how to do accounting with the inner identity
Eric Doutreleau
Eric.Doutreleau at it-sudparis.eu
Mon Jan 24 13:39:15 CET 2011
Hi
I m trying to use freeradius 2.1.10 and to make authenticate my users
with eap-ttls process and a ldap server for the backend
All is running fine but i can't succeed to have the accounting done with
the inned identity of the ttls tunnel.
the outer identity is anonymous at it-sudparis.eu
the inner identidy is doutrele.
here is my config
in the eap.conf file i have for the ttls section
copy_request_to_tunnel = yes
use_tunneled_reply = yes
virtual_server = "inner-tunnel"
in the inner-tunnel file i have
post-auth {
....
update outer.reply {
User-Name := "%{Stripped-User-Name}"
}
I can see the Username "updated" in the the following debug log but in
the accounting it s the outer identity that is used.
Does someone know what i can do to make the accounting with the inner
identity
rad_recv: Access-Request packet from host 157.159.21.152 port 38145,
id=0, length=156
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200001d01616e6f6e796d6f75734069742d73756470617269732e6575
Message-Authenticator = 0xc12e191df8f2ef431f22b16557a03c7b
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++- entering policy rewrite_calling_station_id {...}
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
? Evaluating (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++- entering if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
{...}
expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 020000000001
++++[request] returns ok
+++- if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
returns ok
+++ ... skipping else for request 0: Preceding "if" was taken
++- policy rewrite_calling_station_id returns ok
++? if (User-Name =~ /^%{Calling-Station-ID}$/i)
expand: ^%{Calling-Station-ID}$ -> ^020000000001$
? Evaluating (User-Name =~ /^%{Calling-Station-ID}$/i) -> FALSE
++? if (User-Name =~ /^%{Calling-Station-ID}$/i) -> FALSE
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/157.159.21.152/auth-detail-20110124
[auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/157.159.21.152/auth-detail-20110124
[auth_log] expand: %t -> Mon Jan 24 13:32:42 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 0 length 29
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 8
[files] users: Matched entry DEFAULT at line 14
++[files] returns ok
++? if (NAS-Identifier == "Chillispot" )
(Attribute NAS-Identifier was not found)
? Evaluating (NAS-Identifier == "Chillispot" ) -> FALSE
++? if (NAS-Identifier == "Chillispot" ) -> FALSE
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 157.159.21.152 port 38145
Tunnel-Type:0 := VLAN
Tunnel-Medium-Type:0 := IEEE-802
Tunnel-Private-Group-Id:1 = "invites"
EAP-Message = 0x010100061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xedc31135edc208ab4c1716af0bfa702b
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 157.159.21.152 port 38145,
id=1, length=151
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020100060315
State = 0xedc31135edc208ab4c1716af0bfa702b
Message-Authenticator = 0x6ce0f5d63ff907281b6f81da14144b87
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++- entering policy rewrite_calling_station_id {...}
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
? Evaluating (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++- entering if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
{...}
expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 020000000001
++++[request] returns ok
+++- if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
returns ok
+++ ... skipping else for request 1: Preceding "if" was taken
++- policy rewrite_calling_station_id returns ok
++? if (User-Name =~ /^%{Calling-Station-ID}$/i)
expand: ^%{Calling-Station-ID}$ -> ^020000000001$
? Evaluating (User-Name =~ /^%{Calling-Station-ID}$/i) -> FALSE
++? if (User-Name =~ /^%{Calling-Station-ID}$/i) -> FALSE
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/157.159.21.152/auth-detail-20110124
[auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/157.159.21.152/auth-detail-20110124
