721ba76f65efb7067508cd872b92761f51396f21 Fri Feb 27 11:48:44 2015 : Debug: (9) State = 0x43bc3b694bc322ae11358de93389f275 Fri Feb 27 11:48:44 2015 : Debug: (9) Message-Authenticator = 0x63dfb473113d4bc7adb4acb7e848bd2d Fri Feb 27 11:48:44 2015 : Debug: (9) session-state: No cached attributes Fri Feb 27 11:48:44 2015 : Debug: (9) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:48:44 2015 : Debug: (9) authorize { Fri Feb 27 11:48:44 2015 : Debug: (9) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 9 Fri Feb 27 11:48:44 2015 : Debug: (9) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 9 Fri Feb 27 11:48:44 2015 : Debug: (9) [preprocess] = ok Fri Feb 27 11:48:44 2015 : Debug: (9) modsingle[authorize]: calling chap (rlm_chap) for request 9 Fri Feb 27 11:48:44 2015 : Debug: (9) modsingle[authorize]: returned from chap (rlm_chap) for request 9 Fri Feb 27 11:48:44 2015 : Debug: (9) [chap] = noop Fri Feb 27 11:48:44 2015 : Debug: (9) modsingle[authorize]: calling mschap (rlm_mschap) for request 9 Fri Feb 27 11:48:44 2015 : Debug: (9) modsingle[authorize]: returned from mschap (rlm_mschap) for request 9 Fri Feb 27 11:48:44 2015 : Debug: (9) [mschap] = noop Fri Feb 27 11:48:44 2015 : Debug: (9) modsingle[authorize]: calling digest (rlm_digest) for request 9 Fri Feb 27 11:48:44 2015 : Debug: (9) modsingle[authorize]: returned from digest (rlm_digest) for request 9 Fri Feb 27 11:48:44 2015 : Debug: (9) [digest] = noop Fri Feb 27 11:48:44 2015 : Debug: (9) modsingle[authorize]: calling suffix (rlm_realm) for request 9 Fri Feb 27 11:48:44 2015 : Debug: (9) suffix: Checking for suffix after "@" Fri Feb 27 11:48:44 2015 : Debug: (9) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL Fri Feb 27 11:48:44 2015 : Debug: (9) suffix: No such realm "NULL" Fri Feb 27 11:48:44 2015 : Debug: (9) modsingle[authorize]: returned from suffix (rlm_realm) for request 9 Fri Feb 27 11:48:44 2015 : Debug: (9) [suffix] = noop Fri Feb 27 11:48:44 2015 : Debug: (9) modsingle[authorize]: calling eap (rlm_eap) for request 9 Fri Feb 27 11:48:44 2015 : Debug: (9) eap: Peer sent code Response (2) ID 127 length 80 Fri Feb 27 11:48:44 2015 : Debug: (9) eap: Continuing tunnel setup Fri Feb 27 11:48:44 2015 : Debug: (9) modsingle[authorize]: returned from eap (rlm_eap) for request 9 Fri Feb 27 11:48:44 2015 : Debug: (9) [eap] = ok Fri Feb 27 11:48:44 2015 : Debug: (9) } # authorize = ok Fri Feb 27 11:48:44 2015 : Debug: (9) Found Auth-Type = EAP Fri Feb 27 11:48:44 2015 : Debug: (9) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:48:44 2015 : Debug: (9) authenticate { Fri Feb 27 11:48:44 2015 : Debug: (9) modsingle[authenticate]: calling eap (rlm_eap) for request 9 Fri Feb 27 11:48:44 2015 : Debug: (9) eap: Expiring EAP session with state 0x43bc3b694bc322ae Fri Feb 27 11:48:44 2015 : Debug: (9) eap: Finished EAP session with state 0x43bc3b694bc322ae Fri Feb 27 11:48:44 2015 : Debug: (9) eap: Previous EAP request found for state 0x43bc3b694bc322ae, released from the list Fri Feb 27 11:48:44 2015 : Debug: (9) eap: Peer sent method PEAP (25) Fri Feb 27 11:48:44 2015 : Debug: (9) eap: EAP PEAP (25) Fri Feb 27 11:48:44 2015 : Debug: (9) eap: Calling eap_peap to process EAP data Fri Feb 27 11:48:44 2015 : Debug: (9) eap_peap: processing EAP-TLS Fri Feb 27 11:48:44 2015 : Debug: (9) eap_peap: eaptls_verify returned 7 Fri Feb 27 11:48:44 2015 : Debug: (9) eap_peap: Done initial handshake Fri Feb 27 11:48:44 2015 : Debug: (9) eap_peap: eaptls_process returned 7 Fri Feb 27 11:48:44 2015 : Debug: (9) eap_peap: FR_TLS_OK Fri Feb 27 11:48:44 2015 : Debug: (9) eap_peap: Session established. Decoding tunneled attributes Fri Feb 27 11:48:44 2015 : Debug: (9) eap_peap: PEAP state send tlv success Fri Feb 27 11:48:44 2015 : Debug: (9) eap_peap: Received EAP-TLV response Fri Feb 27 11:48:44 2015 : Debug: (9) eap_peap: Success Fri Feb 27 11:48:44 2015 : Debug: (9) eap: Freeing handler Fri Feb 27 11:48:44 2015 : Debug: (9) modsingle[authenticate]: returned from eap (rlm_eap) for request 9 Fri Feb 27 11:48:44 2015 : Debug: (9) [eap] = ok Fri Feb 27 11:48:44 2015 : Debug: (9) } # authenticate = ok Fri Feb 27 11:48:44 2015 : Debug: (9) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default Fri Feb 27 11:48:44 2015 : Debug: (9) post-auth { Fri Feb 27 11:48:44 2015 : Debug: (9) update { Fri Feb 27 11:48:44 2015 : Debug: (9) No attributes updated Fri Feb 27 11:48:44 2015 : Debug: (9) } # update = noop Fri Feb 27 11:48:44 2015 : Debug: (9) modsingle[post-auth]: calling linelog (rlm_linelog) for request 9 Fri Feb 27 11:48:44 2015 : Debug: Accounting-Request.%{%{Acct-Status-Type}:-unknown} Fri Feb 27 11:48:44 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:48:44 2015 : Debug: literal --> Accounting-Request. Fri Feb 27 11:48:44 2015 : Debug: if { Fri Feb 27 11:48:44 2015 : Debug: attribute --> Acct-Status-Type Fri Feb 27 11:48:44 2015 : Debug: } Fri Feb 27 11:48:44 2015 : Debug: else { Fri Feb 27 11:48:44 2015 : Debug: literal --> unknown Fri Feb 27 11:48:44 2015 : Debug: } Fri Feb 27 11:48:44 2015 : Debug: (9) linelog: EXPAND Accounting-Request.%{%{Acct-Status-Type}:-unknown} Fri Feb 27 11:48:44 2015 : Debug: (9) linelog: --> Accounting-Request.unknown Fri Feb 27 11:48:44 2015 : Debug: /var/log/radius/linelog Fri Feb 27 11:48:44 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:48:44 2015 : Debug: literal --> /var/log/radius/linelog Fri Feb 27 11:48:44 2015 : Debug: (9) linelog: EXPAND /var/log/radius/linelog Fri Feb 27 11:48:44 2015 : Debug: (9) linelog: --> /var/log/radius/linelog Fri Feb 27 11:48:44 2015 : Debug: NAS %{Packet-Src-IP-Address} (%{NAS-IP-Address}) sent unknown Acct-Status-Type %{Acct-Status-Type} Fri Feb 27 11:48:44 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:48:44 2015 : Debug: literal --> NAS Fri Feb 27 11:48:44 2015 : Debug: attribute --> Packet-Src-IP-Address Fri Feb 27 11:48:44 2015 : Debug: literal --> ( Fri Feb 27 11:48:44 2015 : Debug: attribute --> NAS-IP-Address Fri Feb 27 11:48:44 2015 : Debug: literal --> ) sent unknown Acct-Status-Type Fri Feb 27 11:48:44 2015 : Debug: attribute --> Acct-Status-Type Fri Feb 27 11:48:44 2015 : Debug: (9) linelog: EXPAND NAS %{Packet-Src-IP-Address} (%{NAS-IP-Address}) sent unknown Acct-Status-Type %{Acct-Status-Type} Fri Feb 27 11:48:44 2015 : Debug: (9) linelog: --> NAS 24.94.145.173 (24.94.145.173) sent unknown Acct-Status-Type Fri Feb 27 11:48:44 2015 : Debug: (9) modsingle[post-auth]: returned from linelog (rlm_linelog) for request 9 Fri Feb 27 11:48:44 2015 : Debug: (9) [linelog] = ok Fri Feb 27 11:48:44 2015 : Debug: (9) modsingle[post-auth]: calling exec (rlm_exec) for request 9 Fri Feb 27 11:48:44 2015 : Debug: (9) modsingle[post-auth]: returned from exec (rlm_exec) for request 9 Fri Feb 27 11:48:44 2015 : Debug: (9) [exec] = noop Fri Feb 27 11:48:44 2015 : Debug: (9) policy remove_reply_message_if_eap { Fri Feb 27 11:48:44 2015 : Debug: (9) if (&reply:EAP-Message && &reply:Reply-Message) { Fri Feb 27 11:48:44 2015 : Debug: (9) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE Fri Feb 27 11:48:44 2015 : Debug: (9) else { Fri Feb 27 11:48:44 2015 : Debug: (9) modsingle[post-auth]: calling noop (rlm_always) for request 9 Fri Feb 27 11:48:44 2015 : Debug: (9) modsingle[post-auth]: returned from noop (rlm_always) for request 9 Fri Feb 27 11:48:44 2015 : Debug: (9) [noop] = noop Fri Feb 27 11:48:44 2015 : Debug: (9) } # else = noop Fri Feb 27 11:48:44 2015 : Debug: (9) } # policy remove_reply_message_if_eap = noop Fri Feb 27 11:48:44 2015 : Debug: (9) } # post-auth = ok Fri Feb 27 11:48:44 2015 : Debug: (9) Sent Access-Accept Id 233 from 71.46.62.133:1812 to 24.94.145.173:50155 length 170 Fri Feb 27 11:48:44 2015 : Debug: (9) MS-MPPE-Recv-Key = 0xf9f233b4f415e166139f17345897d51ef8f739bd9a7674da6f424300c3ab08d7 Fri Feb 27 11:48:44 2015 : Debug: (9) MS-MPPE-Send-Key = 0x4a577470348ad1582a59e092c346c9ff53f0a07da642ee33a54039fb9e03e35c Fri Feb 27 11:48:44 2015 : Debug: (9) EAP-Message = 0x037f0004 Fri Feb 27 11:48:44 2015 : Debug: (9) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 27 11:48:44 2015 : Debug: (9) User-Name = 'qaresdon' Fri Feb 27 11:48:44 2015 : Debug: (9) Finished request ________________________________ CONFIDENTIALITY NOTICE: This e-mail may contain information that is privileged, confidential or otherwise protected from disclosure. **If you are not the intended recipient of this e-mail, please notify the sender immediately by return e-mail, purge it and do not disseminate or copy it.
If you just use radiusd -X it hides the passwords in the debug output for you. That's why on the list we always ask for the output of radiusd -X not radiusd -Xx. 99% of the time you should use radiusd -X. I use radiusd -X when i'm debugging configs. The rest of the output isn't useful unless you're trying to debug a specific issue in code, it just makes the debug output harder to read.
Fri Feb 27 11:47:46 2015 : Debug: if { Fri Feb 27 11:47:46 2015 : Debug: attribute --> Stripped-User-Name Fri Feb 27 11:47:46 2015 : Debug: } Fri Feb 27 11:47:46 2015 : Debug: else { Fri Feb 27 11:47:46 2015 : Debug: attribute --> User-Name Fri Feb 27 11:47:46 2015 : Debug: } Fri Feb 27 11:47:46 2015 : Debug: literal --> ) Fri Feb 27 11:47:46 2015 : Debug: (1) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) Fri Feb 27 11:47:46 2015 : Debug: (1) ldap: --> (uid=qaresdon) Fri Feb 27 11:47:46 2015 : Debug: ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:47:46 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:47:46 2015 : Debug: literal --> ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:47:46 2015 : Debug: (1) ldap: EXPAND ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:47:46 2015 : Debug: (1) ldap: --> ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:47:46 2015 : Debug: (1) ldap: Performing search in 'ou=Customers,dc=brighthouse,dc=com' with filter '(uid=qaresdon)', scope 'sub' Fri Feb 27 11:47:46 2015 : Debug: (1) ldap: Waiting for search result... Fri Feb 27 11:47:46 2015 : Debug: (1) ldap: User object found at DN "rrCustomerID=A6398B1D-9057-4873-B13F-E41B1808B52A,ou=18,ou=Customers,dc=brighthouse,dc=com" Fri Feb 27 11:47:46 2015 : Debug: (1) ldap: Added eDirectory password. control:Cleartext-Password += 'xxxxxxxxx' Fri Feb 27 11:47:46 2015 : Debug: rlm_ldap (ldap): Released connection (4) Fri Feb 27 11:47:46 2015 : Info: rlm_ldap (ldap): Closing connection (0), from 1 unused connections Fri Feb 27 11:47:46 2015 : Debug: rlm_ldap: Closing libldap handle 0x1ae5a40 Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: returned from ldap (rlm_ldap) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) [ldap] = ok Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: calling expiration (rlm_expiration) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: returned from expiration (rlm_expiration) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) [expiration] = noop Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: calling logintime (rlm_logintime) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) modsingle[authorize]: returned from logintime (rlm_logintime) for request 1 Fri Feb 27 11:47:46 2015 : Debug: (1) [logintime] = noop Fri Feb 27 11:47:46 2015 : Debug: (1) } # authorize = updated
Don't list LDAP in the outer server, you only need passwords in the inner server.
