Terminate EAP-TTLS then proxy
I would like to be able to proxy the Auth request after terminating the EAP-TTLS. FreeRadius sees the realm prefix on the User-Name and wants to proxy first. Is this possible or even sensible please? Regards, Adrian
yes.... with various extra bits of config. firstly, you would need to use unlang to set the authentication to be local for a particular realm, then, in the inner-tunnel, you would need to use unlang to proxy the request to a defined realm pool. alan On 12 June 2017 at 07:51, <adrian.p.smith@bt.com> wrote:
I would like to be able to proxy the Auth request after terminating the EAP-TTLS. FreeRadius sees the realm prefix on the User-Name and wants to proxy first.
Is this possible or even sensible please?
Regards,
Adrian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
You would also want to comment the "suffix" module from your main "default" site and add it to inner-tunnel Suffix is what looks up the realms from the proxy.conf and adds the proxy destination to request or not. On 13/06/2017 06:11, "Alan Buxey" <alan.buxey@gmail.com> wrote:
yes.... with various extra bits of config. firstly, you would need to use unlang to set the authentication to be local for a particular realm, then, in the inner-tunnel, you would need to use unlang to proxy the request to a defined realm pool.
alan
I would like to be able to proxy the Auth request after terminating the EAP-TTLS. FreeRadius sees the realm prefix on the User-Name and wants to proxy first.
Is this possible or even sensible please?
Regards,
Adrian - List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
On 12 June 2017 at 07:51, <adrian.p.smith@bt.com> wrote: - List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
yes.... with various extra bits of config. firstly, you would need to use unlang to set the authentication to be local for a particular realm, then, in the inner-tunnel, you would need to use unlang to proxy the request to a defined realm pool.
alan
I would like to be able to proxy the Auth request after terminating the EAP-TTLS. FreeRadius sees the realm prefix on the User-Name and wants to proxy first.
Is this possible or even sensible please?
Regards,
Adrian - List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
On 12 June 2017 at 07:51, <adrian.p.smith@bt.com> wrote: - List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
Thanks for the tips, this has got me a lot further. My default server now does the EAP work and passes the Access-Request to the inner-tunnel, but I think I need one last thing as it doesn't want to proxy it: server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated [suffix] Request already proxied. Ignoring. ++[suffix] returns ok [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel Do I need to somehow reset the proxy state? Thanks in advance, Adrian -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+adrian.p.smith=bt.com@lists.freeradius.org] On Behalf Of Peter Lambrechtsen Sent: 12 June 2017 20:58 To: FreeRadius users mailing list Subject: Re: Terminate EAP-TTLS then proxy You would also want to comment the "suffix" module from your main "default" site and add it to inner-tunnel Suffix is what looks up the realms from the proxy.conf and adds the proxy destination to request or not. On 13/06/2017 06:11, "Alan Buxey" <alan.buxey@gmail.com> wrote: - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 13 June 2017 09:19:21 BST, adrian.p.smith@bt.com wrote:
Thanks for the tips, this has got me a lot further. My default server now does the EAP work and passes the Access-Request to the inner-tunnel, but I think I need one last thing as it doesn't want to proxy it:
server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated [suffix] Request already proxied. Ignoring. ++[suffix] returns ok [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel
What does the rest of the debug output say? Proxying happens after this. -- Matthew
Ah sorry, here's the rest of it: [ttls] Got tunneled reply code 0 [ttls] Tunneled authentication will be proxied to passpoint [eap] Tunneled session will be proxied. Not doing EAP. ++[eap] returns handled WARNING: Cancelling proxy to Realm LOCAL, as the realm is local. There was no response configured: rejecting request 42 Using Post-Auth-Type Reject -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+adrian.p.smith=bt.com@lists.freeradius.org] On Behalf Of Matthew Newton Sent: 13 June 2017 09:49 To: FreeRadius users mailing list Subject: RE: Terminate EAP-TTLS then proxy On 13 June 2017 09:19:21 BST, adrian.p.smith@bt.com wrote:
Thanks for the tips, this has got me a lot further. My default server now does the EAP work and passes the Access-Request to the inner-tunnel, but I think I need one last thing as it doesn't want to proxy it:
server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated [suffix] Request already proxied. Ignoring. ++[suffix] returns ok [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel
What does the rest of the debug output say? Proxying happens after this. -- Matthew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 13 June 2017 10:20:56 BST, adrian.p.smith@bt.com wrote:
Ah sorry, here's the rest of it:
[ttls] Got tunneled reply code 0 [ttls] Tunneled authentication will be proxied to passpoint [eap] Tunneled session will be proxied. Not doing EAP. ++[eap] returns handled WARNING: Cancelling proxy to Realm LOCAL, as the realm is local.
Look in proxy.conf. The 'passpoint' realm likely isn't configured correctly. -- Matthew
Here is the full debug output which hopefully shows all the proxy configuration: FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on Oct 2 2012 at 18:42:42 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including files in directory /etc/raddb/proxies/ including configuration file /etc/raddb/proxies/mis.conf including configuration file /etc/raddb/proxies/vodafone.lab.conf including configuration file /etc/raddb/proxies/sps_fr.lab.conf including configuration file /etc/raddb/proxies/bt_mobile_consumer.lab.conf including configuration file /etc/raddb/proxies/mna.lab.conf including configuration file /etc/raddb/proxies/tbb_802_1x.lab.conf including configuration file /etc/raddb/proxies/ip_tracker.lab.conf including configuration file /etc/raddb/proxies/proxy.conf including configuration file /etc/raddb/proxies/wifi_roam_realms.conf including configuration file /etc/raddb/proxies/consulate.lab.conf including configuration file /etc/raddb/proxies/paulw_test_lab.conf including configuration file /etc/raddb/proxies/wifi_roam.lab.conf including configuration file /etc/raddb/proxies/nonso_test_lab.conf including configuration file /etc/raddb/proxies/mis.lab.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/ntlm_auth including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/detail-store.btngh.openzone.com including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/sql_log_store including configuration file /etc/raddb/modules/detail.iptracker including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/opendirectory including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/soh including configuration file /etc/raddb/modules/rediswho including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/replicate including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/detail.btngh.openzone.com including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/redis including configuration file /etc/raddb/modules/detail.vodafone including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/detail.wifi-roam including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/detail.consulate including configuration file /etc/raddb/modules/dynamic_clients including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/detail.relay-wlc-mis including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/acct_wifi-roam including configuration file /etc/raddb/sites-enabled/consulate-server including configuration file /etc/raddb/sites-enabled/wifi_roam-server including configuration file /etc/raddb/sites-enabled/nonso_wifi_roam-server including configuration file /etc/raddb/sites-enabled/acct_iptracker including configuration file /etc/raddb/sites-enabled/bt-mobile-consumer-server including configuration file /etc/raddb/sites-enabled/acct_consulate including configuration file /etc/raddb/sites-enabled/default including configuration file /etc/raddb/sites-enabled/acct_aggregator_wlc including configuration file /etc/raddb/sites-enabled/vodafone including configuration file /etc/raddb/sites-enabled/inner-tunnel including configuration file /etc/raddb/sites-enabled/control-socket including configuration file /etc/raddb/sites-enabled/testing_802.1x including configuration file /etc/raddb/sites-enabled/acct_aggregator including configuration file /etc/raddb/sites-enabled/802.1x-server main { user = "radiusd" group = "radiusd" allow_core_dumps = no } including dictionary file /etc/raddb/dictionary main { name = "radiusd" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/radius" run_dir = "/var/run/radiusd" libdir = "/usr/lib64/freeradius" radacctdir = "/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server mis-acct-relay-server-1 { ipaddr = 192.168.160.16 port = 1813 type = "acct" secret = "testing123" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server mis-acct-relay-server-2 { ipaddr = 192.168.160.17 port = 1813 type = "acct" secret = "testing123" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server par { ipaddr = 192.168.24.22 port = 1645 type = "auth+acct" secret = "BTpwlan-rds" response_window = 20 max_outstanding = 65536 require_message_authenticator = no zombie_period = 40 status_check = "request" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 username = "test_user_please_reject_me" password = "this is meaningless" } home_server SPS_FR { ipaddr = 192.168.19.20 port = 1812 type = "auth" secret = "RVfbRy4T" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server bt-mobile-consumer-acct-spool-server { virtual_server = "bt-mobile-consumer-server-acct" port = 0 type = "acct" response_window = 30 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server mna-auth-server-harmondsworth-a { ipaddr = 193.113.44.19 port = 1645 type = "auth" secret = "nean1ngTwoLiph3" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "request" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 username = "server@test.alive.com" password = "this is meaningless" } home_server mna-auth-server-harmondsworth-b { ipaddr = 193.113.44.20 port = 1645 type = "auth" secret = "nean1ngTwoLiph3" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "request" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 username = "server@test.alive.com" password = "this is meaningless" } home_server mna-auth-server-reigate-a { ipaddr = 193.113.44.21 port = 1645 type = "auth" secret = "nean1ngTwoLiph3" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "request" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 username = "server@test.alive.com" password = "this is meaningless" } home_server mna-auth-server-reigate-b { ipaddr = 193.113.44.22 port = 1645 type = "auth" secret = "nean1ngTwoLiph3" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "request" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 username = "server@test.alive.com" password = "this is meaningless" } home_server tbb_802.1x-acct-spool-server { virtual_server = "tbb_802.1x-server-acct" port = 0 type = "acct" response_window = 30 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server IPTracker { ipaddr = 193.113.44.16 port = 1813 type = "acct" secret = "mysecret" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server consulate-server-1 { ipaddr = 193.113.24.74 port = 1645 type = "auth+acct" secret = "BCt0ONn53uPLh40tn332013" response_window = 30 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server consulate-acct { virtual_server = "consulate-server-acct" port = 0 response_window = 30 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server testing-802.1x-auth-server { ipaddr = 192.168.49.99 port = 1812 type = "auth+acct" secret = "testing123" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server wifi-roam-server-1 { ipaddr = 147.152.56.119 port = 1812 type = "auth+acct" secret = "radius123" response_window = 30 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server wifi-roam-acct { virtual_server = "wifi-roam-server-acct" port = 0 response_window = 30 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server_pool mis-acct-relay-pool { type = fail-over home_server = mis-acct-relay-server-1 home_server = mis-acct-relay-server-2 } realm acct_mis_aggregator { acct_pool = mis-acct-relay-pool } home_server_pool vf_auth_failover { type = fail-over virtual_server = vf-server-auth home_server = par } realm wlan.mnc015.mcc234.3gppnetwork.org { auth_pool = vf_auth_failover nostrip } home_server_pool SPS_FR_pool { home_server = SPS_FR } realm passpoint { auth_pool = SPS_FR_pool nostrip } home_server_pool bt-mobile-consumer-auth-pool { type = fail-over virtual_server = bt-mobile-consumer-server-auth home_server = mna-auth-server-harmondsworth-a home_server = mna-auth-server-harmondsworth-b home_server = mna-auth-server-reigate-a home_server = mna-auth-server-reigate-b } home_server_pool bt-mobile-consumer-acct-pool { home_server = bt-mobile-consumer-acct-spool-server } realm wlan.mnc030.mcc234.3gppnetwork.org { auth_pool = bt-mobile-consumer-auth-pool acct_pool = bt-mobile-consumer-acct-pool nostrip } home_server_pool tbb_802.1x-auth-pool { type = fail-over virtual_server = tbb_802.1x-server-auth home_server = mna-auth-server-harmondsworth-a home_server = mna-auth-server-harmondsworth-b home_server = mna-auth-server-reigate-a home_server = mna-auth-server-reigate-b } home_server_pool tbb_802.1x-acct-pool { home_server = tbb_802.1x-acct-spool-server } realm 8021x:BTRCon { auth_pool = tbb_802.1x-auth-pool acct_pool = tbb_802.1x-acct-pool nostrip } home_server_pool IPTracker_pool { home_server = IPTracker } realm iptracker { acct_pool = IPTracker_pool } realm LOCAL { } home_server_pool wifi-roam-auth-pool { type = fail-over virtual_server = wifi-roam-server-auth home_server = wifi-roam-server-1 } home_server_pool wifi-roam-acct-pool { home_server = wifi-roam-acct } realm adastral.bt.com { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } home_server_pool wifi-roam-mobile-data-offload-auth-pool { type = fail-over virtual_server = wifi-roam-server-mobile-data-offload-auth home_server = wifi-roam-server-1 } realm adastral-offload.bt.com { auth_pool = wifi-roam-mobile-data-offload-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc008.mcc450.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm ktwifi.com { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc410.mcc310.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm bandwidthx { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm bwxeap { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc023.mcc724.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc010.mcc724.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc011.mcc724.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc006.mcc724.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc004.mcc410.3gppnetwork.org { auth_pool = wifi-roam-mobile-data-offload-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc050.mcc621.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc010.mcc440.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wifiroam.bt.com { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } home_server_pool consulate-auth-pool { virtual_server = consulate-server-auth home_server = consulate-server-1 } home_server_pool consulate-acct-pool { home_server = consulate-acct } realm wlan.mnc008.mcc234.3gppnetwork.org { auth_pool = consulate-auth-pool acct_pool = consulate-acct-pool nostrip } home_server_pool consulate-acct-relay-pool { home_server = consulate-server-1 } realm acct_consulate { acct_pool = consulate-acct-relay-pool nostrip } home_server_pool testing-802.1x-auth-pool { virtual_server = testing_802.1x-server home_server = testing-802.1x-auth-server } realm 1xTesting { auth_pool = testing-802.1x-auth-pool acct_pool = tbb_802.1x-acct-pool nostrip } home_server_pool wifi-roam-acct-relay-pool { type = fail-over home_server = wifi-roam-server-1 } realm acct_wifi-roam { acct_pool = wifi-roam-acct-relay-pool nostrip } realm wifi-roam { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } home_server_pool nonso-wifi-roam-auth-pool { type = fail-over virtual_server = nonso-wifi-roam-server-auth home_server = mna-auth-server-harmondsworth-a } realm nonso { auth_pool = nonso-wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } home_server_pool testing-802.1x-acct-pool { home_server = testing-802.1x-auth-server } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" shortname = "localhost" nastype = "other" } client 192.168.70.0/24 { require_message_authenticator = no secret = "cisco" shortname = "isg-ssg-net-1" nastype = "cisco" } client 192.168.170.0/24 { require_message_authenticator = no secret = "cisco" shortname = "isg-ssg-net-2" nastype = "cisco" } client 192.168.14.0/24 { require_message_authenticator = no secret = "cisco" shortname = "isg-ssg-net-3" nastype = "cisco" } client 192.168.100.31 { require_message_authenticator = no secret = "m0n1t0r" shortname = "monitor-1" } client 192.168.160.31 { require_message_authenticator = no secret = "m0n1t0r" shortname = "monitor-2" } client 192.168.79.2 { require_message_authenticator = no secret = "Vop&in2SwAsf" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.79.3 { require_message_authenticator = no secret = "Vop&in2SwAsf" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.179.2 { require_message_authenticator = no secret = "Vop&in2SwAsf" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.179.3 { require_message_authenticator = no secret = "Vop&in2SwAsf" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.18.2 { require_message_authenticator = no secret = "Vop&in2SwAsf" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.18.3 { require_message_authenticator = no secret = "Vop&in2SwAsf" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.49.96 { require_message_authenticator = no secret = "8021x" } client 10.0.0.0/8 { require_message_authenticator = no secret = "1t5b1gg3rthan1tl00k5" nastype = "cisco" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /etc/raddb/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/raddb/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/raddb/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /etc/raddb/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file /etc/raddb/radiusd.conf modules { Module: Creating Post-Auth-Type = REJECT Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/raddb/eap.conf eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/etc/raddb/certs" pem_file_type = yes private_key_file = "/etc/raddb/certs/server.pem" certificate_file = "/etc/raddb/certs/server.pem" CA_file = "/etc/raddb/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/raddb/certs/dh" random_file = "/etc/raddb/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" cache { enable = no lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/raddb/modules/preprocess preprocess { huntgroups = "/etc/raddb/huntgroups" hints = "/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/raddb/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes } Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /etc/raddb/modules/digest Module: Linked to module rlm_realm Module: Instantiating module "IPASS" from file /etc/raddb/modules/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } Module: Instantiating module "suffix" from file /etc/raddb/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/raddb/modules/files files { usersfile = "/etc/raddb/users" acctusersfile = "/etc/raddb/acct_users" preproxy_usersfile = "/etc/raddb/preproxy_users" compat = "no" } Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/raddb/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Loading virtual module update_proxy_realm_for_wifi_roam_ee_traffic Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/raddb/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Framed-IP-Address, NAS-Port-Id" } Module: Checking accounting {...} for more modules to load Module: Loading virtual module update_proxy_realm_for_wifi_roam_ee_traffic Module: Linked to module rlm_detail Module: Instantiating module "detail.relay-wlc-mis" from file /etc/raddb/modules/detail.relay-wlc-mis detail detail.relay-wlc-mis { detailfile = "/var/log/radius/radacct/relay-wlc-mis-acct/detail-%Y%m%d:%H" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_always Module: Instantiating module "ok" from file /etc/raddb/modules/always always ok { rcode = "ok" simulcount = 0 mpp = no } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/raddb/attrs.accounting_response" key = "%{User-Name}" relaxed = no } Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp radutmp { filename = "/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_sql_log Module: Instantiating module "sql_log" from file /etc/raddb/modules/sql_log sql_log { path = "/var/log/radius/radacct/relay-acct/reject-%Y%m%d:%H" Post-Auth = "%t Acct-Status-Type = Interim-Update User-Name = "%{User-Name}" Acct-Session-Id = "REJECT" BTOpenzone-Reject-Message = "8021xReject:%{reply:Reply-Message}" NAS-IP-Address = %{NAS-IP-Address} Framed-IP-Address = %{Framed-IP-Address} Called-Station-Id = %{Called-Station-Id} Calling-Station-Id = %{Calling-Station-Id} Acct-Delay-Time = 0 Timestamp = %l " sql_user_name = "%{%{User-Name}:-DEFAULT}" utf8 = yes safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } Module: Instantiating module "sql_log_store" from file /etc/raddb/modules/sql_log_store sql_log sql_log_store { path = "/var/log/radius/radacct/store-acct/reject-%Y%m%d:%H" Post-Auth = "%t Acct-Status-Type = Interim-Update User-Name = "%{User-Name}" Acct-Session-Id = "REJECT" BTOpenzone-Reject-Message = "8021xReject:%{reply:Reply-Message}" NAS-IP-Address = %{NAS-IP-Address} Framed-IP-Address = %{Framed-IP-Address} Called-Station-Id = %{Called-Station-Id} Calling-Station-Id = %{Calling-Station-Id} Acct-Delay-Time = 0 Timestamp = %l " sql_user_name = "%{%{User-Name}:-DEFAULT}" utf8 = yes safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } Module: Instantiating module "attr_filter.access_reject" from file /etc/raddb/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/raddb/attrs.access_reject" key = "%{User-Name}" relaxed = no } } # modules } # server server acct_wifi-roam { # from file /etc/raddb/sites-enabled/acct_wifi-roam modules { Module: Checking accounting {...} for more modules to load } # modules } # server server consulate-server-auth { # from file /etc/raddb/sites-enabled/consulate-server modules { Module: Checking post-proxy {...} for more modules to load } # modules } # server server consulate-server-acct { # from file /etc/raddb/sites-enabled/consulate-server modules { Module: Checking accounting {...} for more modules to load Module: Loading virtual module set_customer_info_vsa Module: Loading virtual module log_packet Module: Instantiating module "detail-store.btngh.openzone.com" from file /etc/raddb/modules/detail-store.btngh.openzone.com detail detail-store.btngh.openzone.com { detailfile = "/var/log/radius/radacct/store-acct/detail-%Y%m%d:%H" header = "%t" detailperm = 416 dirperm = 493 locking = no log_packet_header = no } Module: Loading virtual module proxy_to_mis Module: Instantiating module "detail.btngh.openzone.com" from file /etc/raddb/modules/detail.btngh.openzone.com detail detail.btngh.openzone.com { detailfile = "/var/log/radius/radacct/relay-acct/detail-%Y%m%d:%H" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Loading virtual module remove_btopenzone_vsas Module: Instantiating module "detail.consulate" from file /etc/raddb/modules/detail.consulate detail detail.consulate { detailfile = "/var/log/radius/radacct/consulate/detail-%Y%m%d:%H" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } } # modules } # server server wifi-roam-server-auth { # from file /etc/raddb/sites-enabled/wifi_roam-server modules { Module: Checking pre-proxy {...} for more modules to load Module: Checking post-proxy {...} for more modules to load } # modules } # server server wifi-roam-server-mobile-data-offload-auth { # from file /etc/raddb/sites-enabled/wifi_roam-server modules { Module: Checking pre-proxy {...} for more modules to load Module: Checking post-proxy {...} for more modules to load } # modules } # server server wifi-roam-server-acct { # from file /etc/raddb/sites-enabled/wifi_roam-server modules { Module: Checking accounting {...} for more modules to load Module: Loading virtual module set_customer_info_vsa Module: Loading virtual module log_packet Module: Loading virtual module proxy_to_mis Module: Loading virtual module remove_btopenzone_vsas Module: Instantiating module "detail.wifi-roam" from file /etc/raddb/modules/detail.wifi-roam detail detail.wifi-roam { detailfile = "/var/log/radius/radacct/wifi-roam/detail-%Y%m%d:%H" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } } # modules } # server server nonso-wifi-roam-server-auth { # from file /etc/raddb/sites-enabled/nonso_wifi_roam-server modules { Module: Checking pre-proxy {...} for more modules to load Module: Checking post-proxy {...} for more modules to load } # modules } # server server acct_iptracker { # from file /etc/raddb/sites-enabled/acct_iptracker modules { Module: Checking accounting {...} for more modules to load } # modules } # server server bt-mobile-consumer-server-auth { # from file /etc/raddb/sites-enabled/bt-mobile-consumer-server modules { Module: Checking pre-proxy {...} for more modules to load Module: Instantiating module "reject" from file /etc/raddb/modules/always always reject { rcode = "reject" simulcount = 0 mpp = no } Module: Checking post-proxy {...} for more modules to load } # modules } # server server bt-mobile-consumer-server-acct { # from file /etc/raddb/sites-enabled/bt-mobile-consumer-server modules { Module: Checking accounting {...} for more modules to load Module: Loading virtual module set_customer_info_vsa Module: Loading virtual module log_packet Module: Loading virtual module proxy_to_mis Module: Loading virtual module set_class_with_parental_control_csfid Module: Loading virtual module proxy_to_iptracker Module: Instantiating module "detail.iptracker" from file /etc/raddb/modules/detail.iptracker detail detail.iptracker { detailfile = "/var/log/radius/radacct/iptracker/detail-%Y%m%d:%H" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } } # modules } # server server acct_consulate { # from file /etc/raddb/sites-enabled/acct_consulate modules { Module: Checking accounting {...} for more modules to load } # modules } # server server acct_aggregator_wlc { # from file /etc/raddb/sites-enabled/acct_aggregator_wlc modules { Module: Checking accounting {...} for more modules to load } # modules } # server server vf-server-auth { # from file /etc/raddb/sites-enabled/vodafone modules { Module: Checking pre-proxy {...} for more modules to load } # modules } # server server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /etc/raddb/modules/unix unix { radwtmp = "/var/log/radius/radwtmp" } Module: Checking authorize {...} for more modules to load Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server server testing_802.1x-server { # from file /etc/raddb/sites-enabled/testing_802.1x modules { Module: Checking post-proxy {...} for more modules to load } # modules } # server server acct_aggregator { # from file /etc/raddb/sites-enabled/acct_aggregator modules { Module: Checking accounting {...} for more modules to load } # modules } # server server tbb_802.1x-server-auth { # from file /etc/raddb/sites-enabled/802.1x-server modules { Module: Checking post-proxy {...} for more modules to load } # modules } # server server tbb_802.1x-server-acct { # from file /etc/raddb/sites-enabled/802.1x-server modules { Module: Checking accounting {...} for more modules to load Module: Loading virtual module set_customer_info_vsa Module: Loading virtual module proxy_to_mis Module: Loading virtual module log_packet Module: Loading virtual module set_class_with_parental_control_csfid Module: Loading virtual module proxy_to_iptracker Module: Loading virtual module set_customer_info_vsa Module: Loading virtual module proxy_to_mis Module: Loading virtual module log_packet Module: Loading virtual module set_class_with_parental_control_csfid Module: Loading virtual module proxy_to_iptracker } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "control" listen { socket = "/var/run/radiusd/radiusd.sock" mode = "rw" } } listen { type = "detail" listen { filename = "/var/log/radius/radacct/wifi-roam/*" load_factor = 10 poll_interval = 1 retry_interval = 30 } } listen { type = "detail" listen { filename = "/var/log/radius/radacct/iptracker/*" load_factor = 10 poll_interval = 1 retry_interval = 30 } } listen { type = "detail" listen { filename = "/var/log/radius/radacct/consulate/*" load_factor = 10 poll_interval = 1 retry_interval = 30 } } listen { type = "detail" listen { filename = "/var/log/radius/radacct/relay-wlc-mis-acct/*" load_factor = 10 poll_interval = 1 retry_interval = 30 } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } listen { type = "detail" listen { filename = "/var/log/radius/radacct/relay-acct/*" load_factor = 10 poll_interval = 1 retry_interval = 30 } } ... adding new socket proxy address * port 51816 ... adding new socket proxy address * port 35812 ... adding new socket proxy address * port 49773 ... adding new socket proxy address * port 35902 ... adding new socket proxy address * port 53673 ... adding new socket proxy address * port 56106 ... adding new socket proxy address * port 44312 ... adding new socket proxy address * port 36881 ... adding new socket proxy address * port 57465 ... adding new socket proxy address * port 57482 ... adding new socket proxy address * port 52562 ... adding new socket proxy address * port 54724 ... adding new socket proxy address * port 52919 ... adding new socket proxy address * port 33010 ... adding new socket proxy address * port 36902 ... adding new socket proxy address * port 34021 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radiusd.sock Listening on detail file /var/log/radius/radacct/wifi-roam/* as server acct_wifi-roam Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.000000 sec Listening on detail file /var/log/radius/radacct/iptracker/* as server acct_iptracker Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.000000 sec Listening on detail file /var/log/radius/radacct/consulate/* as server acct_consulate Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.000000 sec Listening on detail file /var/log/radius/radacct/relay-wlc-mis-acct/* as server acct_aggregator_wlc Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.000000 sec Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on detail file /var/log/radius/radacct/relay-acct/* as server acct_aggregator Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.000000 sec Listening on proxy address * port 1814 Waking up in 0.9 seconds. Ignoring request to accounting address * port 1813 from unknown client 192.168.210.119 port 15584 Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.762087 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.184472 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.968853 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.196113 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.159930 sec Waking up in 0.7 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.910616 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.090084 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.047471 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.791355 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.934825 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.133416 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.880455 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.024520 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.998717 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.876140 sec Waking up in 0.5 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.095130 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.761203 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.897342 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.203089 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.987794 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.171263 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.859814 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.103368 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.165571 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.959404 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.179172 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.169633 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.055037 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.804247 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.884002 sec Waking up in 0.6 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.101099 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.827031 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.049407 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.844278 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.936085 sec Waking up in 0.6 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.962783 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.763935 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.849558 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.816061 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.158354 sec Waking up in 0.6 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.795744 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.016506 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.026287 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.866814 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.841071 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.119251 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.887604 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.814666 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.924802 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.178640 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.806821 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.213465 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.169523 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.870682 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.864038 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.781469 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.765307 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.938362 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.203898 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.778849 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.939067 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.095710 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.837704 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.888245 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.050866 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.247675 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.968173 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.930630 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.120660 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.870914 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.163044 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.803467 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.007536 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.762546 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.183909 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.118080 sec Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=92, length=298 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020100150170617373706f696e742f61647269616e Message-Authenticator = 0xdce173614585eee51e3f391f5272dbca # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 0: Preceding "if" was taken [eap] EAP packet type response id 1 length 21 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop ++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...} +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) ? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE ??? Skipping (User-Name >= '0234081219003212' ) ??? Skipping (User-Name < '0234081219003215') ??? Skipping (User-Name >= '1234081219003212' ) ??? Skipping (User-Name < '1234081219003215') +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE ++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 92 to 192.168.70.22 port 21652 EAP-Message = 0x01020016041084b12e630735452cd5eb22349496369d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x69a2611669a065fbab376a297e7dc1fa Finished request 0. Going to the next request Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=93, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020200060315 State = 0x69a2611669a065fbab376a297e7dc1fa Message-Authenticator = 0x74934585fb3c792bcfa76eb4d1fa8fac # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 1: Preceding "if" was taken [eap] EAP packet type response id 2 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop ++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...} +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) ? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE ??? Skipping (User-Name >= '0234081219003212' ) ??? Skipping (User-Name < '0234081219003215') ??? Skipping (User-Name >= '1234081219003212' ) ??? Skipping (User-Name < '1234081219003215') +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE ++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/ttls [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 93 to 192.168.70.22 port 21652 EAP-Message = 0x010300061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x69a2611668a174fbab376a297e7dc1fa Finished request 1. Going to the next request rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=94, length=422 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x0203007f15800000007516030100700100006c0301593fb27d0543bff4106d055f6c72e468ba33ead96239fee54ab3c41fcc41727500002000ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000a01000023000a00080006001700180019000b000201000005000501000000000012000000170000 State = 0x69a2611668a174fbab376a297e7dc1fa Message-Authenticator = 0xfd37c07fad4424f3cb1f6600d6d971fd # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 2: Preceding "if" was taken [eap] EAP packet type response id 3 length 127 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 117 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< TLS 1.0 Handshake [length 0070], ClientHello [ttls] TLS_accept: SSLv3 read client hello A [ttls] >>> TLS 1.0 Handshake [length 0031], ServerHello [ttls] TLS_accept: SSLv3 write server hello A [ttls] >>> TLS 1.0 Handshake [length 085e], Certificate [ttls] TLS_accept: SSLv3 write certificate A [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [ttls] TLS_accept: SSLv3 write server done A [ttls] TLS_accept: SSLv3 flush data [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 94 to 192.168.70.22 port 21652 EAP-Message = 0x0104040015c0000008a216030100310200002d0301593fb253915b26746a88ec852836e50cbb23e4eace6110dd23f3f36e2185c9a3000035000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175 EAP-Message = 0x74686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b371e076b9340e282c6e1cf5c7f590455edd0fd3a687ce88156a2b9a50c6bbb66b6faffddc57708681a1674f3ab015da579681f9d90bf7 EAP-Message = 0xd1330c7ac1c7b7874052c6c2bcca7ecbc91594cc9a604d2f2b797305601b8eeff38552d3f16ae0b91d1b2b030da5502a542a9048540d7b33010fbe20d41944be461f594c2cce0e3fb50317af8e5aae7a3a6736b563578ef69a53c2d76a1ba30e05ed164b8a6ad8176027bf441a896408f36e03c63e882efa495adcd55f4a5718afc237414efe3b25782b535c64ed95b829e372f142df1a6a36d50701d259362fedbbeabbd224332c69121a08406a746330fb2c1d142c154e70396141b72730e4a75f9e991407257f030203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003820101006dfa EAP-Message = 0x5e04b81b2ffdeffb1f3f69247b47e419fe62e7ac89540cd2085ce6788ad8bd21b5bd1e522cbe0600ebce7160f0ac20d8ce5a2260332dd3771926f66fb5ce67da8f234cf3d134077337bd0c702c6c30348515804c21b78698585c565d27d083558d117883502e091eaf14192e8b8968ba76a058da7e7216ea651fa7bfdfcef58f529f322e4ac8470d2b39d6ff44ff5c6537cd395ab2db31274806b6d3cae72cf6402b688ba0b1a88177ed1437f85f29272468cfea3d9cd8bad0987409665081059d869bea56f6f5532603a5e5bfd9a60d9c86a0fc509c5aa88bba6aca64d6c4c613ceca414c8cb1b8c90c93f2a808f2010ad6ff18001b103ebff52b3cfe EAP-Message = 0x360004ab308204a73082038f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x69a261166ba674fbab376a297e7dc1fa Finished request 2. Going to the next request Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.838692 sec rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=95, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020400061500 State = 0x69a261166ba674fbab376a297e7dc1fa Message-Authenticator = 0x7aa62ceaa5cd777c0d17ca355e54fef6 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 3: Preceding "if" was taken [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 95 to 192.168.70.22 port 21652 EAP-Message = 0x0105040015c0000008a2a003020102020900fd65661b682c5e78300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a308193310b3009060355040613024652310f300d06035504081306526164 EAP-Message = 0x6975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100ee3c2ba8f85aeccc234f9f45096a92322fa364d02f7f15a9592ab47d52ad5986a9fbf9180db38c1af8eb224cd6fe6679e0d7e0648a55a300a47230a0484060db26f903ea9051bb7d3cc7f76a8724cf06872cc63f936368643acdf0a4d4a05c8ac709d55b EAP-Message = 0x3b05244b648c04e99a459b9d8acc97bdbfe10e012fd54d4a4ffe6e23eb8a91d2863405e2f6dfb6d105d1277ebe4b834fefec0fcb5c84de23f41da805493e3ac6b29ade601a3891f995b741df4319feba99c44ef6f1c15d58bcb14be3af7cc25e60e4580b835a9d35699294e1ef7326f8eae174cb5576ec182ad7ff75441e92bfc695366edb74035d315a0c0d4de88aaeae5a7b96a43449db6ecc28a50203010001a381fb3081f8301d0603551d0e04160414148539189e922627c55b7d1c5c83d4e2143cd8453081c80603551d230481c03081bd8014148539189e922627c55b7d1c5c83d4e2143cd845a18199a48196308193310b3009060355040613 EAP-Message = 0x024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900fd65661b682c5e78300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100dc740339a8b23806ed73149bc8dea84d031846f478fddb33fd69758358091fc3589fb6315d325b24eaf3bc83525c81c3043e0ef2f64be3e68df936d299c8e36e1eb0aa529d7252 EAP-Message = 0xadc89de309a2b64b03db41c5 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x69a261166aa774fbab376a297e7dc1fa Finished request 3. Going to the next request Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.917240 sec Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=96, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020500061500 State = 0x69a261166aa774fbab376a297e7dc1fa Message-Authenticator = 0x72271a5a20f083cb1ac844a149d3e1bd # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 4: Preceding "if" was taken [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 96 to 192.168.70.22 port 21652 EAP-Message = 0x010600c01580000008a2b5f52cd563f8b30d8cf1a81f9b88a0635659f6da57ffac9851e7a2d5541878f14ffd640011ed52fe5884fa34d2a8f793bbcabc9d415b656a54bf93317216dfb5df372942a7ec23d4adf37114088858a21b35886a08df05448cce7bdfecf2201788c350466387cc8391cb547efa8feacfd34e3da7ffbfee827d66c5476756bd1540dd6af11cdf8a8d96384e7a4bb6aa9f8ea07cf211bfa7e45bc81529eaaf76108bad0a14bef793a29f4b15a64716030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x69a261166da474fbab376a297e7dc1fa Finished request 4. Going to the next request Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=97, length=633 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020601501580000001461603010106100001020100a3a6fc81ed5db338b094fc36d60260c21f7d25f0b3ca016ec64cae258aff16375caa4e600c3ca12d3a955c992d447a3aeda5e61a2c96c809084d2f98ea094fb4367594ecdc54659ec61117e10d86ec36121332876b932d4845d14763dd8efafdcb60bf570db90f509bf4b22dcbad841af192945427c39e085b70738438f3942aa25fdd524189bdd40c1b241f1b9bb8073cbfacef6c241e7e3b1979604c0d97957c92d44e41ee9af64fbff6269bae9bcde3bb8c0f8c82bd110ed29e6798a39678b5c36d7c583b219f92d30e4db7cb407f6520642768cf56198a5f729798a7a2cc0a48e61a3af826c3 EAP-Message = 0x36639897c11875370386fab261580f84474d26e7b5092ddd1403010001011603010030eaaac2eb818252a3144bdac118efede1100277e235494f8179796375b3c2c7f532eb1aebe8285f30910986b8a397e150 State = 0x69a261166da474fbab376a297e7dc1fa Message-Authenticator = 0x91105ccbf2c6132fefea1c979f1cd27d # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 5: Preceding "if" was taken [eap] EAP packet type response id 6 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 326 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [ttls] TLS_accept: SSLv3 read client key exchange A [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] [ttls] <<< TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 read finished A [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] [ttls] TLS_accept: SSLv3 write change cipher spec A [ttls] >>> TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 write finished A [ttls] TLS_accept: SSLv3 flush data [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 97 to 192.168.70.22 port 21652 EAP-Message = 0x0107004515800000003b1403010001011603010030c3583d7653c71743721a01e1ce855489d7307206046d7da4c754168362027679b16fd21c3a5e3012289826cb3ec5b27e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x69a261166ca574fbab376a297e7dc1fa Finished request 5. Going to the next request rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=98, length=454 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x0207009f15800000009517030100901b0641cc4dd8cf820d4d8f862f22643fd2a7a1073e85497d35540626380ca09415650a2780711204909f665b28cca0a19354416693547b047cade705c6d83cf4e50e3441b6abb284a09b405f31db48c3f6ee43fed65e65e2e865079da3aec3a74a37d1fc02943c80663b11124fb0895e05c07b75b2d04ac70a28fe0863ebd4efd1898d813a8f0cdee906488235a0ccc3 State = 0x69a261166ca574fbab376a297e7dc1fa Message-Authenticator = 0xf33714776f1fd97f16730136f7ac668f # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 6: Preceding "if" was taken [eap] EAP packet type response id 7 length 159 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 149 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Got tunneled request User-Name = "passpoint/adrian" MS-CHAP-Challenge = 0xba956d6414cbada455e28df890856b4c MS-CHAP2-Response = 0xc0000a3cf94104027b86e5abeefb6cf2bd9d000000000000000032c8458f9484d3fab8b6160a01d0aedfafe6364504932a2a FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = "passpoint/adrian" MS-CHAP-Challenge = 0xba956d6414cbada455e28df890856b4c MS-CHAP2-Response = 0xc0000a3cf94104027b86e5abeefb6cf2bd9d000000000000000032c8458f9484d3fab8b6160a01d0aedfafe6364504932a2a FreeRADIUS-Proxied-To = 127.0.0.1 server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated [suffix] Request already proxied. Ignoring. ++[suffix] returns ok [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel [ttls] Got tunneled reply code 0 [ttls] Tunneled authentication will be proxied to passpoint [eap] Tunneled session will be proxied. Not doing EAP. ++[eap] returns handled WARNING: Cancelling proxy to Realm LOCAL, as the realm is local. There was no response configured: rejecting request 6 Using Post-Auth-Type Reject # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} ++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) ? Evaluating (Realm == "8021x:BTRCon" ) -> FALSE ? Evaluating (Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE ++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE [attr_filter.access_reject] expand: %{User-Name} -> passpoint/adrian attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 6 for 1 seconds Going to the next request Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.957823 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.871929 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.134881 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.069443 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.244343 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.764676 sec Sending delayed reject for request 6 Sending Access-Reject of id 98 to 192.168.70.22 port 21652 Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.794117 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.103433 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.098922 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.156253 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.965056 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.042876 sec Waking up in 0.6 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.955702 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.020365 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.007534 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.828720 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.750868 sec Waking up in 0.5 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.149131 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.191976 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.964907 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.901226 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.247231 sec Waking up in 0.6 seconds. Cleaning up request 0 ID 92 with timestamp +15 Cleaning up request 1 ID 93 with timestamp +15 Cleaning up request 2 ID 94 with timestamp +15 Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.750784 sec Cleaning up request 3 ID 95 with timestamp +16 Cleaning up request 4 ID 96 with timestamp +16 Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.052604 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.149995 sec Cleaning up request 5 ID 97 with timestamp +16 Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.804373 sec Waking up in 0.2 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=99, length=298 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020100150170617373706f696e742f61647269616e Message-Authenticator = 0x206af0d737136bdb9c5aa6656b1d11e4 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 7: Preceding "if" was taken [eap] EAP packet type response id 1 length 21 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop ++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...} +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) ? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE ??? Skipping (User-Name >= '0234081219003212' ) ??? Skipping (User-Name < '0234081219003215') ??? Skipping (User-Name >= '1234081219003212' ) ??? Skipping (User-Name < '1234081219003215') +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE ++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 99 to 192.168.70.22 port 21652 EAP-Message = 0x0102001604105c300e63c8ec3c399d7c7a04e7aa3ed8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8acd71128acf75d0313964ead8c014bc Finished request 7. Going to the next request rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=100, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020200060315 State = 0x8acd71128acf75d0313964ead8c014bc Message-Authenticator = 0xf6b8bdd0867e9ce4a330f36ed2e6966c # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 8: Preceding "if" was taken [eap] EAP packet type response id 2 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop ++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...} +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) ? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE ??? Skipping (User-Name >= '0234081219003212' ) ??? Skipping (User-Name < '0234081219003215') ??? Skipping (User-Name >= '1234081219003212' ) ??? Skipping (User-Name < '1234081219003215') +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE ++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/ttls [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 100 to 192.168.70.22 port 21652 EAP-Message = 0x010300061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8acd71128bce64d0313964ead8c014bc Finished request 8. Going to the next request Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.973939 sec Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=101, length=422 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x0203007f15800000007516030100700100006c0301593fb282bd583ebe6c01b0889edda2ca0fd75b0abf504762bff57eae4b55981800002000ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000a01000023000a00080006001700180019000b000201000005000501000000000012000000170000 State = 0x8acd71128bce64d0313964ead8c014bc Message-Authenticator = 0xea79054cf335166262e4264c39b055b0 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 9: Preceding "if" was taken [eap] EAP packet type response id 3 length 127 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 117 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< TLS 1.0 Handshake [length 0070], ClientHello [ttls] TLS_accept: SSLv3 read client hello A [ttls] >>> TLS 1.0 Handshake [length 0031], ServerHello [ttls] TLS_accept: SSLv3 write server hello A [ttls] >>> TLS 1.0 Handshake [length 085e], Certificate [ttls] TLS_accept: SSLv3 write certificate A [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [ttls] TLS_accept: SSLv3 write server done A [ttls] TLS_accept: SSLv3 flush data [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 101 to 192.168.70.22 port 21652 EAP-Message = 0x0104040015c0000008a216030100310200002d0301593fb2593c06266c34a51b62b1d48acae97bf00962e144b89cefc30255cc73fe000035000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175 EAP-Message = 0x74686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b371e076b9340e282c6e1cf5c7f590455edd0fd3a687ce88156a2b9a50c6bbb66b6faffddc57708681a1674f3ab015da579681f9d90bf7 EAP-Message = 0xd1330c7ac1c7b7874052c6c2bcca7ecbc91594cc9a604d2f2b797305601b8eeff38552d3f16ae0b91d1b2b030da5502a542a9048540d7b33010fbe20d41944be461f594c2cce0e3fb50317af8e5aae7a3a6736b563578ef69a53c2d76a1ba30e05ed164b8a6ad8176027bf441a896408f36e03c63e882efa495adcd55f4a5718afc237414efe3b25782b535c64ed95b829e372f142df1a6a36d50701d259362fedbbeabbd224332c69121a08406a746330fb2c1d142c154e70396141b72730e4a75f9e991407257f030203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003820101006dfa EAP-Message = 0x5e04b81b2ffdeffb1f3f69247b47e419fe62e7ac89540cd2085ce6788ad8bd21b5bd1e522cbe0600ebce7160f0ac20d8ce5a2260332dd3771926f66fb5ce67da8f234cf3d134077337bd0c702c6c30348515804c21b78698585c565d27d083558d117883502e091eaf14192e8b8968ba76a058da7e7216ea651fa7bfdfcef58f529f322e4ac8470d2b39d6ff44ff5c6537cd395ab2db31274806b6d3cae72cf6402b688ba0b1a88177ed1437f85f29272468cfea3d9cd8bad0987409665081059d869bea56f6f5532603a5e5bfd9a60d9c86a0fc509c5aa88bba6aca64d6c4c613ceca414c8cb1b8c90c93f2a808f2010ad6ff18001b103ebff52b3cfe EAP-Message = 0x360004ab308204a73082038f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8acd711288c964d0313964ead8c014bc Finished request 9. Going to the next request Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=102, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020400061500 State = 0x8acd711288c964d0313964ead8c014bc Message-Authenticator = 0x893622df889ca2eb0c194e208e7a14ad # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 10: Preceding "if" was taken [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 102 to 192.168.70.22 port 21652 EAP-Message = 0x0105040015c0000008a2a003020102020900fd65661b682c5e78300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a308193310b3009060355040613024652310f300d06035504081306526164 EAP-Message = 0x6975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100ee3c2ba8f85aeccc234f9f45096a92322fa364d02f7f15a9592ab47d52ad5986a9fbf9180db38c1af8eb224cd6fe6679e0d7e0648a55a300a47230a0484060db26f903ea9051bb7d3cc7f76a8724cf06872cc63f936368643acdf0a4d4a05c8ac709d55b EAP-Message = 0x3b05244b648c04e99a459b9d8acc97bdbfe10e012fd54d4a4ffe6e23eb8a91d2863405e2f6dfb6d105d1277ebe4b834fefec0fcb5c84de23f41da805493e3ac6b29ade601a3891f995b741df4319feba99c44ef6f1c15d58bcb14be3af7cc25e60e4580b835a9d35699294e1ef7326f8eae174cb5576ec182ad7ff75441e92bfc695366edb74035d315a0c0d4de88aaeae5a7b96a43449db6ecc28a50203010001a381fb3081f8301d0603551d0e04160414148539189e922627c55b7d1c5c83d4e2143cd8453081c80603551d230481c03081bd8014148539189e922627c55b7d1c5c83d4e2143cd845a18199a48196308193310b3009060355040613 EAP-Message = 0x024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900fd65661b682c5e78300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100dc740339a8b23806ed73149bc8dea84d031846f478fddb33fd69758358091fc3589fb6315d325b24eaf3bc83525c81c3043e0ef2f64be3e68df936d299c8e36e1eb0aa529d7252 EAP-Message = 0xadc89de309a2b64b03db41c5 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8acd711289c864d0313964ead8c014bc Finished request 10. Going to the next request Waking up in 0.2 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=103, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020500061500 State = 0x8acd711289c864d0313964ead8c014bc Message-Authenticator = 0x6846920d72f185205389d9cc018324d4 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 11: Preceding "if" was taken [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 103 to 192.168.70.22 port 21652 EAP-Message = 0x010600c01580000008a2b5f52cd563f8b30d8cf1a81f9b88a0635659f6da57ffac9851e7a2d5541878f14ffd640011ed52fe5884fa34d2a8f793bbcabc9d415b656a54bf93317216dfb5df372942a7ec23d4adf37114088858a21b35886a08df05448cce7bdfecf2201788c350466387cc8391cb547efa8feacfd34e3da7ffbfee827d66c5476756bd1540dd6af11cdf8a8d96384e7a4bb6aa9f8ea07cf211bfa7e45bc81529eaaf76108bad0a14bef793a29f4b15a64716030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8acd71128ecb64d0313964ead8c014bc Finished request 11. Going to the next request Waking up in 0.2 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=104, length=633 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x0206015015800000014616030101061000010201008e4dfe01161ae76fb73ca9884839b33e61a1f6d59c3881c01fa95d4c0f97b9fdca0c798d5421003fdc1e4bf27c8a4403d411a3ab5ef86dcc85cc0da58755b87ad6004b14e3abe1e51c60ed309b85ae5364df097153cc1898b63114ffb7033d70a1183a6c5e71202513b192761ab124217061659d08977dc216c81577264fe80b0d4998b8975bc84098dd0eedbb200d311c438beb405cf9a0742843de0009348fc9b43b5e28ad9aafa3ddee5a54da6d5acf3bc300c77d0555b0423dbf3dae52b018f7a10edd4bbbdfc798de68f72f65b8567005fd712e65e21940fa02b644d5c1c9309e2408008058 EAP-Message = 0x016b3d01fe35da4088bb101c1cb9180d513d497a9ce967611403010001011603010030a9e4f3711a6d319dcaed146aa81f6be008b906da6f3b09a4ab8c8999fd1c475b96e5d4fab2b1b1ac6f6ec93488076ce7 State = 0x8acd71128ecb64d0313964ead8c014bc Message-Authenticator = 0x5090eaa217243f73702f3f0d9b1ceb6a # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 12: Preceding "if" was taken [eap] EAP packet type response id 6 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 326 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [ttls] TLS_accept: SSLv3 read client key exchange A [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] [ttls] <<< TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 read finished A [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] [ttls] TLS_accept: SSLv3 write change cipher spec A [ttls] >>> TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 write finished A [ttls] TLS_accept: SSLv3 flush data [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 104 to 192.168.70.22 port 21652 EAP-Message = 0x0107004515800000003b14030100010116030100305ce3efeda48c2870b6488e33cb240e83af43d61daa7853b1cfadc94d068f16aefe45637723e6d1a057057e871abf3911 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8acd71128fca64d0313964ead8c014bc Finished request 12. Going to the next request Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=105, length=454 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x0207009f15800000009517030100903c067027f79e1d7700547201d5b1d9df8e011ff874f5475cc1cd6d861ef8719ff3556e9192baf4e5978592e39a8fae52b8b80b98a318fa9dc90a8b6963973d12bcf376602cc949f7f9e414b5889c85b82c8c91b4aab71d89b740c14a01859f3759b4d71434c3f1810e14db56fd71f19a564f4950c7e550635b9e86c858d405a52dfc1f8b3a90808d51b1f6689d4e565f State = 0x8acd71128fca64d0313964ead8c014bc Message-Authenticator = 0x132c2a4018ee0c4625b62371e33eb00e # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 13: Preceding "if" was taken [eap] EAP packet type response id 7 length 159 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 149 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Got tunneled request User-Name = "passpoint/adrian" MS-CHAP-Challenge = 0xe37bb3a315466bfb6af06a0999eb9fa1 MS-CHAP2-Response = 0xf5004a5b3e7fd8d8cc045ffc5ef564af4f07000000000000000094112ef25226f191fca68d32c48212eb88e757d99272ca9c FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = "passpoint/adrian" MS-CHAP-Challenge = 0xe37bb3a315466bfb6af06a0999eb9fa1 MS-CHAP2-Response = 0xf5004a5b3e7fd8d8cc045ffc5ef564af4f07000000000000000094112ef25226f191fca68d32c48212eb88e757d99272ca9c FreeRADIUS-Proxied-To = 127.0.0.1 server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated [suffix] Request already proxied. Ignoring. ++[suffix] returns ok [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel [ttls] Got tunneled reply code 0 [ttls] Tunneled authentication will be proxied to passpoint [eap] Tunneled session will be proxied. Not doing EAP. ++[eap] returns handled WARNING: Cancelling proxy to Realm LOCAL, as the realm is local. There was no response configured: rejecting request 13 Using Post-Auth-Type Reject # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} ++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) ? Evaluating (Realm == "8021x:BTRCon" ) -> FALSE ? Evaluating (Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE ++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE [attr_filter.access_reject] expand: %{User-Name} -> passpoint/adrian attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 13 for 1 seconds Going to the next request Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.813461 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.829886 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.033527 sec Cleaning up request 6 ID 98 with timestamp +16 Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.777113 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.940748 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.817344 sec Sending delayed reject for request 13 Sending Access-Reject of id 105 to 192.168.70.22 port 21652 Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.027554 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.793098 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.858643 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.974457 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.152280 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.105497 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.794828 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.810880 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.007277 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.095163 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.132496 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.028052 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.823217 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.880446 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.799977 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.069586 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.786498 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.957779 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.033822 sec Waking up in 0.1 seconds. Cleaning up request 7 ID 99 with timestamp +21 Cleaning up request 8 ID 100 with timestamp +21 Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.173967 sec Cleaning up request 9 ID 101 with timestamp +21 Cleaning up request 10 ID 102 with timestamp +21 Cleaning up request 11 ID 103 with timestamp +21 Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.971243 sec Cleaning up request 12 ID 104 with timestamp +21 Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.185601 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.797453 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.876348 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.230513 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.767555 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.096276 sec Cleaning up request 13 ID 105 with timestamp +21 Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.031048 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.863706 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.985683 sec Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=106, length=298 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020100150170617373706f696e742f61647269616e Message-Authenticator = 0x94789caf32bd0646c47dad46ac458da0 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 14: Preceding "if" was taken [eap] EAP packet type response id 1 length 21 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop ++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...} +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) ? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE ??? Skipping (User-Name >= '0234081219003212' ) ??? Skipping (User-Name < '0234081219003215') ??? Skipping (User-Name >= '1234081219003212' ) ??? Skipping (User-Name < '1234081219003215') +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE ++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 106 to 192.168.70.22 port 21652 EAP-Message = 0x0102001604102a24918f38f84fc915d96251dad983cd Message-Authenticator = 0x00000000000000000000000000000000 State = 0x55de78a955dc7ca410ead8eb71766904 Finished request 14. Going to the next request Waking up in 0.2 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=107, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020200060315 State = 0x55de78a955dc7ca410ead8eb71766904 Message-Authenticator = 0x1740934a4dc11a2b4bc38f4b251ac980 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 15: Preceding "if" was taken [eap] EAP packet type response id 2 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop ++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...} +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) ? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE ??? Skipping (User-Name >= '0234081219003212' ) ??? Skipping (User-Name < '0234081219003215') ??? Skipping (User-Name >= '1234081219003212' ) ??? Skipping (User-Name < '1234081219003215') +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE ++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/ttls [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 107 to 192.168.70.22 port 21652 EAP-Message = 0x010300061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x55de78a954dd6da410ead8eb71766904 Finished request 15. Going to the next request Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=108, length=422 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x0203007f15800000007516030100700100006c0301593fb289e7e9e013f7728e134357e7453c6f8f914faee52a8e970257d3f0f27f00002000ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000a01000023000a00080006001700180019000b000201000005000501000000000012000000170000 State = 0x55de78a954dd6da410ead8eb71766904 Message-Authenticator = 0x61679bd7c65dca909186eef34fbfee15 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 16: Preceding "if" was taken [eap] EAP packet type response id 3 length 127 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 117 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< TLS 1.0 Handshake [length 0070], ClientHello [ttls] TLS_accept: SSLv3 read client hello A [ttls] >>> TLS 1.0 Handshake [length 0031], ServerHello [ttls] TLS_accept: SSLv3 write server hello A [ttls] >>> TLS 1.0 Handshake [length 085e], Certificate [ttls] TLS_accept: SSLv3 write certificate A [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [ttls] TLS_accept: SSLv3 write server done A [ttls] TLS_accept: SSLv3 flush data [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 108 to 192.168.70.22 port 21652 EAP-Message = 0x0104040015c0000008a216030100310200002d0301593fb26026d0dc41fdc3b0a887c6e0253595a794d810f424f680900ae9e2d4ed000035000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175 EAP-Message = 0x74686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b371e076b9340e282c6e1cf5c7f590455edd0fd3a687ce88156a2b9a50c6bbb66b6faffddc57708681a1674f3ab015da579681f9d90bf7 EAP-Message = 0xd1330c7ac1c7b7874052c6c2bcca7ecbc91594cc9a604d2f2b797305601b8eeff38552d3f16ae0b91d1b2b030da5502a542a9048540d7b33010fbe20d41944be461f594c2cce0e3fb50317af8e5aae7a3a6736b563578ef69a53c2d76a1ba30e05ed164b8a6ad8176027bf441a896408f36e03c63e882efa495adcd55f4a5718afc237414efe3b25782b535c64ed95b829e372f142df1a6a36d50701d259362fedbbeabbd224332c69121a08406a746330fb2c1d142c154e70396141b72730e4a75f9e991407257f030203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003820101006dfa EAP-Message = 0x5e04b81b2ffdeffb1f3f69247b47e419fe62e7ac89540cd2085ce6788ad8bd21b5bd1e522cbe0600ebce7160f0ac20d8ce5a2260332dd3771926f66fb5ce67da8f234cf3d134077337bd0c702c6c30348515804c21b78698585c565d27d083558d117883502e091eaf14192e8b8968ba76a058da7e7216ea651fa7bfdfcef58f529f322e4ac8470d2b39d6ff44ff5c6537cd395ab2db31274806b6d3cae72cf6402b688ba0b1a88177ed1437f85f29272468cfea3d9cd8bad0987409665081059d869bea56f6f5532603a5e5bfd9a60d9c86a0fc509c5aa88bba6aca64d6c4c613ceca414c8cb1b8c90c93f2a808f2010ad6ff18001b103ebff52b3cfe EAP-Message = 0x360004ab308204a73082038f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x55de78a957da6da410ead8eb71766904 Finished request 16. Going to the next request Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=109, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020400061500 State = 0x55de78a957da6da410ead8eb71766904 Message-Authenticator = 0xce53084dd64cf4cf21a03e145405f088 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 17: Preceding "if" was taken [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 109 to 192.168.70.22 port 21652 EAP-Message = 0x0105040015c0000008a2a003020102020900fd65661b682c5e78300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a308193310b3009060355040613024652310f300d06035504081306526164 EAP-Message = 0x6975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100ee3c2ba8f85aeccc234f9f45096a92322fa364d02f7f15a9592ab47d52ad5986a9fbf9180db38c1af8eb224cd6fe6679e0d7e0648a55a300a47230a0484060db26f903ea9051bb7d3cc7f76a8724cf06872cc63f936368643acdf0a4d4a05c8ac709d55b EAP-Message = 0x3b05244b648c04e99a459b9d8acc97bdbfe10e012fd54d4a4ffe6e23eb8a91d2863405e2f6dfb6d105d1277ebe4b834fefec0fcb5c84de23f41da805493e3ac6b29ade601a3891f995b741df4319feba99c44ef6f1c15d58bcb14be3af7cc25e60e4580b835a9d35699294e1ef7326f8eae174cb5576ec182ad7ff75441e92bfc695366edb74035d315a0c0d4de88aaeae5a7b96a43449db6ecc28a50203010001a381fb3081f8301d0603551d0e04160414148539189e922627c55b7d1c5c83d4e2143cd8453081c80603551d230481c03081bd8014148539189e922627c55b7d1c5c83d4e2143cd845a18199a48196308193310b3009060355040613 EAP-Message = 0x024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900fd65661b682c5e78300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100dc740339a8b23806ed73149bc8dea84d031846f478fddb33fd69758358091fc3589fb6315d325b24eaf3bc83525c81c3043e0ef2f64be3e68df936d299c8e36e1eb0aa529d7252 EAP-Message = 0xadc89de309a2b64b03db41c5 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x55de78a956db6da410ead8eb71766904 Finished request 17. Going to the next request rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=110, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020500061500 State = 0x55de78a956db6da410ead8eb71766904 Message-Authenticator = 0x38f164964fda41ea99ab94411a9b4bca # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 18: Preceding "if" was taken [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 110 to 192.168.70.22 port 21652 EAP-Message = 0x010600c01580000008a2b5f52cd563f8b30d8cf1a81f9b88a0635659f6da57ffac9851e7a2d5541878f14ffd640011ed52fe5884fa34d2a8f793bbcabc9d415b656a54bf93317216dfb5df372942a7ec23d4adf37114088858a21b35886a08df05448cce7bdfecf2201788c350466387cc8391cb547efa8feacfd34e3da7ffbfee827d66c5476756bd1540dd6af11cdf8a8d96384e7a4bb6aa9f8ea07cf211bfa7e45bc81529eaaf76108bad0a14bef793a29f4b15a64716030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x55de78a951d86da410ead8eb71766904 Finished request 18. Going to the next request Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.944075 sec rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=111, length=633 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020601501580000001461603010106100001020100151070a791def4c9ce6aa9a210936cbcb19c16c64c200cb65b77b3136edc93ed6947fa08a2614c50d82fb9a01bc1d052e9774a62df04d1e2026eb56a9697230406687c9d9501bb575c82efb13b81028bc8162393fd0f19c5a0a8c9bfb45cf24d7432a52131e2a3baa5be4b783970b14c172151f79688680362429dc358f6256412c81a5c0724719585ef225e1745f0a42c0c3b9d41f74762a1b90844a115f8fd4dc4e59ff2a22f79b3db63d781d08a0d7d2d1f9e91dfc4bbf6fecc3c80b6b5ac2afa5a9313a2b324ca97f5ee378ea606ef98806c76d616fcb4c919e3c5b61b80d3ab90d97dd08725 EAP-Message = 0x080804f3bb3f21200042c1641a82740587c2a9be41de2e111403010001011603010030e93d2b879d132fb31e807571b5cc758b972225ef97f0af291e24c3adb8f435201d65e18a461386a17ec47568ea05925c State = 0x55de78a951d86da410ead8eb71766904 Message-Authenticator = 0x13372cc3426516ef77c5bf272f5d1b42 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 19: Preceding "if" was taken [eap] EAP packet type response id 6 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 326 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [ttls] TLS_accept: SSLv3 read client key exchange A [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] [ttls] <<< TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 read finished A [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] [ttls] TLS_accept: SSLv3 write change cipher spec A [ttls] >>> TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 write finished A [ttls] TLS_accept: SSLv3 flush data [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 111 to 192.168.70.22 port 21652 EAP-Message = 0x0107004515800000003b14030100010116030100309c222ec982006809790a9c2919d10a2f1b2565b8bc96b5ff2e5553bdb41340a1e1682a5234747b218e42c4c4e579d35b Message-Authenticator = 0x00000000000000000000000000000000 State = 0x55de78a950d96da410ead8eb71766904 Finished request 19. Going to the next request Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.129376 sec Waking up in 0.2 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=112, length=454 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x0207009f1580000000951703010090bed3fef3622c94a55d4d20677b2056fe14578cb1ec6518795511c4f6092783cd3b97788fa8baf3fc68a8617d5c63e2ea04a7ad1eaf25e550c42a0d37fad6c07288aa8ebb8225b5a103d75729a0f8952087825d8497d6ddb40c435e225b5c2a960c50f281a0768a0c6baa9ec1e79281fe585ea06e3d0f3065ea499c3c33f60fac52636f9863e60fc3986e22545062c96c State = 0x55de78a950d96da410ead8eb71766904 Message-Authenticator = 0xe5645ddc511b3c835037bcc2a8adfed5 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 20: Preceding "if" was taken [eap] EAP packet type response id 7 length 159 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 149 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Got tunneled request User-Name = "passpoint/adrian" MS-CHAP-Challenge = 0xf1e8cc0e49325414b2f191350344d954 MS-CHAP2-Response = 0x0d00e349a94d15eb6b413a1795bd88effc1500000000000000000ba1f6b617ee509e5204bf9b3d832784867e0b1097474d2b FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = "passpoint/adrian" MS-CHAP-Challenge = 0xf1e8cc0e49325414b2f191350344d954 MS-CHAP2-Response = 0x0d00e349a94d15eb6b413a1795bd88effc1500000000000000000ba1f6b617ee509e5204bf9b3d832784867e0b1097474d2b FreeRADIUS-Proxied-To = 127.0.0.1 server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated [suffix] Request already proxied. Ignoring. ++[suffix] returns ok [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel [ttls] Got tunneled reply code 0 [ttls] Tunneled authentication will be proxied to passpoint [eap] Tunneled session will be proxied. Not doing EAP. ++[eap] returns handled WARNING: Cancelling proxy to Realm LOCAL, as the realm is local. There was no response configured: rejecting request 20 Using Post-Auth-Type Reject # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} ++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) ? Evaluating (Realm == "8021x:BTRCon" ) -> FALSE ? Evaluating (Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE ++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE [attr_filter.access_reject] expand: %{User-Name} -> passpoint/adrian attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 20 for 1 seconds Going to the next request Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.751837 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.243590 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.876885 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.762210 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.239831 sec Sending delayed reject for request 20 Sending Access-Reject of id 112 to 192.168.70.22 port 21652 Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.931724 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.821277 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.215098 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.798647 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.972355 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.819912 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.142257 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.882873 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.174178 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.923319 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.796417 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.101806 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.195755 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.836153 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.201596 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.172237 sec Waking up in 0.5 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.949951 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.780669 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.221639 sec Cleaning up request 14 ID 106 with timestamp +28 Cleaning up request 15 ID 107 with timestamp +28 Cleaning up request 16 ID 108 with timestamp +28 Cleaning up request 17 ID 109 with timestamp +28 Cleaning up request 18 ID 110 with timestamp +28 Cleaning up request 19 ID 111 with timestamp +28 Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.157646 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.933433 sec Waking up in 0.2 seconds. -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+adrian.p.smith=bt.com@lists.freeradius.org] On Behalf Of Matthew Newton Sent: 13 June 2017 10:24 To: FreeRadius users mailing list Subject: RE: Terminate EAP-TTLS then proxy On 13 June 2017 10:20:56 BST, adrian.p.smith@bt.com wrote:
Ah sorry, here's the rest of it:
[ttls] Got tunneled reply code 0 [ttls] Tunneled authentication will be proxied to passpoint [eap] Tunneled session will be proxied. Not doing EAP. ++[eap] returns handled WARNING: Cancelling proxy to Realm LOCAL, as the realm is local.
Look in proxy.conf. The 'passpoint' realm likely isn't configured correctly. -- Matthew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
If I send a (non-EAP) request directly to the inner tunnel, it does get proxied ok. -----Original Message----- From: Smith,AP,Adrian,TNK6 R Sent: 13 June 2017 10:43 To: 'FreeRadius users mailing list' Subject: RE: Terminate EAP-TTLS then proxy Here is the full debug output which hopefully shows all the proxy configuration: FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on Oct 2 2012 at 18:42:42 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including files in directory /etc/raddb/proxies/ including configuration file /etc/raddb/proxies/mis.conf including configuration file /etc/raddb/proxies/vodafone.lab.conf including configuration file /etc/raddb/proxies/sps_fr.lab.conf including configuration file /etc/raddb/proxies/bt_mobile_consumer.lab.conf including configuration file /etc/raddb/proxies/mna.lab.conf including configuration file /etc/raddb/proxies/tbb_802_1x.lab.conf including configuration file /etc/raddb/proxies/ip_tracker.lab.conf including configuration file /etc/raddb/proxies/proxy.conf including configuration file /etc/raddb/proxies/wifi_roam_realms.conf including configuration file /etc/raddb/proxies/consulate.lab.conf including configuration file /etc/raddb/proxies/paulw_test_lab.conf including configuration file /etc/raddb/proxies/wifi_roam.lab.conf including configuration file /etc/raddb/proxies/nonso_test_lab.conf including configuration file /etc/raddb/proxies/mis.lab.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/ntlm_auth including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/detail-store.btngh.openzone.com including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/sql_log_store including configuration file /etc/raddb/modules/detail.iptracker including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/opendirectory including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/soh including configuration file /etc/raddb/modules/rediswho including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/replicate including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/detail.btngh.openzone.com including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/redis including configuration file /etc/raddb/modules/detail.vodafone including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/detail.wifi-roam including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/detail.consulate including configuration file /etc/raddb/modules/dynamic_clients including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/detail.relay-wlc-mis including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/acct_wifi-roam including configuration file /etc/raddb/sites-enabled/consulate-server including configuration file /etc/raddb/sites-enabled/wifi_roam-server including configuration file /etc/raddb/sites-enabled/nonso_wifi_roam-server including configuration file /etc/raddb/sites-enabled/acct_iptracker including configuration file /etc/raddb/sites-enabled/bt-mobile-consumer-server including configuration file /etc/raddb/sites-enabled/acct_consulate including configuration file /etc/raddb/sites-enabled/default including configuration file /etc/raddb/sites-enabled/acct_aggregator_wlc including configuration file /etc/raddb/sites-enabled/vodafone including configuration file /etc/raddb/sites-enabled/inner-tunnel including configuration file /etc/raddb/sites-enabled/control-socket including configuration file /etc/raddb/sites-enabled/testing_802.1x including configuration file /etc/raddb/sites-enabled/acct_aggregator including configuration file /etc/raddb/sites-enabled/802.1x-server main { user = "radiusd" group = "radiusd" allow_core_dumps = no } including dictionary file /etc/raddb/dictionary main { name = "radiusd" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/radius" run_dir = "/var/run/radiusd" libdir = "/usr/lib64/freeradius" radacctdir = "/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server mis-acct-relay-server-1 { ipaddr = 192.168.160.16 port = 1813 type = "acct" secret = "testing123" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server mis-acct-relay-server-2 { ipaddr = 192.168.160.17 port = 1813 type = "acct" secret = "testing123" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server par { ipaddr = 192.168.24.22 port = 1645 type = "auth+acct" secret = "BTpwlan-rds" response_window = 20 max_outstanding = 65536 require_message_authenticator = no zombie_period = 40 status_check = "request" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 username = "test_user_please_reject_me" password = "this is meaningless" } home_server SPS_FR { ipaddr = 192.168.19.20 port = 1812 type = "auth" secret = "RVfbRy4T" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server bt-mobile-consumer-acct-spool-server { virtual_server = "bt-mobile-consumer-server-acct" port = 0 type = "acct" response_window = 30 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server mna-auth-server-harmondsworth-a { ipaddr = 193.113.44.19 port = 1645 type = "auth" secret = "nean1ngTwoLiph3" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "request" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 username = "server@test.alive.com" password = "this is meaningless" } home_server mna-auth-server-harmondsworth-b { ipaddr = 193.113.44.20 port = 1645 type = "auth" secret = "nean1ngTwoLiph3" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "request" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 username = "server@test.alive.com" password = "this is meaningless" } home_server mna-auth-server-reigate-a { ipaddr = 193.113.44.21 port = 1645 type = "auth" secret = "nean1ngTwoLiph3" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "request" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 username = "server@test.alive.com" password = "this is meaningless" } home_server mna-auth-server-reigate-b { ipaddr = 193.113.44.22 port = 1645 type = "auth" secret = "nean1ngTwoLiph3" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "request" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 username = "server@test.alive.com" password = "this is meaningless" } home_server tbb_802.1x-acct-spool-server { virtual_server = "tbb_802.1x-server-acct" port = 0 type = "acct" response_window = 30 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server IPTracker { ipaddr = 193.113.44.16 port = 1813 type = "acct" secret = "mysecret" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server consulate-server-1 { ipaddr = 193.113.24.74 port = 1645 type = "auth+acct" secret = "BCt0ONn53uPLh40tn332013" response_window = 30 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server consulate-acct { virtual_server = "consulate-server-acct" port = 0 response_window = 30 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server testing-802.1x-auth-server { ipaddr = 192.168.49.99 port = 1812 type = "auth+acct" secret = "testing123" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server wifi-roam-server-1 { ipaddr = 147.152.56.119 port = 1812 type = "auth+acct" secret = "radius123" response_window = 30 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server wifi-roam-acct { virtual_server = "wifi-roam-server-acct" port = 0 response_window = 30 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } home_server_pool mis-acct-relay-pool { type = fail-over home_server = mis-acct-relay-server-1 home_server = mis-acct-relay-server-2 } realm acct_mis_aggregator { acct_pool = mis-acct-relay-pool } home_server_pool vf_auth_failover { type = fail-over virtual_server = vf-server-auth home_server = par } realm wlan.mnc015.mcc234.3gppnetwork.org { auth_pool = vf_auth_failover nostrip } home_server_pool SPS_FR_pool { home_server = SPS_FR } realm passpoint { auth_pool = SPS_FR_pool nostrip } home_server_pool bt-mobile-consumer-auth-pool { type = fail-over virtual_server = bt-mobile-consumer-server-auth home_server = mna-auth-server-harmondsworth-a home_server = mna-auth-server-harmondsworth-b home_server = mna-auth-server-reigate-a home_server = mna-auth-server-reigate-b } home_server_pool bt-mobile-consumer-acct-pool { home_server = bt-mobile-consumer-acct-spool-server } realm wlan.mnc030.mcc234.3gppnetwork.org { auth_pool = bt-mobile-consumer-auth-pool acct_pool = bt-mobile-consumer-acct-pool nostrip } home_server_pool tbb_802.1x-auth-pool { type = fail-over virtual_server = tbb_802.1x-server-auth home_server = mna-auth-server-harmondsworth-a home_server = mna-auth-server-harmondsworth-b home_server = mna-auth-server-reigate-a home_server = mna-auth-server-reigate-b } home_server_pool tbb_802.1x-acct-pool { home_server = tbb_802.1x-acct-spool-server } realm 8021x:BTRCon { auth_pool = tbb_802.1x-auth-pool acct_pool = tbb_802.1x-acct-pool nostrip } home_server_pool IPTracker_pool { home_server = IPTracker } realm iptracker { acct_pool = IPTracker_pool } realm LOCAL { } home_server_pool wifi-roam-auth-pool { type = fail-over virtual_server = wifi-roam-server-auth home_server = wifi-roam-server-1 } home_server_pool wifi-roam-acct-pool { home_server = wifi-roam-acct } realm adastral.bt.com { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } home_server_pool wifi-roam-mobile-data-offload-auth-pool { type = fail-over virtual_server = wifi-roam-server-mobile-data-offload-auth home_server = wifi-roam-server-1 } realm adastral-offload.bt.com { auth_pool = wifi-roam-mobile-data-offload-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc008.mcc450.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm ktwifi.com { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc410.mcc310.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm bandwidthx { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm bwxeap { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc023.mcc724.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc010.mcc724.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc011.mcc724.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc006.mcc724.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc004.mcc410.3gppnetwork.org { auth_pool = wifi-roam-mobile-data-offload-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc050.mcc621.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wlan.mnc010.mcc440.3gppnetwork.org { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } realm wifiroam.bt.com { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } home_server_pool consulate-auth-pool { virtual_server = consulate-server-auth home_server = consulate-server-1 } home_server_pool consulate-acct-pool { home_server = consulate-acct } realm wlan.mnc008.mcc234.3gppnetwork.org { auth_pool = consulate-auth-pool acct_pool = consulate-acct-pool nostrip } home_server_pool consulate-acct-relay-pool { home_server = consulate-server-1 } realm acct_consulate { acct_pool = consulate-acct-relay-pool nostrip } home_server_pool testing-802.1x-auth-pool { virtual_server = testing_802.1x-server home_server = testing-802.1x-auth-server } realm 1xTesting { auth_pool = testing-802.1x-auth-pool acct_pool = tbb_802.1x-acct-pool nostrip } home_server_pool wifi-roam-acct-relay-pool { type = fail-over home_server = wifi-roam-server-1 } realm acct_wifi-roam { acct_pool = wifi-roam-acct-relay-pool nostrip } realm wifi-roam { auth_pool = wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } home_server_pool nonso-wifi-roam-auth-pool { type = fail-over virtual_server = nonso-wifi-roam-server-auth home_server = mna-auth-server-harmondsworth-a } realm nonso { auth_pool = nonso-wifi-roam-auth-pool acct_pool = wifi-roam-acct-pool nostrip } home_server_pool testing-802.1x-acct-pool { home_server = testing-802.1x-auth-server } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" shortname = "localhost" nastype = "other" } client 192.168.70.0/24 { require_message_authenticator = no secret = "cisco" shortname = "isg-ssg-net-1" nastype = "cisco" } client 192.168.170.0/24 { require_message_authenticator = no secret = "cisco" shortname = "isg-ssg-net-2" nastype = "cisco" } client 192.168.14.0/24 { require_message_authenticator = no secret = "cisco" shortname = "isg-ssg-net-3" nastype = "cisco" } client 192.168.100.31 { require_message_authenticator = no secret = "m0n1t0r" shortname = "monitor-1" } client 192.168.160.31 { require_message_authenticator = no secret = "m0n1t0r" shortname = "monitor-2" } client 192.168.79.2 { require_message_authenticator = no secret = "Vop&in2SwAsf" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.79.3 { require_message_authenticator = no secret = "Vop&in2SwAsf" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.179.2 { require_message_authenticator = no secret = "Vop&in2SwAsf" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.179.3 { require_message_authenticator = no secret = "Vop&in2SwAsf" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.18.2 { require_message_authenticator = no secret = "Vop&in2SwAsf" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.18.3 { require_message_authenticator = no secret = "Vop&in2SwAsf" shortname = "ACE-Probe" nastype = "cisco" } client 192.168.49.96 { require_message_authenticator = no secret = "8021x" } client 10.0.0.0/8 { require_message_authenticator = no secret = "1t5b1gg3rthan1tl00k5" nastype = "cisco" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /etc/raddb/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/raddb/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/raddb/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /etc/raddb/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file /etc/raddb/radiusd.conf modules { Module: Creating Post-Auth-Type = REJECT Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/raddb/eap.conf eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/etc/raddb/certs" pem_file_type = yes private_key_file = "/etc/raddb/certs/server.pem" certificate_file = "/etc/raddb/certs/server.pem" CA_file = "/etc/raddb/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/raddb/certs/dh" random_file = "/etc/raddb/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" cache { enable = no lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/raddb/modules/preprocess preprocess { huntgroups = "/etc/raddb/huntgroups" hints = "/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/raddb/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes } Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /etc/raddb/modules/digest Module: Linked to module rlm_realm Module: Instantiating module "IPASS" from file /etc/raddb/modules/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } Module: Instantiating module "suffix" from file /etc/raddb/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/raddb/modules/files files { usersfile = "/etc/raddb/users" acctusersfile = "/etc/raddb/acct_users" preproxy_usersfile = "/etc/raddb/preproxy_users" compat = "no" } Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/raddb/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Loading virtual module update_proxy_realm_for_wifi_roam_ee_traffic Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/raddb/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Framed-IP-Address, NAS-Port-Id" } Module: Checking accounting {...} for more modules to load Module: Loading virtual module update_proxy_realm_for_wifi_roam_ee_traffic Module: Linked to module rlm_detail Module: Instantiating module "detail.relay-wlc-mis" from file /etc/raddb/modules/detail.relay-wlc-mis detail detail.relay-wlc-mis { detailfile = "/var/log/radius/radacct/relay-wlc-mis-acct/detail-%Y%m%d:%H" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_always Module: Instantiating module "ok" from file /etc/raddb/modules/always always ok { rcode = "ok" simulcount = 0 mpp = no } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/raddb/attrs.accounting_response" key = "%{User-Name}" relaxed = no } Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp radutmp { filename = "/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_sql_log Module: Instantiating module "sql_log" from file /etc/raddb/modules/sql_log sql_log { path = "/var/log/radius/radacct/relay-acct/reject-%Y%m%d:%H" Post-Auth = "%t Acct-Status-Type = Interim-Update User-Name = "%{User-Name}" Acct-Session-Id = "REJECT" BTOpenzone-Reject-Message = "8021xReject:%{reply:Reply-Message}" NAS-IP-Address = %{NAS-IP-Address} Framed-IP-Address = %{Framed-IP-Address} Called-Station-Id = %{Called-Station-Id} Calling-Station-Id = %{Calling-Station-Id} Acct-Delay-Time = 0 Timestamp = %l " sql_user_name = "%{%{User-Name}:-DEFAULT}" utf8 = yes safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } Module: Instantiating module "sql_log_store" from file /etc/raddb/modules/sql_log_store sql_log sql_log_store { path = "/var/log/radius/radacct/store-acct/reject-%Y%m%d:%H" Post-Auth = "%t Acct-Status-Type = Interim-Update User-Name = "%{User-Name}" Acct-Session-Id = "REJECT" BTOpenzone-Reject-Message = "8021xReject:%{reply:Reply-Message}" NAS-IP-Address = %{NAS-IP-Address} Framed-IP-Address = %{Framed-IP-Address} Called-Station-Id = %{Called-Station-Id} Calling-Station-Id = %{Calling-Station-Id} Acct-Delay-Time = 0 Timestamp = %l " sql_user_name = "%{%{User-Name}:-DEFAULT}" utf8 = yes safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } Module: Instantiating module "attr_filter.access_reject" from file /etc/raddb/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/raddb/attrs.access_reject" key = "%{User-Name}" relaxed = no } } # modules } # server server acct_wifi-roam { # from file /etc/raddb/sites-enabled/acct_wifi-roam modules { Module: Checking accounting {...} for more modules to load } # modules } # server server consulate-server-auth { # from file /etc/raddb/sites-enabled/consulate-server modules { Module: Checking post-proxy {...} for more modules to load } # modules } # server server consulate-server-acct { # from file /etc/raddb/sites-enabled/consulate-server modules { Module: Checking accounting {...} for more modules to load Module: Loading virtual module set_customer_info_vsa Module: Loading virtual module log_packet Module: Instantiating module "detail-store.btngh.openzone.com" from file /etc/raddb/modules/detail-store.btngh.openzone.com detail detail-store.btngh.openzone.com { detailfile = "/var/log/radius/radacct/store-acct/detail-%Y%m%d:%H" header = "%t" detailperm = 416 dirperm = 493 locking = no log_packet_header = no } Module: Loading virtual module proxy_to_mis Module: Instantiating module "detail.btngh.openzone.com" from file /etc/raddb/modules/detail.btngh.openzone.com detail detail.btngh.openzone.com { detailfile = "/var/log/radius/radacct/relay-acct/detail-%Y%m%d:%H" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Loading virtual module remove_btopenzone_vsas Module: Instantiating module "detail.consulate" from file /etc/raddb/modules/detail.consulate detail detail.consulate { detailfile = "/var/log/radius/radacct/consulate/detail-%Y%m%d:%H" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } } # modules } # server server wifi-roam-server-auth { # from file /etc/raddb/sites-enabled/wifi_roam-server modules { Module: Checking pre-proxy {...} for more modules to load Module: Checking post-proxy {...} for more modules to load } # modules } # server server wifi-roam-server-mobile-data-offload-auth { # from file /etc/raddb/sites-enabled/wifi_roam-server modules { Module: Checking pre-proxy {...} for more modules to load Module: Checking post-proxy {...} for more modules to load } # modules } # server server wifi-roam-server-acct { # from file /etc/raddb/sites-enabled/wifi_roam-server modules { Module: Checking accounting {...} for more modules to load Module: Loading virtual module set_customer_info_vsa Module: Loading virtual module log_packet Module: Loading virtual module proxy_to_mis Module: Loading virtual module remove_btopenzone_vsas Module: Instantiating module "detail.wifi-roam" from file /etc/raddb/modules/detail.wifi-roam detail detail.wifi-roam { detailfile = "/var/log/radius/radacct/wifi-roam/detail-%Y%m%d:%H" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } } # modules } # server server nonso-wifi-roam-server-auth { # from file /etc/raddb/sites-enabled/nonso_wifi_roam-server modules { Module: Checking pre-proxy {...} for more modules to load Module: Checking post-proxy {...} for more modules to load } # modules } # server server acct_iptracker { # from file /etc/raddb/sites-enabled/acct_iptracker modules { Module: Checking accounting {...} for more modules to load } # modules } # server server bt-mobile-consumer-server-auth { # from file /etc/raddb/sites-enabled/bt-mobile-consumer-server modules { Module: Checking pre-proxy {...} for more modules to load Module: Instantiating module "reject" from file /etc/raddb/modules/always always reject { rcode = "reject" simulcount = 0 mpp = no } Module: Checking post-proxy {...} for more modules to load } # modules } # server server bt-mobile-consumer-server-acct { # from file /etc/raddb/sites-enabled/bt-mobile-consumer-server modules { Module: Checking accounting {...} for more modules to load Module: Loading virtual module set_customer_info_vsa Module: Loading virtual module log_packet Module: Loading virtual module proxy_to_mis Module: Loading virtual module set_class_with_parental_control_csfid Module: Loading virtual module proxy_to_iptracker Module: Instantiating module "detail.iptracker" from file /etc/raddb/modules/detail.iptracker detail detail.iptracker { detailfile = "/var/log/radius/radacct/iptracker/detail-%Y%m%d:%H" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } } # modules } # server server acct_consulate { # from file /etc/raddb/sites-enabled/acct_consulate modules { Module: Checking accounting {...} for more modules to load } # modules } # server server acct_aggregator_wlc { # from file /etc/raddb/sites-enabled/acct_aggregator_wlc modules { Module: Checking accounting {...} for more modules to load } # modules } # server server vf-server-auth { # from file /etc/raddb/sites-enabled/vodafone modules { Module: Checking pre-proxy {...} for more modules to load } # modules } # server server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /etc/raddb/modules/unix unix { radwtmp = "/var/log/radius/radwtmp" } Module: Checking authorize {...} for more modules to load Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server server testing_802.1x-server { # from file /etc/raddb/sites-enabled/testing_802.1x modules { Module: Checking post-proxy {...} for more modules to load } # modules } # server server acct_aggregator { # from file /etc/raddb/sites-enabled/acct_aggregator modules { Module: Checking accounting {...} for more modules to load } # modules } # server server tbb_802.1x-server-auth { # from file /etc/raddb/sites-enabled/802.1x-server modules { Module: Checking post-proxy {...} for more modules to load } # modules } # server server tbb_802.1x-server-acct { # from file /etc/raddb/sites-enabled/802.1x-server modules { Module: Checking accounting {...