Freeradius proxy to IAS w/SQL attributes?

Rob Ansaldo rlansaldo at amherst.edu
Wed Nov 9 21:27:07 CET 2011


We are already running a MS IAS Radius server that uses our AD, but what
we would like to do is to use FreeRADIUS to proxy requests to our IAS
server and add in some vendor specific attributes that we would set in a
MySQL database. The IAS server does not have these attributes, nor do we
want to use the IAS server for them. What would be preferred is to set
the attributes in the MySQL database based on other business logic.
These are 802.1x wireless clients connecting to our wireless controller.
I have successfully configured FreeRADIUS to proxy the requests from the
wireless controller to our IAS server. Where I am having trouble is
applying any sort of custom attributes to the response. I can see that
the client username is being queried, a group is being obtained and the
attributes for that group are being queried but they never appear in the
Access-Accept.

The configuration uses the default configuration files, except that I
have added my wireless controller to clients.conf, a DEFAULT proxy to
the IAS server, uncommented the sql section in radius.conf and added the
settings for my MySQL server.

Is what I am trying to do possible and if so, how would I go about it?

The output of radiusd -X is included below:

FreeRADIUS Version 2.1.7, for host x86_64-redhat-linux-gnu, built on Mar
31 2010 at 00:14:28
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. 
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
PARTICULAR PURPOSE. 
You may redistribute copies of FreeRADIUS under the terms of the 
GNU General Public License v2. 
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/detail.log
including configuration file
/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/sql.conf
including configuration file /etc/raddb/sql/mysql/dialup.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/inner-tunnel
including configuration file /etc/raddb/sites-enabled/control-socket
group = radiusd
user = radiusd
including dictionary file /etc/raddb/dictionary
main {
	prefix = "/usr"
	localstatedir = "/var"
	logdir = "/var/log/radius"
	libdir = "/usr/lib64/freeradius"
	radacctdir = "/var/log/radius/radacct"
	hostname_lookups = no
	max_request_time = 30
	cleanup_delay = 5
	max_requests = 1024
	allow_core_dumps = no
	pidfile = "/var/run/radiusd/radiusd.pid"
	checkrad = "/usr/sbin/checkrad"
	debug_level = 0
	proxy_requests = yes
 log {
	stripped_names = no
	auth = no
	auth_badpass = no
	auth_goodpass = no
 }
 security {
	max_attributes = 200
	reject_delay = 1
	status_server = yes
 }
}
radiusd: #### Loading Realms and Home Servers ####
 proxy server {
	retry_delay = 5
	retry_count = 3
	default_fallback = no
	dead_time = 120
	wake_all_if_all_dead = no
 }
 realm DEFAULT {
	authhost = testradius.amherst.edu:1812
	secret = XXXXXXXXXXXXX
 }
 home_server localhost {
	ipaddr = 127.0.0.1
	port = 1812
	type = "auth"
	secret = "XXXXXXXXXXX"
	response_window = 20
	max_outstanding = 65536
	require_message_authenticator = no
	zombie_period = 40
	status_check = "status-server"
	ping_interval = 30
	check_interval = 30
	num_answers_to_alive = 3
	num_pings_to_alive = 3
	revive_interval = 120
	status_check_timeout = 4
	irt = 2
	mrt = 16
	mrc = 5
	mrd = 30
 }
 home_server_pool my_auth_failover {
	type = fail-over
	home_server = localhost
 }
 realm example.com {
	auth_pool = my_auth_failover
 }
 realm LOCAL {
 }
radiusd: #### Loading Clients ####
 client localhost {
	ipaddr = 127.0.0.1
	require_message_authenticator = no
	secret = "XXXXXXXXXXX"
	nastype = "other"
 }
 client 192.168.34.0/24 {
	require_message_authenticator = no
	secret = "XXXXXXXXXXX"
	shortname = "aruba"
 }
radiusd: #### Instantiating modules ####
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating exec
  exec {
	wait = no
	input_pairs = "request"
	shell_escape = yes
  }
 Module: Linked to module rlm_expr
 Module: Instantiating expr
 Module: Linked to module rlm_expiration
 Module: Instantiating expiration
  expiration {
	reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating logintime
  logintime {
	reply-message = "You are calling outside your allowed timespan
"
	minimum-timeout = 60
  }
 }
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_pap
 Module: Instantiating pap
  pap {
	encryption_scheme = "auto"
	auto_header = no
  }
 Module: Linked to module rlm_chap
 Module: Instantiating chap
 Module: Linked to module rlm_mschap
 Module: Instantiating mschap
  mschap {
	use_mppe = yes
	require_encryption = no
	require_strong = no
	with_ntdomain_hack = no
  }
 Module: Linked to module rlm_unix
 Module: Instantiating unix
  unix {
	radwtmp = "/var/log/radius/radwtmp"
  }
 Module: Linked to module rlm_eap
 Module: Instantiating eap
  eap {
	default_eap_type = "md5"
	timer_expire = 60
	ignore_unknown_eap_types = no
	cisco_accounting_username_bug = no
	max_sessions = 2048
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
   gtc {
	challenge = "Password: "
	auth_type = "PAP"
   }
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
	rsa_key_exchange = no
	dh_key_exchange = yes
	rsa_key_length = 512
	dh_key_length = 512
	verify_depth = 0
	pem_file_type = yes
	private_key_file = "/etc/raddb/certs/server.pem"
	certificate_file = "/etc/raddb/certs/server.pem"
	CA_file = "/etc/raddb/certs/ca.pem"
	private_key_password = "whatever"
	dh_file = "/etc/raddb/certs/dh"
	random_file = "/etc/raddb/certs/random"
	fragment_size = 1024
	include_length = yes
	check_crl = no
	cipher_list = "DEFAULT"
	make_cert_command = "/etc/raddb/certs/bootstrap"
    cache {
	enable = no
	lifetime = 24
	max_entries = 255
    }
   }
 Module: Linked to sub-module rlm_eap_ttls
 Module: Instantiating eap-ttls
   ttls {
	default_eap_type = "md5"
	copy_request_to_tunnel = no
	use_tunneled_reply = no
	virtual_server = "inner-tunnel"
	include_length = yes
   }
 Module: Linked to sub-module rlm_eap_peap
 Module: Instantiating eap-peap
   peap {
	default_eap_type = "mschapv2"
	copy_request_to_tunnel = no
	use_tunneled_reply = no
	proxy_tunneled_request_as_eap = yes
	virtual_server = "inner-tunnel"
   }
 Module: Linked to sub-module rlm_eap_mschapv2
 Module: Instantiating eap-mschapv2
   mschapv2 {
	with_ntdomain_hack = no
   }
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_realm
 Module: Instantiating suffix
  realm suffix {
	format = "suffix"
	delimiter = "@"
	ignore_default = no
	ignore_null = no
  }
 Module: Linked to module rlm_files
 Module: Instantiating files
  files {
	usersfile = "/etc/raddb/users"
	acctusersfile = "/etc/raddb/acct_users"
	preproxy_usersfile = "/etc/raddb/preproxy_users"
	compat = "no"
  }
 Module: Checking session {...} for more modules to load
 Module: Linked to module rlm_radutmp
 Module: Instantiating radutmp
  radutmp {
	filename = "/var/log/radius/radutmp"
	username = "%{User-Name}"
	case_sensitive = yes
	check_with_nas = yes
	perm = 384
	callerid = yes
  }
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 Module: Linked to module rlm_attr_filter
 Module: Instantiating attr_filter.access_reject
  attr_filter attr_filter.access_reject {
	attrsfile = "/etc/raddb/attrs.access_reject"
	key = "%{User-Name}"
  }
 } # modules
} # server
server {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating preprocess
  preprocess {
	huntgroups = "/etc/raddb/huntgroups"
	hints = "/etc/raddb/hints"
	with_ascend_hack = no
	ascend_channels_per_line = 23
	with_ntdomain_hack = no
	with_specialix_jetstream_hack = no
	with_cisco_vsa_hack = no
	with_alvarion_vsa_hack = no
  }
 Module: Linked to module rlm_sql
 Module: Instantiating sql
  sql {
	driver = "rlm_sql_mysql"
	server = "mysqlserver"
	port = ""
	login = "netradius"
	password = "XXXXXXXXXXXX"
	radius_db = "netradius"
	read_groups = yes
	sqltrace = no
	sqltracefile = "/var/log/radius/sqltrace.sql"
	readclients = no
	deletestalesessions = yes
	num_sql_socks = 5
	lifetime = 0
	max_queries = 0
	sql_user_name = "%{User-Name}"
	default_user_profile = ""