[auth_log] expand: %t -> Mon Jan 24 13:32:42 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 8
[files] users: Matched entry DEFAULT at line 14
++[files] returns ok
++? if (NAS-Identifier == "Chillispot" )
(Attribute NAS-Identifier was not found)
? Evaluating (NAS-Identifier == "Chillispot" ) -> FALSE
++? if (NAS-Identifier == "Chillispot" ) -> FALSE
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/ttls
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 1 to 157.159.21.152 port 38145
Tunnel-Type:0 := VLAN
Tunnel-Medium-Type:0 := IEEE-802
Tunnel-Private-Group-Id:1 = "invites"
EAP-Message = 0x010200061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xedc31135ecc104ab4c1716af0bfa702b
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 157.159.21.152 port 38145,
id=2, length=263
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020200761500160301006b0100006703014d3d716ad5b44edee79d5479812f35c131070c564b80611069217f1d610963a600003a00390038008800870035008400160013000a00330032009a009900450044002f00960041000500040015001200090014001100080006000300ff0100000400230000
State = 0xedc31135ecc104ab4c1716af0bfa702b
Message-Authenticator = 0xba19de337606a2be3c91a5ce6d759944
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++- entering policy rewrite_calling_station_id {...}
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
? Evaluating (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++- entering if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
{...}
expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 020000000001
++++[request] returns ok
+++- if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
returns ok
+++ ... skipping else for request 2: Preceding "if" was taken
++- policy rewrite_calling_station_id returns ok
++? if (User-Name =~ /^%{Calling-Station-ID}$/i)
expand: ^%{Calling-Station-ID}$ -> ^020000000001$
? Evaluating (User-Name =~ /^%{Calling-Station-ID}$/i) -> FALSE
++? if (User-Name =~ /^%{Calling-Station-ID}$/i) -> FALSE
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/157.159.21.152/auth-detail-20110124
[auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/157.159.21.152/auth-detail-20110124
[auth_log] expand: %t -> Mon Jan 24 13:32:42 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 2 length 118
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] (other): before/accept initialization
[ttls] TLS_accept: before/accept initialization
[ttls] <<< TLS 1.0 Handshake [length 006b], ClientHello
[ttls] TLS_accept: SSLv3 read client hello A
[ttls] >>> TLS 1.0 Handshake [length 0031], ServerHello
[ttls] TLS_accept: SSLv3 write server hello A
[ttls] >>> TLS 1.0 Handshake [length 1220], Certificate
[ttls] TLS_accept: SSLv3 write certificate A
[ttls] >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange
[ttls] TLS_accept: SSLv3 write key exchange A
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[ttls] TLS_accept: SSLv3 write server done A
[ttls] TLS_accept: SSLv3 flush data
[ttls] TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 2 to 157.159.21.152 port 38145
EAP-Message =
0x0103040015c0000013f616030100310200002d03014d3d716a3147e579f5c1c1b1ae25a051471329efdbcc64cc9412ef44483ad31f000039000005ff0100010016030112200b00121c0012190004f7308204f3308203dba003020102021100e03d6494c48a6582b19e99ddbf443528300d06092a864886f70d01010505003036310b3009060355040613024e4c310f300d060355040a1306544552454e41311630140603550403130d544552454e412053534c204341301e170d3130303930393030303030305a170d3133303930383233353935395a3075310b3009060355040613024652310d300b060355040713044576727931283026060355040a
EAP-Message =
0x0c1f54c3a96cc3a9636f6d2026204d616e6167656d656e74205375645061726973310d300b060355040b130444495349311e301c060355040313157261646975732e69742d73756470617269732e657530819f300d06092a864886f70d010101050003818d0030818902818100c55737ea4c14a7e16b93f65f6b9f672078e843bdbf1359e41f1a9dc14830eb2c1aeba9e90baa84a10ec41ccd24344f0b27d7ca8ca9580b7d0a41bcecf32b09ed5396b60c3fcbd9d0f386adee4d528bedeca7e5e5f497937966dcbbb0baeb703f9ca1e165c0cd713c8394eeac27108fa1d7d5abad255d50c7f886e56e067c4c2b0203010001a382023f3082023b301f06