} for more modules to load Module: Loading virtual module set_customer_info_vsa Module: Loading virtual module proxy_to_mis Module: Loading virtual module log_packet Module: Loading virtual module set_class_with_parental_control_csfid Module: Loading virtual module proxy_to_iptracker Module: Loading virtual module set_customer_info_vsa Module: Loading virtual module proxy_to_mis Module: Loading virtual module log_packet Module: Loading virtual module set_class_with_parental_control_csfid Module: Loading virtual module proxy_to_iptracker } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "control" listen { socket = "/var/run/radiusd/radiusd.sock" mode = "rw" } } listen { type = "detail" listen { filename = "/var/log/radius/radacct/wifi-roam/*" load_factor = 10 poll_interval = 1 retry_interval = 30 } } listen { type = "detail" listen { filename = "/var/log/radius/radacct/iptracker/*" load_factor = 10 poll_interval = 1 retry_interval = 30 } } listen { type = "detail" listen { filename = "/var/log/radius/radacct/consulate/*" load_factor = 10 poll_interval = 1 retry_interval = 30 } } listen { type = "detail" listen { filename = "/var/log/radius/radacct/relay-wlc-mis-acct/*" load_factor = 10 poll_interval = 1 retry_interval = 30 } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } listen { type = "detail" listen { filename = "/var/log/radius/radacct/relay-acct/*" load_factor = 10 poll_interval = 1 retry_interval = 30 } } ... adding new socket proxy address * port 51816 ... adding new socket proxy address * port 35812 ... adding new socket proxy address * port 49773 ... adding new socket proxy address * port 35902 ... adding new socket proxy address * port 53673 ... adding new socket proxy address * port 56106 ... adding new socket proxy address * port 44312 ... adding new socket proxy address * port 36881 ... adding new socket proxy address * port 57465 ... adding new socket proxy address * port 57482 ... adding new socket proxy address * port 52562 ... adding new socket proxy address * port 54724 ... adding new socket proxy address * port 52919 ... adding new socket proxy address * port 33010 ... adding new socket proxy address * port 36902 ... adding new socket proxy address * port 34021 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radiusd.sock Listening on detail file /var/log/radius/radacct/wifi-roam/* as server acct_wifi-roam Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.000000 sec Listening on detail file /var/log/radius/radacct/iptracker/* as server acct_iptracker Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.000000 sec Listening on detail file /var/log/radius/radacct/consulate/* as server acct_consulate Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.000000 sec Listening on detail file /var/log/radius/radacct/relay-wlc-mis-acct/* as server acct_aggregator_wlc Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.000000 sec Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on detail file /var/log/radius/radacct/relay-acct/* as server acct_aggregator Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.000000 sec Listening on proxy address * port 1814 Waking up in 0.9 seconds. Ignoring request to accounting address * port 1813 from unknown client 192.168.210.119 port 15584 Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.762087 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.184472 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.968853 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.196113 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.159930 sec Waking up in 0.7 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.910616 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.090084 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.047471 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.791355 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.934825 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.133416 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.880455 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.024520 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.998717 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.876140 sec Waking up in 0.5 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.095130 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.761203 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.897342 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.203089 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.987794 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.171263 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.859814 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.103368 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.165571 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.959404 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.179172 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.169633 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.055037 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.804247 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.884002 sec Waking up in 0.6 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.101099 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.827031 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.049407 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.844278 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.936085 sec Waking up in 0.6 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.962783 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.763935 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.849558 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.816061 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.158354 sec Waking up in 0.6 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.795744 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.016506 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.026287 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.866814 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.841071 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.119251 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.887604 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.814666 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.924802 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.178640 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.806821 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.213465 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.169523 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.870682 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.864038 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.781469 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.765307 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.938362 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.203898 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.778849 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.939067 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.095710 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.837704 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.888245 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.050866 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.247675 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.968173 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.930630 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.120660 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.870914 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.163044 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.803467 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.007536 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.762546 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.183909 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.118080 sec Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=92, length=298 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020100150170617373706f696e742f61647269616e Message-Authenticator = 0xdce173614585eee51e3f391f5272dbca # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 0: Preceding "if" was taken [eap] EAP packet type response id 1 length 21 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop ++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...} +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) ? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE ??? Skipping (User-Name >= '0234081219003212' ) ??? Skipping (User-Name < '0234081219003215') ??? Skipping (User-Name >= '1234081219003212' ) ??? Skipping (User-Name < '1234081219003215') +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE ++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 92 to 192.168.70.22 port 21652 EAP-Message = 0x01020016041084b12e630735452cd5eb22349496369d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x69a2611669a065fbab376a297e7dc1fa Finished request 0. Going to the next request Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=93, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020200060315 State = 0x69a2611669a065fbab376a297e7dc1fa Message-Authenticator = 0x74934585fb3c792bcfa76eb4d1fa8fac # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 1: Preceding "if" was taken [eap] EAP packet type response id 2 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop ++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...} +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) ? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE ??? Skipping (User-Name >= '0234081219003212' ) ??? Skipping (User-Name < '0234081219003215') ??? Skipping (User-Name >= '1234081219003212' ) ??? Skipping (User-Name < '1234081219003215') +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE ++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/ttls [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 93 to 192.168.70.22 port 21652 EAP-Message = 0x010300061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x69a2611668a174fbab376a297e7dc1fa Finished request 1. Going to the next request rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=94, length=422 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x0203007f15800000007516030100700100006c0301593fb27d0543bff4106d055f6c72e468ba33ead96239fee54ab3c41fcc41727500002000ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000a01000023000a00080006001700180019000b000201000005000501000000000012000000170000 State = 0x69a2611668a174fbab376a297e7dc1fa Message-Authenticator = 0xfd37c07fad4424f3cb1f6600d6d971fd # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 2: Preceding "if" was taken [eap] EAP packet type response id 3 length 127 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 117 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< TLS 1.0 Handshake [length 0070], ClientHello [ttls] TLS_accept: SSLv3 read client hello A [ttls] >>> TLS 1.0 Handshake [length 0031], ServerHello [ttls] TLS_accept: SSLv3 write server hello A [ttls] >>> TLS 1.0 Handshake [length 085e], Certificate [ttls] TLS_accept: SSLv3 write certificate A [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [ttls] TLS_accept: SSLv3 write server done A [ttls] TLS_accept: SSLv3 flush data [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 94 to 192.168.70.22 port 21652 EAP-Message = 0x0104040015c0000008a216030100310200002d0301593fb253915b26746a88ec852836e50cbb23e4eace6110dd23f3f36e2185c9a3000035000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175 EAP-Message = 0x74686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b371e076b9340e282c6e1cf5c7f590455edd0fd3a687ce88156a2b9a50c6bbb66b6faffddc57708681a1674f3ab015da579681f9d90bf7 EAP-Message = 0xd1330c7ac1c7b7874052c6c2bcca7ecbc91594cc9a604d2f2b797305601b8eeff38552d3f16ae0b91d1b2b030da5502a542a9048540d7b33010fbe20d41944be461f594c2cce0e3fb50317af8e5aae7a3a6736b563578ef69a53c2d76a1ba30e05ed164b8a6ad8176027bf441a896408f36e03c63e882efa495adcd55f4a5718afc237414efe3b25782b535c64ed95b829e372f142df1a6a36d50701d259362fedbbeabbd224332c69121a08406a746330fb2c1d142c154e70396141b72730e4a75f9e991407257f030203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003820101006dfa EAP-Message = 0x5e04b81b2ffdeffb1f3f69247b47e419fe62e7ac89540cd2085ce6788ad8bd21b5bd1e522cbe0600ebce7160f0ac20d8ce5a2260332dd3771926f66fb5ce67da8f234cf3d134077337bd0c702c6c30348515804c21b78698585c565d27d083558d117883502e091eaf14192e8b8968ba76a058da7e7216ea651fa7bfdfcef58f529f322e4ac8470d2b39d6ff44ff5c6537cd395ab2db31274806b6d3cae72cf6402b688ba0b1a88177ed1437f85f29272468cfea3d9cd8bad0987409665081059d869bea56f6f5532603a5e5bfd9a60d9c86a0fc509c5aa88bba6aca64d6c4c613ceca414c8cb1b8c90c93f2a808f2010ad6ff18001b103ebff52b3cfe EAP-Message = 0x360004ab308204a73082038f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x69a261166ba674fbab376a297e7dc1fa Finished request 2. Going to the next request Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.838692 sec rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=95, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020400061500 State = 0x69a261166ba674fbab376a297e7dc1fa Message-Authenticator = 0x7aa62ceaa5cd777c0d17ca355e54fef6 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 3: Preceding "if" was taken [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 95 to 192.168.70.22 port 21652 EAP-Message = 0x0105040015c0000008a2a003020102020900fd65661b682c5e78300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a308193310b3009060355040613024652310f300d06035504081306526164 EAP-Message = 0x6975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100ee3c2ba8f85aeccc234f9f45096a92322fa364d02f7f15a9592ab47d52ad5986a9fbf9180db38c1af8eb224cd6fe6679e0d7e0648a55a300a47230a0484060db26f903ea9051bb7d3cc7f76a8724cf06872cc63f936368643acdf0a4d4a05c8ac709d55b EAP-Message = 0x3b05244b648c04e99a459b9d8acc97bdbfe10e012fd54d4a4ffe6e23eb8a91d2863405e2f6dfb6d105d1277ebe4b834fefec0fcb5c84de23f41da805493e3ac6b29ade601a3891f995b741df4319feba99c44ef6f1c15d58bcb14be3af7cc25e60e4580b835a9d35699294e1ef7326f8eae174cb5576ec182ad7ff75441e92bfc695366edb74035d315a0c0d4de88aaeae5a7b96a43449db6ecc28a50203010001a381fb3081f8301d0603551d0e04160414148539189e922627c55b7d1c5c83d4e2143cd8453081c80603551d230481c03081bd8014148539189e922627c55b7d1c5c83d4e2143cd845a18199a48196308193310b3009060355040613 EAP-Message = 0x024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900fd65661b682c5e78300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100dc740339a8b23806ed73149bc8dea84d031846f478fddb33fd69758358091fc3589fb6315d325b24eaf3bc83525c81c3043e0ef2f64be3e68df936d299c8e36e1eb0aa529d7252 EAP-Message = 0xadc89de309a2b64b03db41c5 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x69a261166aa774fbab376a297e7dc1fa Finished request 3. Going to the next request Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.917240 sec Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=96, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020500061500 State = 0x69a261166aa774fbab376a297e7dc1fa Message-Authenticator = 0x72271a5a20f083cb1ac844a149d3e1bd # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 4: Preceding "if" was taken [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 96 to 192.168.70.22 port 21652 EAP-Message = 0x010600c01580000008a2b5f52cd563f8b30d8cf1a81f9b88a0635659f6da57ffac9851e7a2d5541878f14ffd640011ed52fe5884fa34d2a8f793bbcabc9d415b656a54bf93317216dfb5df372942a7ec23d4adf37114088858a21b35886a08df05448cce7bdfecf2201788c350466387cc8391cb547efa8feacfd34e3da7ffbfee827d66c5476756bd1540dd6af11cdf8a8d96384e7a4bb6aa9f8ea07cf211bfa7e45bc81529eaaf76108bad0a14bef793a29f4b15a64716030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x69a261166da474fbab376a297e7dc1fa Finished request 4. Going to the next request Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=97, length=633 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020601501580000001461603010106100001020100a3a6fc81ed5db338b094fc36d60260c21f7d25f0b3ca016ec64cae258aff16375caa4e600c3ca12d3a955c992d447a3aeda5e61a2c96c809084d2f98ea094fb4367594ecdc54659ec61117e10d86ec36121332876b932d4845d14763dd8efafdcb60bf570db90f509bf4b22dcbad841af192945427c39e085b70738438f3942aa25fdd524189bdd40c1b241f1b9bb8073cbfacef6c241e7e3b1979604c0d97957c92d44e41ee9af64fbff6269bae9bcde3bb8c0f8c82bd110ed29e6798a39678b5c36d7c583b219f92d30e4db7cb407f6520642768cf56198a5f729798a7a2cc0a48e61a3af826c3 EAP-Message = 0x36639897c11875370386fab261580f84474d26e7b5092ddd1403010001011603010030eaaac2eb818252a3144bdac118efede1100277e235494f8179796375b3c2c7f532eb1aebe8285f30910986b8a397e150 State = 0x69a261166da474fbab376a297e7dc1fa Message-Authenticator = 0x91105ccbf2c6132fefea1c979f1cd27d # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 5: Preceding "if" was taken [eap] EAP packet type response id 6 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 326 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [ttls] TLS_accept: SSLv3 read client key exchange A [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] [ttls] <<< TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 read finished A [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] [ttls] TLS_accept: SSLv3 write change cipher spec A [ttls] >>> TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 write finished A [ttls] TLS_accept: SSLv3 flush data [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 97 to 192.168.70.22 port 21652 EAP-Message = 0x0107004515800000003b1403010001011603010030c3583d7653c71743721a01e1ce855489d7307206046d7da4c754168362027679b16fd21c3a5e3012289826cb3ec5b27e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x69a261166ca574fbab376a297e7dc1fa Finished request 5. Going to the next request rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=98, length=454 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x0207009f15800000009517030100901b0641cc4dd8cf820d4d8f862f22643fd2a7a1073e85497d35540626380ca09415650a2780711204909f665b28cca0a19354416693547b047cade705c6d83cf4e50e3441b6abb284a09b405f31db48c3f6ee43fed65e65e2e865079da3aec3a74a37d1fc02943c80663b11124fb0895e05c07b75b2d04ac70a28fe0863ebd4efd1898d813a8f0cdee906488235a0ccc3 State = 0x69a261166ca574fbab376a297e7dc1fa Message-Authenticator = 0xf33714776f1fd97f16730136f7ac668f # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 6: Preceding "if" was taken [eap] EAP packet type response id 7 length 159 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 149 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Got tunneled request User-Name = "passpoint/adrian" MS-CHAP-Challenge = 0xba956d6414cbada455e28df890856b4c MS-CHAP2-Response = 0xc0000a3cf94104027b86e5abeefb6cf2bd9d000000000000000032c8458f9484d3fab8b6160a01d0aedfafe6364504932a2a FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = "passpoint/adrian" MS-CHAP-Challenge = 0xba956d6414cbada455e28df890856b4c MS-CHAP2-Response = 0xc0000a3cf94104027b86e5abeefb6cf2bd9d000000000000000032c8458f9484d3fab8b6160a01d0aedfafe6364504932a2a FreeRADIUS-Proxied-To = 127.0.0.1 server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated [suffix] Request already proxied. Ignoring. ++[suffix] returns ok [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel [ttls] Got tunneled reply code 0 [ttls] Tunneled authentication will be proxied to passpoint [eap] Tunneled session will be proxied. Not doing EAP. ++[eap] returns handled WARNING: Cancelling proxy to Realm LOCAL, as the realm is local. There was no response configured: rejecting request 6 Using Post-Auth-Type Reject # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} ++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) ? Evaluating (Realm == "8021x:BTRCon" ) -> FALSE ? Evaluating (Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE ++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE [attr_filter.access_reject] expand: %{User-Name} -> passpoint/adrian attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 6 for 1 seconds Going to the next request Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.957823 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.871929 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.134881 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.069443 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.244343 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.764676 sec Sending delayed reject for request 6 Sending Access-Reject of id 98 to 192.168.70.22 port 21652 Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.794117 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.103433 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.098922 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.156253 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.965056 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.042876 sec Waking up in 0.6 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.955702 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.020365 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.007534 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.828720 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.750868 sec Waking up in 0.5 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.149131 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.191976 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.964907 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.901226 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.247231 sec Waking up in 0.6 seconds. Cleaning up request 0 ID 92 with timestamp +15 Cleaning up request 1 ID 93 with timestamp +15 Cleaning up request 2 ID 94 with timestamp +15 Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.750784 sec Cleaning up request 3 ID 95 with timestamp +16 Cleaning up request 4 ID 96 with timestamp +16 Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.052604 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.149995 sec Cleaning up request 5 ID 97 with timestamp +16 Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.804373 sec Waking up in 0.2 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=99, length=298 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020100150170617373706f696e742f61647269616e Message-Authenticator = 0x206af0d737136bdb9c5aa6656b1d11e4 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 7: Preceding "if" was taken [eap] EAP packet type response id 1 length 21 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop ++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...} +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) ? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE ??? Skipping (User-Name >= '0234081219003212' ) ??? Skipping (User-Name < '0234081219003215') ??? Skipping (User-Name >= '1234081219003212' ) ??? Skipping (User-Name < '1234081219003215') +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE ++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 99 to 192.168.70.22 port 21652 EAP-Message = 0x0102001604105c300e63c8ec3c399d7c7a04e7aa3ed8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8acd71128acf75d0313964ead8c014bc Finished request 7. Going to the next request rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=100, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020200060315 State = 0x8acd71128acf75d0313964ead8c014bc Message-Authenticator = 0xf6b8bdd0867e9ce4a330f36ed2e6966c # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 8: Preceding "if" was taken [eap] EAP packet type response id 2 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop ++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...} +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) ? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE ??? Skipping (User-Name >= '0234081219003212' ) ??? Skipping (User-Name < '0234081219003215') ??? Skipping (User-Name >= '1234081219003212' ) ??? Skipping (User-Name < '1234081219003215') +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE ++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/ttls [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 100 to 192.168.70.22 port 21652 EAP-Message = 0x010300061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8acd71128bce64d0313964ead8c014bc Finished request 8. Going to the next request Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.973939 sec Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=101, length=422 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x0203007f15800000007516030100700100006c0301593fb282bd583ebe6c01b0889edda2ca0fd75b0abf504762bff57eae4b55981800002000ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000a01000023000a00080006001700180019000b000201000005000501000000000012000000170000 State = 0x8acd71128bce64d0313964ead8c014bc Message-Authenticator = 0xea79054cf335166262e4264c39b055b0 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 9: Preceding "if" was taken [eap] EAP packet type response id 3 length 127 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 117 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< TLS 1.0 Handshake [length 0070], ClientHello [ttls] TLS_accept: SSLv3 read client hello A [ttls] >>> TLS 1.0 Handshake [length 0031], ServerHello [ttls] TLS_accept: SSLv3 write server hello A [ttls] >>> TLS 1.0 Handshake [length 085e], Certificate [ttls] TLS_accept: SSLv3 write certificate A [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [ttls] TLS_accept: SSLv3 write server done A [ttls] TLS_accept: SSLv3 flush data [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 101 to 192.168.70.22 port 21652 EAP-Message = 0x0104040015c0000008a216030100310200002d0301593fb2593c06266c34a51b62b1d48acae97bf00962e144b89cefc30255cc73fe000035000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175 EAP-Message = 0x74686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b371e076b9340e282c6e1cf5c7f590455edd0fd3a687ce88156a2b9a50c6bbb66b6faffddc57708681a1674f3ab015da579681f9d90bf7 EAP-Message = 0xd1330c7ac1c7b7874052c6c2bcca7ecbc91594cc9a604d2f2b797305601b8eeff38552d3f16ae0b91d1b2b030da5502a542a9048540d7b33010fbe20d41944be461f594c2cce0e3fb50317af8e5aae7a3a6736b563578ef69a53c2d76a1ba30e05ed164b8a6ad8176027bf441a896408f36e03c63e882efa495adcd55f4a5718afc237414efe3b25782b535c64ed95b829e372f142df1a6a36d50701d259362fedbbeabbd224332c69121a08406a746330fb2c1d142c154e70396141b72730e4a75f9e991407257f030203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003820101006dfa EAP-Message = 0x5e04b81b2ffdeffb1f3f69247b47e419fe62e7ac89540cd2085ce6788ad8bd21b5bd1e522cbe0600ebce7160f0ac20d8ce5a2260332dd3771926f66fb5ce67da8f234cf3d134077337bd0c702c6c30348515804c21b78698585c565d27d083558d117883502e091eaf14192e8b8968ba76a058da7e7216ea651fa7bfdfcef58f529f322e4ac8470d2b39d6ff44ff5c6537cd395ab2db31274806b6d3cae72cf6402b688ba0b1a88177ed1437f85f29272468cfea3d9cd8bad0987409665081059d869bea56f6f5532603a5e5bfd9a60d9c86a0fc509c5aa88bba6aca64d6c4c613ceca414c8cb1b8c90c93f2a808f2010ad6ff18001b103ebff52b3cfe EAP-Message = 0x360004ab308204a73082038f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8acd711288c964d0313964ead8c014bc Finished request 9. Going to the next request Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=102, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020400061500 State = 0x8acd711288c964d0313964ead8c014bc Message-Authenticator = 0x893622df889ca2eb0c194e208e7a14ad # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 10: Preceding "if" was taken [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 102 to 192.168.70.22 port 21652 EAP-Message = 0x0105040015c0000008a2a003020102020900fd65661b682c5e78300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a308193310b3009060355040613024652310f300d06035504081306526164 EAP-Message = 0x6975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100ee3c2ba8f85aeccc234f9f45096a92322fa364d02f7f15a9592ab47d52ad5986a9fbf9180db38c1af8eb224cd6fe6679e0d7e0648a55a300a47230a0484060db26f903ea9051bb7d3cc7f76a8724cf06872cc63f936368643acdf0a4d4a05c8ac709d55b EAP-Message = 0x3b05244b648c04e99a459b9d8acc97bdbfe10e012fd54d4a4ffe6e23eb8a91d2863405e2f6dfb6d105d1277ebe4b834fefec0fcb5c84de23f41da805493e3ac6b29ade601a3891f995b741df4319feba99c44ef6f1c15d58bcb14be3af7cc25e60e4580b835a9d35699294e1ef7326f8eae174cb5576ec182ad7ff75441e92bfc695366edb74035d315a0c0d4de88aaeae5a7b96a43449db6ecc28a50203010001a381fb3081f8301d0603551d0e04160414148539189e922627c55b7d1c5c83d4e2143cd8453081c80603551d230481c03081bd8014148539189e922627c55b7d1c5c83d4e2143cd845a18199a48196308193310b3009060355040613 EAP-Message = 0x024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900fd65661b682c5e78300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100dc740339a8b23806ed73149bc8dea84d031846f478fddb33fd69758358091fc3589fb6315d325b24eaf3bc83525c81c3043e0ef2f64be3e68df936d299c8e36e1eb0aa529d7252 EAP-Message = 0xadc89de309a2b64b03db41c5 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8acd711289c864d0313964ead8c014bc Finished request 10. Going to the next request Waking up in 0.2 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=103, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020500061500 State = 0x8acd711289c864d0313964ead8c014bc Message-Authenticator = 0x6846920d72f185205389d9cc018324d4 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 11: Preceding "if" was taken [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 103 to 192.168.70.22 port 21652 EAP-Message = 0x010600c01580000008a2b5f52cd563f8b30d8cf1a81f9b88a0635659f6da57ffac9851e7a2d5541878f14ffd640011ed52fe5884fa34d2a8f793bbcabc9d415b656a54bf93317216dfb5df372942a7ec23d4adf37114088858a21b35886a08df05448cce7bdfecf2201788c350466387cc8391cb547efa8feacfd34e3da7ffbfee827d66c5476756bd1540dd6af11cdf8a8d96384e7a4bb6aa9f8ea07cf211bfa7e45bc81529eaaf76108bad0a14bef793a29f4b15a64716030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8acd71128ecb64d0313964ead8c014bc Finished request 11. Going to the next request Waking up in 0.2 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=104, length=633 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x0206015015800000014616030101061000010201008e4dfe01161ae76fb73ca9884839b33e61a1f6d59c3881c01fa95d4c0f97b9fdca0c798d5421003fdc1e4bf27c8a4403d411a3ab5ef86dcc85cc0da58755b87ad6004b14e3abe1e51c60ed309b85ae5364df097153cc1898b63114ffb7033d70a1183a6c5e71202513b192761ab124217061659d08977dc216c81577264fe80b0d4998b8975bc84098dd0eedbb200d311c438beb405cf9a0742843de0009348fc9b43b5e28ad9aafa3ddee5a54da6d5acf3bc300c77d0555b0423dbf3dae52b018f7a10edd4bbbdfc798de68f72f65b8567005fd712e65e21940fa02b644d5c1c9309e2408008058 EAP-Message = 0x016b3d01fe35da4088bb101c1cb9180d513d497a9ce967611403010001011603010030a9e4f3711a6d319dcaed146aa81f6be008b906da6f3b09a4ab8c8999fd1c475b96e5d4fab2b1b1ac6f6ec93488076ce7 State = 0x8acd71128ecb64d0313964ead8c014bc Message-Authenticator = 0x5090eaa217243f73702f3f0d9b1ceb6a # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 12: Preceding "if" was taken [eap] EAP packet type response id 6 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 326 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [ttls] TLS_accept: SSLv3 read client key exchange A [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] [ttls] <<< TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 read finished A [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] [ttls] TLS_accept: SSLv3 write change cipher spec A [ttls] >>> TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 write finished A [ttls] TLS_accept: SSLv3 flush data [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 104 to 192.168.70.22 port 21652 EAP-Message = 0x0107004515800000003b14030100010116030100305ce3efeda48c2870b6488e33cb240e83af43d61daa7853b1cfadc94d068f16aefe45637723e6d1a057057e871abf3911 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8acd71128fca64d0313964ead8c014bc Finished request 12. Going to the next request Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=105, length=454 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x0207009f15800000009517030100903c067027f79e1d7700547201d5b1d9df8e011ff874f5475cc1cd6d861ef8719ff3556e9192baf4e5978592e39a8fae52b8b80b98a318fa9dc90a8b6963973d12bcf376602cc949f7f9e414b5889c85b82c8c91b4aab71d89b740c14a01859f3759b4d71434c3f1810e14db56fd71f19a564f4950c7e550635b9e86c858d405a52dfc1f8b3a90808d51b1f6689d4e565f State = 0x8acd71128fca64d0313964ead8c014bc Message-Authenticator = 0x132c2a4018ee0c4625b62371e33eb00e # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 13: Preceding "if" was taken [eap] EAP packet type response id 7 length 159 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 149 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Got tunneled request User-Name = "passpoint/adrian" MS-CHAP-Challenge = 0xe37bb3a315466bfb6af06a0999eb9fa1 MS-CHAP2-Response = 0xf5004a5b3e7fd8d8cc045ffc5ef564af4f07000000000000000094112ef25226f191fca68d32c48212eb88e757d99272ca9c FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = "passpoint/adrian" MS-CHAP-Challenge = 0xe37bb3a315466bfb6af06a0999eb9fa1 MS-CHAP2-Response = 0xf5004a5b3e7fd8d8cc045ffc5ef564af4f07000000000000000094112ef25226f191fca68d32c48212eb88e757d99272ca9c FreeRADIUS-Proxied-To = 127.0.0.1 server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated [suffix] Request already proxied. Ignoring. ++[suffix] returns ok [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel [ttls] Got tunneled reply code 0 [ttls] Tunneled authentication will be proxied to passpoint [eap] Tunneled session will be proxied. Not doing EAP. ++[eap] returns handled WARNING: Cancelling proxy to Realm LOCAL, as the realm is local. There was no response configured: rejecting request 13 Using Post-Auth-Type Reject # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} ++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) ? Evaluating (Realm == "8021x:BTRCon" ) -> FALSE ? Evaluating (Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE ++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE [attr_filter.access_reject] expand: %{User-Name} -> passpoint/adrian attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 13 for 1 seconds Going to the next request Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.813461 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.829886 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.033527 sec Cleaning up request 6 ID 98 with timestamp +16 Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.777113 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.940748 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.817344 sec Sending delayed reject for request 13 Sending Access-Reject of id 105 to 192.168.70.22 port 21652 Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.027554 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.793098 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.858643 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.974457 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.152280 sec Waking up in 0.4 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.105497 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.794828 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.810880 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.007277 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.095163 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.132496 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.028052 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.823217 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.880446 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.799977 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.069586 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.786498 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.957779 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.033822 sec Waking up in 0.1 seconds. Cleaning up request 7 ID 99 with timestamp +21 Cleaning up request 8 ID 100 with timestamp +21 Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.173967 sec Cleaning up request 9 ID 101 with timestamp +21 Cleaning up request 10 ID 102 with timestamp +21 Cleaning up request 11 ID 103 with timestamp +21 Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.971243 sec Cleaning up request 12 ID 104 with timestamp +21 Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.185601 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.797453 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.876348 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.230513 sec Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.767555 sec Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.096276 sec Cleaning up request 13 ID 105 with timestamp +21 Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.031048 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.863706 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.985683 sec Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=106, length=298 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020100150170617373706f696e742f61647269616e Message-Authenticator = 0x94789caf32bd0646c47dad46ac458da0 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 14: Preceding "if" was taken [eap] EAP packet type response id 1 length 21 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop ++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...} +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) ? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE ??? Skipping (User-Name >= '0234081219003212' ) ??? Skipping (User-Name < '0234081219003215') ??? Skipping (User-Name >= '1234081219003212' ) ??? Skipping (User-Name < '1234081219003215') +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE ++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 106 to 192.168.70.22 port 21652 EAP-Message = 0x0102001604102a24918f38f84fc915d96251dad983cd Message-Authenticator = 0x00000000000000000000000000000000 State = 0x55de78a955dc7ca410ead8eb71766904 Finished request 14. Going to the next request Waking up in 0.2 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=107, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020200060315 State = 0x55de78a955dc7ca410ead8eb71766904 Message-Authenticator = 0x1740934a4dc11a2b4bc38f4b251ac980 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 15: Preceding "if" was taken [eap] EAP packet type response id 2 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop ++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...} +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) ? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE ??? Skipping (User-Name >= '0234081219003212' ) ??? Skipping (User-Name < '0234081219003215') ??? Skipping (User-Name >= '1234081219003212' ) ??? Skipping (User-Name < '1234081219003215') +++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE ++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/ttls [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 107 to 192.168.70.22 port 21652 EAP-Message = 0x010300061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x55de78a954dd6da410ead8eb71766904 Finished request 15. Going to the next request Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=108, length=422 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x0203007f15800000007516030100700100006c0301593fb289e7e9e013f7728e134357e7453c6f8f914faee52a8e970257d3f0f27f00002000ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000a01000023000a00080006001700180019000b000201000005000501000000000012000000170000 State = 0x55de78a954dd6da410ead8eb71766904 Message-Authenticator = 0x61679bd7c65dca909186eef34fbfee15 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 16: Preceding "if" was taken [eap] EAP packet type response id 3 length 127 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 117 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< TLS 1.0 Handshake [length 0070], ClientHello [ttls] TLS_accept: SSLv3 read client hello A [ttls] >>> TLS 1.0 Handshake [length 0031], ServerHello [ttls] TLS_accept: SSLv3 write server hello A [ttls] >>> TLS 1.0 Handshake [length 085e], Certificate [ttls] TLS_accept: SSLv3 write certificate A [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [ttls] TLS_accept: SSLv3 write server done A [ttls] TLS_accept: SSLv3 flush data [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 108 to 192.168.70.22 port 21652 EAP-Message = 0x0104040015c0000008a216030100310200002d0301593fb26026d0dc41fdc3b0a887c6e0253595a794d810f424f680900ae9e2d4ed000035000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175 EAP-Message = 0x74686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b371e076b9340e282c6e1cf5c7f590455edd0fd3a687ce88156a2b9a50c6bbb66b6faffddc57708681a1674f3ab015da579681f9d90bf7 EAP-Message = 0xd1330c7ac1c7b7874052c6c2bcca7ecbc91594cc9a604d2f2b797305601b8eeff38552d3f16ae0b91d1b2b030da5502a542a9048540d7b33010fbe20d41944be461f594c2cce0e3fb50317af8e5aae7a3a6736b563578ef69a53c2d76a1ba30e05ed164b8a6ad8176027bf441a896408f36e03c63e882efa495adcd55f4a5718afc237414efe3b25782b535c64ed95b829e372f142df1a6a36d50701d259362fedbbeabbd224332c69121a08406a746330fb2c1d142c154e70396141b72730e4a75f9e991407257f030203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003820101006dfa EAP-Message = 0x5e04b81b2ffdeffb1f3f69247b47e419fe62e7ac89540cd2085ce6788ad8bd21b5bd1e522cbe0600ebce7160f0ac20d8ce5a2260332dd3771926f66fb5ce67da8f234cf3d134077337bd0c702c6c30348515804c21b78698585c565d27d083558d117883502e091eaf14192e8b8968ba76a058da7e7216ea651fa7bfdfcef58f529f322e4ac8470d2b39d6ff44ff5c6537cd395ab2db31274806b6d3cae72cf6402b688ba0b1a88177ed1437f85f29272468cfea3d9cd8bad0987409665081059d869bea56f6f5532603a5e5bfd9a60d9c86a0fc509c5aa88bba6aca64d6c4c613ceca414c8cb1b8c90c93f2a808f2010ad6ff18001b103ebff52b3cfe EAP-Message = 0x360004ab308204a73082038f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x55de78a957da6da410ead8eb71766904 Finished request 16. Going to the next request Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=109, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020400061500 State = 0x55de78a957da6da410ead8eb71766904 Message-Authenticator = 0xce53084dd64cf4cf21a03e145405f088 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 17: Preceding "if" was taken [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 109 to 192.168.70.22 port 21652 EAP-Message = 0x0105040015c0000008a2a003020102020900fd65661b682c5e78300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a308193310b3009060355040613024652310f300d06035504081306526164 EAP-Message = 0x6975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100ee3c2ba8f85aeccc234f9f45096a92322fa364d02f7f15a9592ab47d52ad5986a9fbf9180db38c1af8eb224cd6fe6679e0d7e0648a55a300a47230a0484060db26f903ea9051bb7d3cc7f76a8724cf06872cc63f936368643acdf0a4d4a05c8ac709d55b EAP-Message = 0x3b05244b648c04e99a459b9d8acc97bdbfe10e012fd54d4a4ffe6e23eb8a91d2863405e2f6dfb6d105d1277ebe4b834fefec0fcb5c84de23f41da805493e3ac6b29ade601a3891f995b741df4319feba99c44ef6f1c15d58bcb14be3af7cc25e60e4580b835a9d35699294e1ef7326f8eae174cb5576ec182ad7ff75441e92bfc695366edb74035d315a0c0d4de88aaeae5a7b96a43449db6ecc28a50203010001a381fb3081f8301d0603551d0e04160414148539189e922627c55b7d1c5c83d4e2143cd8453081c80603551d230481c03081bd8014148539189e922627c55b7d1c5c83d4e2143cd845a18199a48196308193310b3009060355040613 EAP-Message = 0x024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900fd65661b682c5e78300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100dc740339a8b23806ed73149bc8dea84d031846f478fddb33fd69758358091fc3589fb6315d325b24eaf3bc83525c81c3043e0ef2f64be3e68df936d299c8e36e1eb0aa529d7252 EAP-Message = 0xadc89de309a2b64b03db41c5 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x55de78a956db6da410ead8eb71766904 Finished request 17. Going to the next request rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=110, length=301 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020500061500 State = 0x55de78a956db6da410ead8eb71766904 Message-Authenticator = 0x38f164964fda41ea99ab94411a9b4bca # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 18: Preceding "if" was taken [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 110 to 192.168.70.22 port 21652 EAP-Message = 0x010600c01580000008a2b5f52cd563f8b30d8cf1a81f9b88a0635659f6da57ffac9851e7a2d5541878f14ffd640011ed52fe5884fa34d2a8f793bbcabc9d415b656a54bf93317216dfb5df372942a7ec23d4adf37114088858a21b35886a08df05448cce7bdfecf2201788c350466387cc8391cb547efa8feacfd34e3da7ffbfee827d66c5476756bd1540dd6af11cdf8a8d96384e7a4bb6aa9f8ea07cf211bfa7e45bc81529eaaf76108bad0a14bef793a29f4b15a64716030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x55de78a951d86da410ead8eb71766904 Finished request 18. Going to the next request Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.944075 sec rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=111, length=633 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x020601501580000001461603010106100001020100151070a791def4c9ce6aa9a210936cbcb19c16c64c200cb65b77b3136edc93ed6947fa08a2614c50d82fb9a01bc1d052e9774a62df04d1e2026eb56a9697230406687c9d9501bb575c82efb13b81028bc8162393fd0f19c5a0a8c9bfb45cf24d7432a52131e2a3baa5be4b783970b14c172151f79688680362429dc358f6256412c81a5c0724719585ef225e1745f0a42c0c3b9d41f74762a1b90844a115f8fd4dc4e59ff2a22f79b3db63d781d08a0d7d2d1f9e91dfc4bbf6fecc3c80b6b5ac2afa5a9313a2b324ca97f5ee378ea606ef98806c76d616fcb4c919e3c5b61b80d3ab90d97dd08725 EAP-Message = 0x080804f3bb3f21200042c1641a82740587c2a9be41de2e111403010001011603010030e93d2b879d132fb31e807571b5cc758b972225ef97f0af291e24c3adb8f435201d65e18a461386a17ec47568ea05925c State = 0x55de78a951d86da410ead8eb71766904 Message-Authenticator = 0x13372cc3426516ef77c5bf272f5d1b42 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 19: Preceding "if" was taken [eap] EAP packet type response id 6 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 326 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [ttls] TLS_accept: SSLv3 read client key exchange A [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] [ttls] <<< TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 read finished A [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] [ttls] TLS_accept: SSLv3 write change cipher spec A [ttls] >>> TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 write finished A [ttls] TLS_accept: SSLv3 flush data [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 111 to 192.168.70.22 port 21652 EAP-Message = 0x0107004515800000003b14030100010116030100309c222ec982006809790a9c2919d10a2f1b2565b8bc96b5ff2e5553bdb41340a1e1682a5234747b218e42c4c4e579d35b Message-Authenticator = 0x00000000000000000000000000000000 State = 0x55de78a950d96da410ead8eb71766904 Finished request 19. Going to the next request Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.129376 sec Waking up in 0.2 seconds. rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=112, length=454 User-Name = "passpoint/adrian" Chargeable-User-Identity = "" Operator-Name = "11xTesting" Location-Capable = Civix-Location Calling-Station-Id = "54ea.a824.a00d" Called-Station-Id = "TNK6-Adrian-01-Test" NAS-Port = 4 Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59" Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180" NAS-IP-Address = 10.150.48.2 NAS-Identifier = "baynard-cso-wlc02" Airespace-Wlan-Id = 110 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1783" EAP-Message = 0x0207009f1580000000951703010090bed3fef3622c94a55d4d20677b2056fe14578cb1ec6518795511c4f6092783cd3b97788fa8baf3fc68a8617d5c63e2ea04a7ad1eaf25e550c42a0d37fad6c07288aa8ebb8225b5a103d75729a0f8952087825d8497d6ddb40c435e225b5c2a960c50f281a0768a0c6baa9ec1e79281fe585ea06e3d0f3065ea499c3c33f60fac52636f9863e60fc3986e22545062c96c State = 0x55de78a950d96da410ead8eb71766904 Message-Authenticator = 0xe5645ddc511b3c835037bcc2a8adfed5 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated ++? if (Realm == 'passpoint') ? Evaluating (Realm == 'passpoint') -> TRUE ++? if (Realm == 'passpoint') -> TRUE ++- entering if (Realm == 'passpoint') {...} +++[control] returns updated ++- if (Realm == 'passpoint') returns updated ++ ... skipping else for request 20: Preceding "if" was taken [eap] EAP packet type response id 7 length 159 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 149 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Got tunneled request User-Name = "passpoint/adrian" MS-CHAP-Challenge = 0xf1e8cc0e49325414b2f191350344d954 MS-CHAP2-Response = 0x0d00e349a94d15eb6b413a1795bd88effc1500000000000000000ba1f6b617ee509e5204bf9b3d832784867e0b1097474d2b FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = "passpoint/adrian" MS-CHAP-Challenge = 0xf1e8cc0e49325414b2f191350344d954 MS-CHAP2-Response = 0x0d00e349a94d15eb6b413a1795bd88effc1500000000000000000ba1f6b617ee509e5204bf9b3d832784867e0b1097474d2b FreeRADIUS-Proxied-To = 127.0.0.1 server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian" [IPASS] Found realm "passpoint" [IPASS] Adding Realm = "passpoint" [IPASS] Proxying request from user adrian to realm passpoint [IPASS] Preparing to proxy authentication request to realm "passpoint" ++[IPASS] returns updated [suffix] Request already proxied. Ignoring. ++[suffix] returns ok [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel [ttls] Got tunneled reply code 0 [ttls] Tunneled authentication will be proxied to passpoint [eap] Tunneled session will be proxied. Not doing EAP. ++[eap] returns handled WARNING: Cancelling proxy to Realm LOCAL, as the realm is local. There was no response configured: rejecting request 20 Using Post-Auth-Type Reject # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} ++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) ? Evaluating (Realm == "8021x:BTRCon" ) -> FALSE ? Evaluating (Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE ++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE [attr_filter.access_reject] expand: %{User-Name} -> passpoint/adrian attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 20 for 1 seconds Going to the next request Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.751837 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.243590 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.876885 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.762210 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.239831 sec Sending delayed reject for request 20 Sending Access-Reject of id 112 to 192.168.70.22 port 21652 Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.931724 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.821277 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.215098 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.798647 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.972355 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.819912 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.142257 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.882873 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.174178 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.923319 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.796417 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.101806 sec Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.195755 sec Waking up in 0.3 seconds. Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.836153 sec Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.201596 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.172237 sec Waking up in 0.5 seconds. Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/* Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.949951 sec Waking up in 0.2 seconds. Polling for detail file /var/log/radius/radacct/iptracker/* Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.780669 sec Polling for detail file /var/log/radius/radacct/consulate/* Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.221639 sec Cleaning up request 14 ID 106 with timestamp +28 Cleaning up request 15 ID 107 with timestamp +28 Cleaning up request 16 ID 108 with timestamp +28 Cleaning up request 17 ID 109 with timestamp +28 Cleaning up request 18 ID 110 with timestamp +28 Cleaning up request 19 ID 111 with timestamp +28 Waking up in 0.1 seconds. Polling for detail file /var/log/radius/radacct/relay-acct/* Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.157646 sec Polling for detail file /var/log/radius/radacct/wifi-roam/* Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.933433 sec Waking up in 0.2 seconds. -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+adrian.p.smith=bt.com@lists.freeradius.org] On Behalf Of Matthew Newton Sent: 13 June 2017 10:24 To: FreeRadius users mailing list Subject: RE: Terminate EAP-TTLS then proxy On 13 June 2017 10:20:56 BST, adrian.p.smith@bt.com wrote:
Ah sorry, here's the rest of it:
[ttls] Got tunneled reply code 0 [ttls] Tunneled authentication will be proxied to passpoint [eap] Tunneled session will be proxied. Not doing EAP. ++[eap] returns handled WARNING: Cancelling proxy to Realm LOCAL, as the realm is local.
