RE: Pass change/expiry problem
Thank you Alan for your response, After I changed to 3.0.9 I am not getting a pass change window on my laptop anymore... it just tells me that the username or password is incorrect. I still can authenticate succesfully with a different user that has no expired password.. (0) Received Access-Request Id 239 from 10.70.1.1:32770 to 10.10.10.3:1812 length 234 (0) User-Name = 'vdiuser001' (0) Calling-Station-Id = '00-c0-a8-c6-d7-79' (0) Called-Station-Id = 'a0-cf-5b-ca-a7-c0:Test' (0) NAS-Port = 13 (0) Cisco-AVPair = 'audit-session-id=0a46010100012114556eff78' (0) NAS-IP-Address = 10.70.1.1 (0) NAS-Identifier = 'Cisco-WLC-5508' (0) Airespace-Wlan-Id = 9 (0) Service-Type = Framed-User (0) Framed-MTU = 1300 (0) NAS-Port-Type = Wireless-802.11 (0) Tunnel-Type:0 = VLAN (0) Tunnel-Medium-Type:0 = IEEE-802 (0) Tunnel-Private-Group-Id:0 = '212' (0) EAP-Message = 0x0202000f0176646975736572303031 (0) Message-Authenticator = 0x188f999c1ff661dbdf631889c89f601b (0) # Executing section authorize from file /etc/raddb/sites-enabled/default (0) authorize { (0) policy filter_username { (0) if (!&User-Name) { (0) if (!&User-Name) -> FALSE (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@.*@/ ) { (0) if (&User-Name =~ /@.*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "vdiuser001", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) eap: Peer sent code Response (2) ID 2 length 15 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = EAP (0) # Executing group from file /etc/raddb/sites-enabled/default (0) authenticate { (0) eap: Peer sent method Identity (1) (0) eap: Calling eap_peap to process EAP data (0) eap_peap: Flushing SSL sessions (of #0) (0) eap_peap: Initiate (0) eap_peap: Start returned 1 (0) eap: EAP session adding &reply:State = 0xfcd853a7fcdb4aaf (0) [eap] = handled (0) } # authenticate = handled (0) Using Post-Auth-Type Challenge (0) Post-Auth-Type sub-section not found. Ignoring. (0) # Executing group from file /etc/raddb/sites-enabled/default (0) Sent Access-Challenge Id 239 from 10.10.10.3:1812 to 10.70.1.1:32770 length 0 (0) EAP-Message = 0x010300061920 (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0xfcd853a7fcdb4aafb400e9d91b88b168 (0) Finished request Waking up in 4.9 seconds. (1) Received Access-Request Id 240 from 10.70.1.1:32770 to 10.10.10.3:1812 length 378 (1) User-Name = 'vdiuser001' (1) Calling-Station-Id = '00-c0-a8-c6-d7-79' (1) Called-Station-Id = 'a0-cf-5b-ca-a7-c0:Test' (1) NAS-Port = 13 (1) Cisco-AVPair = 'audit-session-id=0a46010100012114556eff78' (1) NAS-IP-Address = 10.70.1.1 (1) NAS-Identifier = 'Cisco-WLC-5508' (1) Airespace-Wlan-Id = 9 (1) Service-Type = Framed-User (1) Framed-MTU = 1300 (1) NAS-Port-Type = Wireless-802.11 (1) Tunnel-Type:0 = VLAN (1) Tunnel-Medium-Type:0 = IEEE-802 (1) Tunnel-Private-Group-Id:0 = '212' (1) EAP-Message = 0x0203008d198000000083160301007e0100007a0301556f007139e2ef5fa810877430d9d30e669ea446efcc04237015dc29d6f6e88f20b48510af5eef4cad8b2d52382a9b8c9d69d2f5b409db03c2f576067eea76ab270018c014c0130035002fc00ac00900380032000a00130005000401000019ff0100 (1) State = 0xfcd853a7fcdb4aafb400e9d91b88b168 (1) Message-Authenticator = 0xc71382cba8adc5f62dd1d52c1f94eabd (1) session-state: No cached attributes (1) # Executing section authorize from file /etc/raddb/sites-enabled/default (1) authorize { (1) policy filter_username { (1) if (!&User-Name) { (1) if (!&User-Name) -> FALSE (1) if (&User-Name =~ / /) { (1) if (&User-Name =~ / /) -> FALSE (1) if (&User-Name =~ /@.*@/ ) { (1) if (&User-Name =~ /@.*@/ ) -> FALSE (1) if (&User-Name =~ /\.\./ ) { (1) if (&User-Name =~ /\.\./ ) -> FALSE (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (1) if (&User-Name =~ /\.$/) { (1) if (&User-Name =~ /\.$/) -> FALSE (1) if (&User-Name =~ /@\./) { (1) if (&User-Name =~ /@\./) -> FALSE (1) } # policy filter_username = notfound (1) [preprocess] = ok (1) [chap] = noop (1) [mschap] = noop (1) [digest] = noop (1) suffix: Checking for suffix after "@" (1) suffix: No '@' in User-Name = "vdiuser001", looking up realm NULL (1) suffix: No such realm "NULL" (1) [suffix] = noop (1) eap: Peer sent code Response (2) ID 3 length 141 (1) eap: Continuing tunnel setup (1) [eap] = ok (1) } # authorize = ok (1) Found Auth-Type = EAP (1) # Executing group from file /etc/raddb/sites-enabled/default (1) authenticate { (1) eap: Expiring EAP session with state 0xfcd853a7fcdb4aaf (1) eap: Finished EAP session with state 0xfcd853a7fcdb4aaf (1) eap: Previous EAP request found for state 0xfcd853a7fcdb4aaf, released from the list (1) eap: Peer sent method PEAP (25) (1) eap: EAP PEAP (25) (1) eap: Calling eap_peap to process EAP data (1) eap_peap: processing EAP-TLS (1) eap_peap: TLS Length 131 (1) eap_peap: Length Included (1) eap_peap: eaptls_verify returned 11 (1) eap_peap: (other): before/accept initialization (1) eap_peap: TLS_accept: before/accept initialization (1) eap_peap: <<< TLS 1.0 Handshake [length 007e], ClientHello SSL: Client requested cached session b48510af5eef4cad8b2d52382a9b8c9d69d2f5b409db03c2f576067eea76ab27 (1) eap_peap: TLS_accept: SSLv3 read client hello A (1) eap_peap:>>> TLS 1.0 Handshake [length 0059], ServerHello (1) eap_peap: TLS_accept: SSLv3 write server hello A (1) eap_peap:>>> TLS 1.0 Handshake [length 08d0], Certificate (1) eap_peap: TLS_accept: SSLv3 write certificate A (1) eap_peap:>>> TLS 1.0 Handshake [length 014b], ServerKeyExchange (1) eap_peap: TLS_accept: SSLv3 write key exchange A (1) eap_peap:>>> TLS 1.0 Handshake [length 0004], ServerHelloDone (1) eap_peap: TLS_accept: SSLv3 write server done A (1) eap_peap: TLS_accept: SSLv3 flush data (1) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A (1) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode (1) eap_peap: eaptls_process returned 13 (1) eap_peap: FR_TLS_HANDLED (1) eap: EAP session adding &reply:State = 0xfcd853a7fddc4aaf (1) [eap] = handled (1) } # authenticate = handled (1) Using Post-Auth-Type Challenge (1) Post-Auth-Type sub-section not found. Ignoring. (1) # Executing group from file /etc/raddb/sites-enabled/default (1) Sent Access-Challenge Id 240 from 10.10.10.3:1812 to 10.70.1.1:32770 length 0 (1) EAP-Message = 0x010403ec19c000000a8c1603010059020000550301e33481638ab50505fd243d5f28281a03744290725fad8dda8caa9a4759feff2d20e43d8045ba796d2e07fef583a7bcf15886ba3822b31a075eca43b74aab2086c9c01400000dff01000100000b00040300010216030108d00b0008cc0008c90003de (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) State = 0xfcd853a7fddc4aafb400e9d91b88b168 (1) Finished request Waking up in 4.9 seconds. (2) Received Access-Request Id 241 from 10.70.1.1:32770 to 10.10.10.3:1812 length 243 (2) User-Name = 'vdiuser001' (2) Calling-Station-Id = '00-c0-a8-c6-d7-79' (2) Called-Station-Id = 'a0-cf-5b-ca-a7-c0:Test' (2) NAS-Port = 13 (2) Cisco-AVPair = 'audit-session-id=0a46010100012114556eff78' (2) NAS-IP-Address = 10.70.1.1 (2) NAS-Identifier = 'Cisco-WLC-5508' (2) Airespace-Wlan-Id = 9 (2) Service-Type = Framed-User (2) Framed-MTU = 1300 (2) NAS-Port-Type = Wireless-802.11 (2) Tunnel-Type:0 = VLAN (2) Tunnel-Medium-Type:0 = IEEE-802 (2) Tunnel-Private-Group-Id:0 = '212' (2) EAP-Message = 0x020400061900 (2) State = 0xfcd853a7fddc4aafb400e9d91b88b168 (2) Message-Authenticator = 0x69d10acc80d82e3a9c5aac64c3728ec0 (2) session-state: No cached attributes (2) # Executing section authorize from file /etc/raddb/sites-enabled/default (2) authorize { (2) policy filter_username { (2) if (!&User-Name) { (2) if (!&User-Name) -> FALSE (2) if (&User-Name =~ / /) { (2) if (&User-Name =~ / /) -> FALSE (2) if (&User-Name =~ /@.*@/ ) { (2) if (&User-Name =~ /@.*@/ ) -> FALSE (2) if (&User-Name =~ /\.\./ ) { (2) if (&User-Name =~ /\.\./ ) -> FALSE (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (2) if (&User-Name =~ /\.$/) { (2) if (&User-Name =~ /\.