EAP-Message =
0x03551d230418301680140cbd93680cf3deaba3496b2b375747ea90e3b9ed301d0603551d0e041604147380c4ebd5a0c9efd8be000147723c859656176b300e0603551d0f0101ff0404030205a0300c0603551d130101ff04023000301d0603551d250416301406082b0601050507030106082b0601050507030230180603551d200411300f300d060b2b06010401b2310102021d303a0603551d1f04333031302fa02da02b8629687474703a2f2f63726c2e7463732e746572656e612e6f72672f544552454e4153534c43412e63726c306d06082b060105050701010461305f303506082b060105050730028629687474703a2f2f6372742e7463732e
EAP-Message =
0x746572656e612e6f72672f544552454e4153534c43412e637274302606082b06010505073001861a687474703a2f2f6f6373702e7463732e746572656e612e6f72673081f60603551d110481ee3081eb82157261646975732e69742d73756470617269732e65758213617574682e69742d73756470617269732e65758212617574682e74656c65636f6d2d656d2e65758218617574682e74656c65636f6d2d73756470617269732e65758216656475726f616d2e69742d73756470617269732e65758215656475726f616d2e74656c65636f6d2d656d2e6575821b656475726f616d2e74656c65636f6d2d73756470617269732e657582157261646669
EAP-Message = 0x6c7475782e696e742d657672
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xedc31135efc004ab4c1716af0bfa702b
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 157.159.21.152 port 38145,
id=3, length=151
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020300061500
State = 0xedc31135efc004ab4c1716af0bfa702b
Message-Authenticator = 0xb8b547852997b83f1e52a270bae39ff3
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++- entering policy rewrite_calling_station_id {...}
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
? Evaluating (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++- entering if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
{...}
expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 020000000001
++++[request] returns ok
+++- if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
returns ok
+++ ... skipping else for request 3: Preceding "if" was taken
++- policy rewrite_calling_station_id returns ok
++? if (User-Name =~ /^%{Calling-Station-ID}$/i)
expand: ^%{Calling-Station-ID}$ -> ^020000000001$
? Evaluating (User-Name =~ /^%{Calling-Station-ID}$/i) -> FALSE
++? if (User-Name =~ /^%{Calling-Station-ID}$/i) -> FALSE
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/157.159.21.152/auth-detail-20110124
[auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/157.159.21.152/auth-detail-20110124
[auth_log] expand: %t -> Mon Jan 24 13:32:42 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 3 to 157.159.21.152 port 38145
EAP-Message =
0x0104040015c0000013f6792e6672821872616466696c7475782e69742d73756470617269732e657582127261646975732e696e742d657672792e6672300d06092a864886f70d01010505000382010100981110a5a967ab5239ad83c6cc8a052e076b549711efbfd8a1849832633cc3c1d320e78b73df288e2be7e1db2849caea0d08447cb4d6a5c861a2e8f2c522388795b9e0c0a67cf23e28e6ede9ab76d61030fe4d4728ca4a2aa009f027ee71029f0ed72a124e4b0d6d5780eedeb7366b66a944f399d040652561bb82898163a273c8cc84f00c5ff323f3eeaefbf0901d889f88250f40ec69738d14807c44a0bcc1188849cd50ca19ab2b68f9b0a2
EAP-Message =
0x0b5f9e1db494542aa9f68a6458324fe737befaad83e80dfe79accb5468b7a16add16b138ce64eca73c7b8bdc6ac7e509623dd1416e58e2e66b0eb20f581c69f8ab66daeb745ba875d98c2e9e5b4c9227cad3d700049c3082049830820380a00302010202104bc814032f07fa6aa4f0da29df6179ba300d06092a864886f70d0101050500308197310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d
EAP-Message =
0x311f301d0603550403131655544e2d5553455246697273742d4861726477617265301e170d3039303531383030303030305a170d3230303533303130343833385a3036310b3009060355040613024e4c310f300d060355040a1306544552454e41311630140603550403130d544552454e412053534c20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c3e348c42f5cc1cba999fd1ba2835d8a3dad3ad0e2a4431f4d0efe352530a5691bc4e8e5c18f547ee16aa29a5c5cde3dfc02ce96b85f8f835bcc604090f8e4b63a259c5f1451ecb1e7af9e50a13155c702bdac528a7f358e82fa84ad15fea27f83103a
EAP-Message =