Look in proxy.conf. The 'passpoint' realm likely isn't configured correctly. -- Matthew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Tue, Jun 13, 2017 at 12:42:26PM +0000, adrian.p.smith@bt.com wrote:
If I send a (non-EAP) request directly to the inner tunnel, it does get proxied ok.
I've tried it on 3.0.14 and it works fine... Maybe time for an upgrade. 2.1.12 is obsolete. You could try the latest 2.2 without much config change. Still obsolete, but maybe it will help. -- Matthew
Thanks Matthew. Was kind of expecting that (and at the same time hoping not to hear it!). I have tried 2.2.9 and I get the same. Probably time to upgrade - been resisting as we have a lot of baggage and an old OS. <sigh/> -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+adrian.p.smith=bt.com@lists.freeradius.org] On Behalf Of Matthew Newton Sent: 13 June 2017 13:45 To: FreeRadius users mailing list Subject: Re: Terminate EAP-TTLS then proxy On Tue, Jun 13, 2017 at 12:42:26PM +0000, adrian.p.smith@bt.com wrote:
If I send a (non-EAP) request directly to the inner tunnel, it does get proxied ok.
I've tried it on 3.0.14 and it works fine... Maybe time for an upgrade. 2.1.12 is obsolete. You could try the latest 2.2 without much config change. Still obsolete, but maybe it will help. -- Matthew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Tue, Jun 13, 2017 at 12:57:25PM +0000, adrian.p.smith@bt.com wrote:
Was kind of expecting that (and at the same time hoping not to hear it!).
I have tried 2.2.9 and I get the same.
Probably time to upgrade - been resisting as we have a lot of baggage and an old OS.
I'd start with 3.0.14 and just a minimal config to replicate the bit that's broken. Then you can at least prove that part works before doing anything else. -- Matthew
I have returned to this problem and am using a fresh copy of 3.0.15 and the eapol_test client. Here is my output: FreeRADIUS Version 3.0.15 Copyright (C) 1999-2017 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /home/adrian/freeradius-server-3.0.15/share/freeradius/dictionary including dictionary file /home/adrian/freeradius-server-3.0.15/share/freeradius/dictionary.dhcp including dictionary file /home/adrian/freeradius-server-3.0.15/share/freeradius/dictionary.vqp including dictionary file /home/adrian/freeradius-server-3.0.15/etc/raddb/dictionary including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/radiusd.conf including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/proxy.conf including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/clients.conf including files in directory /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/ including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/chap including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/dynamic_clients including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/files including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/sradutmp including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/mschap including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/soh including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/ntlm_auth including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/realm including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/always including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/utf8 including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/attr_filter including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/passwd including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/echo including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/unpack including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/date including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/linelog including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/preprocess including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/detail including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/exec including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/eap including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/unix including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/digest including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/detail.log including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/pap including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/cache_eap including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/dhcp including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/expiration including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/radutmp including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/replicate including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/expr including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/logintime including files in directory /home/adrian/freeradius-server-3.0.15/etc/raddb/policy.d/ including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/policy.d/moonshot-targeted-ids including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/policy.d/canonicalization including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/policy.d/debug including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/policy.d/eap including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/policy.d/operator-name including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/policy.d/dhcp including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/policy.d/cui including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/policy.d/control including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/policy.d/filter including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/policy.d/accounting including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/policy.d/abfab-tr including files in directory /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/ including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/default including configuration file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/inner-tunnel main { name = "radiusd" prefix = "/home/adrian/freeradius-server-3.0.15" localstatedir = "/home/adrian/freeradius-server-3.0.15/var" sbindir = "/home/adrian/freeradius-server-3.0.15/sbin" logdir = "/home/adrian/freeradius-server-3.0.15/var/log/radius" run_dir = "/home/adrian/freeradius-server-3.0.15/var/run/radiusd" libdir = "/home/adrian/freeradius-server-3.0.15/lib" radacctdir = "/home/adrian/freeradius-server-3.0.15/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 16384 pidfile = "/home/adrian/freeradius-server-3.0.15/var/run/radiusd/radiusd.pid" checkrad = "/home/adrian/freeradius-server-3.0.15/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no colourise = yes msg_denied = "You are already logged in - access denied" } resources { } security { max_attributes = 200 reject_delay = 1.000000 status_server = yes allow_vulnerable_openssl = "CVE-2016-6304" } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = <<< secret >>> response_window = 20.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 120 limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server SPS_FR { ipaddr = 192.168.19.20 port = 1812 type = "auth" secret = <<< secret >>> response_window = 20.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 120 limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } home_server_pool SPS_FR_pool { home_server = SPS_FR } realm passpoint { auth_pool = SPS_FR_pool nostrip } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" proto = "*" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client localhost_ipv6 { ipv6addr = ::1 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Found debugger attached # Creating Auth-Type = mschap # Creating Auth-Type = digest # Creating Auth-Type = eap # Creating Auth-Type = PAP # Creating Auth-Type = CHAP # Creating Auth-Type = MS-CHAP radiusd: #### Instantiating modules #### modules { # Loaded module rlm_chap # Loading module "chap" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/chap # Loaded module rlm_dynamic_clients # Loading module "dynamic_clients" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/dynamic_clients # Loaded module rlm_files # Loading module "files" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/files files { filename = "/home/adrian/freeradius-server-3.0.15/etc/raddb/mods-config/files/authorize" acctusersfile = "/home/adrian/freeradius-server-3.0.15/etc/raddb/mods-config/files/accounting" preproxy_usersfile = "/home/adrian/freeradius-server-3.0.15/etc/raddb/mods-config/files/pre-proxy" } # Loaded module rlm_radutmp # Loading module "sradutmp" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/sradutmp radutmp sradutmp { filename = "/home/adrian/freeradius-server-3.0.15/var/log/radius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Loaded module rlm_mschap # Loading module "mschap" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes winbind_retry_with_normalised_username = no } # Loaded module rlm_soh # Loading module "soh" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/soh soh { dhcp = yes } # Loaded module rlm_exec # Loading module "ntlm_auth" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_realm # Loading module "IPASS" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Loading module "suffix" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Loading module "realmpercent" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Loading module "ntdomain" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\\" ignore_default = no ignore_null = no } # Loaded module rlm_always # Loading module "reject" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Loading module "fail" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Loading module "ok" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Loading module "handled" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Loading module "invalid" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Loading module "userlock" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Loading module "notfound" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Loading module "noop" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Loading module "updated" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Loaded module rlm_utf8 # Loading module "utf8" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/utf8 # Loaded module rlm_attr_filter # Loading module "attr_filter.post-proxy" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/home/adrian/freeradius-server-3.0.15/etc/raddb/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.pre-proxy" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/home/adrian/freeradius-server-3.0.15/etc/raddb/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.access_reject" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/home/adrian/freeradius-server-3.0.15/etc/raddb/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.access_challenge" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/home/adrian/freeradius-server-3.0.15/etc/raddb/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.accounting_response" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/home/adrian/freeradius-server-3.0.15/etc/raddb/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } # Loaded module rlm_passwd # Loading module "etc_passwd" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } # Loading module "echo" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/echo exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } # Loaded module rlm_unpack # Loading module "unpack" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/unpack # Loaded module rlm_date # Loading module "date" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/date date { format = "%b %e %Y %H:%M:%S %Z" utc = no } # Loaded module rlm_linelog # Loading module "linelog" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/linelog linelog { filename = "/home/adrian/freeradius-server-3.0.15/var/log/radius/linelog" escape_filenames = no syslog_severity = "info" permissions = 384 format = "This is a log message for %{User-Name}" reference = "messages.%{%{reply:Packet-Type}:-default}" } # Loading module "log_accounting" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/linelog linelog log_accounting { filename = "/home/adrian/freeradius-server-3.0.15/var/log/radius/linelog-accounting" escape_filenames = no syslog_severity = "info" permissions = 384 format = "" reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" } # Loaded module rlm_preprocess # Loading module "preprocess" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/preprocess preprocess { huntgroups = "/home/adrian/freeradius-server-3.0.15/etc/raddb/mods-config/preprocess/huntgroups" hints = "/home/adrian/freeradius-server-3.0.15/etc/raddb/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } # Loaded module rlm_detail # Loading module "detail" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/detail detail { filename = "/home/adrian/freeradius-server-3.0.15/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "exec" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loaded module rlm_eap # Loading module "eap" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/eap eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 16384 } # Loaded module rlm_unix # Loading module "unix" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/unix unix { radwtmp = "/home/adrian/freeradius-server-3.0.15/var/log/radius/radwtmp" } Creating attribute Unix-Group # Loaded module rlm_digest # Loading module "digest" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/digest # Loading module "auth_log" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/detail.log detail auth_log { filename = "/home/adrian/freeradius-server-3.0.15/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "reply_log" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/detail.log detail reply_log { filename = "/home/adrian/freeradius-server-3.0.15/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "pre_proxy_log" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/detail.log detail pre_proxy_log { filename = "/home/adrian/freeradius-server-3.0.15/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "post_proxy_log" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/detail.log detail post_proxy_log { filename = "/home/adrian/freeradius-server-3.0.15/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loaded module rlm_pap # Loading module "pap" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/pap pap { normalise = yes } # Loaded module rlm_cache # Loading module "cache_eap" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/cache_eap cache cache_eap { driver = "rlm_cache_rbtree" key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 0 epoch = 0 add_stats = no } # Loaded module rlm_dhcp # Loading module "dhcp" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/dhcp # Loaded module rlm_expiration # Loading module "expiration" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/expiration # Loading module "radutmp" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/radutmp radutmp { filename = "/home/adrian/freeradius-server-3.0.15/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Loaded module rlm_replicate # Loading module "replicate" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/replicate # Loaded module rlm_expr # Loading module "expr" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ" } # Loaded module rlm_logintime # Loading module "logintime" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/logintime logintime { minimum_timeout = 60 } instantiate { } # Instantiating module "files" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/files reading pairlist file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-config/files/authorize reading pairlist file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-config/files/accounting reading pairlist file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-config/files/pre-proxy # Instantiating module "mschap" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/mschap rlm_mschap (mschap): using internal authentication # Instantiating module "IPASS" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/realm # Instantiating module "suffix" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/realm # Instantiating module "realmpercent" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/realm # Instantiating module "ntdomain" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/realm # Instantiating module "reject" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/always # Instantiating module "fail" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/always # Instantiating module "ok" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/always # Instantiating module "handled" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/always # Instantiating module "invalid" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/always # Instantiating module "userlock" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/always # Instantiating module "notfound" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/always # Instantiating module "noop" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/always # Instantiating module "updated" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/always # Instantiating module "attr_filter.post-proxy" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/attr_filter reading pairlist file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/attr_filter reading pairlist file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/attr_filter reading pairlist file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-config/attr_filter/access_reject [/home/adrian/freeradius-server-3.0.15/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT". [/home/adrian/freeradius-server-3.0.15/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT". # Instantiating module "attr_filter.access_challenge" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/attr_filter reading pairlist file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/attr_filter reading pairlist file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-config/attr_filter/accounting_response # Instantiating module "etc_passwd" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/passwd rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Instantiating module "linelog" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/linelog # Instantiating module "log_accounting" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/linelog # Instantiating module "preprocess" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/preprocess reading pairlist file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-config/preprocess/huntgroups reading pairlist file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-config/preprocess/hints # Instantiating module "detail" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/detail # Instantiating module "eap" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/eap # Linked to sub-module rlm_eap_md5 # Linked to sub-module rlm_eap_leap # Linked to sub-module rlm_eap_gtc gtc { challenge = "Password: " auth_type = "PAP" } # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { verify_depth = 0 ca_path = "/home/adrian/freeradius-server-3.0.15/etc/raddb/certs" pem_file_type = yes private_key_file = "/home/adrian/freeradius-server-3.0.15/etc/raddb/certs/server.pem" certificate_file = "/home/adrian/freeradius-server-3.0.15/etc/raddb/certs/server.pem" ca_file = "/home/adrian/freeradius-server-3.0.15/etc/raddb/certs/ca.pem" private_key_password = <<< secret >>> dh_file = "/home/adrian/freeradius-server-3.0.15/etc/raddb/certs/dh" fragment_size = 1024 include_length = yes auto_chain = yes check_crl = no check_all_crl = no cipher_list = "DEFAULT" cipher_server_preference = no ecdh_curve = "prime256v1" cache { enable = no lifetime = 24 max_entries = 255 } verify { skip_if_ocsp_ok = no } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Instantiating module "auth_log" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/detail.log rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/detail.log # Instantiating module "pre_proxy_log" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/detail.log # Instantiating module "post_proxy_log" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/detail.log # Instantiating module "pap" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/pap # Instantiating module "cache_eap" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/cache_eap rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked # Instantiating module "expiration" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/expiration # Instantiating module "logintime" from file /home/adrian/freeradius-server-3.0.15/etc/raddb/mods-enabled/logintime } # modules radiusd: #### Loading Virtual Servers #### server { # from file /home/adrian/freeradius-server-3.0.15/etc/raddb/radiusd.conf } # server server default { # from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/default # Loading authenticate {...} # Loading authorize {...} Ignoring "sql" (see raddb/mods-available/README.rst) Ignoring "ldap" (see raddb/mods-available/README.rst) # Loading preacct {...} # Loading accounting {...} # Loading post-proxy {...} # Loading post-auth {...} } # server default server inner-tunnel { # from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/inner-tunnel # Loading authenticate {...} # Loading authorize {...} # Loading session {...} # Loading post-proxy {...} # Loading post-auth {...} # Skipping contents of 'if' as it is always 'false' -- /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/inner-tunnel:331 } # server inner-tunnel radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipv6addr = :: port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipv6addr = :: port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on auth address * port 1812 bound to server default Listening on acct address * port 1813 bound to server default Listening on auth address :: port 1812 bound to server default Listening on acct address :: port 1813 bound to server default Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel Listening on proxy address * port 34763 Listening on proxy address :: port 31835 Ready to process requests (0) Received Access-Request Id 0 from 127.0.0.1:51415 to 127.0.0.1:1812 length 146 (0) User-Name = "passpoint/adrian" (0) NAS-IP-Address = 127.0.0.1 (0) Calling-Station-Id = "02-00-00-00-00-01" (0) Framed-MTU = 1400 (0) NAS-Port-Type = Wireless-802.11 (0) Service-Type = Framed-User (0) Connect-Info = "CONNECT 11Mbps 802.11b" (0) EAP-Message = 0x020000150170617373706f696e742f61647269616e (0) Message-Authenticator = 0xaf825a0fc55e4c2f2cf81dca248dc550 (0) # Executing section authorize from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/default (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) IPASS: Checking for prefix before "/" (0) IPASS: Looking up realm "passpoint" for User-Name = "passpoint/adrian" (0) IPASS: Found realm "passpoint" (0) IPASS: Adding Realm = "passpoint" (0) IPASS: Proxying request from user passpoint/adrian to realm passpoint (0) IPASS: Preparing to proxy authentication request to realm "passpoint" (0) [IPASS] = updated (0) if (Realm == 'passpoint' && &EAP-Message ) { (0) if (Realm == 'passpoint' && &EAP-Message ) -> TRUE (0) if (Realm == 'passpoint' && &EAP-Message ) { (0) update control { (0) Proxy-To-Realm := LOCAL (0) } # update control = noop (0) } # if (Realm == 'passpoint' && &EAP-Message ) = noop (0) ... skipping else: Preceding "if" was taken (0) eap: Peer sent EAP Response (code 2) ID 0 length 21 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = eap (0) # Executing group from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/default (0) authenticate { (0) eap: Peer sent packet with method EAP Identity (1) (0) eap: Calling submodule eap_md5 to process data (0) eap_md5: Issuing MD5 Challenge (0) eap: Sending EAP Request (code 1) ID 1 length 22 (0) eap: EAP session adding &reply:State = 0x06d22ed906d32a54 (0) [eap] = handled (0) } # authenticate = handled (0) Using Post-Auth-Type Challenge (0) # Executing group from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/default (0) Challenge { ... } # empty sub-section is ignored (0) Sent Access-Challenge Id 0 from 127.0.0.1:1812 to 127.0.0.1:51415 length 0 (0) EAP-Message = 0x0101001604109620ea5941df32dc74eda33830a515a9 (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0x06d22ed906d32a54ff0aab134334b819 (0) Finished request Waking up in 4.9 seconds. (1) Received Access-Request Id 1 from 127.0.0.1:51415 to 127.0.0.1:1812 length 149 (1) User-Name = "passpoint/adrian" (1) NAS-IP-Address = 127.0.0.1 (1) Calling-Station-Id = "02-00-00-00-00-01" (1) Framed-MTU = 1400 (1) NAS-Port-Type = Wireless-802.11 (1) Service-Type = Framed-User (1) Connect-Info = "CONNECT 11Mbps 802.11b" (1) EAP-Message = 0x020100060315 (1) State = 0x06d22ed906d32a54ff0aab134334b819 (1) Message-Authenticator = 0x18a32045f098493e9c28e768bbfc67e1 (1) session-state: No cached attributes (1) # Executing section authorize from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/default (1) authorize { (1) policy filter_username { (1) if (&User-Name) { (1) if (&User-Name) -> TRUE (1) if (&User-Name) { (1) if (&User-Name =~ / /) { (1) if (&User-Name =~ / /) -> FALSE (1) if (&User-Name =~ /@[^@]*@/ ) { (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (1) if (&User-Name =~ /\.\./ ) { (1) if (&User-Name =~ /\.\./ ) -> FALSE (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (1) if (&User-Name =~ /\.$/) { (1) if (&User-Name =~ /\.$/) -> FALSE (1) if (&User-Name =~ /@\./) { (1) if (&User-Name =~ /@\./) -> FALSE (1) } # if (&User-Name) = notfound (1) } # policy filter_username = notfound (1) [preprocess] = ok (1) [chap] = noop (1) [mschap] = noop (1) [digest] = noop (1) IPASS: Checking for prefix before "/" (1) IPASS: Looking up realm "passpoint" for User-Name = "passpoint/adrian" (1) IPASS: Found realm "passpoint" (1) IPASS: Adding Realm = "passpoint" (1) IPASS: Proxying request from user passpoint/adrian to realm passpoint (1) IPASS: Preparing to proxy authentication request to realm "passpoint" (1) [IPASS] = updated (1) if (Realm == 'passpoint' && &EAP-Message ) { (1) if (Realm == 'passpoint' && &EAP-Message ) -> TRUE (1) if (Realm == 'passpoint' && &EAP-Message ) { (1) update control { (1) Proxy-To-Realm := LOCAL (1) } # update control = noop (1) } # if (Realm == 'passpoint' && &EAP-Message ) = noop (1) ... skipping else: Preceding "if" was taken (1) eap: Peer sent EAP Response (code 2) ID 1 length 6 (1) eap: No EAP Start, assuming it's an on-going EAP conversation (1) [eap] = updated (1) [files] = noop (1) [expiration] = noop (1) [logintime] = noop (1) [pap] = noop (1) } # authorize = updated (1) Found Auth-Type = eap (1) # Executing group from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/default (1) authenticate { (1) eap: Expiring EAP session with state 0x06d22ed906d32a54 (1) eap: Finished EAP session with state 0x06d22ed906d32a54 (1) eap: Previous EAP request found for state 0x06d22ed906d32a54, released from the list (1) eap: Peer sent packet with method EAP NAK (3) (1) eap: Found mutually acceptable type TTLS (21) (1) eap: Calling submodule eap_ttls to process data (1) eap_ttls: Initiating new EAP-TLS session (1) eap_ttls: [eaptls start] = request (1) eap: Sending EAP Request (code 1) ID 2 length 6 (1) eap: EAP session adding &reply:State = 0x06d22ed907d03b54 (1) [eap] = handled (1) } # authenticate = handled (1) Using Post-Auth-Type Challenge (1) # Executing group from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/default (1) Challenge { ... } # empty sub-section is ignored (1) Sent Access-Challenge Id 1 from 127.0.0.1:1812 to 127.0.0.1:51415 length 0 (1) EAP-Message = 0x010200061520 (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) State = 0x06d22ed907d03b54ff0aab134334b819 (1) Finished request Waking up in 4.9 seconds. (2) Received Access-Request Id 2 from 127.0.0.1:51415 to 127.0.0.1:1812 length 436 (2) User-Name = "passpoint/adrian" (2) NAS-IP-Address = 127.0.0.1 (2) Calling-Station-Id = "02-00-00-00-00-01" (2) Framed-MTU = 1400 (2) NAS-Port-Type = Wireless-802.11 (2) Service-Type = Framed-User (2) Connect-Info = "CONNECT 11Mbps 802.11b" (2) EAP-Message = 0x02020123150016030101180100011403032bfa822e9a2fe791ae2222a70f8af28a40f834ab9d52713f1f9e6bc6fa7bf891000082c030c02cc028c024c014c00a00a3009f006b006a0039003800880087c032c02ec02ac026c00fc005009d003d00350084c012c00800160013c00dc003000ac02fc02bc0 (2) State = 0x06d22ed907d03b54ff0aab134334b819 (2) Message-Authenticator = 0xb5f71990e0859c4a71651d8c8bcd4a9c (2) session-state: No cached attributes (2) # Executing section authorize from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/default (2) authorize { (2) policy filter_username { (2) if (&User-Name) { (2) if (&User-Name) -> TRUE (2) if (&User-Name) { (2) if (&User-Name =~ / /) { (2) if (&User-Name =~ / /) -> FALSE (2) if (&User-Name =~ /@[^@]*@/ ) { (2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (2) if (&User-Name =~ /\.\./ ) { (2) if (&User-Name =~ /\.\./ ) -> FALSE (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (2) if (&User-Name =~ /\.$/) { (2) if (&User-Name =~ /\.$/) -> FALSE (2) if (&User-Name =~ /@\./) { (2) if (&User-Name =~ /@\./) -> FALSE (2) } # if (&User-Name) = notfound (2) } # policy filter_username = notfound (2) [preprocess] = ok (2) [chap] = noop (2) [mschap] = noop (2) [digest] = noop (2) IPASS: Checking for prefix before "/" (2) IPASS: Looking up realm "passpoint" for User-Name = "passpoint/adrian" (2) IPASS: Found realm "passpoint" (2) IPASS: Adding Realm = "passpoint" (2) IPASS: Proxying request from user passpoint/adrian to realm passpoint (2) IPASS: Preparing to proxy authentication request to realm "passpoint" (2) [IPASS] = updated (2) if (Realm == 'passpoint' && &EAP-Message ) { (2) if (Realm == 'passpoint' && &EAP-Message ) -> TRUE (2) if (Realm == 'passpoint' && &EAP-Message ) { (2) update control { (2) Proxy-To-Realm := LOCAL (2) } # update control = noop (2) } # if (Realm == 'passpoint' && &EAP-Message ) = noop (2) ... skipping else: Preceding "if" was taken (2) eap: Peer sent EAP Response (code 2) ID 2 length 291 (2) eap: Continuing tunnel setup (2) [eap] = ok (2) } # authorize = ok (2) Found Auth-Type = eap (2) # Executing group from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/default (2) authenticate { (2) eap: Expiring EAP session with state 0x06d22ed907d03b54 (2) eap: Finished EAP session with state 0x06d22ed907d03b54 (2) eap: Previous EAP request found for state 0x06d22ed907d03b54, released from the list (2) eap: Peer sent packet with method EAP TTLS (21) (2) eap: Calling submodule eap_ttls to process data (2) eap_ttls: Authenticate (2) eap_ttls: Continuing EAP-TLS (2) eap_ttls: [eaptls verify] = ok (2) eap_ttls: Done initial handshake (2) eap_ttls: (other): before/accept initialization (2) eap_ttls: TLS_accept: before/accept initialization (2) eap_ttls: <<< recv TLS 1.2 [length 0118] (2) eap_ttls: TLS_accept: SSLv3 read client hello A (2) eap_ttls: >>> send TLS 1.2 [length 003e] (2) eap_ttls: TLS_accept: SSLv3 write server hello A (2) eap_ttls: >>> send TLS 1.2 [length 08d3] (2) eap_ttls: TLS_accept: SSLv3 write certificate A (2) eap_ttls: >>> send TLS 1.2 [length 014d] (2) eap_ttls: TLS_accept: SSLv3 write key exchange A (2) eap_ttls: >>> send TLS 1.2 [length 0004] (2) eap_ttls: TLS_accept: SSLv3 write server done A (2) eap_ttls: TLS_accept: SSLv3 flush data (2) eap_ttls: TLS_accept: Need to read more data: SSLv3 read client certificate A (2) eap_ttls: TLS_accept: Need to read more data: SSLv3 read client certificate A (2) eap_ttls: In SSL Handshake Phase (2) eap_ttls: In SSL Accept mode (2) eap_ttls: [eaptls process] = handled (2) eap: Sending EAP Request (code 1) ID 3 length 1004 (2) eap: EAP session adding &reply:State = 0x06d22ed904d13b54 (2) [eap] = handled (2) } # authenticate = handled (2) Using Post-Auth-Type Challenge (2) # Executing group from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/default (2) Challenge { ... } # empty sub-section is ignored (2) Sent Access-Challenge Id 2 from 127.0.0.1:1812 to 127.0.0.1:51415 length 0 (2) EAP-Message = 0x010303ec15c000000a76160303003e0200003a0303d4da874a2a27794f8e9df0aafa9fc02dfa49061bc5ccea84ecd10baa4dbecf3800c030000012ff01000100000b000403000102000f00010116030308d30b0008cf0008cc0003de308203da308202c2a003020102020101300d06092a864886f70d01 (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0x06d22ed904d13b54ff0aab134334b819 (2) Finished request Waking up in 4.9 seconds. (3) Received Access-Request Id 3 from 127.0.0.1:51415 to 127.0.0.1:1812 length 149 (3) User-Name = "passpoint/adrian" (3) NAS-IP-Address = 127.0.0.1 (3) Calling-Station-Id = "02-00-00-00-00-01" (3) Framed-MTU = 1400 (3) NAS-Port-Type = Wireless-802.11 (3) Service-Type = Framed-User (3) Connect-Info = "CONNECT 11Mbps 802.11b" (3) EAP-Message = 0x020300061500 (3) State = 0x06d22ed904d13b54ff0aab134334b819 (3) Message-Authenticator = 0x147418cdac487df268876f9a65432f33 (3) session-state: No cached attributes (3) # Executing section authorize from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/default (3) authorize { (3) policy filter_username { (3) if (&User-Name) { (3) if (&User-Name) -> TRUE (3) if (&User-Name) { (3) if (&User-Name =~ / /) { (3) if (&User-Name =~ / /) -> FALSE (3) if (&User-Name =~ /@[^@]*@/ ) { (3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (3) if (&User-Name =~ /\.\./ ) { (3) if (&User-Name =~ /\.\./ ) -> FALSE (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (3) if (&User-Name =~ /\.$/) { (3) if (&User-Name =~ /\.$/) -> FALSE (3) if (&User-Name =~ /@\./) { (3) if (&User-Name =~ /@\./) -> FALSE (3) } # if (&User-Name) = notfound (3) } # policy filter_username = notfound (3) [preprocess] = ok (3) [chap] = noop (3) [mschap] = noop (3) [digest] = noop (3) IPASS: Checking for prefix before "/" (3) IPASS: Looking up realm "passpoint" for User-Name = "passpoint/adrian" (3) IPASS: Found realm "passpoint" (3) IPASS: Adding Realm = "passpoint" (3) IPASS: Proxying request from user passpoint/adrian to realm passpoint (3) IPASS: Preparing to proxy authentication request to realm "passpoint" (3) [IPASS] = updated (3) if (Realm == 'passpoint' && &EAP-Message ) { (3) if (Realm == 'passpoint' && &EAP-Message ) -> TRUE (3) if (Realm == 'passpoint' && &EAP-Message ) { (3) update control { (3) Proxy-To-Realm := LOCAL (3) } # update control = noop (3) } # if (Realm == 'passpoint' && &EAP-Message ) = noop (3) ... skipping else: Preceding "if" was taken (3) eap: Peer sent EAP Response (code 2) ID 3 length 6 (3) eap: Continuing tunnel setup (3) [eap] = ok (3) } # authorize = ok (3) Found Auth-Type = eap (3) # Executing group from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/default (3) authenticate { (3) eap: Expiring EAP session with state 0x06d22ed904d13b54 (3) eap: Finished EAP session with state 0x06d22ed904d13b54 (3) eap: Previous EAP request found for state 0x06d22ed904d13b54, released from the list (3) eap: Peer sent packet with method EAP TTLS (21) (3) eap: Calling submodule eap_ttls to process data (3) eap_ttls: Authenticate (3) eap_ttls: Continuing EAP-TLS (3) eap_ttls: Peer ACKed our handshake fragment (3) eap_ttls: [eaptls verify] = request (3) eap_ttls: [eaptls process] = handled (3) eap: Sending EAP Request (code 1) ID 4 length 1004 (3) eap: EAP session adding &reply:State = 0x06d22ed905d63b54 (3) [eap] = handled (3) } # authenticate = handled (3) Using Post-Auth-Type Challenge (3) # Executing group from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/default (3) Challenge { ... } # empty sub-section is ignored (3) Sent Access-Challenge Id 3 from 127.0.0.1:1812 to 127.0.0.1:51415 length 0 (3) EAP-Message = 0x010403ec15c000000a76c8e930faf3e1dc42289e8f165ba377ab72d3d26e6e1175a70a390c1f38b6a24aafbf547fdcba59bddf242d441fa3be6c75c0658ec78ad5f79e1e69895a4f3c0ca41dc3ea61b6b4e486420cf88d070004e8308204e4308203cca003020102020900bcf05fa41e8faac5300d0609 (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) State = 0x06d22ed905d63b54ff0aab134334b819 (3) Finished request Waking up in 4.9 seconds. (4) Received Access-Request Id 4 from 127.0.0.1:51415 to 127.0.0.1:1812 length 149 (4) User-Name = "passpoint/adrian" (4) NAS-IP-Address = 127.0.0.1 (4) Calling-Station-Id = "02-00-00-00-00-01" (4) Framed-MTU = 1400 (4) NAS-Port-Type = Wireless-802.11 (4) Service-Type = Framed-User (4) Connect-Info = "CONNECT 11Mbps 802.11b" (4) EAP-Message = 0x020400061500 (4) State = 0x06d22ed905d63b54ff0aab134334b819 (4) Message-Authenticator = 0x241d922d6706f95b2d5fbefaf5b04601 (4) session-state: No cached attributes (4) # Executing section authorize from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/default (4) authorize { (4) policy filter_username { (4) if (&User-Name) { (4) if (&User-Name) -> TRUE (4) if (&User-Name) { (4) if (&User-Name =~ / /) { (4) if (&User-Name =~ / /) -> FALSE (4) if (&User-Name =~ /@[^@]*@/ ) { (4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (4) if (&User-Name =~ /\.\./ ) { (4) if (&User-Name =~ /\.\./ ) -> FALSE (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (4) if (&User-Name =~ /\.$/) { (4) if (&User-Name =~ /\.$/) -> FALSE (4) if (&User-Name =~ /@\./) { (4) if (&User-Name =~ /@\./) -> FALSE (4) } # if (&User-Name) = notfound (4) } # policy filter_username = notfound (4) [preprocess] = ok (4) [chap] = noop (4) [mschap] = noop (4) [digest] = noop (4) IPASS: Checking for prefix before "/" (4) IPASS: Looking up realm "passpoint" for User-Name = "passpoint/adrian" (4) IPASS: Found realm "passpoint" (4) IPASS: Adding Realm = "passpoint" (4) IPASS: Proxying request from user passpoint/adrian to realm passpoint (4) IPASS: Preparing to proxy authentication request to realm "passpoint" (4) [IPASS] = updated (4) if (Realm == 'passpoint' && &EAP-Message ) { (4) if (Realm == 'passpoint' && &EAP-Message ) -> TRUE (4) if (Realm == 'passpoint' && &EAP-Message ) { (4) update control { (4) Proxy-To-Realm := LOCAL (4) } # update control = noop (4) } # if (Realm == 'passpoint' && &EAP-Message ) = noop (4) ... skipping else: Preceding "if" was taken (4) eap: Peer sent EAP Response (code 2) ID 4 length 6 (4) eap: Continuing tunnel setup (4) [eap] = ok (4) } # authorize = ok (4) Found Auth-Type = eap (4) # Executing group from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/default (4) authenticate { (4) eap: Expiring EAP session with state 0x06d22ed905d63b54 (4) eap: Finished EAP session with state 0x06d22ed905d63b54 (4) eap: Previous EAP request found for state 0x06d22ed905d63b54, released from the list (4) eap: Peer sent packet with method EAP TTLS (21) (4) eap: Calling submodule eap_ttls to process data (4) eap_ttls: Authenticate (4) eap_ttls: Continuing EAP-TLS (4) eap_ttls: Peer ACKed our handshake fragment (4) eap_ttls: [eaptls verify] = request (4) eap_ttls: [eaptls process] = handled (4) eap: Sending EAP Request (code 1) ID 5 length 700 (4) eap: EAP session adding &reply:State = 0x06d22ed902d73b54 (4) [eap] = handled (4) } # authenticate = handled (4) Using Post-Auth-Type Challenge (4) # Executing group from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/default (4) Challenge { ... } # empty sub-section is ignored (4) Sent Access-Challenge Id 4 from 127.0.0.1:1812 to 127.0.0.1:51415 length 0 (4) EAP-Message = 0x010502bc158000000a76130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101007e12cc5d0852785138e87ccd70551d030a1654aa0dba (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0x06d22ed902d73b54ff0aab134334b819 (4) Finished request Waking up in 4.9 seconds. (5) Received Access-Request Id 5 from 127.0.0.1:51415 to 127.0.0.1:1812 length 275 (5) User-Name = "passpoint/adrian" (5) NAS-IP-Address = 127.0.0.1 (5) Calling-Station-Id = "02-00-00-00-00-01" (5) Framed-MTU = 1400 (5) NAS-Port-Type = Wireless-802.11 (5) Service-Type = Framed-User (5) Connect-Info = "CONNECT 11Mbps 802.11b" (5) EAP-Message = 0x02050084150016030300461000004241047eda1008fb6d36249fe3ab815533a8bcf84fcf7d470ab3e05628e06b259837b7478acd5dbdea89f8f2510797e193f20e467b8e2b0fa909cbfabc12ac3aff9de314030300010116030300285022e6beb62ea416ebf7bc1068b35c10c5d240c3e4670c101ea121 (5) State = 0x06d22ed902d73b54ff0aab134334b819 (5) Message-Authenticator = 0x556ca6655672dfc0a4f5527ddbb271be (5) session-state: No cached attributes (5) # Executing section authorize from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/default (5) authorize { (5) policy filter_username { (5) if (&User-Name) { (5) if (&User-Name) -> TRUE (5) if (&User-Name) { (5) if (&User-Name =~ / /) { (5) if (&User-Name =~ / /) -> FALSE (5) if (&User-Name =~ /@[^@]*@/ ) { (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (5) if (&User-Name =~ /\.\./ ) { (5) if (&User-Name =~ /\.\./ ) -> FALSE (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (5) if (&User-Name =~ /\.$/) { (5) if (&User-Name =~ /\.$/) -> FALSE (5) if (&User-Name =~ /@\./) { (5) if (&User-Name =~ /@\./) -> FALSE (5) } # if (&User-Name) = notfound (5) } # policy filter_username = notfound (5) [preprocess] = ok (5) [chap] = noop (5) [mschap] = noop (5) [digest] = noop (5) IPASS: Checking for prefix before "/" (5) IPASS: Looking up realm "passpoint" for User-Name = "passpoint/adrian" (5) IPASS: Found realm "passpoint" (5) IPASS: Adding Realm = "passpoint" (5) IPASS: Proxying request from user passpoint/adrian to realm passpoint (5) IPASS: Preparing to proxy authentication request to realm "passpoint" (5) [IPASS] = updated (5) if (Realm == 'passpoint' && &EAP-Message ) { (5) if (Realm == 'passpoint' && &EAP-Message ) -> TRUE (5) if (Realm == 'passpoint' && &EAP-Message ) { (5) update control { (5) Proxy-To-Realm := LOCAL (5) } # update control = noop (5) } # if (Realm == 'passpoint' && &EAP-Message ) = noop (5) ... skipping else: Preceding "if" was taken (5) eap: Peer sent EAP Response (code 2) ID 5 length 132 (5) eap: Continuing tunnel setup (5) [eap] = ok (5) } # authorize = ok (5) Found Auth-Type = eap (5) # Executing group from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/default (5) authenticate { (5) eap: Expiring EAP session with state 0x06d22ed902d73b54 (5) eap: Finished EAP session with state 0x06d22ed902d73b54 (5) eap: Previous EAP request found for state 0x06d22ed902d73b54, released from the list (5) eap: Peer sent packet with method EAP TTLS (21) (5) eap: Calling submodule eap_ttls to process data (5) eap_ttls: Authenticate (5) eap_ttls: Continuing EAP-TLS (5) eap_ttls: [eaptls verify] = ok (5) eap_ttls: Done initial handshake (5) eap_ttls: <<< recv TLS 1.2 [length 0046] (5) eap_ttls: TLS_accept: SSLv3 read client key exchange A (5) eap_ttls: <<< recv TLS 1.2 [length 0001] (5) eap_ttls: <<< recv TLS 1.2 [length 0010] (5) eap_ttls: TLS_accept: SSLv3 read finished A (5) eap_ttls: >>> send TLS 1.2 [length 0001] (5) eap_ttls: TLS_accept: SSLv3 write change cipher spec A (5) eap_ttls: >>> send TLS 1.2 [length 0010] (5) eap_ttls: TLS_accept: SSLv3 write finished A (5) eap_ttls: TLS_accept: SSLv3 flush data (5) eap_ttls: (other): SSL negotiation finished successfully (5) eap_ttls: SSL Connection Established (5) eap_ttls: [eaptls process] = handled (5) eap: Sending EAP Request (code 1) ID 6 length 61 (5) eap: EAP session adding &reply:State = 0x06d22ed903d43b54 (5) [eap] = handled (5) } # authenticate = handled (5) Using Post-Auth-Type Challenge (5) # Executing group from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/default (5) Challenge { ... } # empty sub-section is ignored (5) Sent Access-Challenge Id 5 from 127.0.0.1:1812 to 127.0.0.1:51415 length 0 (5) EAP-Message = 0x0106003d15800000003314030300010116030300289fdcadc3caad3c2be5b7b685f625c28c043c8c72a568e5f589f770482f4f492a13b05a2e1b40ae8c (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) State = 0x06d22ed903d43b54ff0aab134334b819 (5) Finished request Waking up in 4.9 seconds. (6) Received Access-Request Id 6 from 127.0.0.1:51415 to 127.0.0.1:1812 length 226 (6) User-Name = "passpoint/adrian" (6) NAS-IP-Address = 127.0.0.1 (6) Calling-Station-Id = "02-00-00-00-00-01" (6) Framed-MTU = 1400 (6) NAS-Port-Type = Wireless-802.11 (6) Service-Type = Framed-User (6) Connect-Info = "CONNECT 11Mbps 802.11b" (6) EAP-Message = 0x02060053150017030300485022e6beb62ea417c4436e868dbbd34749581c8f2cb3dd849b1ceb96899c051a9dbcc22798964a9f4b410e5dfaf5faf4a4190a411d82df27af5aa6d89d670d7c31cc4a1d34fd5a7b (6) State = 0x06d22ed903d43b54ff0aab134334b819 (6) Message-Authenticator = 0x1d01454f6cc5f4e010ae1f40fb59d3df (6) session-state: No cached attributes (6) # Executing section authorize from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/default (6) authorize { (6) policy filter_username { (6) if (&User-Name) { (6) if (&User-Name) -> TRUE (6) if (&User-Name) { (6) if (&User-Name =~ / /) { (6) if (&User-Name =~ / /) -> FALSE (6) if (&User-Name =~ /@[^@]*@/ ) { (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (6) if (&User-Name =~ /\.\./ ) { (6) if (&User-Name =~ /\.\./ ) -> FALSE (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (6) if (&User-Name =~ /\.$/) { (6) if (&User-Name =~ /\.$/) -> FALSE (6) if (&User-Name =~ /@\./) { (6) if (&User-Name =~ /@\./) -> FALSE (6) } # if (&User-Name) = notfound (6) } # policy filter_username = notfound (6) [preprocess] = ok (6) [chap] = noop (6) [mschap] = noop (6) [digest] = noop (6) IPASS: Checking for prefix before "/" (6) IPASS: Looking up realm "passpoint" for User-Name = "passpoint/adrian" (6) IPASS: Found realm "passpoint" (6) IPASS: Adding Realm = "passpoint" (6) IPASS: Proxying request from user passpoint/adrian to realm passpoint (6) IPASS: Preparing to proxy authentication request to realm "passpoint" (6) [IPASS] = updated (6) if (Realm == 'passpoint' && &EAP-Message ) { (6) if (Realm == 'passpoint' && &EAP-Message ) -> TRUE (6) if (Realm == 'passpoint' && &EAP-Message ) { (6) update control { (6) Proxy-To-Realm := LOCAL (6) } # update control = noop (6) } # if (Realm == 'passpoint' && &EAP-Message ) = noop (6) ... skipping else: Preceding "if" was taken (6) eap: Peer sent EAP Response (code 2) ID 6 length 83 (6) eap: Continuing tunnel setup (6) [eap] = ok (6) } # authorize = ok (6) Found Auth-Type = eap (6) # Executing group from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/default (6) authenticate { (6) eap: Expiring EAP session with state 0x06d22ed903d43b54 (6) eap: Finished EAP session with state 0x06d22ed903d43b54 (6) eap: Previous EAP request found for state 0x06d22ed903d43b54, released from the list (6) eap: Peer sent packet with method EAP TTLS (21) (6) eap: Calling submodule eap_ttls to process data (6) eap_ttls: Authenticate (6) eap_ttls: Continuing EAP-TLS (6) eap_ttls: [eaptls verify] = ok (6) eap_ttls: Done initial handshake (6) eap_ttls: [eaptls process] = ok (6) eap_ttls: Session established. Proceeding to decode tunneled attributes (6) eap_ttls: Got tunneled request (6) eap_ttls: User-Name = "passpoint/adrian" (6) eap_ttls: User-Password = "hello" (6) eap_ttls: FreeRADIUS-Proxied-To = 127.0.0.1 (6) eap_ttls: Sending tunneled request (6) Virtual server inner-tunnel received request (6) User-Name = "passpoint/adrian" (6) User-Password = "hello" (6) FreeRADIUS-Proxied-To = 127.0.0.1 (6) WARNING: Outer and inner identities are the same. User privacy is compromised. (6) server inner-tunnel { (6) # Executing section authorize from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/inner-tunnel (6) authorize { (6) policy filter_username { (6) if (&User-Name) { (6) if (&User-Name) -> TRUE (6) if (&User-Name) { (6) if (&User-Name =~ / /) { (6) if (&User-Name =~ / /) -> FALSE (6) if (&User-Name =~ /@[^@]*@/ ) { (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (6) if (&User-Name =~ /\.\./ ) { (6) if (&User-Name =~ /\.\./ ) -> FALSE (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (6) if (&User-Name =~ /\.$/) { (6) if (&User-Name =~ /\.$/) -> FALSE (6) if (&User-Name =~ /@\./) { (6) if (&User-Name =~ /@\./) -> FALSE (6) } # if (&User-Name) = notfound (6) } # policy filter_username = notfound (6) [chap] = noop (6) [mschap] = noop (6) IPASS: Checking for prefix before "/" (6) IPASS: Looking up realm "passpoint" for User-Name = "passpoint/adrian" (6) IPASS: Found realm "passpoint" (6) IPASS: Adding Realm = "passpoint" (6) IPASS: Proxying request from user passpoint/adrian to realm passpoint (6) IPASS: Preparing to proxy authentication request to realm "passpoint" (6) [IPASS] = updated (6) suffix: Request already has destination realm set. Ignoring (6) [suffix] = noop (6) eap: No EAP-Message, not doing EAP (6) [eap] = noop (6) [files] = noop (6) [expiration] = noop (6) [logintime] = noop (6) [pap] = noop (6) } # authorize = updated (6) } # server inner-tunnel (6) Virtual server sending reply (6) eap_ttls: Tunneled authentication will be proxied to passpoint (6) eap: WARNING: Tunneled session will be proxied. Not doing EAP (6) [eap] = handled (6) } # authenticate = handled (6) WARNING: Cancelling proxy as no home pool exists (6) There was no response configured: rejecting request (6) Using Post-Auth-Type Reject (6) # Executing group from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/default (6) Post-Auth-Type REJECT { (6) attr_filter.access_reject: EXPAND %{User-Name} (6) attr_filter.access_reject: --> passpoint/adrian (6) attr_filter.access_reject: Matched entry DEFAULT at line 11 (6) [attr_filter.access_reject] = updated (6) eap: ERROR: rlm_eap (EAP): No EAP session matching state 0x06d22ed903d43b54 (6) eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request (6) eap: Failed to get handler, probably already removed, not inserting EAP-Failure (6) [eap] = noop (6) policy remove_reply_message_if_eap { (6) if (&reply:EAP-Message && &reply:Reply-Message) { (6) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (6) else { (6) [noop] = noop (6) } # else = noop (6) } # policy remove_reply_message_if_eap = noop (6) } # Post-Auth-Type REJECT = updated (6) Sent Access-Reject Id 6 from 127.0.0.1:1812 to 127.0.0.1:51415 length 0 (6) Finished request Waking up in 4.9 seconds. The offending line appears to be: (6) WARNING: Cancelling proxy as no home pool exists Any ideas appreciated. Regards, Adrian Smith BT Group -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+adrian.p.smith=bt.com@lists.freeradius.org] On Behalf Of Matthew Newton Sent: 13 June 2017 14:04 To: FreeRadius users mailing list Subject: Re: Terminate EAP-TTLS then proxy On Tue, Jun 13, 2017 at 12:57:25PM +0000, adrian.p.smith@bt.com wrote:
Was kind of expecting that (and at the same time hoping not to hear it!).