$/) -> FALSE (2) if (&User-Name =~ /@\./) { (2) if (&User-Name =~ /@\./) -> FALSE (2) } # policy filter_username = notfound (2) [preprocess] = ok (2) [chap] = noop (2) [mschap] = noop (2) [digest] = noop (2) suffix: Checking for suffix after "@" (2) suffix: No '@' in User-Name = "vdiuser001", looking up realm NULL (2) suffix: No such realm "NULL" (2) [suffix] = noop (2) eap: Peer sent code Response (2) ID 4 length 6 (2) eap: Continuing tunnel setup (2) [eap] = ok (2) } # authorize = ok (2) Found Auth-Type = EAP (2) # Executing group from file /etc/raddb/sites-enabled/default (2) authenticate { (2) eap: Expiring EAP session with state 0xfcd853a7fddc4aaf (2) eap: Finished EAP session with state 0xfcd853a7fddc4aaf (2) eap: Previous EAP request found for state 0xfcd853a7fddc4aaf, released from the list (2) eap: Peer sent method PEAP (25) (2) eap: EAP PEAP (25) (2) eap: Calling eap_peap to process EAP data (2) eap_peap: processing EAP-TLS (2) eap_peap: Received TLS ACK (2) eap_peap: Received TLS ACK (2) eap_peap: ACK handshake fragment handler (2) eap_peap: eaptls_verify returned 1 (2) eap_peap: eaptls_process returned 13 (2) eap_peap: FR_TLS_HANDLED (2) eap: EAP session adding &reply:State = 0xfcd853a7fedd4aaf (2) [eap] = handled (2) } # authenticate = handled (2) Using Post-Auth-Type Challenge (2) Post-Auth-Type sub-section not found. Ignoring. (2) # Executing group from file /etc/raddb/sites-enabled/default (2) Sent Access-Challenge Id 241 from 10.10.10.3:1812 to 10.70.1.1:32770 length 0 (2) EAP-Message = 0x010503e8194087d363ae51e9fa919a6062082c2ab782a717d7fede947271bcbe38ea3b9d04ee4cef44da92b58dfea437ba6764fd97950d4f99cb8e1b38b721f29b087ce94f71868ec5554e72d8d3a6f9a11c4108d6c8a7945c60f03a9991d841074df483c1574367aee17dbd11aaab0004e5308204e130 (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0xfcd853a7fedd4aafb400e9d91b88b168 (2) Finished request Waking up in 4.9 seconds. (3) Received Access-Request Id 242 from 10.70.1.1:32770 to 10.10.10.3:1812 length 243 (3) User-Name = 'vdiuser001' (3) Calling-Station-Id = '00-c0-a8-c6-d7-79' (3) Called-Station-Id = 'a0-cf-5b-ca-a7-c0:Test' (3) NAS-Port = 13 (3) Cisco-AVPair = 'audit-session-id=0a46010100012114556eff78' (3) NAS-IP-Address = 10.70.1.1 (3) NAS-Identifier = 'Cisco-WLC-5508' (3) Airespace-Wlan-Id = 9 (3) Service-Type = Framed-User (3) Framed-MTU = 1300 (3) NAS-Port-Type = Wireless-802.11 (3) Tunnel-Type:0 = VLAN (3) Tunnel-Medium-Type:0 = IEEE-802 (3) Tunnel-Private-Group-Id:0 = '212' (3) EAP-Message = 0x020500061900 (3) State = 0xfcd853a7fedd4aafb400e9d91b88b168 (3) Message-Authenticator = 0x0adea1512f939350fd4ac3a6ab9f2460 (3) session-state: No cached attributes (3) # Executing section authorize from file /etc/raddb/sites-enabled/default (3) authorize { (3) policy filter_username { (3) if (!&User-Name) { (3) if (!&User-Name) -> FALSE (3) if (&User-Name =~ / /) { (3) if (&User-Name =~ / /) -> FALSE (3) if (&User-Name =~ /@.*@/ ) { (3) if (&User-Name =~ /@.*@/ ) -> FALSE (3) if (&User-Name =~ /\.\./ ) { (3) if (&User-Name =~ /\.\./ ) -> FALSE (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (3) if (&User-Name =~ /\.$/) { (3) if (&User-Name =~ /\.$/) -> FALSE (3) if (&User-Name =~ /@\./) { (3) if (&User-Name =~ /@\./) -> FALSE (3) } # policy filter_username = notfound (3) [preprocess] = ok (3) [chap] = noop (3) [mschap] = noop (3) [digest] = noop (3) suffix: Checking for suffix after "@" (3) suffix: No '@' in User-Name = "vdiuser001", looking up realm NULL (3) suffix: No such realm "NULL" (3) [suffix] = noop (3) eap: Peer sent code Response (2) ID 5 length 6 (3) eap: Continuing tunnel setup (3) [eap] = ok (3) } # authorize = ok (3) Found Auth-Type = EAP (3) # Executing group from file /etc/raddb/sites-enabled/default (3) authenticate { (3) eap: Expiring EAP session with state 0xfcd853a7fedd4aaf (3) eap: Finished EAP session with state 0xfcd853a7fedd4aaf (3) eap: Previous EAP request found for state 0xfcd853a7fedd4aaf, released from the list (3) eap: Peer sent method PEAP (25) (3) eap: EAP PEAP (25) (3) eap: Calling eap_peap to process EAP data (3) eap_peap: processing EAP-TLS (3) eap_peap: Received TLS ACK (3) eap_peap: Received TLS ACK (3) eap_peap: ACK handshake fragment handler (3) eap_peap: eaptls_verify returned 1 (3) eap_peap: eaptls_process returned 13 (3) eap_peap: FR_TLS_HANDLED (3) eap: EAP session adding &reply:State = 0xfcd853a7ffde4aaf (3) [eap] = handled (3) } # authenticate = handled (3) Using Post-Auth-Type Challenge (3) Post-Auth-Type sub-section not found. Ignoring. (3) # Executing group from file /etc/raddb/sites-enabled/default (3) Sent Access-Challenge Id 242 from 10.10.10.3:1812 to 10.70.1.1:32770 length 0 (3) EAP-Message = 0x010602ce190020417574686f72697479820900cf57e5d1f44e11e4300c0603551d13040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d010105050003820101001a21 (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) State = 0xfcd853a7ffde4aafb400e9d91b88b168 (3) Finished request Waking up in 4.9 seconds. (4) Received Access-Request Id 243 from 10.70.1.1:32770 to 10.10.10.3:1812 length 381 (4) User-Name = 'vdiuser001' (4) Calling-Station-Id = '00-c0-a8-c6-d7-79' (4) Called-Station-Id = 'a0-cf-5b-ca-a7-c0:Test' (4) NAS-Port = 13 (4) Cisco-AVPair = 'audit-session-id=0a46010100012114556eff78' (4) NAS-IP-Address = 10.70.1.1 (4) NAS-Identifier = 'Cisco-WLC-5508' (4) Airespace-Wlan-Id = 9 (4) Service-Type = Framed-User (4) Framed-MTU = 1300 (4) NAS-Port-Type = Wireless-802.11 (4) Tunnel-Type:0 = VLAN (4) Tunnel-Medium-Type:0 = IEEE-802 (4) Tunnel-Private-Group-Id:0 = '212' (4) EAP-Message = 0x020600901980000000861603010046100000424104659013060486276c41b5734d0c4799ba9d6cb700dabbbc6bfa68a9b3b0c3b237b6f7ee8c9a194b8a20645279d3c7e05b5a7ee14383257f83eadf85aab1fc7d0d140301000101160301003042a06361b3cb896ea1b0476e10371b8eed883122419379 (4) State = 0xfcd853a7ffde4aafb400e9d91b88b168 (4) Message-Authenticator = 0x3674700353af1563ff78522ff0bf447d (4) session-state: No cached attributes (4) # Executing section authorize from file /etc/raddb/sites-enabled/default (4) authorize { (4) policy filter_username { (4) if (!&User-Name) { (4) if (!&User-Name) -> FALSE (4) if (&User-Name =~ / /) { (4) if (&User-Name =~ / /) -> FALSE (4) if (&User-Name =~ /@.*@/ ) { (4) if (&User-Name =~ /@.*@/ ) -> FALSE (4) if (&User-Name =~ /\.\./ ) { (4) if (&User-Name =~ /\.\./ ) -> FALSE (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (4) if (&User-Name =~ /\.$/) { (4) if (&User-Name =~ /\.$/) -> FALSE (4) if (&User-Name =~ /@\./) { (4) if (&User-Name =~ /@\./) -> FALSE (4) } # policy filter_username = notfound (4) [preprocess] = ok (4) [chap] = noop (4) [mschap] = noop (4) [digest] = noop (4) suffix: Checking for suffix after "@" (4) suffix: No '@' in User-Name = "vdiuser001", looking up realm NULL (4) suffix: No such realm "NULL" (4) [suffix] = noop (4) eap: Peer sent code Response (2) ID 6 length 144 (4) eap: Continuing tunnel setup (4) [eap] = ok (4) } # authorize = ok (4) Found Auth-Type = EAP (4) # Executing group from file /etc/raddb/sites-enabled/default (4) authenticate { (4) eap: Expiring EAP session with state 0xfcd853a7ffde4aaf (4) eap: Finished EAP session with state 0xfcd853a7ffde4aaf (4) eap: Previous EAP request found for state 0xfcd853a7ffde4aaf, released from the list (4) eap: Peer sent method PEAP (25) (4) eap: EAP PEAP (25) (4) eap: Calling eap_peap to process EAP data (4) eap_peap: processing EAP-TLS (4) eap_peap: TLS Length 134 (4) eap_peap: Length Included (4) eap_peap: eaptls_verify returned 11 (4) eap_peap: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange (4) eap_peap: TLS_accept: SSLv3 read client key exchange A (4) eap_peap: <<< TLS 1.0 ChangeCipherSpec [length 0001] (4) eap_peap: <<< TLS 1.0 Handshake [length 0010], Finished (4) eap_peap: TLS_accept: SSLv3 read finished A (4) eap_peap:>>> TLS 1.0 ChangeCipherSpec [length 0001] (4) eap_peap: TLS_accept: SSLv3 write change cipher spec A (4) eap_peap:>>> TLS 1.0 Handshake [length 0010], Finished (4) eap_peap: TLS_accept: SSLv3 write finished A (4) eap_peap: TLS_accept: SSLv3 flush data TLS: adding session e43d8045ba796d2e07fef583a7bcf15886ba3822b31a075eca43b74aab2086c9 to cache (4) eap_peap: (other): SSL negotiation finished successfully SSL Connection Established (4) eap_peap: eaptls_process returned 13 (4) eap_peap: FR_TLS_HANDLED (4) eap: EAP session adding &reply:State = 0xfcd853a7f8df4aaf (4) [eap] = handled (4) } # authenticate = handled (4) Using Post-Auth-Type Challenge (4) Post-Auth-Type sub-section not found. Ignoring. (4) # Executing group from file /etc/raddb/sites-enabled/default (4) Sent Access-Challenge Id 243 from 10.10.10.3:1812 to 10.70.1.1:32770 length 0 (4) EAP-Message = 0x0107004119001403010001011603010030805396c196ecd0cfbcdf4262de648ff5c61404e719706e413e8c67f9169d03f6075a93a6402c6cb3df2681c909c13ca5 (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0xfcd853a7f8df4aafb400e9d91b88b168 (4) Finished request Waking up in 4.9 seconds. (5) Received Access-Request Id 244 from 10.70.1.1:32770 to 10.10.10.3:1812 length 243 (5) User-Name = 'vdiuser001' (5) Calling-Station-Id = '00-c0-a8-c6-d7-79' (5) Called-Station-Id = 'a0-cf-5b-ca-a7-c0:Test' (5) NAS-Port = 13 (5) Cisco-AVPair = 'audit-session-id=0a46010100012114556eff78' (5) NAS-IP-Address = 10.70.1.1 (5) NAS-Identifier = 'Cisco-WLC-5508' (5) Airespace-Wlan-Id = 9 (5) Service-Type = Framed-User (5) Framed-MTU = 1300 (5) NAS-Port-Type = Wireless-802.11 (5) Tunnel-Type:0 = VLAN (5) Tunnel-Medium-Type:0 = IEEE-802 (5) Tunnel-Private-Group-Id:0 = '212' (5) EAP-Message = 0x020700061900 (5) State = 0xfcd853a7f8df4aafb400e9d91b88b168 (5) Message-Authenticator = 0x75def782b74b9f6aaae4b726602f9eae (5) session-state: No cached attributes (5) # Executing section authorize from file /etc/raddb/sites-enabled/default (5) authorize { (5) policy filter_username { (5) if (!&User-Name) { (5) if (!&User-Name) -> FALSE (5) if (&User-Name =~ / /) { (5) if (&User-Name =~ / /) -> FALSE (5) if (&User-Name =~ /@.*@/ ) { (5) if (&User-Name =~ /@.*@/ ) -> FALSE (5) if (&User-Name =~ /\.\./ ) { (5) if (&User-Name =~ /\.\./ ) -> FALSE (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (5) if (&User-Name =~ /\.$/) { (5) if (&User-Name =~ /\.