0x5553942c01167494546328a3f25b293d94888020e214592119b4a498e160e6f2eba2808343e0ad68f379198b6843513f8a9b41850c358c5db5f1b6e5a7c383b56b236fd4a5eb50e594f14a5fee274b141215244c0dcf628db70021ad3a320f580b5f1e9bd1df9d8ea91935502f41a9ad3bc6e045b253397f21bf221a875c34ae526f077da20b4e9f2b79a67d13ddf57f837c2f5a5d77787891a014bf7d0203010001a382013e3082013a301f0603551d23041830168014a1725f261b289843955d0737d585969d4bd2c345301d0603551d0e041604140cbd93680cf3deaba3496b2b375747ea90e3b9ed300e0603551d0f0101ff040403020106301206
EAP-Message = 0x03551d130101ff0408300601
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xedc31135eec704ab4c1716af0bfa702b
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 157.159.21.152 port 38145,
id=4, length=151
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020400061500
State = 0xedc31135eec704ab4c1716af0bfa702b
Message-Authenticator = 0xf61919b4fe8ecb87450dad8cc2032820
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++- entering policy rewrite_calling_station_id {...}
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
? Evaluating (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++- entering if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
{...}
expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 020000000001
++++[request] returns ok
+++- if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
returns ok
+++ ... skipping else for request 4: Preceding "if" was taken
++- policy rewrite_calling_station_id returns ok
++? if (User-Name =~ /^%{Calling-Station-ID}$/i)
expand: ^%{Calling-Station-ID}$ -> ^020000000001$
? Evaluating (User-Name =~ /^%{Calling-Station-ID}$/i) -> FALSE
++? if (User-Name =~ /^%{Calling-Station-ID}$/i) -> FALSE
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/157.159.21.152/auth-detail-20110124
[auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/157.159.21.152/auth-detail-20110124
[auth_log] expand: %t -> Mon Jan 24 13:32:42 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 4 to 157.159.21.152 port 38145
EAP-Message =
0x0105040015c0000013f601ff02010030180603551d200411300f300d060b2b06010401b2310102021d30440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d48617264776172652e63726c307406082b0601050507010104683066303d06082b060105050730028631687474703a2f2f6372742e7573657274727573742e636f6d2f55544e41646454727573745365727665725f43412e637274302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d300d06092a864886f70d010105050003820101004e23ee48
EAP-Message =
0x9cf6858b71c40a6e739372c03a8e808ad9b3cab2d4019c28cff25c0e2144930bb61a21e39801940e6749811ebe3d0d4e60daefa0314e95eff3dd7a5a822043b6a16343b3506943624b5662b0348ab913435993ec147988f34893e89dc9fa87720c6b56a0c3158d68a5871f712de65a6d3c6971400455dca0439420453878d7bd8ad839c6df09b75a9aa903b8281078cdbf011b5a113e38f4d81b3479cf33d201fdac98cd6d4711904cbbb95bd870e7d5afb6ccc486e675c09e29b62b0f2aa569020de3e9a2b45dc0f3ce2c6a85387661c64982ab51b382a6b941982898fb6bfe8a16ff317e5447a83cdc4326a99b05b79ec034439130d432c3115ae100
EAP-Message =
0x04403082043c30820324a0030201020210484bacf1aac7d71343d1a27435499725300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3035303630373038303931305a170d3230303533303130343833385a308197310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c0603
EAP-Message =
0x55040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311f301d0603550403131655544e2d5553455246697273742d486172647761726530820122300d06092a864886f70d01010105000382010f003082010a0282010100b1f7c3383fb4a87fcf39825167d06d9fd2ff58f3e79f2bec0d895499b9389916f7e0217948c2bb617412961d3c6a72d53c10673a39ed2b13cd66eb950933a46c97b1e8c6ecc175799c465e8dabd06afdb92a55171054b319f09af6f1b15db6a76dfbe071176ba288fb00dffe1a31770c9a017ab132e32b0107386ec3a55e
EAP-Message = 0x23bc459b7b50c1c9308fdbe5
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xedc31135e9c604ab4c1716af0bfa702b
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 157.159.21.152 port 38145,
id=5, length=151
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020500061500
State = 0xedc31135e9c604ab4c1716af0bfa702b
Message-Authenticator = 0xfde9fd47f3b0d41177cf3989a1587369