Fri Feb 27 11:47:49 2015 : Debug: (6) eap_ttls: Sending tunneled request Fri Feb 27 11:47:49 2015 : Debug: (6) Virtual server received request Fri Feb 27 11:47:49 2015 : Debug: (6) User-Name = 'qaresdon' Fri Feb 27 11:47:49 2015 : Debug: (6) MS-CHAP-Challenge = 0xaf2fdf5314c6b2d4080496ccd142e6e1 Fri Feb 27 11:47:49 2015 : Debug: (6) MS-CHAP2-Response = 0xd2001d385400b1d0f0200000002b00000057000000000000000066eec45b7cacf02aff803f58e135eecfd4655da4e2ee2efe Fri Feb 27 11:47:49 2015 : Debug: (6) server inner-tunnel { Fri Feb 27 11:47:49 2015 : Debug: (6) session-state: No State attribute Fri Feb 27 11:47:49 2015 : Debug: (6) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Fri Feb 27 11:47:49 2015 : Debug: (6) authorize { Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: calling suffix (rlm_realm) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) suffix: Checking for suffix after "@" Fri Feb 27 11:47:49 2015 : Debug: (6) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL Fri Feb 27 11:47:49 2015 : Debug: (6) suffix: No such realm "NULL" Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: returned from suffix (rlm_realm) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) [suffix] = noop Fri Feb 27 11:47:49 2015 : Debug: (6) update control { Fri Feb 27 11:47:49 2015 : Debug: (6) &Proxy-To-Realm := 'LOCAL' Fri Feb 27 11:47:49 2015 : Debug: (6) } # update control = noop Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: calling files (rlm_files) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: returned from files (rlm_files) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) [files] = noop Fri Feb 27 11:47:49 2015 : Debug: (6) update control { Fri Feb 27 11:47:49 2015 : Debug: (6) Cache-Status-Only = yes Fri Feb 27 11:47:49 2015 : Debug: (6) } # update control = noop Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: calling cache (rlm_cache) for request 6 Fri Feb 27 11:47:49 2015 : Debug: %{User-Name}%{outer.request:Calling-Station-Id} Fri Feb 27 11:47:49 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:47:49 2015 : Debug: attribute --> User-Name Fri Feb 27 11:47:49 2015 : Debug: attribute --> Calling-Station-Id Fri Feb 27 11:47:49 2015 : Debug: (6) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id} Fri Feb 27 11:47:49 2015 : Debug: (6) cache: --> qaresdone899c47233d8 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Mutex acquired Fri Feb 27 11:47:49 2015 : Debug: (6) cache: No cache entry found for "qaresdone899c47233d8" Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Mutex released Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: returned from cache (rlm_cache) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) [cache] = notfound
and the user hasn't been found, because cache hasn't been called before and the rbtree driver doesn't persist the cache contents across server restarts.
Fri Feb 27 11:47:49 2015 : Debug: (6) if (notfound) { Fri Feb 27 11:47:49 2015 : Debug: (6) if (notfound) -> TRUE Fri Feb 27 11:47:49 2015 : Debug: (6) if (notfound) { Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: calling ldap (rlm_ldap) for request 6 Fri Feb 27 11:47:49 2015 : Debug: rlm_ldap (ldap): Reserved connection (4) Fri Feb 27 11:47:49 2015 : Debug: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) Fri Feb 27 11:47:49 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:47:49 2015 : Debug: literal --> (uid= Fri Feb 27 11:47:49 2015 : Debug: if { Fri Feb 27 11:47:49 2015 : Debug: attribute --> Stripped-User-Name Fri Feb 27 11:47:49 2015 : Debug: } Fri Feb 27 11:47:49 2015 : Debug: else { Fri Feb 27 11:47:49 2015 : Debug: attribute --> User-Name Fri Feb 27 11:47:49 2015 : Debug: } Fri Feb 27 11:47:49 2015 : Debug: literal --> ) Fri Feb 27 11:47:49 2015 : Debug: (6) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) Fri Feb 27 11:47:49 2015 : Debug: (6) ldap: --> (uid=qaresdon) Fri Feb 27 11:47:49 2015 : Debug: ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:47:49 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:47:49 2015 : Debug: literal --> ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:47:49 2015 : Debug: (6) ldap: EXPAND ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:47:49 2015 : Debug: (6) ldap: --> ou=Customers,dc=brighthouse,dc=com Fri Feb 27 11:47:49 2015 : Debug: (6) ldap: Performing search in 'ou=Customers,dc=brighthouse,dc=com' with filter '(uid=qaresdon)', scope 'sub' Fri Feb 27 11:47:49 2015 : Debug: (6) ldap: Waiting for search result... Fri Feb 27 11:47:49 2015 : Debug: (6) ldap: User object found at DN "rrCustomerID=A6398B1D-9057-4873-B13F-E41B1808B52A,ou=18,ou=Customers,dc=brighthouse,dc=com" Fri Feb 27 11:47:49 2015 : Debug: (6) ldap: Added eDirectory password. control:Cleartext-Password += 'xxxxxxxxx' Fri Feb 27 11:47:49 2015 : Debug: rlm_ldap (ldap): Released connection (4) Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[authorize]: returned from ldap (rlm_ldap) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) [ldap] = ok Fri Feb 27 11:47:49 2015 : Debug: attribute --> User-Name Fri Feb 27 11:47:49 2015 : Debug: attribute --> Calling-Station-Id Fri Feb 27 11:47:49 2015 : Debug: (6) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id} Fri Feb 27 11:47:49 2015 : Debug: (6) cache: --> qaresdone899c47233d8 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Mutex acquired Fri Feb 27 11:47:49 2015 : Debug: (6) cache: No cache entry found for "qaresdone899c47233d8" Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Creating new cache entry Fri Feb 27 11:47:49 2015 : Debug: %{control:NT-Password} Fri Feb 27 11:47:49 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:47:49 2015 : Debug: attribute --> NT-Password Fri Feb 27 11:47:49 2015 : Debug: (6) cache: EXPAND %{control:NT-Password} Fri Feb 27 11:47:49 2015 : Debug: (6) cache: --> 0x5835048ce94ad0564e29a924a03510ef Fri Feb 27 11:47:49 2015 : Debug: (6) cache: control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef Fri Feb 27 11:47:49 2015 : Debug: %{control:LM-Password} Fri Feb 27 11:47:49 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:47:49 2015 : Debug: attribute --> LM-Password Fri Feb 27 11:47:49 2015 : Debug: (6) cache: EXPAND %{control:LM-Password} Fri Feb 27 11:47:49 2015 : Debug: (6) cache: --> 0xe52cac67419a9a2238f10713b629b565 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: control:LM-Password := 0xe52cac67419a9a2238f10713b629b565 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Merging cache entry into request Fri Feb 27 11:47:49 2015 : Debug: (6) cache: &control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef Fri Feb 27 11:47:49 2015 : Debug: (6) cache: &control:LM-Password := 0xe52cac67419a9a2238f10713b629b565
This works. It's not really more secure than caching the cleartext password, but it does avoid some small overhead rehashing the cleartext password each time.
Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: FROM 2 TO 6 MAX 8 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: Examining NT-Password Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: OVERWRITING NT-Password FROM 0 TO 4 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: Examining LM-Password Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: OVERWRITING LM-Password FROM 1 TO 5 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: TO in 6 out 6 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[0] = Proxy-To-Realm Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[1] = Ldap-UserDn Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[2] = Cleartext-Password Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[3] = Auth-Type Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[4] = NT-Password Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[5] = LM-Password Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Commited entry, TTL 86400 seconds Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Mutex released Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[post-auth]: returned from cache (rlm_cache) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) [cache] = updated Fri Feb 27 11:47:49 2015 : Debug: (6) } # post-auth = updated Fri Feb 27 11:47:49 2015 : Debug: (6) } # server inner-tunnel
and no more calls to cache, so i'm not sure what you were expecting to happen. For the PEAP request the cache will have been cleared as the server has been restarted. If you want a persistent cache, you need to use the memcached driver and run a memcached server. That won't persist across memcached restarts though. For that there'd need to be a new file system based cache driver. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
Don't list LDAP in the outer server, you only need passwords in the inner server.
I have removed LDAP from the outer server. Thank you.
and no more calls to cache, so i'm not sure what you were expecting to happen.
For the PEAP request the cache will have been cleared as the server has been restarted. If you want a persistent cache, you need to use the memcached driver and run a memcached server. That won't persist across memcached >restarts though.
For that there'd need to be a new file system based cache driver.
I understand that the cache will not persist across restarts of the radius server. The problem that we are having is that NT-Password and LM-Password are not available for caching when EAP-PEAP is used. What I am showing in the logs is the first time a user connects and what is being cached. Thanks, Don EAP-TTLS - It is able to cache the NT-Password and LM-Password: Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[post-auth]: calling cache (rlm_cache) for request 6 Fri Feb 27 11:47:49 2015 : Debug: %{User-Name}%{outer.request:Calling-Station-Id} Fri Feb 27 11:47:49 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:47:49 2015 : Debug: attribute --> User-Name Fri Feb 27 11:47:49 2015 : Debug: attribute --> Calling-Station-Id Fri Feb 27 11:47:49 2015 : Debug: (6) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id} Fri Feb 27 11:47:49 2015 : Debug: (6) cache: --> qaresdone899c47233d8 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Mutex acquired Fri Feb 27 11:47:49 2015 : Debug: (6) cache: No cache entry found for "qaresdone899c47233d8" Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Creating new cache entry Fri Feb 27 11:47:49 2015 : Debug: %{control:NT-Password} Fri Feb 27 11:47:49 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:47:49 2015 : Debug: attribute --> NT-Password Fri Feb 27 11:47:49 2015 : Debug: (6) cache: EXPAND %{control:NT-Password} Fri Feb 27 11:47:49 2015 : Debug: (6) cache: --> 0x5835048ce94ad0564e29a924a03510ef Fri Feb 27 11:47:49 2015 : Debug: (6) cache: control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef Fri Feb 27 11:47:49 2015 : Debug: %{control:LM-Password} Fri Feb 27 11:47:49 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:47:49 2015 : Debug: attribute --> LM-Password Fri Feb 27 11:47:49 2015 : Debug: (6) cache: EXPAND %{control:LM-Password} Fri Feb 27 11:47:49 2015 : Debug: (6) cache: --> 0xe52cac67419a9a2238f10713b629b565 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: control:LM-Password := 0xe52cac67419a9a2238f10713b629b565 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Merging cache entry into request Fri Feb 27 11:47:49 2015 : Debug: (6) cache: &control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef Fri Feb 27 11:47:49 2015 : Debug: (6) cache: &control:LM-Password := 0xe52cac67419a9a2238f10713b629b565 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: FROM 2 TO 6 MAX 8 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: Examining NT-Password Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: OVERWRITING NT-Password FROM 0 TO 4 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: Examining LM-Password Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: OVERWRITING LM-Password FROM 1 TO 5 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: TO in 6 out 6 Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[0] = Proxy-To-Realm Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[1] = Ldap-UserDn Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[2] = Cleartext-Password Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[3] = Auth-Type Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[4] = NT-Password Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[5] = LM-Password Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Commited entry, TTL 86400 seconds Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Mutex released Fri Feb 27 11:47:49 2015 : Debug: (6) modsingle[post-auth]: returned from cache (rlm_cache) for request 6 Fri Feb 27 11:47:49 2015 : Debug: (6) [cache] = updated EAP-PEAP - It is not able to cache the NT-Password and LM-Password: Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[post-auth]: calling cache (rlm_cache) for request 8 Fri Feb 27 11:48:44 2015 : Debug: %{User-Name}%{outer.request:Calling-Station-Id} Fri Feb 27 11:48:44 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:48:44 2015 : Debug: attribute --> User-Name Fri Feb 27 11:48:44 2015 : Debug: attribute --> Calling-Station-Id Fri Feb 27 11:48:44 2015 : Debug: (8) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id} Fri Feb 27 11:48:44 2015 : Debug: (8) cache: --> qaresdone899c47233d8 Fri Feb 27 11:48:44 2015 : Debug: (8) cache: Mutex acquired Fri Feb 27 11:48:44 2015 : Debug: (8) cache: No cache entry found for "qaresdone899c47233d8" Fri Feb 27 11:48:44 2015 : Debug: (8) cache: Creating new cache entry Fri Feb 27 11:48:44 2015 : Debug: %{control:NT-Password} Fri Feb 27 11:48:44 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:48:44 2015 : Debug: attribute --> NT-Password Fri Feb 27 11:48:44 2015 : Debug: (8) cache: EXPAND %{control:NT-Password} Fri Feb 27 11:48:44 2015 : Debug: (8) cache: --> Fri Feb 27 11:48:44 2015 : Debug: (8) cache: control:NT-Password := 0x Fri Feb 27 11:48:44 2015 : Debug: %{control:LM-Password} Fri Feb 27 11:48:44 2015 : Debug: Parsed xlat tree: Fri Feb 27 11:48:44 2015 : Debug: attribute --> LM-Password Fri Feb 27 11:48:44 2015 : Debug: (8) cache: EXPAND %{control:LM-Password} Fri Feb 27 11:48:44 2015 : Debug: (8) cache: --> Fri Feb 27 11:48:44 2015 : Debug: (8) cache: control:LM-Password := 0x Fri Feb 27 11:48:44 2015 : Debug: (8) cache: Merging cache entry into request Fri Feb 27 11:48:44 2015 : Debug: (8) cache: &control:NT-Password := 0x Fri Feb 27 11:48:44 2015 : Debug: (8) cache: &control:LM-Password := 0x Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: FROM 2 TO 4 MAX 6 Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: Examining NT-Password Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: APPENDING NT-Password FROM 0 TO 4 Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: Examining LM-Password Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: APPENDING LM-Password FROM 1 TO 5 Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: TO in 4 out 6 Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: to[0] = Proxy-To-Realm Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: to[1] = Ldap-UserDn Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: to[2] = Cleartext-Password Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: to[3] = Auth-Type Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: to[4] = NT-Password Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: to[5] = LM-Password Fri Feb 27 11:48:44 2015 : Debug: (8) cache: Commited entry, TTL 86400 seconds Fri Feb 27 11:48:44 2015 : Debug: (8) cache: Mutex released Fri Feb 27 11:48:44 2015 : Debug: (8) modsingle[post-auth]: returned from cache (rlm_cache) for request 8 Fri Feb 27 11:48:44 2015 : Debug: (8) [cache] = updated ________________________________ CONFIDENTIALITY NOTICE: This e-mail may contain information that is privileged, confidential or otherwise protected from disclosure. **If you are not the intended recipient of this e-mail, please notify the sender immediately by return e-mail, purge it and do not disseminate or copy it.
On 27 Feb 2015, at 14:54, Sherker, Donald <Donald.Sherker@mybrighthouse.com> wrote:
Don't list LDAP in the outer server, you only need passwords in the inner server.
I have removed LDAP from the outer server. Thank you.
and no more calls to cache, so i'm not sure what you were expecting to happen.
For the PEAP request the cache will have been cleared as the server has been restarted. If you want a persistent cache, you need to use the memcached driver and run a memcached server. That won't persist across memcached >restarts though.