$/) -> FALSE (5) if (&User-Name =~ /@\./) { (5) if (&User-Name =~ /@\./) -> FALSE (5) } # policy filter_username = notfound (5) [preprocess] = ok (5) [chap] = noop (5) [mschap] = noop (5) [digest] = noop (5) suffix: Checking for suffix after "@" (5) suffix: No '@' in User-Name = "vdiuser001", looking up realm NULL (5) suffix: No such realm "NULL" (5) [suffix] = noop (5) eap: Peer sent code Response (2) ID 7 length 6 (5) eap: Continuing tunnel setup (5) [eap] = ok (5) } # authorize = ok (5) Found Auth-Type = EAP (5) # Executing group from file /etc/raddb/sites-enabled/default (5) authenticate { (5) eap: Expiring EAP session with state 0xfcd853a7f8df4aaf (5) eap: Finished EAP session with state 0xfcd853a7f8df4aaf (5) eap: Previous EAP request found for state 0xfcd853a7f8df4aaf, released from the list (5) eap: Peer sent method PEAP (25) (5) eap: EAP PEAP (25) (5) eap: Calling eap_peap to process EAP data (5) eap_peap: processing EAP-TLS (5) eap_peap: Received TLS ACK (5) eap_peap: Received TLS ACK (5) eap_peap: ACK handshake is finished (5) eap_peap: eaptls_verify returned 3 (5) eap_peap: eaptls_process returned 3 (5) eap_peap: FR_TLS_SUCCESS (5) eap_peap: Session established. Decoding tunneled attributes (5) eap_peap: PEAP state TUNNEL ESTABLISHED (5) eap: EAP session adding &reply:State = 0xfcd853a7f9d04aaf (5) [eap] = handled (5) } # authenticate = handled (5) Using Post-Auth-Type Challenge (5) Post-Auth-Type sub-section not found. Ignoring. (5) # Executing group from file /etc/raddb/sites-enabled/default (5) Sent Access-Challenge Id 244 from 10.10.10.3:1812 to 10.70.1.1:32770 length 0 (5) EAP-Message = 0x0108002b19001703010020e9acf4878f2cf9c9c79de729087ad3e19b253b8c0e50b1c26443853c5c984637 (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) State = 0xfcd853a7f9d04aafb400e9d91b88b168 (5) Finished request Waking up in 4.9 seconds. (6) Received Access-Request Id 245 from 10.70.1.1:32770 to 10.10.10.3:1812 length 280 (6) User-Name = 'vdiuser001' (6) Calling-Station-Id = '00-c0-a8-c6-d7-79' (6) Called-Station-Id = 'a0-cf-5b-ca-a7-c0:Test' (6) NAS-Port = 13 (6) Cisco-AVPair = 'audit-session-id=0a46010100012114556eff78' (6) NAS-IP-Address = 10.70.1.1 (6) NAS-Identifier = 'Cisco-WLC-5508' (6) Airespace-Wlan-Id = 9 (6) Service-Type = Framed-User (6) Framed-MTU = 1300 (6) NAS-Port-Type = Wireless-802.11 (6) Tunnel-Type:0 = VLAN (6) Tunnel-Medium-Type:0 = IEEE-802 (6) Tunnel-Private-Group-Id:0 = '212' (6) EAP-Message = 0x0208002b190017030100204283191b2685faf2b92c873c8c3972380e81ab3a78cc797b6518e8af45963138 (6) State = 0xfcd853a7f9d04aafb400e9d91b88b168 (6) Message-Authenticator = 0x36d173beae56175a27434016ac0a82cb (6) session-state: No cached attributes (6) # Executing section authorize from file /etc/raddb/sites-enabled/default (6) authorize { (6) policy filter_username { (6) if (!&User-Name) { (6) if (!&User-Name) -> FALSE (6) if (&User-Name =~ / /) { (6) if (&User-Name =~ / /) -> FALSE (6) if (&User-Name =~ /@.*@/ ) { (6) if (&User-Name =~ /@.*@/ ) -> FALSE (6) if (&User-Name =~ /\.\./ ) { (6) if (&User-Name =~ /\.\./ ) -> FALSE (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (6) if (&User-Name =~ /\.$/) { (6) if (&User-Name =~ /\.$/) -> FALSE (6) if (&User-Name =~ /@\./) { (6) if (&User-Name =~ /@\./) -> FALSE (6) } # policy filter_username = notfound (6) [preprocess] = ok (6) [chap] = noop (6) [mschap] = noop (6) [digest] = noop (6) suffix: Checking for suffix after "@" (6) suffix: No '@' in User-Name = "vdiuser001", looking up realm NULL (6) suffix: No such realm "NULL" (6) [suffix] = noop (6) eap: Peer sent code Response (2) ID 8 length 43 (6) eap: Continuing tunnel setup (6) [eap] = ok (6) } # authorize = ok (6) Found Auth-Type = EAP (6) # Executing group from file /etc/raddb/sites-enabled/default (6) authenticate { (6) eap: Expiring EAP session with state 0xfcd853a7f9d04aaf (6) eap: Finished EAP session with state 0xfcd853a7f9d04aaf (6) eap: Previous EAP request found for state 0xfcd853a7f9d04aaf, released from the list (6) eap: Peer sent method PEAP (25) (6) eap: EAP PEAP (25) (6) eap: Calling eap_peap to process EAP data (6) eap_peap: processing EAP-TLS (6) eap_peap: eaptls_verify returned 7 (6) eap_peap: Done initial handshake (6) eap_peap: eaptls_process returned 7 (6) eap_peap: FR_TLS_OK (6) eap_peap: Session established. Decoding tunneled attributes (6) eap_peap: PEAP state WAITING FOR INNER IDENTITY (6) eap_peap: Identity - vdiuser001 (6) eap_peap: Got inner identity 'vdiuser001' (6) eap_peap: Setting default EAP type for tunneled EAP session (6) eap_peap: Got tunneled request (6) eap_peap: EAP-Message = 0x0208000f0176646975736572303031 (6) eap_peap: Setting User-Name to vdiuser001 (6) eap_peap: Sending tunneled request to inner-tunnel (6) eap_peap: EAP-Message = 0x0208000f0176646975736572303031 (6) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (6) eap_peap: User-Name = 'vdiuser001' (6) Virtual server inner-tunnel received request (6) EAP-Message = 0x0208000f0176646975736572303031 (6) FreeRADIUS-Proxied-To = 127.0.0.1 (6) User-Name = 'vdiuser001' (6) server inner-tunnel { (6) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (6) authorize { (6) [chap] = noop (6) [mschap] = noop (6) suffix: Checking for suffix after "@" (6) suffix: No '@' in User-Name = "vdiuser001", looking up realm NULL (6) suffix: No such realm "NULL" (6) [suffix] = noop (6) update control { (6) &Proxy-To-Realm := LOCAL (6) } # update control = noop (6) eap: Peer sent code Response (2) ID 8 length 15 (6) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (6) [eap] = ok (6) } # authorize = ok (6) Found Auth-Type = EAP (6) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (6) authenticate { (6) eap: Peer sent method Identity (1) (6) eap: Calling eap_mschapv2 to process EAP data (6) eap_mschapv2: Issuing Challenge (6) eap: EAP session adding &reply:State = 0x6a2b492e6a22538f (6) [eap] = handled (6) } # authenticate = handled (6) } # server inner-tunnel (6) Virtual server sending reply (6) EAP-Message = 0x0109002a1a01090025107dea2c3598e93665587b4dba43189cfa667265657261646975732d332e302e39 (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0x6a2b492e6a22538fe503884f9d44e7ff (6) eap_peap: Got tunneled reply code 11 (6) eap_peap: EAP-Message = 0x0109002a1a01090025107dea2c3598e93665587b4dba43189cfa667265657261646975732d332e302e39 (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (6) eap_peap: State = 0x6a2b492e6a22538fe503884f9d44e7ff (6) eap_peap: Got tunneled reply RADIUS code 11 (6) eap_peap: EAP-Message = 0x0109002a1a01090025107dea2c3598e93665587b4dba43189cfa667265657261646975732d332e302e39 (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (6) eap_peap: State = 0x6a2b492e6a22538fe503884f9d44e7ff (6) eap_peap: Got tunneled Access-Challenge (6) eap: EAP session adding &reply:State = 0xfcd853a7fad14aaf (6) [eap] = handled (6) } # authenticate = handled (6) Using Post-Auth-Type Challenge (6) Post-Auth-Type sub-section not found. Ignoring. (6) # Executing group from file /etc/raddb/sites-enabled/default (6) Sent Access-Challenge Id 245 from 10.10.10.3:1812 to 10.70.1.1:32770 length 0 (6) EAP-Message = 0x0109004b190017030100406a3b46095fb10b93a11e13b5e74fc5eac154270b5a9ef8fdfb482c1dab2a759a4872e47dec1beaf306303e2a07d5e762b3381999cc96604175fe9c6adf84eab2 (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0xfcd853a7fad14aafb400e9d91b88b168 (6) Finished request Waking up in 4.9 seconds. (7) Received Access-Request Id 246 from 10.70.1.1:32770 to 10.10.10.3:1812 length 344 (7) User-Name = 'vdiuser001' (7) Calling-Station-Id = '00-c0-a8-c6-d7-79' (7) Called-Station-Id = 'a0-cf-5b-ca-a7-c0:Test' (7) NAS-Port = 13 (7) Cisco-AVPair = 'audit-session-id=0a46010100012114556eff78' (7) NAS-IP-Address = 10.70.1.1 (7) NAS-Identifier = 'Cisco-WLC-5508' (7) Airespace-Wlan-Id = 9 (7) Service-Type = Framed-User (7) Framed-MTU = 1300 (7) NAS-Port-Type = Wireless-802.11 (7) Tunnel-Type:0 = VLAN (7) Tunnel-Medium-Type:0 = IEEE-802 (7) Tunnel-Private-Group-Id:0 = '212' (7) EAP-Message = 0x0209006b19001703010060e3ebfd336d1c0bb5d36d68ac263e5e6d7f80e8a1e28be6bc752c0d06555b63f06367b0ca1803b17f092d89c35ce418ecce8b1425853a3dd6ccd16a292e80e46a1ecc98ba53222a0c1cccc827075993197807413d5778b2712ce2ad3eae35d7ce (7) State = 0xfcd853a7fad14aafb400e9d91b88b168 (7) Message-Authenticator = 0x4c9a2819e43b37c8eadf9473681308a2 (7) session-state: No cached attributes (7) # Executing section authorize from file /etc/raddb/sites-enabled/default (7) authorize { (7) policy filter_username { (7) if (!&User-Name) { (7) if (!&User-Name) -> FALSE (7) if (&User-Name =~ / /) { (7) if (&User-Name =~ / /) -> FALSE (7) if (&User-Name =~ /@.*@/ ) { (7) if (&User-Name =~ /@.*@/ ) -> FALSE (7) if (&User-Name =~ /\.\./ ) { (7) if (&User-Name =~ /\.\./ ) -> FALSE (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (7) if (&User-Name =~ /\.$/) { (7) if (&User-Name =~ /\.