I have tried 2.2.9 and I get the same.
Probably time to upgrade - been resisting as we have a lot of baggage and an old OS.
I'd start with 3.0.14 and just a minimal config to replicate the bit that's broken. Then you can at least prove that part works before doing anything else. -- Matthew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Sep 21, 2017, at 3:31 PM, adrian.p.smith@bt.com wrote:
I have returned to this problem and am using a fresh copy of 3.0.15 and the eapol_test client.
I'd suggest just using radtest on the inner-tunnel virtual server. If that can proxy, *then* test EAP-TTLS. Otherwise, the debug output will be huge and hard to read.
(6) IPASS: Checking for prefix before "/" (6) IPASS: Looking up realm "passpoint" for User-Name = "passpoint/adrian" (6) IPASS: Found realm "passpoint" (6) IPASS: Adding Realm = "passpoint" (6) IPASS: Proxying request from user passpoint/adrian to realm passport
So... what's the configuration for that realm?
(6) IPASS: Preparing to proxy authentication request to realm "passpoint" (6) [IPASS] = updated (6) suffix: Request already has destination realm set. Ignoring (6) [suffix] = noop (6) eap: No EAP-Message, not doing EAP (6) [eap] = noop (6) [files] = noop (6) [expiration] = noop (6) [logintime] = noop (6) [pap] = noop (6) } # authorize = updated (6) } # server inner-tunnel (6) Virtual server sending reply (6) eap_ttls: Tunneled authentication will be proxied to passpoint (6) eap: WARNING: Tunneled session will be proxied. Not doing EAP (6) [eap] = handled (6) } # authenticate = handled (6) WARNING: Cancelling proxy as no home pool exists
Probably because you defined the realm, but didn't define a home_pool for it. See raddb/proxy.conf for docs and examples/
The offending line appears to be:
(6) WARNING: Cancelling proxy as no home pool exists
It's often useful to read earlier messages to see what happened *before* that error occurred. In this case, it tried to proxy to realm "passpoint". But it can't. So... what's wrong with that realm? Alan DeKok.
OK, so I send a request to the inner-tunnel: Ready to process requests (0) Received Access-Request Id 68 from 127.0.0.1:31482 to 127.0.0.1:18120 length 86 (0) User-Name = "passpoint/adrian" (0) User-Password = "xxx" (0) NAS-IP-Address = 127.0.1.1 (0) NAS-Port = 0 (0) Message-Authenticator = 0xdb9b44df28c428b47f82ed0ad6065ea4 (0) # Executing section authorize from file /home/adrian/freeradius-server-3.0.15/etc/raddb/sites-enabled/inner-tunnel (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [chap] = noop (0) [mschap] = noop (0) IPASS: Checking for prefix before "/" (0) IPASS: Looking up realm "passpoint" for User-Name = "passpoint/adrian" (0) IPASS: Found realm "passpoint" (0) IPASS: Adding Realm = "passpoint" (0) IPASS: Proxying request from user passpoint/adrian to realm passpoint (0) IPASS: Preparing to proxy authentication request to realm "passpoint" (0) suffix: Request already has destination realm set. Ignoring (0) [suffix] = noop (0) eap: No EAP-Message, not doing EAP (0) [eap] = noop (0) [files] = noop (0) [expiration] = noop (0) [logintime] = noop (0) [pap] = noop (0) } # authorize = updated (0) Starting proxy to home server 192.168.19.20 port 1812 (0) Proxying request to home server 192.168.19.20 port 1812 timeout 20.000000 (0) Sent Access-Request Id 162 from 0.0.0.0:50236 to 192.168.19.20:1812 length 90 (0) User-Name = "passpoint/adrian" (0) User-Password = "xxx" (0) NAS-IP-Address = 127.0.1.1 (0) NAS-Port = 0 (0) Message-Authenticator = 0xdb9b44df28c428b47f82ed0ad6065ea4 (0) Proxy-State = 0x3638 All looks good, same config. TIA. -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+adrian.p.smith=bt.com@lists.freeradius.org] On Behalf Of Alan DeKok Sent: 21 September 2017 21:13 To: FreeRadius users mailing list Subject: Re: Terminate EAP-TTLS then proxy On Sep 21, 2017, at 3:31 PM, adrian.p.smith@bt.com wrote:
I have returned to this problem and am using a fresh copy of 3.0.15 and the eapol_test client.
I'd suggest just using radtest on the inner-tunnel virtual server. If that can proxy, *then* test EAP-TTLS. Otherwise, the debug output will be huge and hard to read.
(6) IPASS: Checking for prefix before "/" (6) IPASS: Looking up realm "passpoint" for User-Name = "passpoint/adrian" (6) IPASS: Found realm "passpoint" (6) IPASS: Adding Realm = "passpoint" (6) IPASS: Proxying request from user passpoint/adrian to realm passport
So... what's the configuration for that realm?
(6) IPASS: Preparing to proxy authentication request to realm "passpoint" (6) [IPASS] = updated (6) suffix: Request already has destination realm set. Ignoring (6) [suffix] = noop (6) eap: No EAP-Message, not doing EAP (6) [eap] = noop (6) [files] = noop (6) [expiration] = noop (6) [logintime] = noop (6) [pap] = noop (6) } # authorize = updated (6) } # server inner-tunnel (6) Virtual server sending reply (6) eap_ttls: Tunneled authentication will be proxied to passpoint (6) eap: WARNING: Tunneled session will be proxied. Not doing EAP (6) [eap] = handled (6) } # authenticate = handled (6) WARNING: Cancelling proxy as no home pool exists
Probably because you defined the realm, but didn't define a home_pool for it. See raddb/proxy.conf for docs and examples/
The offending line appears to be:
(6) WARNING: Cancelling proxy as no home pool exists
It's often useful to read earlier messages to see what happened *before* that error occurred. In this case, it tried to proxy to realm "passpoint". But it can't. So... what's wrong with that realm? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Sep 21, 2017, at 4:27 PM, <adrian.p.smith@bt.com> <adrian.p.smith@bt.com> wrote:
OK, so I send a request to the inner-tunnel: ... All looks good, same config.
Hmm... that's odd. My guess is that there's some other configuration which requests a home server pool that's *not* the passpoint one. Perhaps you set the Realm attribute twice? I've pushed some more debug output to the v3.0.x branch on github, If you could try that with "-Xx", you'll see more information before the "Cancelling proxy" message. It should print out which realm it's looking up, and what type of packet it's trying to proxy. Alan DeKok.
Many thanks. Here is the output: Thu Sep 21 21:52:52 2017 : Debug: Server was built with: Thu Sep 21 21:52:52 2017 : Debug: accounting : yes Thu Sep 21 21:52:52 2017 : Debug: authentication : yes Thu Sep 21 21:52:52 2017 : Debug: ascend-binary-attributes : yes Thu Sep 21 21:52:52 2017 : Debug: coa : yes Thu Sep 21 21:52:52 2017 : Debug: control-socket : yes Thu Sep 21 21:52:52 2017 : Debug: detail : yes Thu Sep 21 21:52:52 2017 : Debug: dhcp : yes Thu Sep 21 21:52:52 2017 : Debug: dynamic-clients : yes Thu Sep 21 21:52:52 2017 : Debug: osfc2 : no Thu Sep 21 21:52:52 2017 : Debug: proxy : yes Thu Sep 21 21:52:52 2017 : Debug: regex-pcre : no Thu Sep 21 21:52:52 2017 : Debug: regex-posix : yes Thu Sep 21 21:52:52 2017 : Debug: regex-posix-extended : yes Thu Sep 21 21:52:52 2017 : Debug: session-management : yes Thu Sep 21 21:52:52 2017 : Debug: stats : yes Thu Sep 21 21:52:52 2017 : Debug: tcp : yes Thu Sep 21 21:52:52 2017 : Debug: threads : yes Thu Sep 21 21:52:52 2017 : Debug: tls : yes Thu Sep 21 21:52:52 2017 : Debug: unlang : yes Thu Sep 21 21:52:52 2017 : Debug: vmps : yes Thu Sep 21 21:52:52 2017 : Debug: developer : yes Thu Sep 21 21:52:52 2017 : Debug: Server core libs: Thu Sep 21 21:52:52 2017 : Debug: freeradius-server : 3.0.16 Thu Sep 21 21:52:52 2017 : Debug: talloc : 2.0.* Thu Sep 21 21:52:52 2017 : Debug: ssl : 1.0.1f release Thu Sep 21 21:52:52 2017 : Debug: Endianness: Thu Sep 21 21:52:52 2017 : Debug: little Thu Sep 21 21:52:52 2017 : Debug: Compilation flags: Thu Sep 21 21:52:52 2017 : Debug: cppflags : Thu Sep 21 21:52:52 2017 : Debug: cflags : -I. -Isrc -include src/freeradius-devel/autoconf.h -include src/freeradius-devel/build.h -include src/freeradius-devel/features.h -include src/freeradius-devel/radpaths.h -fno-strict-aliasing -g3 -Wall -std=c99 -D_GNU_SOURCE -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef -Wformat-y2k -Wno-format-extra-args -Wno-format-zero-length -Wno-cast-align -Wformat-nonliteral -Wformat-security -Wformat=2 -DWITH_VERIFY_PTR=1 -DIS_MODULE=1 Thu Sep 21 21:52:52 2017 : Debug: ldflags : Thu Sep 21 21:52:52 2017 : Debug: libs : -lcrypto -lssl -ltalloc -lnsl -lresolv -ldl -lpthread -lreadline Thu Sep 21 21:52:52 2017 : Debug: Thu Sep 21 21:52:52 2017 : Info: FreeRADIUS Version 3.0.16 Thu Sep 21 21:52:52 2017 : Info: Copyright (C) 1999-2017 The FreeRADIUS server project and contributors Thu Sep 21 21:52:52 2017 : Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A Thu Sep 21 21:52:52 2017 : Info: PARTICULAR PURPOSE Thu Sep 21 21:52:52 2017 : Info: You may redistribute copies of FreeRADIUS under the terms of the Thu Sep 21 21:52:52 2017 : Info: GNU General Public License Thu Sep 21 21:52:52 2017 : Info: For more information about these matters, see the file named COPYRIGHT Thu Sep 21 21:52:52 2017 : Info: Starting - reading configuration files ... Thu Sep 21 21:52:52 2017 : Debug: including dictionary file /home/adrian/freeradius-server-3.0.x/share/freeradius/dictionary Thu Sep 21 21:52:52 2017 : Debug: including dictionary file /home/adrian/freeradius-server-3.0.x/share/freeradius/dictionary.dhcp Thu Sep 21 21:52:52 2017 : Debug: including dictionary file /home/adrian/freeradius-server-3.0.x/share/freeradius/dictionary.vqp Thu Sep 21 21:52:52 2017 : Debug: including dictionary file /home/adrian/freeradius-server-3.0.x/etc/raddb/dictionary Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/radiusd.conf Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/proxy.conf Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/clients.conf Thu Sep 21 21:52:52 2017 : Debug: including files in directory /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/ Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/chap Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/dynamic_clients Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/files Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/sradutmp Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/mschap Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/soh Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/ntlm_auth Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/realm Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/always Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/utf8 Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/attr_filter Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/passwd Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/echo Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/unpack Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/date Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/linelog Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/preprocess Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/detail Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/exec Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/eap Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/unix Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/digest Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/detail.log Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/pap Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/cache_eap Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/dhcp Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/expiration Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/radutmp Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/replicate Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/expr Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/logintime Thu Sep 21 21:52:52 2017 : Debug: including files in directory /home/adrian/freeradius-server-3.0.x/etc/raddb/policy.d/ Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/policy.d/moonshot-targeted-ids Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/policy.d/canonicalization Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/policy.d/debug Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/policy.d/eap Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/policy.d/operator-name Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/policy.d/dhcp Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/policy.d/cui Thu Sep 21 21:52:52 2017 : Debug: OPTIMIZING (${policy.cui_require_operator_name} == yes) --> FALSE Thu Sep 21 21:52:52 2017 : Debug: OPTIMIZING (no == yes) --> FALSE Thu Sep 21 21:52:52 2017 : Debug: OPTIMIZING (${policy.cui_require_operator_name} == yes) --> FALSE Thu Sep 21 21:52:52 2017 : Debug: OPTIMIZING (no == yes) --> FALSE Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/policy.d/control Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/policy.d/filter Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/policy.d/accounting Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/policy.d/abfab-tr Thu Sep 21 21:52:52 2017 : Debug: including files in directory /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/ Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default Thu Sep 21 21:52:52 2017 : Debug: including configuration file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/inner-tunnel Thu Sep 21 21:52:52 2017 : Debug: main { Thu Sep 21 21:52:52 2017 : Debug: name = "radiusd" Thu Sep 21 21:52:52 2017 : Debug: prefix = "/home/adrian/freeradius-server-3.0.x" Thu Sep 21 21:52:52 2017 : Debug: localstatedir = "/home/adrian/freeradius-server-3.0.x/var" Thu Sep 21 21:52:52 2017 : Debug: sbindir = "/home/adrian/freeradius-server-3.0.x/sbin" Thu Sep 21 21:52:52 2017 : Debug: logdir = "/home/adrian/freeradius-server-3.0.x/var/log/radius" Thu Sep 21 21:52:52 2017 : Debug: run_dir = "/home/adrian/freeradius-server-3.0.x/var/run/radiusd" Thu Sep 21 21:52:52 2017 : Debug: libdir = "/home/adrian/freeradius-server-3.0.x/lib" Thu Sep 21 21:52:52 2017 : Debug: radacctdir = "/home/adrian/freeradius-server-3.0.x/var/log/radius/radacct" Thu Sep 21 21:52:52 2017 : Debug: hostname_lookups = no Thu Sep 21 21:52:52 2017 : Debug: max_request_time = 30 Thu Sep 21 21:52:52 2017 : Debug: cleanup_delay = 5 Thu Sep 21 21:52:52 2017 : Debug: max_requests = 16384 Thu Sep 21 21:52:52 2017 : Debug: pidfile = "/home/adrian/freeradius-server-3.0.x/var/run/radiusd/radiusd.pid" Thu Sep 21 21:52:52 2017 : Debug: checkrad = "/home/adrian/freeradius-server-3.0.x/sbin/checkrad" Thu Sep 21 21:52:52 2017 : Debug: debug_level = 0 Thu Sep 21 21:52:52 2017 : Debug: proxy_requests = yes Thu Sep 21 21:52:52 2017 : Debug: log { Thu Sep 21 21:52:52 2017 : Debug: stripped_names = no Thu Sep 21 21:52:52 2017 : Debug: auth = no Thu Sep 21 21:52:52 2017 : Debug: auth_badpass = no Thu Sep 21 21:52:52 2017 : Debug: auth_goodpass = no Thu Sep 21 21:52:52 2017 : Debug: colourise = yes Thu Sep 21 21:52:52 2017 : Debug: msg_denied = "You are already logged in - access denied" Thu Sep 21 21:52:52 2017 : Warning: /home/adrian/freeradius-server-3.0.x/etc/raddb/radiusd.conf[268]: The item 'destination' is defined, but is unused by the configuration Thu Sep 21 21:52:52 2017 : Warning: /home/adrian/freeradius-server-3.0.x/etc/raddb/radiusd.conf[285]: The item 'file' is defined, but is unused by the configuration Thu Sep 21 21:52:52 2017 : Warning: /home/adrian/freeradius-server-3.0.x/etc/raddb/radiusd.conf[293]: The item 'syslog_facility' is defined, but is unused by the configuration Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: resources { Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: security { Thu Sep 21 21:52:52 2017 : Debug: max_attributes = 200 Thu Sep 21 21:52:52 2017 : Debug: reject_delay = 1.000000 Thu Sep 21 21:52:52 2017 : Debug: status_server = yes Thu Sep 21 21:52:52 2017 : Debug: allow_vulnerable_openssl = "CVE-2016-6304" Thu Sep 21 21:52:52 2017 : Warning: /home/adrian/freeradius-server-3.0.x/etc/raddb/radiusd.conf[409]: The item 'allow_core_dumps' is defined, but is unused by the configuration Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Warning: /home/adrian/freeradius-server-3.0.x/etc/raddb/radiusd.conf[67]: The item 'confdir' is defined, but is unused by the configuration Thu Sep 21 21:52:52 2017 : Warning: /home/adrian/freeradius-server-3.0.x/etc/raddb/radiusd.conf[74]: The item 'db_dir' is defined, but is unused by the configuration Thu Sep 21 21:52:52 2017 : Warning: /home/adrian/freeradius-server-3.0.x/etc/raddb/radiusd.conf[140]: The item 'correct_escapes' is defined, but is unused by the configuration Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: radiusd: #### Loading Realms and Home Servers #### Thu Sep 21 21:52:52 2017 : Debug: proxy server { Thu Sep 21 21:52:52 2017 : Debug: retry_delay = 5 Thu Sep 21 21:52:52 2017 : Debug: retry_count = 3 Thu Sep 21 21:52:52 2017 : Debug: default_fallback = no Thu Sep 21 21:52:52 2017 : Debug: dead_time = 120 Thu Sep 21 21:52:52 2017 : Debug: wake_all_if_all_dead = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: home_server localhost { Thu Sep 21 21:52:52 2017 : Debug: ipaddr = 127.0.0.1 Thu Sep 21 21:52:52 2017 : Debug: port = 1812 Thu Sep 21 21:52:52 2017 : Debug: type = "auth" Thu Sep 21 21:52:52 2017 : Debug: secret = "testing123" Thu Sep 21 21:52:52 2017 : Debug: response_window = 20.000000 Thu Sep 21 21:52:52 2017 : Debug: response_timeouts = 1 Thu Sep 21 21:52:52 2017 : Debug: max_outstanding = 65536 Thu Sep 21 21:52:52 2017 : Debug: zombie_period = 40 Thu Sep 21 21:52:52 2017 : Debug: status_check = "status-server" Thu Sep 21 21:52:52 2017 : Debug: ping_interval = 30 Thu Sep 21 21:52:52 2017 : Debug: check_interval = 30 Thu Sep 21 21:52:52 2017 : Debug: check_timeout = 4 Thu Sep 21 21:52:52 2017 : Debug: num_answers_to_alive = 3 Thu Sep 21 21:52:52 2017 : Debug: revive_interval = 120 Thu Sep 21 21:52:52 2017 : Debug: limit { Thu Sep 21 21:52:52 2017 : Debug: max_connections = 16 Thu Sep 21 21:52:52 2017 : Debug: max_requests = 0 Thu Sep 21 21:52:52 2017 : Debug: lifetime = 0 Thu Sep 21 21:52:52 2017 : Debug: idle_timeout = 0 Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: coa { Thu Sep 21 21:52:52 2017 : Debug: irt = 2 Thu Sep 21 21:52:52 2017 : Debug: mrt = 16 Thu Sep 21 21:52:52 2017 : Debug: mrc = 5 Thu Sep 21 21:52:52 2017 : Debug: mrd = 30 Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: home_server SPS_FR { Thu Sep 21 21:52:52 2017 : Debug: ipaddr = 192.168.19.20 Thu Sep 21 21:52:52 2017 : Debug: port = 1812 Thu Sep 21 21:52:52 2017 : Debug: type = "auth" Thu Sep 21 21:52:52 2017 : Debug: secret = "RVfbRy4T" Thu Sep 21 21:52:52 2017 : Debug: response_window = 20.000000 Thu Sep 21 21:52:52 2017 : Debug: response_timeouts = 1 Thu Sep 21 21:52:52 2017 : Debug: max_outstanding = 65536 Thu Sep 21 21:52:52 2017 : Debug: zombie_period = 40 Thu Sep 21 21:52:52 2017 : Debug: status_check = "none" Thu Sep 21 21:52:52 2017 : Debug: ping_interval = 30 Thu Sep 21 21:52:52 2017 : Debug: check_timeout = 4 Thu Sep 21 21:52:52 2017 : Debug: num_answers_to_alive = 3 Thu Sep 21 21:52:52 2017 : Debug: revive_interval = 120 Thu Sep 21 21:52:52 2017 : Debug: limit { Thu Sep 21 21:52:52 2017 : Debug: max_connections = 16 Thu Sep 21 21:52:52 2017 : Debug: max_requests = 0 Thu Sep 21 21:52:52 2017 : Debug: lifetime = 0 Thu Sep 21 21:52:52 2017 : Debug: idle_timeout = 0 Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: coa { Thu Sep 21 21:52:52 2017 : Debug: irt = 2 Thu Sep 21 21:52:52 2017 : Debug: mrt = 16 Thu Sep 21 21:52:52 2017 : Debug: mrc = 5 Thu Sep 21 21:52:52 2017 : Debug: mrd = 30 Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Warning: /home/adrian/freeradius-server-3.0.x/etc/raddb/proxy.conf[827]: The item 'require_message_authentication' is defined, but is unused by the configuration Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: home_server_pool my_auth_failover { Thu Sep 21 21:52:52 2017 : Debug: type = fail-over Thu Sep 21 21:52:52 2017 : Debug: home_server = localhost Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: realm example.com { Thu Sep 21 21:52:52 2017 : Debug: auth_pool = my_auth_failover Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: realm LOCAL { Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: home_server_pool SPS_FR_pool { Thu Sep 21 21:52:52 2017 : Debug: home_server = SPS_FR Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: realm passpoint { Thu Sep 21 21:52:52 2017 : Debug: auth_pool = SPS_FR_pool Thu Sep 21 21:52:52 2017 : Debug: nostrip Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: radiusd: #### Loading Clients #### Thu Sep 21 21:52:52 2017 : Debug: client localhost { Thu Sep 21 21:52:52 2017 : Debug: ipaddr = 127.0.0.1 Thu Sep 21 21:52:52 2017 : Debug: require_message_authenticator = no Thu Sep 21 21:52:52 2017 : Debug: secret = "testing123" Thu Sep 21 21:52:52 2017 : Debug: nas_type = "other" Thu Sep 21 21:52:52 2017 : Debug: proto = "*" Thu Sep 21 21:52:52 2017 : Debug: limit { Thu Sep 21 21:52:52 2017 : Debug: max_connections = 16 Thu Sep 21 21:52:52 2017 : Debug: lifetime = 0 Thu Sep 21 21:52:52 2017 : Debug: idle_timeout = 30 Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: Adding client 127.0.0.1/32 (127.0.0.1) to prefix tree 32 Thu Sep 21 21:52:52 2017 : Debug: client localhost_ipv6 { Thu Sep 21 21:52:52 2017 : Debug: ipv6addr = ::1 Thu Sep 21 21:52:52 2017 : Debug: require_message_authenticator = no Thu Sep 21 21:52:52 2017 : Debug: secret = "testing123" Thu Sep 21 21:52:52 2017 : Debug: limit { Thu Sep 21 21:52:52 2017 : Debug: max_connections = 16 Thu Sep 21 21:52:52 2017 : Debug: lifetime = 0 Thu Sep 21 21:52:52 2017 : Debug: idle_timeout = 30 Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: Adding client ::1/128 (::1) to prefix tree 128 Thu Sep 21 21:52:52 2017 : Info: Found debugger attached Thu Sep 21 21:52:52 2017 : Debug: # Creating Auth-Type = mschap Thu Sep 21 21:52:52 2017 : Debug: # Creating Auth-Type = digest Thu Sep 21 21:52:52 2017 : Debug: # Creating Auth-Type = eap Thu Sep 21 21:52:52 2017 : Debug: # Creating Auth-Type = PAP Thu Sep 21 21:52:52 2017 : Debug: # Creating Auth-Type = CHAP Thu Sep 21 21:52:52 2017 : Debug: # Creating Auth-Type = MS-CHAP Thu Sep 21 21:52:52 2017 : Debug: radiusd: #### Instantiating modules #### Thu Sep 21 21:52:52 2017 : Debug: modules { Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_chap, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_chap Thu Sep 21 21:52:52 2017 : Debug: # Loading module "chap" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/chap Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_dynamic_clients, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_dynamic_clients Thu Sep 21 21:52:52 2017 : Debug: # Loading module "dynamic_clients" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/dynamic_clients Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_files, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_files Thu Sep 21 21:52:52 2017 : Debug: # Loading module "files" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/files Thu Sep 21 21:52:52 2017 : Debug: files { Thu Sep 21 21:52:52 2017 : Debug: filename = "/home/adrian/freeradius-server-3.0.x/etc/raddb/mods-config/files/authorize" Thu Sep 21 21:52:52 2017 : Debug: acctusersfile = "/home/adrian/freeradius-server-3.0.x/etc/raddb/mods-config/files/accounting" Thu Sep 21 21:52:52 2017 : Debug: preproxy_usersfile = "/home/adrian/freeradius-server-3.0.x/etc/raddb/mods-config/files/pre-proxy" Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_radutmp, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_radutmp Thu Sep 21 21:52:52 2017 : Debug: # Loading module "sradutmp" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/sradutmp Thu Sep 21 21:52:52 2017 : Debug: radutmp sradutmp { Thu Sep 21 21:52:52 2017 : Debug: filename = "/home/adrian/freeradius-server-3.0.x/var/log/radius/sradutmp" Thu Sep 21 21:52:52 2017 : Debug: username = "%{User-Name}" Thu Sep 21 21:52:52 2017 : Debug: case_sensitive = yes Thu Sep 21 21:52:52 2017 : Debug: check_with_nas = yes Thu Sep 21 21:52:52 2017 : Debug: permissions = 420 Thu Sep 21 21:52:52 2017 : Debug: caller_id = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_mschap, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_mschap Thu Sep 21 21:52:52 2017 : Debug: # Loading module "mschap" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/mschap Thu Sep 21 21:52:52 2017 : Debug: mschap { Thu Sep 21 21:52:52 2017 : Debug: use_mppe = yes Thu Sep 21 21:52:52 2017 : Debug: require_encryption = no Thu Sep 21 21:52:52 2017 : Debug: require_strong = no Thu Sep 21 21:52:52 2017 : Debug: with_ntdomain_hack = yes Thu Sep 21 21:52:52 2017 : Debug: passchange { Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: allow_retry = yes Thu Sep 21 21:52:52 2017 : Debug: winbind_retry_with_normalised_username = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_soh, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_soh Thu Sep 21 21:52:52 2017 : Debug: # Loading module "soh" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/soh Thu Sep 21 21:52:52 2017 : Debug: soh { Thu Sep 21 21:52:52 2017 : Debug: dhcp = yes Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_exec, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_exec Thu Sep 21 21:52:52 2017 : Debug: # Loading module "ntlm_auth" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/ntlm_auth Thu Sep 21 21:52:52 2017 : Debug: exec ntlm_auth { Thu Sep 21 21:52:52 2017 : Debug: wait = yes Thu Sep 21 21:52:52 2017 : Debug: program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" Thu Sep 21 21:52:52 2017 : Debug: shell_escape = yes Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_realm, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_realm Thu Sep 21 21:52:52 2017 : Debug: # Loading module "IPASS" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/realm Thu Sep 21 21:52:52 2017 : Debug: realm IPASS { Thu Sep 21 21:52:52 2017 : Debug: format = "prefix" Thu Sep 21 21:52:52 2017 : Debug: delimiter = "/" Thu Sep 21 21:52:52 2017 : Debug: ignore_default = no Thu Sep 21 21:52:52 2017 : Debug: ignore_null = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Loading module "suffix" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/realm Thu Sep 21 21:52:52 2017 : Debug: realm suffix { Thu Sep 21 21:52:52 2017 : Debug: format = "suffix" Thu Sep 21 21:52:52 2017 : Debug: delimiter = "@" Thu Sep 21 21:52:52 2017 : Debug: ignore_default = no Thu Sep 21 21:52:52 2017 : Debug: ignore_null = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Loading module "realmpercent" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/realm Thu Sep 21 21:52:52 2017 : Debug: realm realmpercent { Thu Sep 21 21:52:52 2017 : Debug: format = "suffix" Thu Sep 21 21:52:52 2017 : Debug: delimiter = "%" Thu Sep 21 21:52:52 2017 : Debug: ignore_default = no Thu Sep 21 21:52:52 2017 : Debug: ignore_null = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Loading module "ntdomain" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/realm Thu Sep 21 21:52:52 2017 : Debug: realm ntdomain { Thu Sep 21 21:52:52 2017 : Debug: format = "prefix" Thu Sep 21 21:52:52 2017 : Debug: delimiter = "\\" Thu Sep 21 21:52:52 2017 : Debug: ignore_default = no Thu Sep 21 21:52:52 2017 : Debug: ignore_null = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_always, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_always Thu Sep 21 21:52:52 2017 : Debug: # Loading module "reject" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/always Thu Sep 21 21:52:52 2017 : Debug: always reject { Thu Sep 21 21:52:52 2017 : Debug: rcode = "reject" Thu Sep 21 21:52:52 2017 : Debug: simulcount = 0 Thu Sep 21 21:52:52 2017 : Debug: mpp = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Loading module "fail" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/always Thu Sep 21 21:52:52 2017 : Debug: always fail { Thu Sep 21 21:52:52 2017 : Debug: rcode = "fail" Thu Sep 21 21:52:52 2017 : Debug: simulcount = 0 Thu Sep 21 21:52:52 2017 : Debug: mpp = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Loading module "ok" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/always Thu Sep 21 21:52:52 2017 : Debug: always ok { Thu Sep 21 21:52:52 2017 : Debug: rcode = "ok" Thu Sep 21 21:52:52 2017 : Debug: simulcount = 0 Thu Sep 21 21:52:52 2017 : Debug: mpp = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Loading module "handled" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/always Thu Sep 21 21:52:52 2017 : Debug: always handled { Thu Sep 21 21:52:52 2017 : Debug: rcode = "handled" Thu Sep 21 21:52:52 2017 : Debug: simulcount = 0 Thu Sep 21 21:52:52 2017 : Debug: mpp = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Loading module "invalid" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/always Thu Sep 21 21:52:52 2017 : Debug: always invalid { Thu Sep 21 21:52:52 2017 : Debug: rcode = "invalid" Thu Sep 21 21:52:52 2017 : Debug: simulcount = 0 Thu Sep 21 21:52:52 2017 : Debug: mpp = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Loading module "userlock" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/always Thu Sep 21 21:52:52 2017 : Debug: always userlock { Thu Sep 21 21:52:52 2017 : Debug: rcode = "userlock" Thu Sep 21 21:52:52 2017 : Debug: simulcount = 0 Thu Sep 21 21:52:52 2017 : Debug: mpp = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Loading module "notfound" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/always Thu Sep 21 21:52:52 2017 : Debug: always notfound { Thu Sep 21 21:52:52 2017 : Debug: rcode = "notfound" Thu Sep 21 21:52:52 2017 : Debug: simulcount = 0 Thu Sep 21 21:52:52 2017 : Debug: mpp = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Loading module "noop" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/always Thu Sep 21 21:52:52 2017 : Debug: always noop { Thu Sep 21 21:52:52 2017 : Debug: rcode = "noop" Thu Sep 21 21:52:52 2017 : Debug: simulcount = 0 Thu Sep 21 21:52:52 2017 : Debug: mpp = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Loading module "updated" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/always Thu Sep 21 21:52:52 2017 : Debug: always updated { Thu Sep 21 21:52:52 2017 : Debug: rcode = "updated" Thu Sep 21 21:52:52 2017 : Debug: simulcount = 0 Thu Sep 21 21:52:52 2017 : Debug: mpp = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_utf8, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_utf8 Thu Sep 21 21:52:52 2017 : Debug: # Loading module "utf8" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/utf8 Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_attr_filter, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_attr_filter Thu Sep 21 21:52:52 2017 : Debug: # Loading module "attr_filter.post-proxy" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/attr_filter Thu Sep 21 21:52:52 2017 : Debug: attr_filter attr_filter.post-proxy { Thu Sep 21 21:52:52 2017 : Debug: filename = "/home/adrian/freeradius-server-3.0.x/etc/raddb/mods-config/attr_filter/post-proxy" Thu Sep 21 21:52:52 2017 : Debug: key = "%{Realm}" Thu Sep 21 21:52:52 2017 : Debug: relaxed = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Loading module "attr_filter.pre-proxy" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/attr_filter Thu Sep 21 21:52:52 2017 : Debug: attr_filter attr_filter.pre-proxy { Thu Sep 21 21:52:52 2017 : Debug: filename = "/home/adrian/freeradius-server-3.0.x/etc/raddb/mods-config/attr_filter/pre-proxy" Thu Sep 21 21:52:52 2017 : Debug: key = "%{Realm}" Thu Sep 21 21:52:52 2017 : Debug: relaxed = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Loading module "attr_filter.access_reject" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/attr_filter Thu Sep 21 21:52:52 2017 : Debug: attr_filter attr_filter.access_reject { Thu Sep 21 21:52:52 2017 : Debug: filename = "/home/adrian/freeradius-server-3.0.x/etc/raddb/mods-config/attr_filter/access_reject" Thu Sep 21 21:52:52 2017 : Debug: key = "%{User-Name}" Thu Sep 21 21:52:52 2017 : Debug: relaxed = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Loading module "attr_filter.access_challenge" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/attr_filter Thu Sep 21 21:52:52 2017 : Debug: attr_filter attr_filter.access_challenge { Thu Sep 21 21:52:52 2017 : Debug: filename = "/home/adrian/freeradius-server-3.0.x/etc/raddb/mods-config/attr_filter/access_challenge" Thu Sep 21 21:52:52 2017 : Debug: key = "%{User-Name}" Thu Sep 21 21:52:52 2017 : Debug: relaxed = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Loading module "attr_filter.accounting_response" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/attr_filter Thu Sep 21 21:52:52 2017 : Debug: attr_filter attr_filter.accounting_response { Thu Sep 21 21:52:52 2017 : Debug: filename = "/home/adrian/freeradius-server-3.0.x/etc/raddb/mods-config/attr_filter/accounting_response" Thu Sep 21 21:52:52 2017 : Debug: key = "%{User-Name}" Thu Sep 21 21:52:52 2017 : Debug: relaxed = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_passwd, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_passwd Thu Sep 21 21:52:52 2017 : Debug: # Loading module "etc_passwd" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/passwd Thu Sep 21 21:52:52 2017 : Debug: passwd etc_passwd { Thu Sep 21 21:52:52 2017 : Debug: filename = "/etc/passwd" Thu Sep 21 21:52:52 2017 : Debug: format = "*User-Name:Crypt-Password:" Thu Sep 21 21:52:52 2017 : Debug: delimiter = ":" Thu Sep 21 21:52:52 2017 : Debug: ignore_nislike = no Thu Sep 21 21:52:52 2017 : Debug: ignore_empty = yes Thu Sep 21 21:52:52 2017 : Debug: allow_multiple_keys = no Thu Sep 21 21:52:52 2017 : Debug: hash_size = 100 Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Loading module "echo" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/echo Thu Sep 21 21:52:52 2017 : Debug: exec echo { Thu Sep 21 21:52:52 2017 : Debug: wait = yes Thu Sep 21 21:52:52 2017 : Debug: program = "/bin/echo %{User-Name}" Thu Sep 21 21:52:52 2017 : Debug: input_pairs = "request" Thu Sep 21 21:52:52 2017 : Debug: output_pairs = "reply" Thu Sep 21 21:52:52 2017 : Debug: shell_escape = yes Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_unpack, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_unpack Thu Sep 21 21:52:52 2017 : Debug: # Loading module "unpack" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/unpack Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_date, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_date Thu Sep 21 21:52:52 2017 : Debug: # Loading module "date" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/date Thu Sep 21 21:52:52 2017 : Debug: date { Thu Sep 21 21:52:52 2017 : Debug: format = "%b %e %Y %H:%M:%S %Z" Thu Sep 21 21:52:52 2017 : Debug: utc = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_linelog, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_linelog Thu Sep 21 21:52:52 2017 : Debug: # Loading module "linelog" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/linelog Thu Sep 21 21:52:52 2017 : Debug: linelog { Thu Sep 21 21:52:52 2017 : Debug: filename = "/home/adrian/freeradius-server-3.0.x/var/log/radius/linelog" Thu Sep 21 21:52:52 2017 : Debug: escape_filenames = no Thu Sep 21 21:52:52 2017 : Debug: syslog_severity = "info" Thu Sep 21 21:52:52 2017 : Debug: permissions = 384 Thu Sep 21 21:52:52 2017 : Debug: format = "This is a log message for %{User-Name}" Thu Sep 21 21:52:52 2017 : Debug: reference = "messages.