For that there'd need to be a new file system based cache driver.
I understand that the cache will not persist across restarts of the radius server. The problem that we are having is that NT-Password and LM-Password are not available for caching when EAP-PEAP is used. What I am showing in the logs is the first time a user connects and what is being cached.
The cache module is being called in a different round to the call to mschap.auth which produced the hashes. Move your second cache call (the one to store the hashes) to : Auth-Type MS-CHAP { mschap cache.authorize } Can't remember if ok = return in authenticate. If you find cache.authorize isn't being called Auth-Type MS-CHAP { mschap { ok = 1 } cache.authorize } That'll ensure the hashes are stored immediately after being produced. Again, the cleaner way of doing this is with session-resumption. That way you avoid the many rounds of EAP required to do PEAP or TTLS. Ensure you've enabled it in the supplicant, on the server, and post the debug output, we might be able to suggest what's wrong. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
The cache module is being called in a different round to the call to mschap.auth which produced the hashes.
Move your second cache call (the one to store the hashes) to :
Auth-Type MS-CHAP { mschap cache.authorize }
I have made this change and the server is able to cache the hashes for both EAP-PEAP and EAP-TTLS now. I am now seeing a problem where after MSCHAPv2 finishes it's status is "updated" the first time the user tries to authenticate and then EAP fails. The device will try to authenticate again and MSCHAP will finish with a status of "ok" and the user successfully authenticates. I am adding a debug output below. This behavior is the same with either of the Auth-Type MS-CHAP sections that you suggested. I am only providing a debug for EAP-PEAP since the behavior appears to be the same for this and EAP-TTLS.
Can't remember if ok = return in authenticate.
If you find cache.authorize isn't being called
Auth-Type MS-CHAP { mschap { ok = 1 } cache.authorize }
That'll ensure the hashes are stored immediately after being produced.
Again, the cleaner way of doing this is with session-resumption. That way you avoid the many rounds of EAP required to do PEAP or TTLS.
Ensure you've enabled it in the supplicant, on the server, and post the debug output, we might be able to suggest what's wrong.
- Arran
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
Thanks, Don (0) Received Access-Request Id 34 from 24.94.145.173:50185 to 71.46.62.133:1812 length 180 (0) User-Name = 'qaresdon' (0) NAS-IP-Address = 24.94.145.173 (0) NAS-Identifier = 'Ericsson' (0) Called-Station-Id = '000d67218560:BHN_E_Secure' (0) NAS-Port-Type = Wireless-802.11 (0) NAS-Port = 0 (0) Calling-Station-Id = 'e899c47233d8' (0) Connect-Info = 'CONNECT 0Mbps 802.11b' (0) Acct-Session-Id = '54ECEF48-000001CA' (0) Framed-MTU = 1400 (0) EAP-Message = 0x027b000d017161726573646f6e (0) Message-Authenticator = 0x208d40c09e6d1932f7d088d6c05d4ab4 (0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (0) authorize { (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) eap: Peer sent code Response (2) ID 123 length 13 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = EAP (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (0) authenticate { (0) eap: Peer sent method Identity (1) (0) eap: Calling eap_peap to process EAP data (0) eap_peap: Initiate (0) eap_peap: Start returned 1 (0) eap: EAP session adding &reply:State = 0xa556eb9ba52af221 (0) [eap] = handled (0) } # authenticate = handled (0) Sent Access-Challenge Id 34 from 71.46.62.133:1812 to 24.94.145.173:50185 length 64 (0) EAP-Message = 0x017c00061920 (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0xa556eb9ba52af22199be7cd61cc0c5ae (0) Finished request Waking up in 0.3 seconds. Waking up in 4.6 seconds. (1) Received Access-Request Id 35 from 24.94.145.173:50185 to 71.46.62.133:1812 length 385 (1) User-Name = 'qaresdon' (1) NAS-IP-Address = 24.94.145.173 (1) NAS-Identifier = 'Ericsson' (1) Called-Station-Id = '000d67218560:BHN_E_Secure' (1) NAS-Port-Type = Wireless-802.11 (1) NAS-Port = 0 (1) Calling-Station-Id = 'e899c47233d8' (1) Connect-Info = 'CONNECT 0Mbps 802.11b' (1) Acct-Session-Id = '54ECEF48-000001CA' (1) Framed-MTU = 1400 (1) EAP-Message = 0x027c00c81980000000be16030100b9010000b5030154f0dc826a481caafebe692dc0a7affc19e170237b4ac78902acf13b7228617a000048c014c00a00390038c00fc0050035c012c00800160013c00dc003000ac013c00900330032c00ec004002fc011c007c00cc00200050004001500120009001400 (1) State = 0xa556eb9ba52af22199be7cd61cc0c5ae (1) Message-Authenticator = 0x97476690c508dab97d1aff007310d6d1 (1) session-state: No cached attributes (1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (1) authorize { (1) [preprocess] = ok (1) [chap] = noop (1) [mschap] = noop (1) [digest] = noop (1) suffix: Checking for suffix after "@" (1) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (1) suffix: No such realm "NULL" (1) [suffix] = noop (1) eap: Peer sent code Response (2) ID 124 length 200 (1) eap: Continuing tunnel setup (1) [eap] = ok (1) } # authorize = ok (1) Found Auth-Type = EAP (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (1) authenticate { (1) eap: Expiring EAP session with state 0xa556eb9ba52af221 (1) eap: Finished EAP session with state 0xa556eb9ba52af221 (1) eap: Previous EAP request found for state 0xa556eb9ba52af221, released from the list (1) eap: Peer sent method PEAP (25) (1) eap: EAP PEAP (25) (1) eap: Calling eap_peap to process EAP data (1) eap_peap: processing EAP-TLS (1) eap_peap: TLS Length 190 (1) eap_peap: Length Included (1) eap_peap: eaptls_verify returned 11 (1) eap_peap: (other): before/accept initialization (1) eap_peap: TLS_accept: before/accept initialization (1) eap_peap: <<< TLS 1.0 Handshake [length 00b9], ClientHello (1) eap_peap: TLS_accept: SSLv3 read client hello A (1) eap_peap: >>> TLS 1.0 Handshake [length 0039], ServerHello (1) eap_peap: TLS_accept: SSLv3 write server hello A (1) eap_peap: >>> TLS 1.0 Handshake [length 0e58], Certificate (1) eap_peap: TLS_accept: SSLv3 write certificate A (1) eap_peap: >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange (1) eap_peap: TLS_accept: SSLv3 write key exchange A (1) eap_peap: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone (1) eap_peap: TLS_accept: SSLv3 write server done A (1) eap_peap: TLS_accept: SSLv3 flush data (1) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A (1) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode (1) eap_peap: eaptls_process returned 13 (1) eap_peap: FR_TLS_HANDLED (1) eap: EAP session adding &reply:State = 0xa556eb9ba42bf221 (1) [eap] = handled (1) } # authenticate = handled (1) Sent Access-Challenge Id 35 from 71.46.62.133:1812 to 24.94.145.173:50185 length 1448 (1) EAP-Message = 0x017d056419c000000ff4160301003902000035030154f0dc83dd6feba23cfe7cd1c8b8f24ff711970219b9e87e07ac380c2e2d491200c01400000dff01000100000b0004030001021603010e580b000e54000e510005213082051d30820405a00302010202044c233c7e300d06092a864886f70d010105 (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) State = 0xa556eb9ba42bf22199be7cd61cc0c5ae (1) Finished request Waking up in 0.3 seconds. (2) Received Access-Request Id 36 from 24.94.145.173:50185 to 71.46.62.133:1812 length 191 (2) User-Name = 'qaresdon' (2) NAS-IP-Address = 24.94.145.173 (2) NAS-Identifier = 'Ericsson' (2) Called-Station-Id = '000d67218560:BHN_E_Secure' (2) NAS-Port-Type = Wireless-802.11 (2) NAS-Port = 0 (2) Calling-Station-Id = 'e899c47233d8' (2) Connect-Info = 'CONNECT 0Mbps 802.11b' (2) Acct-Session-Id = '54ECEF48-000001CA' (2) Framed-MTU = 1400 (2) EAP-Message = 0x027d00061900 (2) State = 0xa556eb9ba42bf22199be7cd61cc0c5ae (2) Message-Authenticator = 0xd687df2e95e0ff0c8697fbbcb293ce5d (2) session-state: No cached attributes (2) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (2) authorize { (2) [preprocess] = ok (2) [chap] = noop (2) [mschap] = noop (2) [digest] = noop (2) suffix: Checking for suffix after "@" (2) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (2) suffix: No such realm "NULL" (2) [suffix] = noop (2) eap: Peer sent code Response (2) ID 125 length 6 (2) eap: Continuing tunnel setup (2) [eap] = ok (2) } # authorize = ok (2) Found Auth-Type = EAP (2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (2) authenticate { (2) eap: Expiring EAP session with state 0xa556eb9ba42bf221 (2) eap: Finished EAP session with state 0xa556eb9ba42bf221 (2) eap: Previous EAP request found for state 0xa556eb9ba42bf221, released from the list (2) eap: Peer sent method PEAP (25) (2) eap: EAP PEAP (25) (2) eap: Calling eap_peap to process EAP data (2) eap_peap: processing EAP-TLS (2) eap_peap: Received TLS ACK (2) eap_peap: Received TLS ACK (2) eap_peap: ACK handshake fragment handler (2) eap_peap: eaptls_verify returned 1 (2) eap_peap: eaptls_process returned 13 (2) eap_peap: FR_TLS_HANDLED (2) eap: EAP session adding &reply:State = 0xa556eb9ba728f221 (2) [eap] = handled (2) } # authenticate = handled (2) Sent Access-Challenge Id 36 from 71.46.62.133:1812 to 24.94.145.173:50185 length 1444 (2) EAP-Message = 0x017e05601940f3fa6ff051ec9a0730ea94aaa1596407296688590004f9308204f5308203dda00302010202044c0e8c39300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0xa556eb9ba728f22199be7cd61cc0c5ae (2) Finished request Waking up in 0.2 seconds. (3) Received Access-Request Id 37 from 24.94.145.173:50185 to 71.46.62.133:1812 length 191 (3) User-Name = 'qaresdon' (3) NAS-IP-Address = 24.94.145.173 (3) NAS-Identifier = 'Ericsson' (3) Called-Station-Id = '000d67218560:BHN_E_Secure' (3) NAS-Port-Type = Wireless-802.11 (3) NAS-Port = 0 (3) Calling-Station-Id = 'e899c47233d8' (3) Connect-Info = 'CONNECT 0Mbps 802.11b' (3) Acct-Session-Id = '54ECEF48-000001CA' (3) Framed-MTU = 1400 (3) EAP-Message = 0x027e00061900 (3) State = 0xa556eb9ba728f22199be7cd61cc0c5ae (3) Message-Authenticator = 0x80271b4009354c26acdbccbdb347c5f6 (3) session-state: No cached attributes (3) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (3) authorize { (3) [preprocess] = ok (3) [chap] = noop (3) [mschap] = noop (3) [digest] = noop (3) suffix: Checking for suffix after "@" (3) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (3) suffix: No such realm "NULL" (3) [suffix] = noop (3) eap: Peer sent code Response (2) ID 126 length 6 (3) eap: Continuing tunnel setup (3) [eap] = ok (3) } # authorize = ok (3) Found Auth-Type = EAP (3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (3) authenticate { (3) eap: Expiring EAP session with state 0xa556eb9ba728f221 (3) eap: Finished EAP session with state 0xa556eb9ba728f221 (3) eap: Previous EAP request found for state 0xa556eb9ba728f221, released from the list (3) eap: Peer sent method PEAP (25) (3) eap: EAP PEAP (25) (3) eap: Calling eap_peap to process EAP data (3) eap_peap: processing EAP-TLS (3) eap_peap: Received TLS ACK (3) eap_peap: Received TLS ACK (3) eap_peap: ACK handshake fragment handler (3) eap_peap: eaptls_verify returned 1 (3) eap_peap: eaptls_process returned 13 (3) eap_peap: FR_TLS_HANDLED (3) eap: EAP session adding &reply:State = 0xa556eb9ba629f221 (3) [eap] = handled (3) } # authenticate = handled (3) Sent Access-Challenge Id 37 from 71.46.62.133:1812 to 24.94.145.173:50185 length 1418 (3) EAP-Message = 0x017f0546190077772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) State = 0xa556eb9ba629f22199be7cd61cc0c5ae (3) Finished request Waking up in 0.2 seconds. (4) Received Access-Request Id 38 from 24.94.145.173:50185 to 71.46.62.133:1812 length 329 (4) User-Name = 'qaresdon' (4) NAS-IP-Address = 24.94.145.173 (4) NAS-Identifier = 'Ericsson' (4) Called-Station-Id = '000d67218560:BHN_E_Secure' (4) NAS-Port-Type = Wireless-802.11 (4) NAS-Port = 0 (4) Calling-Station-Id = 'e899c47233d8' (4) Connect-Info = 'CONNECT 0Mbps 802.11b' (4) Acct-Session-Id = '54ECEF48-000001CA' (4) Framed-MTU = 1400 (4) EAP-Message = 0x027f009019800000008616030100461000004241041de81c5e530c0b45cde9b29e698080657fb971117e91200e1e1b53d034e9aa7cd909defd5e4a312018215785bd7444ad7dcccf6fe8cc31611d8c7577612ad030140301000101160301003084fbd8dd08b1ce1bf3b49c94a180d71170640cbc5fd890 (4) State = 0xa556eb9ba629f22199be7cd61cc0c5ae (4) Message-Authenticator = 0xdcf5dab46700349f7c7e7b140b81e2d4 (4) session-state: No cached attributes (4) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (4) authorize { (4) [preprocess] = ok (4) [chap] = noop (4) [mschap] = noop (4) [digest] = noop (4) suffix: Checking for suffix after "@" (4) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (4) suffix: No such realm "NULL" (4) [suffix] = noop (4) eap: Peer sent code Response (2) ID 127 length 144 (4) eap: Continuing tunnel setup (4) [eap] = ok (4) } # authorize = ok (4) Found Auth-Type = EAP (4) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (4) authenticate { (4) eap: Expiring EAP session