	nas_query = "SELECT id, nasname, shortname, type, secret FROM
nas"
	authorize_check_query = "SELECT id, username, attribute, value,
op           FROM radcheck           WHERE username = '%{SQL-User-Name}'
ORDER BY id"
	authorize_reply_query = "SELECT id, username, attribute, value,
op           FROM radreply           WHERE username = '%{SQL-User-Name}'
ORDER BY id"
	authorize_group_check_query = "SELECT id, groupname, attribute,
Value, op           FROM radgroupcheck           WHERE groupname =
'%{Sql-Group}'           ORDER BY id"
	authorize_group_reply_query = "SELECT id, groupname, attribute,
value, op           FROM radgroupreply           WHERE groupname =
'%{Sql-Group}'           ORDER BY id"
	accounting_onoff_query = "          UPDATE radacct           SET
acctstoptime       =  '%S',              acctsessiontime    =
unix_timestamp('%S') -
unix_timestamp(acctstarttime),              acctterminatecause =
'%{Acct-Terminate-Cause}',              acctstopdelay      =
%{%{Acct-Delay-Time}:-0}           WHERE acctstoptime IS NULL
AND nasipaddress      =  '%{NAS-IP-Address}'           AND acctstarttime
<= '%S'"
	accounting_update_query = "           UPDATE radacct
SET              framedipaddress = '%{Framed-IP-Address}',
acctsessiontime     = '%{Acct-Session-Time}',
acctinputoctets     = '%{%{Acct-Input-Gigawords}:-0}'  << 32 |
'%{%{Acct-Input-Octets}:-0}',              acctoutputoctets    =
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}'           WHERE acctsessionid =
'%{Acct-Session-Id}'           AND username        = '%{SQL-User-Name}'
AND nasipaddress    = '%{NAS-IP-Address}'"
	accounting_update_query_alt = "           INSERT INTO radacct
(acctsessionid,    acctuniqueid,      username,              realm,
nasipaddress,      nasportid,              nasporttype,
acctstarttime,     acctsessiontime,              acctauthentic,
connectinfo_start, acctinputoctets,              acctoutputoctets,
calledstationid,   callingstationid,              servicetype,
framedprotocol,    framedipaddress,              acctstartdelay,
xascendsessionsvrkey)           VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}',              '%{NAS-Port-Type}',
DATE_SUB('%S',                       INTERVAL
(%{%{Acct-Session-Time}:-0} +
%{%{Acct-Delay-Time}:-0}) SECOND),
'%{Acct-Session-Time}',              '%{Acct-Authentic}', '',
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}',
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}',
'%{Calling-Station-Id}',              '%{Service-Type}',
'%{Framed-Protocol}',              '%{Framed-IP-Address}',
'0', '%{X-Ascend-Session-Svr-Key}')"
	accounting_start_query = "           INSERT INTO radacct
(acctsessionid,    acctuniqueid,     username,              realm,
nasipaddress,     nasportid,              nasporttype,
acctstarttime,    acctstoptime,              acctsessiontime,
acctauthentic,    connectinfo_start,              connectinfo_stop,
acctinputoctets,  acctoutputoctets,              calledstationid,
callingstationid, acctterminatecause,              servicetype,
framedprotocol,   framedipaddress,              acctstartdelay,
acctstopdelay,    xascendsessionsvrkey)           VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,
'0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0', '0',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
'%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
	accounting_start_query_alt = "           UPDATE radacct SET
acctstarttime     = '%S',              acctstartdelay    =
'%{%{Acct-Delay-Time}:-0}',              connectinfo_start =
'%{Connect-Info}'           WHERE acctsessionid  = '%{Acct-Session-Id}'
AND username         = '%{SQL-User-Name}'           AND nasipaddress
= '%{NAS-IP-Address}'"
	accounting_stop_query = "           UPDATE radacct SET
acctstoptime       = '%S',              acctsessiontime    =
'%{Acct-Session-Time}',              acctinputoctets    =
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}',              acctoutputoctets   =
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}',              acctterminatecause =
'%{Acct-Terminate-Cause}',              acctstopdelay      =
'%{%{Acct-Delay-Time}:-0}',              connectinfo_stop   =
'%{Connect-Info}'           WHERE acctsessionid   = '%{Acct-Session-Id}'
AND username          = '%{SQL-User-Name}'           AND nasipaddress
= '%{NAS-IP-Address}'"
	accounting_stop_query_alt = "           INSERT INTO radacct
(acctsessionid, acctuniqueid, username,              realm,
nasipaddress, nasportid,              nasporttype, acctstarttime,
acctstoptime,              acctsessiontime, acctauthentic,
connectinfo_start,              connectinfo_stop, acctinputoctets,
acctoutputoctets,              calledstationid, callingstationid,
acctterminatecause,              servicetype, framedprotocol,
framedipaddress,              acctstartdelay, acctstopdelay)
VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}',              '%{NAS-Port-Type}',
DATE_SUB('%S',                  INTERVAL (%{%{Acct-Session-Time}:-0} +
%{%{Acct-Delay-Time}:-0}) SECOND),              '%S',
'%{Acct-Session-Time}', '%{Acct-Authentic}', '',
'%{Connect-Info}',              '%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}',
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}',
'%{Calling-Station-Id}',              '%{Acct-Terminate-Cause}',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
'0', '%{%{Acct-Delay-Time}:-0}')"
	group_membership_query = "SELECT groupname           FROM
radusergroup           WHERE username = '%{SQL-User-Name}'
ORDER BY priority"
	connect_failure_retry_delay = 60
	simul_count_query = ""
	simul_verify_query = "SELECT radacctid, acctsessionid, username,
nasipaddress, nasportid, framedipaddress,
callingstationid, framedprotocol                                FROM
radacct                                WHERE username =
'%{SQL-User-Name}'                                AND acctstoptime IS
NULL"
	postauth_query = "INSERT INTO radpostauth
(username, pass, reply, authdate)                           VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S')"
	safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  }
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
linked
rlm_sql (sql): Attempting to connect to netradius at mysqlserver:/netradius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
 Module: Checking preacct {...} for more modules to load
 Module: Linked to module rlm_acct_unique
 Module: Instantiating acct_unique
  acct_unique {
	key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
  }
 Module: Checking accounting {...} for more modules to load
 Module: Linked to module rlm_detail
 Module: Instantiating detail
  detail {
	detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
	header = "%t"
	detailperm = 384
	dirperm = 493
	locking = no
	log_packet_header = no
  }
 Module: Instantiating attr_filter.accounting_response
  attr_filter attr_filter.accounting_response {
	attrsfile = "/etc/raddb/attrs.accounting_response"
	key = "%{User-Name}"
  }
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 } # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
	type = "auth"
	ipaddr = *
	port = 0
}
listen {
	type = "acct"
	ipaddr = *
	port = 0
}
listen {
	type = "control"
 listen {
	socket = "/var/run/radiusd/radiusd.sock"
 }
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.34.146 port 32859,
id=92, length=188
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message = 0x0201000e01726c616e73616c646f
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x51bfcd6a7df72e82a408f91e1cc3ed4d
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "stafftest", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "stafftest"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user stafftest to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT" 
++[suffix] returns updated
[eap] Request is supposed to be proxied to Realm DEFAULT.  Not doing
EAP.