%{%{reply:Packet-Type}:-default}" Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Loading module "log_accounting" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/linelog Thu Sep 21 21:52:52 2017 : Debug: linelog log_accounting { Thu Sep 21 21:52:52 2017 : Debug: filename = "/home/adrian/freeradius-server-3.0.x/var/log/radius/linelog-accounting" Thu Sep 21 21:52:52 2017 : Debug: escape_filenames = no Thu Sep 21 21:52:52 2017 : Debug: syslog_severity = "info" Thu Sep 21 21:52:52 2017 : Debug: permissions = 384 Thu Sep 21 21:52:52 2017 : Debug: format = "" Thu Sep 21 21:52:52 2017 : Debug: reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_preprocess, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_preprocess Thu Sep 21 21:52:52 2017 : Debug: # Loading module "preprocess" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/preprocess Thu Sep 21 21:52:52 2017 : Debug: preprocess { Thu Sep 21 21:52:52 2017 : Debug: huntgroups = "/home/adrian/freeradius-server-3.0.x/etc/raddb/mods-config/preprocess/huntgroups" Thu Sep 21 21:52:52 2017 : Debug: hints = "/home/adrian/freeradius-server-3.0.x/etc/raddb/mods-config/preprocess/hints" Thu Sep 21 21:52:52 2017 : Debug: with_ascend_hack = no Thu Sep 21 21:52:52 2017 : Debug: ascend_channels_per_line = 23 Thu Sep 21 21:52:52 2017 : Debug: with_ntdomain_hack = no Thu Sep 21 21:52:52 2017 : Debug: with_specialix_jetstream_hack = no Thu Sep 21 21:52:52 2017 : Debug: with_cisco_vsa_hack = no Thu Sep 21 21:52:52 2017 : Debug: with_alvarion_vsa_hack = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_detail, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_detail Thu Sep 21 21:52:52 2017 : Debug: # Loading module "detail" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/detail Thu Sep 21 21:52:52 2017 : Debug: detail { Thu Sep 21 21:52:52 2017 : Debug: filename = "/home/adrian/freeradius-server-3.0.x/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" Thu Sep 21 21:52:52 2017 : Debug: header = "%t" Thu Sep 21 21:52:52 2017 : Debug: permissions = 384 Thu Sep 21 21:52:52 2017 : Debug: locking = no Thu Sep 21 21:52:52 2017 : Debug: escape_filenames = no Thu Sep 21 21:52:52 2017 : Debug: log_packet_header = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Loading module "exec" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/exec Thu Sep 21 21:52:52 2017 : Debug: exec { Thu Sep 21 21:52:52 2017 : Debug: wait = no Thu Sep 21 21:52:52 2017 : Debug: input_pairs = "request" Thu Sep 21 21:52:52 2017 : Debug: shell_escape = yes Thu Sep 21 21:52:52 2017 : Debug: timeout = 10 Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_eap, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_eap Thu Sep 21 21:52:52 2017 : Debug: # Loading module "eap" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/eap Thu Sep 21 21:52:52 2017 : Debug: eap { Thu Sep 21 21:52:52 2017 : Debug: default_eap_type = "md5" Thu Sep 21 21:52:52 2017 : Debug: timer_expire = 60 Thu Sep 21 21:52:52 2017 : Debug: ignore_unknown_eap_types = no Thu Sep 21 21:52:52 2017 : Debug: cisco_accounting_username_bug = no Thu Sep 21 21:52:52 2017 : Debug: max_sessions = 16384 Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_unix, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_unix Thu Sep 21 21:52:52 2017 : Debug: # Loading module "unix" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/unix Thu Sep 21 21:52:52 2017 : Debug: unix { Thu Sep 21 21:52:52 2017 : Debug: radwtmp = "/home/adrian/freeradius-server-3.0.x/var/log/radius/radwtmp" Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: Creating attribute Unix-Group Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_digest, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_digest Thu Sep 21 21:52:52 2017 : Debug: # Loading module "digest" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/digest Thu Sep 21 21:52:52 2017 : Debug: # Loading module "auth_log" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/detail.log Thu Sep 21 21:52:52 2017 : Debug: detail auth_log { Thu Sep 21 21:52:52 2017 : Debug: filename = "/home/adrian/freeradius-server-3.0.x/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" Thu Sep 21 21:52:52 2017 : Debug: header = "%t" Thu Sep 21 21:52:52 2017 : Debug: permissions = 384 Thu Sep 21 21:52:52 2017 : Debug: locking = no Thu Sep 21 21:52:52 2017 : Debug: escape_filenames = no Thu Sep 21 21:52:52 2017 : Debug: log_packet_header = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Loading module "reply_log" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/detail.log Thu Sep 21 21:52:52 2017 : Debug: detail reply_log { Thu Sep 21 21:52:52 2017 : Debug: filename = "/home/adrian/freeradius-server-3.0.x/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" Thu Sep 21 21:52:52 2017 : Debug: header = "%t" Thu Sep 21 21:52:52 2017 : Debug: permissions = 384 Thu Sep 21 21:52:52 2017 : Debug: locking = no Thu Sep 21 21:52:52 2017 : Debug: escape_filenames = no Thu Sep 21 21:52:52 2017 : Debug: log_packet_header = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Loading module "pre_proxy_log" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/detail.log Thu Sep 21 21:52:52 2017 : Debug: detail pre_proxy_log { Thu Sep 21 21:52:52 2017 : Debug: filename = "/home/adrian/freeradius-server-3.0.x/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" Thu Sep 21 21:52:52 2017 : Debug: header = "%t" Thu Sep 21 21:52:52 2017 : Debug: permissions = 384 Thu Sep 21 21:52:52 2017 : Debug: locking = no Thu Sep 21 21:52:52 2017 : Debug: escape_filenames = no Thu Sep 21 21:52:52 2017 : Debug: log_packet_header = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Loading module "post_proxy_log" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/detail.log Thu Sep 21 21:52:52 2017 : Debug: detail post_proxy_log { Thu Sep 21 21:52:52 2017 : Debug: filename = "/home/adrian/freeradius-server-3.0.x/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" Thu Sep 21 21:52:52 2017 : Debug: header = "%t" Thu Sep 21 21:52:52 2017 : Debug: permissions = 384 Thu Sep 21 21:52:52 2017 : Debug: locking = no Thu Sep 21 21:52:52 2017 : Debug: escape_filenames = no Thu Sep 21 21:52:52 2017 : Debug: log_packet_header = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_pap, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_pap Thu Sep 21 21:52:52 2017 : Debug: # Loading module "pap" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/pap Thu Sep 21 21:52:52 2017 : Debug: pap { Thu Sep 21 21:52:52 2017 : Debug: normalise = yes Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_cache, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_cache Thu Sep 21 21:52:52 2017 : Debug: # Loading module "cache_eap" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/cache_eap Thu Sep 21 21:52:52 2017 : Debug: cache cache_eap { Thu Sep 21 21:52:52 2017 : Debug: driver = "rlm_cache_rbtree" Thu Sep 21 21:52:52 2017 : Debug: key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" Thu Sep 21 21:52:52 2017 : Debug: ttl = 15 Thu Sep 21 21:52:52 2017 : Debug: max_entries = 0 Thu Sep 21 21:52:52 2017 : Debug: epoch = 0 Thu Sep 21 21:52:52 2017 : Debug: add_stats = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_dhcp, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_dhcp Thu Sep 21 21:52:52 2017 : Debug: # Loading module "dhcp" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/dhcp Thu Sep 21 21:52:52 2017 : Debug: Adding values for DHCP-Parameter-Request-List Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 1 DHCP-Subnet-Mask Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 2 DHCP-Time-Offset Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 3 DHCP-Router-Address Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 4 DHCP-Time-Server Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 5 DHCP-IEN-116-Name-Server Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 6 DHCP-Domain-Name-Server Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 7 DHCP-Log-Server Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 8 DHCP-Quotes-Server Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 9 DHCP-LPR-Server Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 10 DHCP-Impress-Server Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 11 DHCP-RLP-Server Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 12 DHCP-Hostname Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 13 DHCP-Boot-File-Size Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 14 DHCP-Merit-Dump-File Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 15 DHCP-Domain-Name Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 16 DHCP-Swap-Server Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 17 DHCP-Root-Path Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 18 DHCP-Bootp-Extensions-Path Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 19 DHCP-IP-Forward-Enable Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 20 DHCP-Source-Route-Enable Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 21 DHCP-Policy-Filter Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 22 DHCP-Max-Datagram-Reassembly-Size Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 23 DHCP-Default-IP-TTL Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 24 DHCP-Path-MTU-Aging-Timeout Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 25 DHCP-Path-MTU-Plateau-Table Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 26 DHCP-Interface-MTU-Size Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 27 DHCP-All-Subnets-Are-Local Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 28 DHCP-Broadcast-Address Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 29 DHCP-Perform-Mask-Discovery Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 30 DHCP-Provide-Mask-To-Others Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 31 DHCP-Perform-Router-Discovery Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 32 DHCP-Router-Solicitation-Address Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 33 DHCP-Static-Routes Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 34 DHCP-Trailer-Encapsulation Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 35 DHCP-ARP-Cache-Timeout Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 36 DHCP-Ethernet-Encapsulation Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 37 DHCP-Default-TCP-TTL Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 38 DHCP-Keep-Alive-Interval Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 39 DHCP-Keep-Alive-Garbage Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 40 DHCP-NIS-Domain-Name Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 41 DHCP-NIS-Servers Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 42 DHCP-NTP-Servers Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 43 DHCP-Vendor Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 44 DHCP-NETBIOS-Name-Servers Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 45 DHCP-NETBIOS-Dgm-Dist-Servers Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 46 DHCP-NETBIOS-Node-Type Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 47 DHCP-NETBIOS Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 48 DHCP-X-Window-Font-Server Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 49 DHCP-X-Window-Display-Mgr Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 50 DHCP-Requested-IP-Address Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 51 DHCP-IP-Address-Lease-Time Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 52 DHCP-Overload Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 53 DHCP-Message-Type Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 54 DHCP-DHCP-Server-Identifier Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 55 DHCP-Parameter-Request-List Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 56 DHCP-DHCP-Error-Message Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 57 DHCP-DHCP-Maximum-Msg-Size Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 58 DHCP-Renewal-Time Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 59 DHCP-Rebinding-Time Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 60 DHCP-Vendor-Class-Identifier Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 61 DHCP-Client-Identifier Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 62 DHCP-Netware-Domain-Name Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 63 DHCP-Netware-Sub-Options Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 64 DHCP-NIS-Client-Domain-Name Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 65 DHCP-NIS-Server-Address Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 66 DHCP-TFTP-Server-Name Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 67 DHCP-Boot-File-Name Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 68 DHCP-Home-Agent-Address Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 69 DHCP-SMTP-Server-Address Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 70 DHCP-POP3-Server-Address Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 71 DHCP-NNTP-Server-Address Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 72 DHCP-WWW-Server-Address Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 73 DHCP-Finger-Server-Address Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 74 DHCP-IRC-Server-Address Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 75 DHCP-StreetTalk-Server-Address Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 76 DHCP-STDA-Server-Address Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 77 DHCP-User-Class Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 78 DHCP-Directory-Agent Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 79 DHCP-Service-Scope Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 80 DHCP-Rapid-Commit Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 81 DHCP-Client-FQDN Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 82 DHCP-Relay-Agent-Information Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 83 DHCP-iSNS Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 84 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 85 DHCP-NDS-Servers Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 86 DHCP-NDS-Tree-Name Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 87 DHCP-NDS-Context Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 88 DHCP-BCMS-Server-IPv4-FQDN Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 89 DHCP-BCMS-Server-IPv4-Address Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 90 DHCP-Authentication Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 91 DHCP-Client-Last-Txn-Time Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 92 DHCP-associated-ip Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 93 DHCP-Client-System Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 94 DHCP-Client-NDI Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 95 DHCP-LDAP Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 96 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 97 DHCP-UUID/GUID Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 98 DHCP-User-Auth Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 99 DHCP-GeoConf-Civic Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 100 DHCP-Timezone-Posix Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 101 DHCP-Timezone-Database Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 102 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 103 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 104 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 105 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 106 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 107 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 108 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 109 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 110 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 111 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 112 DHCP-Netinfo-Address Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 113 DHCP-Netinfo-Tag Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 114 DHCP-URL Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 115 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 116 DHCP-Auto-Config Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 117 DHCP-Name-Service-Search Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 118 DHCP-Subnet-Selection-Option Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 119 DHCP-Domain-Search Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 120 DHCP-SIP-Servers-DHCP-Option Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 121 DHCP-Classless-Static-Route Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 122 DHCP-CCC Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 123 DHCP-GeoConf-Option Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 124 DHCP-V-I-Vendor-Class Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 125 DHCP-V-I-Vendor-Specific Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 126 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 127 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 128 DHCP-TFTP-Server-IP-Address Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 129 DHCP-Call-Server-IP-address Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 130 DHCP-Vendor-Discrimination-Str Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 131 DHCP-Remote-Stats-Svr-IP-Address Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 132 DHCP-IEEE-802.1Q-VLAN-ID Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 133 DHCP-IEEE-802.1P-L2-Priority Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 134 DHCP-Diffserv-Code-Point Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 135 DHCP-HTTP-Proxy Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 136 DHCP-PANA-Agent Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 137 DHCP-LoST-Server Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 138 DHCP-CAPWAP-AC-IPv4-Address Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 139 DHCP-MoS-IPv4-Address Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 140 DHCP-MoS-IPv4-FQDN Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 141 DHCP-SIP-UA-Configuration-Service-Domains Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 142 DHCP-ANDSF-IPv4-Address Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 143 DHCP-ANDSF-IPv6-Address Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 144 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 145 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 146 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 147 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 148 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 149 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 150 DHCP-TFTP-Server-IPv4-Address Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 151 DHCP-Query-Status-Code Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 152 DHCP-Query-Server-Base-Time Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 153 DHCP-Query-Start-Time-Of-State Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 154 DHCP-Query-Start-Time Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 155 DHCP-Query-End-Time Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 156 DHCP-State Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 157 DHCP-Data-Source Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 158 DHCP-PCP-IPv4-Server-Address Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 159 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 160 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 161 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 162 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 163 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 164 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 165 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 166 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 167 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 168 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 169 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 170 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 171 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 172 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 173 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 174 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 175 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 176 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 177 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 178 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 179 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 180 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 181 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 182 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 183 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 184 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 185 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 186 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 187 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 188 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 189 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 190 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 191 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 192 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 193 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 194 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 195 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 196 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 197 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 198 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 199 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 200 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 201 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 202 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 203 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 204 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 205 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 206 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 207 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 208 DHCP-PXELINUX-Magic Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 209 DHCP-Packet-Format Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 210 DHCP-Path-Prefix Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 211 DHCP-Reboot-Time Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 212 DHCP-6RD Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 213 DHCP-Access-Network-Domain-Name Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 214 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 215 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 216 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 217 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 218 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 219 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 220 DHCP-Virtual-Subnet-Allocation Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 221 DHCP-Virtual-Subnet-Selection Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 222 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 223 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 224 DHCP-Site-specific-0 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 225 DHCP-Site-specific-1 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 226 DHCP-Site-specific-2 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 227 DHCP-Site-specific-3 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 228 DHCP-Site-specific-4 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 229 DHCP-Site-specific-5 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 230 DHCP-Site-specific-6 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 231 DHCP-Site-specific-7 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 232 DHCP-Site-specific-8 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 233 DHCP-Site-specific-9 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 234 DHCP-Site-specific-10 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 235 DHCP-Site-specific-11 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 236 DHCP-Site-specific-12 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 237 DHCP-Site-specific-13 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 238 DHCP-Site-specific-14 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 239 DHCP-Site-specific-15 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 240 DHCP-Site-specific-16 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 241 DHCP-Site-specific-17 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 242 DHCP-Site-specific-18 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 243 DHCP-Site-specific-19 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 244 DHCP-Site-specific-20 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 245 DHCP-Site-specific-21 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 246 DHCP-Site-specific-22 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 247 DHCP-Site-specific-23 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 248 DHCP-Site-specific-24 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 249 DHCP-Site-specific-25 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 250 DHCP-Site-specific-26 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 251 DHCP-Site-specific-27 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 252 DHCP-Site-specific-28 Thu Sep 21 21:52:52 2017 : Debug: Adding DHCP-Parameter-Request-List value 253 DHCP-Site-specific-30 Thu Sep 21 21:52:52 2017 : Debug: No DHCP RFC space attribute at 254 Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_expiration, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_expiration Thu Sep 21 21:52:52 2017 : Debug: # Loading module "expiration" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/expiration Thu Sep 21 21:52:52 2017 : Debug: # Loading module "radutmp" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/radutmp Thu Sep 21 21:52:52 2017 : Debug: radutmp { Thu Sep 21 21:52:52 2017 : Debug: filename = "/home/adrian/freeradius-server-3.0.x/var/log/radius/radutmp" Thu Sep 21 21:52:52 2017 : Debug: username = "%{User-Name}" Thu Sep 21 21:52:52 2017 : Debug: case_sensitive = yes Thu Sep 21 21:52:52 2017 : Debug: check_with_nas = yes Thu Sep 21 21:52:52 2017 : Debug: permissions = 384 Thu Sep 21 21:52:52 2017 : Debug: caller_id = yes Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_replicate, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_replicate Thu Sep 21 21:52:52 2017 : Debug: # Loading module "replicate" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/replicate Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_expr, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_expr Thu Sep 21 21:52:52 2017 : Debug: # Loading module "expr" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/expr Thu Sep 21 21:52:52 2017 : Debug: expr { Thu Sep 21 21:52:52 2017 : Debug: safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ" Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: Loaded rlm_logintime, checking if it's valid Thu Sep 21 21:52:52 2017 : Debug: # Loaded module rlm_logintime Thu Sep 21 21:52:52 2017 : Debug: # Loading module "logintime" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/logintime Thu Sep 21 21:52:52 2017 : Debug: logintime { Thu Sep 21 21:52:52 2017 : Debug: minimum_timeout = 60 Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: instantiate { Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "files" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/files Thu Sep 21 21:52:52 2017 : Debug: reading pairlist file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-config/files/authorize Thu Sep 21 21:52:52 2017 : Debug: reading pairlist file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-config/files/accounting Thu Sep 21 21:52:52 2017 : Debug: reading pairlist file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-config/files/pre-proxy Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "mschap" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/mschap Thu Sep 21 21:52:52 2017 : Debug: rlm_mschap (mschap): using internal authentication Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "IPASS" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/realm Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "suffix" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/realm Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "realmpercent" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/realm Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "ntdomain" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/realm Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "reject" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/always Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "fail" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/always Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "ok" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/always Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "handled" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/always Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "invalid" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/always Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "userlock" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/always Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "notfound" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/always Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "noop" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/always Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "updated" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/always Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "attr_filter.post-proxy" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/attr_filter Thu Sep 21 21:52:52 2017 : Debug: reading pairlist file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-config/attr_filter/post-proxy Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "attr_filter.pre-proxy" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/attr_filter Thu Sep 21 21:52:52 2017 : Debug: reading pairlist file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-config/attr_filter/pre-proxy Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "attr_filter.access_reject" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/attr_filter Thu Sep 21 21:52:52 2017 : Debug: reading pairlist file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-config/attr_filter/access_reject Thu Sep 21 21:52:52 2017 : Warning: [/home/adrian/freeradius-server-3.0.x/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT". Thu Sep 21 21:52:52 2017 : Warning: [/home/adrian/freeradius-server-3.0.x/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT". Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "attr_filter.access_challenge" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/attr_filter Thu Sep 21 21:52:52 2017 : Debug: reading pairlist file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-config/attr_filter/access_challenge Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "attr_filter.accounting_response" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/attr_filter Thu Sep 21 21:52:52 2017 : Debug: reading pairlist file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-config/attr_filter/accounting_response Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "etc_passwd" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/passwd Thu Sep 21 21:52:52 2017 : Debug: rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "linelog" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/linelog Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "log_accounting" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/linelog Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "preprocess" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/preprocess Thu Sep 21 21:52:52 2017 : Debug: reading pairlist file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-config/preprocess/huntgroups Thu Sep 21 21:52:52 2017 : Debug: reading pairlist file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-config/preprocess/hints Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "detail" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/detail Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "eap" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/eap Thu Sep 21 21:52:52 2017 : Debug: # Linked to sub-module rlm_eap_md5 Thu Sep 21 21:52:52 2017 : Debug: # Linked to sub-module rlm_eap_leap Thu Sep 21 21:52:52 2017 : Debug: # Linked to sub-module rlm_eap_gtc Thu Sep 21 21:52:52 2017 : Debug: gtc { Thu Sep 21 21:52:52 2017 : Debug: challenge = "Password: " Thu Sep 21 21:52:52 2017 : Debug: auth_type = "PAP" Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Linked to sub-module rlm_eap_tls Thu Sep 21 21:52:52 2017 : Debug: tls { Thu Sep 21 21:52:52 2017 : Debug: tls = "tls-common" Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: tls-config tls-common { Thu Sep 21 21:52:52 2017 : Debug: verify_depth = 0 Thu Sep 21 21:52:52 2017 : Debug: ca_path = "/home/adrian/freeradius-server-3.0.x/etc/raddb/certs" Thu Sep 21 21:52:52 2017 : Debug: pem_file_type = yes Thu Sep 21 21:52:52 2017 : Debug: private_key_file = "/home/adrian/freeradius-server-3.0.x/etc/raddb/certs/server.pem" Thu Sep 21 21:52:52 2017 : Debug: certificate_file = "/home/adrian/freeradius-server-3.0.x/etc/raddb/certs/server.pem" Thu Sep 21 21:52:52 2017 : Debug: ca_file = "/home/adrian/freeradius-server-3.0.x/etc/raddb/certs/ca.pem" Thu Sep 21 21:52:52 2017 : Debug: private_key_password = "whatever" Thu Sep 21 21:52:52 2017 : Debug: dh_file = "/home/adrian/freeradius-server-3.0.x/etc/raddb/certs/dh" Thu Sep 21 21:52:52 2017 : Debug: fragment_size = 1024 Thu Sep 21 21:52:52 2017 : Debug: include_length = yes Thu Sep 21 21:52:52 2017 : Debug: auto_chain = yes Thu Sep 21 21:52:52 2017 : Debug: check_crl = no Thu Sep 21 21:52:52 2017 : Debug: check_all_crl = no Thu Sep 21 21:52:52 2017 : Debug: cipher_list = "DEFAULT" Thu Sep 21 21:52:52 2017 : Debug: cipher_server_preference = no Thu Sep 21 21:52:52 2017 : Debug: ecdh_curve = "prime256v1" Thu Sep 21 21:52:52 2017 : Debug: cache { Thu Sep 21 21:52:52 2017 : Debug: enable = no Thu Sep 21 21:52:52 2017 : Debug: lifetime = 24 Thu Sep 21 21:52:52 2017 : Debug: max_entries = 255 Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: verify { Thu Sep 21 21:52:52 2017 : Debug: skip_if_ocsp_ok = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: ocsp { Thu Sep 21 21:52:52 2017 : Debug: enable = no Thu Sep 21 21:52:52 2017 : Debug: override_cert_url = yes Thu Sep 21 21:52:52 2017 : Debug: url = "http://127.0.0.1/ocsp/" Thu Sep 21 21:52:52 2017 : Debug: use_nonce = yes Thu Sep 21 21:52:52 2017 : Debug: timeout = 0 Thu Sep 21 21:52:52 2017 : Debug: softfail = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Linked to sub-module rlm_eap_ttls Thu Sep 21 21:52:52 2017 : Debug: ttls { Thu Sep 21 21:52:52 2017 : Debug: tls = "tls-common" Thu Sep 21 21:52:52 2017 : Debug: default_eap_type = "md5" Thu Sep 21 21:52:52 2017 : Debug: copy_request_to_tunnel = no Thu Sep 21 21:52:52 2017 : Debug: use_tunneled_reply = no Thu Sep 21 21:52:52 2017 : Debug: virtual_server = "inner-tunnel" Thu Sep 21 21:52:52 2017 : Debug: include_length = yes Thu Sep 21 21:52:52 2017 : Debug: require_client_cert = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: tls: Using cached TLS configuration from previous invocation Thu Sep 21 21:52:52 2017 : Debug: # Linked to sub-module rlm_eap_peap Thu Sep 21 21:52:52 2017 : Debug: peap { Thu Sep 21 21:52:52 2017 : Debug: tls = "tls-common" Thu Sep 21 21:52:52 2017 : Debug: default_eap_type = "mschapv2" Thu Sep 21 21:52:52 2017 : Debug: copy_request_to_tunnel = no Thu Sep 21 21:52:52 2017 : Debug: use_tunneled_reply = no Thu Sep 21 21:52:52 2017 : Debug: proxy_tunneled_request_as_eap = yes Thu Sep 21 21:52:52 2017 : Debug: virtual_server = "inner-tunnel" Thu Sep 21 21:52:52 2017 : Debug: soh = no Thu Sep 21 21:52:52 2017 : Debug: require_client_cert = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: tls: Using cached TLS configuration from previous invocation Thu Sep 21 21:52:52 2017 : Debug: # Linked to sub-module rlm_eap_mschapv2 Thu Sep 21 21:52:52 2017 : Debug: mschapv2 { Thu Sep 21 21:52:52 2017 : Debug: with_ntdomain_hack = no Thu Sep 21 21:52:52 2017 : Debug: send_error = no Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "auth_log" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/detail.log Thu Sep 21 21:52:52 2017 : Debug: rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "reply_log" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/detail.log Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "pre_proxy_log" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/detail.log Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "post_proxy_log" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/detail.log Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "pap" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/pap Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "cache_eap" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/cache_eap Thu Sep 21 21:52:52 2017 : Debug: rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "expiration" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/expiration Thu Sep 21 21:52:52 2017 : Debug: # Instantiating module "logintime" from file /home/adrian/freeradius-server-3.0.x/etc/raddb/mods-enabled/logintime Thu Sep 21 21:52:52 2017 : Debug: } # modules Thu Sep 21 21:52:52 2017 : Debug: radiusd: #### Loading Virtual Servers #### Thu Sep 21 21:52:52 2017 : Debug: server { # from file /home/adrian/freeradius-server-3.0.x/etc/raddb/radiusd.conf Thu Sep 21 21:52:52 2017 : Debug: } # server Thu Sep 21 21:52:52 2017 : Debug: server default { # from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default Thu Sep 21 21:52:52 2017 : Debug: # Loading authenticate {...} Thu Sep 21 21:52:52 2017 : Debug: mschap Thu Sep 21 21:52:52 2017 : Debug: digest Thu Sep 21 21:52:52 2017 : Debug: eap Thu Sep 21 21:52:52 2017 : Debug: # Loading authorize {...} Thu Sep 21 21:52:52 2017 : Debug: policy filter_username { Thu Sep 21 21:52:52 2017 : Debug: if (&User-Name) { Thu Sep 21 21:52:52 2017 : Debug: if (&User-Name =~ / /) { Thu Sep 21 21:52:52 2017 : Debug: update { Thu Sep 21 21:52:52 2017 : Debug: &Module-Failure-Message += 'Rejected: User-Name contains whitespace' Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: reject Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: if (&User-Name =~ /@[^@]*@/) { Thu Sep 21 21:52:52 2017 : Debug: update { Thu Sep 21 21:52:52 2017 : Debug: &Module-Failure-Message += 'Rejected: Multiple @ in User-Name' Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: reject Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: if (&User-Name =~ /\.\./) { Thu Sep 21 21:52:52 2017 : Debug: update { Thu Sep 21 21:52:52 2017 : Debug: &Module-Failure-Message += 'Rejected: User-Name contains multiple ..s' Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: reject Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: if (&User-Name =~ /@/ && !&User-Name =~ /@(.+)\.(.+)$/) { Thu Sep 21 21:52:52 2017 : Debug: update { Thu Sep 21 21:52:52 2017 : Debug: &Module-Failure-Message += 'Rejected: Realm does not have at least one dot separator' Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: reject Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: if (&User-Name =~ /\.$/) { Thu Sep 21 21:52:52 2017 : Debug: update { Thu Sep 21 21:52:52 2017 : Debug: &Module-Failure-Message += 'Rejected: Realm ends with a dot' Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: reject Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: if (&User-Name =~ /@\./) { Thu Sep 21 21:52:52 2017 : Debug: update { Thu Sep 21 21:52:52 2017 : Debug: &Module-Failure-Message += 'Rejected: Realm begins with a dot' Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: reject Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: preprocess Thu Sep 21 21:52:52 2017 : Debug: chap Thu Sep 21 21:52:52 2017 : Debug: mschap Thu Sep 21 21:52:52 2017 : Debug: digest Thu Sep 21 21:52:52 2017 : Debug: IPASS Thu Sep 21 21:52:52 2017 : Warning: /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default[354]: Please change attribute reference to '&Proxy-To-Realm := ...' Thu Sep 21 21:52:52 2017 : Debug: if (&Realm == 'passpoint' && &EAP-Message) { Thu Sep 21 21:52:52 2017 : Debug: update { Thu Sep 21 21:52:52 2017 : Debug: &control:Proxy-To-Realm := LOCAL Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: else { Thu Sep 21 21:52:52 2017 : Debug: suffix Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: eap Thu Sep 21 21:52:52 2017 : Debug: files Thu Sep 21 21:52:52 2017 : Warning: Ignoring "sql" (see raddb/mods-available/README.rst) Thu Sep 21 21:52:52 2017 : Warning: Ignoring "ldap" (see raddb/mods-available/README.rst) Thu Sep 21 21:52:52 2017 : Debug: expiration Thu Sep 21 21:52:52 2017 : Debug: logintime Thu Sep 21 21:52:52 2017 : Debug: pap Thu Sep 21 21:52:52 2017 : Debug: # Loading preacct {...