$/) -> FALSE (7) if (&User-Name =~ /@\./) { (7) if (&User-Name =~ /@\./) -> FALSE (7) } # policy filter_username = notfound (7) [preprocess] = ok (7) [chap] = noop (7) [mschap] = noop (7) [digest] = noop (7) suffix: Checking for suffix after "@" (7) suffix: No '@' in User-Name = "vdiuser001", looking up realm NULL (7) suffix: No such realm "NULL" (7) [suffix] = noop (7) eap: Peer sent code Response (2) ID 9 length 107 (7) eap: Continuing tunnel setup (7) [eap] = ok (7) } # authorize = ok (7) Found Auth-Type = EAP (7) # Executing group from file /etc/raddb/sites-enabled/default (7) authenticate { (7) eap: Expiring EAP session with state 0x6a2b492e6a22538f (7) eap: Finished EAP session with state 0xfcd853a7fad14aaf (7) eap: Previous EAP request found for state 0xfcd853a7fad14aaf, released from the list (7) eap: Peer sent method PEAP (25) (7) eap: EAP PEAP (25) (7) eap: Calling eap_peap to process EAP data (7) eap_peap: processing EAP-TLS (7) eap_peap: eaptls_verify returned 7 (7) eap_peap: Done initial handshake (7) eap_peap: eaptls_process returned 7 (7) eap_peap: FR_TLS_OK (7) eap_peap: Session established. Decoding tunneled attributes (7) eap_peap: PEAP state phase2 (7) eap_peap: EAP type MSCHAPv2 (26) (7) eap_peap: Got tunneled request (7) eap_peap: EAP-Message = 0x020900451a0209004031f720f64e114a568afc3428e187fef2d20000000000000000bcae7bc9d2c22a1291791a130d422a537209282de03718a00076646975736572303031 (7) eap_peap: Setting User-Name to vdiuser001 (7) eap_peap: Sending tunneled request to inner-tunnel (7) eap_peap: EAP-Message = 0x020900451a0209004031f720f64e114a568afc3428e187fef2d20000000000000000bcae7bc9d2c22a1291791a130d422a537209282de03718a00076646975736572303031 (7) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (7) eap_peap: User-Name = 'vdiuser001' (7) eap_peap: State = 0x6a2b492e6a22538fe503884f9d44e7ff (7) Virtual server inner-tunnel received request (7) EAP-Message = 0x020900451a0209004031f720f64e114a568afc3428e187fef2d20000000000000000bcae7bc9d2c22a1291791a130d422a537209282de03718a00076646975736572303031 (7) FreeRADIUS-Proxied-To = 127.0.0.1 (7) User-Name = 'vdiuser001' (7) State = 0x6a2b492e6a22538fe503884f9d44e7ff (7) server inner-tunnel { (7) session-state: No cached attributes (7) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (7) authorize { (7) [chap] = noop (7) [mschap] = noop (7) suffix: Checking for suffix after "@" (7) suffix: No '@' in User-Name = "vdiuser001", looking up realm NULL (7) suffix: No such realm "NULL" (7) [suffix] = noop (7) update control { (7) &Proxy-To-Realm := LOCAL (7) } # update control = noop (7) eap: Peer sent code Response (2) ID 9 length 69 (7) eap: No EAP Start, assuming it's an on-going EAP conversation (7) [eap] = updated (7) [files] = noop (7) sql: EXPAND %{User-Name} (7) sql: --> vdiuser001 (7) sql: SQL-User-Name set to 'vdiuser001' rlm_sql (sql): Reserved connection (0) (7) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (7) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'vdiuser001' ORDER BY id (7) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'vdiuser001' ORDER BY id (7) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (7) sql: --> SELECT groupname FROM radusergroup WHERE username = 'vdiuser001' ORDER BY priority (7) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'vdiuser001' ORDER BY priority (7) sql: User not found in any groups rlm_sql (sql): Released connection (0) rlm_sql (sql): Closing connection (1), from 1 unused connections rlm_sql_mysql: Socket destructor called, closing socket (7) [sql] = notfound rlm_ldap (ldap): Reserved connection (0) (7) ldap: EXPAND (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) (7) ldap: --> (sAMAccountName=vdiuser001) (7) ldap: Performing search in "ou=_TerAA_Users,dc=teraa,dc=local" with filter "(sAMAccountName=vdiuser001)", scope "sub" (7) ldap: Waiting for search result... (7) ldap: User object found at DN "CN=VDIuser001,OU=VDI,OU=PRS,OU=_TerAA_Users,DC=teraa,DC=local" (7) ldap: Processing user attributes (7) ldap: WARNING: No "known good" password added. Ensure the admin user has permission to read the password attribute (7) ldap: WARNING: PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure) rlm_ldap (ldap): Released connection (0) rlm_ldap (ldap): Closing connection (1), from 1 unused connections (7) [ldap] = ok (7) if (control:Ldap-UserDn =~ /OU=EDU/) { (7) if (control:Ldap-UserDn =~ /OU=EDU/) -> FALSE (7) elsif (control:Ldap-UserDn =~ /OU=PRS/) { (7) elsif (control:Ldap-UserDn =~ /OU=PRS/) -> TRUE (7) elsif (control:Ldap-UserDn =~ /OU=PRS/) { (7) update control { (7) Simultaneous-Use := 3 (7) } # update control = noop (7) update outer.session-state { (7) Tunnel-type = VLAN (7) Tunnel-medium-type = IEEE-802 (7) Tunnel-Private-Group-Id = PRS-WIFI-Client (7) } # update outer.session-state = noop (7) } # elsif (control:Ldap-UserDn =~ /OU=PRS/) = noop (7) ... skipping elsif for request 7: Preceding "if" was taken (7) ... skipping else for request 7: Preceding "if" was taken (7) [expiration] = noop (7) [logintime] = noop (7) [pap] = noop (7) } # authorize = updated (7) Found Auth-Type = EAP (7) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (7) authenticate { (7) eap: Expiring EAP session with state 0x6a2b492e6a22538f (7) eap: Finished EAP session with state 0x6a2b492e6a22538f (7) eap: Previous EAP request found for state 0x6a2b492e6a22538f, released from the list (7) eap: Peer sent method MSCHAPv2 (26) (7) eap: EAP MSCHAPv2 (26) (7) eap: Calling eap_mschapv2 to process EAP data (7) eap_mschapv2: # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (7) eap_mschapv2: Auth-Type MS-CHAP { (7) mschap: Creating challenge hash with username: vdiuser001 (7) mschap: Client is using MS-CHAPv2 (7) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}: (7) mschap: EXPAND --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} (7) mschap: --> --username=vdiuser001 (7) mschap: Creating challenge hash with username: vdiuser001 (7) mschap: EXPAND --challenge=%{%{mschap:Challenge}:-00} (7) mschap: --> --challenge=9f432e6abc4ec74e (7) mschap: EXPAND --nt-response=%{%{mschap:NT-Response}:-00} (7) mschap: --> --nt-response=bcae7bc9d2c22a1291791a130d422a537209282de03718a0 (7) mschap: ERROR: Program returned code (1) and output 'Must change password (0xc0000224)' (7) mschap: ERROR: Must change password (0xc0000224) (7) mschap: Password has expired. The user should retry authentication (7) [mschap] = reject (7) } # Auth-Type MS-CHAP = reject (7) MSCHAP-Error: E=648 R=1 C=00063b49e7c084b7016b35ab4336020d V=3 M=Password Expired (7) Found new challenge from MS-CHAP-Error: err=648 retry=1 challenge=00063b49e7c084b7016b35ab4336020d (7) ERROR: MSCHAP Failure (7) eap: EAP session adding &reply:State = 0x6a2b492e6b21538f (7) [eap] = handled (7) } # authenticate = handled (7) } # server inner-tunnel (7) Virtual server sending reply (7) EAP-Message = 0x010a004c1a04090047453d36343820523d3120433d303030363362343965376330383462373031366233356162343333363032306420563d33204d3d50617373776f72642045787069726564 (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0x6a2b492e6b21538fe503884f9d44e7ff (7) eap_peap: Got tunneled reply code 11 (7) eap_peap: EAP-Message = 0x010a004c1a04090047453d36343820523d3120433d303030363362343965376330383462373031366233356162343333363032306420563d33204d3d50617373776f72642045787069726564 (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (7) eap_peap: State = 0x6a2b492e6b21538fe503884f9d44e7ff (7) eap_peap: Got tunneled reply RADIUS code 11 (7) eap_peap: EAP-Message = 0x010a004c1a04090047453d36343820523d3120433d303030363362343965376330383462373031366233356162343333363032306420563d33204d3d50617373776f72642045787069726564 (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (7) eap_peap: State = 0x6a2b492e6b21538fe503884f9d44e7ff (7) eap_peap: Got tunneled Access-Challenge (7) eap: EAP session adding &reply:State = 0xfcd853a7fbd24aaf (7) [eap] = handled (7) } # authenticate = handled (7) Using Post-Auth-Type Challenge (7) Post-Auth-Type sub-section not found. Ignoring. (7) # Executing group from file /etc/raddb/sites-enabled/default (7) session-state: Saving cached attributes (7) Tunnel-Type = VLAN (7) Tunnel-Medium-Type = IEEE-802 (7) Tunnel-Private-Group-Id = 'PRS-WIFI-Client' (7) Sent Access-Challenge Id 246 from 10.10.10.3:1812 to 10.70.1.1:32770 length 0 (7) EAP-Message = 0x010a006b19001703010060b3897a1c79b4063ee3eea85ec0eb5b1ffef302d6c90c1819ac828808598205d33c2dbad5a1af49ff0f8add5f0cb05a598bdae558b2e839b44204ac2b0fbc80437323b4f46871add958ea20f13a19e66bb6c2402389e445ba3305ffea4be0b16b (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0xfcd853a7fbd24aafb400e9d91b88b168 (7) Finished request ----------------------------------------
From: richardvanderveen@outlook.com To: a.l.m.buxey@lboro.ac.uk Subject: RE: Pass change/expiry problem Date: Wed, 3 Jun 2015 15:34:45 +0200
Thank you Alan for your response,
After I changed to 3.0.9 I am not getting a pass change window on my laptop anymore... it just tells me that the username or password is incorrect. I still can authenticate succesfully with a different user that has no expired password..