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[sql] 	expand: %{User-Name} -> stafftest
[sql] sql_set_user escaped user --> 'stafftest'
rlm_sql (sql): Reserving sql socket id: 4
[sql] 	expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'stafftest'           ORDER BY id
[sql] 	expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
SELECT groupname           FROM radusergroup           WHERE username =
'stafftest'           ORDER BY priority
[sql] 	expand: SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = 'FacStaffPool'
ORDER BY id
[sql] User found in group FacStaffPool
[sql] 	expand: SELECT id, groupname, attribute,           value, op
FROM radgroupreply           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           value, op
FROM radgroupreply           WHERE groupname = 'FacStaffPool'
ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
  WARNING: Empty section.  Using default return values.
Sending Access-Request of id 181 to 192.168.136.13 port 1812
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message = 0x0201000e01726c616e73616c646f
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x3932
Proxying request 0 to home server 192.168.136.13 port 1812
Sending Access-Request of id 181 to 192.168.136.13 port 1812
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message = 0x0201000e01726c616e73616c646f
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x3932
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 192.168.136.13 port 1812,
id=181, length=81
	Proxy-State = 0x3932
	Session-Timeout = 30
	EAP-Message = 0x010200061920
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Message-Authenticator = 0x28583d08bd7a2d9001fe079e02c7bf2a
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
Sending Access-Challenge of id 92 to 192.168.34.146 port 32859
	Session-Timeout = 30
	EAP-Message = 0x010200061920
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Message-Authenticator = 0x00000000000000000000000000000000
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.34.146 port 32859,
id=93, length=363
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message =
0x020200a419800000009a16030100950100009103014ebad5a4f5b5ce32aae5210a38f1
6ee9e0073771c81a170a171b93eee846ab08000056c00ac009c007c008c013c014c011c0
12c004c005c002c003c00ec00fc00cc00d002f000500040035000a000900030008000600
320033003800390016001500140013001200110034003a0018001b001a00170019000101
000012000a00080006001700180019000b00020100
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0xee85c434b866b80ee815cc20678212e4
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "stafftest", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "stafftest"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user stafftest to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT" 
++[suffix] returns updated
[eap] Request is supposed to be proxied to Realm DEFAULT.  Not doing
EAP.
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[sql] 	expand: %{User-Name} -> stafftest
[sql] sql_set_user escaped user --> 'stafftest'
rlm_sql (sql): Reserving sql socket id: 3
[sql] 	expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'stafftest'           ORDER BY id
[sql] 	expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
SELECT groupname           FROM radusergroup           WHERE username =
'stafftest'           ORDER BY priority
[sql] 	expand: SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = 'FacStaffPool'
ORDER BY id
[sql] User found in group FacStaffPool
[sql] 	expand: SELECT id, groupname, attribute,           value, op
FROM radgroupreply           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           value, op
FROM radgroupreply           WHERE groupname = 'FacStaffPool'
ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
  WARNING: Empty section.  Using default return values.
Sending Access-Request of id 236 to 192.168.136.13 port 1812
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message =
0x020200a419800000009a16030100950100009103014ebad5a4f5b5ce32aae5210a38f1
6ee9e0073771c81a170a171b93eee846ab08000056c00ac009c007c008c013c014c011c0
12c004c005c002c003c00ec00fc00cc00d002f000500040035000a000900030008000600
320033003800390016001500140013001200110034003a0018001b001a00170019000101
000012000a00080006001700180019000b00020100
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x3933
Proxying request 1 to home server 192.168.136.13 port 1812
Sending Access-Request of id 236 to 192.168.136.13 port 1812
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message =
0x020200a419800000009a16030100950100009103014ebad5a4f5b5ce32aae5210a38f1
6ee9e0073771c81a170a171b93eee846ab08000056c00ac009c007c008c013c014c011c0
12c004c005c002c003c00ec00fc00cc00d002f000500040035000a000900030008000600
320033003800390016001500140013001200110034003a0018001b001a00170019000101
000012000a00080006001700180019000b00020100
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x3933
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 192.168.136.13 port 1812,
id=236, length=1179
	Proxy-State = 0x3933
	Session-Timeout = 30
	EAP-Message =
0x0103044819c000001081160301107c0200004603014ebad59fb96bf68b162d7fce0db2
16d2dab03ffebd4cf613bd1c198ba50b81e02010010000bab4d6364ee63fed5ce7e1ff82
b36b2c2075f59dd0d4eded34c690c20004000b00038a00038700038430820380308202e9
a003020102020314f67d300d06092a864886f70d0101050500304e310b30090603550406
130255533110300e060355040a130745717569666178312d302b060355040b1324457175
696661782053656375726520436572746966696361746520417574686f72697479301e17
0d3130313032343130343631335a170d3135313032353137333032345a3081eb31293027
0603
	EAP-Message =
0x55040513206551752d68556a522d796a6b736a637a4d586d4d4c697450366542743762
4b64310b3009060355040613025553311b3019060355040a13127261646975732e616d68
657273742e65647531133011060355040b130a475438353936333230343131302f060355
040b1328536565207777772e726170696473736c2e636f6d2f7265736f75726365732f63
7073202863293130312f302d060355040b1326446f6d61696e20436f6e74726f6c205661
6c696461746564202d20526170696453534c285229311b30190603550403131272616469
75732e616d68657273742e65647530819f300d06092a864886f70d010101050003818d00
3081
	EAP-Message =
0x8902818100ca8f09e01854e64db3274ab932dc7eb0d7d61fe034ba14a1c0051d335401
b218dfe41faf82b7663056d370ac4f752f710f7d4a85cfb460680e84fd99db666589f896
f2a6719e74de786519e185bdb4dc41ba738a84396415f51fdeee7b2b67713e1d9647bf5e
0b652852d1396644e57f8b145a08302d6c9eb35885e9777972630203010001a381cd3081
ca301f0603551d2304183016801448e668f92bd2b295d747d82320104f3398909fd4300e
0603551d0f0101ff0404030204f0301d0603551d250416301406082b0601050507030106
082b06010505070302301d0603551d110416301482127261646975732e616d6865727374
2e65
	EAP-Message =
0x6475303a0603551d1f04333031302fa02da02b8629687474703a2f2f63726c2e67656f
74727573742e636f6d2f63726c732f73656375726563612e63726c301d0603551d0e0416
0414f472fac38af2db9cf0a3d0fa011298825e9f65c6300d06092a864886f70d01010505
000381810021ebfae45db4e72b012f515e9d00b79d714c25047106377d2f534f8a3d7e70
dad9f3a094c8a6d25b0ee1e5e7901601494b4a84487022e1c005f2f367a65274cf1c79d8
195cde2d4f4967ea5fe0f1d3515e19ca0d8e9b30e65d947f0c18f42554eb491db5399aea
c0d54ae4d552965c685054906c96d9ed80632bc064c468d7aa0d000c9c0201020c97008d
3081
	EAP-Message =
0x8a3122302006092a864886f70d0109011613646d697277696e40616d68657273742e65
6475310b3009060355040613025553310b3009060355040813024d413110300e06035504
071307416d6865727374311830
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Message-Authenticator = 0xd30ac4a82ae9e07a58a9a7c80d62be66
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
Sending Access-Challenge of id 93 to 192.168.34.146 port 32859
	Session-Timeout = 30
	EAP-Message =
0x0103044819c000001081160301107c0200004603014ebad59fb96bf68b162d7fce0db2
16d2dab03ffebd4cf613bd1c198ba50b81e02010010000bab4d6364ee63fed5ce7e1ff82
b36b2c2075f59dd0d4eded34c690c20004000b00038a00038700038430820380308202e9
a003020102020314f67d300d06092a864886f70d0101050500304e310b30090603550406
130255533110300e060355040a130745717569666178312d302b060355040b1324457175
696661782053656375726520436572746966696361746520417574686f72697479301e17
0d3130313032343130343631335a170d3135313032353137333032345a3081eb31293027
0603
	EAP-Message =
0x55040513206551752d68556a522d796a6b736a637a4d586d4d4c697450366542743762
4b64310b3009060355040613025553311b3019060355040a13127261646975732e616d68
657273742e65647531133011060355040b130a475438353936333230343131302f060355
040b1328536565207777772e726170696473736c2e636f6d2f7265736f75726365732f63
7073202863293130312f302d060355040b1326446f6d61696e20436f6e74726f6c205661
6c696461746564202d20526170696453534c285229311b30190603550403131272616469
75732e616d68657273742e65647530819f300d06092a864886f70d010101050003818d00
3081
	EAP-Message =
0x8902818100ca8f09e01854e64db3274ab932dc7eb0d7d61fe034ba14a1c0051d335401
b218dfe41faf82b7663056d370ac4f752f710f7d4a85cfb460680e84fd99db666589f896