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++- entering policy rewrite_calling_station_id {...}
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
? Evaluating (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++- entering if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
{...}
expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 020000000001
++++[request] returns ok
+++- if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
returns ok
+++ ... skipping else for request 5: Preceding "if" was taken
++- policy rewrite_calling_station_id returns ok
++? if (User-Name =~ /^%{Calling-Station-ID}$/i)
expand: ^%{Calling-Station-ID}$ -> ^020000000001$
? Evaluating (User-Name =~ /^%{Calling-Station-ID}$/i) -> FALSE
++? if (User-Name =~ /^%{Calling-Station-ID}$/i) -> FALSE
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/157.159.21.152/auth-detail-20110124
[auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/157.159.21.152/auth-detail-20110124
[auth_log] expand: %t -> Mon Jan 24 13:32:42 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 5 to 157.159.21.152 port 38145
EAP-Message =
0x0106040015c0000013f62b7ad35bfb33401ea0d59817bc8b87c389d35da08eb2aaaaf68e698806c5fa8921f3089d692e09339b290d460f8ccc4934b06951bdf906cd68ad664cbc3eac61bd0a880ec8df3dee7c044c9d0a5e6b91d6eec7ed288dab4d878973d06ea4d01e168b14e17644037f63ace4cd499cc592f4ab32a1485b0203010001a381aa3081a7301f0603551d23041830168014adbd987a34b426f7fac42654ef03bde024cb541a301d0603551d0e04160414a1725f261b289843955d0737d585969d4bd2c345300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff30440603551d1f043d303b3039a037a035
EAP-Message =
0x8633687474703a2f2f63726c2e7573657274727573742e636f6d2f416464547275737445787465726e616c4341526f6f742e63726c300d06092a864886f70d010105050003820101003cec7be0aea30e966d30d785c6d2685b455a82a6340fb0c992235e116d0811b27409233a352573585ecab97c28fa47ecf9a0035850b653ef8cdb39e467e9d8ca2846d4a7e0f53875f8e7cb5cbf1d113c6a409b2d4456d3f7ff0528320c15c8644593e821248f2dda7a847b4fcfcdb2257c7710d394d10491a8251c09220f7d44351114efaf00fe5eea5f8eb0d99259bafc1396a0180156cedaf6280bb1afdd5c4f5cb2f38f5a71cfed18ad63881d8e95f7ea95e7
EAP-Message =
0x1fad90b8840847857f222f1a1d4830d64c08d8371967322beb5cd0b2fc6e579f04355e90007e11c7de132acda46d4526c78856a0f06af7d8e7fc277e6708d0bdfab6c361020165b9b82fcf5a00043a308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833
EAP-Message =
0x385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87
EAP-Message = 0xa16a50dcd79a4eaf05b3a671
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xedc31135e8c504ab4c1716af0bfa702b
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 157.159.21.152 port 38145,
id=6, length=151
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020600061500
State = 0xedc31135e8c504ab4c1716af0bfa702b
Message-Authenticator = 0xcf243cc23273b32a6bf04a9dfa019ede
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++- entering policy rewrite_calling_station_id {...}
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
? Evaluating (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++- entering if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
{...}
expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 020000000001
++++[request] returns ok
+++- if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
returns ok
+++ ... skipping else for request 6: Preceding "if" was taken
++- policy rewrite_calling_station_id returns ok
++? if (User-Name =~ /^%{Calling-Station-ID}$/i)
expand: ^%{Calling-Station-ID}$ -> ^020000000001$
? Evaluating (User-Name =~ /^%{Calling-Station-ID}$/i) -> FALSE
++? if (User-Name =~ /^%{Calling-Station-ID}$/i) -> FALSE
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/157.159.21.152/auth-detail-20110124
[auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/157.159.21.152/auth-detail-20110124
[auth_log] expand: %t -> Mon Jan 24 13:32:42 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 6 to 157.159.21.152 port 38145
EAP-Message =
0x0107040015c0000013f6949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde0