with state 0xa556eb9ba629f221 (4) eap: Finished EAP session with state 0xa556eb9ba629f221 (4) eap: Previous EAP request found for state 0xa556eb9ba629f221, released from the list (4) eap: Peer sent method PEAP (25) (4) eap: EAP PEAP (25) (4) eap: Calling eap_peap to process EAP data (4) eap_peap: processing EAP-TLS (4) eap_peap: TLS Length 134 (4) eap_peap: Length Included (4) eap_peap: eaptls_verify returned 11 (4) eap_peap: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange (4) eap_peap: TLS_accept: SSLv3 read client key exchange A (4) eap_peap: <<< TLS 1.0 ChangeCipherSpec [length 0001] (4) eap_peap: <<< TLS 1.0 Handshake [length 0010], Finished (4) eap_peap: TLS_accept: SSLv3 read finished A (4) eap_peap: >>> TLS 1.0 ChangeCipherSpec [length 0001] (4) eap_peap: TLS_accept: SSLv3 write change cipher spec A (4) eap_peap: >>> TLS 1.0 Handshake [length 0010], Finished (4) eap_peap: TLS_accept: SSLv3 write finished A (4) eap_peap: TLS_accept: SSLv3 flush data (4) eap_peap: (other): SSL negotiation finished successfully SSL Connection Established (4) eap_peap: eaptls_process returned 13 (4) eap_peap: FR_TLS_HANDLED (4) eap: EAP session adding &reply:State = 0xa556eb9ba1d6f221 (4) [eap] = handled (4) } # authenticate = handled (4) Sent Access-Challenge Id 38 from 71.46.62.133:1812 to 24.94.145.173:50185 length 123 (4) EAP-Message = 0x0180004119001403010001011603010030d5232114ec7403ddd7f173d132b90c4ac7fa5197172c90d45d7473eb22089bde69bcb13420b2903a55b1f99dac80841f (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0xa556eb9ba1d6f22199be7cd61cc0c5ae (4) Finished request Waking up in 0.1 seconds. (5) Received Access-Request Id 39 from 24.94.145.173:50185 to 71.46.62.133:1812 length 191 (5) User-Name = 'qaresdon' (5) NAS-IP-Address = 24.94.145.173 (5) NAS-Identifier = 'Ericsson' (5) Called-Station-Id = '000d67218560:BHN_E_Secure' (5) NAS-Port-Type = Wireless-802.11 (5) NAS-Port = 0 (5) Calling-Station-Id = 'e899c47233d8' (5) Connect-Info = 'CONNECT 0Mbps 802.11b' (5) Acct-Session-Id = '54ECEF48-000001CA' (5) Framed-MTU = 1400 (5) EAP-Message = 0x028000061900 (5) State = 0xa556eb9ba1d6f22199be7cd61cc0c5ae (5) Message-Authenticator = 0x7084ea264ee8832f65c0477a20a10422 (5) session-state: No cached attributes (5) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (5) authorize { (5) [preprocess] = ok (5) [chap] = noop (5) [mschap] = noop (5) [digest] = noop (5) suffix: Checking for suffix after "@" (5) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (5) suffix: No such realm "NULL" (5) [suffix] = noop (5) eap: Peer sent code Response (2) ID 128 length 6 (5) eap: Continuing tunnel setup (5) [eap] = ok (5) } # authorize = ok (5) Found Auth-Type = EAP (5) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (5) authenticate { (5) eap: Expiring EAP session with state 0xa556eb9ba1d6f221 (5) eap: Finished EAP session with state 0xa556eb9ba1d6f221 (5) eap: Previous EAP request found for state 0xa556eb9ba1d6f221, released from the list (5) eap: Peer sent method PEAP (25) (5) eap: EAP PEAP (25) (5) eap: Calling eap_peap to process EAP data (5) eap_peap: processing EAP-TLS (5) eap_peap: Received TLS ACK (5) eap_peap: Received TLS ACK (5) eap_peap: ACK handshake is finished (5) eap_peap: eaptls_verify returned 3 (5) eap_peap: eaptls_process returned 3 (5) eap_peap: FR_TLS_SUCCESS (5) eap_peap: Session established. Decoding tunneled attributes (5) eap_peap: PEAP state TUNNEL ESTABLISHED (5) eap: EAP session adding &reply:State = 0xa556eb9ba0d7f221 (5) [eap] = handled (5) } # authenticate = handled (5) Sent Access-Challenge Id 39 from 71.46.62.133:1812 to 24.94.145.173:50185 length 101 (5) EAP-Message = 0x0181002b19001703010020e15d6454d6abc70c73a354d134980d5ad5ddc0b8bb8c5be9ae7a19a8cd4ca8c4 (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) State = 0xa556eb9ba0d7f22199be7cd61cc0c5ae (5) Finished request (6) Received Access-Request Id 40 from 24.94.145.173:50185 to 71.46.62.133:1812 length 265 (6) User-Name = 'qaresdon' (6) NAS-IP-Address = 24.94.145.173 (6) NAS-Identifier = 'Ericsson' (6) Called-Station-Id = '000d67218560:BHN_E_Secure' (6) NAS-Port-Type = Wireless-802.11 (6) NAS-Port = 0 (6) Calling-Station-Id = 'e899c47233d8' (6) Connect-Info = 'CONNECT 0Mbps 802.11b' (6) Acct-Session-Id = '54ECEF48-000001CA' (6) Framed-MTU = 1400 (6) EAP-Message = 0x0281005019001703010020872287933fe24c95d0600a7f1cdc519b71d2fd8dd4bd7ac0daebc49ea243a36e17030100206532a40dfb17801a9eef9bbca26a4609fd01c1296a5ba37f46f4013568705504 (6) State = 0xa556eb9ba0d7f22199be7cd61cc0c5ae (6) Message-Authenticator = 0xbb58c954bb6fd7272ef716a436427a0a (6) session-state: No cached attributes (6) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (6) authorize { (6) [preprocess] = ok (6) [chap] = noop (6) [mschap] = noop (6) [digest] = noop (6) suffix: Checking for suffix after "@" (6) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (6) suffix: No such realm "NULL" (6) [suffix] = noop (6) eap: Peer sent code Response (2) ID 129 length 80 (6) eap: Continuing tunnel setup (6) [eap] = ok (6) } # authorize = ok (6) Found Auth-Type = EAP (6) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (6) authenticate { (6) eap: Expiring EAP session with state 0xa556eb9ba0d7f221 (6) eap: Finished EAP session with state 0xa556eb9ba0d7f221 (6) eap: Previous EAP request found for state 0xa556eb9ba0d7f221, released from the list (6) eap: Peer sent method PEAP (25) (6) eap: EAP PEAP (25) (6) eap: Calling eap_peap to process EAP data (6) eap_peap: processing EAP-TLS (6) eap_peap: eaptls_verify returned 7 (6) eap_peap: Done initial handshake (6) eap_peap: eaptls_process returned 7 (6) eap_peap: FR_TLS_OK (6) eap_peap: Session established. Decoding tunneled attributes (6) eap_peap: PEAP state WAITING FOR INNER IDENTITY (6) eap_peap: Identity - qaresdon (6) eap_peap: Got inner identity 'qaresdon' (6) eap_peap: Setting default EAP type for tunneled EAP session (6) eap_peap: Got tunneled request (6) eap_peap: EAP-Message = 0x0281000d017161726573646f6e (6) eap_peap: Setting User-Name to qaresdon (6) eap_peap: Sending tunneled request to inner-tunnel (6) eap_peap: EAP-Message = 0x0281000d017161726573646f6e (6) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (6) eap_peap: User-Name = 'qaresdon' (6) Virtual server received request (6) EAP-Message = 0x0281000d017161726573646f6e (6) FreeRADIUS-Proxied-To = 127.0.0.1 (6) User-Name = 'qaresdon' (6) server inner-tunnel { (6) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (6) authorize { (6) suffix: Checking for suffix after "@" (6) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (6) suffix: No such realm "NULL" (6) [suffix] = noop (6) update control { (6) &Proxy-To-Realm := 'LOCAL' (6) } # update control = noop (6) eap: Peer sent code Response (2) ID 129 length 13 (6) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (6) [eap] = ok (6) } # authorize = ok (6) Found Auth-Type = EAP (6) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (6) authenticate { (6) eap: Peer sent method Identity (1) (6) eap: Calling eap_mschapv2 to process EAP data (6) eap_mschapv2: Issuing Challenge (6) eap: EAP session adding &reply:State = 0x3f5c7fab3fde652b (6) [eap] = handled (6) } # authenticate = handled (6) } # server inner-tunnel (6) Virtual server sending reply (6) EAP-Message = 0x018200221a0182001d106d37423145547268a8f3707c99b003ef7161726573646f6e (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0x3f5c7fab3fde652b9f4b180614f7361c (6) eap_peap: Got tunneled reply code 11 (6) eap_peap: EAP-Message = 0x018200221a0182001d106d37423145547268a8f3707c99b003ef7161726573646f6e (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (6) eap_peap: State = 0x3f5c7fab3fde652b9f4b180614f7361c (6) eap_peap: Got tunneled reply RADIUS code 11 (6) eap_peap: EAP-Message = 0x018200221a0182001d106d37423145547268a8f3707c99b003ef7161726573646f6e (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (6) eap_peap: State = 0x3f5c7fab3fde652b9f4b180614f7361c (6) eap_peap: Got tunneled Access-Challenge (6) eap: EAP session adding &reply:State = 0xa556eb9ba3d4f221 (6) [eap] = handled (6) } # authenticate = handled (6) Sent Access-Challenge Id 40 from 71.46.62.133:1812 to 24.94.145.173:50185 length 133 (6) EAP-Message = 0x0182004b19001703010040c3071a2e2f018f665bdc343ffa6a77b187301b544040c82c7dad3cb7db531097eaca3b29307e382fb63e08816e5d92467a839d7744e2debd0667a737d6997f1d (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0xa556eb9ba3d4f22199be7cd61cc0c5ae (6) Finished request (7) Received Access-Request Id 41 from 24.94.145.173:50185 to 71.46.62.133:1812 length 329 (7) User-Name = 'qaresdon' (7) NAS-IP-Address = 24.94.145.173 (7) NAS-Identifier = 'Ericsson' (7) Called-Station-Id = '000d67218560:BHN_E_Secure' (7) NAS-Port-Type = Wireless-802.11 (7) NAS-Port = 0 (7) Calling-Station-Id = 'e899c47233d8' (7) Connect-Info = 'CONNECT 0Mbps 802.11b' (7) Acct-Session-Id = '54ECEF48-000001CA' (7) Framed-MTU = 1400 (7) EAP-Message = 0x028200901900170301002083722abeb6f8d0282836ebeda256f79ebbc5302178d42d95fb8372d01b2c94291703010060ae2ad6a9a08dfd9dd353e67997e8bff1cd91d2dd9368c1e7b361e9ccc113c63e2c0a37e5316e7f461962dc1b53b0b7c389ab126e6bbd7efa07f5c547d1ba6ad0f1206f874ac79b (7) State = 0xa556eb9ba3d4f22199be7cd61cc0c5ae (7) Message-Authenticator = 0x95f3368f42f367ecd22f70c68b175fbc (7) session-state: No cached attributes (7) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (7) authorize { (7) [preprocess] = ok (7) [chap] = noop (7) [mschap] = noop (7) [digest] = noop (7) suffix: Checking for suffix after "@" (7) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (7) suffix: No such realm "NULL" (7) [suffix] = noop (7) eap: Peer sent code Response (2) ID 130 length 144 (7) eap: Continuing tunnel setup (7) [eap] = ok (7) } # authorize = ok (7) Found Auth-Type = EAP (7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (7) authenticate { (7) eap: Expiring EAP session with state 0x3f5c7fab3fde652b (7) eap: Finished EAP session with state 0xa556eb9ba3d4f221 (7) eap: Previous EAP request found for state 0xa556eb9ba3d4f221, released from the list (7) eap: Peer sent method PEAP (25) (7) eap: EAP PEAP (25) (7) eap: Calling eap_peap to process EAP data (7) eap_peap: processing EAP-TLS (7) eap_peap: eaptls_verify returned 7 (7) eap_peap: Done initial handshake (7) eap_peap: eaptls_process returned 7 (7) eap_peap: FR_TLS_OK (7) eap_peap: Session established. Decoding tunneled attributes (7) eap_peap: PEAP state phase2 (7) eap_peap: EAP type MSCHAPv2 (26) (7) eap_peap: Got tunneled request (7) eap_peap: EAP-Message = 0x028200431a0282003e3179df509b18349f4cd5808bc78d57007a00000000000000008aceba6e8a8cbadabef078deb6260f457102477bde9e6991007161726573646f6e (7) eap_peap: Setting User-Name to qaresdon (7) eap_peap: Sending tunneled request to inner-tunnel (7) eap_peap: EAP-Message = 0x028200431a0282003e3179df509b18349f4cd5808bc78d57007a00000000000000008aceba6e8a8cbadabef078deb6260f457102477bde9e6991007161726573646f6e (7) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (7) eap_peap: User-Name = 'qaresdon' (7) eap_peap: State = 0x3f5c7fab3fde652b9f4b180614f7361c (7) Virtual server received request (7) EAP-Message = 0x028200431a0282003e3179df509b18349f4cd5808bc78d57007a00000000000000008aceba6e8a8cbadabef078deb6260f457102477bde9e6991007161726573646f6e (7) FreeRADIUS-Proxied-To = 127.0.0.1 (7) User-Name = 'qaresdon' (7) State = 0x3f5c7fab3fde652b9f4b180614f7361c (7) server inner-tunnel { (7) session-state: No cached attributes (7) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (7) authorize { (7) suffix: Checking for suffix after "@" (7) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (7) suffix: No such realm "NULL" (7) [suffix] = noop (7) update control { (7) &Proxy-To-Realm := 'LOCAL' (7) } # update control = noop (7) eap: Peer sent code Response (2) ID 130 length 67 (7) eap: No EAP Start, assuming it's an on-going EAP conversation (7) [eap] = updated (7) [files] = noop (7) update control { (7) Cache-Status-Only = yes (7) } # update control = noop (7) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id} (7) cache: --> qaresdone899c47233d8 (7) cache: No cache entry found for "qaresdone899c47233d8" (7) [cache] = notfound (7) if (notfound) { (7) if (notfound) -> TRUE (7) if (notfound) { rlm_ldap (ldap): Reserved connection (4) (7) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (7) ldap: --> (uid=qaresdon) (7) ldap: EXPAND ou=Customers,dc=brighthouse,dc=com (7) ldap: --> ou=Customers,dc=brighthouse,dc=com (7) ldap: Performing search in 'ou=Customers,dc=brighthouse,dc=com' with filter '(uid=qaresdon)', scope 'sub' (7) ldap: Waiting for search result... (7) ldap: User object found at DN "rrCustomerID=A6398B1D-9057-4873-B13F-E41B1808B52A,ou=18,ou=Customers,dc=brighthouse,dc=com" (7) ldap: Added eDirectory password rlm_ldap (ldap): Released connection (4) rlm_ldap (ldap): Closing connection (0), from 1 unused connections (7) [ldap] = ok (7) } # if (notfound) = ok (7) ... skipping else for request 7: Preceding "if" was taken (7) [mschap] = noop (7) [expiration] = noop (7) [logintime] = noop (7) } # authorize = updated (7) Found Auth-Type = EAP (7) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (7) authenticate { (7) eap: Expiring EAP session with state 0x3f5c7fab3fde652b (7) eap: Finished EAP session with state 0x3f5c7fab3fde652b (7) eap: Previous EAP request found for state 0x3f5c7fab3fde652b, released from the list (7) eap: Peer sent method MSCHAPv2 (26) (7) eap: EAP MSCHAPv2 (26) (7) eap: Calling eap_mschapv2 to process EAP data (7) eap_mschapv2: # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (7) eap_mschapv2: Auth-Type MS-CHAP { (7) mschap: Found Cleartext-Password, hashing to create NT-Password (7) mschap: Found Cleartext-Password, hashing to create LM-Password (7) mschap: Creating challenge hash with username: qaresdon (7) mschap: Client is using MS-CHAPv2 (7) mschap: Adding MS-CHAPv2 MPPE keys (7) [mschap] = ok (7) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id} (7) cache: --> qaresdone899c47233d8 (7) cache: No cache entry found for "qaresdone899c47233d8" (7) cache: Creating new cache entry (7) cache: EXPAND %{control:NT-Password} (7) cache: --> 0x5835048ce94ad0564e29a924a03510ef (7) cache: control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef (7) cache: EXPAND %{control:LM-Password} (7) cache: --> 0xe52cac67419a9a2238f10713b629b565 (7) cache: control:LM-Password := 0xe52cac67419a9a2238f10713b629b565 (7) cache: Merging cache entry into request (7) cache: &control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef (7) cache: &control:LM-Password := 0xe52cac67419a9a2238f10713b629b565 (7) cache: Commited entry, TTL 86400 seconds (7) [cache.authorize] = updated (7) } # Auth-Type MS-CHAP = updated (7) eap: Freeing handler (7) [eap] = reject (7) } # authenticate = reject (7) Failed to authenticate the user (7) Using Post-Auth-Type Reject (7) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (7) Post-Auth-Type REJECT { (7) attr_filter.access_reject: EXPAND %{User-Name} (7) attr_filter.access_reject: --> qaresdon (7) attr_filter.access_reject: Matched entry DEFAULT at line 11 (7) [attr_filter.access_reject] = updated (7) update outer.session-state { (7) No attributes updated (7) } # update outer.session-state = noop (7) } # Post-Auth-Type REJECT = updated (7) } # server inner-tunnel (7) Virtual server sending reply (7) EAP-Message = 0x04820004 (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) eap_peap: Got tunneled reply code 3 (7) eap_peap: EAP-Message = 0x04820004 (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (7) eap_peap: Got tunneled reply RADIUS code 3 (7) eap_peap: EAP-Message = 0x04820004 (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (7) eap_peap: Tunneled authentication was rejected (7) eap_peap: FAILURE (7) eap: EAP session adding &reply:State = 0xa556eb9ba2d5f221 (7) [eap] = handled (7) } # authenticate = handled (7) Sent Access-Challenge Id 41 from 71.46.62.133:1812 to 24.94.145.173:50185 length 101 (7) EAP-Message = 0x0183002b19001703010020cca9de57466d406605e1f13e74f8a1ec115029faf116054e07a94f2abd791152 (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0xa556eb9ba2d5f22199be7cd61cc0c5ae (7) Finished request Waking up in 0.1 seconds. (8) Received Access-Request Id 42 from 24.94.145.173:50185 to 71.46.62.133:1812 length 265 (8) User-Name = 'qaresdon' (8) NAS-IP-Address = 24.94.145.173 (8) NAS-Identifier = 'Ericsson' (8) Called-Station-Id = '000d67218560:BHN_E_Secure' (8) NAS-Port-Type = Wireless-802.11 (8) NAS-Port = 0 (8) Calling-Station-Id = 'e899c47233d8' (8) Connect-Info = 'CONNECT 0Mbps 802.11b' (8) Acct-Session-Id = '54ECEF48-000001CA' (8) Framed-MTU = 1400 (8) EAP-Message = 0x028300501900170301002054989a2afeea8eb51367887c1c035a6c2a8e11363adf797f4a719063c84a25fe17030100204e021c8b497aaf4d5df146d6fd9d24a3fbcfe951d7ef1658cc63d9d203850b05 (8) State = 0xa556eb9ba2d5f22199be7cd61cc0c5ae (8) Message-Authenticator = 0x729706077ff685f9cbae28168d4e83e3 (8) session-state: No cached attributes (8) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (8) authorize { (8) [preprocess] = ok (8) [chap] = noop (8) [mschap] = noop (8) [digest] = noop (8) suffix: Checking for suffix after "@" (8) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (8) suffix: No such realm "NULL" (8) [suffix] = noop (8) eap: Peer sent code Response (2) ID 131 length 80 (8) eap: Continuing tunnel setup (8) [eap] = ok (8) } # authorize = ok (8) Found Auth-Type = EAP (8) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (8) authenticate { (8) eap: Expiring EAP session with state 0xa556eb9ba2d5f221 (8) eap: Finished EAP session with state 0xa556eb9ba2d5f221 (8) eap: Previous EAP request found for state 0xa556eb9ba2d5f221, released from the list (8) eap: Peer sent method PEAP (25) (8) eap: EAP PEAP (25) (8) eap: Calling eap_peap to process EAP data (8) eap_peap: processing EAP-TLS (8) eap_peap: eaptls_verify returned 7 (8) eap_peap: Done initial handshake (8) eap_peap: eaptls_process returned 7 (8) eap_peap: FR_TLS_OK (8) eap_peap: Session established. Decoding tunneled attributes (8) eap_peap: PEAP state send tlv failure (8) eap_peap: Received EAP-TLV response (8) eap_peap: The users session was previously rejected: returning reject (again.) (8) eap_peap: This means you need to read the PREVIOUS messages in the debug output (8) eap_peap: to find out the reason why the user was rejected (8) eap_peap: Look for "reject" or "fail". Those earlier messages will tell you (8) eap_peap: what went wrong, and how to fix the problem ERROR: (8) eap: Failed continuing EAP PEAP (25) session. EAP sub-module failed (8) eap: Failed in EAP select (8) [eap] = invalid (8) } # authenticate = invalid (8) Failed to authenticate the user (8) Using Post-Auth-Type Reject (8) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (8) Post-Auth-Type REJECT { (8) attr_filter.access_reject: EXPAND %{User-Name} (8) attr_filter.access_reject: --> qaresdon (8) attr_filter.access_reject: Matched entry DEFAULT at line 11 (8) [attr_filter.access_reject] = updated (8) eap: Reply already contained an EAP-Message, not inserting EAP-Failure (8) [eap] = noop (8) policy remove_reply_message_if_eap { (8) if (&reply:EAP-Message && &reply:Reply-Message) { (8) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (8) else { (8) [noop] = noop (8) } # else = noop (8) } # policy remove_reply_message_if_eap = noop (8) } # Post-Auth-Type REJECT = updated (8) Delaying response for 1.000000 seconds Waking up in 0.6 seconds. (8) Sending delayed response (8) Sent Access-Reject Id 42 from 71.46.62.133:1812 to 24.94.145.173:50185 length 44 (8) EAP-Message = 0x04830004 (8) Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 0.4 seconds. (0) <done>: Cleaning up request packet ID 34 with timestamp +28 Waking up in 3.1 seconds. (1) <done>: Cleaning up request packet ID 35 with timestamp +31 (2) <done>: Cleaning up request packet ID 36 with timestamp +31 (3) <done>: Cleaning up request packet ID 37 with timestamp +31 Waking up in 0.1 seconds. (4) <done>: Cleaning up request packet ID 38 with timestamp +31 (5) <done>: Cleaning up request packet ID 39 with timestamp +31 (6) <done>: Cleaning up request packet ID 40 with timestamp +31 (7) <done>: Cleaning up request packet ID 41 with timestamp +31 (8) Cleaning up request packet ID 42 with timestamp +31 Ready to process requests (9) Received Access-Request Id 43 from 24.94.145.173:50185 to 71.46.62.133:1812 length 180 (9) User-Name = 'qaresdon' (9) NAS-IP-Address = 24.94.145.173 (9) NAS-Identifier = 'Ericsson' (9) Called-Station-Id = '000d67218560:BHN_E_Secure' (9) NAS-Port-Type = Wireless-802.11 (9) NAS-Port = 0 (9) Calling-Station-Id = 'e899c47233d8' (9) Connect-Info = 'CONNECT 0Mbps 802.11b' (9) Acct-Session-Id = '54ECEF48-000001CB' (9) Framed-MTU = 1400 (9) EAP-Message = 0x0214000d017161726573646f6e (9) Message-Authenticator = 0x3a0cccf1f57589731ceb5fb726237ff4 (9) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (9) authorize { (9) [preprocess] = ok (9) [chap] = noop (9) [mschap] = noop (9) [digest] = noop (9) suffix: Checking for suffix after "@" (9) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (9) suffix: No such realm "NULL" (9) [suffix] = noop (9) eap: Peer sent code Response (2) ID 20 length 13 (9) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (9) [eap] = ok (9) } # authorize = ok (9) Found Auth-Type = EAP (9) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (9) authenticate { (9) eap: Peer sent method Identity (1) (9) eap: Calling eap_peap to process EAP data (9) eap_peap: Initiate (9) eap_peap: Start returned 1 (9) eap: EAP session adding &reply:State = 0x47b9430247ac5af4 (9) [eap] = handled (9) } # authenticate = handled (9) Sent Access-Challenge Id 43 from 71.46.62.133:1812 to 24.94.145.173:50185 length 64 (9) EAP-Message = 0x011500061920 (9) Message-Authenticator = 0x00000000000000000000000000000000 (9) State = 0x47b9430247ac5af4cf068da2e811b93b (9) Finished request Waking up in 0.3 seconds. (10) Received Access-Request Id 44 from 24.94.145.173:50185 to 71.46.62.133:1812 length 385 (10) User-Name = 'qaresdon' (10) NAS-IP-Address = 24.94.145.173 (10) NAS-Identifier = 'Ericsson' (10) Called-Station-Id = '000d67218560:BHN_E_Secure' (10) NAS-Port-Type = Wireless-802.11 (10) NAS-Port = 0 (10) Calling-Station-Id = 'e899c47233d8' (10) Connect-Info = 'CONNECT 0Mbps 802.11b' (10) Acct-Session-Id = '54ECEF48-000001CB' (10) Framed-MTU = 1400 (10) EAP-Message = 0x021500c81980000000be16030100b9010000b5030154f0dc884fc1454e129b65ffd2f6d4a31ec7d6e7d7e1f272de0c172dcd5825e9000048c014c00a00390038c00fc0050035c012c00800160013c00dc003000ac013c00900330032c00ec004002fc011c007c00cc00200050004001500120009001400 (10) State = 0x47b9430247ac5af4cf068da2e811b93b (10) Message-Authenticator = 0x234026d6e99d5452e63d92a6437786e3 (10) session-state: No cached attributes (10) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (10) authorize { (10) [preprocess] = ok (10) [chap] = noop (10) [mschap] = noop (10) [digest] = noop (10) suffix: Checking for suffix after "@" (10) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (10) suffix: No such realm "NULL" (10) [suffix] = noop (10) eap: Peer sent code Response (2) ID 21 length 200 (10) eap: Continuing tunnel setup (10) [eap] = ok (10) } # authorize = ok (10) Found Auth-Type = EAP (10) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (10) authenticate { (10) eap: Expiring EAP session with state 0x47b9430247ac5af4 (10) eap: Finished EAP session with state 0x47b9430247ac5af4 (10) eap: Previous EAP request found for state 0x47b9430247ac5af4, released from the list (10) eap: Peer sent method PEAP (25) (10) eap: EAP PEAP (25) (10) eap: Calling eap_peap to process EAP data (10) eap_peap: processing EAP-TLS (10) eap_peap: TLS Length 190 (10) eap_peap: Length Included (10) eap_peap: eaptls_verify returned 11 (10) eap_peap: (other): before/accept initialization (10) eap_peap: TLS_accept: before/accept initialization (10) eap_peap: <<< TLS 1.0 Handshake [length 00b9], ClientHello (10) eap_peap: TLS_accept: SSLv3 read client hello A (10) eap_peap: >>> TLS 1.0 Handshake [length 0039], ServerHello (10) eap_peap: TLS_accept: SSLv3 write server hello A (10) eap_peap: >>> TLS 1.0 Handshake [length 0e58], Certificate (10) eap_peap: TLS_accept: SSLv3 write certificate A (10) eap_peap: >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange (10) eap_peap: TLS_accept: SSLv3 write key exchange A (10) eap_peap: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone (10) eap_peap: TLS_accept: SSLv3 write server done A (10) eap_peap: TLS_accept: SSLv3 flush data (10) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A (10) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode (10) eap_peap: eaptls_process returned 13 (10) eap_peap: FR_TLS_HANDLED (10) eap: EAP session adding &reply:State = 0x47b9430246af5af4 (10) [eap] = handled (10) } # authenticate = handled (10) Sent Access-Challenge Id 44 from 71.46.62.133:1812 to 24.94.145.173:50185 length 1448 (10) EAP-Message = 0x0116056419c000000ff4160301003902000035030154f0dc89970e71c8c55af2f3ea817e733907cf0c78109fbc107a6a97dfa018c900c01400000dff01000100000b0004030001021603010e580b000e54000e510005213082051d30820405a00302010202044c233c7e300d06092a864886f70d010105 (10) Message-Authenticator = 0x00000000000000000000000000000000 (10) State = 0x47b9430246af5af4cf068da2e811b93b (10) Finished request Waking up in 0.2 seconds. (11) Received Access-Request Id 45 from 24.94.145.173:50185 to 71.46.62.133:1812 length 191 (11) User-Name = 'qaresdon' (11) NAS-IP-Address = 24.94.145.173 (11) NAS-Identifier = 'Ericsson' (11) Called-Station-Id = '000d67218560:BHN_E_Secure' (11) NAS-Port-Type = Wireless-802.11 (11) NAS-Port = 0 (11) Calling-Station-Id = 'e899c47233d8' (11) Connect-Info = 'CONNECT 0Mbps 