f2a6719e74de786519e185bdb4dc41ba738a84396415f51fdeee7b2b67713e1d9647bf5e
0b652852d1396644e57f8b145a08302d6c9eb35885e9777972630203010001a381cd3081
ca301f0603551d2304183016801448e668f92bd2b295d747d82320104f3398909fd4300e
0603551d0f0101ff0404030204f0301d0603551d250416301406082b0601050507030106
082b06010505070302301d0603551d110416301482127261646975732e616d6865727374
2e65
	EAP-Message =
0x6475303a0603551d1f04333031302fa02da02b8629687474703a2f2f63726c2e67656f
74727573742e636f6d2f63726c732f73656375726563612e63726c301d0603551d0e0416
0414f472fac38af2db9cf0a3d0fa011298825e9f65c6300d06092a864886f70d01010505
000381810021ebfae45db4e72b012f515e9d00b79d714c25047106377d2f534f8a3d7e70
dad9f3a094c8a6d25b0ee1e5e7901601494b4a84487022e1c005f2f367a65274cf1c79d8
195cde2d4f4967ea5fe0f1d3515e19ca0d8e9b30e65d947f0c18f42554eb491db5399aea
c0d54ae4d552965c685054906c96d9ed80632bc064c468d7aa0d000c9c0201020c97008d
3081
	EAP-Message =
0x8a3122302006092a864886f70d0109011613646d697277696e40616d68657273742e65
6475310b3009060355040613025553310b3009060355040813024d413110300e06035504
071307416d6865727374311830
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Message-Authenticator = 0x00000000000000000000000000000000
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.34.146 port 32859,
id=94, length=205
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message = 0x020300061900
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x16b7be78f6ebd3fe99bfe2d7c3608add
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "stafftest", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "stafftest"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user stafftest to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT" 
++[suffix] returns updated
[eap] Request is supposed to be proxied to Realm DEFAULT.  Not doing
EAP.
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[sql] 	expand: %{User-Name} -> stafftest
[sql] sql_set_user escaped user --> 'stafftest'
rlm_sql (sql): Reserving sql socket id: 2
[sql] 	expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'stafftest'           ORDER BY id
[sql] 	expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
SELECT groupname           FROM radusergroup           WHERE username =
'stafftest'           ORDER BY priority
[sql] 	expand: SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = 'FacStaffPool'
ORDER BY id
[sql] User found in group FacStaffPool
[sql] 	expand: SELECT id, groupname, attribute,           value, op
FROM radgroupreply           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           value, op
FROM radgroupreply           WHERE groupname = 'FacStaffPool'
ORDER BY id
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
  WARNING: Empty section.  Using default return values.
Sending Access-Request of id 203 to 192.168.136.13 port 1812
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message = 0x020300061900
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x3934
Proxying request 2 to home server 192.168.136.13 port 1812
Sending Access-Request of id 203 to 192.168.136.13 port 1812
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message = 0x020300061900
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x3934
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 192.168.136.13 port 1812,
id=203, length=1179
	Proxy-State = 0x3934
	Session-Timeout = 30
	EAP-Message =
0x01040448194016060355040a130f416d686572737420436f6c6c656765310c300a0603
55040b1303534e543110300e06035504031307416d686572737400c43081c1310b300906
035504061302555331173015060355040a130e566572695369676e2c20496e632e313c30
3a060355040b1333436c6173732031205075626c6963205072696d617279204365727469
6669636174696f6e20417574686f72697479202d204732313a3038060355040b13312863
29203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a
656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374
204e
	EAP-Message =
0x6574776f726b00c43081c1310b300906035504061302555331173015060355040a130e
566572695369676e2c20496e632e313c303a060355040b1333436c617373203420507562
6c6963205072696d6172792043657274696669636174696f6e20417574686f7269747920
2d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e
632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504
0b1316566572695369676e205472757374204e6574776f726b00d43081d1310b30090603
55040613025a41311530130603550408130c5765737465726e2043617065311230100603
5504
	EAP-Message =
0x0713094361706520546f776e311a3018060355040a131154686177746520436f6e7375
6c74696e6731283026060355040b131f43657274696669636174696f6e20536572766963
6573204469766973696f6e312430220603550403131b54686177746520506572736f6e61
6c20467265656d61696c204341312b302906092a864886f70d010901161c706572736f6e
616c2d667265656d61696c407468617774652e636f6d00d23081cf310b30090603550406
13025a41311530130603550408130c5765737465726e2043617065311230100603550407
13094361706520546f776e311a3018060355040a131154686177746520436f6e73756c74
696e
	EAP-Message =
0x6731283026060355040b131f43657274696669636174696f6e20536572766963657320
4469766973696f6e312330210603550403131a54686177746520506572736f6e616c2050
72656d69756d204341312a302806092a864886f70d010901161b706572736f6e616c2d70
72656d69756d407468617774652e636f6d0086308183310b300906035504061302555331
2d302b060355040a132446697273742044617461204469676974616c2043657274696669
636174657320496e632e314530430603550403133c466972737420446174612044696769
74616c2043657274696669636174657320496e632e2043657274696669636174696f6e20
4175
	EAP-Message =
0x74686f7269747900ce3081cb310b3009060355040613025a4131153013060355040813
0c5765737465726e204361706531123010060355040713094361706520546f776e311a30
18060355040a13115468617774
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Message-Authenticator = 0x4e1cd34fa93d0d9d923ab17aca49a1f8
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
Sending Access-Challenge of id 94 to 192.168.34.146 port 32859
	Session-Timeout = 30
	EAP-Message =
0x01040448194016060355040a130f416d686572737420436f6c6c656765310c300a0603
55040b1303534e543110300e06035504031307416d686572737400c43081c1310b300906
035504061302555331173015060355040a130e566572695369676e2c20496e632e313c30
3a060355040b1333436c6173732031205075626c6963205072696d617279204365727469
6669636174696f6e20417574686f72697479202d204732313a3038060355040b13312863
29203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a
656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374
204e
	EAP-Message =
0x6574776f726b00c43081c1310b300906035504061302555331173015060355040a130e
566572695369676e2c20496e632e313c303a060355040b1333436c617373203420507562
6c6963205072696d6172792043657274696669636174696f6e20417574686f7269747920
2d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e
632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504
0b1316566572695369676e205472757374204e6574776f726b00d43081d1310b30090603
55040613025a41311530130603550408130c5765737465726e2043617065311230100603
5504
	EAP-Message =
0x0713094361706520546f776e311a3018060355040a131154686177746520436f6e7375
6c74696e6731283026060355040b131f43657274696669636174696f6e20536572766963
6573204469766973696f6e312430220603550403131b54686177746520506572736f6e61
6c20467265656d61696c204341312b302906092a864886f70d010901161c706572736f6e
616c2d667265656d61696c407468617774652e636f6d00d23081cf310b30090603550406
13025a41311530130603550408130c5765737465726e2043617065311230100603550407
13094361706520546f776e311a3018060355040a131154686177746520436f6e73756c74
696e
	EAP-Message =
0x6731283026060355040b131f43657274696669636174696f6e20536572766963657320
4469766973696f6e312330210603550403131a54686177746520506572736f6e616c2050
72656d69756d204341312a302806092a864886f70d010901161b706572736f6e616c2d70
72656d69756d407468617774652e636f6d0086308183310b300906035504061302555331
2d302b060355040a132446697273742044617461204469676974616c2043657274696669
636174657320496e632e314530430603550403133c466972737420446174612044696769
74616c2043657274696669636174657320496e632e2043657274696669636174696f6e20
4175
	EAP-Message =
0x74686f7269747900ce3081cb310b3009060355040613025a4131153013060355040813
0c5765737465726e204361706531123010060355040713094361706520546f776e311a30
18060355040a13115468617774
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Message-Authenticator = 0x00000000000000000000000000000000
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.34.146 port 32859,
id=95, length=205
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message = 0x020400061900
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0xc5c6a339035f71e54aae688feeb3587e
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "stafftest", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "stafftest"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user stafftest to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT" 
++[suffix] returns updated
[eap] Request is supposed to be proxied to Realm DEFAULT.  Not doing
EAP.