(0) Received Access-Request Id 239 from 10.70.1.1:32770 to 10.10.10.3:1812 length 234 (0) User-Name = 'vdiuser001' (0) Calling-Station-Id = '00-c0-a8-c6-d7-79' (0) Called-Station-Id = 'a0-cf-5b-ca-a7-c0:Test' (0) NAS-Port = 13 (0) Cisco-AVPair = 'audit-session-id=0a46010100012114556eff78' (0) NAS-IP-Address = 10.70.1.1 (0) NAS-Identifier = 'Cisco-WLC-5508' (0) Airespace-Wlan-Id = 9 (0) Service-Type = Framed-User (0) Framed-MTU = 1300 (0) NAS-Port-Type = Wireless-802.11 (0) Tunnel-Type:0 = VLAN (0) Tunnel-Medium-Type:0 = IEEE-802 (0) Tunnel-Private-Group-Id:0 = '212' (0) EAP-Message = 0x0202000f0176646975736572303031 (0) Message-Authenticator = 0x188f999c1ff661dbdf631889c89f601b (0) # Executing section authorize from file /etc/raddb/sites-enabled/default (0) authorize { (0) policy filter_username { (0) if (!&User-Name) { (0) if (!&User-Name) -> FALSE (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@.*@/ ) { (0) if (&User-Name =~ /@.*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "vdiuser001", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) eap: Peer sent code Response (2) ID 2 length 15 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = EAP (0) # Executing group from file /etc/raddb/sites-enabled/default (0) authenticate { (0) eap: Peer sent method Identity (1) (0) eap: Calling eap_peap to process EAP data (0) eap_peap: Flushing SSL sessions (of #0) (0) eap_peap: Initiate (0) eap_peap: Start returned 1 (0) eap: EAP session adding &reply:State = 0xfcd853a7fcdb4aaf (0) [eap] = handled (0) } # authenticate = handled (0) Using Post-Auth-Type Challenge (0) Post-Auth-Type sub-section not found. Ignoring. (0) # Executing group from file /etc/raddb/sites-enabled/default (0) Sent Access-Challenge Id 239 from 10.10.10.3:1812 to 10.70.1.1:32770 length 0 (0) EAP-Message = 0x010300061920 (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0xfcd853a7fcdb4aafb400e9d91b88b168 (0) Finished request Waking up in 4.9 seconds. (1) Received Access-Request Id 240 from 10.70.1.1:32770 to 10.10.10.3:1812 length 378 (1) User-Name = 'vdiuser001' (1) Calling-Station-Id = '00-c0-a8-c6-d7-79' (1) Called-Station-Id = 'a0-cf-5b-ca-a7-c0:Test' (1) NAS-Port = 13 (1) Cisco-AVPair = 'audit-session-id=0a46010100012114556eff78' (1) NAS-IP-Address = 10.70.1.1 (1) NAS-Identifier = 'Cisco-WLC-5508' (1) Airespace-Wlan-Id = 9 (1) Service-Type = Framed-User (1) Framed-MTU = 1300 (1) NAS-Port-Type = Wireless-802.11 (1) Tunnel-Type:0 = VLAN (1) Tunnel-Medium-Type:0 = IEEE-802 (1) Tunnel-Private-Group-Id:0 = '212' (1) EAP-Message = 0x0203008d198000000083160301007e0100007a0301556f007139e2ef5fa810877430d9d30e669ea446efcc04237015dc29d6f6e88f20b48510af5eef4cad8b2d52382a9b8c9d69d2f5b409db03c2f576067eea76ab270018c014c0130035002fc00ac00900380032000a00130005000401000019ff0100 (1) State = 0xfcd853a7fcdb4aafb400e9d91b88b168 (1) Message-Authenticator = 0xc71382cba8adc5f62dd1d52c1f94eabd (1) session-state: No cached attributes (1) # Executing section authorize from file /etc/raddb/sites-enabled/default (1) authorize { (1) policy filter_username { (1) if (!&User-Name) { (1) if (!&User-Name) -> FALSE (1) if (&User-Name =~ / /) { (1) if (&User-Name =~ / /) -> FALSE (1) if (&User-Name =~ /@.*@/ ) { (1) if (&User-Name =~ /@.*@/ ) -> FALSE (1) if (&User-Name =~ /\.\./ ) { (1) if (&User-Name =~ /\.\./ ) -> FALSE (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (1) if (&User-Name =~ /\.$/) { (1) if (&User-Name =~ /\.$/) -> FALSE (1) if (&User-Name =~ /@\./) { (1) if (&User-Name =~ /@\./) -> FALSE (1) } # policy filter_username = notfound (1) [preprocess] = ok (1) [chap] = noop (1) [mschap] = noop (1) [digest] = noop (1) suffix: Checking for suffix after "@" (1) suffix: No '@' in User-Name = "vdiuser001", looking up realm NULL (1) suffix: No such realm "NULL" (1) [suffix] = noop (1) eap: Peer sent code Response (2) ID 3 length 141 (1) eap: Continuing tunnel setup (1) [eap] = ok (1) } # authorize = ok (1) Found Auth-Type = EAP (1) # Executing group from file /etc/raddb/sites-enabled/default (1) authenticate { (1) eap: Expiring EAP session with state 0xfcd853a7fcdb4aaf (1) eap: Finished EAP session with state 0xfcd853a7fcdb4aaf (1) eap: Previous EAP request found for state 0xfcd853a7fcdb4aaf, released from the list (1) eap: Peer sent method PEAP (25) (1) eap: EAP PEAP (25) (1) eap: Calling eap_peap to process EAP data (1) eap_peap: processing EAP-TLS (1) eap_peap: TLS Length 131 (1) eap_peap: Length Included (1) eap_peap: eaptls_verify returned 11 (1) eap_peap: (other): before/accept initialization (1) eap_peap: TLS_accept: before/accept initialization (1) eap_peap: <<< TLS 1.0 Handshake [length 007e], ClientHello SSL: Client requested cached session b48510af5eef4cad8b2d52382a9b8c9d69d2f5b409db03c2f576067eea76ab27 (1) eap_peap: TLS_accept: SSLv3 read client hello A (1) eap_peap:>>> TLS 1.0 Handshake [length 0059], ServerHello (1) eap_peap: TLS_accept: SSLv3 write server hello A (1) eap_peap:>>> TLS 1.0 Handshake [length 08d0], Certificate (1) eap_peap: TLS_accept: SSLv3 write certificate A (1) eap_peap:>>> TLS 1.0 Handshake [length 014b], ServerKeyExchange (1) eap_peap: TLS_accept: SSLv3 write key exchange A (1) eap_peap:>>> TLS 1.0 Handshake [length 0004], ServerHelloDone (1) eap_peap: TLS_accept: SSLv3 write server done A (1) eap_peap: TLS_accept: SSLv3 flush data (1) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A (1) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode (1) eap_peap: eaptls_process returned 13 (1) eap_peap: FR_TLS_HANDLED (1) eap: EAP session adding &reply:State = 0xfcd853a7fddc4aaf (1) [eap] = handled (1) } # authenticate = handled (1) Using Post-Auth-Type Challenge (1) Post-Auth-Type sub-section not found. Ignoring. (1) # Executing group from file /etc/raddb/sites-enabled/default (1) Sent Access-Challenge Id 240 from 10.10.10.3:1812 to 10.70.1.1:32770 length 0 (1) EAP-Message = 0x010403ec19c000000a8c1603010059020000550301e33481638ab50505fd243d5f28281a03744290725fad8dda8caa9a4759feff2d20e43d8045ba796d2e07fef583a7bcf15886ba3822b31a075eca43b74aab2086c9c01400000dff01000100000b00040300010216030108d00b0008cc0008c90003de (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) State = 0xfcd853a7fddc4aafb400e9d91b88b168 (1) Finished request Waking up in 4.9 seconds. (2) Received Access-Request Id 241 from 10.70.1.1:32770 to 10.10.10.3:1812 length 243 (2) User-Name = 'vdiuser001' (2) Calling-Station-Id = '00-c0-a8-c6-d7-79' (2) Called-Station-Id = 'a0-cf-5b-ca-a7-c0:Test' (2) NAS-Port = 13 (2) Cisco-AVPair = 'audit-session-id=0a46010100012114556eff78' (2) NAS-IP-Address = 10.70.1.1 (2) NAS-Identifier = 'Cisco-WLC-5508' (2) Airespace-Wlan-Id = 9 (2) Service-Type = Framed-User (2) Framed-MTU = 1300 (2) NAS-Port-Type = Wireless-802.11 (2) Tunnel-Type:0 = VLAN (2) Tunnel-Medium-Type:0 = IEEE-802 (2) Tunnel-Private-Group-Id:0 = '212' (2) EAP-Message = 0x020400061900 (2) State = 0xfcd853a7fddc4aafb400e9d91b88b168 (2) Message-Authenticator = 0x69d10acc80d82e3a9c5aac64c3728ec0 (2) session-state: No cached attributes (2) # Executing section authorize from file /etc/raddb/sites-enabled/default (2) authorize { (2) policy filter_username { (2) if (!&User-Name) { (2) if (!&User-Name) -> FALSE (2) if (&User-Name =~ / /) { (2) if (&User-Name =~ / /) -> FALSE (2) if (&User-Name =~ /@.*@/ ) { (2) if (&User-Name =~ /@.*@/ ) -> FALSE (2) if (&User-Name =~ /\.\./ ) { (2) if (&User-Name =~ /\.\./ ) -> FALSE (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (2) if (&User-Name =~ /\.$/) { (2) if (&User-Name =~ /\.$/) -> FALSE (2) if (&User-Name =~ /@\./) { (2) if (&User-Name =~ /@\./) -> FALSE (2) } # policy filter_username = notfound (2) [preprocess] = ok (2) [chap] = noop (2) [mschap] = noop (2) [digest] = noop (2) suffix: Checking for suffix after "@" (2) suffix: No '@' in User-Name = "vdiuser001", looking up realm NULL (2) suffix: No such realm "NULL" (2) [suffix] = noop (2) eap: Peer sent code Response (2) ID 4 length 6 (2) eap: Continuing tunnel setup (2) [eap] = ok (2) } # authorize = ok (2) Found Auth-Type = EAP (2) # Executing group from file /etc/raddb/sites-enabled/default (2) authenticate { (2) eap: Expiring EAP session with state 0xfcd853a7fddc4aaf (2) eap: Finished EAP session with state 0xfcd853a7fddc4aaf (2) eap: Previous EAP request found for state 0xfcd853a7fddc4aaf, released from the list (2) eap: Peer sent method PEAP (25) (2) eap: EAP PEAP (25) (2) eap: Calling eap_peap to process EAP data (2) eap_peap: processing EAP-TLS (2) eap_peap: Received TLS ACK (2) eap_peap: Received TLS ACK (2) eap_peap: ACK handshake fragment handler (2) eap_peap: eaptls_verify returned 1 (2) eap_peap: eaptls_process returned 13 (2) eap_peap: FR_TLS_HANDLED (2) eap: EAP session adding &reply:State = 0xfcd853a7fedd4aaf (2) [eap] = handled (2) } # authenticate = handled (2) Using Post-Auth-Type Challenge (2) Post-Auth-Type sub-section not found. Ignoring. (2) # Executing group from file /etc/raddb/sites-enabled/default (2) Sent Access-Challenge Id 241 from 10.10.10.3:1812 to 10.70.1.1:32770 length 0 (2) EAP-Message = 0x010503e8194087d363ae51e9fa919a6062082c2ab782a717d7fede947271bcbe38ea3b9d04ee4cef44da92b58dfea437ba6764fd97950d4f99cb8e1b38b721f29b087ce94f71868ec5554e72d8d3a6f9a11c4108d6c8a7945c60f03a9991d841074df483c1574367aee17dbd11aaab0004e5308204e130 (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0xfcd853a7fedd4aafb400e9d91b88b168 (2) Finished request Waking up in 4.9 seconds. (3) Received Access-Request Id 242 from 10.70.1.1:32770 to 10.10.10.3:1812 length 243 (3) User-Name = 'vdiuser001' (3) Calling-Station-Id = '00-c0-a8-c6-d7-79' (3) Called-Station-Id = 'a0-cf-5b-ca-a7-c0:Test' (3) NAS-Port = 13 (3) Cisco-AVPair = 'audit-session-id=0a46010100012114556eff78' (3) NAS-IP-Address = 10.70.1.1 (3) NAS-Identifier = 'Cisco-WLC-5508' (3) Airespace-Wlan-Id = 9 (3) Service-Type = Framed-User (3) Framed-MTU = 1300 (3) NAS-Port-Type = Wireless-802.11 (3) Tunnel-Type:0 = VLAN (3) Tunnel-Medium-Type:0 = IEEE-802 (3) Tunnel-Private-Group-Id:0 = '212' (3) EAP-Message = 0x020500061900 (3) State = 0xfcd853a7fedd4aafb400e9d91b88b168 (3) Message-Authenticator = 0x0adea1512f939350fd4ac3a6ab9f2460 (3) session-state: No cached attributes (3) # Executing section authorize from file /etc/raddb/sites-enabled/default (3) authorize { (3) policy filter_username { (3) if (!