802.11b' (11) Acct-Session-Id = '54ECEF48-000001CB' (11) Framed-MTU = 1400 (11) EAP-Message = 0x021600061900 (11) State = 0x47b9430246af5af4cf068da2e811b93b (11) Message-Authenticator = 0xa6dc2bd00eb7ba6b36fcf73d49d2a857 (11) session-state: No cached attributes (11) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (11) authorize { (11) [preprocess] = ok (11) [chap] = noop (11) [mschap] = noop (11) [digest] = noop (11) suffix: Checking for suffix after "@" (11) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (11) suffix: No such realm "NULL" (11) [suffix] = noop (11) eap: Peer sent code Response (2) ID 22 length 6 (11) eap: Continuing tunnel setup (11) [eap] = ok (11) } # authorize = ok (11) Found Auth-Type = EAP (11) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (11) authenticate { (11) eap: Expiring EAP session with state 0x47b9430246af5af4 (11) eap: Finished EAP session with state 0x47b9430246af5af4 (11) eap: Previous EAP request found for state 0x47b9430246af5af4, released from the list (11) eap: Peer sent method PEAP (25) (11) eap: EAP PEAP (25) (11) eap: Calling eap_peap to process EAP data (11) eap_peap: processing EAP-TLS (11) eap_peap: Received TLS ACK (11) eap_peap: Received TLS ACK (11) eap_peap: ACK handshake fragment handler (11) eap_peap: eaptls_verify returned 1 (11) eap_peap: eaptls_process returned 13 (11) eap_peap: FR_TLS_HANDLED (11) eap: EAP session adding &reply:State = 0x47b9430245ae5af4 (11) [eap] = handled (11) } # authenticate = handled (11) Sent Access-Challenge Id 45 from 71.46.62.133:1812 to 24.94.145.173:50185 length 1444 (11) EAP-Message = 0x011705601940f3fa6ff051ec9a0730ea94aaa1596407296688590004f9308204f5308203dda00302010202044c0e8c39300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f (11) Message-Authenticator = 0x00000000000000000000000000000000 (11) State = 0x47b9430245ae5af4cf068da2e811b93b (11) Finished request Waking up in 0.1 seconds. (12) Received Access-Request Id 46 from 24.94.145.173:50185 to 71.46.62.133:1812 length 191 (12) User-Name = 'qaresdon' (12) NAS-IP-Address = 24.94.145.173 (12) NAS-Identifier = 'Ericsson' (12) Called-Station-Id = '000d67218560:BHN_E_Secure' (12) NAS-Port-Type = Wireless-802.11 (12) NAS-Port = 0 (12) Calling-Station-Id = 'e899c47233d8' (12) Connect-Info = 'CONNECT 0Mbps 802.11b' (12) Acct-Session-Id = '54ECEF48-000001CB' (12) Framed-MTU = 1400 (12) EAP-Message = 0x021700061900 (12) State = 0x47b9430245ae5af4cf068da2e811b93b (12) Message-Authenticator = 0x520cb5bfae7e293e6ab6e47f41a6fda9 (12) session-state: No cached attributes (12) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (12) authorize { (12) [preprocess] = ok (12) [chap] = noop (12) [mschap] = noop (12) [digest] = noop (12) suffix: Checking for suffix after "@" (12) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (12) suffix: No such realm "NULL" (12) [suffix] = noop (12) eap: Peer sent code Response (2) ID 23 length 6 (12) eap: Continuing tunnel setup (12) [eap] = ok (12) } # authorize = ok (12) Found Auth-Type = EAP (12) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (12) authenticate { (12) eap: Expiring EAP session with state 0x47b9430245ae5af4 (12) eap: Finished EAP session with state 0x47b9430245ae5af4 (12) eap: Previous EAP request found for state 0x47b9430245ae5af4, released from the list (12) eap: Peer sent method PEAP (25) (12) eap: EAP PEAP (25) (12) eap: Calling eap_peap to process EAP data (12) eap_peap: processing EAP-TLS (12) eap_peap: Received TLS ACK (12) eap_peap: Received TLS ACK (12) eap_peap: ACK handshake fragment handler (12) eap_peap: eaptls_verify returned 1 (12) eap_peap: eaptls_process returned 13 (12) eap_peap: FR_TLS_HANDLED (12) eap: EAP session adding &reply:State = 0x47b9430244a15af4 (12) [eap] = handled (12) } # authenticate = handled (12) Sent Access-Challenge Id 46 from 71.46.62.133:1812 to 24.94.145.173:50185 length 1418 (12) EAP-Message = 0x01180546190077772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e (12) Message-Authenticator = 0x00000000000000000000000000000000 (12) State = 0x47b9430244a15af4cf068da2e811b93b (12) Finished request Waking up in 0.1 seconds. (13) Received Access-Request Id 47 from 24.94.145.173:50185 to 71.46.62.133:1812 length 329 (13) User-Name = 'qaresdon' (13) NAS-IP-Address = 24.94.145.173 (13) NAS-Identifier = 'Ericsson' (13) Called-Station-Id = '000d67218560:BHN_E_Secure' (13) NAS-Port-Type = Wireless-802.11 (13) NAS-Port = 0 (13) Calling-Station-Id = 'e899c47233d8' (13) Connect-Info = 'CONNECT 0Mbps 802.11b' (13) Acct-Session-Id = '54ECEF48-000001CB' (13) Framed-MTU = 1400 (13) EAP-Message = 0x021800901980000000861603010046100000424104cf8de0d37e7d03185d5f474c8a22e3bd63b807ec8a91a3d64663479f485227a66533ac6fed318c79f4c935a17db196a161edc2bfdb946723531e64323306a2a81403010001011603010030400a86bf08c63fb1bc3ca7e3b2a3213b090e52d54b0d08 (13) State = 0x47b9430244a15af4cf068da2e811b93b (13) Message-Authenticator = 0xdd77d733d8fe2cdb4a863140f35a0044 (13) session-state: No cached attributes (13) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (13) authorize { (13) [preprocess] = ok (13) [chap] = noop (13) [mschap] = noop (13) [digest] = noop (13) suffix: Checking for suffix after "@" (13) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (13) suffix: No such realm "NULL" (13) [suffix] = noop (13) eap: Peer sent code Response (2) ID 24 length 144 (13) eap: Continuing tunnel setup (13) [eap] = ok (13) } # authorize = ok (13) Found Auth-Type = EAP (13) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (13) authenticate { (13) eap: Expiring EAP session with state 0x47b9430244a15af4 (13) eap: Finished EAP session with state 0x47b9430244a15af4 (13) eap: Previous EAP request found for state 0x47b9430244a15af4, released from the list (13) eap: Peer sent method PEAP (25) (13) eap: EAP PEAP (25) (13) eap: Calling eap_peap to process EAP data (13) eap_peap: processing EAP-TLS (13) eap_peap: TLS Length 134 (13) eap_peap: Length Included (13) eap_peap: eaptls_verify returned 11 (13) eap_peap: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange (13) eap_peap: TLS_accept: SSLv3 read client key exchange A (13) eap_peap: <<< TLS 1.0 ChangeCipherSpec [length 0001] (13) eap_peap: <<< TLS 1.0 Handshake [length 0010], Finished (13) eap_peap: TLS_accept: SSLv3 read finished A (13) eap_peap: >>> TLS 1.0 ChangeCipherSpec [length 0001] (13) eap_peap: TLS_accept: SSLv3 write change cipher spec A (13) eap_peap: >>> TLS 1.0 Handshake [length 0010], Finished (13) eap_peap: TLS_accept: SSLv3 write finished A (13) eap_peap: TLS_accept: SSLv3 flush data (13) eap_peap: (other): SSL negotiation finished successfully SSL Connection Established (13) eap_peap: eaptls_process returned 13 (13) eap_peap: FR_TLS_HANDLED (13) eap: EAP session adding &reply:State = 0x47b9430243a05af4 (13) [eap] = handled (13) } # authenticate = handled (13) Sent Access-Challenge Id 47 from 71.46.62.133:1812 to 24.94.145.173:50185 length 123 (13) EAP-Message = 0x011900411900140301000101160301003004c2a3b4b9b82ccecd0e2179995775a93888a24f1541e581f521d8ed3ac7197776e1bd0a241ee64f59eccebf12e0d113 (13) Message-Authenticator = 0x00000000000000000000000000000000 (13) State = 0x47b9430243a05af4cf068da2e811b93b (13) Finished request (14) Received Access-Request Id 48 from 24.94.145.173:50185 to 71.46.62.133:1812 length 191 (14) User-Name = 'qaresdon' (14) NAS-IP-Address = 24.94.145.173 (14) NAS-Identifier = 'Ericsson' (14) Called-Station-Id = '000d67218560:BHN_E_Secure' (14) NAS-Port-Type = Wireless-802.11 (14) NAS-Port = 0 (14) Calling-Station-Id = 'e899c47233d8' (14) Connect-Info = 'CONNECT 0Mbps 802.11b' (14) Acct-Session-Id = '54ECEF48-000001CB' (14) Framed-MTU = 1400 (14) EAP-Message = 0x021900061900 (14) State = 0x47b9430243a05af4cf068da2e811b93b (14) Message-Authenticator = 0xa5277ef10733e59154e448e453abcc84 (14) session-state: No cached attributes (14) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (14) authorize { (14) [preprocess] = ok (14) [chap] = noop (14) [mschap] = noop (14) [digest] = noop (14) suffix: Checking for suffix after "@" (14) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (14) suffix: No such realm "NULL" (14) [suffix] = noop (14) eap: Peer sent code Response (2) ID 25 length 6 (14) eap: Continuing tunnel setup (14) [eap] = ok (14) } # authorize = ok (14) Found Auth-Type = EAP (14) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (14) authenticate { (14) eap: Expiring EAP session with state 0x47b9430243a05af4 (14) eap: Finished EAP session with state 0x47b9430243a05af4 (14) eap: Previous EAP request found for state 0x47b9430243a05af4, released from the list (14) eap: Peer sent method PEAP (25) (14) eap: EAP PEAP (25) (14) eap: Calling eap_peap to process EAP data (14) eap_peap: processing EAP-TLS (14) eap_peap: Received TLS ACK (14) eap_peap: Received TLS ACK (14) eap_peap: ACK handshake is finished (14) eap_peap: eaptls_verify returned 3 (14) eap_peap: eaptls_process returned 3 (14) eap_peap: FR_TLS_SUCCESS (14) eap_peap: Session established. Decoding tunneled attributes (14) eap_peap: PEAP state TUNNEL ESTABLISHED (14) eap: EAP session adding &reply:State = 0x47b9430242a35af4 (14) [eap] = handled (14) } # authenticate = handled (14) Sent Access-Challenge Id 48 from 71.46.62.133:1812 to 24.94.145.173:50185 length 101 (14) EAP-Message = 0x011a002b1900170301002063eff583b93a00adb2b8c32c0e6d76fdb770c48a2082c371a49d4e38f7e5e66e (14) Message-Authenticator = 0x00000000000000000000000000000000 (14) State = 0x47b9430242a35af4cf068da2e811b93b (14) Finished request (15) Received Access-Request Id 49 from 24.94.145.173:50185 to 71.46.62.133:1812 length 265 (15) User-Name = 'qaresdon' (15) NAS-IP-Address = 24.94.145.173 (15) NAS-Identifier = 'Ericsson' (15) Called-Station-Id = '000d67218560:BHN_E_Secure' (15) NAS-Port-Type = Wireless-802.11 (15) NAS-Port = 0 (15) Calling-Station-Id = 'e899c47233d8' (15) Connect-Info = 'CONNECT 0Mbps 802.11b' (15) Acct-Session-Id = '54ECEF48-000001CB' (15) Framed-MTU = 1400 (15) EAP-Message = 0x021a005019001703010020444d7703d0633278773a4532f81241a9657d462fe23ff85b61140f4b59dd9bde1703010020d3587111029d8c1912bae09f099a7961f6b45f3f3cbc749e70851e6620453370 (15) State = 0x47b9430242a35af4cf068da2e811b93b (15) Message-Authenticator = 0xa50f8a0ece481dffa3a3d9ecdf8f3e97 (15) session-state: No cached attributes (15) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (15) authorize { (15) [preprocess] = ok (15) [chap] = noop (15) [mschap] = noop (15) [digest] = noop (15) suffix: Checking for suffix after "@" (15) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (15) suffix: No such realm "NULL" (15) [suffix] = noop (15) eap: Peer sent code Response (2) ID 26 length 80 (15) eap: Continuing tunnel setup (15) [eap] = ok (15) } # authorize = ok (15) Found Auth-Type = EAP (15) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (15) authenticate { (15) eap: Expiring EAP session with state 0x47b9430242a35af4 (15) eap: Finished EAP session with state 0x47b9430242a35af4 (15) eap: Previous EAP request found for state 0x47b9430242a35af4, released from the list (15) eap: Peer sent method PEAP (25) (15) eap: EAP PEAP (25) (15) eap: Calling eap_peap to process EAP data (15) eap_peap: processing EAP-TLS (15) eap_peap: eaptls_verify returned 7 (15) eap_peap: Done initial handshake (15) eap_peap: eaptls_process returned 7 (15) eap_peap: FR_TLS_OK (15) eap_peap: Session established. Decoding tunneled attributes (15) eap_peap: PEAP state WAITING FOR INNER IDENTITY (15) eap_peap: Identity - qaresdon (15) eap_peap: Got inner identity 'qaresdon' (15) eap_peap: Setting default EAP type for tunneled EAP session (15) eap_peap: Got tunneled request (15) eap_peap: EAP-Message = 0x021a000d017161726573646f6e (15) eap_peap: Setting User-Name to qaresdon (15) eap_peap: Sending tunneled request to inner-tunnel (15) eap_peap: EAP-Message = 0x021a000d017161726573646f6e (15) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (15) eap_peap: User-Name = 'qaresdon' (15) Virtual server received request (15) EAP-Message = 0x021a000d017161726573646f6e (15) FreeRADIUS-Proxied-To = 127.0.0.1 (15) User-Name = 'qaresdon' (15) server inner-tunnel { (15) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (15) authorize { (15) suffix: Checking for suffix after "@" (15) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (15) suffix: No such realm "NULL" (15) [suffix] = noop (15) update control { (15) &Proxy-To-Realm := 'LOCAL' (15) } # update control = noop (15) eap: Peer sent code Response (2) ID 26 length 13 (15) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (15) [eap] = ok (15) } # authorize = ok (15) Found Auth-Type = EAP (15) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (15) authenticate { (15) eap: Peer sent method Identity (1) (15) eap: Calling eap_mschapv2 to process EAP data (15) eap_mschapv2: Issuing Challenge (15) eap: EAP session adding &reply:State = 0xdc34bc88dc2fa69e (15) [eap] = handled (15) } # authenticate = handled (15) } # server inner-tunnel (15) Virtual server sending reply (15) EAP-Message = 0x011b00221a011b001d102ae72db84059d876a035665b490aebec7161726573646f6e (15) Message-Authenticator = 0x00000000000000000000000000000000 (15) State = 0xdc34bc88dc2fa69e3a967a1782d5e125 (15) eap_peap: Got tunneled reply code 11 (15) eap_peap: EAP-Message = 0x011b00221a011b001d102ae72db84059d876a035665b490aebec7161726573646f6e (15) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (15) eap_peap: State = 0xdc34bc88dc2fa69e3a967a1782d5e125 (15) eap_peap: Got tunneled reply RADIUS code 11 (15) eap_peap: EAP-Message = 0x011b00221a011b001d102ae72db84059d876a035665b490aebec7161726573646f6e (15) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (15) eap_peap: State = 0xdc34bc88dc2fa69e3a967a1782d5e125 (15) eap_peap: Got tunneled Access-Challenge (15) eap: EAP session adding &reply:State = 0x47b9430241a25af4 (15) [eap] = handled (15) } # authenticate = handled (15) Sent Access-Challenge Id 49 from 71.46.62.133:1812 to 24.94.145.173:50185 length 133 (15) EAP-Message = 0x011b004b19001703010040eba179c7a8505b77d573fb759f610e4a5f743948c449478c807b91e8588153d8ef0cdb1a703ce8b511797f517c3f932de933b6847f4d6edf7d6f7ce22c1990fa (15) Message-Authenticator = 0x00000000000000000000000000000000 (15) State = 0x47b9430241a25af4cf068da2e811b93b (15) Finished request (16) Received Access-Request Id 50 from 24.94.145.173:50185 to 71.46.62.133:1812 length 329 (16) User-Name = 'qaresdon' (16) NAS-IP-Address = 24.94.145.173 (16) NAS-Identifier = 'Ericsson' (16) Called-Station-Id = '000d67218560:BHN_E_Secure' (16) NAS-Port-Type = Wireless-802.11 (16) NAS-Port = 0 (16) Calling-Station-Id = 'e899c47233d8' (16) Connect-Info = 'CONNECT 0Mbps 802.11b' (16) Acct-Session-Id = '54ECEF48-000001CB' (16) Framed-MTU = 1400 (16) EAP-Message = 0x021b00901900170301002007b2b83d6d25735150eccfd6bedee257068a23e21a51dab5c01352d1fd1d57cf17030100606591f863055ce53e41c486531210405f4d3ec5802ecbb7cb424108933a1ed369395e72b5c2ce7dc22f0156346f94b810bf4022d97edc3bd5eb980518b7b22a006e9d18a74b4ee2 (16) State = 0x47b9430241a25af4cf068da2e811b93b (16) Message-Authenticator = 0xb3f1450970a5b899594f603443443972 (16) session-state: No cached attributes (16) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (16) authorize { (16) [preprocess] = ok (16) [chap] = noop (16) [mschap] = noop (16) [digest] = noop (16) suffix: Checking for suffix after "@" (16) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (16) suffix: No such realm "NULL" (16) [suffix] = noop (16) eap: Peer sent code Response (2) ID 27 length 144 (16) eap: Continuing tunnel setup (16) [eap] = ok (16) } # authorize = ok (16) Found Auth-Type = EAP (16) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (16) authenticate { (16) eap: Expiring EAP session with state 0xdc34bc88dc2fa69e (16) eap: Finished EAP session with state 0x47b9430241a25af4 (16) eap: Previous EAP request found for state 0x47b9430241a25af4, released from the list (16) eap: Peer sent method PEAP (25) (16) eap: EAP PEAP (25) (16) eap: Calling eap_peap to process EAP data (16) eap_peap: processing EAP-TLS (16) eap_peap: eaptls_verify returned 7 (16) eap_peap: Done initial handshake (16) eap_peap: eaptls_process returned 7 (16) eap_peap: FR_TLS_OK (16) eap_peap: Session established. Decoding tunneled attributes (16) eap_peap: PEAP state phase2 (16) eap_peap: EAP type MSCHAPv2 (26) (16) eap_peap: Got tunneled request (16) eap_peap: EAP-Message = 0x021b00431a021b003e319d9b639720f94a20f9ce128df6bedfe800000000000000004c210c60184f767971ea8f80350a57d991e3a9d36b734b49007161726573646f6e (16) eap_peap: Setting User-Name to qaresdon (16) eap_peap: Sending tunneled request to inner-tunnel (16) eap_peap: EAP-Message = 0x021b00431a021b003e319d9b639720f94a20f9ce128df6bedfe800000000000000004c210c60184f767971ea8f80350a57d991e3a9d36b734b49007161726573646f6e (16) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (16) eap_peap: User-Name = 'qaresdon' (16) eap_peap: State = 0xdc34bc88dc2fa69e3a967a1782d5e125 (16) Virtual server received request (16) EAP-Message = 0x021b00431a021b003e319d9b639720f94a20f9ce128df6bedfe800000000000000004c210c60184f767971ea8f80350a57d991e3a9d36b734b49007161726573646f6e (16) FreeRADIUS-Proxied-To = 127.0.0.1 (16) User-Name = 'qaresdon' (16) State = 0xdc34bc88dc2fa69e3a967a1782d5e125 (16) server inner-tunnel { (16) session-state: No cached attributes (16) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (16) authorize { (16) suffix: Checking for suffix after "@" (16) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (16) suffix: No such realm "NULL" (16) [suffix] = noop (16) update control { (16) &Proxy-To-Realm := 'LOCAL' (16) } # update control = noop (16) eap: Peer sent code Response (2) ID 27 length 67 (16) eap: No EAP Start, assuming it's an on-going EAP conversation (16) [eap] = updated (16) [files] = noop (16) update control { (16) Cache-Status-Only = yes (16) } # update control = noop (16) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id} (16) cache: --> qaresdone899c47233d8 (16) cache: Found entry for "qaresdone899c47233d8" (16) [cache] = ok (16) if (notfound) { (16) if (notfound) -> FALSE (16) else { (16) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id} (16) cache: --> qaresdone899c47233d8 (16) cache: Found entry for "qaresdone899c47233d8" (16) cache: Merging cache entry into request (16) cache: &control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef (16) cache: &control:LM-Password := 0xe52cac67419a9a2238f10713b629b565 (16) [cache] = ok (16) } # else = ok (16) [mschap] = noop (16) [expiration] = noop (16) [logintime] = noop (16) } # authorize = updated (16) Found Auth-Type = EAP (16) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (16) authenticate { (16) eap: Expiring EAP session with state 0xdc34bc88dc2fa69e (16) eap: Finished EAP session with state 0xdc34bc88dc2fa69e (16) eap: Previous EAP request found for state 0xdc34bc88dc2fa69e, released from the list (16) eap: Peer sent method MSCHAPv2 (26) (16) eap: EAP MSCHAPv2 (26) (16) eap: Calling eap_mschapv2 to process EAP data (16) eap_mschapv2: # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (16) eap_mschapv2: Auth-Type MS-CHAP { (16) mschap: Found NT-Password (16) mschap: Found LM-Password (16) mschap: Creating challenge hash with username: qaresdon (16) mschap: Client is using MS-CHAPv2 (16) mschap: Adding MS-CHAPv2 MPPE keys (16) [mschap] = ok (16) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id} (16) cache: --> qaresdone899c47233d8 (16) cache: Found entry for "qaresdone899c47233d8" (16) cache: Merging cache entry into request (16) cache: &control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef (16) cache: &control:LM-Password := 0xe52cac67419a9a2238f10713b629b565 (16) [cache.authorize] = ok (16) } # Auth-Type MS-CHAP = ok MSCHAP Success (16) eap: EAP session adding &reply:State = 0xdc34bc88dd28a69e (16) [eap] = handled (16) } # authenticate = handled (16) } # server inner-tunnel (16) Virtual server sending reply (16) EAP-Message = 0x011c00331a031b002e533d35414239433738313732353138424137433742444544414435323741353843373130323039393842 (16) Message-Authenticator = 0x00000000000000000000000000000000 (16) State = 0xdc34bc88dd28a69e3a967a1782d5e125 (16) eap_peap: Got tunneled reply code 11 (16) eap_peap: EAP-Message = 0x011c00331a031b002e533d35414239433738313732353138424137433742444544414435323741353843373130323039393842 (16) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (16) eap_peap: State = 0xdc34bc88dd28a69e3a967a1782d5e125 (16) eap_peap: Got tunneled reply RADIUS code 11 (16) eap_peap: EAP-Message = 0x011c00331a031b002e533d35414239433738313732353138424137433742444544414435323741353843373130323039393842 (16) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (16) eap_peap: State = 0xdc34bc88dd28a69e3a967a1782d5e125 (16) eap_peap: Got tunneled Access-Challenge (16) eap: EAP session adding &reply:State = 0x47b9430240a55af4 (16) [eap] = handled (16) } # authenticate = handled (16) Sent Access-Challenge Id 50 from 71.46.62.133:1812 to 24.94.145.173:50185 length 149 (16) EAP-Message = 0x011c005b19001703010050faeddc27bdb1e63f8337eff705fe22de37ffec1ba614a61c61c75153252f3442fa5cee3a75d6742dfa5a7fbf8ea3472fb669d56643de844783d6509ff4318ed1d9247686bca35619614d64df96bf2dc3 (16) Message-Authenticator = 0x00000000000000000000000000000000 (16) State = 0x47b9430240a55af4cf068da2e811b93b (16) Finished request (17) Received Access-Request Id 51 from 24.94.145.173:50185 to 71.46.62.133:1812 length 265 (17) User-Name = 'qaresdon' (17) NAS-IP-Address = 24.94.145.173 (17) NAS-Identifier = 'Ericsson' (17) Called-Station-Id = '000d67218560:BHN_E_Secure' (17) NAS-Port-Type = Wireless-802.11 (17) NAS-Port = 0 (17) Calling-Station-Id = 'e899c47233d8' (17) Connect-Info = 'CONNECT 0Mbps 802.11b' (17) Acct-Session-Id = '54ECEF48-000001CB' (17) Framed-MTU = 1400 (17) EAP-Message = 0x021c005019001703010020ddca3edd4477d26108d00beab500bbfcfa9b8951e1e049f9ebe4d5ada15745901703010020599c4141407f203a141fa9c50115e48414b543c36ee62c5af097f2e0ce3feaa4 (17) State = 0x47b9430240a55af4cf068da2e811b93b (17) Message-Authenticator = 0x05b9d64e3540d0dd8a94b759ec9d3190 (17) session-state: No cached attributes (17) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (17) authorize { (17) [preprocess] = ok (17) [chap] = noop (17) [mschap] = noop (17) [digest] = noop (17) suffix: Checking for suffix after "@" (17) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (17) suffix: No such realm "NULL" (17) [suffix] = noop (17) eap: Peer sent code Response (2) ID 28 length 80 (17) eap: Continuing tunnel setup (17) [eap] = ok (17) } # authorize = ok (17) Found Auth-Type = EAP (17) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (17) authenticate { (17) eap: Expiring EAP session with state 0xdc34bc88dd28a69e (17) eap: Finished EAP session with state 0x47b9430240a55af4 (17) eap: Previous EAP request found for state 0x47b9430240a55af4, released from the list (17) eap: Peer sent method PEAP (25) (17) eap: EAP PEAP (25) (17) eap: Calling eap_peap to process EAP data (17) eap_peap: processing EAP-TLS (17) eap_peap: eaptls_verify returned 7 (17) eap_peap: Done initial handshake (17) eap_peap: eaptls_process returned 7 (17) eap_peap: FR_TLS_OK (17) eap_peap: Session established. Decoding tunneled attributes (17) eap_peap: PEAP state phase2 (17) eap_peap: EAP type MSCHAPv2 (26) (17) eap_peap: Got tunneled request (17) eap_peap: EAP-Message = 0x021c00061a03 (17) eap_peap: Setting User-Name to qaresdon (17) eap_peap: Sending tunneled request to inner-tunnel (17) eap_peap: EAP-Message = 0x021c00061a03 (17) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (17) eap_peap: User-Name = 'qaresdon' (17) eap_peap: State = 0xdc34bc88dd28a69e3a967a1782d5e125 (17) Virtual server received request (17) EAP-Message = 0x021c00061a03 (17) FreeRADIUS-Proxied-To = 127.0.0.1 (17) User-Name = 'qaresdon' (17) State = 0xdc34bc88dd28a69e3a967a1782d5e125 (17) server inner-tunnel { (17) session-state: No cached attributes (17) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (17) authorize { (17) suffix: Checking for suffix after "@" (17) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (17) suffix: No such realm "NULL" (17) [suffix] = noop (17) update control { (17) &Proxy-To-Realm := 'LOCAL' (17) } # update control = noop (17) eap: Peer sent code Response (2) ID 28 length 6 (17) eap: No EAP Start, assuming it's an on-going EAP conversation (17) [eap] = updated (17) [files] = noop (17) update control { (17) Cache-Status-Only = yes (17) } # update control = noop (17) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id} (17) cache: --> qaresdone899c47233d8 (17) cache: Found entry for "qaresdone899c47233d8" (17) [cache] = ok (17) if (notfound) { (17) if (notfound) -> FALSE (17) else { (17) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id} (17) cache: --> qaresdone899c47233d8 (17) cache: Found entry for "qaresdone899c47233d8" (17) cache: Merging cache entry into request (17) cache: &control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef (17) cache: &control:LM-Password := 0xe52cac67419a9a2238f10713b629b565 (17) [cache] = ok (17) } # else = ok (17) [mschap] = noop (17) [expiration] = noop (17) [logintime] = noop (17) } # authorize = updated (17) Found Auth-Type = EAP (17) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (17) authenticate { (17) eap: Expiring EAP session with state 0xdc34bc88dd28a69e (17) eap: Finished EAP session with state 0xdc34bc88dd28a69e (17) eap: Previous EAP request found for state 0xdc34bc88dd28a69e, released from the list (17) eap: Peer sent method MSCHAPv2 (26) (17) eap: EAP MSCHAPv2 (26) (17) eap: Calling eap_mschapv2 to process EAP data (17) eap: Freeing handler (17) [eap] = ok (17) } # authenticate = ok (17) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (17) post-auth { (17) policy