} Thu Sep 21 21:52:52 2017 : Debug: preprocess Thu Sep 21 21:52:52 2017 : Debug: policy acct_unique { Thu Sep 21 21:52:52 2017 : Debug: update { Thu Sep 21 21:52:52 2017 : Debug: &Tmp-String-9 := "ai:" Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: if ("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/ && "%{string:&Class}" =~ /^ai:([0-9a-f]{32})/) { Thu Sep 21 21:52:52 2017 : Debug: update { Thu Sep 21 21:52:52 2017 : Debug: &Acct-Unique-Session-Id := "%{md5:%{1},%{Acct-Session-ID}}" Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: else { Thu Sep 21 21:52:52 2017 : Debug: update { Thu Sep 21 21:52:52 2017 : Debug: &Acct-Unique-Session-Id := "%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}" Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: suffix Thu Sep 21 21:52:52 2017 : Debug: files Thu Sep 21 21:52:52 2017 : Debug: # Loading accounting {...} Thu Sep 21 21:52:52 2017 : Debug: detail Thu Sep 21 21:52:52 2017 : Debug: unix Thu Sep 21 21:52:52 2017 : Debug: exec Thu Sep 21 21:52:52 2017 : Debug: attr_filter.accounting_response Thu Sep 21 21:52:52 2017 : Debug: # Loading post-proxy {...} Thu Sep 21 21:52:52 2017 : Debug: eap Thu Sep 21 21:52:52 2017 : Debug: # Loading post-auth {...} Thu Sep 21 21:52:52 2017 : Debug: update { Thu Sep 21 21:52:52 2017 : Debug: &reply:[*] += &session-state:[*] Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: exec Thu Sep 21 21:52:52 2017 : Debug: policy remove_reply_message_if_eap { Thu Sep 21 21:52:52 2017 : Debug: if (&reply:EAP-Message && &reply:Reply-Message) { Thu Sep 21 21:52:52 2017 : Debug: update { Thu Sep 21 21:52:52 2017 : Debug: &reply:Reply-Message !* ANY Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: else { Thu Sep 21 21:52:52 2017 : Debug: noop Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: } # server default Thu Sep 21 21:52:52 2017 : Debug: server inner-tunnel { # from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/inner-tunnel Thu Sep 21 21:52:52 2017 : Debug: # Loading authenticate {...} Thu Sep 21 21:52:52 2017 : Debug: mschap Thu Sep 21 21:52:52 2017 : Debug: eap Thu Sep 21 21:52:52 2017 : Debug: # Loading authorize {...} Thu Sep 21 21:52:52 2017 : Debug: policy filter_username { Thu Sep 21 21:52:52 2017 : Debug: if (&User-Name) { Thu Sep 21 21:52:52 2017 : Debug: if (&User-Name =~ / /) { Thu Sep 21 21:52:52 2017 : Debug: update { Thu Sep 21 21:52:52 2017 : Debug: &Module-Failure-Message += 'Rejected: User-Name contains whitespace' Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: reject Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: if (&User-Name =~ /@[^@]*@/) { Thu Sep 21 21:52:52 2017 : Debug: update { Thu Sep 21 21:52:52 2017 : Debug: &Module-Failure-Message += 'Rejected: Multiple @ in User-Name' Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: reject Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: if (&User-Name =~ /\.\./) { Thu Sep 21 21:52:52 2017 : Debug: update { Thu Sep 21 21:52:52 2017 : Debug: &Module-Failure-Message += 'Rejected: User-Name contains multiple ..s' Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: reject Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: if (&User-Name =~ /@/ && !&User-Name =~ /@(.+)\.(.+)$/) { Thu Sep 21 21:52:52 2017 : Debug: update { Thu Sep 21 21:52:52 2017 : Debug: &Module-Failure-Message += 'Rejected: Realm does not have at least one dot separator' Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: reject Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: if (&User-Name =~ /\.$/) { Thu Sep 21 21:52:52 2017 : Debug: update { Thu Sep 21 21:52:52 2017 : Debug: &Module-Failure-Message += 'Rejected: Realm ends with a dot' Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: reject Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: if (&User-Name =~ /@\./) { Thu Sep 21 21:52:52 2017 : Debug: update { Thu Sep 21 21:52:52 2017 : Debug: &Module-Failure-Message += 'Rejected: Realm begins with a dot' Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: reject Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: chap Thu Sep 21 21:52:52 2017 : Debug: mschap Thu Sep 21 21:52:52 2017 : Debug: IPASS Thu Sep 21 21:52:52 2017 : Debug: suffix Thu Sep 21 21:52:52 2017 : Debug: eap Thu Sep 21 21:52:52 2017 : Debug: files Thu Sep 21 21:52:52 2017 : Debug: expiration Thu Sep 21 21:52:52 2017 : Debug: logintime Thu Sep 21 21:52:52 2017 : Debug: pap Thu Sep 21 21:52:52 2017 : Debug: # Loading session {...} Thu Sep 21 21:52:52 2017 : Debug: radutmp Thu Sep 21 21:52:52 2017 : Debug: # Loading post-proxy {...} Thu Sep 21 21:52:52 2017 : Debug: eap Thu Sep 21 21:52:52 2017 : Debug: # Loading post-auth {...} Thu Sep 21 21:52:52 2017 : Info: # Skipping contents of 'if' as it is always 'false' -- /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/inner-tunnel:331 Thu Sep 21 21:52:52 2017 : Debug: if (false) { Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: } # server inner-tunnel Thu Sep 21 21:52:52 2017 : Debug: radiusd: #### Opening IP addresses and Ports #### Thu Sep 21 21:52:52 2017 : Debug: listen { Thu Sep 21 21:52:52 2017 : Debug: type = "auth" Thu Sep 21 21:52:52 2017 : Debug: ipaddr = * Thu Sep 21 21:52:52 2017 : Debug: port = 0 Thu Sep 21 21:52:52 2017 : Debug: limit { Thu Sep 21 21:52:52 2017 : Debug: max_connections = 16 Thu Sep 21 21:52:52 2017 : Debug: lifetime = 0 Thu Sep 21 21:52:52 2017 : Debug: idle_timeout = 30 Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: listen { Thu Sep 21 21:52:52 2017 : Debug: type = "acct" Thu Sep 21 21:52:52 2017 : Debug: ipaddr = * Thu Sep 21 21:52:52 2017 : Debug: port = 0 Thu Sep 21 21:52:52 2017 : Debug: limit { Thu Sep 21 21:52:52 2017 : Debug: max_connections = 16 Thu Sep 21 21:52:52 2017 : Debug: lifetime = 0 Thu Sep 21 21:52:52 2017 : Debug: idle_timeout = 30 Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: listen { Thu Sep 21 21:52:52 2017 : Debug: type = "auth" Thu Sep 21 21:52:52 2017 : Debug: ipv6addr = :: Thu Sep 21 21:52:52 2017 : Debug: port = 0 Thu Sep 21 21:52:52 2017 : Debug: limit { Thu Sep 21 21:52:52 2017 : Debug: max_connections = 16 Thu Sep 21 21:52:52 2017 : Debug: lifetime = 0 Thu Sep 21 21:52:52 2017 : Debug: idle_timeout = 30 Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: listen { Thu Sep 21 21:52:52 2017 : Debug: type = "acct" Thu Sep 21 21:52:52 2017 : Debug: ipv6addr = :: Thu Sep 21 21:52:52 2017 : Debug: port = 0 Thu Sep 21 21:52:52 2017 : Debug: limit { Thu Sep 21 21:52:52 2017 : Debug: max_connections = 16 Thu Sep 21 21:52:52 2017 : Debug: lifetime = 0 Thu Sep 21 21:52:52 2017 : Debug: idle_timeout = 30 Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: listen { Thu Sep 21 21:52:52 2017 : Debug: type = "auth" Thu Sep 21 21:52:52 2017 : Debug: ipaddr = 127.0.0.1 Thu Sep 21 21:52:52 2017 : Debug: port = 18120 Thu Sep 21 21:52:52 2017 : Debug: } Thu Sep 21 21:52:52 2017 : Debug: Listening on auth address * port 1812 bound to server default Thu Sep 21 21:52:52 2017 : Debug: Listening on acct address * port 1813 bound to server default Thu Sep 21 21:52:52 2017 : Debug: Listening on auth address :: port 1812 bound to server default Thu Sep 21 21:52:52 2017 : Debug: Listening on acct address :: port 1813 bound to server default Thu Sep 21 21:52:52 2017 : Debug: Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel Thu Sep 21 21:52:52 2017 : Debug: Opened new proxy socket 'proxy address * port 52330' Thu Sep 21 21:52:52 2017 : Debug: Listening on proxy address * port 52330 Thu Sep 21 21:52:52 2017 : Debug: Opened new proxy socket 'proxy address :: port 23843' Thu Sep 21 21:52:52 2017 : Debug: Listening on proxy address :: port 23843 Thu Sep 21 21:52:52 2017 : Info: Ready to process requests Thu Sep 21 21:53:02 2017 : Debug: (0) Received Access-Request Id 0 from 127.0.0.1:55294 to 127.0.0.1:1812 length 146 Thu Sep 21 21:53:02 2017 : Debug: (0) User-Name = "passpoint/adrian" Thu Sep 21 21:53:02 2017 : Debug: (0) NAS-IP-Address = 127.0.0.1 Thu Sep 21 21:53:02 2017 : Debug: (0) Calling-Station-Id = "02-00-00-00-00-01" Thu Sep 21 21:53:02 2017 : Debug: (0) Framed-MTU = 1400 Thu Sep 21 21:53:02 2017 : Debug: (0) NAS-Port-Type = Wireless-802.11 Thu Sep 21 21:53:02 2017 : Debug: (0) Service-Type = Framed-User Thu Sep 21 21:53:02 2017 : Debug: (0) Connect-Info = "CONNECT 11Mbps 802.11b" Thu Sep 21 21:53:02 2017 : Debug: (0) EAP-Message = 0x020000150170617373706f696e742f61647269616e Thu Sep 21 21:53:02 2017 : Debug: (0) Message-Authenticator = 0x576565b05bb92df2aefcf44550831440 Thu Sep 21 21:53:02 2017 : Debug: (0) session-state: No State attribute Thu Sep 21 21:53:02 2017 : Debug: (0) # Executing section authorize from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default Thu Sep 21 21:53:02 2017 : Debug: (0) authorize { Thu Sep 21 21:53:02 2017 : Debug: (0) policy filter_username { Thu Sep 21 21:53:02 2017 : Debug: (0) if (&User-Name) { Thu Sep 21 21:53:02 2017 : Debug: (0) if (&User-Name) -> TRUE Thu Sep 21 21:53:02 2017 : Debug: (0) if (&User-Name) { Thu Sep 21 21:53:02 2017 : Debug: (0) if (&User-Name =~ / /) { Thu Sep 21 21:53:02 2017 : Debug: (0) if (&User-Name =~ / /) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (0) if (&User-Name =~ /@[^@]*@/ ) { Thu Sep 21 21:53:02 2017 : Debug: (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (0) if (&User-Name =~ /\.\./ ) { Thu Sep 21 21:53:02 2017 : Debug: (0) if (&User-Name =~ /\.\./ ) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Thu Sep 21 21:53:02 2017 : Debug: (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (0) if (&User-Name =~ /\.$/) { Thu Sep 21 21:53:02 2017 : Debug: (0) if (&User-Name =~ /\.$/) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (0) if (&User-Name =~ /@\./) { Thu Sep 21 21:53:02 2017 : Debug: (0) if (&User-Name =~ /@\./) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (0) } # if (&User-Name) = notfound Thu Sep 21 21:53:02 2017 : Debug: (0) } # policy filter_username = notfound Thu Sep 21 21:53:02 2017 : Debug: (0) modsingle[authorize]: calling preprocess (rlm_preprocess) Thu Sep 21 21:53:02 2017 : Debug: (0) modsingle[authorize]: returned from preprocess (rlm_preprocess) Thu Sep 21 21:53:02 2017 : Debug: (0) [preprocess] = ok Thu Sep 21 21:53:02 2017 : Debug: (0) modsingle[authorize]: calling chap (rlm_chap) Thu Sep 21 21:53:02 2017 : Debug: (0) modsingle[authorize]: returned from chap (rlm_chap) Thu Sep 21 21:53:02 2017 : Debug: (0) [chap] = noop Thu Sep 21 21:53:02 2017 : Debug: (0) modsingle[authorize]: calling mschap (rlm_mschap) Thu Sep 21 21:53:02 2017 : Debug: (0) modsingle[authorize]: returned from mschap (rlm_mschap) Thu Sep 21 21:53:02 2017 : Debug: (0) [mschap] = noop Thu Sep 21 21:53:02 2017 : Debug: (0) modsingle[authorize]: calling digest (rlm_digest) Thu Sep 21 21:53:02 2017 : Debug: (0) modsingle[authorize]: returned from digest (rlm_digest) Thu Sep 21 21:53:02 2017 : Debug: (0) [digest] = noop Thu Sep 21 21:53:02 2017 : Debug: (0) modsingle[authorize]: calling IPASS (rlm_realm) Thu Sep 21 21:53:02 2017 : Debug: (0) IPASS: Checking for prefix before "/" Thu Sep 21 21:53:02 2017 : Debug: (0) IPASS: Looking up realm "passpoint" for User-Name = "passpoint/adrian" Thu Sep 21 21:53:02 2017 : Debug: (0) IPASS: Found realm "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (0) IPASS: Adding Realm = "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (0) IPASS: Proxying request from user passpoint/adrian to realm passpoint Thu Sep 21 21:53:02 2017 : Debug: (0) IPASS: Preparing to proxy authentication request to realm "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (0) modsingle[authorize]: returned from IPASS (rlm_realm) Thu Sep 21 21:53:02 2017 : Debug: (0) [IPASS] = updated Thu Sep 21 21:53:02 2017 : Debug: (0) if (Realm == 'passpoint' && &EAP-Message ) { Thu Sep 21 21:53:02 2017 : Debug: (0) if (Realm == 'passpoint' && &EAP-Message ) -> TRUE Thu Sep 21 21:53:02 2017 : Debug: (0) if (Realm == 'passpoint' && &EAP-Message ) { Thu Sep 21 21:53:02 2017 : Debug: (0) update control { Thu Sep 21 21:53:02 2017 : Debug: (0) Proxy-To-Realm := LOCAL Thu Sep 21 21:53:02 2017 : Debug: (0) Overwriting value "passpoint" with "LOCAL" Thu Sep 21 21:53:02 2017 : Debug: (0) } # update control = noop Thu Sep 21 21:53:02 2017 : Debug: (0) } # if (Realm == 'passpoint' && &EAP-Message ) = noop Thu Sep 21 21:53:02 2017 : Debug: (0) ... skipping else: Preceding "if" was taken Thu Sep 21 21:53:02 2017 : Debug: (0) modsingle[authorize]: calling eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (0) eap: Peer sent EAP Response (code 2) ID 0 length 21 Thu Sep 21 21:53:02 2017 : Debug: (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize Thu Sep 21 21:53:02 2017 : Debug: (0) modsingle[authorize]: returned from eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (0) [eap] = ok Thu Sep 21 21:53:02 2017 : Debug: (0) } # authorize = ok Thu Sep 21 21:53:02 2017 : Debug: (0) Found Auth-Type = eap Thu Sep 21 21:53:02 2017 : Debug: (0) # Executing group from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default Thu Sep 21 21:53:02 2017 : Debug: (0) authenticate { Thu Sep 21 21:53:02 2017 : Debug: (0) modsingle[authenticate]: calling eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (0) eap: Peer sent packet with method EAP Identity (1) Thu Sep 21 21:53:02 2017 : Debug: (0) eap: Calling submodule eap_md5 to process data Thu Sep 21 21:53:02 2017 : Debug: (0) eap_md5: Issuing MD5 Challenge Thu Sep 21 21:53:02 2017 : Debug: (0) eap: Sending EAP Request (code 1) ID 1 length 22 Thu Sep 21 21:53:02 2017 : Debug: (0) eap: EAP session adding &reply:State = 0x54689a5154699e90 Thu Sep 21 21:53:02 2017 : Debug: (0) modsingle[authenticate]: returned from eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (0) [eap] = handled Thu Sep 21 21:53:02 2017 : Debug: (0) } # authenticate = handled Thu Sep 21 21:53:02 2017 : Debug: (0) Using Post-Auth-Type Challenge Thu Sep 21 21:53:02 2017 : Debug: (0) # Executing group from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default Thu Sep 21 21:53:02 2017 : Debug: (0) Challenge { ... } # empty sub-section is ignored Thu Sep 21 21:53:02 2017 : Debug: (0) session-state: Nothing to cache Thu Sep 21 21:53:02 2017 : Debug: (0) Sent Access-Challenge Id 0 from 127.0.0.1:1812 to 127.0.0.1:55294 length 0 Thu Sep 21 21:53:02 2017 : Debug: (0) EAP-Message = 0x010100160410d4530106701dd0d1db2dfe5bfe82746f Thu Sep 21 21:53:02 2017 : Debug: (0) Message-Authenticator = 0x00000000000000000000000000000000 Thu Sep 21 21:53:02 2017 : Debug: (0) State = 0x54689a5154699e90812c1dc1038731b0 Thu Sep 21 21:53:02 2017 : Debug: (0) Finished request Thu Sep 21 21:53:02 2017 : Debug: Waking up in 4.9 seconds. Thu Sep 21 21:53:02 2017 : Debug: (1) Received Access-Request Id 1 from 127.0.0.1:55294 to 127.0.0.1:1812 length 149 Thu Sep 21 21:53:02 2017 : Debug: (1) User-Name = "passpoint/adrian" Thu Sep 21 21:53:02 2017 : Debug: (1) NAS-IP-Address = 127.0.0.1 Thu Sep 21 21:53:02 2017 : Debug: (1) Calling-Station-Id = "02-00-00-00-00-01" Thu Sep 21 21:53:02 2017 : Debug: (1) Framed-MTU = 1400 Thu Sep 21 21:53:02 2017 : Debug: (1) NAS-Port-Type = Wireless-802.11 Thu Sep 21 21:53:02 2017 : Debug: (1) Service-Type = Framed-User Thu Sep 21 21:53:02 2017 : Debug: (1) Connect-Info = "CONNECT 11Mbps 802.11b" Thu Sep 21 21:53:02 2017 : Debug: (1) EAP-Message = 0x020100060315 Thu Sep 21 21:53:02 2017 : Debug: (1) State = 0x54689a5154699e90812c1dc1038731b0 Thu Sep 21 21:53:02 2017 : Debug: (1) Message-Authenticator = 0xcccffb87642f884981157212205aa7a5 Thu Sep 21 21:53:02 2017 : Debug: (1) session-state: No cached attributes Thu Sep 21 21:53:02 2017 : Debug: (1) # Executing section authorize from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default Thu Sep 21 21:53:02 2017 : Debug: (1) authorize { Thu Sep 21 21:53:02 2017 : Debug: (1) policy filter_username { Thu Sep 21 21:53:02 2017 : Debug: (1) if (&User-Name) { Thu Sep 21 21:53:02 2017 : Debug: (1) if (&User-Name) -> TRUE Thu Sep 21 21:53:02 2017 : Debug: (1) if (&User-Name) { Thu Sep 21 21:53:02 2017 : Debug: (1) if (&User-Name =~ / /) { Thu Sep 21 21:53:02 2017 : Debug: (1) if (&User-Name =~ / /) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (1) if (&User-Name =~ /@[^@]*@/ ) { Thu Sep 21 21:53:02 2017 : Debug: (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (1) if (&User-Name =~ /\.\./ ) { Thu Sep 21 21:53:02 2017 : Debug: (1) if (&User-Name =~ /\.\./ ) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Thu Sep 21 21:53:02 2017 : Debug: (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (1) if (&User-Name =~ /\.$/) { Thu Sep 21 21:53:02 2017 : Debug: (1) if (&User-Name =~ /\.$/) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (1) if (&User-Name =~ /@\./) { Thu Sep 21 21:53:02 2017 : Debug: (1) if (&User-Name =~ /@\./) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (1) } # if (&User-Name) = notfound Thu Sep 21 21:53:02 2017 : Debug: (1) } # policy filter_username = notfound Thu Sep 21 21:53:02 2017 : Debug: (1) modsingle[authorize]: calling preprocess (rlm_preprocess) Thu Sep 21 21:53:02 2017 : Debug: (1) modsingle[authorize]: returned from preprocess (rlm_preprocess) Thu Sep 21 21:53:02 2017 : Debug: (1) [preprocess] = ok Thu Sep 21 21:53:02 2017 : Debug: (1) modsingle[authorize]: calling chap (rlm_chap) Thu Sep 21 21:53:02 2017 : Debug: (1) modsingle[authorize]: returned from chap (rlm_chap) Thu Sep 21 21:53:02 2017 : Debug: (1) [chap] = noop Thu Sep 21 21:53:02 2017 : Debug: (1) modsingle[authorize]: calling mschap (rlm_mschap) Thu Sep 21 21:53:02 2017 : Debug: (1) modsingle[authorize]: returned from mschap (rlm_mschap) Thu Sep 21 21:53:02 2017 : Debug: (1) [mschap] = noop Thu Sep 21 21:53:02 2017 : Debug: (1) modsingle[authorize]: calling digest (rlm_digest) Thu Sep 21 21:53:02 2017 : Debug: (1) modsingle[authorize]: returned from digest (rlm_digest) Thu Sep 21 21:53:02 2017 : Debug: (1) [digest] = noop Thu Sep 21 21:53:02 2017 : Debug: (1) modsingle[authorize]: calling IPASS (rlm_realm) Thu Sep 21 21:53:02 2017 : Debug: (1) IPASS: Checking for prefix before "/" Thu Sep 21 21:53:02 2017 : Debug: (1) IPASS: Looking up realm "passpoint" for User-Name = "passpoint/adrian" Thu Sep 21 21:53:02 2017 : Debug: (1) IPASS: Found realm "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (1) IPASS: Adding Realm = "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (1) IPASS: Proxying request from user passpoint/adrian to realm passpoint Thu Sep 21 21:53:02 2017 : Debug: (1) IPASS: Preparing to proxy authentication request to realm "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (1) modsingle[authorize]: returned from IPASS (rlm_realm) Thu Sep 21 21:53:02 2017 : Debug: (1) [IPASS] = updated Thu Sep 21 21:53:02 2017 : Debug: (1) if (Realm == 'passpoint' && &EAP-Message ) { Thu Sep 21 21:53:02 2017 : Debug: (1) if (Realm == 'passpoint' && &EAP-Message ) -> TRUE Thu Sep 21 21:53:02 2017 : Debug: (1) if (Realm == 'passpoint' && &EAP-Message ) { Thu Sep 21 21:53:02 2017 : Debug: (1) update control { Thu Sep 21 21:53:02 2017 : Debug: (1) Proxy-To-Realm := LOCAL Thu Sep 21 21:53:02 2017 : Debug: (1) Overwriting value "passpoint" with "LOCAL" Thu Sep 21 21:53:02 2017 : Debug: (1) } # update control = noop Thu Sep 21 21:53:02 2017 : Debug: (1) } # if (Realm == 'passpoint' && &EAP-Message ) = noop Thu Sep 21 21:53:02 2017 : Debug: (1) ... skipping else: Preceding "if" was taken Thu Sep 21 21:53:02 2017 : Debug: (1) modsingle[authorize]: calling eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (1) eap: Peer sent EAP Response (code 2) ID 1 length 6 Thu Sep 21 21:53:02 2017 : Debug: (1) eap: No EAP Start, assuming it's an on-going EAP conversation Thu Sep 21 21:53:02 2017 : Debug: (1) modsingle[authorize]: returned from eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (1) [eap] = updated Thu Sep 21 21:53:02 2017 : Debug: (1) modsingle[authorize]: calling files (rlm_files) Thu Sep 21 21:53:02 2017 : Debug: (1) modsingle[authorize]: returned from files (rlm_files) Thu Sep 21 21:53:02 2017 : Debug: (1) [files] = noop Thu Sep 21 21:53:02 2017 : Debug: (1) modsingle[authorize]: calling expiration (rlm_expiration) Thu Sep 21 21:53:02 2017 : Debug: (1) modsingle[authorize]: returned from expiration (rlm_expiration) Thu Sep 21 21:53:02 2017 : Debug: (1) [expiration] = noop Thu Sep 21 21:53:02 2017 : Debug: (1) modsingle[authorize]: calling logintime (rlm_logintime) Thu Sep 21 21:53:02 2017 : Debug: (1) modsingle[authorize]: returned from logintime (rlm_logintime) Thu Sep 21 21:53:02 2017 : Debug: (1) [logintime] = noop Thu Sep 21 21:53:02 2017 : Debug: (1) modsingle[authorize]: calling pap (rlm_pap) Thu Sep 21 21:53:02 2017 : Debug: (1) modsingle[authorize]: returned from pap (rlm_pap) Thu Sep 21 21:53:02 2017 : Debug: (1) [pap] = noop Thu Sep 21 21:53:02 2017 : Debug: (1) } # authorize = updated Thu Sep 21 21:53:02 2017 : Debug: (1) Found Auth-Type = eap Thu Sep 21 21:53:02 2017 : Debug: (1) # Executing group from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default Thu Sep 21 21:53:02 2017 : Debug: (1) authenticate { Thu Sep 21 21:53:02 2017 : Debug: (1) modsingle[authenticate]: calling eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (1) eap: Expiring EAP session with state 0x54689a5154699e90 Thu Sep 21 21:53:02 2017 : Debug: (1) eap: Finished EAP session with state 0x54689a5154699e90 Thu Sep 21 21:53:02 2017 : Debug: (1) eap: Previous EAP request found for state 0x54689a5154699e90, released from the list Thu Sep 21 21:53:02 2017 : Debug: (1) eap: Peer sent packet with method EAP NAK (3) Thu Sep 21 21:53:02 2017 : Debug: (1) eap: Found mutually acceptable type TTLS (21) Thu Sep 21 21:53:02 2017 : Debug: (1) eap: Calling submodule eap_ttls to process data Thu Sep 21 21:53:02 2017 : Debug: (1) eap_ttls: Initiating new EAP-TLS session Thu Sep 21 21:53:02 2017 : Debug: (1) eap_ttls: [eaptls start] = request Thu Sep 21 21:53:02 2017 : Debug: (1) eap: Sending EAP Request (code 1) ID 2 length 6 Thu Sep 21 21:53:02 2017 : Debug: (1) eap: EAP session adding &reply:State = 0x54689a51556a8f90 Thu Sep 21 21:53:02 2017 : Debug: (1) modsingle[authenticate]: returned from eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (1) [eap] = handled Thu Sep 21 21:53:02 2017 : Debug: (1) } # authenticate = handled Thu Sep 21 21:53:02 2017 : Debug: (1) Using Post-Auth-Type Challenge Thu Sep 21 21:53:02 2017 : Debug: (1) # Executing group from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default Thu Sep 21 21:53:02 2017 : Debug: (1) Challenge { ... } # empty sub-section is ignored Thu Sep 21 21:53:02 2017 : Debug: (1) session-state: Nothing to cache Thu Sep 21 21:53:02 2017 : Debug: (1) Sent Access-Challenge Id 1 from 127.0.0.1:1812 to 127.0.0.1:55294 length 0 Thu Sep 21 21:53:02 2017 : Debug: (1) EAP-Message = 0x010200061520 Thu Sep 21 21:53:02 2017 : Debug: (1) Message-Authenticator = 0x00000000000000000000000000000000 Thu Sep 21 21:53:02 2017 : Debug: (1) State = 0x54689a51556a8f90812c1dc1038731b0 Thu Sep 21 21:53:02 2017 : Debug: (1) Finished request Thu Sep 21 21:53:02 2017 : Debug: Waking up in 4.9 seconds. Thu Sep 21 21:53:02 2017 : Debug: (2) Received Access-Request Id 2 from 127.0.0.1:55294 to 127.0.0.1:1812 length 436 Thu Sep 21 21:53:02 2017 : Debug: (2) User-Name = "passpoint/adrian" Thu Sep 21 21:53:02 2017 : Debug: (2) NAS-IP-Address = 127.0.0.1 Thu Sep 21 21:53:02 2017 : Debug: (2) Calling-Station-Id = "02-00-00-00-00-01" Thu Sep 21 21:53:02 2017 : Debug: (2) Framed-MTU = 1400 Thu Sep 21 21:53:02 2017 : Debug: (2) NAS-Port-Type = Wireless-802.11 Thu Sep 21 21:53:02 2017 : Debug: (2) Service-Type = Framed-User Thu Sep 21 21:53:02 2017 : Debug: (2) Connect-Info = "CONNECT 11Mbps 802.11b" Thu Sep 21 21:53:02 2017 : Debug: (2) EAP-Message = 0x02020123150016030101180100011403031a4e211282fb67d23fa513140363b51135fdcfc554604e3db45fffede16f91e8000082c030c02cc028c024c014c00a00a3009f006b006a0039003800880087c032c02ec02ac026c00fc005009d003d00350084c012c00800160013c00dc003000ac02fc02bc0 Thu Sep 21 21:53:02 2017 : Debug: (2) State = 0x54689a51556a8f90812c1dc1038731b0 Thu Sep 21 21:53:02 2017 : Debug: (2) Message-Authenticator = 0xb478404f29389777d3bccc5a86a55d07 Thu Sep 21 21:53:02 2017 : Debug: (2) session-state: No cached attributes Thu Sep 21 21:53:02 2017 : Debug: (2) # Executing section authorize from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default Thu Sep 21 21:53:02 2017 : Debug: (2) authorize { Thu Sep 21 21:53:02 2017 : Debug: (2) policy filter_username { Thu Sep 21 21:53:02 2017 : Debug: (2) if (&User-Name) { Thu Sep 21 21:53:02 2017 : Debug: (2) if (&User-Name) -> TRUE Thu Sep 21 21:53:02 2017 : Debug: (2) if (&User-Name) { Thu Sep 21 21:53:02 2017 : Debug: (2) if (&User-Name =~ / /) { Thu Sep 21 21:53:02 2017 : Debug: (2) if (&User-Name =~ / /) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (2) if (&User-Name =~ /@[^@]*@/ ) { Thu Sep 21 21:53:02 2017 : Debug: (2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (2) if (&User-Name =~ /\.\./ ) { Thu Sep 21 21:53:02 2017 : Debug: (2) if (&User-Name =~ /\.\./ ) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Thu Sep 21 21:53:02 2017 : Debug: (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (2) if (&User-Name =~ /\.$/) { Thu Sep 21 21:53:02 2017 : Debug: (2) if (&User-Name =~ /\.$/) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (2) if (&User-Name =~ /@\./) { Thu Sep 21 21:53:02 2017 : Debug: (2) if (&User-Name =~ /@\./) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (2) } # if (&User-Name) = notfound Thu Sep 21 21:53:02 2017 : Debug: (2) } # policy filter_username = notfound Thu Sep 21 21:53:02 2017 : Debug: (2) modsingle[authorize]: calling preprocess (rlm_preprocess) Thu Sep 21 21:53:02 2017 : Debug: (2) modsingle[authorize]: returned from preprocess (rlm_preprocess) Thu Sep 21 21:53:02 2017 : Debug: (2) [preprocess] = ok Thu Sep 21 21:53:02 2017 : Debug: (2) modsingle[authorize]: calling chap (rlm_chap) Thu Sep 21 21:53:02 2017 : Debug: (2) modsingle[authorize]: returned from chap (rlm_chap) Thu Sep 21 21:53:02 2017 : Debug: (2) [chap] = noop Thu Sep 21 21:53:02 2017 : Debug: (2) modsingle[authorize]: calling mschap (rlm_mschap) Thu Sep 21 21:53:02 2017 : Debug: (2) modsingle[authorize]: returned from mschap (rlm_mschap) Thu Sep 21 21:53:02 2017 : Debug: (2) [mschap] = noop Thu Sep 21 21:53:02 2017 : Debug: (2) modsingle[authorize]: calling digest (rlm_digest) Thu Sep 21 21:53:02 2017 : Debug: (2) modsingle[authorize]: returned from digest (rlm_digest) Thu Sep 21 21:53:02 2017 : Debug: (2) [digest] = noop Thu Sep 21 21:53:02 2017 : Debug: (2) modsingle[authorize]: calling IPASS (rlm_realm) Thu Sep 21 21:53:02 2017 : Debug: (2) IPASS: Checking for prefix before "/" Thu Sep 21 21:53:02 2017 : Debug: (2) IPASS: Looking up realm "passpoint" for User-Name = "passpoint/adrian" Thu Sep 21 21:53:02 2017 : Debug: (2) IPASS: Found realm "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (2) IPASS: Adding Realm = "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (2) IPASS: Proxying request from user passpoint/adrian to realm passpoint Thu Sep 21 21:53:02 2017 : Debug: (2) IPASS: Preparing to proxy authentication request to realm "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (2) modsingle[authorize]: returned from IPASS (rlm_realm) Thu Sep 21 21:53:02 2017 : Debug: (2) [IPASS] = updated Thu Sep 21 21:53:02 2017 : Debug: (2) if (Realm == 'passpoint' && &EAP-Message ) { Thu Sep 21 21:53:02 2017 : Debug: (2) if (Realm == 'passpoint' && &EAP-Message ) -> TRUE Thu Sep 21 21:53:02 2017 : Debug: (2) if (Realm == 'passpoint' && &EAP-Message ) { Thu Sep 21 21:53:02 2017 : Debug: (2) update control { Thu Sep 21 21:53:02 2017 : Debug: (2) Proxy-To-Realm := LOCAL Thu Sep 21 21:53:02 2017 : Debug: (2) Overwriting value "passpoint" with "LOCAL" Thu Sep 21 21:53:02 2017 : Debug: (2) } # update control = noop Thu Sep 21 21:53:02 2017 : Debug: (2) } # if (Realm == 'passpoint' && &EAP-Message ) = noop Thu Sep 21 21:53:02 2017 : Debug: (2) ... skipping else: Preceding "if" was taken Thu Sep 21 21:53:02 2017 : Debug: (2) modsingle[authorize]: calling eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (2) eap: Peer sent EAP Response (code 2) ID 2 length 291 Thu Sep 21 21:53:02 2017 : Debug: (2) eap: Continuing tunnel setup Thu Sep 21 21:53:02 2017 : Debug: (2) modsingle[authorize]: returned from eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (2) [eap] = ok Thu Sep 21 21:53:02 2017 : Debug: (2) } # authorize = ok Thu Sep 21 21:53:02 2017 : Debug: (2) Found Auth-Type = eap Thu Sep 21 21:53:02 2017 : Debug: (2) # Executing group from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default Thu Sep 21 21:53:02 2017 : Debug: (2) authenticate { Thu Sep 21 21:53:02 2017 : Debug: (2) modsingle[authenticate]: calling eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (2) eap: Expiring EAP session with state 0x54689a51556a8f90 Thu Sep 21 21:53:02 2017 : Debug: (2) eap: Finished EAP session with state 0x54689a51556a8f90 Thu Sep 21 21:53:02 2017 : Debug: (2) eap: Previous EAP request found for state 0x54689a51556a8f90, released from the list Thu Sep 21 21:53:02 2017 : Debug: (2) eap: Peer sent packet with method EAP TTLS (21) Thu Sep 21 21:53:02 2017 : Debug: (2) eap: Calling submodule eap_ttls to process data Thu Sep 21 21:53:02 2017 : Debug: (2) eap_ttls: Authenticate Thu Sep 21 21:53:02 2017 : Debug: (2) eap_ttls: Continuing EAP-TLS Thu Sep 21 21:53:02 2017 : Debug: (2) eap_ttls: Peer sent flags --- Thu Sep 21 21:53:02 2017 : Debug: (2) eap_ttls: [eaptls verify] = ok Thu Sep 21 21:53:02 2017 : Debug: (2) eap_ttls: Done initial handshake Thu Sep 21 21:53:02 2017 : Debug: (2) eap_ttls: (other): before/accept initialization Thu Sep 21 21:53:02 2017 : Debug: (2) eap_ttls: TLS_accept: before/accept initialization Thu Sep 21 21:53:02 2017 : Debug: (2) eap_ttls: <<< recv TLS 1.2 [length 0118] Thu Sep 21 21:53:02 2017 : Debug: (2) eap_ttls: TLS_accept: SSLv3 read client hello A Thu Sep 21 21:53:02 2017 : Debug: (2) eap_ttls: >>> send TLS 1.2 [length 003e] Thu Sep 21 21:53:02 2017 : Debug: (2) eap_ttls: TLS_accept: SSLv3 write server hello A Thu Sep 21 21:53:02 2017 : Debug: (2) eap_ttls: >>> send TLS 1.2 [length 08d3] Thu Sep 21 21:53:02 2017 : Debug: (2) eap_ttls: TLS_accept: SSLv3 write certificate A Thu Sep 21 21:53:02 2017 : Debug: (2) eap_ttls: >>> send TLS 1.2 [length 014d] Thu Sep 21 21:53:02 2017 : Debug: (2) eap_ttls: TLS_accept: SSLv3 write key exchange A Thu Sep 21 21:53:02 2017 : Debug: (2) eap_ttls: >>> send TLS 1.2 [length 0004] Thu Sep 21 21:53:02 2017 : Debug: (2) eap_ttls: TLS_accept: SSLv3 write server done A Thu Sep 21 21:53:02 2017 : Debug: (2) eap_ttls: TLS_accept: SSLv3 flush data Thu Sep 21 21:53:02 2017 : Debug: (2) eap_ttls: TLS_accept: Need to read more data: SSLv3 read client certificate A Thu Sep 21 21:53:02 2017 : Debug: (2) eap_ttls: TLS_accept: Need to read more data: SSLv3 read client certificate A Thu Sep 21 21:53:02 2017 : Debug: (2) eap_ttls: In SSL Handshake Phase Thu Sep 21 21:53:02 2017 : Debug: (2) eap_ttls: In SSL Accept mode Thu Sep 21 21:53:02 2017 : Debug: (2) eap_ttls: [eaptls process] = handled Thu Sep 21 21:53:02 2017 : Debug: (2) eap: Sending EAP Request (code 1) ID 3 length 1004 Thu Sep 21 21:53:02 2017 : Debug: (2) eap: EAP session adding &reply:State = 0x54689a51566b8f90 Thu Sep 21 21:53:02 2017 : Debug: (2) modsingle[authenticate]: returned from eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (2) [eap] = handled Thu Sep 21 21:53:02 2017 : Debug: (2) } # authenticate = handled Thu Sep 21 21:53:02 2017 : Debug: (2) Using Post-Auth-Type Challenge Thu Sep 21 21:53:02 2017 : Debug: (2) # Executing group from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default Thu Sep 21 21:53:02 2017 : Debug: (2) Challenge { ... } # empty sub-section is ignored Thu Sep 21 21:53:02 2017 : Debug: (2) session-state: Nothing to cache Thu Sep 21 21:53:02 2017 : Debug: (2) Sent Access-Challenge Id 2 from 127.0.0.1:1812 to 127.0.0.1:55294 length 0 Thu Sep 21 21:53:02 2017 : Debug: (2) EAP-Message = 0x010303ec15c000000a76160303003e0200003a0303ac3420b282d9ce92bdf0f91fd2f999bc85996555054d90d6adf436fbd20bafe500c030000012ff01000100000b000403000102000f00010116030308d30b0008cf0008cc0003de308203da308202c2a003020102020101300d06092a864886f70d01 Thu Sep 21 21:53:02 2017 : Debug: (2) Message-Authenticator = 0x00000000000000000000000000000000 Thu Sep 21 21:53:02 2017 : Debug: (2) State = 0x54689a51566b8f90812c1dc1038731b0 Thu Sep 21 21:53:02 2017 : Debug: (2) Finished request Thu Sep 21 21:53:02 2017 : Debug: Waking up in 4.9 seconds. Thu Sep 21 21:53:02 2017 : Debug: (3) Received Access-Request Id 3 from 127.0.0.1:55294 to 127.0.0.1:1812 length 149 Thu Sep 21 21:53:02 2017 : Debug: (3) User-Name = "passpoint/adrian" Thu Sep 21 21:53:02 2017 : Debug: (3) NAS-IP-Address = 127.0.0.1 Thu Sep 21 21:53:02 2017 : Debug: (3) Calling-Station-Id = "02-00-00-00-00-01" Thu Sep 21 21:53:02 2017 : Debug: (3) Framed-MTU = 1400 Thu Sep 21 21:53:02 2017 : Debug: (3) NAS-Port-Type = Wireless-802.11 Thu Sep 21 21:53:02 2017 : Debug: (3) Service-Type = Framed-User Thu Sep 21 21:53:02 2017 : Debug: (3) Connect-Info = "CONNECT 11Mbps 802.11b" Thu Sep 21 21:53:02 2017 : Debug: (3) EAP-Message = 0x020300061500 Thu Sep 21 21:53:02 2017 : Debug: (3) State = 0x54689a51566b8f90812c1dc1038731b0 Thu Sep 21 21:53:02 2017 : Debug: (3) Message-Authenticator = 0x536a1de397547156d623541b8ac89179 Thu Sep 21 21:53:02 2017 : Debug: (3) session-state: No cached attributes Thu Sep 21 21:53:02 2017 : Debug: (3) # Executing section authorize from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default Thu Sep 21 21:53:02 2017 : Debug: (3) authorize { Thu Sep 21 21:53:02 2017 : Debug: (3) policy filter_username { Thu Sep 21 21:53:02 2017 : Debug: (3) if (&User-Name) { Thu Sep 21 21:53:02 2017 : Debug: (3) if (&User-Name) -> TRUE Thu Sep 21 21:53:02 2017 : Debug: (3) if (&User-Name) { Thu Sep 21 21:53:02 2017 : Debug: (3) if (&User-Name =~ / /) { Thu Sep 21 21:53:02 2017 : Debug: (3) if (&User-Name =~ / /) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (3) if (&User-Name =~ /@[^@]*@/ ) { Thu Sep 21 21:53:02 2017 : Debug: (3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (3) if (&User-Name =~ /\.\./ ) { Thu Sep 21 21:53:02 2017 : Debug: (3) if (&User-Name =~ /\.\./ ) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Thu Sep 21 21:53:02 2017 : Debug: (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (3) if (&User-Name =~ /\.$/) { Thu Sep 21 21:53:02 2017 : Debug: (3) if (&User-Name =~ /\.