&User-Name) { (3) if (!&User-Name) -> FALSE (3) if (&User-Name =~ / /) { (3) if (&User-Name =~ / /) -> FALSE (3) if (&User-Name =~ /@.*@/ ) { (3) if (&User-Name =~ /@.*@/ ) -> FALSE (3) if (&User-Name =~ /\.\./ ) { (3) if (&User-Name =~ /\.\./ ) -> FALSE (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (3) if (&User-Name =~ /\.$/) { (3) if (&User-Name =~ /\.$/) -> FALSE (3) if (&User-Name =~ /@\./) { (3) if (&User-Name =~ /@\./) -> FALSE (3) } # policy filter_username = notfound (3) [preprocess] = ok (3) [chap] = noop (3) [mschap] = noop (3) [digest] = noop (3) suffix: Checking for suffix after "@" (3) suffix: No '@' in User-Name = "vdiuser001", looking up realm NULL (3) suffix: No such realm "NULL" (3) [suffix] = noop (3) eap: Peer sent code Response (2) ID 5 length 6 (3) eap: Continuing tunnel setup (3) [eap] = ok (3) } # authorize = ok (3) Found Auth-Type = EAP (3) # Executing group from file /etc/raddb/sites-enabled/default (3) authenticate { (3) eap: Expiring EAP session with state 0xfcd853a7fedd4aaf (3) eap: Finished EAP session with state 0xfcd853a7fedd4aaf (3) eap: Previous EAP request found for state 0xfcd853a7fedd4aaf, released from the list (3) eap: Peer sent method PEAP (25) (3) eap: EAP PEAP (25) (3) eap: Calling eap_peap to process EAP data (3) eap_peap: processing EAP-TLS (3) eap_peap: Received TLS ACK (3) eap_peap: Received TLS ACK (3) eap_peap: ACK handshake fragment handler (3) eap_peap: eaptls_verify returned 1 (3) eap_peap: eaptls_process returned 13 (3) eap_peap: FR_TLS_HANDLED (3) eap: EAP session adding &reply:State = 0xfcd853a7ffde4aaf (3) [eap] = handled (3) } # authenticate = handled (3) Using Post-Auth-Type Challenge (3) Post-Auth-Type sub-section not found. Ignoring. (3) # Executing group from file /etc/raddb/sites-enabled/default (3) Sent Access-Challenge Id 242 from 10.10.10.3:1812 to 10.70.1.1:32770 length 0 (3) EAP-Message = 0x010602ce190020417574686f72697479820900cf57e5d1f44e11e4300c0603551d13040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d010105050003820101001a21 (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) State = 0xfcd853a7ffde4aafb400e9d91b88b168 (3) Finished request Waking up in 4.9 seconds. (4) Received Access-Request Id 243 from 10.70.1.1:32770 to 10.10.10.3:1812 length 381 (4) User-Name = 'vdiuser001' (4) Calling-Station-Id = '00-c0-a8-c6-d7-79' (4) Called-Station-Id = 'a0-cf-5b-ca-a7-c0:Test' (4) NAS-Port = 13 (4) Cisco-AVPair = 'audit-session-id=0a46010100012114556eff78' (4) NAS-IP-Address = 10.70.1.1 (4) NAS-Identifier = 'Cisco-WLC-5508' (4) Airespace-Wlan-Id = 9 (4) Service-Type = Framed-User (4) Framed-MTU = 1300 (4) NAS-Port-Type = Wireless-802.11 (4) Tunnel-Type:0 = VLAN (4) Tunnel-Medium-Type:0 = IEEE-802 (4) Tunnel-Private-Group-Id:0 = '212' (4) EAP-Message = 0x020600901980000000861603010046100000424104659013060486276c41b5734d0c4799ba9d6cb700dabbbc6bfa68a9b3b0c3b237b6f7ee8c9a194b8a20645279d3c7e05b5a7ee14383257f83eadf85aab1fc7d0d140301000101160301003042a06361b3cb896ea1b0476e10371b8eed883122419379 (4) State = 0xfcd853a7ffde4aafb400e9d91b88b168 (4) Message-Authenticator = 0x3674700353af1563ff78522ff0bf447d (4) session-state: No cached attributes (4) # Executing section authorize from file /etc/raddb/sites-enabled/default (4) authorize { (4) policy filter_username { (4) if (!&User-Name) { (4) if (!&User-Name) -> FALSE (4) if (&User-Name =~ / /) { (4) if (&User-Name =~ / /) -> FALSE (4) if (&User-Name =~ /@.*@/ ) { (4) if (&User-Name =~ /@.*@/ ) -> FALSE (4) if (&User-Name =~ /\.\./ ) { (4) if (&User-Name =~ /\.\./ ) -> FALSE (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (4) if (&User-Name =~ /\.$/) { (4) if (&User-Name =~ /\.$/) -> FALSE (4) if (&User-Name =~ /@\./) { (4) if (&User-Name =~ /@\./) -> FALSE (4) } # policy filter_username = notfound (4) [preprocess] = ok (4) [chap] = noop (4) [mschap] = noop (4) [digest] = noop (4) suffix: Checking for suffix after "@" (4) suffix: No '@' in User-Name = "vdiuser001", looking up realm NULL (4) suffix: No such realm "NULL" (4) [suffix] = noop (4) eap: Peer sent code Response (2) ID 6 length 144 (4) eap: Continuing tunnel setup (4) [eap] = ok (4) } # authorize = ok (4) Found Auth-Type = EAP (4) # Executing group from file /etc/raddb/sites-enabled/default (4) authenticate { (4) eap: Expiring EAP session with state 0xfcd853a7ffde4aaf (4) eap: Finished EAP session with state 0xfcd853a7ffde4aaf (4) eap: Previous EAP request found for state 0xfcd853a7ffde4aaf, released from the list (4) eap: Peer sent method PEAP (25) (4) eap: EAP PEAP (25) (4) eap: Calling eap_peap to process EAP data (4) eap_peap: processing EAP-TLS (4) eap_peap: TLS Length 134 (4) eap_peap: Length Included (4) eap_peap: eaptls_verify returned 11 (4) eap_peap: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange (4) eap_peap: TLS_accept: SSLv3 read client key exchange A (4) eap_peap: <<< TLS 1.0 ChangeCipherSpec [length 0001] (4) eap_peap: <<< TLS 1.0 Handshake [length 0010], Finished (4) eap_peap: TLS_accept: SSLv3 read finished A (4) eap_peap:>>> TLS 1.0 ChangeCipherSpec [length 0001] (4) eap_peap: TLS_accept: SSLv3 write change cipher spec A (4) eap_peap:>>> TLS 1.0 Handshake [length 0010], Finished (4) eap_peap: TLS_accept: SSLv3 write finished A (4) eap_peap: TLS_accept: SSLv3 flush data TLS: adding session e43d8045ba796d2e07fef583a7bcf15886ba3822b31a075eca43b74aab2086c9 to cache (4) eap_peap: (other): SSL negotiation finished successfully SSL Connection Established (4) eap_peap: eaptls_process returned 13 (4) eap_peap: FR_TLS_HANDLED (4) eap: EAP session adding &reply:State = 0xfcd853a7f8df4aaf (4) [eap] = handled (4) } # authenticate = handled (4) Using Post-Auth-Type Challenge (4) Post-Auth-Type sub-section not found. Ignoring. (4) # Executing group from file /etc/raddb/sites-enabled/default (4) Sent Access-Challenge Id 243 from 10.10.10.3:1812 to 10.70.1.1:32770 length 0 (4) EAP-Message = 0x0107004119001403010001011603010030805396c196ecd0cfbcdf4262de648ff5c61404e719706e413e8c67f9169d03f6075a93a6402c6cb3df2681c909c13ca5 (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0xfcd853a7f8df4aafb400e9d91b88b168 (4) Finished request Waking up in 4.9 seconds. (5) Received Access-Request Id 244 from 10.70.1.1:32770 to 10.10.10.3:1812 length 243 (5) User-Name = 'vdiuser001' (5) Calling-Station-Id = '00-c0-a8-c6-d7-79' (5) Called-Station-Id = 'a0-cf-5b-ca-a7-c0:Test' (5) NAS-Port = 13 (5) Cisco-AVPair = 'audit-session-id=0a46010100012114556eff78' (5) NAS-IP-Address = 10.70.1.1 (5) NAS-Identifier = 'Cisco-WLC-5508' (5) Airespace-Wlan-Id = 9 (5) Service-Type = Framed-User (5) Framed-MTU = 1300 (5) NAS-Port-Type = Wireless-802.11 (5) Tunnel-Type:0 = VLAN (5) Tunnel-Medium-Type:0 = IEEE-802 (5) Tunnel-Private-Group-Id:0 = '212' (5) EAP-Message = 0x020700061900 (5) State = 0xfcd853a7f8df4aafb400e9d91b88b168 (5) Message-Authenticator = 0x75def782b74b9f6aaae4b726602f9eae (5) session-state: No cached attributes (5) # Executing section authorize from file /etc/raddb/sites-enabled/default (5) authorize { (5) policy filter_username { (5) if (!&User-Name) { (5) if (!&User-Name) -> FALSE (5) if (&User-Name =~ / /) { (5) if (&User-Name =~ / /) -> FALSE (5) if (&User-Name =~ /@.*@/ ) { (5) if (&User-Name =~ /@.*@/ ) -> FALSE (5) if (&User-Name =~ /\.\./ ) { (5) if (&User-Name =~ /\.\./ ) -> FALSE (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (5) if (&User-Name =~ /\.$/) { (5) if (&User-Name =~ /\.