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[sql] 	expand: %{User-Name} -> stafftest
[sql] sql_set_user escaped user --> 'stafftest'
rlm_sql (sql): Reserving sql socket id: 1
[sql] 	expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'stafftest'           ORDER BY id
[sql] 	expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
SELECT groupname           FROM radusergroup           WHERE username =
'stafftest'           ORDER BY priority
[sql] 	expand: SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = 'FacStaffPool'
ORDER BY id
[sql] User found in group FacStaffPool
[sql] 	expand: SELECT id, groupname, attribute,           value, op
FROM radgroupreply           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           value, op
FROM radgroupreply           WHERE groupname = 'FacStaffPool'
ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
  WARNING: Empty section.  Using default return values.
Sending Access-Request of id 50 to 192.168.136.13 port 1812
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message = 0x020400061900
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x3935
Proxying request 3 to home server 192.168.136.13 port 1812
Sending Access-Request of id 50 to 192.168.136.13 port 1812
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message = 0x020400061900
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x3935
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 192.168.136.13 port 1812,
id=50, length=1179
	Proxy-State = 0x3935
	Session-Timeout = 30
	EAP-Message =
0x0105044819406520436f6e73756c74696e6731283026060355040b131f436572746966
69636174696f6e205365727669636573204469766973696f6e3121301f06035504031318
54686177746520506572736f6e616c2042617369632043413128302606092a864886f70d
0109011619706572736f6e616c2d6261736963407468617774652e636f6d0061305f310b
300906035504061302555331173015060355040a130e566572695369676e2c20496e632e
31373035060355040b132e436c6173732033205075626c6963205072696d617279204365
7274696669636174696f6e20417574686f726974790061305f310b300906035504061302
5553
	EAP-Message =
0x31173015060355040a130e566572695369676e2c20496e632e31373035060355040b13
2e436c6173732032205075626c6963205072696d6172792043657274696669636174696f
6e20417574686f726974790061305f310b30090603550406130255533117301506035504
0a130e566572695369676e2c20496e632e31373035060355040b132e436c617373203120
5075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269
747900c43081c1310b300906035504061302555331173015060355040a130e5665726953
69676e2c20496e632e313c303a060355040b1333436c6173732033205075626c69632050
7269
	EAP-Message =
0x6d6172792043657274696669636174696f6e20417574686f72697479202d204732313a
3038060355040b1331286329203139393820566572695369676e2c20496e632e202d2046
6f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572
695369676e205472757374204e6574776f726b009c308199310b30090603550406130248
553111300f06035504071308427564617065737431273025060355040a131e4e65744c6f
636b2048616c6f7a617462697a746f6e73616769204b66742e311a3018060355040b1311
54616e7573697476616e796b6961646f6b31323030060355040313294e65744c6f636b20
557a
	EAP-Message =
0x6c6574692028436c6173732042292054616e7573697476616e796b6961646f00473045
310b300906035504061302555331183016060355040a130f47544520436f72706f726174
696f6e311c301a06035504031313475445204379626572547275737420526f6f74007730
75310b300906035504061302555331183016060355040a130f47544520436f72706f7261
74696f6e31273025060355040b131e475445204379626572547275737420536f6c757469
6f6e732c20496e632e312330210603550403131a47544520437962657254727573742047
6c6f62616c20526f6f7400c63081c3310b30090603550406130255533114301206035504
0a13
	EAP-Message =
0x0b456e74727573742e6e6574313b3039060355040b13327777772e656e74727573742e
6e65742f43505320696e636f72702e206279207265662e20286c696d697473206c696162
2e2931253023060355040b131c
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Message-Authenticator = 0xa9b0205ae09d6dcbf0d984f02b528db5
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
Sending Access-Challenge of id 95 to 192.168.34.146 port 32859
	Session-Timeout = 30
	EAP-Message =
0x0105044819406520436f6e73756c74696e6731283026060355040b131f436572746966
69636174696f6e205365727669636573204469766973696f6e3121301f06035504031318
54686177746520506572736f6e616c2042617369632043413128302606092a864886f70d
0109011619706572736f6e616c2d6261736963407468617774652e636f6d0061305f310b
300906035504061302555331173015060355040a130e566572695369676e2c20496e632e
31373035060355040b132e436c6173732033205075626c6963205072696d617279204365
7274696669636174696f6e20417574686f726974790061305f310b300906035504061302
5553
	EAP-Message =
0x31173015060355040a130e566572695369676e2c20496e632e31373035060355040b13
2e436c6173732032205075626c6963205072696d6172792043657274696669636174696f
6e20417574686f726974790061305f310b30090603550406130255533117301506035504
0a130e566572695369676e2c20496e632e31373035060355040b132e436c617373203120
5075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269
747900c43081c1310b300906035504061302555331173015060355040a130e5665726953
69676e2c20496e632e313c303a060355040b1333436c6173732033205075626c69632050
7269
	EAP-Message =
0x6d6172792043657274696669636174696f6e20417574686f72697479202d204732313a
3038060355040b1331286329203139393820566572695369676e2c20496e632e202d2046
6f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572
695369676e205472757374204e6574776f726b009c308199310b30090603550406130248
553111300f06035504071308427564617065737431273025060355040a131e4e65744c6f
636b2048616c6f7a617462697a746f6e73616769204b66742e311a3018060355040b1311
54616e7573697476616e796b6961646f6b31323030060355040313294e65744c6f636b20
557a
	EAP-Message =
0x6c6574692028436c6173732042292054616e7573697476616e796b6961646f00473045
310b300906035504061302555331183016060355040a130f47544520436f72706f726174
696f6e311c301a06035504031313475445204379626572547275737420526f6f74007730
75310b300906035504061302555331183016060355040a130f47544520436f72706f7261
74696f6e31273025060355040b131e475445204379626572547275737420536f6c757469
6f6e732c20496e632e312330210603550403131a47544520437962657254727573742047
6c6f62616c20526f6f7400c63081c3310b30090603550406130255533114301206035504
0a13
	EAP-Message =
0x0b456e74727573742e6e6574313b3039060355040b13327777772e656e74727573742e
6e65742f43505320696e636f72702e206279207265662e20286c696d697473206c696162
2e2931253023060355040b131c
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Message-Authenticator = 0x00000000000000000000000000000000
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.34.146 port 32859,
id=96, length=205
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message = 0x020500061900
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0xa76245ced743bfa8662daf1aff9665db
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "stafftest", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "stafftest"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user stafftest to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT" 
++[suffix] returns updated
[eap] Request is supposed to be proxied to Realm DEFAULT.  Not doing
EAP.