EAP-Message =
0x24cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593
EAP-Message =
0x701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604160301018d0c0001890080e65ec2fd868598b9e50b7a44362e8377790373dd047b7e26e1aee4c5fc8ec05662adb9fdef3963c5829b6d126c3f8c55e633e870b773163b4308aa305e3dc6cabcdc3e0133addd332b35b98f57e201174f1217e27ea2d3dad122897d90ae8d
EAP-Message =
0xf27cfee20a17880976f4bfda7aa37f97d80e3048d766a7c314e2d25611836b69830001020080d89012d92b4f0eb00042e427038d3547d379ac40c35c2038eec941eb871b2a00ce639d3d363378107148eb5559e30373d3b893a725f528f74d6e87f9519ed2bb6216329022530cd286b40f2435960b57dc17fb736deca35a29677eace88a57fadd056e787bd6dfaf5c04491196f5777592274a2ff3079fc0eabb9cef648e63f7008027fa76ec2f9b3c3a835bf273e0a0a050487cddb0d5f22b26ca16d782a135e9c14c1fa76042de8e8187e79b6eb5604c8ebc86192dd9998e8b2a64a8c8afc668783397a0d80ec55b647326c12f09a4497e2bb6251346
EAP-Message = 0x741ef958cdc4b2e9b1124172
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xedc31135ebc404ab4c1716af0bfa702b
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 157.159.21.152 port 38145,
id=7, length=151
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020700061500
State = 0xedc31135ebc404ab4c1716af0bfa702b
Message-Authenticator = 0xdc2e50ca9859a8af2ee081ac7f0dc4c8
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++- entering policy rewrite_calling_station_id {...}
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
? Evaluating (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++- entering if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
{...}
expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 020000000001
++++[request] returns ok
+++- if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
returns ok
+++ ... skipping else for request 7: Preceding "if" was taken
++- policy rewrite_calling_station_id returns ok
++? if (User-Name =~ /^%{Calling-Station-ID}$/i)
expand: ^%{Calling-Station-ID}$ -> ^020000000001$
? Evaluating (User-Name =~ /^%{Calling-Station-ID}$/i) -> FALSE
++? if (User-Name =~ /^%{Calling-Station-ID}$/i) -> FALSE
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/157.159.21.152/auth-detail-20110124
[auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/157.159.21.152/auth-detail-20110124
[auth_log] expand: %t -> Mon Jan 24 13:32:42 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 7 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 7 to 157.159.21.152 port 38145
EAP-Message =
0x010800321580000013f6f12023534f63fbcd17b3c2fcfa84749a81af0046248c4826fffdca3098879116030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xedc31135eacb04ab4c1716af0bfa702b
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 157.159.21.152 port 38145,
id=8, length=349
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020800cc15001603010086100000820080d99c52c1d23a180ae79476025b85f02483e13e06d5b7a328926b6bc24d5e2cbeb5507b6df29b7f4e34bc93a05073d7365d3e21d32f0b2f648f76e306042e115806d76f1542391d4a9b7ab96c4b7fadebe114aab01c2a3248ea610f3e2a72cac287d87015cfc965c24249d78860e7237593f02c658827727736e14e3f5842af8f1403010001011603010030190d5fd8a54a619956361ae81ebb49cb90d48cdc732d9af1351f89f45aa8e00c2585f92d6cf713e41f15b43e0fa52dc7
State = 0xedc31135eacb04ab4c1716af0bfa702b
Message-Authenticator = 0xb7db2e82734c2dfe3b3bee6deb3f73bd
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++- entering policy rewrite_calling_station_id {...}
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
? Evaluating (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++- entering if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
{...}
expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 020000000001
++++[request] returns ok
+++- if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
returns ok
+++ ... skipping else for request 8: Preceding "if" was taken
++- policy rewrite_calling_station_id returns ok
++? if (User-Name =~ /^%{Calling-Station-ID}$/i)
expand: ^%{Calling-Station-ID}$ -> ^020000000001$
? Evaluating (User-Name =~ /^%{Calling-Station-ID}$/i) -> FALSE