$/) -> FALSE (5) if (&User-Name =~ /@\./) { (5) if (&User-Name =~ /@\./) -> FALSE (5) } # policy filter_username = notfound (5) [preprocess] = ok (5) [chap] = noop (5) [mschap] = noop (5) [digest] = noop (5) suffix: Checking for suffix after "@" (5) suffix: No '@' in User-Name = "vdiuser001", looking up realm NULL (5) suffix: No such realm "NULL" (5) [suffix] = noop (5) eap: Peer sent code Response (2) ID 7 length 6 (5) eap: Continuing tunnel setup (5) [eap] = ok (5) } # authorize = ok (5) Found Auth-Type = EAP (5) # Executing group from file /etc/raddb/sites-enabled/default (5) authenticate { (5) eap: Expiring EAP session with state 0xfcd853a7f8df4aaf (5) eap: Finished EAP session with state 0xfcd853a7f8df4aaf (5) eap: Previous EAP request found for state 0xfcd853a7f8df4aaf, released from the list (5) eap: Peer sent method PEAP (25) (5) eap: EAP PEAP (25) (5) eap: Calling eap_peap to process EAP data (5) eap_peap: processing EAP-TLS (5) eap_peap: Received TLS ACK (5) eap_peap: Received TLS ACK (5) eap_peap: ACK handshake is finished (5) eap_peap: eaptls_verify returned 3 (5) eap_peap: eaptls_process returned 3 (5) eap_peap: FR_TLS_SUCCESS (5) eap_peap: Session established. Decoding tunneled attributes (5) eap_peap: PEAP state TUNNEL ESTABLISHED (5) eap: EAP session adding &reply:State = 0xfcd853a7f9d04aaf (5) [eap] = handled (5) } # authenticate = handled (5) Using Post-Auth-Type Challenge (5) Post-Auth-Type sub-section not found. Ignoring. (5) # Executing group from file /etc/raddb/sites-enabled/default (5) Sent Access-Challenge Id 244 from 10.10.10.3:1812 to 10.70.1.1:32770 length 0 (5) EAP-Message = 0x0108002b19001703010020e9acf4878f2cf9c9c79de729087ad3e19b253b8c0e50b1c26443853c5c984637 (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) State = 0xfcd853a7f9d04aafb400e9d91b88b168 (5) Finished request Waking up in 4.9 seconds. (6) Received Access-Request Id 245 from 10.70.1.1:32770 to 10.10.10.3:1812 length 280 (6) User-Name = 'vdiuser001' (6) Calling-Station-Id = '00-c0-a8-c6-d7-79' (6) Called-Station-Id = 'a0-cf-5b-ca-a7-c0:Test' (6) NAS-Port = 13 (6) Cisco-AVPair = 'audit-session-id=0a46010100012114556eff78' (6) NAS-IP-Address = 10.70.1.1 (6) NAS-Identifier = 'Cisco-WLC-5508' (6) Airespace-Wlan-Id = 9 (6) Service-Type = Framed-User (6) Framed-MTU = 1300 (6) NAS-Port-Type = Wireless-802.11 (6) Tunnel-Type:0 = VLAN (6) Tunnel-Medium-Type:0 = IEEE-802 (6) Tunnel-Private-Group-Id:0 = '212' (6) EAP-Message = 0x0208002b190017030100204283191b2685faf2b92c873c8c3972380e81ab3a78cc797b6518e8af45963138 (6) State = 0xfcd853a7f9d04aafb400e9d91b88b168 (6) Message-Authenticator = 0x36d173beae56175a27434016ac0a82cb (6) session-state: No cached attributes (6) # Executing section authorize from file /etc/raddb/sites-enabled/default (6) authorize { (6) policy filter_username { (6) if (!&User-Name) { (6) if (!&User-Name) -> FALSE (6) if (&User-Name =~ / /) { (6) if (&User-Name =~ / /) -> FALSE (6) if (&User-Name =~ /@.*@/ ) { (6) if (&User-Name =~ /@.*@/ ) -> FALSE (6) if (&User-Name =~ /\.\./ ) { (6) if (&User-Name =~ /\.\./ ) -> FALSE (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (6) if (&User-Name =~ /\.$/) { (6) if (&User-Name =~ /\.$/) -> FALSE (6) if (&User-Name =~ /@\./) { (6) if (&User-Name =~ /@\./) -> FALSE (6) } # policy filter_username = notfound (6) [preprocess] = ok (6) [chap] = noop (6) [mschap] = noop (6) [digest] = noop (6) suffix: Checking for suffix after "@" (6) suffix: No '@' in User-Name = "vdiuser001", looking up realm NULL (6) suffix: No such realm "NULL" (6) [suffix] = noop (6) eap: Peer sent code Response (2) ID 8 length 43 (6) eap: Continuing tunnel setup (6) [eap] = ok (6) } # authorize = ok (6) Found Auth-Type = EAP (6) # Executing group from file /etc/raddb/sites-enabled/default (6) authenticate { (6) eap: Expiring EAP session with state 0xfcd853a7f9d04aaf (6) eap: Finished EAP session with state 0xfcd853a7f9d04aaf (6) eap: Previous EAP request found for state 0xfcd853a7f9d04aaf, released from the list (6) eap: Peer sent method PEAP (25) (6) eap: EAP PEAP (25) (6) eap: Calling eap_peap to process EAP data (6) eap_peap: processing EAP-TLS (6) eap_peap: eaptls_verify returned 7 (6) eap_peap: Done initial handshake (6) eap_peap: eaptls_process returned 7 (6) eap_peap: FR_TLS_OK (6) eap_peap: Session established. Decoding tunneled attributes (6) eap_peap: PEAP state WAITING FOR INNER IDENTITY (6) eap_peap: Identity - vdiuser001 (6) eap_peap: Got inner identity 'vdiuser001' (6) eap_peap: Setting default EAP type for tunneled EAP session (6) eap_peap: Got tunneled request (6) eap_peap: EAP-Message = 0x0208000f0176646975736572303031 (6) eap_peap: Setting User-Name to vdiuser001 (6) eap_peap: Sending tunneled request to inner-tunnel (6) eap_peap: EAP-Message = 0x0208000f0176646975736572303031 (6) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (6) eap_peap: User-Name = 'vdiuser001' (6) Virtual server inner-tunnel received request (6) EAP-Message = 0x0208000f0176646975736572303031 (6) FreeRADIUS-Proxied-To = 127.0.0.1 (6) User-Name = 'vdiuser001' (6) server inner-tunnel { (6) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (6) authorize { (6) [chap] = noop (6) [mschap] = noop (6) suffix: Checking for suffix after "@" (6) suffix: No '@' in User-Name = "vdiuser001", looking up realm NULL (6) suffix: No such realm "NULL" (6) [suffix] = noop (6) update control { (6) &Proxy-To-Realm := LOCAL (6) } # update control = noop (6) eap: Peer sent code Response (2) ID 8 length 15 (6) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (6) [eap] = ok (6) } # authorize = ok (6) Found Auth-Type = EAP (6) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (6) authenticate { (6) eap: Peer sent method Identity (1) (6) eap: Calling eap_mschapv2 to process EAP data (6) eap_mschapv2: Issuing Challenge (6) eap: EAP session adding &reply:State = 0x6a2b492e6a22538f (6) [eap] = handled (6) } # authenticate = handled (6) } # server inner-tunnel (6) Virtual server sending reply (6) EAP-Message = 0x0109002a1a01090025107dea2c3598e93665587b4dba43189cfa667265657261646975732d332e302e39 (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0x6a2b492e6a22538fe503884f9d44e7ff (6) eap_peap: Got tunneled reply code 11 (6) eap_peap: EAP-Message = 0x0109002a1a01090025107dea2c3598e93665587b4dba43189cfa667265657261646975732d332e302e39 (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (6) eap_peap: State = 0x6a2b492e6a22538fe503884f9d44e7ff (6) eap_peap: Got tunneled reply RADIUS code 11 (6) eap_peap: EAP-Message = 0x0109002a1a01090025107dea2c3598e93665587b4dba43189cfa667265657261646975732d332e302e39 (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (6) eap_peap: State = 0x6a2b492e6a22538fe503884f9d44e7ff (6) eap_peap: Got tunneled Access-Challenge (6) eap: EAP session adding &reply:State = 0xfcd853a7fad14aaf (6) [eap] = handled (6) } # authenticate = handled (6) Using Post-Auth-Type Challenge (6) Post-Auth-Type sub-section not found. Ignoring. (6) # Executing group from file /etc/raddb/sites-enabled/default (6) Sent Access-Challenge Id 245 from 10.10.10.3:1812 to 10.70.1.1:32770 length 0 (6) EAP-Message = 0x0109004b190017030100406a3b46095fb10b93a11e13b5e74fc5eac154270b5a9ef8fdfb482c1dab2a759a4872e47dec1beaf306303e2a07d5e762b3381999cc96604175fe9c6adf84eab2 (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0xfcd853a7fad14aafb400e9d91b88b168 (6) Finished request Waking up in 4.9 seconds. (7) Received Access-Request Id 246 from 10.70.1.1:32770 to 10.10.10.3:1812 length 344 (7) User-Name = 'vdiuser001' (7) Calling-Station-Id = '00-c0-a8-c6-d7-79' (7) Called-Station-Id = 'a0-cf-5b-ca-a7-c0:Test' (7) NAS-Port = 13 (7) Cisco-AVPair = 'audit-session-id=0a46010100012114556eff78' (7) NAS-IP-Address = 10.70.1.1 (7) NAS-Identifier = 'Cisco-WLC-5508' (7) Airespace-Wlan-Id = 9 (7) Service-Type = Framed-User (7) Framed-MTU = 1300 (7) NAS-Port-Type = Wireless-802.11 (7) Tunnel-Type:0 = VLAN (7) Tunnel-Medium-Type:0 = IEEE-802 (7) Tunnel-Private-Group-Id:0 = '212' (7) EAP-Message = 0x0209006b19001703010060e3ebfd336d1c0bb5d36d68ac263e5e6d7f80e8a1e28be6bc752c0d06555b63f06367b0ca1803b17f092d89c35ce418ecce8b1425853a3dd6ccd16a292e80e46a1ecc98ba53222a0c1cccc827075993197807413d5778b2712ce2ad3eae35d7ce (7) State = 0xfcd853a7fad14aafb400e9d91b88b168 (7) Message-Authenticator = 0x4c9a2819e43b37c8eadf9473681308a2 (7) session-state: No cached attributes (7) # Executing section authorize from file /etc/raddb/sites-enabled/default (7) authorize { (7) policy filter_username { (7) if (!&User-Name) { (7) if (!&User-Name) -> FALSE (7) if (&User-Name =~ / /) { (7) if (&User-Name =~ / /) -> FALSE (7) if (&User-Name =~ /@.*@/ ) { (7) if (&User-Name =~ /@.*@/ ) -> FALSE (7) if (&User-Name =~ /\.\./ ) { (7) if (&User-Name =~ /\.\./ ) -> FALSE (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (7) if (&User-Name =~ /\.$/) { (7) if (&User-Name =~ /\.$/) -> FALSE (7) if (&User-Name =~ /@\./) { (7) if (&User-Name =~ /@\./) -> FALSE (7) } # policy filter_username = notfound (7) [preprocess] = ok (7) [chap] = noop (7) [mschap] = noop (7) [digest] = noop (7) suffix: Checking for suffix after "@" (7) suffix: No '@' in User-Name = "vdiuser001", looking up realm NULL (7) suffix: No such realm "NULL" (7) [suffix] = noop (7) eap: Peer sent code Response (2) ID 9 length 107 (7) eap: Continuing tunnel setup (7) [eap] = ok (7) } # authorize = ok (7) Found Auth-Type = EAP (7) # Executing group from file /etc/raddb/sites-enabled/default (7) authenticate { (7) eap: Expiring EAP session with state 0x6a2b492e6a22538f (7) eap: Finished EAP session with state 0xfcd853a7fad14aaf (7) eap: Previous EAP request found for state 0xfcd853a7fad14aaf, released from the list (7) eap: Peer sent method PEAP (25) (7) eap: EAP PEAP (25) (7) eap: Calling eap_peap to process EAP data (7) eap_peap: processing EAP-TLS (7) eap_peap: eaptls_verify returned 7 (7) eap_peap: Done initial handshake (7) eap_peap: eaptls_process returned 7 (7) eap_peap: FR_TLS_OK (7) eap_peap: Session established. Decoding tunneled attributes (7) eap_peap: PEAP state phase2 (7) eap_peap: EAP type MSCHAPv2 (26) (7) eap_peap: Got tunneled request (7) eap_peap: EAP-Message = 0x020900451a0209004031f720f64e114a568afc3428e187fef2d20000000000000000bcae7bc9d2c22a1291791a130d422a537209282de03718a00076646975736572303031 (7) eap_peap: Setting User-Name to vdiuser001 (7) eap_peap: Sending tunneled request to inner-tunnel (7) eap_peap: EAP-Message = 0x020900451a0209004031f720f64e114a568afc3428e187fef2d20000000000000000bcae7bc9d2c22a1291791a130d422a537209282de03718a00076646975736572303031 (7) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (7) eap_peap: User-Name = 'vdiuser001' (7) eap_peap: State = 0x6a2b492e6a22538fe503884f9d44e7ff (7) Virtual server inner-tunnel received request (7) EAP-Message = 0x020900451a0209004031f720f64e114a568afc3428e187fef2d20000000000000000bcae7bc9d2c22a1291791a130d422a537209282de03718a00076646975736572303031 (7) FreeRADIUS-Proxied-To = 127.0.0.1 (7) User-Name = 'vdiuser001' (7) State = 0x6a2b492e6a22538fe503884f9d44e7ff (7) server inner-tunnel { (7) session-state: No cached attributes (7) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (7) authorize { (7) [chap] = noop (7) [mschap] = noop (7) suffix: Checking for suffix after "@" (7) suffix: No '@' in User-Name = "vdiuser001", looking up realm NULL (7) suffix: No such realm "NULL" (7) [suffix] = noop (7) update control { (7) &Proxy-To-Realm := LOCAL (7) } # update control = noop (7) eap: Peer sent code Response (2) ID 9 length 69 (7) eap: No EAP Start, assuming it's an on-going EAP conversation (7) [eap] = updated (7) [files] = noop (7) sql: EXPAND %{User-Name} (7) sql: --> vdiuser001 (7) sql: SQL-User-Name set to 'vdiuser001' rlm_sql (sql): Reserved connection (0) (7) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (7) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'vdiuser001' ORDER BY id (7) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'vdiuser001' ORDER BY id (7) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (7) sql: --> SELECT groupname FROM radusergroup WHERE username = 'vdiuser001' ORDER BY priority (7) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'vdiuser001' ORDER BY priority (7) sql: User not found in any groups rlm_sql (sql): Released connection (0) rlm_sql (sql): Closing connection (1), from 1 unused connections rlm_sql_mysql: Socket destructor called, closing socket (7) [sql] = notfound rlm_ldap (ldap): Reserved connection (0) (7) ldap: EXPAND (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) (7) ldap: --> (sAMAccountName=vdiuser001) (7) ldap: Performing search in "ou=_TerAA_Users,dc=teraa,dc=local" with filter "(sAMAccountName=vdiuser001)", scope "sub" (7) ldap: Waiting for search result... (7) ldap: User object found at DN "CN=VDIuser001,OU=VDI,OU=PRS,OU=_TerAA_Users,DC=teraa,DC=local" (7) ldap: Processing user attributes (7) ldap: WARNING: No "known good" password added. Ensure the admin user has permission to read the password attribute (7) ldap: WARNING: PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure) rlm_ldap (ldap): Released connection (0) rlm_ldap (ldap): Closing connection (1), from 1 unused connections (7) [ldap] = ok (7) if (control:Ldap-UserDn =~ /OU=EDU/) { (7) if (control:Ldap-UserDn =~ /OU=EDU/) -> FALSE (7) elsif (control:Ldap-UserDn =~ /OU=PRS/) { (7) elsif (control:Ldap-UserDn =~ /OU=PRS/) -> TRUE (7) elsif (control:Ldap-UserDn =~ /OU=PRS/) { (7) update control { (7) Simultaneous-Use := 3 (7) } # update control = noop (7) update outer.session-state { (7) Tunnel-type = VLAN (7) Tunnel-medium-type = IEEE-802 (7) Tunnel-Private-Group-Id = PRS-WIFI-Client (7) } # update outer.session-state = noop (7) } # elsif (control:Ldap-UserDn =~ /OU=PRS/) = noop (7) ... skipping elsif for request 7: Preceding "if" was taken (7) ... skipping else for request 7: Preceding "if" was taken (7) [expiration] = noop (7) [logintime] = noop (7) [pap] = noop (7) } # authorize = updated (7) Found Auth-Type = EAP (7) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (7) authenticate { (7) eap: Expiring EAP session with state 0x6a2b492e6a22538f (7) eap: Finished EAP session with state 0x6a2b492e6a22538f (7) eap: Previous EAP request found for state 0x6a2b492e6a22538f, released from the list (7) eap: Peer sent method MSCHAPv2 (26) (7) eap: EAP MSCHAPv2 (26) (7) eap: Calling eap_mschapv2 to process EAP data (7) eap_mschapv2: # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (7) eap_mschapv2: Auth-Type MS-CHAP { (7) mschap: Creating challenge hash with username: vdiuser001 (7) mschap: Client is using MS-CHAPv2 (7) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}:
(7) mschap: EXPAND --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} (7) mschap: --> --username=vdiuser001 (7) mschap: Creating challenge hash with username: vdiuser001 (7) mschap: EXPAND --challenge=%{%{mschap:Challenge}:-00} (7) mschap: --> --challenge=9f432e6abc4ec74e (7) mschap: EXPAND --nt-response=%{%{mschap:NT-Response}:-00} (7) mschap: --> --nt-response=bcae7bc9d2c22a1291791a130d422a537209282de03718a0 (7) mschap: ERROR: Program returned code (1) and output 'Must change password (0xc0000224)' (7) mschap: ERROR: Must change password (0xc0000224) (7) mschap: Password has expired. The user should retry authentication (7) [mschap] = reject (7) } # Auth-Type MS-CHAP = reject (7) MSCHAP-Error: E=648 R=1 C=00063b49e7c084b7016b35ab4336020d V=3 M=Password Expired (7) Found new challenge from MS-CHAP-Error: err=648 retry=1 challenge=00063b49e7c084b7016b35ab4336020d (7) ERROR: MSCHAP Failure (7) eap: EAP session adding &reply:State = 0x6a2b492e6b21538f (7) [eap] = handled (7) } # authenticate = handled (7) } # server inner-tunnel (7) Virtual server sending reply (7) EAP-Message = 0x010a004c1a04090047453d36343820523d3120433d303030363362343965376330383462373031366233356162343333363032306420563d33204d3d50617373776f72642045787069726564 (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0x6a2b492e6b21538fe503884f9d44e7ff (7) eap_peap: Got tunneled reply code 11 (7) eap_peap: EAP-Message = 0x010a004c1a04090047453d36343820523d3120433d303030363362343965376330383462373031366233356162343333363032306420563d33204d3d50617373776f72642045787069726564 (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (7) eap_peap: State = 0x6a2b492e6b21538fe503884f9d44e7ff (7) eap_peap: Got tunneled reply RADIUS code 11 (7) eap_peap: EAP-Message = 0x010a004c1a04090047453d36343820523d3120433d303030363362343965376330383462373031366233356162343333363032306420563d33204d3d50617373776f72642045787069726564 (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (7) eap_peap: State = 0x6a2b492e6b21538fe503884f9d44e7ff (7) eap_peap: Got tunneled Access-Challenge (7) eap: EAP session adding &reply:State = 0xfcd853a7fbd24aaf (7) [eap] = handled (7) } # authenticate = handled (7) Using Post-Auth-Type Challenge (7) Post-Auth-Type sub-section not found. Ignoring. (7) # Executing group from file /etc/raddb/sites-enabled/default (7) session-state: Saving cached attributes (7) Tunnel-Type = VLAN (7) Tunnel-Medium-Type = IEEE-802 (7) Tunnel-Private-Group-Id = 'PRS-WIFI-Client' (7) Sent Access-Challenge Id 246 from 10.10.10.3:1812 to 10.70.1.1:32770 length 0 (7) EAP-Message = 0x010a006b19001703010060b3897a1c79b4063ee3eea85ec0eb5b1ffef302d6c90c1819ac828808598205d33c2dbad5a1af49ff0f8add5f0cb05a598bdae558b2e839b44204ac2b0fbc80437323b4f46871add958ea20f13a19e66bb6c2402389e445ba3305ffea4be0b16b (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0xfcd853a7fbd24aafb400e9d91b88b168 (7) Finished request
________________________________
Subject: Re: Pass change/expiry problem From: A.L.M.Buxey@lboro.ac.uk Date: Wed, 3 Jun 2015 08:20:33 +0100 To: freeradius-users@lists.freeradius.org; richardvanderveen@outlook.com; freeradius-users@lists.freeradius.org
I seem to recall a very recent change related to that feature. Can you try the latest pre 3.0.9 release (get it via git)?
alan
On Jun 3, 2015, at 10:33 AM, Richard van der Veen <richardvanderveen@outlook.com> wrote:
After I changed to 3.0.9 I am not getting a pass change window on my laptop anymore... it just tells me that the username or password is incorrect. I still can authenticate succesfully with a different user that has no expired password..
I'm not really sure what's going wrong here. I've been looking at this problem off and on for a few weeks now. Can you enable logging on the Windows side, and send the logs over? That may help.... https://msdn.microsoft.com/en-us/library/windows/desktop/aa813696%28v=vs.85%... Alan DeKok.
Hi Alan, The Logs are too big for this mailing list (larger than 512Kb) Is there any other way to send them over?
The Logs are too big for this mailing list (larger than 512Kb) Is there any other way to send them over?
A DropBox or SkyDrive link? Stefan Paetow Moonshot Industry & Research Liaison Coordinator t: +44 (0)1235 822 125 gpg: 0x3FCE5142 xmpp: stefanp@jabber.dev.ja.net skype: stefan.paetow.janet Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG jisc.ac.uk Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800. Jisc Collections and Janet Ltd. is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under Company No. number 2881024, VAT No. GB 197 0632 86. The registered office is: Lumen House, Library Avenue, Harwell, Didcot, Oxfordshire, OX11 0SG. T 01235 822200.
On Jun 9, 2015, at 2:26 AM, Richard van der Veen <richardvanderveen@outlook.com> wrote:
The Logs are too big for this mailing list (larger than 512Kb) Is there any other way to send them over?
Zip them and mail them to me off-list. Alan DeKok.
participants (3)
-
Alan DeKok -
Richard van der Veen -
Stefan Paetow