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[sql] 	expand: %{User-Name} -> stafftest
[sql] sql_set_user escaped user --> 'stafftest'
rlm_sql (sql): Reserving sql socket id: 0
[sql] 	expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'stafftest'           ORDER BY id
[sql] 	expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
SELECT groupname           FROM radusergroup           WHERE username =
'stafftest'           ORDER BY priority
[sql] 	expand: SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = 'FacStaffPool'
ORDER BY id
[sql] User found in group FacStaffPool
[sql] 	expand: SELECT id, groupname, attribute,           value, op
FROM radgroupreply           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           value, op
FROM radgroupreply           WHERE groupname = 'FacStaffPool'
ORDER BY id
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
  WARNING: Empty section.  Using default return values.
Sending Access-Request of id 203 to 192.168.136.13 port 1812
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message = 0x020500061900
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x3936
Proxying request 4 to home server 192.168.136.13 port 1812
Sending Access-Request of id 203 to 192.168.136.13 port 1812
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message = 0x020500061900
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x3936
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 192.168.136.13 port 1812,
id=203, length=1046
	Proxy-State = 0x3936
	Session-Timeout = 30
	EAP-Message =
0x010603c51900286329203139393920456e74727573742e6e6574204c696d6974656431
3a303806035504031331456e74727573742e6e6574205365637572652053657276657220
43657274696669636174696f6e20417574686f7269747900b23081af310b300906035504
06130248553110300e0603550408130748756e676172793111300f060355040713084275
64617065737431273025060355040a131e4e65744c6f636b2048616c6f7a617462697a74
6f6e73616769204b66742e311a3018060355040b131154616e7573697476616e796b6961
646f6b313630340603550403132d4e65744c6f636b204b6f7a6a6567797a6f692028436c
6173
	EAP-Message =
0x732041292054616e7573697476616e796b6961646f00c43081c1310b30090603550406
1302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355
040b1333436c6173732032205075626c6963205072696d61727920436572746966696361
74696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139
393820566572695369676e2c20496e632e202d20466f7220617574686f72697a65642075
7365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574
776f726b0070306e310b300906035504061302555331183016060355040a130f47544520
436f
	EAP-Message =
0x72706f726174696f6e31273025060355040b131e475445204379626572547275737420
536f6c7574696f6e732c20496e632e311c301a0603550403131347544520437962657254
7275737420526f6f74009e30819b310b30090603550406130248553111300f0603550407
1308427564617065737431273025060355040a131e4e65744c6f636b2048616c6f7a6174
62697a746f6e73616769204b66742e311a3018060355040b131154616e7573697476616e
796b6961646f6b313430320603550403132b4e65744c6f636b20457870726573737a2028
436c6173732043292054616e7573697476616e796b6961646f00723070312b3029060355
040b
	EAP-Message =
0x1322436f70797269676874202863292031393937204d6963726f736f667420436f7270
2e311e301c060355040b13154d6963726f736f667420436f72706f726174696f6e312130
1f060355040313184d6963726f736f667420526f6f7420417574686f726974790061305f
31133011060a0992268993f22c6401191603636f6d31193017060a0992268993f22c6401
1916096d6963726f736f6674312d302b060355040313244d6963726f736f667420526f6f
7420436572746966696361746520417574686f726974790e000000
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Message-Authenticator = 0xc1f03aa10216384972892e99f27466b1
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
Sending Access-Challenge of id 96 to 192.168.34.146 port 32859
	Session-Timeout = 30
	EAP-Message =
0x010603c51900286329203139393920456e74727573742e6e6574204c696d6974656431
3a303806035504031331456e74727573742e6e6574205365637572652053657276657220
43657274696669636174696f6e20417574686f7269747900b23081af310b300906035504
06130248553110300e0603550408130748756e676172793111300f060355040713084275
64617065737431273025060355040a131e4e65744c6f636b2048616c6f7a617462697a74
6f6e73616769204b66742e311a3018060355040b131154616e7573697476616e796b6961
646f6b313630340603550403132d4e65744c6f636b204b6f7a6a6567797a6f692028436c
6173
	EAP-Message =
0x732041292054616e7573697476616e796b6961646f00c43081c1310b30090603550406
1302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355
040b1333436c6173732032205075626c6963205072696d61727920436572746966696361
74696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139
393820566572695369676e2c20496e632e202d20466f7220617574686f72697a65642075
7365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574
776f726b0070306e310b300906035504061302555331183016060355040a130f47544520
436f
	EAP-Message =
0x72706f726174696f6e31273025060355040b131e475445204379626572547275737420
536f6c7574696f6e732c20496e632e311c301a0603550403131347544520437962657254
7275737420526f6f74009e30819b310b30090603550406130248553111300f0603550407
1308427564617065737431273025060355040a131e4e65744c6f636b2048616c6f7a6174
62697a746f6e73616769204b66742e311a3018060355040b131154616e7573697476616e
796b6961646f6b313430320603550403132b4e65744c6f636b20457870726573737a2028
436c6173732043292054616e7573697476616e796b6961646f00723070312b3029060355
040b
	EAP-Message =
0x1322436f70797269676874202863292031393937204d6963726f736f667420436f7270
2e311e301c060355040b13154d6963726f736f667420436f72706f726174696f6e312130
1f060355040313184d6963726f736f667420526f6f7420417574686f726974790061305f
31133011060a0992268993f22c6401191603636f6d31193017060a0992268993f22c6401
1916096d6963726f736f6674312d302b060355040313244d6963726f736f667420526f6f
7420436572746966696361746520417574686f726974790e000000
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Message-Authenticator = 0x00000000000000000000000000000000
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.34.146 port 32859,
id=97, length=403
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message =
0x020600cc1980000000c216030100070b00000300000016030100861000008200808a1b
3743f0e9ebae9e03eb4259995bee8be486e256c89884da930bafaddea80e5977d3200c3e
fc736cc37af0253c0f451c0dbaad62da4d86d0d486e984ac93a07d6ba582d10456a58633
990b229a0a2f8753e1ed90c25582abaa3b13aa1bde0f62d2ca1464c08ee51d7909424e13
95bad1faa3cb5c2781f137214468e755a09b140301000101160301002001eb6b567e9873
133e723c7e4d915ae4da6de2d8a6eff1400c08a39e5acd1780
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x169fb3e0878ce98035a4ad62f203ba09
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "stafftest", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "stafftest"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user stafftest to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT" 
++[suffix] returns updated
[eap] Request is supposed to be proxied to Realm DEFAULT.  Not doing
EAP.
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[sql] 	expand: %{User-Name} -> stafftest
[sql] sql_set_user escaped user --> 'stafftest'
rlm_sql (sql): Reserving sql socket id: 4
[sql] 	expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'stafftest'           ORDER BY id
[sql] 	expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
SELECT groupname           FROM radusergroup           WHERE username =
'stafftest'           ORDER BY priority
[sql] 	expand: SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = 'FacStaffPool'
ORDER BY id
[sql] User found in group FacStaffPool
[sql] 	expand: SELECT id, groupname, attribute,           value, op
FROM radgroupreply           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           value, op
FROM radgroupreply           WHERE groupname = 'FacStaffPool'
ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
  WARNING: Empty section.  Using default return values.