++? if (User-Name =~ /^%{Calling-Station-ID}$/i) -> FALSE
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/157.159.21.152/auth-detail-20110124
[auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/157.159.21.152/auth-detail-20110124
[auth_log] expand: %t -> Mon Jan 24 13:32:42 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 8 length 204
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[ttls] TLS_accept: SSLv3 read client key exchange A
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 read finished A
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] TLS_accept: SSLv3 write change cipher spec A
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 write finished A
[ttls] TLS_accept: SSLv3 flush data
[ttls] (other): SSL negotiation finished successfully
SSL Connection Established
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 8 to 157.159.21.152 port 38145
EAP-Message =
0x0109004515800000003b14030100010116030100305ea81a70a3e26a45cbfe9eef323e03ee0cb031231d39b6c089c47db781866d920069d46737b0171b08cbb1b958091872
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xedc31135e5ca04ab4c1716af0bfa702b
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 157.159.21.152 port 38145,
id=9, length=257
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x02090070150017030100205ec67a36781370cb75715381762e1fd20920f9f8a42c6a19bbe343d0f607c2281703010040be43ddd3e564f27af46809b6ffd8c993fb0edf78fb8dd2a0dbdf4a794b3690691666c189c6220c2d5bcc9eb03e8d5a16c2d852d9c5d5cb9b60f72adfb18e5217
State = 0xedc31135e5ca04ab4c1716af0bfa702b
Message-Authenticator = 0xa466fcb68e6390387d56ce1d2db46712
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++- entering policy rewrite_calling_station_id {...}
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
? Evaluating (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++- entering if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
{...}
expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 020000000001
++++[request] returns ok
+++- if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
returns ok
+++ ... skipping else for request 9: Preceding "if" was taken
++- policy rewrite_calling_station_id returns ok
++? if (User-Name =~ /^%{Calling-Station-ID}$/i)
expand: ^%{Calling-Station-ID}$ -> ^020000000001$
? Evaluating (User-Name =~ /^%{Calling-Station-ID}$/i) -> FALSE
++? if (User-Name =~ /^%{Calling-Station-ID}$/i) -> FALSE
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/157.159.21.152/auth-detail-20110124
[auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/157.159.21.152/auth-detail-20110124
[auth_log] expand: %t -> Mon Jan 24 13:32:42 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 9 length 112
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] eaptls_process returned 7
[ttls] Session established. Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
User-Name = "doutrele"
User-Password = "xxxxxxx"
FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
User-Name = "doutrele"
User-Password = "xxxxxxx"
FreeRADIUS-Proxied-To = 127.0.0.1
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "020000000001"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
server inner-tunnel {
# Executing section authorize from file
/etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "doutrele", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "doutrele"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
++[control] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++- entering redundant-load-balance group redundant-load-balance {...}
[ldap1] performing user authorization for doutrele
[ldap1] expand: %{Stripped-User-Name} -> doutrele
[ldap1] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=doutrele)
[ldap1] expand: dc=int-evry,dc=fr -> dc=int-evry,dc=fr
[ldap1] ldap_get_conn: Checking Id: 0
[ldap1] ldap_get_conn: Got Id: 0
[ldap1] attempting LDAP reconnection
[ldap1] (re)connect to ldap1.int-evry.fr:389, authentication 0
[ldap1] bind as cn=radius,ou=system,dc=int-evry,dc=fr/=glopradius to
ldap1.int-evry.fr:389
[ldap1] waiting for bind result ...