cui-inner.post-auth { (17) if (&outer.request:Chargeable-User-Identity && (&outer.request:Operator-Name || ('no' != 'yes'))) { (17) if (&outer.request:Chargeable-User-Identity && (&outer.request:Operator-Name || ('no' != 'yes'))) -> FALSE (17) } # policy cui-inner.post-auth = noop (17) } # post-auth = noop (17) } # server inner-tunnel (17) Virtual server sending reply (17) MS-MPPE-Encryption-Policy = Encryption-Required (17) MS-MPPE-Encryption-Types = 4 (17) MS-MPPE-Send-Key = 0x71faf100c184bb80a7f5759128728a51 (17) MS-MPPE-Recv-Key = 0xe1fa5d528b2f14d5d87c9ab1f5be29e1 (17) EAP-Message = 0x031c0004 (17) Message-Authenticator = 0x00000000000000000000000000000000 (17) User-Name = 'qaresdon' (17) eap_peap: Got tunneled reply code 2 (17) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Required (17) eap_peap: MS-MPPE-Encryption-Types = 4 (17) eap_peap: MS-MPPE-Send-Key = 0x71faf100c184bb80a7f5759128728a51 (17) eap_peap: MS-MPPE-Recv-Key = 0xe1fa5d528b2f14d5d87c9ab1f5be29e1 (17) eap_peap: EAP-Message = 0x031c0004 (17) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (17) eap_peap: User-Name = 'qaresdon' (17) eap_peap: Got tunneled reply RADIUS code 2 (17) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Required (17) eap_peap: MS-MPPE-Encryption-Types = 4 (17) eap_peap: MS-MPPE-Send-Key = 0x71faf100c184bb80a7f5759128728a51 (17) eap_peap: MS-MPPE-Recv-Key = 0xe1fa5d528b2f14d5d87c9ab1f5be29e1 (17) eap_peap: EAP-Message = 0x031c0004 (17) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (17) eap_peap: User-Name = 'qaresdon' (17) eap_peap: Tunneled authentication was successful (17) eap_peap: SUCCESS (17) eap: EAP session adding &reply:State = 0x47b943024fa45af4 (17) [eap] = handled (17) } # authenticate = handled (17) Sent Access-Challenge Id 51 from 71.46.62.133:1812 to 24.94.145.173:50185 length 101 (17) EAP-Message = 0x011d002b19001703010020c1cb8a2adaec97068fce3c79138415311733e76fbb606ebea6434e6cf31d0784 (17) Message-Authenticator = 0x00000000000000000000000000000000 (17) State = 0x47b943024fa45af4cf068da2e811b93b (17) Finished request (18) Received Access-Request Id 52 from 24.94.145.173:50185 to 71.46.62.133:1812 length 265 (18) User-Name = 'qaresdon' (18) NAS-IP-Address = 24.94.145.173 (18) NAS-Identifier = 'Ericsson' (18) Called-Station-Id = '000d67218560:BHN_E_Secure' (18) NAS-Port-Type = Wireless-802.11 (18) NAS-Port = 0 (18) Calling-Station-Id = 'e899c47233d8' (18) Connect-Info = 'CONNECT 0Mbps 802.11b' (18) Acct-Session-Id = '54ECEF48-000001CB' (18) Framed-MTU = 1400 (18) EAP-Message = 0x021d005019001703010020be84dba5e26b02d5cc27cdb27b51b4ff52bf7e95784ea825407ff03eaa95503017030100204903da62e5726b1c3bc71038c976a85512437c366aa52cb1818da43663d6bd6f (18) State = 0x47b943024fa45af4cf068da2e811b93b (18) Message-Authenticator = 0xfbe02e1d66841105f13857477767a3bc (18) session-state: No cached attributes (18) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (18) authorize { (18) [preprocess] = ok (18) [chap] = noop (18) [mschap] = noop (18) [digest] = noop (18) suffix: Checking for suffix after "@" (18) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL (18) suffix: No such realm "NULL" (18) [suffix] = noop (18) eap: Peer sent code Response (2) ID 29 length 80 (18) eap: Continuing tunnel setup (18) [eap] = ok (18) } # authorize = ok (18) Found Auth-Type = EAP (18) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (18) authenticate { (18) eap: Expiring EAP session with state 0x47b943024fa45af4 (18) eap: Finished EAP session with state 0x47b943024fa45af4 (18) eap: Previous EAP request found for state 0x47b943024fa45af4, released from the list (18) eap: Peer sent method PEAP (25) (18) eap: EAP PEAP (25) (18) eap: Calling eap_peap to process EAP data (18) eap_peap: processing EAP-TLS (18) eap_peap: eaptls_verify returned 7 (18) eap_peap: Done initial handshake (18) eap_peap: eaptls_process returned 7 (18) eap_peap: FR_TLS_OK (18) eap_peap: Session established. Decoding tunneled attributes (18) eap_peap: PEAP state send tlv success (18) eap_peap: Received EAP-TLV response (18) eap_peap: Success (18) eap: Freeing handler (18) [eap] = ok (18) } # authenticate = ok (18) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default (18) post-auth { (18) update { (18) No attributes updated (18) } # update = noop (18) linelog: EXPAND Accounting-Request.%{%{Acct-Status-Type}:-unknown} (18) linelog: --> Accounting-Request.unknown (18) linelog: EXPAND /var/log/radius/linelog (18) linelog: --> /var/log/radius/linelog (18) linelog: EXPAND NAS %{Packet-Src-IP-Address} (%{NAS-IP-Address}) sent unknown Acct-Status-Type %{Acct-Status-Type} (18) linelog: --> NAS 24.94.145.173 (24.94.145.173) sent unknown Acct-Status-Type (18) [linelog] = ok (18) [exec] = noop (18) policy remove_reply_message_if_eap { (18) if (&reply:EAP-Message && &reply:Reply-Message) { (18) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (18) else { (18) [noop] = noop (18) } # else = noop (18) } # policy remove_reply_message_if_eap = noop (18) } # post-auth = ok (18) Sent Access-Accept Id 52 from 71.46.62.133:1812 to 24.94.145.173:50185 length 170 (18) MS-MPPE-Recv-Key = 0x0fc71a3238ac879ef11f6f3f497abbc7a45f6f6524e89cad187536b10962f480 (18) MS-MPPE-Send-Key = 0x24b64b9cc9e8192e9b5c15773e0f5af470c32a8428c2380f98478063b3a35296 (18) EAP-Message = 0x031d0004 (18) Message-Authenticator = 0x00000000000000000000000000000000 (18) User-Name = 'qaresdon' (18) Finished request ________________________________ CONFIDENTIALITY NOTICE: This e-mail may contain information that is privileged, confidential or otherwise protected from disclosure. **If you are not the intended recipient of this e-mail, please notify the sender immediately by return e-mail, purge it and do not disseminate or copy it.
On Feb 27, 2015, at 4:20 PM, Sherker, Donald <Donald.Sherker@mybrighthouse.com> wrote:
I have made this change and the server is able to cache the hashes for both EAP-PEAP and EAP-TTLS now. I am now seeing a problem where after MSCHAPv2 finishes it's status is "updated" the first time the user tries to authenticate and then EAP fails.
A careful reading of the debug log is helpful here: (7) eap_mschapv2: Auth-Type MS-CHAP { (7) mschap: Found Cleartext-Password, hashing to create NT-Password (7) mschap: Found Cleartext-Password, hashing to create LM-Password (7) mschap: Creating challenge hash with username: qaresdon (7) mschap: Client is using MS-CHAPv2 (7) mschap: Adding MS-CHAPv2 MPPE keys (7) [mschap] = ok (7) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id} (7) cache: --> qaresdone899c47233d8 (7) cache: No cache entry found for "qaresdone899c47233d8" (7) cache: Creating new cache entry (7) cache: EXPAND %{control:NT-Password} (7) cache: --> 0x5835048ce94ad0564e29a924a03510ef (7) cache: control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef (7) cache: EXPAND %{control:LM-Password} (7) cache: --> 0xe52cac67419a9a2238f10713b629b565 (7) cache: control:LM-Password := 0xe52cac67419a9a2238f10713b629b565 (7) cache: Merging cache entry into request (7) cache: &control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef (7) cache: &control:LM-Password := 0xe52cac67419a9a2238f10713b629b565 (7) cache: Commited entry, TTL 86400 seconds (7) [cache.authorize] = updated (7) } # Auth-Type MS-CHAP = updated (7) eap: Freeing handler (7) [eap] = reject (7) } # authenticate = reject i.e. the *cache* module returns “updated”. That can be fixed. Just add “ok” after “cache.authorize”: Auth-Type MS-CHAP { mschap cache.authorize ok }
The device will try to authenticate again and MSCHAP will finish with a status of "ok" and the user successfully authenticates. I am adding a debug output below. This behavior is the same with either of the Auth-Type MS-CHAP sections that you suggested. I am only providing a debug for EAP-PEAP since the behavior appears to be the same for this and EAP-TTLS.
Thanks. The above change should fix it. Alan DeKok.
On 27 Feb 2015, at 17:48, Alan DeKok <aland@deployingradius.com> wrote:
On Feb 27, 2015, at 4:20 PM, Sherker, Donald <Donald.Sherker@mybrighthouse.com> wrote:
I have made this change and the server is able to cache the hashes for both EAP-PEAP and EAP-TTLS now. I am now seeing a problem where after MSCHAPv2 finishes it's status is "updated" the first time the user tries to authenticate and then EAP fails.
A careful reading of the debug log is helpful here:
(7) eap_mschapv2: Auth-Type MS-CHAP { (7) mschap: Found Cleartext-Password, hashing to create NT-Password (7) mschap: Found Cleartext-Password, hashing to create LM-Password (7) mschap: Creating challenge hash with username: qaresdon (7) mschap: Client is using MS-CHAPv2 (7) mschap: Adding MS-CHAPv2 MPPE keys (7) [mschap] = ok (7) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id} (7) cache: --> qaresdone899c47233d8 (7) cache: No cache entry found for "qaresdone899c47233d8" (7) cache: Creating new cache entry (7) cache: EXPAND %{control:NT-Password} (7) cache: --> 0x5835048ce94ad0564e29a924a03510ef (7) cache: control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef (7) cache: EXPAND %{control:LM-Password} (7) cache: --> 0xe52cac67419a9a2238f10713b629b565 (7) cache: control:LM-Password := 0xe52cac67419a9a2238f10713b629b565 (7) cache: Merging cache entry into request (7) cache: &control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef (7) cache: &control:LM-Password := 0xe52cac67419a9a2238f10713b629b565 (7) cache: Commited entry, TTL 86400 seconds (7) [cache.authorize] = updated (7) } # Auth-Type MS-CHAP = updated (7) eap: Freeing handler (7) [eap] = reject (7) } # authenticate = reject
i.e. the *cache* module returns “updated”. That can be fixed. Just add “ok” after “cache.authorize”:
Sure, that's a workaround, but this is a bug in the server. A module returning updated in the authentication section should not cause authentication to fail. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
i.e. the *cache* module returns “updated”. That can be fixed. Just add “ok” after “cache.authorize”:
Auth-Type MS-CHAP { mschap cache.authorize ok }
I have made the recommended change, but I am still getting the same result. The only difference I can see in the log is the [ok] = ok towards the end of MS-CHAP section. (7) eap_mschapv2: Auth-Type MS-CHAP { (7) mschap: Found Cleartext-Password, hashing to create NT-Password (7) mschap: Found Cleartext-Password, hashing to create LM-Password (7) mschap: Creating challenge hash with username: qaresdon (7) mschap: Client is using MS-CHAPv2 (7) mschap: Adding MS-CHAPv2 MPPE keys (7) [mschap] = ok (7) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id} (7) cache: --> qaresdone899c47233d8 (7) cache: No cache entry found for "qaresdone899c47233d8" (7) cache: Creating new cache entry (7) cache: EXPAND %{control:NT-Password} (7) cache: --> 0x5835048ce94ad0564e29a924a03510ef (7) cache: control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef (7) cache: EXPAND %{control:LM-Password} (7) cache: --> 0xe52cac67419a9a2238f10713b629b565 (7) cache: control:LM-Password := 0xe52cac67419a9a2238f10713b629b565 (7) cache: Merging cache entry into request (7) cache: &control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef (7) cache: &control:LM-Password := 0xe52cac67419a9a2238f10713b629b565 (7) cache: Commited entry, TTL 86400 seconds (7) [cache.authorize] = updated (7) [ok] = ok (7) } # Auth-Type MS-CHAP = updated (7) eap: Freeing handler (7) [eap] = reject (7) } # authenticate = reject Thanks, Don ________________________________ CONFIDENTIALITY NOTICE: This e-mail may contain information that is privileged, confidential or otherwise protected from disclosure. **If you are not the intended recipient of this e-mail, please notify the sender immediately by return e-mail, purge it and do not disseminate or copy it.
On Mar 2, 2015, at 9:04 AM, Sherker, Donald <Donald.Sherker@mybrighthouse.com> wrote:
I have made the recommended change, but I am still getting the same result. The only difference I can see in the log is the [ok] = ok towards the end of MS-CHAP section.
Yeah, Arran filed a bug about this, and I fixed it over the weekend. Please try the v3.0.x branch from github: https://github.com/FreeRADIUS/freeradius-server/archive/v3.0.x.zip Alan DeKok.
Yeah, Arran filed a bug about this, and I fixed it over the weekend. Please try the v3.0.x branch from github:
https://github.com/FreeRADIUS/freeradius-server/archive/v3.0.x.zip
I have installed this patch and am still experiencing the same behavior. Thanks, Don ________________________________ CONFIDENTIALITY NOTICE: This e-mail may contain information that is privileged, confidential or otherwise protected from disclosure. **If you are not the intended recipient of this e-mail, please notify the sender immediately by return e-mail, purge it and do not disseminate or copy it.
participants (4)
-
Alan DeKok -
Arran Cudbard-Bell -
Matthew Newton -
Sherker, Donald