$/) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (3) if (&User-Name =~ /@\./) { Thu Sep 21 21:53:02 2017 : Debug: (3) if (&User-Name =~ /@\./) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (3) } # if (&User-Name) = notfound Thu Sep 21 21:53:02 2017 : Debug: (3) } # policy filter_username = notfound Thu Sep 21 21:53:02 2017 : Debug: (3) modsingle[authorize]: calling preprocess (rlm_preprocess) Thu Sep 21 21:53:02 2017 : Debug: (3) modsingle[authorize]: returned from preprocess (rlm_preprocess) Thu Sep 21 21:53:02 2017 : Debug: (3) [preprocess] = ok Thu Sep 21 21:53:02 2017 : Debug: (3) modsingle[authorize]: calling chap (rlm_chap) Thu Sep 21 21:53:02 2017 : Debug: (3) modsingle[authorize]: returned from chap (rlm_chap) Thu Sep 21 21:53:02 2017 : Debug: (3) [chap] = noop Thu Sep 21 21:53:02 2017 : Debug: (3) modsingle[authorize]: calling mschap (rlm_mschap) Thu Sep 21 21:53:02 2017 : Debug: (3) modsingle[authorize]: returned from mschap (rlm_mschap) Thu Sep 21 21:53:02 2017 : Debug: (3) [mschap] = noop Thu Sep 21 21:53:02 2017 : Debug: (3) modsingle[authorize]: calling digest (rlm_digest) Thu Sep 21 21:53:02 2017 : Debug: (3) modsingle[authorize]: returned from digest (rlm_digest) Thu Sep 21 21:53:02 2017 : Debug: (3) [digest] = noop Thu Sep 21 21:53:02 2017 : Debug: (3) modsingle[authorize]: calling IPASS (rlm_realm) Thu Sep 21 21:53:02 2017 : Debug: (3) IPASS: Checking for prefix before "/" Thu Sep 21 21:53:02 2017 : Debug: (3) IPASS: Looking up realm "passpoint" for User-Name = "passpoint/adrian" Thu Sep 21 21:53:02 2017 : Debug: (3) IPASS: Found realm "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (3) IPASS: Adding Realm = "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (3) IPASS: Proxying request from user passpoint/adrian to realm passpoint Thu Sep 21 21:53:02 2017 : Debug: (3) IPASS: Preparing to proxy authentication request to realm "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (3) modsingle[authorize]: returned from IPASS (rlm_realm) Thu Sep 21 21:53:02 2017 : Debug: (3) [IPASS] = updated Thu Sep 21 21:53:02 2017 : Debug: (3) if (Realm == 'passpoint' && &EAP-Message ) { Thu Sep 21 21:53:02 2017 : Debug: (3) if (Realm == 'passpoint' && &EAP-Message ) -> TRUE Thu Sep 21 21:53:02 2017 : Debug: (3) if (Realm == 'passpoint' && &EAP-Message ) { Thu Sep 21 21:53:02 2017 : Debug: (3) update control { Thu Sep 21 21:53:02 2017 : Debug: (3) Proxy-To-Realm := LOCAL Thu Sep 21 21:53:02 2017 : Debug: (3) Overwriting value "passpoint" with "LOCAL" Thu Sep 21 21:53:02 2017 : Debug: (3) } # update control = noop Thu Sep 21 21:53:02 2017 : Debug: (3) } # if (Realm == 'passpoint' && &EAP-Message ) = noop Thu Sep 21 21:53:02 2017 : Debug: (3) ... skipping else: Preceding "if" was taken Thu Sep 21 21:53:02 2017 : Debug: (3) modsingle[authorize]: calling eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (3) eap: Peer sent EAP Response (code 2) ID 3 length 6 Thu Sep 21 21:53:02 2017 : Debug: (3) eap: Continuing tunnel setup Thu Sep 21 21:53:02 2017 : Debug: (3) modsingle[authorize]: returned from eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (3) [eap] = ok Thu Sep 21 21:53:02 2017 : Debug: (3) } # authorize = ok Thu Sep 21 21:53:02 2017 : Debug: (3) Found Auth-Type = eap Thu Sep 21 21:53:02 2017 : Debug: (3) # Executing group from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default Thu Sep 21 21:53:02 2017 : Debug: (3) authenticate { Thu Sep 21 21:53:02 2017 : Debug: (3) modsingle[authenticate]: calling eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (3) eap: Expiring EAP session with state 0x54689a51566b8f90 Thu Sep 21 21:53:02 2017 : Debug: (3) eap: Finished EAP session with state 0x54689a51566b8f90 Thu Sep 21 21:53:02 2017 : Debug: (3) eap: Previous EAP request found for state 0x54689a51566b8f90, released from the list Thu Sep 21 21:53:02 2017 : Debug: (3) eap: Peer sent packet with method EAP TTLS (21) Thu Sep 21 21:53:02 2017 : Debug: (3) eap: Calling submodule eap_ttls to process data Thu Sep 21 21:53:02 2017 : Debug: (3) eap_ttls: Authenticate Thu Sep 21 21:53:02 2017 : Debug: (3) eap_ttls: Continuing EAP-TLS Thu Sep 21 21:53:02 2017 : Debug: (3) eap_ttls: Peer sent flags --- Thu Sep 21 21:53:02 2017 : Debug: (3) eap_ttls: Peer ACKed our handshake fragment Thu Sep 21 21:53:02 2017 : Debug: (3) eap_ttls: [eaptls verify] = request Thu Sep 21 21:53:02 2017 : Debug: (3) eap_ttls: [eaptls process] = handled Thu Sep 21 21:53:02 2017 : Debug: (3) eap: Sending EAP Request (code 1) ID 4 length 1004 Thu Sep 21 21:53:02 2017 : Debug: (3) eap: EAP session adding &reply:State = 0x54689a51576c8f90 Thu Sep 21 21:53:02 2017 : Debug: (3) modsingle[authenticate]: returned from eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (3) [eap] = handled Thu Sep 21 21:53:02 2017 : Debug: (3) } # authenticate = handled Thu Sep 21 21:53:02 2017 : Debug: (3) Using Post-Auth-Type Challenge Thu Sep 21 21:53:02 2017 : Debug: (3) # Executing group from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default Thu Sep 21 21:53:02 2017 : Debug: (3) Challenge { ... } # empty sub-section is ignored Thu Sep 21 21:53:02 2017 : Debug: (3) session-state: Nothing to cache Thu Sep 21 21:53:02 2017 : Debug: (3) Sent Access-Challenge Id 3 from 127.0.0.1:1812 to 127.0.0.1:55294 length 0 Thu Sep 21 21:53:02 2017 : Debug: (3) EAP-Message = 0x010403ec15c000000a76248f8888e5881e79b436b52e840997f72e732c268412ce672709b39826c3d5d7fc663ab0a1f4c53286fade69148e13154dacf503ad525b06b60b1590ce5bfd3e1d14a3cb0f2a154ee884d41e08410004e8308204e4308203cca00302010202090086f6ed416c702c78300d0609 Thu Sep 21 21:53:02 2017 : Debug: (3) Message-Authenticator = 0x00000000000000000000000000000000 Thu Sep 21 21:53:02 2017 : Debug: (3) State = 0x54689a51576c8f90812c1dc1038731b0 Thu Sep 21 21:53:02 2017 : Debug: (3) Finished request Thu Sep 21 21:53:02 2017 : Debug: Waking up in 4.9 seconds. Thu Sep 21 21:53:02 2017 : Debug: (4) Received Access-Request Id 4 from 127.0.0.1:55294 to 127.0.0.1:1812 length 149 Thu Sep 21 21:53:02 2017 : Debug: (4) User-Name = "passpoint/adrian" Thu Sep 21 21:53:02 2017 : Debug: (4) NAS-IP-Address = 127.0.0.1 Thu Sep 21 21:53:02 2017 : Debug: (4) Calling-Station-Id = "02-00-00-00-00-01" Thu Sep 21 21:53:02 2017 : Debug: (4) Framed-MTU = 1400 Thu Sep 21 21:53:02 2017 : Debug: (4) NAS-Port-Type = Wireless-802.11 Thu Sep 21 21:53:02 2017 : Debug: (4) Service-Type = Framed-User Thu Sep 21 21:53:02 2017 : Debug: (4) Connect-Info = "CONNECT 11Mbps 802.11b" Thu Sep 21 21:53:02 2017 : Debug: (4) EAP-Message = 0x020400061500 Thu Sep 21 21:53:02 2017 : Debug: (4) State = 0x54689a51576c8f90812c1dc1038731b0 Thu Sep 21 21:53:02 2017 : Debug: (4) Message-Authenticator = 0xcb8f1dbcf3687b4bdcff0c7af8bdbf86 Thu Sep 21 21:53:02 2017 : Debug: (4) session-state: No cached attributes Thu Sep 21 21:53:02 2017 : Debug: (4) # Executing section authorize from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default Thu Sep 21 21:53:02 2017 : Debug: (4) authorize { Thu Sep 21 21:53:02 2017 : Debug: (4) policy filter_username { Thu Sep 21 21:53:02 2017 : Debug: (4) if (&User-Name) { Thu Sep 21 21:53:02 2017 : Debug: (4) if (&User-Name) -> TRUE Thu Sep 21 21:53:02 2017 : Debug: (4) if (&User-Name) { Thu Sep 21 21:53:02 2017 : Debug: (4) if (&User-Name =~ / /) { Thu Sep 21 21:53:02 2017 : Debug: (4) if (&User-Name =~ / /) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (4) if (&User-Name =~ /@[^@]*@/ ) { Thu Sep 21 21:53:02 2017 : Debug: (4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (4) if (&User-Name =~ /\.\./ ) { Thu Sep 21 21:53:02 2017 : Debug: (4) if (&User-Name =~ /\.\./ ) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Thu Sep 21 21:53:02 2017 : Debug: (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (4) if (&User-Name =~ /\.$/) { Thu Sep 21 21:53:02 2017 : Debug: (4) if (&User-Name =~ /\.$/) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (4) if (&User-Name =~ /@\./) { Thu Sep 21 21:53:02 2017 : Debug: (4) if (&User-Name =~ /@\./) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (4) } # if (&User-Name) = notfound Thu Sep 21 21:53:02 2017 : Debug: (4) } # policy filter_username = notfound Thu Sep 21 21:53:02 2017 : Debug: (4) modsingle[authorize]: calling preprocess (rlm_preprocess) Thu Sep 21 21:53:02 2017 : Debug: (4) modsingle[authorize]: returned from preprocess (rlm_preprocess) Thu Sep 21 21:53:02 2017 : Debug: (4) [preprocess] = ok Thu Sep 21 21:53:02 2017 : Debug: (4) modsingle[authorize]: calling chap (rlm_chap) Thu Sep 21 21:53:02 2017 : Debug: (4) modsingle[authorize]: returned from chap (rlm_chap) Thu Sep 21 21:53:02 2017 : Debug: (4) [chap] = noop Thu Sep 21 21:53:02 2017 : Debug: (4) modsingle[authorize]: calling mschap (rlm_mschap) Thu Sep 21 21:53:02 2017 : Debug: (4) modsingle[authorize]: returned from mschap (rlm_mschap) Thu Sep 21 21:53:02 2017 : Debug: (4) [mschap] = noop Thu Sep 21 21:53:02 2017 : Debug: (4) modsingle[authorize]: calling digest (rlm_digest) Thu Sep 21 21:53:02 2017 : Debug: (4) modsingle[authorize]: returned from digest (rlm_digest) Thu Sep 21 21:53:02 2017 : Debug: (4) [digest] = noop Thu Sep 21 21:53:02 2017 : Debug: (4) modsingle[authorize]: calling IPASS (rlm_realm) Thu Sep 21 21:53:02 2017 : Debug: (4) IPASS: Checking for prefix before "/" Thu Sep 21 21:53:02 2017 : Debug: (4) IPASS: Looking up realm "passpoint" for User-Name = "passpoint/adrian" Thu Sep 21 21:53:02 2017 : Debug: (4) IPASS: Found realm "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (4) IPASS: Adding Realm = "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (4) IPASS: Proxying request from user passpoint/adrian to realm passpoint Thu Sep 21 21:53:02 2017 : Debug: (4) IPASS: Preparing to proxy authentication request to realm "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (4) modsingle[authorize]: returned from IPASS (rlm_realm) Thu Sep 21 21:53:02 2017 : Debug: (4) [IPASS] = updated Thu Sep 21 21:53:02 2017 : Debug: (4) if (Realm == 'passpoint' && &EAP-Message ) { Thu Sep 21 21:53:02 2017 : Debug: (4) if (Realm == 'passpoint' && &EAP-Message ) -> TRUE Thu Sep 21 21:53:02 2017 : Debug: (4) if (Realm == 'passpoint' && &EAP-Message ) { Thu Sep 21 21:53:02 2017 : Debug: (4) update control { Thu Sep 21 21:53:02 2017 : Debug: (4) Proxy-To-Realm := LOCAL Thu Sep 21 21:53:02 2017 : Debug: (4) Overwriting value "passpoint" with "LOCAL" Thu Sep 21 21:53:02 2017 : Debug: (4) } # update control = noop Thu Sep 21 21:53:02 2017 : Debug: (4) } # if (Realm == 'passpoint' && &EAP-Message ) = noop Thu Sep 21 21:53:02 2017 : Debug: (4) ... skipping else: Preceding "if" was taken Thu Sep 21 21:53:02 2017 : Debug: (4) modsingle[authorize]: calling eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (4) eap: Peer sent EAP Response (code 2) ID 4 length 6 Thu Sep 21 21:53:02 2017 : Debug: (4) eap: Continuing tunnel setup Thu Sep 21 21:53:02 2017 : Debug: (4) modsingle[authorize]: returned from eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (4) [eap] = ok Thu Sep 21 21:53:02 2017 : Debug: (4) } # authorize = ok Thu Sep 21 21:53:02 2017 : Debug: (4) Found Auth-Type = eap Thu Sep 21 21:53:02 2017 : Debug: (4) # Executing group from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default Thu Sep 21 21:53:02 2017 : Debug: (4) authenticate { Thu Sep 21 21:53:02 2017 : Debug: (4) modsingle[authenticate]: calling eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (4) eap: Expiring EAP session with state 0x54689a51576c8f90 Thu Sep 21 21:53:02 2017 : Debug: (4) eap: Finished EAP session with state 0x54689a51576c8f90 Thu Sep 21 21:53:02 2017 : Debug: (4) eap: Previous EAP request found for state 0x54689a51576c8f90, released from the list Thu Sep 21 21:53:02 2017 : Debug: (4) eap: Peer sent packet with method EAP TTLS (21) Thu Sep 21 21:53:02 2017 : Debug: (4) eap: Calling submodule eap_ttls to process data Thu Sep 21 21:53:02 2017 : Debug: (4) eap_ttls: Authenticate Thu Sep 21 21:53:02 2017 : Debug: (4) eap_ttls: Continuing EAP-TLS Thu Sep 21 21:53:02 2017 : Debug: (4) eap_ttls: Peer sent flags --- Thu Sep 21 21:53:02 2017 : Debug: (4) eap_ttls: Peer ACKed our handshake fragment Thu Sep 21 21:53:02 2017 : Debug: (4) eap_ttls: [eaptls verify] = request Thu Sep 21 21:53:02 2017 : Debug: (4) eap_ttls: [eaptls process] = handled Thu Sep 21 21:53:02 2017 : Debug: (4) eap: Sending EAP Request (code 1) ID 5 length 700 Thu Sep 21 21:53:02 2017 : Debug: (4) eap: EAP session adding &reply:State = 0x54689a51506d8f90 Thu Sep 21 21:53:02 2017 : Debug: (4) modsingle[authenticate]: returned from eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (4) [eap] = handled Thu Sep 21 21:53:02 2017 : Debug: (4) } # authenticate = handled Thu Sep 21 21:53:02 2017 : Debug: (4) Using Post-Auth-Type Challenge Thu Sep 21 21:53:02 2017 : Debug: (4) # Executing group from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default Thu Sep 21 21:53:02 2017 : Debug: (4) Challenge { ... } # empty sub-section is ignored Thu Sep 21 21:53:02 2017 : Debug: (4) session-state: Nothing to cache Thu Sep 21 21:53:02 2017 : Debug: (4) Sent Access-Challenge Id 4 from 127.0.0.1:1812 to 127.0.0.1:55294 length 0 Thu Sep 21 21:53:02 2017 : Debug: (4) EAP-Message = 0x010502bc158000000a76130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101006549c6eb3cea07acabb4528e0d0194383a2c71277064 Thu Sep 21 21:53:02 2017 : Debug: (4) Message-Authenticator = 0x00000000000000000000000000000000 Thu Sep 21 21:53:02 2017 : Debug: (4) State = 0x54689a51506d8f90812c1dc1038731b0 Thu Sep 21 21:53:02 2017 : Debug: (4) Finished request Thu Sep 21 21:53:02 2017 : Debug: Waking up in 4.9 seconds. Thu Sep 21 21:53:02 2017 : Debug: (5) Received Access-Request Id 5 from 127.0.0.1:55294 to 127.0.0.1:1812 length 275 Thu Sep 21 21:53:02 2017 : Debug: (5) User-Name = "passpoint/adrian" Thu Sep 21 21:53:02 2017 : Debug: (5) NAS-IP-Address = 127.0.0.1 Thu Sep 21 21:53:02 2017 : Debug: (5) Calling-Station-Id = "02-00-00-00-00-01" Thu Sep 21 21:53:02 2017 : Debug: (5) Framed-MTU = 1400 Thu Sep 21 21:53:02 2017 : Debug: (5) NAS-Port-Type = Wireless-802.11 Thu Sep 21 21:53:02 2017 : Debug: (5) Service-Type = Framed-User Thu Sep 21 21:53:02 2017 : Debug: (5) Connect-Info = "CONNECT 11Mbps 802.11b" Thu Sep 21 21:53:02 2017 : Debug: (5) EAP-Message = 0x02050084150016030300461000004241040b083a079f452e1d3b061350ee81d2d59b4375ad9903a3d3de1895a2a922906506ed90aee27904ed680366351be5e347636e9fc99fe5e3803d0dafef7ab901081403030001011603030028079957cf1781d9955496980b8343e600c60887bbbf52be4b329600 Thu Sep 21 21:53:02 2017 : Debug: (5) State = 0x54689a51506d8f90812c1dc1038731b0 Thu Sep 21 21:53:02 2017 : Debug: (5) Message-Authenticator = 0x07fa1f561cecdc3dcd6145827ee6fb45 Thu Sep 21 21:53:02 2017 : Debug: (5) session-state: No cached attributes Thu Sep 21 21:53:02 2017 : Debug: (5) # Executing section authorize from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default Thu Sep 21 21:53:02 2017 : Debug: (5) authorize { Thu Sep 21 21:53:02 2017 : Debug: (5) policy filter_username { Thu Sep 21 21:53:02 2017 : Debug: (5) if (&User-Name) { Thu Sep 21 21:53:02 2017 : Debug: (5) if (&User-Name) -> TRUE Thu Sep 21 21:53:02 2017 : Debug: (5) if (&User-Name) { Thu Sep 21 21:53:02 2017 : Debug: (5) if (&User-Name =~ / /) { Thu Sep 21 21:53:02 2017 : Debug: (5) if (&User-Name =~ / /) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (5) if (&User-Name =~ /@[^@]*@/ ) { Thu Sep 21 21:53:02 2017 : Debug: (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (5) if (&User-Name =~ /\.\./ ) { Thu Sep 21 21:53:02 2017 : Debug: (5) if (&User-Name =~ /\.\./ ) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Thu Sep 21 21:53:02 2017 : Debug: (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (5) if (&User-Name =~ /\.$/) { Thu Sep 21 21:53:02 2017 : Debug: (5) if (&User-Name =~ /\.$/) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (5) if (&User-Name =~ /@\./) { Thu Sep 21 21:53:02 2017 : Debug: (5) if (&User-Name =~ /@\./) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (5) } # if (&User-Name) = notfound Thu Sep 21 21:53:02 2017 : Debug: (5) } # policy filter_username = notfound Thu Sep 21 21:53:02 2017 : Debug: (5) modsingle[authorize]: calling preprocess (rlm_preprocess) Thu Sep 21 21:53:02 2017 : Debug: (5) modsingle[authorize]: returned from preprocess (rlm_preprocess) Thu Sep 21 21:53:02 2017 : Debug: (5) [preprocess] = ok Thu Sep 21 21:53:02 2017 : Debug: (5) modsingle[authorize]: calling chap (rlm_chap) Thu Sep 21 21:53:02 2017 : Debug: (5) modsingle[authorize]: returned from chap (rlm_chap) Thu Sep 21 21:53:02 2017 : Debug: (5) [chap] = noop Thu Sep 21 21:53:02 2017 : Debug: (5) modsingle[authorize]: calling mschap (rlm_mschap) Thu Sep 21 21:53:02 2017 : Debug: (5) modsingle[authorize]: returned from mschap (rlm_mschap) Thu Sep 21 21:53:02 2017 : Debug: (5) [mschap] = noop Thu Sep 21 21:53:02 2017 : Debug: (5) modsingle[authorize]: calling digest (rlm_digest) Thu Sep 21 21:53:02 2017 : Debug: (5) modsingle[authorize]: returned from digest (rlm_digest) Thu Sep 21 21:53:02 2017 : Debug: (5) [digest] = noop Thu Sep 21 21:53:02 2017 : Debug: (5) modsingle[authorize]: calling IPASS (rlm_realm) Thu Sep 21 21:53:02 2017 : Debug: (5) IPASS: Checking for prefix before "/" Thu Sep 21 21:53:02 2017 : Debug: (5) IPASS: Looking up realm "passpoint" for User-Name = "passpoint/adrian" Thu Sep 21 21:53:02 2017 : Debug: (5) IPASS: Found realm "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (5) IPASS: Adding Realm = "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (5) IPASS: Proxying request from user passpoint/adrian to realm passpoint Thu Sep 21 21:53:02 2017 : Debug: (5) IPASS: Preparing to proxy authentication request to realm "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (5) modsingle[authorize]: returned from IPASS (rlm_realm) Thu Sep 21 21:53:02 2017 : Debug: (5) [IPASS] = updated Thu Sep 21 21:53:02 2017 : Debug: (5) if (Realm == 'passpoint' && &EAP-Message ) { Thu Sep 21 21:53:02 2017 : Debug: (5) if (Realm == 'passpoint' && &EAP-Message ) -> TRUE Thu Sep 21 21:53:02 2017 : Debug: (5) if (Realm == 'passpoint' && &EAP-Message ) { Thu Sep 21 21:53:02 2017 : Debug: (5) update control { Thu Sep 21 21:53:02 2017 : Debug: (5) Proxy-To-Realm := LOCAL Thu Sep 21 21:53:02 2017 : Debug: (5) Overwriting value "passpoint" with "LOCAL" Thu Sep 21 21:53:02 2017 : Debug: (5) } # update control = noop Thu Sep 21 21:53:02 2017 : Debug: (5) } # if (Realm == 'passpoint' && &EAP-Message ) = noop Thu Sep 21 21:53:02 2017 : Debug: (5) ... skipping else: Preceding "if" was taken Thu Sep 21 21:53:02 2017 : Debug: (5) modsingle[authorize]: calling eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (5) eap: Peer sent EAP Response (code 2) ID 5 length 132 Thu Sep 21 21:53:02 2017 : Debug: (5) eap: Continuing tunnel setup Thu Sep 21 21:53:02 2017 : Debug: (5) modsingle[authorize]: returned from eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (5) [eap] = ok Thu Sep 21 21:53:02 2017 : Debug: (5) } # authorize = ok Thu Sep 21 21:53:02 2017 : Debug: (5) Found Auth-Type = eap Thu Sep 21 21:53:02 2017 : Debug: (5) # Executing group from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default Thu Sep 21 21:53:02 2017 : Debug: (5) authenticate { Thu Sep 21 21:53:02 2017 : Debug: (5) modsingle[authenticate]: calling eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (5) eap: Expiring EAP session with state 0x54689a51506d8f90 Thu Sep 21 21:53:02 2017 : Debug: (5) eap: Finished EAP session with state 0x54689a51506d8f90 Thu Sep 21 21:53:02 2017 : Debug: (5) eap: Previous EAP request found for state 0x54689a51506d8f90, released from the list Thu Sep 21 21:53:02 2017 : Debug: (5) eap: Peer sent packet with method EAP TTLS (21) Thu Sep 21 21:53:02 2017 : Debug: (5) eap: Calling submodule eap_ttls to process data Thu Sep 21 21:53:02 2017 : Debug: (5) eap_ttls: Authenticate Thu Sep 21 21:53:02 2017 : Debug: (5) eap_ttls: Continuing EAP-TLS Thu Sep 21 21:53:02 2017 : Debug: (5) eap_ttls: Peer sent flags --- Thu Sep 21 21:53:02 2017 : Debug: (5) eap_ttls: [eaptls verify] = ok Thu Sep 21 21:53:02 2017 : Debug: (5) eap_ttls: Done initial handshake Thu Sep 21 21:53:02 2017 : Debug: (5) eap_ttls: <<< recv TLS 1.2 [length 0046] Thu Sep 21 21:53:02 2017 : Debug: (5) eap_ttls: TLS_accept: SSLv3 read client key exchange A Thu Sep 21 21:53:02 2017 : Debug: (5) eap_ttls: <<< recv TLS 1.2 [length 0001] Thu Sep 21 21:53:02 2017 : Debug: (5) eap_ttls: <<< recv TLS 1.2 [length 0010] Thu Sep 21 21:53:02 2017 : Debug: (5) eap_ttls: TLS_accept: SSLv3 read finished A Thu Sep 21 21:53:02 2017 : Debug: (5) eap_ttls: >>> send TLS 1.2 [length 0001] Thu Sep 21 21:53:02 2017 : Debug: (5) eap_ttls: TLS_accept: SSLv3 write change cipher spec A Thu Sep 21 21:53:02 2017 : Debug: (5) eap_ttls: >>> send TLS 1.2 [length 0010] Thu Sep 21 21:53:02 2017 : Debug: (5) eap_ttls: TLS_accept: SSLv3 write finished A Thu Sep 21 21:53:02 2017 : Debug: (5) eap_ttls: TLS_accept: SSLv3 flush data Thu Sep 21 21:53:02 2017 : Debug: (5) eap_ttls: (other): SSL negotiation finished successfully Thu Sep 21 21:53:02 2017 : Debug: (5) eap_ttls: SSL Connection Established Thu Sep 21 21:53:02 2017 : Debug: (5) eap_ttls: [eaptls process] = handled Thu Sep 21 21:53:02 2017 : Debug: (5) eap: Sending EAP Request (code 1) ID 6 length 61 Thu Sep 21 21:53:02 2017 : Debug: (5) eap: EAP session adding &reply:State = 0x54689a51516e8f90 Thu Sep 21 21:53:02 2017 : Debug: (5) modsingle[authenticate]: returned from eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (5) [eap] = handled Thu Sep 21 21:53:02 2017 : Debug: (5) } # authenticate = handled Thu Sep 21 21:53:02 2017 : Debug: (5) Using Post-Auth-Type Challenge Thu Sep 21 21:53:02 2017 : Debug: (5) # Executing group from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default Thu Sep 21 21:53:02 2017 : Debug: (5) Challenge { ... } # empty sub-section is ignored Thu Sep 21 21:53:02 2017 : Debug: (5) session-state: Nothing to cache Thu Sep 21 21:53:02 2017 : Debug: (5) Sent Access-Challenge Id 5 from 127.0.0.1:1812 to 127.0.0.1:55294 length 0 Thu Sep 21 21:53:02 2017 : Debug: (5) EAP-Message = 0x0106003d158000000033140303000101160303002867250a12cd865128081a6ed5e125aa31916586932c847eab92f110617bb1f07e10cc3856aa8eb3bd Thu Sep 21 21:53:02 2017 : Debug: (5) Message-Authenticator = 0x00000000000000000000000000000000 Thu Sep 21 21:53:02 2017 : Debug: (5) State = 0x54689a51516e8f90812c1dc1038731b0 Thu Sep 21 21:53:02 2017 : Debug: (5) Finished request Thu Sep 21 21:53:02 2017 : Debug: Waking up in 4.9 seconds. Thu Sep 21 21:53:02 2017 : Debug: (6) Received Access-Request Id 6 from 127.0.0.1:55294 to 127.0.0.1:1812 length 226 Thu Sep 21 21:53:02 2017 : Debug: (6) User-Name = "passpoint/adrian" Thu Sep 21 21:53:02 2017 : Debug: (6) NAS-IP-Address = 127.0.0.1 Thu Sep 21 21:53:02 2017 : Debug: (6) Calling-Station-Id = "02-00-00-00-00-01" Thu Sep 21 21:53:02 2017 : Debug: (6) Framed-MTU = 1400 Thu Sep 21 21:53:02 2017 : Debug: (6) NAS-Port-Type = Wireless-802.11 Thu Sep 21 21:53:02 2017 : Debug: (6) Service-Type = Framed-User Thu Sep 21 21:53:02 2017 : Debug: (6) Connect-Info = "CONNECT 11Mbps 802.11b" Thu Sep 21 21:53:02 2017 : Debug: (6) EAP-Message = 0x0206005315001703030048079957cf1781d9965f19da9e4a720a86c0d7d7083d39da76d51deb546a62ebb5c084f24d2773cc1139f388eb12e3a4985b55731c1367605bf9b0ccc20a67b4faf313db732e684db8 Thu Sep 21 21:53:02 2017 : Debug: (6) State = 0x54689a51516e8f90812c1dc1038731b0 Thu Sep 21 21:53:02 2017 : Debug: (6) Message-Authenticator = 0x192e26f4f4ead48eeb095f782f56a413 Thu Sep 21 21:53:02 2017 : Debug: (6) session-state: No cached attributes Thu Sep 21 21:53:02 2017 : Debug: (6) # Executing section authorize from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default Thu Sep 21 21:53:02 2017 : Debug: (6) authorize { Thu Sep 21 21:53:02 2017 : Debug: (6) policy filter_username { Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name) { Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name) -> TRUE Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name) { Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name =~ / /) { Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name =~ / /) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name =~ /@[^@]*@/ ) { Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name =~ /\.\./ ) { Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name =~ /\.\./ ) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Thu Sep 21 21:53:02 2017 : Debug: (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name =~ /\.$/) { Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name =~ /\.$/) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name =~ /@\./) { Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name =~ /@\./) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (6) } # if (&User-Name) = notfound Thu Sep 21 21:53:02 2017 : Debug: (6) } # policy filter_username = notfound Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: calling preprocess (rlm_preprocess) Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: returned from preprocess (rlm_preprocess) Thu Sep 21 21:53:02 2017 : Debug: (6) [preprocess] = ok Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: calling chap (rlm_chap) Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: returned from chap (rlm_chap) Thu Sep 21 21:53:02 2017 : Debug: (6) [chap] = noop Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: calling mschap (rlm_mschap) Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: returned from mschap (rlm_mschap) Thu Sep 21 21:53:02 2017 : Debug: (6) [mschap] = noop Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: calling digest (rlm_digest) Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: returned from digest (rlm_digest) Thu Sep 21 21:53:02 2017 : Debug: (6) [digest] = noop Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: calling IPASS (rlm_realm) Thu Sep 21 21:53:02 2017 : Debug: (6) IPASS: Checking for prefix before "/" Thu Sep 21 21:53:02 2017 : Debug: (6) IPASS: Looking up realm "passpoint" for User-Name = "passpoint/adrian" Thu Sep 21 21:53:02 2017 : Debug: (6) IPASS: Found realm "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (6) IPASS: Adding Realm = "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (6) IPASS: Proxying request from user passpoint/adrian to realm passpoint Thu Sep 21 21:53:02 2017 : Debug: (6) IPASS: Preparing to proxy authentication request to realm "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: returned from IPASS (rlm_realm) Thu Sep 21 21:53:02 2017 : Debug: (6) [IPASS] = updated Thu Sep 21 21:53:02 2017 : Debug: (6) if (Realm == 'passpoint' && &EAP-Message ) { Thu Sep 21 21:53:02 2017 : Debug: (6) if (Realm == 'passpoint' && &EAP-Message ) -> TRUE Thu Sep 21 21:53:02 2017 : Debug: (6) if (Realm == 'passpoint' && &EAP-Message ) { Thu Sep 21 21:53:02 2017 : Debug: (6) update control { Thu Sep 21 21:53:02 2017 : Debug: (6) Proxy-To-Realm := LOCAL Thu Sep 21 21:53:02 2017 : Debug: (6) Overwriting value "passpoint" with "LOCAL" Thu Sep 21 21:53:02 2017 : Debug: (6) } # update control = noop Thu Sep 21 21:53:02 2017 : Debug: (6) } # if (Realm == 'passpoint' && &EAP-Message ) = noop Thu Sep 21 21:53:02 2017 : Debug: (6) ... skipping else: Preceding "if" was taken Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: calling eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (6) eap: Peer sent EAP Response (code 2) ID 6 length 83 Thu Sep 21 21:53:02 2017 : Debug: (6) eap: Continuing tunnel setup Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: returned from eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (6) [eap] = ok Thu Sep 21 21:53:02 2017 : Debug: (6) } # authorize = ok Thu Sep 21 21:53:02 2017 : Debug: (6) Found Auth-Type = eap Thu Sep 21 21:53:02 2017 : Debug: (6) # Executing group from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default Thu Sep 21 21:53:02 2017 : Debug: (6) authenticate { Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authenticate]: calling eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (6) eap: Expiring EAP session with state 0x54689a51516e8f90 Thu Sep 21 21:53:02 2017 : Debug: (6) eap: Finished EAP session with state 0x54689a51516e8f90 Thu Sep 21 21:53:02 2017 : Debug: (6) eap: Previous EAP request found for state 0x54689a51516e8f90, released from the list Thu Sep 21 21:53:02 2017 : Debug: (6) eap: Peer sent packet with method EAP TTLS (21) Thu Sep 21 21:53:02 2017 : Debug: (6) eap: Calling submodule eap_ttls to process data Thu Sep 21 21:53:02 2017 : Debug: (6) eap_ttls: Authenticate Thu Sep 21 21:53:02 2017 : Debug: (6) eap_ttls: Continuing EAP-TLS Thu Sep 21 21:53:02 2017 : Debug: (6) eap_ttls: Peer sent flags --- Thu Sep 21 21:53:02 2017 : Debug: (6) eap_ttls: [eaptls verify] = ok Thu Sep 21 21:53:02 2017 : Debug: (6) eap_ttls: Done initial handshake Thu Sep 21 21:53:02 2017 : Debug: (6) eap_ttls: [eaptls process] = ok Thu Sep 21 21:53:02 2017 : Debug: (6) eap_ttls: Session established. Proceeding to decode tunneled attributes TTLS tunnel data in 0000: 00 00 00 01 40 00 00 18 70 61 73 73 70 6f 69 6e TTLS tunnel data in 0010: 74 2f 61 64 72 69 61 6e 00 00 00 02 40 00 00 18 TTLS tunnel data in 0020: 68 65 6c 6c 6f 00 00 00 00 00 00 00 00 00 00 00 Thu Sep 21 21:53:02 2017 : Debug: (6) eap_ttls: Got tunneled request Thu Sep 21 21:53:02 2017 : Debug: (6) eap_ttls: User-Name = "passpoint/adrian" Thu Sep 21 21:53:02 2017 : Debug: (6) eap_ttls: User-Password = "hello" Thu Sep 21 21:53:02 2017 : Debug: (6) eap_ttls: FreeRADIUS-Proxied-To = 127.0.0.1 Thu Sep 21 21:53:02 2017 : Debug: (6) eap_ttls: Sending tunneled request Thu Sep 21 21:53:02 2017 : Debug: (6) Virtual server inner-tunnel received request Thu Sep 21 21:53:02 2017 : Debug: (6) User-Name = "passpoint/adrian" Thu Sep 21 21:53:02 2017 : Debug: (6) User-Password = "hello" Thu Sep 21 21:53:02 2017 : Debug: (6) FreeRADIUS-Proxied-To = 127.0.0.1 Thu Sep 21 21:53:02 2017 : WARNING: (6) Outer and inner identities are the same. User privacy is compromised. Thu Sep 21 21:53:02 2017 : Debug: (6) server inner-tunnel { Thu Sep 21 21:53:02 2017 : Debug: (6) session-state: No State attribute Thu Sep 21 21:53:02 2017 : Debug: (6) # Executing section authorize from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/inner-tunnel Thu Sep 21 21:53:02 2017 : Debug: (6) authorize { Thu Sep 21 21:53:02 2017 : Debug: (6) policy filter_username { Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name) { Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name) -> TRUE Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name) { Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name =~ / /) { Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name =~ / /) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name =~ /@[^@]*@/ ) { Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name =~ /\.\./ ) { Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name =~ /\.\./ ) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Thu Sep 21 21:53:02 2017 : Debug: (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name =~ /\.$/) { Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name =~ /\.$/) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name =~ /@\./) { Thu Sep 21 21:53:02 2017 : Debug: (6) if (&User-Name =~ /@\./) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (6) } # if (&User-Name) = notfound Thu Sep 21 21:53:02 2017 : Debug: (6) } # policy filter_username = notfound Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: calling chap (rlm_chap) Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: returned from chap (rlm_chap) Thu Sep 21 21:53:02 2017 : Debug: (6) [chap] = noop Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: calling mschap (rlm_mschap) Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: returned from mschap (rlm_mschap) Thu Sep 21 21:53:02 2017 : Debug: (6) [mschap] = noop Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: calling IPASS (rlm_realm) Thu Sep 21 21:53:02 2017 : Debug: (6) IPASS: Checking for prefix before "/" Thu Sep 21 21:53:02 2017 : Debug: (6) IPASS: Looking up realm "passpoint" for User-Name = "passpoint/adrian" Thu Sep 21 21:53:02 2017 : Debug: (6) IPASS: Found realm "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (6) IPASS: Adding Realm = "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (6) IPASS: Proxying request from user passpoint/adrian to realm passpoint Thu Sep 21 21:53:02 2017 : Debug: (6) IPASS: Preparing to proxy authentication request to realm "passpoint" Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: returned from IPASS (rlm_realm) Thu Sep 21 21:53:02 2017 : Debug: (6) [IPASS] = updated Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: calling suffix (rlm_realm) Thu Sep 21 21:53:02 2017 : Debug: (6) suffix: Request already has destination realm set. Ignoring Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: returned from suffix (rlm_realm) Thu Sep 21 21:53:02 2017 : Debug: (6) [suffix] = noop Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: calling eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (6) eap: No EAP-Message, not doing EAP Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: returned from eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (6) [eap] = noop Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: calling files (rlm_files) Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: returned from files (rlm_files) Thu Sep 21 21:53:02 2017 : Debug: (6) [files] = noop Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: calling expiration (rlm_expiration) Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: returned from expiration (rlm_expiration) Thu Sep 21 21:53:02 2017 : Debug: (6) [expiration] = noop Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: calling logintime (rlm_logintime) Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: returned from logintime (rlm_logintime) Thu Sep 21 21:53:02 2017 : Debug: (6) [logintime] = noop Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: calling pap (rlm_pap) Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authorize]: returned from pap (rlm_pap) Thu Sep 21 21:53:02 2017 : Debug: (6) [pap] = noop Thu Sep 21 21:53:02 2017 : Debug: (6) } # authorize = updated Thu Sep 21 21:53:02 2017 : Debug: (6) } # server inner-tunnel Thu Sep 21 21:53:02 2017 : Debug: (6) Virtual server sending reply Thu Sep 21 21:53:02 2017 : Debug: (6) eap_ttls: Tunneled authentication will be proxied to passpoint Thu Sep 21 21:53:02 2017 : WARNING: (6) eap: Tunneled session will be proxied. Not doing EAP Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[authenticate]: returned from eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (6) [eap] = handled Thu Sep 21 21:53:02 2017 : Debug: (6) } # authenticate = handled Thu Sep 21 21:53:02 2017 : Debug: Using home pool auth for realm LOCAL Thu Sep 21 21:53:02 2017 : WARNING: (6) Cancelling proxy as no home pool exists Thu Sep 21 21:53:02 2017 : Debug: (6) There was no response configured: rejecting request Thu Sep 21 21:53:02 2017 : Debug: (6) Using Post-Auth-Type Reject Thu Sep 21 21:53:02 2017 : Debug: (6) # Executing group from file /home/adrian/freeradius-server-3.0.x/etc/raddb/sites-enabled/default Thu Sep 21 21:53:02 2017 : Debug: (6) Post-Auth-Type REJECT { Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[post-auth]: calling attr_filter.access_reject (rlm_attr_filter) Thu Sep 21 21:53:02 2017 : Debug: %{User-Name} Thu Sep 21 21:53:02 2017 : Debug: Parsed xlat tree: Thu Sep 21 21:53:02 2017 : Debug: attribute --> User-Name Thu Sep 21 21:53:02 2017 : Debug: (6) attr_filter.access_reject: EXPAND %{User-Name} Thu Sep 21 21:53:02 2017 : Debug: (6) attr_filter.access_reject: --> passpoint/adrian Thu Sep 21 21:53:02 2017 : Debug: (6) attr_filter.access_reject: Matched entry DEFAULT at line 11 Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[post-auth]: returned from attr_filter.access_reject (rlm_attr_filter) Thu Sep 21 21:53:02 2017 : Debug: (6) [attr_filter.access_reject] = updated Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[post-auth]: calling eap (rlm_eap) Thu Sep 21 21:53:02 2017 : ERROR: (6) eap: rlm_eap (EAP): No EAP session matching state 0x54689a51516e8f90 Thu Sep 21 21:53:02 2017 : Debug: (6) eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request Thu Sep 21 21:53:02 2017 : Debug: (6) eap: Failed to get handler, probably already removed, not inserting EAP-Failure Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[post-auth]: returned from eap (rlm_eap) Thu Sep 21 21:53:02 2017 : Debug: (6) [eap] = noop Thu Sep 21 21:53:02 2017 : Debug: (6) policy remove_reply_message_if_eap { Thu Sep 21 21:53:02 2017 : Debug: (6) if (&reply:EAP-Message && &reply:Reply-Message) { Thu Sep 21 21:53:02 2017 : Debug: (6) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE Thu Sep 21 21:53:02 2017 : Debug: (6) else { Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[post-auth]: calling noop (rlm_always) Thu Sep 21 21:53:02 2017 : Debug: (6) modsingle[post-auth]: returned from noop (rlm_always) Thu Sep 21 21:53:02 2017 : Debug: (6) [noop] = noop Thu Sep 21 21:53:02 2017 : Debug: (6) } # else = noop Thu Sep 21 21:53:02 2017 : Debug: (6) } # policy remove_reply_message_if_eap = noop Thu Sep 21 21:53:02 2017 : Debug: (6) } # Post-Auth-Type REJECT = updated Thu Sep 21 21:53:02 2017 : Debug: (6) Sent Access-Reject Id 6 from 127.0.0.1:1812 to 127.0.0.1:55294 length 0 Thu Sep 21 21:53:02 2017 : Debug: (6) Finished request Thu Sep 21 21:53:02 2017 : Debug: Waking up in 4.9 seconds. Thu Sep 21 21:53:07 2017 : Debug: (0) Cleaning up request packet ID 0 with timestamp +10 Thu Sep 21 21:53:07 2017 : Debug: (1) Cleaning up request packet ID 1 with timestamp +10 Thu Sep 21 21:53:07 2017 : Debug: (2) Cleaning up request packet ID 2 with timestamp +10 Thu Sep 21 21:53:07 2017 : Debug: (3) Cleaning up request packet ID 3 with timestamp +10 Thu Sep 21 21:53:07 2017 : Debug: (4) Cleaning up request packet ID 4 with timestamp +10 Thu Sep 21 21:53:07 2017 : Debug: (5) Cleaning up request packet ID 5 with timestamp +10 Thu Sep 21 21:53:07 2017 : Debug: (6) Cleaning up request packet ID 6 with timestamp +10 Thu Sep 21 21:53:07 2017 : Info: Ready to process requests -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+adrian.p.smith=bt.com@lists.freeradius.org] On Behalf Of Alan DeKok Sent: 21 September 2017 21:40 To: FreeRadius users mailing list Subject: Re: Terminate EAP-TTLS then proxy On Sep 21, 2017, at 4:27 PM, <adrian.p.smith@bt.com> <adrian.p.smith@bt.com> wrote:
OK, so I send a request to the inner-tunnel: ... All looks good, same config.
Hmm... that's odd. My guess is that there's some other configuration which requests a home server pool that's *not* the passpoint one. Perhaps you set the Realm attribute twice? I've pushed some more debug output to the v3.0.x branch on github, If you could try that with "-Xx", you'll see more information before the "Cancelling proxy" message. It should print out which realm it's looking up, and what type of packet it's trying to proxy. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Sep 21, 2017, at 4:56 PM, adrian.p.smith@bt.com wrote:
Thu Sep 21 21:53:02 2017 : Debug: Using home pool auth for realm LOCAL Thu Sep 21 21:53:02 2017 : WARNING: (6) Cancelling proxy as no home pool exists
Well... that explains it. Find the configuration that adds the LOCAL realm, and remove it. Alan DEKok.
Hi Alan, I proxy-to-realn LOCAL in the default server as I was advised to do this as part of the EAP-TTLS termination and Transfer to the inner-tunnel. Perhaps this is not needed? My aim is be able to terminate the EAP and then proxy the request to another server. Regards Adrian ________________________________ From: Alan DeKok <aland@deployingradius.com> Sent: 21 Sep 2017 23:09 To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Subject: Re: Terminate EAP-TTLS then proxy On Sep 21, 2017, at 4:56 PM, adrian.p.smith@bt.com wrote:
Thu Sep 21 21:53:02 2017 : Debug: Using home pool auth for realm LOCAL Thu Sep 21 21:53:02 2017 : WARNING: (6) Cancelling proxy as no home pool exists
Well... that explains it. Find the configuration that adds the LOCAL realm, and remove it. Alan DEKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Sep 21, 2017, at 6:24 PM, <adrian.p.smith@bt.com> <adrian.p.smith@bt.com> wrote:
Hi Alan,
I proxy-to-realn LOCAL in the default server as I was advised to do this as part of the EAP-TTLS termination and Transfer to the inner-tunnel.
Perhaps this is not needed?
It's needed if you don't want to proxy the outer EAP session.
My aim is be able to terminate the EAP and then proxy the request to another server.
Then edit the inner tunnel to delete the "Proxy-To-Realm = Local" attribute. Alan DeKok.
OK, so it appears that the proxying is actually done back in the outer tunnel. So, in my inner-tunnel server I added: ## clear proxy control from outer request update control { &outer.Proxy-To-Realm !* } And that seems to have got this working. Regards, Adrian -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+adrian.p.smith=bt.com@lists.freeradius.org] On Behalf Of Alan DeKok Sent: 21 September 2017 23:28 To: FreeRadius users mailing list Subject: Re: Terminate EAP-TTLS then proxy On Sep 21, 2017, at 6:24 PM, <adrian.p.smith@bt.com> <adrian.p.smith@bt.com> wrote:
Hi Alan,
I proxy-to-realn LOCAL in the default server as I was advised to do this as part of the EAP-TTLS termination and Transfer to the inner-tunnel.
Perhaps this is not needed?
It's needed if you don't want to proxy the outer EAP session.
My aim is be able to terminate the EAP and then proxy the request to another server.
Then edit the inner tunnel to delete the "Proxy-To-Realm = Local" attribute. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (6)
-
adrian.p.smith@bt.com -
Alan Buxey -
Alan DeKok -
Matthew Newton -
Matthew Newton -
Peter Lambrechtsen