[ldap1] Bind was successful
[ldap1] performing search in dc=int-evry,dc=fr, with filter
(uid=doutrele)
[ldap1] looking for check items in directory...
[ldap1] userPassword -> Cleartext-Password ==
"{CRYPT}$1$s2ia13$N0H.UQUHYnS0ssrjORSm10"
[ldap1] looking for reply items in directory...
[ldap1] eduPersonPrimaryAffiliation -> User-Category = "employee"
[ldap1] Setting Auth-Type = LDAP
[ldap1] user doutrele authorized to use remote access
[ldap1] ldap_release_conn: Release Id: 0
+++[ldap1] returns ok
++- redundant-load-balance group redundant-load-balance returns ok
[files] users: Matched entry DEFAULT at line 8
[files] users: Matched entry DEFAULT at line 14
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = LDAP
# Executing group from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group LDAP {...}
++- entering redundant-load-balance group redundant-load-balance {...}
[ldap4] login attempt by "doutrele" with password "xxxxxxx"
[ldap4] user DN: uid=doutrele,ou=People,dc=int-evry,dc=fr
[ldap4] (re)connect to ldap4.int-evry.fr:389, authentication 1
[ldap4] bind as uid=doutrele,ou=People,dc=int-evry,dc=fr/xxxxxxx to
ldap4.int-evry.fr:389
[ldap4] waiting for bind result ...
[ldap4] Bind was successful
[ldap4] user doutrele authenticated succesfully
+++[ldap4] returns ok
++- redundant-load-balance group redundant-load-balance returns ok
# Executing section post-auth from file
/etc/raddb/sites-enabled/inner-tunnel
+- entering group post-auth {...}
++[files] returns noop
expand: %{Stripped-User-Name} -> doutrele
++[outer.reply] returns noop
} # server inner-tunnel
[ttls] Got tunneled reply code 2
User-Category = "employee"
Tunnel-Type:0 := VLAN
Tunnel-Medium-Type:0 := IEEE-802
Tunnel-Private-Group-Id:1 = "invites"
[ttls] Got tunneled Access-Accept
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
[sql] expand: %{User-Name} -> anonymous at it-sudparis.eu
[sql] sql_set_user escaped user --> 'anonymous at it-sudparis.eu'
[sql] expand: %{User-Password} ->
[sql] ... expanding second conditional
[sql] expand: %{Chap-Password} ->
[sql] expand: INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth
(username, pass, reply, authdate)
VALUES ( 'anonymous at it-sudparis.eu',
'', 'Access-Accept',
'2011-01-24 13:32:42')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
(username, pass, reply, authdate)
VALUES ( 'anonymous at it-sudparis.eu',
'', 'Access-Accept',
'2011-01-24 13:32:42')
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[exec] returns noop
++? if (control:Auth-Type == 'CSID')
? Evaluating (control:Auth-Type == 'CSID') -> FALSE
++? if (control:Auth-Type == 'CSID') -> FALSE
Sending Access-Accept of id 9 to 157.159.21.152 port 38145
User-Name = "doutrele"
Tunnel-Type:0 := VLAN
Tunnel-Medium-Type:0 := IEEE-802
Tunnel-Private-Group-Id:1 = "invites"
MS-MPPE-Recv-Key =
0xa497cfb3650ac2467d54e675578bfee01907a5f59f82e63c8160c13900fa256c
MS-MPPE-Send-Key =
0xa8cc46b336b7e475d9a5664150b3f206d7b1af97e21052b71440d9c8a8476840
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 9.
Going to the next request
Waking up in 4.9 seconds.
More information about the Freeradius-Users
mailing list