Sending Access-Request of id 4 to 192.168.136.13 port 1812
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message =
0x020600cc1980000000c216030100070b00000300000016030100861000008200808a1b
3743f0e9ebae9e03eb4259995bee8be486e256c89884da930bafaddea80e5977d3200c3e
fc736cc37af0253c0f451c0dbaad62da4d86d0d486e984ac93a07d6ba582d10456a58633
990b229a0a2f8753e1ed90c25582abaa3b13aa1bde0f62d2ca1464c08ee51d7909424e13
95bad1faa3cb5c2781f137214468e755a09b140301000101160301002001eb6b567e9873
133e723c7e4d915ae4da6de2d8a6eff1400c08a39e5acd1780
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x3937
Proxying request 5 to home server 192.168.136.13 port 1812
Sending Access-Request of id 4 to 192.168.136.13 port 1812
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message =
0x020600cc1980000000c216030100070b00000300000016030100861000008200808a1b
3743f0e9ebae9e03eb4259995bee8be486e256c89884da930bafaddea80e5977d3200c3e
fc736cc37af0253c0f451c0dbaad62da4d86d0d486e984ac93a07d6ba582d10456a58633
990b229a0a2f8753e1ed90c25582abaa3b13aa1bde0f62d2ca1464c08ee51d7909424e13
95bad1faa3cb5c2781f137214468e755a09b140301000101160301002001eb6b567e9873
133e723c7e4d915ae4da6de2d8a6eff1400c08a39e5acd1780
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x3937
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 192.168.136.13 port 1812,
id=4, length=128
	Proxy-State = 0x3937
	Session-Timeout = 30
	EAP-Message =
0x0107003519800000002b14030100010116030100203fa1776eae054068e95b91fcbc93
ab9c2dcc108bb935737cbaaec2ac9b02f8b8
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Message-Authenticator = 0xf1d3aad0ac9e774592581fe36708e1af
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
Sending Access-Challenge of id 97 to 192.168.34.146 port 32859
	Session-Timeout = 30
	EAP-Message =
0x0107003519800000002b14030100010116030100203fa1776eae054068e95b91fcbc93
ab9c2dcc108bb935737cbaaec2ac9b02f8b8
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Message-Authenticator = 0x00000000000000000000000000000000
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.34.146 port 32859,
id=98, length=205
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message = 0x020700061900
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0xf78582f69cfd6d527288a752239639b6
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "stafftest", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "stafftest"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user stafftest to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT" 
++[suffix] returns updated
[eap] Request is supposed to be proxied to Realm DEFAULT.  Not doing
EAP.
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[sql] 	expand: %{User-Name} -> stafftest
[sql] sql_set_user escaped user --> 'stafftest'
rlm_sql (sql): Reserving sql socket id: 3
[sql] 	expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'stafftest'           ORDER BY id
[sql] 	expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
SELECT groupname           FROM radusergroup           WHERE username =
'stafftest'           ORDER BY priority
[sql] 	expand: SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = 'FacStaffPool'
ORDER BY id
[sql] User found in group FacStaffPool
[sql] 	expand: SELECT id, groupname, attribute,           value, op
FROM radgroupreply           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           value, op
FROM radgroupreply           WHERE groupname = 'FacStaffPool'
ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
  WARNING: Empty section.  Using default return values.
Sending Access-Request of id 160 to 192.168.136.13 port 1812
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message = 0x020700061900
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x3938
Proxying request 6 to home server 192.168.136.13 port 1812
Sending Access-Request of id 160 to 192.168.136.13 port 1812
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message = 0x020700061900
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x3938
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 192.168.136.13 port 1812,
id=160, length=103
	Proxy-State = 0x3938
	Session-Timeout = 30
	EAP-Message =
0x0108001c19001703010011d3c155133995bdfcf9bd718c694e962d29
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Message-Authenticator = 0xd499b45493aa57f3d8160b571240cc25
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
Sending Access-Challenge of id 98 to 192.168.34.146 port 32859
	Session-Timeout = 30
	EAP-Message =
0x0108001c19001703010011d3c155133995bdfcf9bd718c694e962d29
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Message-Authenticator = 0x00000000000000000000000000000000
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.34.146 port 32859,
id=99, length=236
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message =
0x020800251900170301001a81bc8b96254726f40ca774581f6c1dc267ec1a5fb9b5216d
a85b
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0xd78e97c33459cad8ddeae7182305e3cc
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "stafftest", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "stafftest"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user stafftest to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT" 
++[suffix] returns updated
[eap] Request is supposed to be proxied to Realm DEFAULT.  Not doing
EAP.
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[sql] 	expand: %{User-Name} -> stafftest
[sql] sql_set_user escaped user --> 'stafftest'
rlm_sql (sql): Reserving sql socket id: 2
[sql] 	expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'stafftest'           ORDER BY id
[sql] 	expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
SELECT groupname           FROM radusergroup           WHERE username =
'stafftest'           ORDER BY priority
[sql] 	expand: SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = 'FacStaffPool'
ORDER BY id
[sql] User found in group FacStaffPool
[sql] 	expand: SELECT id, groupname, attribute,           value, op
FROM radgroupreply           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           value, op
FROM radgroupreply           WHERE groupname = 'FacStaffPool'
ORDER BY id
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
  WARNING: Empty section.  Using default return values.
Sending Access-Request of id 195 to 192.168.136.13 port 1812
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message =
0x020800251900170301001a81bc8b96254726f40ca774581f6c1dc267ec1a5fb9b5216d
a85b
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x3939
Proxying request 7 to home server 192.168.136.13 port 1812
Sending Access-Request of id 195 to 192.168.136.13 port 1812
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message =
0x020800251900170301001a81bc8b96254726f40ca774581f6c1dc267ec1a5fb9b5216d
a85b
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x3939
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 192.168.136.13 port 1812,
id=195, length=132
	Proxy-State = 0x3939
	Session-Timeout = 6
	EAP-Message =
0x010900391900170301002e74abec5460ee0fd6c2381e657c78e34d4145f974ecbbb821
345f725ad1115252a13e27370e55df9a9d2c11355db8
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Message-Authenticator = 0x84d40babdd39d09df459fd9712ce770b
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
Sending Access-Challenge of id 99 to 192.168.34.146 port 32859
	Session-Timeout = 6
	EAP-Message =
0x010900391900170301002e74abec5460ee0fd6c2381e657c78e34d4145f974ecbbb821
345f725ad1115252a13e27370e55df9a9d2c11355db8
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Message-Authenticator = 0x00000000000000000000000000000000
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.34.146 port 32859,
id=100, length=290
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message =
0x0209005b19001703010050cd672cd8be21bd6ce24558d11eeaa90e17200309a07e91c1
0ae0c4937abe3e4484e26f9e997199f9ea29e21da884deaa61283a6aa4df93505b016545
13a0d586b6aa1e035dfe936cf89bc82f4ec15189
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x71a7d47b1b82d1d5a1ed151f53567f19
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "stafftest", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "stafftest"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user stafftest to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT" 
++[suffix] returns updated
[eap] Request is supposed to be proxied to Realm DEFAULT.  Not doing
EAP.
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[sql] 	expand: %{User-Name} -> stafftest
[sql] sql_set_user escaped user --> 'stafftest'
rlm_sql (sql): Reserving sql socket id: 1
[sql] 	expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'stafftest'           ORDER BY id
[sql] 	expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
SELECT groupname           FROM radusergroup           WHERE username =
'stafftest'           ORDER BY priority
[sql] 	expand: SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = 'FacStaffPool'
ORDER BY id
[sql] User found in group FacStaffPool
[sql] 	expand: SELECT id, groupname, attribute,           value, op
FROM radgroupreply           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           value, op
FROM radgroupreply           WHERE groupname = 'FacStaffPool'
ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
  WARNING: Empty section.  Using default return values.
Sending Access-Request of id 115 to 192.168.136.13 port 1812
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message =
0x0209005b19001703010050cd672cd8be21bd6ce24558d11eeaa90e17200309a07e91c1
0ae0c4937abe3e4484e26f9e997199f9ea29e21da884deaa61283a6aa4df93505b016545
13a0d586b6aa1e035dfe936cf89bc82f4ec15189
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x313030
Proxying request 8 to home server 192.168.136.13 port 1812
Sending Access-Request of id 115 to 192.168.136.13 port 1812
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message =
0x0209005b19001703010050cd672cd8be21bd6ce24558d11eeaa90e17200309a07e91c1
0ae0c4937abe3e4484e26f9e997199f9ea29e21da884deaa61283a6aa4df93505b016545
13a0d586b6aa1e035dfe936cf89bc82f4ec15189
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x313030
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 192.168.136.13 port 1812,
id=115, length=150
	Proxy-State = 0x313030
	Session-Timeout = 6
	EAP-Message =
0x010a004a1900170301003ffd21ea08c07ad1947763447aeeef63892af8eaa8734669d5
73bf776bcc9108ae882db091765458d09d5f92563780245c85bf169f41ec69ff5ca6be70
0fd3bc
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Message-Authenticator = 0x44f5a893d32333f971b1983721280055
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
Sending Access-Challenge of id 100 to 192.168.34.146 port 32859
	Session-Timeout = 6
	EAP-Message =
0x010a004a1900170301003ffd21ea08c07ad1947763447aeeef63892af8eaa8734669d5
73bf776bcc9108ae882db091765458d09d5f92563780245c85bf169f41ec69ff5ca6be70
0fd3bc
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Message-Authenticator = 0x00000000000000000000000000000000
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.34.146 port 32859,
id=101, length=228
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message =
0x020a001d19001703010012927fcf7a04655e0e059c5b56211ccb1348e1
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x537b7044b43c256df0b71232d143ed47
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "stafftest", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "stafftest"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user stafftest to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT" 
++[suffix] returns updated
[eap] Request is supposed to be proxied to Realm DEFAULT.  Not doing
EAP.
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[sql] 	expand: %{User-Name} -> stafftest
[sql] sql_set_user escaped user --> 'stafftest'
rlm_sql (sql): Reserving sql socket id: 0
[sql] 	expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'stafftest'           ORDER BY id
[sql] 	expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
SELECT groupname           FROM radusergroup           WHERE username =
'stafftest'           ORDER BY priority
[sql] 	expand: SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = 'FacStaffPool'
ORDER BY id
[sql] User found in group FacStaffPool
[sql] 	expand: SELECT id, groupname, attribute,           value, op
FROM radgroupreply           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           value, op
FROM radgroupreply           WHERE groupname = 'FacStaffPool'
ORDER BY id
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
  WARNING: Empty section.  Using default return values.
Sending Access-Request of id 64 to 192.168.136.13 port 1812
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message =
0x020a001d19001703010012927fcf7a04655e0e059c5b56211ccb1348e1
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x313031
Proxying request 9 to home server 192.168.136.13 port 1812
Sending Access-Request of id 64 to 192.168.136.13 port 1812
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message =
0x020a001d19001703010012927fcf7a04655e0e059c5b56211ccb1348e1
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x313031
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 192.168.136.13 port 1812,
id=64, length=114
	Proxy-State = 0x313031
	Session-Timeout = 30
	EAP-Message =
0x010b00261900170301001b73de8e795cf674bc3a290e2f9f30818e22fbe7fd94e038bb
d521ec
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Message-Authenticator = 0xf34bce1564797990e334581d6ae71e9a
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
Sending Access-Challenge of id 101 to 192.168.34.146 port 32859
	Session-Timeout = 30
	EAP-Message =
0x010b00261900170301001b73de8e795cf674bc3a290e2f9f30818e22fbe7fd94e038bb
d521ec
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Message-Authenticator = 0x00000000000000000000000000000000
Finished request 9.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.34.146 port 32859,
id=102, length=237
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message =
0x020b00261900170301001b4b1d310c33d238c2a164c40120e6d542a403950d6393dc88
7c1431
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x3a42ba86f6f724b4d1cc2438780f7ad0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "stafftest", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "stafftest"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user stafftest to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT" 
++[suffix] returns updated
[eap] Request is supposed to be proxied to Realm DEFAULT.  Not doing
EAP.
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[sql] 	expand: %{User-Name} -> stafftest
[sql] sql_set_user escaped user --> 'stafftest'
rlm_sql (sql): Reserving sql socket id: 4
[sql] 	expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'stafftest'           ORDER BY id
[sql] 	expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
SELECT groupname           FROM radusergroup           WHERE username =
'stafftest'           ORDER BY priority
[sql] 	expand: SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = 'FacStaffPool'
ORDER BY id
[sql] User found in group FacStaffPool
[sql] 	expand: SELECT id, groupname, attribute,           value, op
FROM radgroupreply           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           value, op
FROM radgroupreply           WHERE groupname = 'FacStaffPool'
ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
  WARNING: Empty section.  Using default return values.
Sending Access-Request of id 123 to 192.168.136.13 port 1812
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message =
0x020b00261900170301001b4b1d310c33d238c2a164c40120e6d542a403950d6393dc88
7c1431
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x313032
Proxying request 10 to home server 192.168.136.13 port 1812
Sending Access-Request of id 123 to 192.168.136.13 port 1812
	User-Name = "stafftest"
	NAS-IP-Address = 192.168.34.146
	NAS-Port = 1
	NAS-Identifier = "192.168.34.146"
	NAS-Port-Type = Wireless-802.11
	Calling-Station-Id = "E4CE8F1B591A"
	Called-Station-Id = "000B860F1D00"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message =
0x020b00261900170301001b4b1d310c33d238c2a164c40120e6d542a403950d6393dc88
7c1431
	State = 0x1aa003d2000001370001ac11880d0000000311d6a5b700
	Aruba-Essid-Name = "Test-1X"
	Aruba-Location-Id = "CONV-B-TNG"
	Aruba-Attr-10 = 0x61757468756e697479
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x313032
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Accept packet from host 192.168.136.13 port 1812,
id=123, length=266
	Proxy-State = 0x313032
	Service-Type = Framed-User
	Tunnel-Private-Group-Id:0 = "301"
	EAP-Message = 0x030c0004
	MS-MPPE-Encryption-Policy = 0x00000002
	MS-MPPE-Encryption-Types = 0x00000004
	MS-CHAP-Domain = "\001AMHERS"
	MS-CHAP2-Success =
0x01533d3838393939453335363334444337333832373832323137393943413738453937
3439423442454532
	MS-MPPE-Send-Key =
0x1b6a5631097bd07c20a46d4c76d21279b174ae44a9c0459d3c0fb37b592d72bc
	MS-MPPE-Recv-Key =
0x131f8eb7e935df8a4380bca8a138eee881d1bdc64348148a5248e7daf4b5d2a2
	Message-Authenticator = 0xdaf47d253afc9ed5a5279d8c52c6fde0
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 102 to 192.168.34.146 port 32859
	Service-Type = Framed-User
	Tunnel-Private-Group-Id:0 = "301"
	EAP-Message = 0x030c0004
	MS-MPPE-Encryption-Policy = 0x00000002
	MS-MPPE-Encryption-Types = 0x00000004
	MS-CHAP-Domain = "\001AMHERS"
	MS-CHAP2-Success =
0x01533d3838393939453335363334444337333832373832323137393943413738453937
3439423442454532
	MS-MPPE-Send-Key =
0x1b6a5631097bd07c20a46d4c76d21279b174ae44a9c0459d3c0fb37b592d72bc
	MS-MPPE-Recv-Key =
0x131f8eb7e935df8a4380bca8a138eee881d1bdc64348148a5248e7daf4b5d2a2
	Message-Authenticator = 0x00000000000000000000000000000000
Finished request 10.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 92 with timestamp +7
Cleaning up request 1 ID 93 with timestamp +7
Cleaning up request 2 ID 94 with timestamp +7
Cleaning up request 3 ID 95 with timestamp +7
Cleaning up request 4 ID 96 with timestamp +7
Cleaning up request 5 ID 97 with timestamp +7
Cleaning up request 6 ID 98 with timestamp +7
Cleaning up request 7 ID 99 with timestamp +7
Cleaning up request 8 ID 100 with timestamp +7
Cleaning up request 9 ID 101 with timestamp +7
Cleaning up request 10 ID 102 with timestamp +7
Ready to process requests.




More information about the Freeradius-Users mailing list